summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-06-06Use ssh-keygen -A to generate missing host keys.Darren Tucker
Instead of testing for each specific key type, use ssh-keygen -A to generate any missing host key types.
2018-06-04upstream: add missing punctuation after %i in ssh_config.5, andjmc@openbsd.org
make the grammatical format in sshd_config.5 match that in ssh_config.5; OpenBSD-Commit-ID: e325663b9342f3d556e223e5306e0d5fa1a74fa0
2018-06-04upstream: oops - further adjustment to text neccessary;jmc@openbsd.org
OpenBSD-Commit-ID: 23585576c807743112ab956be0fb3c786bdef025
2018-06-04upstream: %U needs to be escaped; tweak text;jmc@openbsd.org
OpenBSD-Commit-ID: 30887b73ece257273fb619ab6f4e86dc92ddc15e
2018-06-04upstream: Apply umask to all incoming files and directories notdtucker@openbsd.org
just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@ OpenBSD-Commit-ID: 3168ee6c7c39093adac4fd71039600cfa296203b
2018-06-01upstream: Adapt to extra default verboisity from ssh-keygen whendjm@openbsd.org
searching for and hashing known_hosts entries in a single operation (ssh-keygen -HF ...) Patch from Anton Kremenetsky OpenBSD-Regress-ID: 519585a4de35c4611285bd6a7272766c229b19dd
2018-06-01upstream: Add TEST_SSH_FAIL_FATAL variable, to force all failuresdjm@openbsd.org
to instantly abort the test. Useful in capturing clean logs for individual failure cases. OpenBSD-Regress-ID: feba18cf338c2328b9601bd4093cabdd9baa3af1
2018-06-01upstream: Clean up comment.dtucker@openbsd.org
OpenBSD-Regress-ID: 6adb35f384d447e7dcb9f170d4f0d546d3973e10
2018-06-01upstream: whitespacedjm@openbsd.org
OpenBSD-Commit-ID: e5edb5e843ddc9b73a8e46518899be41d5709add
2018-06-01upstream: make ssh_remote_ipaddr() capable of being called afterdjm@openbsd.org
the ssh->state has been torn down; bz#2773 OpenBSD-Commit-ID: 167f12523613ca3d16d7716a690e7afa307dc7eb
2018-06-01upstream: return correct exit code when searching for and hashingdjm@openbsd.org
known_hosts entries in a single operation (ssh-keygen -HF hostname); bz2772 Report and fix from Anton Kremenetsky OpenBSD-Commit-ID: ac10ca13eb9bb0bc50fcd42ad11c56c317437b58
2018-06-01upstream: make UID available as a %-expansion everywhere that thedjm@openbsd.org
username is available currently. In the client this is via %i, in the server %U (since %i was already used in the client in some places for this, but used for something different in the server); bz#2870, ok dtucker@ OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
2018-06-01upstream: prefer argv0 to "ssh" when re-executing ssh for ProxyJumpdjm@openbsd.org
directive; bz2831, feedback and ok dtucker@ OpenBSD-Commit-ID: 3cec709a131499fbb0c1ea8a0a9e0b0915ce769e
2018-05-25upstream: Do not ban PTY allocation when a sshd session is restricteddjm@openbsd.org
because the user password is expired as it breaks password change dialog. regression in openssh-7.7 reported by Daniel Wagner OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73
2018-05-25upstream: Fix return value confusion in several functions (readdir,djm@openbsd.org
download and fsync). These should return -1 on error, not a sftp status code. patch from Petr Cerny in bz#2871 OpenBSD-Commit-ID: 651aa0220ad23c9167d9297a436162d741f97a09
2018-05-25upstream: If select() fails in ssh_packet_read_seqnr go directly todtucker@openbsd.org
the error path instead of trying to read from the socket on the way out, which resets errno and causes the true error to be misreported. ok djm@ OpenBSD-Commit-ID: 2614edaadbd05a957aa977728aa7a030af7c6f0a
