summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-02-17upstream commitdjm@openbsd.org
enable hostkeys unit tests
2015-02-17upstream commitdjm@openbsd.org
check string/memory compare arguments aren't NULL
2015-02-17upstream commitdjm@openbsd.org
unit tests for hostfile.c code, just hostkeys_foreach so far
2015-02-17upstream commitmarkus@openbsd.org
test server rekey limit
2015-02-17upstream commitdjm@openbsd.org
partial backout of: revision 1.441 date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid : x8klYPZMJSrVlt3O; Let sshd load public host keys even when private keys are missing. Allows sshd to advertise additional keys for future key rotation. Also log fingerprint of hostkeys loaded; ok markus@ hostkey updates now require access to the private key, so we can't load public keys only. The improved log messages (fingerprints of keys loaded) are kept.
2015-02-17upstream commitdjm@openbsd.org
Revise hostkeys@openssh.com hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
2015-02-17upstream commitdjm@openbsd.org
Refactor hostkeys_foreach() and dependent code Deal with IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing changed ok markus@ as part of larger commit
2015-02-17upstream commitmiod@openbsd.org
Declare ge25519_base as extern, to prevent it from becoming a common. Gets us rid of ``lignment 4 of symbol `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in mod_ed25519.o'' warnings at link time.
2015-02-17upstream commitmarkus@openbsd.org
make rekey_limit for sshd w/privsep work; ok djm@ dtucker@
2015-02-17upstream commitdtucker@openbsd.org
Prevent sshd spamming syslog with "ssh_dispatch_run_fatal: disconnected". ok markus@
2015-02-11upstream commitdjm@openbsd.org
Some packet error messages show the address of the peer, but might be generated after the socket to the peer has suffered a TCP reset. In these cases, getpeername() won't work so cache the address earlier. spotted in the wild via deraadt@ and tedu@
2015-02-11upstream commitjsg@openbsd.org
fix some leaks in error paths ok markus@
2015-02-09upstream commitmillert@openbsd.org
SIZE_MAX is standard, we should be using it in preference to the obsolete SIZE_T_MAX. OK miod@ beck@
2015-02-07upstream commitmillert@openbsd.org
Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
2015-02-05upstream commitderaadt@openbsd.org
missing ; djm and mlarkin really having great interactions recently
2015-02-05upstream commithalex@openbsd.org
slightly extend the passphrase prompt if running with -c in order to give the user a chance to notice if unintentionally running without it wording tweak and ok djm@
2015-02-03upstream commitdjm@openbsd.org
handle PKCS#11 C_Login returning CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@
2015-02-03upstream commitdjm@openbsd.org
turn UpdateHostkeys off by default until I figure out mlarkin@'s warning message; requested by deraadt@
2015-02-03upstream commitderaadt@openbsd.org
increasing encounters with difficult DNS setups in darknets has convinced me UseDNS off by default is better ok djm
2015-02-01upstream commitdjm@openbsd.org
Let sshd load public host keys even when private keys are missing. Allows sshd to advertise additional keys for future key rotation. Also log fingerprint of hostkeys loaded; ok markus@
2015-01-30upstream commitdjm@openbsd.org
Add a ssh_config HostbasedKeyType option to control which host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
2015-01-30upstream commitdjm@openbsd.org
set a timeout to prevent hangs when talking to busted servers; ok markus@
2015-01-30upstream commitdjm@openbsd.org
regression test for 'wildcard CA' serial/key ID revocations
2015-01-30upstream commitdjm@openbsd.org
avoid more fatal/exit in the packet.c paths that ssh-keyscan uses; feedback and "looks good" markus@
2015-01-30upstream commitdjm@openbsd.org
permit KRLs that revoke certificates by serial number or key ID without scoping to a particular CA; ok markus@
2015-01-30upstream commitdjm@openbsd.org
missing parentheses after if in do_convert_from() broke private key conversion from other formats some time in 2010; bz#2345 reported by jjelen AT redhat.com
2015-01-30upstream commitdjm@openbsd.org
fix ssh protocol 1, spotted by miod@
2015-01-29upstream commitdjm@openbsd.org
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
2015-01-29upstream commitdjm@openbsd.org
avoid fatal() calls in packet code makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
2015-01-29upstream commitdjm@openbsd.org
avoid fatal() calls in packet code makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
2015-01-29upstream commitdjm@openbsd.org
remove obsolete comment
2015-01-29upstream commitokan@openbsd.org
Since r1.2 removed the use of PRI* macros, inttypes.h is no longer required. ok djm@
2015-01-27compile on systems without TCP_MD5SIG (e.g. OSX)Damien Miller
2015-01-27use ssh-keygen under test rather than system'sDamien Miller
2015-01-27OSX lacks HOST_NAME_MAX, has _POSIX_HOST_NAME_MAXDamien Miller
2015-01-27these need active_state defined to link on OSXDamien Miller
temporary measure until active_state goes away entirely
2015-01-27upstream commitdjm@openbsd.org
use printf instead of echo -n to reduce diff against -portable
2015-01-27upstream commitjmc@openbsd.org
sort previous;
2015-01-27upstream commitdjm@openbsd.org
properly restore umask
2015-01-27upstream commitdjm@openbsd.org
regression test for host key rotation
2015-01-27upstream commitdjm@openbsd.org
adapt to sshkey API tweaks
2015-01-27upstream commitmiod@openbsd.org
Move -lz late in the linker commandline for things to build on static arches.
2015-01-27upstream commitmiod@openbsd.org
-Wpointer-sign is supported by gcc 4 only.
2015-01-27upstream commitdjm@openbsd.org
use SUBDIR to recuse into unit tests; makes "make obj" actually work
2015-01-27upstream commitdjm@openbsd.org
correct description of UpdateHostKeys in ssh_config.5 and add it to -o lists for ssh, scp and sftp; pointed out by jmc@
2015-01-27upstream commitdjm@openbsd.org
correctly match ECDSA subtype (== curve) for offered/recevied host keys. Fixes connection-killing host key mismatches when a server offers multiple ECDSA keys with different curve type (an extremely unlikely configuration). ok markus, "looks mechanical" deraadt@
2015-01-27upstream commitdjm@openbsd.org
Host key rotation support. Add a hostkeys@openssh.com protocol extension (global request) for a server to inform a client of all its available host key after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default on). ok markus@
2015-01-27upstream commitdjm@openbsd.org
small refactor and add some convenience functions; ok markus
2015-01-26upstream commitjmc@openbsd.org
heirarchy -> hierarchy;
2015-01-26upstream commitderaadt@openbsd.org
Provide a warning about chroot misuses (which sadly, seem to have become quite popular because shiny). sshd cannot detect/manage/do anything about these cases, best we can do is warn in the right spot in the man page. ok markus