Age | Commit message (Collapse) | Author |
|
|
|
Allow ssh-keygen to use a key held in ssh-agent as a CA when
signing certificates. bz#2377 ok markus
Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
|
|
regress test for ExposeAuthInfo
Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd
|
|
correct env var name
Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313
|
|
spelling;
Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25
|
|
don't pass pointer to struct sshcipher between privsep
processes, just redo the lookup in each using the already-passed cipher name.
bz#2704 based on patch from Brooks Davis; ok markus dtucker
Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0
|
|
refactor authentication logging
optionally record successful auth methods and public credentials
used in a file accessible to user sessions
feedback and ok markus@
Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
|
|
word fix;
Upstream-ID: 8539bdaf2366603a34a9b2f034527ca13bb795c5
|
|
switch sshconnect.c from (slightly abused) select() to
poll(); ok deraadt@ a while back
Upstream-ID: efc1937fc591bbe70ac9e9542bb984f354c8c175
|
|
use HostKeyAlias if specified instead of hostname for
matching host certificate principal names; bz#2728; ok dtucker@
Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd
|
|
no need to call log_init to reinitialise logged PID in
child sessions, since we haven't called openlog() in log_init() since 1999;
ok markus@
Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e
|
|
When using the escape sequence &~ the code path is
client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork()
and the pledge for this path lacks the proc promise and therefore aborts the
process. The solution is to just add proc the promise to this specific
pledge.
Reported by Gregoire Jadi gjadi ! omecha.info
Insight with tb@, OK jca@
Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b
|
|
Import regenerated moduli.
Upstream-ID: b25bf747544265b39af74fe0716dc8d9f5b63b95
|
|
Run the screen twice so we end up with more candidate
groups. ok djm@
Upstream-ID: b92c93266d8234d493857bb822260dacf4366157
|
|
Add user@host prefix to client's "Permisison denied"
messages, useful in particular when using "stacked" connections where it's
not clear which host is denying. bz#2720, ok djm@ markus@
Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be
|
|
Do not require that unknown EXT_INFO extension values not
contain \0 characters. This would cause fatal connection errors if an
implementation sent e.g. string-encoded sub-values inside a value.
Reported by Denis Bider; ok markus@
Upstream-ID: 030e10fdc605563c040244c4b4f1d8ae75811a5c
|
|
missing prototype.
Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9
|
|
Include replacement timespeccmp() for systems that lack it.
Support time_t struct stat->st_mtime in addition to
timespec stat->st_mtim, as well as unsorted fallback.
|
|
print '?' instead of incorrect link count (that the
protocol doesn't provide) for remote listings. bz#2710 ok dtucker@
Upstream-ID: c611f98a66302cea452ef10f13fff8cf0385242e
|
|
implement sorting for globbed ls; bz#2649 ok dtucker@
Upstream-ID: ed3110f351cc9703411bf847ba864041fb7216a8
|
|
return failure rather than fatal() for more cases during
mux negotiations. Causes the session to fall back to a non-mux connection if
they occur. bz#2707 ok dtucker@
Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab
|
|
in description of public key authentication, mention that
the server will send debug messages to the client for some error conditions
after authentication has completed. bz#2709 ok dtucker
Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd
|
|
better translate libcrypto errors by looking deeper in
the accursed error stack for codes that indicate the wrong passphrase was
supplied for a PEM key. bz#2699 ok dtucker@
Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681
|
|
Add comments referring to the relevant RFC sections for
rekeying behaviour.
Upstream-ID: 6fc8e82485757a27633f9175ad00468f49a07d40
|
|
Drop PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO.
Patch from huieying.lee AT oracle.com via bz#2723
|
|
|
|
unbreak after sshv1 purge
Upstream-Regress-ID: 8ea01a92d5f571b9fba88c1463a4254a7552d51b
|
|
Fix compression output stats broken in rev 1.201. Patch
originally by Russell Coker via Debian bug #797964 and Christoph Biedl. ok
djm@
Upstream-ID: 83a1903b95ec2e4ed100703debb4b4a313b01016
|
|
rationalise the long list of manual CDIAGFLAGS that we
add; most of these were redundant to -Wall -Wextra
Upstream-ID: ea80f445e819719ccdcb237022cacfac990fdc5c
|
|
no need to bzero allocated space now that we use use
recallocarray; ok deraadt@
Upstream-ID: 53333c62ccf97de60b8cb570608c1ba5ca5803c8
|
|
unconditionally zero init size of buffer; ok markus@
deraadt@
Upstream-ID: 218963e846d8f26763ba25afe79294547b99da29
|
|
|
|
some warnings spotted by clang; ok markus@
Upstream-ID: 24381d68ca249c5cee4388ceb0f383fa5b43991b
|
|
recallocarray() needs getpagesize() so add a tiny replacement for that.
|
|
|
|
fix casts re constness
Upstream-ID: e38f2bac162b37dbaf784d349c8327a6626fa266
|
|
make sure we don't pass a NULL string to vfprintf
(triggered by the principals-command regress test); ok bluhm
Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990
|
|
use SO_ZEROIZE for privsep communication (if available)
Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62
|
|
Switch to recallocarray() for a few operations. Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus
Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
|
|
These shutdown() SHUT_RDWR are not needed before close()
ok djm markus claudio
Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5
|
|
clear session keys from memory; ok djm@
Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f
|
|
remove now obsolete ctx from ssh_dispatch_run; ok djm@
Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
|
|
use the ssh_dispatch_run_fatal variant
Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8
|
|
another ctx => ssh conversion (in GSSAPI code)
Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0
|
|
git cvsimport missed this commit for some reason
|
|
spell out that custom options/extensions should follow the
usual SSH naming rules, e.g. "extension@example.com"
Upstream-ID: ab326666d2fad40769ec96b5a6de4015ffd97b8d
|
|
one more void *ctx => struct ssh *ssh conversion
Upstream-ID: d299d043471c10214cf52c03daa10f1c232759e2
|
|
fix possible OOB strlen() in SOCKS4A hostname parsing;
ok markus@
Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11
|
|
tweak previous;
Upstream-ID: 66987651046c42d142f7318c9695fb81a6d14031
|
|
Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line. This
command will be executed on the remote host. The feature allows to automate
tasks using ssh config. OK markus@
Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
|