Age | Commit message (Collapse) | Author |
|
with & ok markus@
OpenBSD-Commit-ID: 222337cf6c96c347f1022d976fac74b4257c061f
|
|
with & ok markus@
OpenBSD-Commit-ID: eb146878b24e85c2a09ee171afa6797c166a2e21
|
|
with & ok markus@
OpenBSD-Commit-ID: 4e3893937bae66416e984b282d8f0f800aafd802
|
|
with & ok markus@
OpenBSD-Commit-ID: 1cb869e0d6e03539f943235641ea070cae2ebc58
|
|
with & ok markus@
OpenBSD-Commit-ID: 497b36500191f452a22abf283aa8d4a9abaee7fa
|
|
use this to give packet-related fatal error messages more context (esp. the
remote endpoint) ok markus@
OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50
|
|
API, started almost exactly six years ago.
This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.
with & ok markus@
OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
|
|
a password that was entered too early are likely clobbered by the prompt.
Idea from doas.
from and ok djm
"i like it" deraadt
OpenBSD-Commit-ID: 5fb97c68df6d8b09ab37f77bca1d84d799c4084e
|
|
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
|
|
Some systems (eg older OS X) do not have utimensat, so provide minimal
implementation in compat layer. Fixes build on at least El Capitan.
|
|
depending on ssh returning a particular error message for banner parsing
failure)
reminded by bluhm@
OpenBSD-Regress-ID: f24fc303d40931157431df589b386abf5e1be575
|
|
=?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: d53dede6e521161bf04d39d09947db6253a38271
|
|
McKellar
OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51
|
|
patch from Markus Schmidt
OpenBSD-Commit-ID: f3db619f67beb53257b21bac0e92b4fb7d5d5737
|
|
request they do not follow symlinks. Requires recently-committed
lsetstat@openssh.com extension on the server side.
ok markus@ dtucker@
OpenBSD-Commit-ID: f93bb3f6f7eb2fb7ef1e59126e72714f1626d604
|
|
replicates the functionality of the existing SSH2_FXP_SETSTAT operation but
does not follow symlinks. Based on a patch from Bert Haverkamp in bz#2067 but
with more attribute modifications supported.
ok markus@ dtucker@
OpenBSD-Commit-ID: f7234f6e90db19655d55d936a115ee4ccb6aaf80
|
|
passwd/kbdint authmethods by moving them to the client authctxt; Patch from
Markus Schmidt, ok markus@
OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f
|
|
Patch from Markus Schmidt; ok markus@
OpenBSD-Commit-ID: 7877f1b82e249986f1ef98d0ae76ce987d332bdd
|
|
function pointers; from Mike Frysinger
OpenBSD-Commit-ID: 7ef2305e50d3caa6326286db43cf2cfaf03960e0
|
|
rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@
OpenBSD-Commit-ID: afc6f7ca216ccd821656d1c911d2a3deed685033
|
|
don't do explicit kex_free() beforehand
OpenBSD-Regress-ID: f2f73bad47f62a2040ccba0a72cadcb12eda49cf
|
|
OpenBSD-Regress-ID: ca90c20a15a85b661e13e98b80c10e65cd662f7b
|
|
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.
Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).
Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@
OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
|
|
written bytes before the initial timer check so that the first buffer written
is accounted. Set the threshold after which the timer is checked such that
the limit starts being computed as soon as possible, ie after the second
buffer is written. This prevents an initial burst of traffic and provides a
more accurate bandwidth limit. bz#2927, ok djm.
OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6
|
|
KEX. It shouldn't be sent in subsequent ones, but if it is present we should
ignore it.
This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy
these clients. Reported by Jakub Jelen via bz2929; ok dtucker@
OpenBSD-Commit-ID: 91564118547f7807030ec537480303e2371902f9
|
|
OpenBSD-Commit-ID: e26c8bf2f2a808f3c47960e1e490d2990167ec39
|
|
authorized_keys) and -R (remove host from authorized_keys) options may accept
either a bare hostname or a [hostname]:port combo. bz#2935
OpenBSD-Commit-ID: 5535cf4ce78375968b0d2cd7aa316fa3eb176780
|
|
This makes the connection 4-tuple available to PAM modules that
wish to use it in decision-making. bz#2741
|
|
In 120a1ec74, loginmsg was changed from the legacy Buffer type
to struct sshbuf*, but it missed changing calls to
sys_auth_allowed_user and sys_auth_record_login which passed
loginmsg by address. Now that it's a pointer, just pass it directly.
This only affects AIX, unless there are out of tree users.
|
|
channel_init_channels() as we do it anyway in channel_handler_init() that we
call at the end of the function. Fix from Markus Schmidt via bz#2938
OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed
|
|
OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929
|
|
OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360
|
|
OpenBSD-Commit-ID: 08f096922eb00c98251501c193ff9e83fbb5de4f
|
|
|
|
Try the new init function (OPENSSL_init_crypto) before falling back to
the old one (OpenSSL_add_all_algorithms).
|
|
OpenSSL_add_all_algorithms() may be a macro so check for that too.
|
|
Matches in same pass as "Match canonical" but doesn't require
hostname canonicalisation be enabled. bz#2906 ok markus
OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa
|
|
now always used for SIGUSR1 even when SIGINFO is not defined. This will make
things simpler in -portable.
OpenBSD-Regress-ID: 4ff0265b335820b0646d37beb93f036ded0dc43f
|
|
RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code
This fixes the build with configureed --without-openssl.
|
|
|
|
square brackets in case statements may be eaten by autoconf.
Report and fix from Filipp Gunbin; tweaked by naddy@
|
|
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.
Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().
Prompted by patch from Rosen Penev
|
|
SIGINFO to resync with portable. (ID sync only).
OpenBSD-Regress-ID: 699d153e2de22dce51a1b270c40a98472d1a1b16
|
|
trap for them. This allows multiple instances of tests to run without
colliding.
OpenBSD-Regress-ID: 57add105ecdfc54752d8003acdd99eb68c3e0b4c
|
|
test "yes" and "sandbox".
OpenBSD-Regress-ID: 80e685ed8990766527dc629b1affc09a75bfe2da
|
|
UNITTEST_FAST?= no # Skip slow tests (e.g. less intensive fuzzing).
UNITTEST_SLOW?= no # Include slower tests (e.g. more intensive fuzzing).
UNITTEST_VERBOSE?= no # Verbose test output (inc. per-test names).
useful if you want to run the tests as a smoke test to exercise the
functionality without waiting for all the fuzzers to run.
OpenBSD-Regress-ID: e04d82ebec86068198cd903acf1c67563c57315e
|
|
It's unused in -portable, but having it out of sync makes other syncs
fail to apply.
|
|
loading the default hostkeys. Hostkeys explicitly specified in the
configuration or on the command-line are still reported as errors, and
failure to load at least one host key remains a fatal error.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Based on patch from Dag-Erling Smørgrav via
https://github.com/openssh/openssh-portable/pull/103
ok markus@
OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684
|
|
/dev/null. Fixes mosh in proxycommand mode that was broken by the previous
ProxyCommand change that was reported by matthieu@. ok djm@ danj@
OpenBSD-Commit-ID: c6fc9641bc250221a0a81c6beb2e72d603f8add6
|
|
started with ControlPersist; based on patch from Steffen Prohaska
OpenBSD-Commit-ID: 1bcaa14a03ae80369d31021271ec75dce2597957
|