| Age | Commit message (Collapse) | Author |
|---|
|
There's some debate on the upstream bug about whether POSIX requires this.
I (Colin Watson) agree with Vincent and think it does.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494
Bug-Debian: http://bugs.debian.org/492728
Last-Update: 2020-02-21
Patch-Name: shell-path.patch
|
|
Tweak scp's reporting of filenames in verbose mode to be a bit less
confusing with spaces.
This should be revised to mimic real shell quoting.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/89945
Last-Update: 2010-02-27
Patch-Name: scp-quoting.patch
|
|
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be
group-writable, provided that the group in question contains only the file's
owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding
about the contents of gr->gr_mem). Given that per-user groups and umask 002
are the default setup in Debian (for good reasons - this makes operating in
setgid directories with other groups much easier), we need to permit this by
default.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
Last-Update: 2019-10-09
Patch-Name: user-group-modes.patch
|
|
"LogLevel SILENT" (-qq) was introduced in Debian openssh 1:3.0.1p1-1 to
match the behaviour of non-free SSH, in which -q does not suppress fatal
errors. However, this was unintentionally broken in 1:4.6p1-2 and nobody
complained, so we've dropped most of it. The parts that remain are basic
configuration file compatibility, and an adjustment to "Pseudo-terminal will
not be allocated ..." which should be split out into a separate patch.
Author: Matthew Vernon <matthew@debian.org>
Author: Colin Watson <cjwatson@debian.org>
Last-Update: 2013-09-14
Patch-Name: syslog-level-silent.patch
|
|
Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported
in previous versions of Debian's OpenSSH package but since superseded by
ServerAliveInterval. (We're probably stuck with this bit for
compatibility.)
In batch mode, default ServerAliveInterval to five minutes.
Adjust documentation to match and to give some more advice on use of
keepalives.
Author: Ian Jackson <ian@chiark.greenend.org.uk>
Author: Matthew Vernon <matthew@debian.org>
Author: Colin Watson <cjwatson@debian.org>
Last-Update: 2020-02-21
Patch-Name: keepalive-extensions.patch
|
|
These options were used as part of Debian's response to CVE-2008-0166.
Nearly six years later, we no longer need to continue carrying the bulk
of that patch, but we do need to avoid failing when the associated
configuration options are still present.
Last-Update: 2014-02-09
Patch-Name: ssh-vulnkey-compat.patch
|
|
Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change. In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2020-10-18
Patch-Name: selinux-role.patch
|
|
Support for TCP wrappers was dropped in OpenSSH 6.7. See this message
and thread:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
It is true that this reduces preauth attack surface in sshd. On the
other hand, this support seems to be quite widely used, and abruptly
dropping it (from the perspective of users who don't read
openssh-unix-dev) could easily cause more serious problems in practice.
It's not entirely clear what the right long-term answer for Debian is,
but it at least probably doesn't involve dropping this feature shortly
before a freeze.
Forwarded: not-needed
Last-Update: 2019-06-05
Patch-Name: restore-tcp-wrappers.patch
|
|
This patch has been rejected upstream: "None of the OpenSSH developers are
in favour of adding this, and this situation has not changed for several
years. This is not a slight on Simon's patch, which is of fine quality, but
just that a) we don't trust GSSAPI implementations that much and b) we don't
like adding new KEX since they are pre-auth attack surface. This one is
particularly scary, since it requires hooks out to typically root-owned
system resources."
However, quite a lot of people rely on this in Debian, and it's better to
have it merged into the main openssh package rather than having separate
-krb5 packages (as we used to have). It seems to have a generally good
security history.
Author: Simon Wilkinson <simon@sxw.org.uk>
Author: Colin Watson <cjwatson@debian.org>
Author: Jakub Jelen <jjelen@redhat.com>
Origin: other, https://github.com/openssh-gsskex/openssh-gsskex/commits/debian/master
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
Last-Updated: 2020-06-07
Patch-Name: gssapi.patch
|
|
|
|
|
|
OpenBSD-Commit-ID: a29e5b372d2c00e297da8a35a3b87c9beb3b4a58
|
|
|
|
OpenBSD-Commit-ID: 43db17e4abc3e6b4a7b033aa8cdab326a7cb6c24
|
|
bz#3137, ok markus
OpenBSD-Commit-ID: e2d83cc4dea1665651a7aa924ad1ed6bcaaab3e2
|
|
|
|
when peer advertises a large window but is slow to consume the data we send
(e.g. because of a slow network)
reported by Pierre-Yves David
fix with & ok markus@
OpenBSD-Commit-ID: 1452771f5e5e768876d3bfe2544e3866d6ade216
|
|
|
|
PR#183 by Dennis Kaarsemaker; feedback and ok markus@
OpenBSD-Commit-ID: 8570bb4d02d00cf70b98590716ea6a7d1cce68d1
|
|
when testing, make sure to include the relevant header files that
declare the types of the functions used by the test:
- stdio.h for printf();
- stdlib.h for exit();
- string.h for strcmp();
- unistd.h for unlink(), _exit(), fork(), getppid(), sleep().
|
|
prefer the default ordering if the user has a key that matches the
best-preference default algorithm.
feedback and ok markus@
OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f
|
|
Optionally set the textarea colours via $GNOME_SSH_ASKPASS_FG_COLOR and
$GNOME_SSH_ASKPASS_BG_COLOR. These accept the usual three or six digit
hex colours.
|
|
When serving a SSH_ASKPASS_PROMPT=none information dialog, ensure
then <enter> doesn't immediately close the dialog. Instead, require an
explicit <tab> to reach the close button, or <esc>.
|
|
to the sshbuf API. Patch from Sebastian Andrzej Siewior.
