summaryrefslogtreecommitdiff
path: root/readconf.c
AgeCommit message (Collapse)Author
2017-08-22Various Debian-specific configuration changesColin Watson
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication by default. sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable PrintMotd. sshd: Enable X11Forwarding. sshd: Set 'AcceptEnv LANG LC_*' by default. sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server. Document all of this. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2016-12-26 Patch-Name: debian-config.patch
2017-03-29Allow harmless group-writabilityColin Watson
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
2017-03-29Various keepalive extensionsRichard Kettlewell
Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported in previous versions of Debian's OpenSSH package but since superseded by ServerAliveInterval. (We're probably stuck with this bit for compatibility.) In batch mode, default ServerAliveInterval to five minutes. Adjust documentation to match and to give some more advice on use of keepalives. Author: Ian Jackson <ian@chiark.greenend.org.uk> Author: Matthew Vernon <matthew@debian.org> Author: Colin Watson <cjwatson@debian.org> Last-Update: 2016-12-26 Patch-Name: keepalive-extensions.patch
2017-03-29Accept obsolete ssh-vulnkey configuration optionsColin Watson
These options were used as part of Debian's response to CVE-2008-0166. Nearly six years later, we no longer need to continue carrying the bulk of that patch, but we do need to avoid failing when the associated configuration options are still present. Last-Update: 2014-02-09 Patch-Name: ssh-vulnkey-compat.patch
2017-03-29GSSAPI key exchange supportSimon Wilkinson
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2017-01-16 Patch-Name: gssapi.patch
2017-03-10upstream commitdjm@openbsd.org
better match sshd config parser behaviour: fatal() if line is overlong, increase line buffer to match sshd's; bz#2651 reported by Don Fong; ok dtucker@ Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18
2017-03-10upstream commitdtucker@openbsd.org
Plug mem leak on GLOB_NOMATCH case. From jjelen at redhat.com via bz#2687, ok djm@ Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d
2017-02-04upstream commitdjm@openbsd.org
support =- for removing methods from algorithms lists, e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like it" markus@ Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
2017-02-03upstream commitdjm@openbsd.org
allow form-feed characters at EOL; bz#2431 ok dtucker@ Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2
2017-01-30upstream commitdjm@openbsd.org
small cleanup post SSHv1 removal: remove SSHv1-isms in commented examples reorder token table to group deprecated and compile-time conditional tokens better fix config dumping code for some compile-time conditional options that weren't being correctly skipped (SSHv1 and PKCS#11) Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
2017-01-30upstream commitdjm@openbsd.org
some explicit NULL tests when dumping configured forwardings; from Karsten Weiss Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d
2017-01-30upstream commitdjm@openbsd.org
fix previous Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895
2017-01-30upstream commitdjm@openbsd.org
show a useful error message when included config files can't be opened; bz#2653, ok dtucker@ Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b
2016-10-26upstream commitjsg@openbsd.org
Fix logic in add_local_forward() that inverted a test when code was refactored out into bind_permitted(). This broke ssh port forwarding for non-priv ports as a non root user. ok dtucker@ 'looks good' deraadt@ Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9
2016-10-24upstream commitdtucker@openbsd.org
Factor out "can bind to low ports" check into its own function. This will make it easier for Portable to support platforms with permissions models other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" deraadt@. Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
2016-08-29upstream commitdjm@openbsd.org
remove superfluous NOTREACHED comment Upstream-ID: a7485c1f1be618e8c9e38fd9be46c13b2d03b90c
2016-07-22upstream commitdjm@openbsd.org
reverse the order in which -J/JumpHost proxies are visited to be more intuitive and document reported by and manpage bits naddy@ Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
2016-07-22upstream commitnaddy@openbsd.org
Do not clobber the global jump_host variables when parsing an inactive configuration. ok djm@ Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31
2016-07-15upstream commitdjm@openbsd.org
Add a ProxyJump ssh_config(5) option and corresponding -J ssh(1) command-line flag to allow simplified indirection through a SSH bastion or "jump host". These options construct a proxy command that connects to the specified jump host(s) (more than one may be specified) and uses port-forwarding to establish a connection to the next destination. This codifies the safest way of indirecting connections through SSH servers and makes it easy to use. ok markus@ Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
2016-06-08upstream commitdtucker@openbsd.org
Allow ExitOnForwardFailure and ClearAllForwardings to be overridden when using ssh -W (but still default to yes in that case). bz#2577, ok djm@. Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
2016-06-08upstream commitdtucker@openbsd.org
Move the host and port used by ssh -W into the Options struct. This will make future changes a bit easier. ok djm@ Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
2016-05-19upstream commitmarkus@openbsd.org
allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@ Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac
2016-05-05upstream commitmarkus@openbsd.org
IdentityAgent for specifying specific agent sockets; ok djm@ Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
2016-04-15upstream commitdjm@openbsd.org
Include directive for ssh_config(5); feedback & ok markus@ Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
2016-04-08Remove NO_IPPORT_RESERVED_CONCEPTDarren Tucker
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have the same effect without causing problems syncing patches with OpenBSD. Resync the two affected functions with OpenBSD. ok djm, sanity checked by Corinna.