2018-05-25Permit getuid()/geteuid() syscalls.Damien Miller
Requested for Linux/s390; patch from Eduardo Barretto via bz#2752; ok dtucker
2018-05-22upstream: support ProxyJump=none to disable ProxyJumpdjm@openbsd.org
functionality; bz#2869 ok dtucker@ OpenBSD-Commit-ID: 1c06ee08eb78451b5837fcfd8cbebc5ff3a67a01
2018-05-22upstream: correct keyowrd name (permitemptypasswords); from brendanjmc@openbsd.org
macdonell OpenBSD-Commit-ID: ef1bdbc936b2ea693ee37a4c20a94d4d43f5fda3
2018-05-22upstream: Emphasise that -w implicitly sets Tunnel=point-to-pointdjm@openbsd.org
and that users should specify an explicit Tunnel directive if they don't want this. bz#2365. OpenBSD-Commit-ID: 1a8d9c67ae213ead180481900dbbb3e04864560d
2018-05-14sync fmt_scaled.cDamien Miller
revision 1.17 date: 2018/05/14 04:39:04; author: djm; state: Exp; lines: +5 -2; commitid: 53zY8GjViUBnWo8Z; constrain fractional part to [0-9] (less confusing to static analysis); ok ian@
2018-05-11fix key-options.sh on platforms without openpty(3)Damien Miller
Skip the pty tests if the platform lacks openpty(3) and has to chown(2) the pty device explicitly. This typically requires root permissions that this test lacks. bz#2856 ok dtucker@
2018-05-11upstream: implement EMFILE mitigation for ssh-agent: remember thedjm@openbsd.org
fd rlimit and stop accepting new connections when it is exceeded (with some grace). Accept is resumed when enough connections are closed. bz#2576. feedback deraadt; ok dtucker@ OpenBSD-Commit-ID: 6a85d9cec7b85741961e7116a49f8dae777911ea
2018-05-11upstream: Explicit cast when snprintf'ing an uint64. Preventsdtucker@openbsd.org
warnings on platforms where int64 is long not long long. ok djm@ OpenBSD-Commit-ID: 9c5359e2fbfce11dea2d93f7bc257e84419bd001
2018-05-11upstream: Since the previous commit, ssh regress test sftp-chroot wasbluhm@openbsd.org
failing. The sftp program terminated with the wrong exit code as sftp called fatal() instad of exit(0). So when the sigchld handler waits for the child, remember that it was found. Then don't expect that main() can wait again. OK dtucker@ OpenBSD-Commit-ID: bfafd940c0de5297940c71ddf362053db0232266
2018-04-29Use includes.h instead of config.h.Darren Tucker
This ensures it picks up the definition of DEF_WEAK, the lack of which can cause compile errors in some cases (eg modern AIX). From michael at felt.demon.nl.
2018-04-19Omit 3des-cbc if OpenSSL built without DES.Darren Tucker
Patch from hongxu.jia at windriver.com, ok djm@
2018-04-17upstream: Disable SSH2_MSG_DEBUG messages for Twisted Conch clientsdjm@openbsd.org
without version numbers since they choke on them under some circumstances. https://twistedmatrix.com/trac/ticket/9422 via Colin Watson Newer Conch versions have a version number in their ident string and handle debug messages okay. https://twistedmatrix.com/trac/ticket/9424 OpenBSD-Commit-ID: 6cf7be262af0419c58ddae11324d9c0dc1577539
2018-04-15upstream: don't free the %C expansion, it's used later fordjm@openbsd.org
LocalCommand OpenBSD-Commit-ID: 857b5cb37b2d856bfdfce61289a415257a487fb1
2018-04-15upstream: notify user immediately when underlying ssh process dies;djm@openbsd.org
patch from Thomas Kuthan in bz2719; ok dtucker@ OpenBSD-Commit-ID: 78fac88c2f08054d1fc5162c43c24162b131cf78
2018-04-13Allow nanosleep in preauth privsep child.Darren Tucker
The new timing attack mitigation code uses nanosleep in the preauth codepath, allow in systrace andbox too.
