summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-05-27upstream: Restrict ssh-agent from signing web challenges for FIDOdjm@openbsd.org
keys. When signing messages in ssh-agent using a FIDO key that has an application string that does not start with "ssh:", ensure that the message being signed is one of the forms expected for the SSH protocol (currently pubkey authentication and sshsig signatures). This prevents ssh-agent forwarding on a host that has FIDO keys attached granting the ability for the remote side to sign challenges for web authentication using those keys too. Note that the converse case of web browsers signing SSH challenges is already precluded because no web RP can have the "ssh:" prefix in the application string that we require. ok markus@ OpenBSD-Commit-ID: 9ab6012574ed0352d2f097d307f4a988222d1b19
2020-05-27upstream: improve logging for MaxStartups connection throttling:djm@openbsd.org
have sshd log when it starts and stops throttling and periodically while in this state. bz#3055 ok markus@ OpenBSD-Commit-ID: 2e07a09a62ab45d790d3d2d714f8cc09a9ac7ab9
2020-05-27upstream: add fmt_timeframe() (from bgpd) to format a timedjm@openbsd.org
interval in a human- friendly format. Switch copyright for this file from BSD to MIT to make it easier to add Henning's copyright for this function. ok markus@ OpenBSD-Commit-ID: 414a831c662df7e68893e5233e86f2cac081ccf9
2020-05-27upstream: avoid possible NULL deref; from Pedro Martellettodjm@openbsd.org
OpenBSD-Commit-ID: e6099c3fbb70aa67eb106e84d8b43f1fa919b721
2020-05-27upstream: sshd listener must not block if reexecd sshd exitsmarkus@openbsd.org
in write(2) on config_s[0] if the forked child exits early before finishing recv_rexec_state (e.g. with fatal()) because config_s[1] stays open in the parent. this prevents the parent from accepting new connections. ok djm, deraadt OpenBSD-Commit-ID: 92ccfeb939ccd55bda914dc3fe84582158c4a9ef
2020-05-27upstream: fix off-by-one error that caused sftp downloads to makedjm@openbsd.org
one more concurrent request that desired. This prevented using sftp(1) in unpipelined request/response mode, which is useful when debugging. Patch from Stephen Goetze in bz#3054 OpenBSD-Commit-ID: 41b394ebe57037dbc43bdd0eef21ff0511191f28
2020-05-27upstream: we are still aiming for pre-C99 ...deraadt@openbsd.org
OpenBSD-Commit-ID: a240fc9cbe60bc4e6c3d24d022eb4ab01fe1cb38
2020-05-27upstream: Enable credProtect extension when generating a residentdjm@openbsd.org
key. The FIDO 2.1 Client to Authenticator Protocol introduced a "credProtect" feature to better protect resident keys. This option allows (amone other possibilities) requiring a PIN prior to all operations that may retrieve the key handle. Patch by Pedro Martelletto; ok djm and markus OpenBSD-Commit-ID: 013bc06a577dcaa66be3913b7f183eb8cad87e73
2020-05-27upstream: always call fido_init(); previous behaviour only calleddjm@openbsd.org
fido_init() when SK_DEBUG was defined. Harmless with current libfido2, but this isn't guaranteed in the future. OpenBSD-Commit-ID: c7ea20ff2bcd98dd12015d748d3672d4f01f0864
2020-05-27upstream: preserve group/world read permission on known_hostsdjm@openbsd.org
file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove all rights for group/other. bz#3146 ok dtucker@ OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a
2020-05-27upstream: when ordering the hostkey algorithms to request from adjm@openbsd.org
server, prefer certificate types if the known_hosts files contain a key marked as a @cert-authority; bz#3157 ok markus@ OpenBSD-Commit-ID: 8f194573e5bb7c01b69bbfaabc68f27c9fa5e0db
2020-05-27upstream: fix non-ASCII quote that snuck in; spotted by Gabrieldjm@openbsd.org
Kihlman OpenBSD-Commit-ID: 04bcde311de2325d9e45730c744c8de079b49800
2020-05-27upstream: clarify role of FIDO tokens in multi-factordjm@openbsd.org
authentictation; mostly from Pedro Martelletto OpenBSD-Commit-ID: fbe05685a1f99c74b1baca7130c5a03c2df7c0ac
2020-05-27upstream: fix compilation with DEBUG_KEXDH; bz#3160 ok dtucker@djm@openbsd.org
OpenBSD-Commit-ID: 832e771948fb45f2270e8b8895aac36d176ba17a
2020-05-14prefer ln to cp for temporary copy of sshdDamien Miller
I saw failures on the reexec fallback test on Darwin 19.4 where fork()ed children of a process that had it's executable removed would instantly fail. Using ln to preserve the inode avoids this.
2020-05-13Actually skip pty tests when needed.Darren Tucker
2020-05-13Skip building sk-dummy library if no SK support.Darren Tucker
2020-05-13explicitly manage .depend and .depend.bakDamien Miller
Bring back removal of .depend to give the file a known state before running makedepend, but manually move aside the current .depend file and restore it as .depend.bak afterwards so the stale .depend check works as expected.
