| Age | Commit message (Collapse) | Author |
|---|
|
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be
group-writable, provided that the group in question contains only the file's
owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding
about the contents of gr->gr_mem). Given that per-user groups and umask 002
are the default setup in Debian (for good reasons - this makes operating in
setgid directories with other groups much easier), we need to permit this by
default.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
Last-Update: 2017-10-04
Patch-Name: user-group-modes.patch
|
|
Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported
in previous versions of Debian's OpenSSH package but since superseded by
ServerAliveInterval. (We're probably stuck with this bit for
compatibility.)
In batch mode, default ServerAliveInterval to five minutes.
Adjust documentation to match and to give some more advice on use of
keepalives.
Author: Ian Jackson <ian@chiark.greenend.org.uk>
Author: Matthew Vernon <matthew@debian.org>
Author: Colin Watson <cjwatson@debian.org>
Last-Update: 2017-10-04
Patch-Name: keepalive-extensions.patch
|
|
These options were used as part of Debian's response to CVE-2008-0166.
Nearly six years later, we no longer need to continue carrying the bulk
of that patch, but we do need to avoid failing when the associated
configuration options are still present.
Last-Update: 2014-02-09
Patch-Name: ssh-vulnkey-compat.patch
|
|
This patch has been rejected upstream: "None of the OpenSSH developers are
in favour of adding this, and this situation has not changed for several
years. This is not a slight on Simon's patch, which is of fine quality, but
just that a) we don't trust GSSAPI implementations that much and b) we don't
like adding new KEX since they are pre-auth attack surface. This one is
particularly scary, since it requires hooks out to typically root-owned
system resources."
However, quite a lot of people rely on this in Debian, and it's better to
have it merged into the main openssh package rather than having separate
-krb5 packages (as we used to have). It seems to have a generally good
security history.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
Last-Updated: 2017-10-04
Patch-Name: gssapi.patch
|
|
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@
OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
|
|
command-line argument to ssh(1) that directs it to bind its outgoing
connection to the address of the specified network interface.
BindInterface prefers to use addresses that aren't loopback or link-
local, but will fall back to those if no other addresses of the
required family are available on that interface.
Based on patch by Mike Manning in bz#2820, ok dtucker@
OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713
|
|
Replace atoi and strtol conversions for integer arguments
to config keywords with a checking wrapper around strtonum. This will
prevent and flag invalid and negative arguments to these keywords. ok djm@
OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
|
|
Add URI support to ssh, sftp and scp. For example
ssh://user@host or sftp://user@host/path. The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type. OK djm@
Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
|
|
Add 'reverse' dynamic forwarding which combines dynamic
forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
expects SOCKS-requests.
The SSH server code is unchanged and the parsing happens at the SSH
clients side. Thus the full SOCKS-request is sent over the forwarded
channel and the client parses c->output. Parsing happens in
channel_before_prepare_select(), _before_ the select bitmask is
computed in the pre[] handlers, but after network input processing
in the post[] handlers.
help and ok djm@
Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
|
|
Expand ssh_config's StrictModes option with two new
settings:
StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connections for changed or invalid hostkeys.
StrictModes=off is the same as StrictModes=no
Motivation:
StrictModes=no combines two behaviours for host key processing:
automatically learning new hostkeys and continuing to connect to hosts
with invalid/changed hostkeys. The latter behaviour is quite dangerous
since it removes most of the protections the SSH protocol is supposed to
provide.
Quite a few users want to automatically learn hostkeys however, so
this makes that feature available with less danger.
At some point in the future, StrictModes=no will change to be a synonym
for accept-new, with its current behaviour remaining available via
StrictModes=off.
