Age | Commit message (Collapse) | Author |
|
partial backout of:
revision 1.441
date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid
: x8klYPZMJSrVlt3O;
Let sshd load public host keys even when private keys are missing.
Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@
hostkey updates now require access to the private key, so we can't
load public keys only. The improved log messages (fingerprints of keys
loaded) are kept.
|
|
Revise hostkeys@openssh.com hostkey learning extension.
The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.
Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.
ok markus@
|
|
Refactor hostkeys_foreach() and dependent code Deal with
IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing
changed ok markus@ as part of larger commit
|
|
Declare ge25519_base as extern, to prevent it from
becoming a common. Gets us rid of ``lignment 4 of symbol
`crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in
mod_ed25519.o'' warnings at link time.
|
|
make rekey_limit for sshd w/privsep work; ok djm@
dtucker@
|
|
Prevent sshd spamming syslog with
"ssh_dispatch_run_fatal: disconnected". ok markus@
|
|
Some packet error messages show the address of the peer,
but might be generated after the socket to the peer has suffered a TCP reset.
In these cases, getpeername() won't work so cache the address earlier.
spotted in the wild via deraadt@ and tedu@
|
|
fix some leaks in error paths ok markus@
|
|
SIZE_MAX is standard, we should be using it in preference to
the obsolete SIZE_T_MAX. OK miod@ beck@
|
|
Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
|
|
missing ; djm and mlarkin really having great
interactions recently
|
|
slightly extend the passphrase prompt if running with -c
in order to give the user a chance to notice if unintentionally running
without it
wording tweak and ok djm@
|
|
handle PKCS#11 C_Login returning
CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@
|
|
turn UpdateHostkeys off by default until I figure out
mlarkin@'s warning message; requested by deraadt@
|
|
increasing encounters with difficult DNS setups in
darknets has convinced me UseDNS off by default is better ok djm
|
|
Let sshd load public host keys even when private keys are
missing. Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@
|
|
Add a ssh_config HostbasedKeyType option to control which
host public key types are tried during hostbased authentication.
This may be used to prevent too many keys being sent to the server,
and blowing past its MaxAuthTries limit.
bz#2211 based on patch by Iain Morgan; ok markus@
|
|
set a timeout to prevent hangs when talking to busted
servers; ok markus@
|
|
regression test for 'wildcard CA' serial/key ID revocations
|
|
avoid more fatal/exit in the packet.c paths that
ssh-keyscan uses; feedback and "looks good" markus@
|
|
permit KRLs that revoke certificates by serial number or
key ID without scoping to a particular CA; ok markus@
|
|
missing parentheses after if in do_convert_from() broke
private key conversion from other formats some time in 2010; bz#2345 reported
by jjelen AT redhat.com
|
|
fix ssh protocol 1, spotted by miod@
|
|
update to new API (key_fingerprint => sshkey_fingerprint)
check sshkey_fingerprint return values; ok markus
|
|
avoid fatal() calls in packet code makes ssh-keyscan more
reliable against server failures ok dtucker@ markus@
|
|
avoid fatal() calls in packet code makes ssh-keyscan more
reliable against server failures ok dtucker@ markus@
|
|
remove obsolete comment
|
|
Since r1.2 removed the use of PRI* macros, inttypes.h is
no longer required.
ok djm@
|
|
|
|
|
|
|
|
temporary measure until active_state goes away entirely
|
|
use printf instead of echo -n to reduce diff against
-portable
|
|
sort previous;
|
|
properly restore umask
|
|
regression test for host key rotation
|
|
adapt to sshkey API tweaks
|
|
Move -lz late in the linker commandline for things to
build on static arches.
|
|
-Wpointer-sign is supported by gcc 4 only.
|
|
use SUBDIR to recuse into unit tests; makes "make obj"
actually work
|
|
correct description of UpdateHostKeys in ssh_config.5 and
add it to -o lists for ssh, scp and sftp; pointed out by jmc@
|
|
correctly match ECDSA subtype (== curve) for
offered/recevied host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with different curve type (an extremely
unlikely configuration).
ok markus, "looks mechanical" deraadt@
|
|
Host key rotation support.
Add a hostkeys@openssh.com protocol extension (global request) for
a server to inform a client of all its available host key after
authentication has completed. The client may record the keys in
known_hosts, allowing it to upgrade to better host key algorithms
and a server to gracefully rotate its keys.
The client side of this is controlled by a UpdateHostkeys config
option (default on).
ok markus@
|
|
small refactor and add some convenience functions; ok
markus
|
|
heirarchy -> hierarchy;
|
|
Provide a warning about chroot misuses (which sadly, seem
to have become quite popular because shiny). sshd cannot detect/manage/do
anything about these cases, best we can do is warn in the right spot in the
man page. ok markus
|
|
Reduce use of <sys/param.h> and transition to <limits.h>
throughout. ok djm markus
|
|
kex_setup errors are fatal()
|
|
this test would accidentally delete agent.sh if run without
obj/
|
|
make this compile with KERBEROS5 enabled
|