2020-05-13make dependDamien Miller
2020-05-13revert removal of .depend before makedependDamien Miller
Commit 83657eac4 started removing .depend before running makedepend to reset the contents of .depend to a known state. Unfortunately this broke the depend-check step as now .depend.bak would only ever be created as an empty file. ok dtucker
2020-05-12prepare for 8.3 releaseDamien Miller
2020-05-08Ensure SA_SIGNAL test only signals itself.Darren Tucker
When the test's child signals its parent and it exits the result of getppid changes. On Ubuntu 20.04 this results in the ppid being that of the GDM session, causing it to exit. Analysis and testing from pedro at ambientworks.net
2020-05-08sync config.guess/config.sub with latest versionsDamien Miller
ok dtucker@
2020-05-07upstream: openssh-8.3; ok deraadt@djm@openbsd.org
OpenBSD-Commit-ID: c8831ec88b9c750f5816aed9051031fb535d22c1
2020-05-07upstream: another case where a utimes() failure could make scp senddjm@openbsd.org
a desynchronising error; reminded by Aymeric Vincent ok deraadt markus OpenBSD-Commit-ID: 2ea611d34d8ff6d703a7a8bf858aa5dbfbfa7381
2020-05-07Check if -D_REENTRANT is needed for localtime_r.Darren Tucker
On at least HP-UX 11.11, the localtime_r declararation is behind ifdef _REENTRANT. Check for and add if needed.
2020-05-05Skip security key tests if ENABLE_SK not set.Darren Tucker
2020-05-04upstream: sure enough, some of the test data that we though were indjm@openbsd.org
new format were actually in the old format; fix from Michael Forney OpenBSD-Regress-ID: a41a5c43a61b0f0b1691994dbf16dfb88e8af933
2020-05-04upstream: make mktestdata.sh generate old/new format keys that wedjm@openbsd.org
expect. This script was written before OpenSSH switched to new-format private keys by default and was never updated to the change (until now) From Michael Forney OpenBSD-Regress-ID: 38cf354715c96852e5b71c2393fb6e7ad28b7ca7
2020-05-04upstream: portability fix for sed that always emil a newline evendjm@openbsd.org
if the input does not contain one; from Michael Forney OpenBSD-Regress-ID: 9190c3ddf0d2562ccc02c4a95fce0e392196bfc7
2020-05-04upstream: remove obsolete RSA1 test keys; spotted by Michael Forneydjm@openbsd.org
OpenBSD-Regress-ID: 6384ba889594e217d166908ed8253718ab0866da
2020-05-02Update .depend.Darren Tucker
2020-05-02Remove use of tail for 'make depend'.Darren Tucker
Not every tail supports +N and we can do with out it so just remove it. Prompted by mforney at mforney.org.
2020-05-02upstream: we have a sshkey_save_public() function to save public keys;djm@openbsd.org
use it and save a bunch of redundant code. Patch from loic AT venez.fr; ok markus@ djm@ OpenBSD-Commit-ID: f93e030a0ebcd0fd9054ab30db501ec63454ea5f
2020-05-01Use LONG_LONG_MAX and friends if available.Darren Tucker
If we don't have LLONG_{MIN,MAX} but do have LONG_LONG_{MIN,MAX} then use those instead. We do calculate these values in configure, but it turns out that at least one compiler (old HP ANSI C) can't parse "-9223372036854775808LL" without mangling it. (It can parse "-9223372036854775807LL" which is presumably why its limits.h defines LONG_LONG_MIN as the latter minus 1.) Fixes rekey test when compiled with the aforementioned compiler.
2020-05-01upstream: when receving a file in sink(), be careful to send atdjm@openbsd.org
most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache. ok deraadt@ markus@ OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035
2020-05-01upstream: expose vasnmprintf(); ok (as part of other commit) markusdjm@openbsd.org
deraadt OpenBSD-Commit-ID: 2e80cea441c599631a870fd40307d2ade5a7f9b5
2020-05-01upstream: avoid NULL dereference when attempting to convert invaliddjm@openbsd.org
ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298
2020-05-01See if SA_RESTART signals will interrupt select().Darren Tucker
On some platforms (at least older HP-UXes such as 11.11, possibly others) setting SA_RESTART on signal handers will cause it to not interrupt select(), at least for calls that do not specify a timeout. Try to detect this and if found, don't use SA_RESTART. POSIX says "If SA_RESTART has been set for the interrupting signal, it is implementation-dependent whether select() restarts or returns with [EINTR]" so this behaviour is within spec.
2020-05-01fix reversed testDamien Miller
2020-05-01wrap sha2.h inclusion in #ifdef HAVE_SHA2_HDamien Miller
2020-05-01upstream: adapt dummy FIDO middleware to API change; ok markus@djm@openbsd.org
OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
2020-05-01upstream: tweak previous; ok markusjmc@openbsd.org
OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd
2020-05-01upstream: bring back debug() removed in rev 1.74; noted by pradeepmarkus@openbsd.org
kumar OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65
2020-05-01upstream: run the 2nd ssh with BatchMode for scp -3markus@openbsd.org
OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748
2020-05-01upstream: when signing a challenge using a FIDO toke, perform thedjm@openbsd.org
hashing in the middleware layer rather than in ssh code. This allows middlewares that call APIs that perform the hashing implicitly (including Microsoft's AFAIK). ok markus@ OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d
2020-05-01upstream: Fix comment typo. Patch from mforney at mforney.org.dtucker@openbsd.org
OpenBSD-Commit-ID: 3565f056003707a5e678e60e03f7a3efd0464a2b
2020-05-01upstream: We've standardized on memset over bzero, replace a coupledtucker@openbsd.org
that had slipped in. ok deraadt markus djm. OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6
2020-05-01Include sys/byteorder.h for htons and friends.Darren Tucker
These are usually in netinet/in.h but on HP-UX they are not defined if _XOPEN_SOURCE_EXTENDED is set. Only needed for netcat in the regression tests.
2020-05-01Fix conditional for openssl-based chacha20.Darren Tucker
Fixes warnings or link errors when building against older OpenSSLs. ok djm