bz#2400, suggested by Michael Samuel; ok markus
Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
|
|
Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line. This
command will be executed on the remote host. The feature allows to automate
tasks using ssh config. OK markus@
Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
|
|
there's no reason to artificially limit the key path
here, just check that it fits PATH_MAX; spotted by Matthew Patton
Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58
|
|
remove SSHv1 configuration options and man pages bits
ok markus@
Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424
|
|
remove SSHv1 ciphers; ok markus@
Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
|
|
remove options.protocol and client Protocol
configuration knob
ok markus@
Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
|
|
unifdef WITH_SSH1 ok markus@
Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
|
|
Add SyslogFacility option to ssh(1) matching the
equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok
djm@
Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed
|
|
better match sshd config parser behaviour: fatal() if
line is overlong, increase line buffer to match sshd's; bz#2651 reported by
Don Fong; ok dtucker@
Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18
|
|
Plug mem leak on GLOB_NOMATCH case. From jjelen at
redhat.com via bz#2687, ok djm@
Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d
|
|
support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@
Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
|
|
allow form-feed characters at EOL; bz#2431 ok dtucker@
Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2
|
|
small cleanup post SSHv1 removal:
remove SSHv1-isms in commented examples
reorder token table to group deprecated and compile-time conditional tokens
better
fix config dumping code for some compile-time conditional options that
weren't being correctly skipped (SSHv1 and PKCS#11)
Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
|
|
some explicit NULL tests when dumping configured
forwardings; from Karsten Weiss
Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d
|
|
fix previous
Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895
|
|
show a useful error message when included config files
can't be opened; bz#2653, ok dtucker@
Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b
|
|
Fix logic in add_local_forward() that inverted a test
when code was refactored out into bind_permitted(). This broke ssh port
forwarding for non-priv ports as a non root user.
ok dtucker@ 'looks good' deraadt@
Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9
|
|
Factor out "can bind to low ports" check into its own function. This will
make it easier for Portable to support platforms with permissions models
other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much"
deraadt@.
Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
|
|
remove superfluous NOTREACHED comment
Upstream-ID: a7485c1f1be618e8c9e38fd9be46c13b2d03b90c
|
|
reverse the order in which -J/JumpHost proxies are visited to
be more intuitive and document
reported by and manpage bits naddy@
Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
|
|
Do not clobber the global jump_host variables when
parsing an inactive configuration. ok djm@
Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31
|
|
Add a ProxyJump ssh_config(5) option and corresponding -J
ssh(1) command-line flag to allow simplified indirection through a SSH
bastion or "jump host".
These options construct a proxy command that connects to the
specified jump host(s) (more than one may be specified) and uses
port-forwarding to establish a connection to the next destination.
This codifies the safest way of indirecting connections through SSH
servers and makes it easy to use.
ok markus@
Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
|
|
Allow ExitOnForwardFailure and ClearAllForwardings to be
overridden when using ssh -W (but still default to yes in that case).
bz#2577, ok djm@.
Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
|
|
Move the host and port used by ssh -W into the Options
struct. This will make future changes a bit easier. ok djm@
Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
|
|
allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@
Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac
|
|
IdentityAgent for specifying specific agent sockets; ok
djm@
Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
|
|
Include directive for ssh_config(5); feedback & ok markus@
Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
|
|
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
the same effect without causing problems syncing patches with OpenBSD.
Resync the two affected functions with OpenBSD. ok djm, sanity checked
by Corinna.
|
|
don't record duplicate LocalForward and RemoteForward
entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation
where the same forwards are added on the second pass through the
configuration file. bz#2562; ok dtucker@
Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
|
|
don't attempt to percent_expand() already-canonicalised
addresses, avoiding unnecessary failures when attempting to connect to scoped
IPv6 addresses (that naturally contain '%' characters)
Upstream-ID: f24569cffa1a7cbde5f08dc739a72f4d78aa5c6a
|
|
Allow RekeyLimits in excess of 4G up to 2**63 bits
(limited by the return type of scan_scaled). Part of bz#2521, ok djm.
Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
|
|
remove roaming support; ok djm@
Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
|
|
Disable experimental client-side roaming support. Server
side was disabled/gutted for years already, but this aspect was surprisingly
forgotten. Thanks for report from Qualys
Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df
|
|
|
|
Add an AddKeysToAgent client option which can be set to
'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
private key that is used during authentication will be added to ssh-agent if
it is running (with confirmation enabled if set to 'confirm').
Initial version from Joachim Schipper many years ago.
ok markus@
Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
|
|
fix execv arguments in a way less likely to cause grief
for -portable; ok dtucker@
Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5
|
|
avoid de-const warning & shrink; ok dtucker@
Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db
|
|
Do not prepend "exec" to the shell command run by "Match
exec" in a config file. It's an unnecessary optimization from repurposed
ProxyCommand code and prevents some things working with some shells.
bz#2471, pointed out by res at qoxp.net. ok markus@
Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3
|
|
include PubkeyAcceptedKeyTypes in ssh -G config dump
Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb
|
|
add ssh_config CertificateFile option to explicitly list
a certificate; patch from Meghana Bhat on bz#2436; ok markus@
Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
|
|
Fix printing (ssh -G ...) of HostKeyAlgorithms=+...
Reported by Bryan Drewery
Upstream-ID: 19ad20c41bd5971e006289b6f9af829dd46c1293
|
