summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-12-04upstream commitdjm@openbsd.org
basic pledge() for ssh-agent, more refinement needed Upstream-ID: 5b5b03c88162fce549e45e1b6dd833f20bbb5e13
2015-11-30Revert "stub for pledge(2) for systems that lack it"Damien Miller
This reverts commit 14c887c8393adde2d9fd437d498be30f8c98535c. dtucker beat me to it :/
2015-11-30revert 7d4c7513: bring back S/Key prototypesDamien Miller
(but leave RCSID changes)
2015-11-30stub for pledge(2) for systems that lack itDamien Miller
2015-11-30upstream commitdjm@openbsd.org
pledge, better fatal() messages; feedback deraadt@ Upstream-ID: 3e00f6ccfe2b9a7a2d1dbba5409586180801488f
2015-11-30upstream commitderaadt@openbsd.org
do not leak temp file if there is no known_hosts file from craig leres, ok djm Upstream-ID: c820497fd5574844c782e79405c55860f170e426
2015-11-30Add a null implementation of pledge.Darren Tucker
Fixes builds on almost everything.
2015-11-28upstream commitdjm@openbsd.org
don't include port number in tcpip-forward replies for requests that don't allocate a port; bz#2509 diagnosed by Ron Frederick ok markus Upstream-ID: 77efad818addb61ec638b5a2362f1554e21a970a
2015-11-28upstream commitderaadt@openbsd.org
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059
2015-11-28upstream commithalex@openbsd.org
allow comment change for all supported formats ok djm@ Upstream-ID: 5fc477cf2f119b2d44aa9c683af16cb00bb3744b
2015-11-20upstream commitdjm@openbsd.org
add cast to make -Werror clean Upstream-ID: 288db4f8f810bd475be01320c198250a04ff064d
2015-11-20fix multiple authentication using S/Key w/ privsepDamien Miller
bz#2502, patch from Kevin Korb and feandil_
2015-11-19upstream commitdjm@openbsd.org
ban ConnectionAttempts=0, it makes no sense and would cause ssh_connect_direct() to print an uninitialised stack variable; bz#2500 reported by dvw AT phas.ubc.ca Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5
2015-11-19upstream commitdjm@openbsd.org
trailing whitespace Upstream-ID: 31fe0ad7c4d08e87f1d69c79372f5e3c5cd79051
2015-11-19upstream commitdjm@openbsd.org
print host certificate contents at debug level Upstream-ID: 39354cdd8a2b32b308fd03f98645f877f540f00d
2015-11-19upstream commitdjm@openbsd.org
move the certificate validity formatting code to sshkey.[ch] Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523
2015-11-18upstream commitdjm@openbsd.org
fix "ssh-keygen -l" of private key, broken in support for multiple plain keys on stdin Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d
2015-11-17upstream commitmillert@openbsd.org
Replace remaining calls to index(3) with strchr(3). OK jca@ krw@ Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d
2015-11-17upstream commitdjm@openbsd.org
Allow fingerprinting from standard input "ssh-keygen -lf -" Support fingerprinting multiple plain keys in a file and authorized_keys files too (bz#1319) ok markus@ Upstream-ID: 903f8b4502929d6ccf53509e4e07eae084574b77
2015-11-17upstream commitdjm@openbsd.org
always call privsep_preauth_child() regardless of whether sshd was started by root; it does important priming before sandboxing and failing to call it could result in sandbox violations later; ok markus@ Upstream-ID: c8a6d0d56c42f3faab38460dc917ca0d1705d383
2015-11-17upstream commitdjm@openbsd.org
improve sshkey_read() semantics; only update *cpp when a key is successfully read; ok markus@ Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089
2015-11-17upstream commitlogan@openbsd.org
1) Use xcalloc() instead of xmalloc() to check for potential overflow. (Feedback from both mmcc@ and djm@) 2) move set_size just before the for loop. (suggested by djm@) OK djm@ Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213
2015-11-16upstream commitdjm@openbsd.org
Add a new authorized_keys option "restrict" that includes all current and future key restrictions (no-*-forwarding, etc). Also add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty". This simplifies the task of setting up restricted keys and ensures they are maximally-restricted, regardless of any permissions we might implement in the future. Example: restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1... Idea from Jann Horn; ok markus@ Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0
2015-11-16upstream commitjmc@openbsd.org
correct section number for ssh-agent; Upstream-ID: 44be72fd8bcc167635c49b357b1beea8d5674bd6
2015-11-16upstream commitjmc@openbsd.org
do not confuse mandoc by presenting "Dd"; Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65
2015-11-16upstream commitjcs@openbsd.org
Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@ Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
2015-11-16upstream commitdjm@openbsd.org
send SSH2_MSG_UNIMPLEMENTED replies to unexpected messages during KEX; bz#2949, ok dtucker@ Upstream-ID: 2b3abdff344d53c8d505f45c83a7b12e84935786
2015-11-16upstream commitdjm@openbsd.org
Support "none" as an argument for sshd_config ForceCommand and ChrootDirectory. Useful inside Match blocks to override a global default. bz#2486 ok dtucker@ Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5
2015-11-16upstream commitdjm@openbsd.org
support multiple certificates (one per line) and reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@ Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
2015-11-16upstream commitdjm@openbsd.org
list a couple more options usable in Match blocks; bz#2489 Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879
2015-11-16upstream commitdjm@openbsd.org
improve PEEK/POKE macros: better casts, don't multiply evaluate arguments; ok deraadt@ Upstream-ID: 9a1889e19647615ededbbabab89064843ba92d3e
2015-11-16upstream commitdjm@openbsd.org
remove prototypes for long-gone s/key support; ok dtucker@ Upstream-ID: db5bed3c57118af986490ab23d399df807359a79
2015-11-14read back from libcrypto RAND when privdroppingDamien Miller
makes certain libcrypto implementations cache a /dev/urandom fd in preparation of sandboxing. Based on patch by Greg Hartman.