OpenBSD-Commit-ID: 250fa17f0cec01039cc4abd95917d9746e24c889
|
|
> Are you sure you want to continue connecting (yes/no/[fingerprint])?
compare the fingerprint case sensitively; spotted Patrik Lundin
ok dtucker
OpenBSD-Commit-ID: 73097afee1b3a5929324e345ba4a4a42347409f2
|
|
|
|
aclocal.m4 is now generated by autoreconf.
|
|
autoreconf complains about underquoted definition of
OSSH_CHECK_HEADER_FOR_FIELD after aclocal.m4 has been and now is beeing
recreated.
Quote OSSH_CHECK_HEADER_FOR_FIELD as suggested.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
|
The `aclocal' step is skipped during `autoreconf' because aclocal.m4 is
present.
Move the current aclocal.m4 which contains local macros into the m4/
folder. With this change the aclocal.m4 will be re-created during
changes to the m4/ macro.
This is needed so the `aclocal' can fetch m4 macros from the system if
they are references in the configure script. This is a prerequisite to
use PKG_CHECK_MODULES.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
|
BROKEN_MMAP is no longer defined since commit
1cfd5c06efb12 ("Remove portability support for mmap")
this commit also removed other HAVE_MMAP user. I didn't find anything
that defines HAVE_MMAP. The check does not trigger because compression
on server side is by default COMP_DELAYED (2) so it never triggers.
Remove remaining HAVE_MMAP and BROKEN_MMAP bits.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
|
OpenBSD-Regress-ID: 0f3e76bdc8f9dbd9d22707c7bdd86051d5112ab8
|
|
config-check time. ok djm@
OpenBSD-Regress-ID: 8f5f4c2c0bf00e6ceae7a1755a444666de0ea5c2
|
|
the data needed to verify the attestation. Previously we were missing the
"authenticator data" that is included in the signature.
spotted by Ian Haken
feedback Pedro Martelletto and Ian Haken; ok markus@
OpenBSD-Commit-ID: 8439896e63792b2db99c6065dd9a45eabbdb7e0a
|
|
- HAVE_FIDO_CRED_PROD -> HAVE_FIDO_CRED_PROT;
- check for fido_dev_get_touch_begin(), so that
HAVE_FIDO_DEV_GET_TOUCH_BEGIN gets defined.
|
|
ssh-agent until the agent supports them properly
OpenBSD-Commit-ID: 125bd55a8df32c87c3ec33c6ebe437673a3d037e
|
|
Pedro Martelletto
OpenBSD-Commit-ID: 39aa37a43d0c75ec87f1659f573d3b5867e4a3b3
|
|
Match LocalAddress are valid when parsing in config-test mode. This will
catch address/mask mismatches before they cause problems at runtime. Found by
Daniel Stocker, ok djm@
OpenBSD-Commit-ID: 2d0b10c69fad5d8fda4c703e7c6804935289378b
|
|
OpenBSD-Commit-ID: f95b84a1e94e9913173229f3787448eea2f8a575
|
|
|
|
fields via "ssh-keygen -vyf /path/key"
OpenBSD-Commit-ID: cf315c4fe77db43947d111b00155165cb6b577cf
|
|
single token is attached.
with Pedro Martelletto
OpenBSD-Commit-ID: e4a324bd9814227ec1faa8cb619580e661cca9ac
|
|
OpenBSD-Commit-ID: 92714b6531e244e4da401b2defaa376374e24be7
|
|
OpenBSD-Regress-ID: 5f147990cb67094fe554333782ab268a572bb2dd
|
|
|
|
verify-required resident keys) even though it doesn't implement this feature
OpenBSD-Regress-ID: 86579ea2891e18e822e204413d011b2ae0e59657
|
|
OpenBSD-Commit-ID: 9ed6078251a0959ee8deda443b9ae42484fd8b18
|
|
When we know that a particular action will require a PIN, such as
downloading resident keys or generating a verify-required key, request
the PIN before attempting it.
joint work with Pedro Martelletto; ok markus@
OpenBSD-Commit-ID: 863182d38ef075bad1f7d20ca485752a05edb727
|
|
When downloading a resident, verify-required key from a FIDO token,
preserve the verify-required in the private key that is written to
disk. Previously we weren't doing that because of lack of support
in the middleware API.
from Pedro Martelletto; ok markus@ and myself
OpenBSD-Commit-ID: 201c46ccdd227cddba3d64e1bdbd082afa956517
|
|
When PINs are in use and multiple FIDO tokens are attached to a host, we
cannot just blast requests at all attached tokens with the PIN specified
as this will cause the per-token PIN failure counter to increment. If
this retry counter hits the token's limit (usually 3 attempts), then the
token will lock itself and render all (web and SSH) of its keys invalid.
We don't want this.
So this reworks the key selection logic for the specific case of
multiple keys being attached. When multiple keys are attached and the
operation requires a PIN, then the user must touch the key that they
wish to use first in order to identify it.
This may require multiple touches, but only if there are multiple keys
attached AND (usually) the operation requires a PIN. The usual case of a
single key attached should be unaffected.
Work by Pedro Martelletto; ok myself and markus@
OpenBSD-Commit-ID: 637d3049ced61b7a9ee796914bbc4843d999a864
|
|
This adds a "verify-required" authorized_keys flag and a corresponding
sshd_config option that tells sshd to require that FIDO keys verify the
user identity before completing the signing/authentication attempt.
Whether or not user verification was performed is already baked into the
signature made on the FIDO token, so this is just plumbing that flag
through and adding ways to require it.
feedback and ok markus@
OpenBSD-Commit-ID: 3a2313aae153e043d57763d766bb6d55c4e276e6
|
