| Age | Commit message (Collapse) | Author |
|---|
|
[ssh.1]
finally ssh synopsis looks nice again! this commit just removes a ton of
hacks we had in place to make it work with old groff;
|
|
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
[ssh-rsa.c]
s/timing_safe_cmp/timingsafe_bcmp/g
|
|
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
[packet.c ssh-rsa.c]
implement a timing_safe_cmp() function to compare memory without leaking
timing information by short-circuiting like memcmp() and use it for
some of the more sensitive comparisons (though nothing high-value was
readily attackable anyway); "looks ok" markus@
|
|
[ssh.c ssh_config.5]
expand %h to the hostname in ssh_config Hostname options. While this
sounds useless, it is actually handy for working with unqualified
hostnames:
Host *.*
Hostname %h
Host *
Hostname %h.example.org
"I like it" markus@
|
|
[ssh.c]
Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
for protocol 2. ok markus@
|
|
[misc.c]
unbreak strdelim() skipping past quoted strings, e.g.
AllowUsers "blah blah" blah
was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
ok dtucker;
|
|
(line 77) should have been for no_x11_askpass.
|
|
[cert-userkey.sh]
regress tests for key options in AuthorizedPrincipals
|
|
[Makefile]
fix how we run the tests so we can successfully use SUDO='sudo -E'
in our env
|
|
[scp.c]
Fix a longstanding problem where if you suspend scp at the
password/passphrase prompt the terminal mode is not restored.
OK djm@
|
|
[sshd_config.5]
tweak previous;
|
|
[ssh-keygen.c]
sort usage();
|
|
[ssh-keygen.1]
tweak previous;
|
|
[auth2-pubkey.c sshd_config.5]
allow key options (command="..." and friends) in AuthorizedPrincipals;
ok markus@
|
|
[ssh-keygen.1 ssh-keygen.c]
allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
bz#1749; ok markus@
|
|
[ssh.c]
oops, forgot to #include <canohost.h>; spotted and patch from chl@
|
|
[ssh_config.5]
tweak previous;
|
|
key.h.
|
|
[ssh.c]
log the hostname and address that we connected to at LogLevel=verbose
after authentication is successful to mitigate "phishing" attacks by
servers with trusted keys that accept authentication silently and
automatically before presenting fake password/passphrase prompts;
"nice!" markus@
|
|
[ssh.c]
log the hostname and address that we connected to at LogLevel=verbose
after authentication is successful to mitigate "phishing" attacks by
servers with trusted keys that accept authentication silently and
automatically before presenting fake password/passphrase prompts;
"nice!" markus@
|
|
[auth1.c auth2-none.c]
skip the initial check for access with an empty password when
PermitEmptyPasswords=no; bz#1638; ok markus@
|
|
[channels.c session.c]
bz#1750: fix requirement for /dev/null inside ChrootDirectory for
internal-sftp accidentally introduced in r1.253 by removing the code
that opens and dup /dev/null to stderr and modifying the channels code
to read stderr but discard it instead; ok markus@
|
|
[channels.c mux.c readconf.c readconf.h ssh.h]
bz#1327: remove hardcoded limit of 100 permitopen clauses and port
forwards per direction; ok markus@ stevesk@
|
|
[ssh-keygen.c]
fix printing of extensions in v01 certificates that I broke in r1.190
|
|
[session.c]
include the user name on "subsystem request for ..." log messages;
bz#1571; ok dtucker@
|
|
[ssh-keyscan.c]
replace verbose and overflow-prone Linebuf code with read_keyfile_line()
based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
|
|
[auth.c]
queue auth debug messages for bad ownership or permissions on the user's
keyfiles. These messages will be sent after the user has successfully
authenticated (where our client will display them with LogLevel=debug).
|
|
[ssh-keygen.c]
standardise error messages when attempting to open private key
files to include "progname: filename: error reason"
bz#1783; ok dtucker@
|
|
[servconf.c sshd_config.5]
expose some more sshd_config options inside Match blocks:
AuthorizedKeysFile AuthorizedPrincipalsFile
HostbasedUsesNameFromPacketOnly PermitTunnel
bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
|
|
[sftp-client.c]
fix memory leak in do_realpath() error path; bz#1771, patch from
anicka AT suse.cz
|
|
[session.c]
Missing check for chroot_director == "none" (we already checked against
NULL); bz#1564 from Jan.Pechanec AT Sun.COM
|
|
[sftp.c]
unbreak ls in working directories that contains globbing characters in
their pathnames. bz#1655 reported by vgiffin AT apple.com
|
|
[mux.c]
Correct sizing of object to be allocated by calloc(), replacing
sizeof(state) with sizeof(*state). This worked by accident since
the struct contained a single int at present, but could have broken
in the future. patch from hyc AT symas.com
|
|
[ssh-pkcs11.c]
check length of value returned C_GetAttributValue for != 0
from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/05/21 05:00:36
[misc.c]
colon() returns char*, so s/return (0)/return NULL/
|
|
bz#1579; ok dtucker
|
|
rather than assuming that $CWD == $HOME. bz#1500, patch from
timothy AT gelter.com
|
|
minires-devel package, and to add the reference to the libedit-devel
package since CYgwin now provides libedit. Patch from Corinna Vinschen.
|
|
[PROTOCOL.certkeys auth-options.c ssh-keygen.c]
Move the permit-* options to the non-critical "extensions" field for v01
certificates. The logic is that if another implementation fails to
implement them then the connection just loses features rather than fails
outright.
ok markus@
|
|
[auth2-pubkey.c]
fix logspam when key options (from="..." especially) deny non-matching
keys; reported by henning@ also bz#1765; ok markus@ dtucker@
|
|
[PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
mux support for remote forwarding with dynamic port allocation,
use with
LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
feedback and ok djm@
|
|
[channels.c channels.h mux.c ssh.c]
Pause the mux channel while waiting for reply from aynch callbacks.
Prevents misordering of replies if new requests arrive while waiting.
Extend channel open confirm callback to allow signalling failure
conditions as well as success. Use this to 1) fix a memory leak, 2)
start using the above pause mechanism and 3) delay sending a success/
failure message on mux slave session open until we receive a reply from
the server.
motivated by and with feedback from markus@
|
|
[ssh-add.c]
check that the certificate matches the corresponding private key before
grafting it on
|
|
[auth-rsa.c]
don't accept certificates marked as "cert-authority" here; ok markus@
|
|
[regress/Makefile regress/cert-userkey.sh]
regress tests for AuthorizedPrincipalsFile and "principals=" key option.
feedback and ok markus@
|
|
libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
already. ok dtucker@
|
|
circular dependency problem on old or odd platforms. From Tom Lane, ok
djm@.
|
|
[sshd_config.5]
tweak previous;
|
|
[auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
[key.c servconf.c servconf.h sshd.8 sshd_config.5]
add some optional indirection to matching of principal names listed
in certificates. Currently, a certificate must include the a user's name
to be accepted for authentication. This change adds the ability to
specify a list of certificate principal names that are acceptable.
When authenticating using a CA trusted through ~/.ssh/authorized_keys,
this adds a new principals="name1[,name2,...]" key option.
For CAs listed through sshd_config's TrustedCAKeys option, a new config
option "AuthorizedPrincipalsFile" specifies a per-user file containing
the list of acceptable names.
If either option is absent, the current behaviour of requiring the
username to appear in principals continues to apply.
These options are useful for role accounts, disjoint account namespaces
and "user@realm"-style naming policies in certificates.
feedback and ok markus@
|
|
[sftp.c]
restore mput and mget which got lost in the tab-completion changes.
found by Kenneth Whitaker, ok djm@
|
