summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-01-28upstream: Count the number of key types instead of assuming theredtucker@openbsd.org
are only two. OpenBSD-Regress-ID: 0998702c41235782cf0beee396ec49b5056eaed9
2019-01-28Cygwin: only tweak sshd_config file if it's new, drop creating sshd userCorinna Vinschen
The sshd_config tweaks were executed even if the old file was still in place. Fix that. Also disable sshd user creation. It's not used on Cygwin.
2019-01-28Cygwin: Change service name to cygsshdCorinna Vinschen
Microsoft hijacked the sshd service name without asking.
2019-01-27upstream: Generate all key supported key types and enable for keyscandtucker@openbsd.org
test. OpenBSD-Regress-ID: 72f72ff49946c61bc949e1692dd9e3d71370891b
2019-01-27upstream: check in scp client that filenames sent duringdjm@openbsd.org
remote->local directory copies satisfy the wildcard specified by the user. This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules. For this reason, this also adds a new -T flag to disable the check. reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@ OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
2019-01-27upstream: make ssh-keyscan return a non-zero exit status if itdjm@openbsd.org
finds no keys. bz#2903 OpenBSD-Commit-ID: 89f1081fb81d950ebb48e6e73d21807b2723d488
2019-01-25upstream: Accept the host key fingerprint as a synonym for "yes"dtucker@openbsd.org
when accepting an unknown host key. This allows you to paste a fingerprint obtained out of band into the yes/no prompt and have the client do the comparison for you. ok markus@ djm@ OpenBSD-Commit-ID: 3c47d10b9f43d3d345e044fd9ec09709583a2767
2019-01-25upstream: Have progressmeter force an update at the beginning anddtucker@openbsd.org
end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@ OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a
2019-01-24upstream: Check for both EAGAIN and EWOULDBLOCK. This is a no-opdtucker@openbsd.org
in OpenBSD (they are the same value) but makes things easier in -portable where they may be distinct values. "sigh ok" deraadt@ (ID sync only, portable already had this change). OpenBSD-Commit-ID: 91f2bc7c0ecec905915ed59fa37feb9cc90e17d7
2019-01-24upstream: Always initialize 2nd arg to hpdelim2. It populates thatdtucker@openbsd.org
*ONLY IF* there's a delimiter. If there's not (the common case) it checked uninitialized memory, which usually passed, but if not would cause spurious failures when the uninitialized memory happens to contain "/". ok deraadt. OpenBSD-Commit-ID: 4291611eaf2a53d4c92f4a57c7f267c9f944e0d3
2019-01-24upstream: Remove support for obsolete host/port syntax.dtucker@openbsd.org
host/port was added in 2001 as an alternative to host:port syntax for the benefit of IPv6 users. These days there are establised standards for this like [::1]:22 and the slash syntax is easily mistaken for CIDR notation, which OpenSSH now supports for some things. Remove the slash notation from ListenAddress and PermitOpen. bz#2335, patch from jjelen at redhat.com, ok markus@ OpenBSD-Commit-ID: fae5f4e23c51a368d6b2d98376069ac2b10ad4b7
2019-01-24upstream: Remove duplicate word. bz#2958, patch from jjelen atdtucker@openbsd.org
redhat.com OpenBSD-Commit-ID: cca3965a8333f2b6aae48b79ec1d72f7a830dd2c
2019-01-24upstream: Remove 3 as a guess for possible generator during modulidtucker@openbsd.org
generation. It's not mentioned in RFC4419 and it's not possible for Sophie-Germain primes greater than 5. bz#2330, from Christian Wittenhorst , ok djm@ tb@ OpenBSD-Commit-ID: 1467652e6802ad3333b0959282d8d49dfe22c8cd
2019-01-24upstream: Sanitize scp filenames via snmprintf. To do this we movedtucker@openbsd.org
the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@ OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8
2019-01-24For broken read/readv comparisons, poll(RW).Darren Tucker
In the cases where we can't compare to read or readv function pointers for some reason we currently ifdef out the poll() used to block while waiting for reads or writes, falling back to busy waiting. This restores the poll() in this case, but has it always check for read or write, removing an inline ifdef in the process.
2019-01-24Include unistd.h for strmode().Darren Tucker
2019-01-24Also undef SIMPLEQ_FOREACH_SAFE.Darren Tucker
Prevents macro redefinition warning on at least NetBSD 6.1.