2018-04-13Allow nanosleep in preauth privsep child.Darren Tucker
The new timing attack mitigation code uses nanosleep in the preauth codepath, allow in sandbox.
2018-04-13upstream: Defend against user enumeration timing attacks. Thisdtucker@openbsd.org
establishes a minimum time for each failed authentication attempt (5ms) and adds a per-user constant derived from a host secret (0-4ms). Based on work by joona.kannisto at tut.fi, ok markus@ djm@. OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca
2018-04-13Using "==" in shell tests is not portable.Darren Tucker
Patch from rsbecker at nexbridge.com.
2018-04-13Fix tunnel forwarding broken in 7.7p1Damien Miller
bz2855, ok dtucker@
2018-04-13prefer to use getrandom() for PRNG seedingDamien Miller
Only applies when built --without-openssl. Thanks Jann Horn for reminder.
2018-04-13Revert $REGRESSTMP changes.Darren Tucker
Revert 3fd2d229 and subsequent changes as they turned out to be a portability hassle.
2018-04-10Many typo fixes from Karsten WeissDamien Miller
Spotted using https://github.com/lucasdemarchi/codespell
2018-04-10upstream: more typos spotted by Karsten Weiss using codespelldjm@openbsd.org
OpenBSD-Regress-ID: d906a2aea0663810a658b7d0bc61a1d2907d4d69
2018-04-10upstream: make this a bit more portable-friendlydjm@openbsd.org
OpenBSD-Regress-ID: 62f7b9e055e8dfaab92b3825f158beeb4ca3f963
2018-04-10upstream: lots of typos in comments/docs. Patch from Karsten Weissdjm@openbsd.org
after checking with codespell tool (https://github.com/lucasdemarchi/codespell) OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
2018-04-10upstream: don't kill ssh-agent's listening socket entriely if wedjm@openbsd.org
fail to accept a connection; bz#2837, patch from Lukas Kuster OpenBSD-Commit-ID: 52413f5069179bebf30d38f524afe1a2133c738f
2018-04-10upstream: the UseLogin option was removed, so remove it here too.tj@openbsd.org
ok dtucker OpenBSD-Commit-ID: 7080be73a64d68e21f22f5408a67a0ba8b1b6b06
2018-04-10upstream: tweak previous;jmc@openbsd.org
OpenBSD-Commit-ID: 2b9c23022ea7b9dddb62864de4e906000f9d7474
2018-04-10upstream: tweak previous;jmc@openbsd.org
OpenBSD-Commit-ID: 38e347b6f8e888f5e0700d01abb1eba7caa154f9
2018-04-06upstream: Allow "SendEnv -PATTERN" to clear environment variablesdjm@openbsd.org
previously labeled for sendind. bz#1285 ok dtucker@ OpenBSD-Commit-ID: f6fec9e3d0f366f15903094fbe1754cb359a0df9
2018-04-06upstream: relax checking of authorized_keys environment="..."djm@openbsd.org
options to allow underscores in variable names (regression introduced in 7.7). bz2851, ok deraadt@ OpenBSD-Commit-ID: 69690ffe0c97ff393f2c76d25b4b3d2ed4e4ac9c
2018-04-06upstream: add a couple of missed options to the config dump; patchdjm@openbsd.org
from Jakub Jelen via bz2835 OpenBSD-Commit-ID: 5970adadf6ef206bee0dddfc75d24c2019861446
2018-04-06upstream: ssh does not accept -oInclude=... on the commandline, thedjm@openbsd.org
Include keyword is for configuration files only. bz#2840, patch from Jakub Jelen OpenBSD-Commit-ID: 32d052b4a7a7f22df35fe3f71c368c02b02cacb0
2018-04-06upstream: We don't offer CBC cipher by default any more. Spotted bydjm@openbsd.org
Renaud Allard (via otto@) OpenBSD-Commit-ID: a559b1eef741557dd959ae378b665a2977d92dca
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 12:52:00 +0000