2016-04-08upstream commitdjm@openbsd.org
don't record duplicate LocalForward and RemoteForward entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation where the same forwards are added on the second pass through the configuration file. bz#2562; ok dtucker@ Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
2016-02-09upstream commitdjm@openbsd.org
don't attempt to percent_expand() already-canonicalised addresses, avoiding unnecessary failures when attempting to connect to scoped IPv6 addresses (that naturally contain '%' characters) Upstream-ID: f24569cffa1a7cbde5f08dc739a72f4d78aa5c6a
2016-01-30upstream commitdtucker@openbsd.org
Allow RekeyLimits in excess of 4G up to 2**63 bits (limited by the return type of scan_scaled). Part of bz#2521, ok djm. Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
2016-01-27upstream commitmarkus@openbsd.org
remove roaming support; ok djm@ Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
2016-01-27upstream commitderaadt@openbsd.org
Disable experimental client-side roaming support. Server side was disabled/gutted for years already, but this aspect was surprisingly forgotten. Thanks for report from Qualys Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df
2016-01-15forcibly disable roaming support in the clientDamien Miller
2015-11-16upstream commitjcs@openbsd.org
Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@ Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
2015-10-29upstream commitdjm@openbsd.org
fix execv arguments in a way less likely to cause grief for -portable; ok dtucker@ Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5
2015-10-29upstream commitdjm@openbsd.org
avoid de-const warning & shrink; ok dtucker@ Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db
2015-10-29upstream commitdtucker@openbsd.org
Do not prepend "exec" to the shell command run by "Match exec" in a config file. It's an unnecessary optimization from repurposed ProxyCommand code and prevents some things working with some shells. bz#2471, pointed out by res at qoxp.net. ok markus@ Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3
2015-10-08upstream commitdjm@openbsd.org
include PubkeyAcceptedKeyTypes in ssh -G config dump Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb
2015-10-06upstream commitdjm@openbsd.org
add ssh_config CertificateFile option to explicitly list a certificate; patch from Meghana Bhat on bz#2436; ok markus@ Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
2015-08-22upstream commitdjm@openbsd.org
Fix printing (ssh -G ...) of HostKeyAlgorithms=+... Reported by Bryan Drewery Upstream-ID: 19ad20c41bd5971e006289b6f9af829dd46c1293
2015-07-30upstream commitdjm@openbsd.org
Allow ssh_config and sshd_config kex parameters options be prefixed by a '+' to indicate that the specified items be appended to the default rather than replacing it. approach suggested by dtucker@, feedback dlg@, ok markus@ Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
2015-07-15upstream commitmarkus@openbsd.org
Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@ Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
2015-06-27upstream commitdjm@openbsd.org
Fix \-escaping bug that caused forward path parsing to skip two characters and skip past the end of the string. Based on patch by Salvador Fandino; ok dtucker@ Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd
2015-05-22upstream commitdjm@openbsd.org
Reorder EscapeChar option parsing to avoid a single-byte out- of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@ Upstream-ID: 1dc6b5b63d1c8d9a88619da0b27ade461d79b060
2015-05-10upstream commitdjm@openbsd.org
Remove pattern length argument from match_pattern_list(), we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
2015-04-29upstream commitderaadt@openbsd.org
rename xrealloc() to xreallocarray() since it follows that form. ok djm
2015-03-30upstream commitdjm@openbsd.org
fix uninitialised memory read when parsing a config file consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok dtucker
2015-02-17upstream commitdjm@openbsd.org
Revise hostkeys@openssh.com hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
2015-02-03upstream commitdjm@openbsd.org
turn UpdateHostkeys off by default until I figure out mlarkin@'s warning message; requested by deraadt@
2015-01-30upstream commitdjm@openbsd.org
Add a ssh_config HostbasedKeyType option to control which host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
2015-01-27upstream commitdjm@openbsd.org
Host key rotation support. Add a hostkeys@openssh.com protocol extension (global request) for a server to inform a client of all its available host key after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default on). ok markus@
2015-01-16upstream commitderaadt@openbsd.org
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)