2019-01-23upstream: allow auto-incrementing certificate serial number for certsdjm@openbsd.org
signed in a single commandline. OpenBSD-Commit-ID: 39881087641efb8cd83c7ec13b9c98280633f45b
2019-01-23upstream: move a bunch of global flag variables to main(); make thedjm@openbsd.org
rest static OpenBSD-Commit-ID: fa431d92584e81fe99f95882f4c56b43fe3242dc
2019-01-23dependDamien Miller
2019-01-23upstream: switch mainloop from select(2) to poll(2); ok deraadt@djm@openbsd.org
OpenBSD-Commit-ID: 37645419a330037d297f6f0adc3b3663e7ae7b2e
2019-01-23upstream: pass most arguments to the KEX hash functions as sshbufdjm@openbsd.org
rather than pointer+length; ok markus@ OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7
2019-01-23upstream: backoff reading messages from active connections when thedjm@openbsd.org
input buffer is too full to read one, or if the output buffer is too full to enqueue a response; feedback & ok dtucker@ OpenBSD-Commit-ID: df3c5b6d57c968975875de40d8955cbfed05a6c8
2019-01-23upstream: add -m to usage(); reminded by jmc@djm@openbsd.org
OpenBSD-Commit-ID: bca476a5236e8f94210290b3e6a507af0434613e
2019-01-22upstream: Correct some bugs in PKCS#11 token PIN handling atdjm@openbsd.org
initial login, the attempt at reading the PIN could be skipped in some cases especially on devices with integrated PIN readers. based on patch from Daniel Kucera in bz#2652; ok markus@ OpenBSD-Commit-ID: fad70a61c60610afe8bb0db538c90e343e75e58e
2019-01-22upstream: Support keys that set the CKA_ALWAYS_AUTHENTICATE bydjm@openbsd.org
requring a fresh login after the C_SignInit operation. based on patch from Jakub Jelen in bz#2638; ok markus OpenBSD-Commit-ID: a76e66996ba7c0923b46b74d46d499b811786661
2019-01-22upstream: Mention that configuration for the destination host isdjm@openbsd.org
not applied to any ProxyJump/-J hosts. This has confused a few people... OpenBSD-Commit-ID: 03f4f641df6ca236c1bfc69836a256b873db868b
2019-01-22upstream: Include -m in the synopsis for a few more commands thatdjm@openbsd.org
support it Be more explicit in the description of -m about where it may be used Prompted by Jakub Jelen in bz2904 OpenBSD-Commit-ID: 3b398ac5e05d8a6356710d0ff114536c9d71046c
2019-01-22upstream: print the full pubkey being attempted at loglevel >=djm@openbsd.org
debug2; bz2939 OpenBSD-Commit-ID: ac0fe5ca1429ebf4d460bad602adc96de0d7e290
2019-01-22upstream: clarify: ssh-keygen -e only writes public keys, neverdjm@openbsd.org
private OpenBSD-Commit-ID: 7de7ff6d274d82febf9feb641e2415ffd6a30bfb
2019-01-22upstream: mention the new vs. old key formats in the introductiondjm@openbsd.org
and give some hints on how keys may be converted or written in the old format. OpenBSD-Commit-ID: 9c90a9f92eddc249e07fad1204d0e15c8aa13823
2019-01-22upstream: tweak previous;jmc@openbsd.org
OpenBSD-Commit-ID: d2a80e389da8e7ed71978643d8cbaa8605b597a8
2019-01-22upstream: Forgot to add -J to the synopsis.tb@openbsd.org
OpenBSD-Commit-ID: 26d95e409a0b72526526fc56ca1caca5cc3d3c5e
2019-01-22upstream: Add a -J option as a shortcut for -o Proxyjump= to scp(1)tb@openbsd.org
and sftp(1) to match ssh(1)'s interface. ok djm OpenBSD-Commit-ID: a75bc2d5f329caa7229a7e9fe346c4f41c2663fc
2019-01-22Allow building against OpenSSL dev (3.x) version.Darren Tucker
2019-01-22typoDamien Miller
2019-01-22add missing headerDamien Miller
2019-01-22upstream: switch sntrup implementation source from supercop todjm@openbsd.org
libpqcrypto; the latter is almost identical but doesn't rely on signed underflow to implement an optimised integer sort; from markus@ OpenBSD-Commit-ID: cd09bbf0e0fcef1bedca69fdf7990dc360567cf8
2019-01-22new files need includes.hDamien Miller
2019-01-21upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn updjm@openbsd.org
debug verbosity. Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run in debug mode ("ssh-agent -d"), so we get to see errors from the PKCS#11 code. ok markus@ OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
2019-01-21upstream: adapt to changes in KEX APIs and file removalsdjm@openbsd.org
OpenBSD-Regress-ID: 54d6857e7c58999c7a6d40942ab0fed3529f43ca
2019-01-21upstream: adapt to changes in KEX API and file removalsdjm@openbsd.org
OpenBSD-Regress-ID: 92cad022d3b0d11e08f3e0055d6a14b8f994c0d7
2019-01-21upstream: adapt to bignum1 API removal and bignum2 API changedjm@openbsd.org
OpenBSD-Regress-ID: cea6ff270f3d560de86b355a87a2c95b55a5ca63
2019-01-21upstream: remove hack to use non-system libcryptodjm@openbsd.org
OpenBSD-Regress-ID: ce72487327eee4dfae1ab0212a1f33871fe0809f
2019-01-21dependDamien Miller
2019-01-21upstream: fix reversed arguments to kex_load_hostkey(); manifested asdjm@openbsd.org
errors in cert-hostkey.sh regress failures. OpenBSD-Commit-ID: 12dab63850b844f84d5a67e86d9e21a42fba93ba
2019-01-21upstream: forgot to cvs add this file in previous series of commits;djm@openbsd.org
grrr OpenBSD-Commit-ID: bcff316c3e7da8fd15333e05d244442c3aaa66b0
2019-01-21upstream: nothing shall escape this purgedjm@openbsd.org
OpenBSD-Commit-ID: 4795b0ff142b45448f7e15f3c2f77a947191b217
2019-01-21upstream: rename kex->kem_client_pub -> kex->client_pub now thatdjm@openbsd.org
KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
2019-01-21upstream: merge kexkem[cs] into kexgendjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: 87d886b7f1812ff9355fda1435f6ea9b71a0ac89