2015-11-10Fix compiler warnings in the openssl header check.Darren Tucker
Noted by Austin English.
2015-11-09upstream commitjmc@openbsd.org
-c before -H, in SYNOPSIS and usage(); Upstream-ID: 25e8c58a69e1f37fcd54ac2cd1699370acb5e404
2015-11-09upstream commitdjm@openbsd.org
Add "ssh-keyscan -c ..." flag to allow fetching certificates instead of plain keys; ok markus@ Upstream-ID: 0947e2177dba92339eced9e49d3c5bf7dda69f82
2015-11-09upstream commitjmc@openbsd.org
remove slogin links; ok deraadt markus djm Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730
2015-11-09upstream commitdjm@openbsd.org
fix OOB read in packet code caused by missing return statement found by Ben Hawkes; ok markus@ deraadt@ Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
2015-11-09upstream commitmmcc@openbsd.org
1. rlogin and rsh are long gone 2. protocol version isn't of core relevance here, and v1 is going away ok markus@, deraadt@ Upstream-ID: 8b46bc94cf1ca7c8c1a75b1c958b2bb38d7579c8
2015-11-09upstream commitjmc@openbsd.org
"commandline" -> "command line", since there are so few examples of the former in the pages, so many of the latter, and in some of these pages we had multiple spellings; prompted by tj Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
2015-10-29(re)wrap SYS_sendsyslog in ifdef.Darren Tucker
Replace ifdef that went missing in commit c61b42f2678f21f05653ac2d3d241b48ab5d59ac. Fixes build on older OpenBSDs.
2015-10-29upstream commitdjm@openbsd.org
regress test for "PubkeyAcceptedKeyTypes +..." inside a Match block Upstream-Regress-ID: 246c37ed64a2e5704d4c158ccdca1ff700e10647
2015-10-29upstream commitdtucker@openbsd.org
Fix typo certopt->certopts in shell variable. This would cause the test to hang at a host key prompt if you have an A or CNAME for "proxy" in your local domain. Upstream-Regress-ID: 6ea03bcd39443a83c89e2c5606392ceb9585836a
2015-10-29upstream commitdjm@openbsd.org
Fix "PubkeyAcceptedKeyTypes +..." inside a Match block; ok dtucker@ Upstream-ID: 853662c4036730b966aab77684390c47b9738c69
2015-10-29upstream commitdjm@openbsd.org
fix execv arguments in a way less likely to cause grief for -portable; ok dtucker@ Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5
2015-10-29upstream commitdjm@openbsd.org
log certificate serial in verbose() messages to match the main auth success/fail message; ok dtucker@ Upstream-ID: dfc48b417c320b97c36ff351d303c142f2186288
2015-10-29upstream commitdjm@openbsd.org
avoid de-const warning & shrink; ok dtucker@ Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db
2015-10-29upstream commitdtucker@openbsd.org
Expand tildes in filenames passed to -i before checking whether or not the identity file exists. This means that if the shell doesn't do the expansion (eg because the option and filename were given as a single argument) then we'll still add the key. bz#2481, ok markus@ Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6
2015-10-29upstream commitdtucker@openbsd.org
Do not prepend "exec" to the shell command run by "Match exec" in a config file. It's an unnecessary optimization from repurposed ProxyCommand code and prevents some things working with some shells. bz#2471, pointed out by res at qoxp.net. ok markus@ Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3
2015-10-29Prevent name collisions with system glob (bz#2463)Darren Tucker
Move glob.h from includes.h to the only caller (sftp) and override the names for the symbols. This prevents name collisions with the system glob in the case where something other than ssh uses it (eg kerberos). With jjelen at redhat.com, ok djm@