summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-02-01upstream: force early logging to stderr if debug_flag (-d) is set;djm@openbsd.org
avoids missing messages from re-exec config passing OpenBSD-Commit-ID: 02484b8241c1f49010e7a543a7098e6910a8c9ff
2020-02-01upstream: mistake in previous: filling the incorrect bufferdjm@openbsd.org
OpenBSD-Commit-ID: 862ee84bd4b97b529f64aec5d800c3dcde952e3a
2020-02-01upstream: Add a sshd_config "Include" directive to allow inclusiondjm@openbsd.org
of files. This has sensible semantics wrt Match blocks and accepts glob(3) patterns to specify the included files. Based on patch by Jakub Jelen in bz2468; feedback and ok markus@ OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff
2020-02-01upstream: spelling fix;jmc@openbsd.org
OpenBSD-Commit-ID: 3c079523c4b161725a4b15dd06348186da912402
2020-01-31upstream: document changed default for UpdateHostKeysdjm@openbsd.org
OpenBSD-Commit-ID: 25c390b21d142f78ac0106241d13441c4265fd2c
2020-01-31upstream: enable UpdateKnownHosts=yes if the configurationdjm@openbsd.org
specifies only the default known_hosts files, otherwise select UpdateKnownHosts=ask; ok markus@ OpenBSD-Commit-ID: ab401a5ec4a33d2e1a9449eae6202e4b6d427df7
2020-01-30Look in inttypes.h for UINT32_MAX.Darren Tucker
Should prevent warnings on at least some AIX versions.
2020-01-30upstream: use sshpkt_fatal() instead of plain fatal() fordjm@openbsd.org
ssh_packet_write_poll() failures here too as the former yields better error messages; ok dtucker@ OpenBSD-Commit-ID: 1f7a6ca95bc2b716c2e948fc1370753be772d8e3
2020-01-30upstream: check the return value of ssh_packet_write_poll() anddjm@openbsd.org
call sshpkt_fatal() if it fails; avoid potential busy-loop under some circumstances. Based on patch by Mike Frysinger; ok dtucker@ OpenBSD-Commit-ID: c79fe5cf4f0cd8074cb6db257c1394d5139408ec
2020-01-30upstream: have sshpkt_fatal() save/restore errno before wedjm@openbsd.org
potentially call strerror() (via ssh_err()); ok dtucker OpenBSD-Commit-ID: 5590df31d21405498c848245b85c24acb84ad787
2020-01-30upstream: markus suggests a simplification to previousdjm@openbsd.org
OpenBSD-Commit-ID: 10bbfb6607ebbb9a018dcd163f0964941adf58de
2020-01-29upstream: give more context to UpdateHostKeys messages, mentioningdjm@openbsd.org
that the changes are validated by the existing trusted host key. Prompted by espie@ feedback and ok markus@ OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5
2020-01-29upstream: changes to support FIDO attestationdjm@openbsd.org
Allow writing to disk the attestation certificate that is generated by the FIDO token at key enrollment time. These certificates may be used by an out-of-band workflow to prove that a particular key is held in trustworthy hardware. Allow passing in a challenge that will be sent to the card during key enrollment. These are needed to build an attestation workflow that resists replay attacks. ok markus@ OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6
2020-01-29upstream: disable UpdateHostKeys=ask when in quiet mode; "work fordjm@openbsd.org
me" matthieu@ OpenBSD-Commit-ID: 60d7b5eb91accf935ed9852650a826d86db2ddc7
2020-01-28compat for missing IPTOS_DSCP_LE in system headersDamien Miller
2020-01-28upstream: make IPTOS_DSCP_LE available via IPQoS directive; bz2986,djm@openbsd.org
based on patch by veegish AT cyberstorm.mu OpenBSD-Commit-ID: 9902bf4fbb4ea51de2193ac2b1d965bc5d99c425
2020-01-28upstream: disable UpdateHostKeys=ask if command is specified; okmarkus@openbsd.org
djm@ sthen@ OpenBSD-Commit-ID: e5bcc45eadb78896637d4143d289f1e42c2ef5d7
2020-01-28upstream: unbreak unittests for recent API / source file changesdjm@openbsd.org
OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0
2020-01-26Move definition of UINT32_MAX.Darren Tucker
This allows us to always define it if needed not just if we also define the type ourself.
