| Age | Commit message (Collapse) | Author |
|---|
|
Expand ssh_config's StrictModes option with two new
settings:
StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connections for changed or invalid hostkeys.
StrictModes=off is the same as StrictModes=no
Motivation:
StrictModes=no combines two behaviours for host key processing:
automatically learning new hostkeys and continuing to connect to hosts
with invalid/changed hostkeys. The latter behaviour is quite dangerous
since it removes most of the protections the SSH protocol is supposed to
provide.
Quite a few users want to automatically learn hostkeys however, so
this makes that feature available with less danger.
At some point in the future, StrictModes=no will change to be a synonym
for accept-new, with its current behaviour remaining available via
StrictModes=off.
bz#2400, suggested by Michael Samuel; ok markus
Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
|
|
remove blank line;
Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423
|
|
identify the case where SSHFP records are missing but
other DNS RR types are present and display a more useful error message for
this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244
|
|
document available AuthenticationMethods; bz#2453 ok
dtucker@
Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0
|
|
pass packet state down to some of the channels function
(more to come...); ok markus@
Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
|
|
sort options;
Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c
|
|
add a -q option to ssh-add to make it quiet on success.
if you want to silence ssh-add without this you generally redirect
the output to /dev/null, but that can hide error output which you
should see.
ok djm@
Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c
|
|
Increase the buffer sizes for user prompts to ensure that
they won't be truncated by snprintf. Based on patch from cjwatson at
debian.org via bz#2768, ok djm@
Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e
|
|
FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> in 2014 to
avoid future conflicts with POSIX capabilities (the last release that
didn't have it was 9.3) so switch to that. Patch from des at des.no.
|
|
Patch from cjwatson at debian.org via bz#2767.
|
|
platform.o is too heavy for libssh.a use; it calls into the server on
many platforms. Move just the function needed by misc.c into its own
file.
|
|
|
|
add a "quiet" flag to exited_cleanly() that supresses
errors about exit status (failure due to signal is still reported)
Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0
|
|
Move several subprocess-related functions from various
locations to misc.c. Extend subprocess() to offer a little more control over
stdio disposition.
feedback & ok dtucker@
Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
|
|
make "--" before the hostname terminate command-line
option processing completely; previous behaviour would not prevent further
options appearing after the hostname (ssh has a supported options after the
hostname for >20 years, so that's too late to change).
ok deraadt@
Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89
|
|
Switch from aes256-cbc to aes256-ctr for encrypting
new-style private keys. The latter having the advantage of being supported
for no-OpenSSL builds; bz#2754 ok markus@
Upstream-ID: 54179a2afd28f93470471030567ac40431e56909
|
|
refuse to a private keys when its corresponding .pub key
does not match. bz#2737 ok dtucker@
Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913
|
|
don't print verbose error message when ssh disconnects
under sftp; bz#2750; ok dtucker@
Upstream-ID: 6d83708aed77b933c47cf155a87dc753ec01f370
|
|
Tweak previous keepalive commit: if last_time + keepalive
<= now instead of just "<" so client_alive_check will fire if the select
happens to return on exact second of the timeout. ok djm@
Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc
|
|
Keep track of the last time we actually heard from the
client and use this to also schedule a client_alive_check(). Prevents
activity on a forwarded port from indefinitely preventing the select timeout
so that client_alive_check() will eventually (although not optimally) be
called.
Analysis by willchan at google com via bz#2756, feedback & ok djm@
Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e
|
|
bz#2408; ok dtucker@
|
|
This fixes a few problems in the tun forwarding code, mostly to do
with host/network byte order confusion.
Based on a report and patch by stepe AT centaurus.uberspace.de;
bz#2735; ok dtucker@
|
|
Make WinSCP patterns for SSH_OLD_DHGEX more specific to
exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@
Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a
|
|
g/c unused variable; make a little more portable
Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea
|
|
Allow IPQoS=none in ssh/sshd to not set an explicit
ToS/DSCP value and just use the operating system default; ok dtucker@
Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e
|
|
|
|
fix support for unknown key types; ok djm@
Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48
|
|
switch from select() to poll() for the ssh-agent
mainloop; ok markus
Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448
|
|
Make ""Killed by signal 1" LogLevel verbose so it's not
shown at the default level. Prevents it from appearing during ssh -J and
equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@
Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28
|
|
man pages with pseudo synopses which list filenames end
up creating very ugly output in man -k; after some discussion with ingo, we
feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly
helpful at page top, is contained already in FILES, and there are
sufficiently few that just zapping them is simple;
ok schwarze, who also helpfully ran things through a build to check
output;
Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c
|
|
zap redundant Makefile variables. okay djm@
Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604
|
|
slightly rework previous, to avoid an article issue;
Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30
|
|
When generating all hostkeys (ssh-keygen -A), clobber
existing keys if they exist but are zero length. zero-length keys could
previously be made if ssh-keygen failed part way through generating them, so
avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@
Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044
|
|
actually remove these files
Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac
|
|
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus
Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
|
|
|
|
UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris
Analysis by Robbie Zhang
|
|
|
|
Only call close once in confree(). ssh_packet_close will
close the FD so only explicitly close non-SSH channels. bz#2734, from
bagajjal at microsoft.com, ok djm@
Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02
|
|
|
|
Allow ssh-keygen to use a key held in ssh-agent as a CA when
signing certificates. bz#2377 ok markus
Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
|
|
regress test for ExposeAuthInfo
Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd
|
|
correct env var name
Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313
|
|
spelling;
Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25
|
|
don't pass pointer to struct sshcipher between privsep
processes, just redo the lookup in each using the already-passed cipher name.
bz#2704 based on patch from Brooks Davis; ok markus dtucker
Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0
|
|
refactor authentication logging
optionally record successful auth methods and public credentials
used in a file accessible to user sessions
feedback and ok markus@
Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
|
|
word fix;
Upstream-ID: 8539bdaf2366603a34a9b2f034527ca13bb795c5
|
|
switch sshconnect.c from (slightly abused) select() to
poll(); ok deraadt@ a while back
Upstream-ID: efc1937fc591bbe70ac9e9542bb984f354c8c175
|
|
use HostKeyAlias if specified instead of hostname for
matching host certificate principal names; bz#2728; ok dtucker@
Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd
|
|
no need to call log_init to reinitialise logged PID in
child sessions, since we haven't called openlog() in log_init() since 1999;
ok markus@
Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e
|
