summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-08-06upstream commitdjm@openbsd.org
adjust for RSA minimum modulus switch; ok deraadt@ Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae
2015-08-05upstream commitdjm@openbsd.org
backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this release; problems spotted by sthen@ ok deraadt@ markus@ Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822
2015-08-02upstream commitdjm@openbsd.org
openssh 7.0; ok deraadt@ Upstream-ID: c63afdef537f57f28ae84145c5a8e29e9250221f
2015-08-02upstream commitchris@openbsd.org
Allow PermitRootLogin to be overridden by config ok markus@ deeradt@ Upstream-ID: 5cf3e26ed702888de84e2dc9d0054ccf4d9125b4
2015-08-02upstream commitdjm@openbsd.org
fix pty permissions; patch from Nikolay Edigaryev; ok deraadt Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550
2015-08-02upstream commitderaadt@openbsd.org
change default: PermitRootLogin without-password matching install script changes coming as well ok djm markus Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6
2015-07-30downgrade OOM adjustment logging: verbose -> debugDamien Miller
2015-07-30upstream commitdjm@openbsd.org
Allow ssh_config and sshd_config kex parameters options be prefixed by a '+' to indicate that the specified items be appended to the default rather than replacing it. approach suggested by dtucker@, feedback dlg@, ok markus@ Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
2015-07-29upstream commitdjm@openbsd.org
fix bug in previous; was printing incorrect string for failed host key algorithms negotiation Upstream-ID: 22c0dc6bc61930513065d92e11f0753adc4c6e6e
2015-07-29upstream commitdjm@openbsd.org
include the peer's offer when logging a failure to negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok markus@ Upstream-ID: bbb8caabf5c01790bb845f5ce135565248d7c796
2015-07-29upstream commitdjm@openbsd.org
add Cisco to the list of clients that choke on the hostkeys update extension. Pointed out by Howard Kash Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84
2015-07-29upstream commitguenther@openbsd.org
Permit kbind(2) use in the sandbox now, to ease testing of ld.so work using it reminded by miod@, ok deraadt@ Upstream-ID: 523922e4d1ba7a091e3824e77a8a3c818ee97413
2015-07-21upstream commitmillert@openbsd.org
Move .Pp before .Bl, not after to quiet mandoc -Tlint. Noticed by jmc@ Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23
2015-07-21upstream commitmillert@openbsd.org
Sync usage with SYNOPSIS Upstream-ID: 7a321a170181a54f6450deabaccb6ef60cf3f0b7
2015-07-21upstream commitmillert@openbsd.org
Better desciption of Unix domain socket forwarding. bz#2423; ok jmc@ Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d
2015-07-20make realpath.c compile -Wsign-compare cleanDamien Miller
2015-07-20upstream commitdjm@openbsd.org
mention that the default of UseDNS=no implies that hostnames cannot be used for host matching in sshd_config and authorized_keys; bz#2045, ok dtucker@ Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1
2015-07-20upstream commitdjm@openbsd.org
don't ignore PKCS#11 hosted keys that return empty CKA_ID; patch by Jakub Jelen via bz#2429; ok markus Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485
2015-07-20upstream commitdjm@openbsd.org
skip uninitialised PKCS#11 slots; patch from Jakub Jelen in bz#2427 ok markus@ Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29
2015-07-20upstream commitdjm@openbsd.org
only query each keyboard-interactive device once per authentication request regardless of how many times it is listed; ok markus@ Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1
2015-07-17upstream commitdjm@openbsd.org
remove -u flag to diff (only used for error output) to make things easier for -portable Upstream-Regress-ID: a5d6777d2909540d87afec3039d9bb2414ade548
2015-07-17upstream commitdjm@openbsd.org
direct-streamlocal@openssh.com Unix domain foward messages do not contain a "reserved for future use" field and in fact, serverloop.c checks that there isn't one. Remove erroneous mention from PROTOCOL description. bz#2421 from Daniel Black Upstream-ID: 3d51a19e64f72f764682f1b08f35a8aa810a43ac
2015-07-17upstream commitdjm@openbsd.org
describe magic for setting up Unix domain socket fowards via the mux channel; bz#2422 patch from Daniel Black Upstream-ID: 943080fe3864715c423bdeb7c920bb30c4eee861
2015-07-17Check if realpath works on nonexistent files.Darren Tucker