2020-01-26upstream: unbreak unittests for recent API / source file changesdjm@openbsd.org
OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0
2020-01-26Include signal.h to prevent redefintion of _NSIG.Darren Tucker
2020-01-26Wrap stdint.h in tests inside HAVE_STDINT_H.Darren Tucker
2020-01-26upstream: for UpdateHostKeys, don't report errors for unsupporteddjm@openbsd.org
key types - just ignore them. spotted by and ok dtucker@ OpenBSD-Commit-ID: 91769e443f6197c983932fc8ae9d39948727d473
2020-01-26upstream: downgrade error() for missing subsequent known_hostsdjm@openbsd.org
files to debug() as it was intended to be; spotted by dtucker@ OpenBSD-Commit-ID: 18cfea382cb52f2da761be524e309cc3d5354ef9
2020-01-26upstream: clarify that BatchMode applies to all interactive promptsdjm@openbsd.org
(e.g. host key confirmation) and not just password prompts. OpenBSD-Commit-ID: 97b001883d89d3fb1620d2e6b747c14a26aa9818
2020-01-26upstream: tidy headers; some junk snuck into sshbuf-misc.c anddjm@openbsd.org
sshbuf-io.c doesn't need SSHBUF_INTERNAL set OpenBSD-Commit-ID: 27a724d2e0b2619c1a1490f44093bbd73580d9e6
2020-01-26dependDamien Miller
2020-01-26upstream: improve the error message for u2f enrollment errors bydjm@openbsd.org
making ssh-keygen be solely responsible for printing the error message and convertint some more common error responses from the middleware to a useful ssherr.h status code. more detail remains visible via -v of course. also remove indepedent copy of sk-api.h declarations in sk-usbhid.c and just include it. feedback & ok markus@ OpenBSD-Commit-ID: a4a8ffa870d9a3e0cfd76544bcdeef5c9fb1f1bb
2020-01-26upstream: factor out reading/writing sshbufs to dedicateddjm@openbsd.org
functions; feedback and ok markus@ OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d
2020-01-26upstream: add a comment describing the ranges of channel IDs thatdjm@openbsd.org
we use; requested by markus@ OpenBSD-Commit-ID: 83a1f09810ffa3a96a55fbe32675b34ba739e56b
2020-01-26upstream: make sshd_config:ClientAliveCountMax=0 disable thedjm@openbsd.org
connection killing behaviour, rather than killing the connection after sending the first liveness test probe (regardless of whether the client was responsive) bz2627; ok markus OpenBSD-Commit-ID: 5af79c35f4c9fa280643b6852f524bfcd9bccdaf
2020-01-26upstream: clarify order of AllowUsers/DenyUsers vsdjm@openbsd.org
AllowGroups/DenyGroups; bz1690, ok markus@ OpenBSD-Commit-ID: 5637584ec30db9cf64822460f41b3e42c8f9facd
2020-01-25upstream: when AddKeysToAgent=yes is set and the key contains nodjm@openbsd.org
comment, add the key to the agent with the key's path as the comment. bz2564 OpenBSD-Commit-ID: 8dd8ca9340d7017631a27f4ed5358a4cfddec16f
2020-01-25upstream: group14-sha1 is no longer a default algorithmtedu@openbsd.org
OpenBSD-Commit-ID: a96f04d5e9c2ff760c6799579dc44f69b4ff431d
2020-01-25upstream: reword HashKnownHosts description a little more; somedjm@openbsd.org
people found the wording confusing (bz#2560) OpenBSD-Commit-ID: ac30896598694f07d498828690aecd424c496988
2020-01-25upstream: weaken the language for what HashKnownHosts provides withdjm@openbsd.org
regards to known_hosts name privacy, it's not practical for this option to offer any guarantee that hostnames cannot be recovered from a disclosed known_hosts file (e.g. by brute force). OpenBSD-Commit-ID: 13f1e3285f8acf7244e9770074296bcf446c6972
2020-01-25upstream: the GatewayPorts vs -R listen address selection logic isdjm@openbsd.org
still confusing people, so add another comment explaining the special handling of "localhost"; bz#3258 OpenBSD-Commit-ID: e6bf0f0fbf1c7092bf0dbd9c6eab105970b5b53a
