Age | Commit message (Collapse) | Author |
|
|
|
|
|
get_remote_ipaddr() was replaced with ssh_remote_ipaddr()
|
|
|
|
openssh-7.3
Upstream-ID: af106a7eb665f642648cf1993e162c899f358718
|
|
|
|
|
|
than the above for systemd users, but I'm wary of depending on it in case I cause an assortment of exciting dependency problems on upgrade for non-systemd users.
|
|
|
|
Patch from vinschen at redhat.com.
|
|
fix pledge violation with ssh -f; reported by Valentin
Kozamernik ok dtucker@
Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa
|
|
improve wording; suggested by jmc@
Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8
|
|
Lower loglevel for "Authenticated with partial success"
message similar to other similar level. bz#2599, patch from cgallek at
gmail.com, ok markus@
Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd
|
|
|
|
|
|
#823827).
|
|
serves to terminate SSH sessions cleanly if systemd doesn't do that itself, often because libpam-systemd is not installed (thanks, Vivek Das Mohapatra, Tom Hutter, and others; closes: #751636).
|
|
when not in debug mode or when logging to a file or syslog (closes: #714526).
|
|
close ControlPersist background process stderr when not
in debug mode or when logging to a file or syslog. bz#1988 ok dtucker
Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=d2d6bf864e52af8491a60dd507f85b74361f5da3
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1988
Bug-Debian: https://bugs.debian.org/714526
Last-Update: 2016-07-22
Patch-Name: control-persist-close-stderr.patch
|
|
|
|
|
|
If the root account is locked (eg password "!!" or "*LK*") keep looking
until we find a user with a valid salt to use for crypting passwords of
invalid users. ok djm@
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc
Bug-Debian: https://bugs.debian.org/831902
Last-Update: 2016-07-22
Patch-Name: CVE-2016-6210-3.patch
|
|
When sshd decides to not allow a login (eg PermitRootLogin=no) and
it's using PAM, it sends a fake password to PAM so that the timing for
the failure is not noticeably different whether or not the password
is correct. This behaviour can be detected by sending a very long
password string which is slower to hash than the fake password.
Mitigate by constructing an invalid password that is the same length
as the one from the client and thus takes the same time to hash.
Diff from djm@
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946
Bug-Debian: https://bugs.debian.org/831902
Last-Update: 2016-07-22
Patch-Name: CVE-2016-6210-2.patch
|
|
When sshd is processing a non-PAM login for a non-existent user it uses
the string from the fakepw structure as the salt for crypt(3)ing the
password supplied by the client. That string has a Blowfish prefix, so on
systems that don't understand that crypt will fail fast due to an invalid
salt, and even on those that do it may have significantly different timing
from the hash methods used for real accounts (eg sha512). This allows
user enumeration by, eg, sending large password strings. This was noted
by EddieEzra.Harari at verint.com (CVE-2016-6210).
To mitigate, use the same hash algorithm that root uses for hashing
passwords for users that do not exist on the system. ok djm@
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc
Bug-Debian: https://bugs.debian.org/831902
Last-Update: 2016-07-22
Patch-Name: CVE-2016-6210-1.patch
|
|
patch from Jakub Jelen on bz#2581; ok dtucker@
|
|
constify a few functions' arguments; patch from Jakub
Jelen bz#2581
Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d
|
|
move debug("%p", key) to before key is free'd; probable
undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581
Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a
|
|
reverse the order in which -J/JumpHost proxies are visited to
be more intuitive and document
reported by and manpage bits naddy@
Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
|
|
Skip passwords longer than 1k in length so clients can't
easily DoS sshd by sending very long passwords, causing it to spend CPU
hashing them. feedback djm@, ok markus@.
Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
360.cn and coredump at autistici.org
Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333
|
|
Do not clobber the global jump_host variables when
parsing an inactive configuration. ok djm@
Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31
|
|
tweak previous;
Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534
|
|
Allow wildcard for PermitOpen hosts as well as ports.
bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok
markus@
Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
|
|
Reduce timing attack against obsolete CBC modes by always
computing the MAC over a fixed size of data. Reported by Jean Paul
Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@
Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912
|
|
If the root account is locked (eg password "!!" or "*LK*") keep looking
until we find a user with a valid salt to use for crypting passwords of
invalid users. ok djm@
|
|
Since adding $(REGRESSLIBS), $? is wrong because it includes only the
changed source files. $< seems like it'd be right however it doesn't
seem to work on some non-GNU makes, so do what works everywhere.
|
|
|
|
We now have a shared implementation in libopenbsd-compat.
|
|
Add some unsigned overflow checks for extra_pad. None of
these are reachable with the amount of padding that we use internally.
bz#2566, pointed out by Torben Hansen. ok markus@
Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76
|
|
Makes "./configure && make tests" work again. ok djm@
|
|
|
|
bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer
password and keyboard-interative authentication methods. Should prevent
"sshd ignoring max retries" warnings in the log. ok djm@
It probably won't trigger with keyboard-interactive in the default
configuration because the retry counter is stored in module-private
storage which goes away with the sshd PAM process (see bz#688). On the
other hand, those cases probably won't log a warning either.
|
|
support UTF-8 characters in ssh(1) banners using
schwarze@'s safe fmprintf printer; bz#2058
feedback schwarze@ ok dtucker@
Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7
|
|
- add proxyjump to the options list - formatting fixes -
update usage()
ok djm
Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457
|
|
Reduce the syslog level of some relatively common protocol
events from LOG_CRIT by replacing fatal() calls with logdie(). Part of
bz#2585, ok djm@
Upstream-ID: 9005805227c94edf6ac02a160f0e199638d288e5
|
|
|
|
|
|
Some AIX compilers unconditionally undefine va_copy but don't set it back
to an internal function, causing link errors. In some compat code we
already use VA_COPY instead so move the two existing instances into the
shared header and use for sshbuf-getput-basic.c too. Should fix building
with at lease some versions of AIX's compiler. bz#2589, ok djm@
|
|
bz#2466 ok dtucker@
|
|
|
|
The hmac-ripemd160 was incorrect and could lead to broken
Makefiles on systems that lacked support for it, but I made
all the others consistent too.
|