On some platforms the native realpath doesn't work with non-existent files (this is actually specified in some versions of POSIX), however the sftp spec says its realpath with "canonicalize any given path name". On those platforms, use realpath from the compat library. In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines the realpath symbol to the checked version, so redefine ours to something else so we pick up the compat version we want. bz#2428, ok djm@
2015-07-17upstream commitdjm@openbsd.org
fix incorrect test for SSH1 keys when compiled without SSH1 support Upstream-ID: 6004d720345b8e481c405e8ad05ce2271726e451
2015-07-15upstream commitdjm@openbsd.org
fix NULL-deref when SSH1 reenabled Upstream-ID: f22fd805288c92b3e9646782d15b48894b2d5295
2015-07-15upstream commitdjm@openbsd.org
regen RSA1 test keys; the last batch was missing their private parts Upstream-Regress-ID: 7ccf437305dd63ff0b48dd50c5fd0f4d4230c10a
2015-07-15upstream commitmarkus@openbsd.org
Adapt tests, now that DSA if off by default; use PubkeyAcceptedKeyTypes and PubkeyAcceptedKeyTypes to test DSA. Upstream-Regress-ID: 0ff2a3ff5ac1ce5f92321d27aa07b98656efcc5c
2015-07-15upstream commitmarkus@openbsd.org
regen test data after mktestdata.sh changes Upstream-Regress-ID: 3495ecb082b9a7c048a2d7c5c845d3bf181d25a4
2015-07-15upstream commitmarkus@openbsd.org
adapt tests to new minimum RSA size and default FP format Upstream-Regress-ID: a4b30afd174ce82b96df14eb49fb0b81398ffd0e
2015-07-15upstream commitdjm@openbsd.org
legacy v00 certificates are gone; adapt and don't try to test them; "sure" markus@ dtucker@ Upstream-Regress-ID: c57321e69b3cd4a3b3396dfcc43f0803d047da12
2015-07-15upstream commitdjm@openbsd.org
don't expect SSH v.1 in unittests Upstream-Regress-ID: f8812b16668ba78e6a698646b2a652b90b653397
2015-07-15upstream commitdjm@openbsd.org
turn SSH1 back on to match src/usr.bin/ssh being tested Upstream-Regress-ID: 6c4f763a2f0cc6893bf33983919e9030ae638333
2015-07-15upstream commitdtucker@openbsd.org
Add "PuTTY_Local:" to the clients to which we do not offer DH-GEX. This was the string that was used for development versions prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately there are some extant products based on those versions. bx2424 from Jay Rouman, ok markus@ djm@ Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5
2015-07-15upstream commitmarkus@openbsd.org
Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@ Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
2015-07-15upstream commitmarkus@openbsd.org
re-enable ed25519-certs if compiled w/o openssl; ok djm Upstream-ID: e10c90808b001fd2c7a93778418e9b318f5c4c49
2015-07-15upstream commitmarkus@openbsd.org
no need to include the old buffer/key API Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b
2015-07-15upstream commitmarkus@openbsd.org
typedefs for Cipher&CipherContext are unused Upstream-ID: 50e6a18ee92221d23ad173a96d5b6c42207cf9a7
2015-07-15upstream commitmarkus@openbsd.org
xmalloc.h is unused Upstream-ID: afb532355b7fa7135a60d944ca1e644d1d63cb58
2015-07-15upstream commitmarkus@openbsd.org
compress.c is gone Upstream-ID: 174fa7faa9b9643cba06164b5e498591356fbced
2015-07-15upstream commitdjm@openbsd.org
another SSH_RSA_MINIMUM_MODULUS_SIZE that needed cranking Upstream-ID: 9d8826cafe96aab4ae8e2f6fd22800874b7ffef1
2015-07-15upstream commitdjm@openbsd.org
add an XXX reminder for getting correct key paths from sshd_config Upstream-ID: feae52b209d7782ad742df04a4260e9fe41741db
2015-07-15upstream commitdjm@openbsd.org
refuse to generate or accept RSA keys smaller than 1024 bits; feedback and ok dtucker@ Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
2015-07-15upstream commitdjm@openbsd.org
turn off 1024 bit diffie-hellman-group1-sha1 key exchange method (already off in server, this turns it off in the client by default too) ok dtucker@ Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa
2015-07-15upstream commitdjm@openbsd.org
delete support for legacy v00 certificates; "sure" markus@ dtucker@ Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
2015-07-15upstream commitdjm@openbsd.org
Compile-time disable SSH v.1 again Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af
2015-07-15upstream commitdjm@openbsd.org
twiddle PermitRootLogin back Upstream-ID: 2bd23976305d0512e9f84d054e1fc23cd70b89f2
2015-07-01upstream commitdjm@openbsd.org
twiddle; (this commit marks the openssh-6.9 release) Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234
2015-07-01upstream commitdjm@openbsd.org
better refuse ForwardX11Trusted=no connections attempted after ForwardX11Timeout expires; reported by Jann Horn Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21
2015-07-01upstream commitdjm@openbsd.org
put back default PermitRootLogin=no Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728