2020-01-25upstream: mention that permitopen=/PermitOpen do no name to addressdjm@openbsd.org
translation; prompted by bz3099 OpenBSD-Commit-ID: 0dda8e54d566b29855e76bebf9cfecce573f5c23
2020-01-25include tunnel device path in error messageDamien Miller
2020-01-25upstream: unrevert this:djm@openbsd.org
> revision 1.217 > date: 2019/11/27 03:34:04; author: dtucker; state: Exp; lines: +5 -7; commitid: wkiMn49XJyjzoJIs; > Make channel_id u_int32_t and remove unnecessary check and cast that were > left over from the type conversion. Noted by t-hashida@amiya.co.jp in > bz#3098, ok markus@ djm@ Darren was right the first time; ok dtucker@ "agreed" markus@ OpenBSD-Commit-ID: 641dd1b99a6bbd85b7160da462ae1be83432c7c8
2020-01-25upstream: Move setting $NC into test-exec since it's now used bydtucker@openbsd.org
multiple tests, and in -portable we use our own local copy to avoid portability problems. OpenBSD-Regress-ID: ceb78445fcaac317bec2fc51b3f0d9589048c114
2020-01-25Put EC key export inside OPENSSL_HAS_ECC.Darren Tucker
Fixes link error when building against an OpenSSL that does not have ECC.
2020-01-25upstream: Wait a bit longer for the multiplex master to become readydtucker@openbsd.org
since on very slow hosts the current delay is not sufficient and the test will fail. OpenBSD-Regress-ID: 6d90c7475d67ac3a95610b64af700629ece51a48
2020-01-25upstream: Add a connection test for proxycommand. This would havedtucker@openbsd.org
caught the problem caused by ssh.c rev 1.507 wherein Host and Hostname were swapped. Prompted by beck@ OpenBSD-Regress-ID: d218500ae6aca4c479c27318fb5b09ebc00f7aae
2020-01-25upstream: set UpdateKnownHosts=ask by default; bz#2894; okdjm@openbsd.org
markus@ OpenBSD-Commit-ID: f09cb3177f3a14c96428e14f347e976a8a531fee
2020-01-25upstream: allow UpdateKnownHosts=yes to function when multipledjm@openbsd.org
known_hosts files are in use. When updating host keys, ssh will now search subsequent known_hosts files, but will add new/changed host keys to the first specified file only. bz#2738 ok markus@ OpenBSD-Commit-ID: 6ded6d878a03e57d5aa20bab9c31f92e929dbc6c
2020-01-25upstream: process security key provider via realpath() in agent,djm@openbsd.org
avoids malicious client from being able to cause agent to load arbitrary libraries into ssh-sk-helper. reported by puck AT puckipedia.com; ok markus OpenBSD-Commit-ID: 1086643df1b7eee4870825c687cf0c26a6145d1c
2020-01-25upstream: expose PKCS#11 key labels/X.509 subjects as commentsdjm@openbsd.org
Extract the key label or X.509 subject string when PKCS#11 keys are retrieved from the token and plumb this through to places where it may be used as a comment. based on https://github.com/openssh/openssh-portable/pull/138 by Danielle Church feedback and ok markus@ OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
2020-01-25upstream: tweak proctitle to include sshd arguments, as these aredjm@openbsd.org
frequently used to distinguish between multiple independent instances of the server. New proctitle looks like this: $ pgrep -lf sshd 12844 sshd: /usr/sbin/sshd -f /etc/ssh/sshd_config [listener] 0 of 10-100 startups requested by sthen@ and aja@; ok aja@ OpenBSD-Commit-ID: cf235a561c655a3524a82003cf7244ecb48ccc1e
2020-01-25upstream: add xextendf() to extend a string with a formatdjm@openbsd.org
(reallocating as necessary). ok aja@ as part of a larger diff OpenBSD-Commit-ID: 30796b50d330b3e0e201747fe40cdf9aa70a77f9
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-06 21:57:33 +0000