Age | Commit message (Collapse) | Author |
|
It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:
date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
Rename COMP_DELAYED to COMP_ZLIB
Only delayed compression is supported nowadays.
ok markus@
date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
Remove leftovers from pre-authentication compression
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
|
|
Only delayed compression is supported nowadays.
ok markus@
OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821
|
|
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58
|
|
ok markus@
OpenBSD-Commit-ID: 9d34cf2f59aca5422021ae2857190578187dc2b4
|
|
Do not write to bufsiz until we are sure the malloc has succeeded,
in case any callers rely on it (which they shouldn't). ok djm@
|
|
read_environment_file recently gained an extra argument Some platform
specific code also calls it so add the argument to those too. Fixes
build on Solaris and AIX.
|
|
match_filter_blacklist()
OpenBSD-Regress-ID: 2da342be913efeb51806351af906fab01ba4367f
|
|
PubkeyAcceptedKeyTypes and, by proxy, test kex_assemble_names()
ok markus@
OpenBSD-Regress-ID: 292978902e14d5729aa87e492dd166c842f72736
|
|
goose chasing
OpenBSD-Regress-ID: d469b29ffadd3402c090e21b792d627d46fa5297
|
|
signature work - returns ability to add/remove/specify algorithms by
wildcard.
Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.
Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.
(lots of) feedback, ok markus@
OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
|
|
OpenBSD-Regress-ID: e5a9b11368ff6d86e7b25ad10ebe43359b471cd4
|
|
|
|
for certs hosted in ssh-agent
OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f
|
|
OpenBSD-Commit-ID: c36981fdf1f3ce04966d3310826a3e1e6233d93e
|
|
for prior version; part of RSA-SHA2 strictification, ok markus@
OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b
|
|
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
|
|
pattern-list of whitelisted environment variable names in addition to yes|no.
bz#1800, feedback and ok markus@
OpenBSD-Commit-ID: 77dc2b468e0bf04b53f333434ba257008a1fdf24
|
|
when choosing a prime. An extra increment of linenum snuck in as part of the
conversion to getline(). OK djm@ markus@
OpenBSD-Commit-ID: 0019225cb52ed621b71cd9f19ee2e78e57e3dd38
|
|
doesn't seem to mind, but some platforms in -portable object to the second.
OpenBSD-Regress-ID: d6c3e404871764343761dc25c3bbe29c2621ff74
|
|
Add getline for the benefit of platforms that don't have it. Sourced
from NetBSD (OpenBSD's implementation is a little too chummy with the
internals of FILE).
|
|
OpenBSD-Commit-ID: 9276951caf4daf555f6d262e95720e7f79244572
|
|
OpenBSD-Commit-ID: c968c1d29e392352383c0f9681fcc1e93620c4a9
|
|
OpenBSD-Commit-ID: db542918185243bea17202383a581851736553cc
|
|
OpenBSD-Regress-ID: 4b50a02dfb0ccaca08247f3877c444126ba901b3
|
|
e.g.
PermitListen 2222 8080
is equivalent to:
PermitListen *:2222 *:8080
Some bonus manpage improvements, mostly from markus@
"looks fine" markus@
OpenBSD-Commit-ID: 6546b0cc5aab7f53d65ad0a348ca0ae591d6dd24
|
|
temporarily_use_uid() when the target uid differs; could cause failure to
read authorized_keys under some configurations. patch by Jakub Jelen via
bz2873; ok dtucker, markus
OpenBSD-Commit-ID: 48a345f0ee90f6c465a078eb5e89566b23abd8a1
|
|
OpenBSD-Commit-ID: fc808daced813242563b80976e1478de95940056
|
|
OpenBSD-Commit-ID: 27d80d8b8ca99bc33971dee905e8ffd0053ec411
|
|
Jelen via bz2386
OpenBSD-Commit-ID: 14bea3f069a93c8be66a7b97794255a91fece964
|
|
administrator to explicitly specify environment variables set in sessions
started by sshd. These override the default environment and any variables set
by user configuration (PermitUserEnvironment, etc), but not the SSH_*
variables set by sshd itself.
ok markus@
OpenBSD-Commit-ID: b6a96c0001ccd7dd211df6cae9e961c20fd718c0
|
|
environment variables for the remote session (subject to the server accepting
them)
refactor SendEnv to remove the arbitrary limit of variable names.
ok markus@
OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
|
|
read from ~/.ssh/environment (if enabled) do not override SSH_* variables set
by the server.
OpenBSD-Commit-ID: 59f9d4c213cdcef2ef21f4b4ae006594dcf2aa7a
|
|
load_public_identity_files(); reported by Roumen Petrov
OpenBSD-Commit-ID: a827289e77149b5e0850d72a350c8b0300e7ef25
|
|
messages
OpenBSD-Commit-ID: c70a60b4c8207d9f242fc2351941ba50916bb267
|
|
OpenBSD-Commit-ID: f98f16af10b28e24bcecb806cb71ea994b648fd6
|
|
Since autoconf always uses $CC to link C programs, allowing users to
override LD caused mismatches between what LD_LINK_IFELSE thought worked
and what ld thought worked. If you do need to do this kind of thing you
need to set a compiler flag such as gcc's -fuse-ld in LDFLAGS.
|
|
Should prevent "unsupported -Wl,-z,retpoline" warnings during linking.
ok djm@
|
|
OpenBSD-Regress-ID: 492279ea9f65657f97a970e0e7c7fd0b339fee23
|
|
insomnia-fueled commits last night
OpenBSD-Commit-ID: 26f23622e928996086e85b1419cc1c0f136e359c
|
|
OpenBSD-Regress-ID: ab12eb42f0e14926980441cf7c058a6d1d832ea5
|
|
authorized_keys lines that contained permitopen/permitlisten were being
treated as invalid.
OpenBSD-Commit-ID: 7ef41d63a5a477b405d142dc925b67d9e7aaa31b
|
|
static limits noted by gerhard@; ok dtucker@, djm@
OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
|
|
OpenBSD-Regress-ID: ce8b5f28fc039f09bb297fc4a92319e65982ddaf
|
|
OpenBSD-Commit-ID: 86910af8f781a4ac5980fea125442eb25466dd78
|
|
OpenBSD-Commit-ID: 35b200cba4e46a16a4db6a80ef11838ab0fad67c
|
|
OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
|
|
addresses may be listened on when the client requests remote forwarding (ssh
-R).
This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.
feedback and ok markus@
OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
|
|
Instead of testing for each specific key type, use ssh-keygen -A to
generate any missing host key types.
|
|
make the grammatical format in sshd_config.5 match that in ssh_config.5;
OpenBSD-Commit-ID: e325663b9342f3d556e223e5306e0d5fa1a74fa0
|
|
OpenBSD-Commit-ID: 23585576c807743112ab956be0fb3c786bdef025
|