Age | Commit message (Collapse) | Author |
|
[ssh.1 ssh.c]
When forking after authentication ("ssh -f") with ExitOnForwardFailure
enabled, delay the fork until after replies for any -R forwards have
been seen. Allows for robust detection of -R forward failure when
using -f (similar to bz#92); ok dtucker@
|
|
[auth2.c]
really really remove the freebie "none" auth try for protocol 2
|
|
[auth2-none.c auth2.c]
Make protocol 2 MaxAuthTries behaviour a little more sensible:
Check whether client has exceeded MaxAuthTries before running
an authentication method and skip it if they have, previously it
would always allow one try (for "none" auth).
Preincrement failure count before post-auth test - previously this
checked and postincremented, also to allow one "none" try.
Together, these two changes always count the "none" auth method
which could be skipped by a malicious client (e.g. an SSH worm)
to get an extra attempt at a real auth method. They also make
MaxAuthTries=0 a useful way to block users entirely (esp. in a
sshd_config Match block).
Also, move sending of any preauth banner from "none" auth method
to the first call to input_userauth_request(), so worms that skip
the "none" method get to see it too.
|
|
[auth-rsa.c auth.c auth2-pubkey.c auth.h]
Merge duplicate host key file checks, based in part on a patch from Rob
Holland via bz #1348 . Also checks for non-regular files during protocol
1 RSA auth. ok djm@
|
|
[sshd_config sshd_config.5 sshd.8 servconf.c]
increase default size of ssh protocol 1 ephemeral key from 768 to 1024
bits; prodded by & ok dtucker@ ok deraadt@
|
|
[PROTOCOL.agent]
fix some typos; ok djm@
|
|
[sshconnect.c sshd.c]
Send CR LF during protocol banner exchanges, but only for Protocol 2 only,
in order to comply with RFC 4253. bz #1443, ok djm@
|
|
[sshconnect.c]
Check ExitOnForwardFailure if forwardings are disabled due to a failed
host key check. ok djm@
|
|
[PROTOCOL]
clarify that eow@openssh.com is only sent on session channels
|
|
[nchan.c]
only send eow@openssh.com notifications for session channels; ok! markus@
|
|
[serverloop.c]
only pass channel requests on session channels through to the session
channel handler, avoiding spurious log messages; ok! markus@
|
|
[PROTOCOL.agent]
typo: s/constraint_date/constraint_data/
|
|
|
|
[regress/Makefile regress/test-exec.sh regress/conch-ciphers.sh]
very basic regress test against Twisted Conch in "make interop"
target (conch is available in ports/devel/py-twisted/conch);
ok markus@
|
|
[Makefile]
Don't run cipher-speed test by default; mistakenly enabled by me
|
|
[regress/Makefile regress/key-options.sh]
Add regress test for key options. ok djm@
|
|
[PROTOCOL PROTOCOL.agent]
document the protocol used by ssh-agent; "looks ok" markus@
|
|
[ssh-agent.c]
reset global compat flag after processing a protocol 2 signature
request with the legacy DSA encoding flag set; ok markus
|
|
[ssh-agent.c]
refuse to add a key that has unknown constraints specified;
ok markus
|
|
[PROTOCOL]
spelling fixes
|
|
[ssh.1]
add VisualHostKey to the list of options listed in -o;
|
|
[readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
Move SSH Fingerprint Visualization away from sharing the config option
CheckHostIP to an own config option named VisualHostKey.
While there, fix the behaviour that ssh would draw a random art picture
on every newly seen host even when the option was not enabled.
prodded by deraadt@, discussions,
help and ok markus@ djm@ dtucker@
|
|
[dh.c dh.h moduli.c]
when loading moduli from /etc/moduli in sshd(8), check that they
are of the expected "safe prime" structure and have had
appropriate primality tests performed;
feedback and ok dtucker@
|
|
[sftp-client.c sftp-server.c]
allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
bits. Note that this only affects explicit setting of modes (e.g. via
sftp(1)'s chmod command) and not file transfers. (bz#1310)
ok deraadt@ at c2k8
|
|
[key.c]
add key length to visual fingerprint; zap magical constants;
ok grunk@ djm@
|
|
- martynas@cvs.openbsd.org 2008/06/21 07:46:46
[sftp.c]
use optopt to get invalid flag, instead of return value of getopt,
which is always '?'; ok djm@
|
|
RFC.nroff lacks a license, remove it (it is long gone in OpenBSD).
|
|
[contrib/suse/openssh.spec] Include moduli.5 in RPM spec files.
|
|
(bz#1372)
|
|
|
|
[session.c channels.c]
Rename the isatty argument to is_tty so we don't shadow
isatty(3). ok markus@
|
|
[channels.c channels.h session.c]
don't call isatty() on a pty master, instead pass a flag down to
channel_set_fds() indicating that te fds refer to a tty. Fixes a
hang on exit on Solaris (bz#1463) in portable but is actually
a generic bug; ok dtucker deraadt markus
|
|
[servconf.c sshd_config.5]
Allow MaxAuthTries within a Match block. ok djm@
|
|
[sshd_config.5]
MaxSessions is allowed in a Match block too
|
|
[scp.1]
Mention that scp follows symlinks during -r. bz #1466,
from nectar at apple
|
|
[session.c]
suppress the warning message from chdir(homedir) failures
when chrooted (bz#1461); ok dtucker
|
|
[sshd.c]
ensure default umask disallows at least group and world write; ok djm@
|
|
- dtucker@cvs.openbsd.org 2008/06/14 15:49:48
[sshd.c]
wrap long line at 80 chars
|
|
|
|
replacement code; patch from ighighi AT gmail.com in bz#1240;
ok dtucker
|
|
despite its name doesn't seem to implement all of GSSAPI. Patch from
Jan Engelhardt, sanity checked by Simon Wilkinson.
|
|
[ssh.1]
Explain the use of SSH fpr visualization using random art, and cite the
original scientific paper inspiring that technique.
Much help with English and nroff by jmc@, thanks.
|
|
[scp.c]
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
|
[mux.c]
Friendlier error messages for mux fallback. ok djm@
|
|
[auth2-pubkey.c auth-rhosts.c]
Include unistd.h for close(), prevents warnings in -portable
|
|
[monitor.c]
Clear key options in the monitor on failed authentication, prevents
applying additional restrictions to non-pubkey authentications in
the case where pubkey fails but another method subsequently succeeds.
bz #1472, found by Colin Watson, ok markus@ djm
|
|
[packet.c]
compile on older gcc; no decl after code
|
|
compiler warnings on some platforms. Based on a discussion with otto@
|
|
[auth2-pubkey.c auth-rhosts.c]
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
regular files; report from Solar Designer via Colin Watson in bz#1471
ok dtucker@ deraadt@
|
|
[misc.c]
upcast uid to long with matching %ld, prevents warnings in portable
|