Age | Commit message (Collapse) | Author |
|
This patch has been rejected upstream: "None of the OpenSSH developers are
in favour of adding this, and this situation has not changed for several
years. This is not a slight on Simon's patch, which is of fine quality, but
just that a) we don't trust GSSAPI implementations that much and b) we don't
like adding new KEX since they are pre-auth attack surface. This one is
particularly scary, since it requires hooks out to typically root-owned
system resources."
However, quite a lot of people rely on this in Debian, and it's better to
have it merged into the main openssh package rather than having separate
-krb5 packages (as we used to have). It seems to have a generally good
security history.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
Last-Updated: 2017-10-04
Patch-Name: gssapi.patch
|
|
Increase the buffer sizes for user prompts to ensure that
they won't be truncated by snprintf. Based on patch from cjwatson at
debian.org via bz#2768, ok djm@
Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e
|
|
refuse to a private keys when its corresponding .pub key
does not match. bz#2737 ok dtucker@
Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913
|
|
Add user@host prefix to client's "Permisison denied"
messages, useful in particular when using "stacked" connections where it's
not clear which host is denying. bz#2720, ok djm@ markus@
Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be
|
|
remove now obsolete ctx from ssh_dispatch_run; ok djm@
Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
|
|
another ctx => ssh conversion (in GSSAPI code)
Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0
|
|
protocol handlers all get struct ssh passed; ok djm@
Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
|
|
ssh: pass struct ssh to auth functions, too; ok djm@
Upstream-ID: d13c509cc782f8f19728fbea47ac7cf36f6e85dd
|
|
switch from Key typedef with struct sshkey; ok djm@
Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
|
|
more simplification and removal of SSHv1-related code;
ok djm@
Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55
|
|
remove KEY_RSA1
ok markus@
Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
|
|
include key fingerprint in "Offering public key" debug
message
Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52
|
|
allow ssh to use certificates accompanied by a private
key file but no corresponding plain *.pub public key. bz#2617 based on patch
from Adam Eijdenberg; ok dtucker@ markus@
Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9
|
|
Make ssh_packet_set_rekey_limits take u32 for the number of
seconds until rekeying (negative values are rejected at config parse time).
This allows the removal of some casts and a signed vs unsigned comparison
warning.
rekey_time is cast to int64 for the comparison which is a no-op
on OpenBSD, but should also do the right thing in -portable on
anything still using 32bit time_t (until the system time actually
wraps, anyway).
some early guidance deraadt@, ok djm@
Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
|
|
misplaced braces in test; from Karsten Weiss
Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae
|
|
don't dereference authctxt before testing != NULL, it
causes compilers to make assumptions; from Karsten Weiss
Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
|
|
Fix public key authentication when multiple
authentication is in use. Instead of deleting and re-preparing the entire
keys list, just reset the 'used' flags; the keys list is already in a good
order (with already- tried keys at the back)
Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176
|
|
restore pre-auth compression support in the client -- the
previous commit was intended to remove it from the server only.
remove a few server-side pre-auth compression bits that escaped
adjust wording of Compression directive in sshd_config(5)
pointed out by naddy@ ok markus@
Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
|
|
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
|
|
If ssh receives a PACKET_DISCONNECT during userauth it
will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the
session being authenticated. Check for this and exit if necessary. ok djm@
Upstream-ID: b3afe126c0839d2eae6cddd41ff2ba317eda0903
|
|
Lower loglevel for "Authenticated with partial success"
message similar to other similar level. bz#2599, patch from cgallek at
gmail.com, ok markus@
Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd
|
|
support UTF-8 characters in ssh(1) banners using
schwarze@'s safe fmprintf printer; bz#2058
feedback schwarze@ ok dtucker@
Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7
|
|
KNF compression proposal and simplify the client side a
little. ok djm@
Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605
|
|
prefer agent-hosted keys to keys from PKCS#11; ok markus
Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4
|
|
add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
|
|
fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
better safety checking; feedback and ok markus@
Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
|
|
fix comment
Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15
|
|
unbreak authentication using lone certificate keys in
ssh-agent: when attempting pubkey auth with a certificate, if no separate
private key is found among the keys then try with the certificate key itself.
bz#2550 reported by Peter Moody
Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
|
|
fix spurious error message when incorrect passphrase
entered for keys; reported by espie@ ok deraadt@
Upstream-ID: 58b2e46e63ed6912ed1ee780bd3bd8560f9a5899
|
|
avoid an uninitialised value when NumberOfPasswordPrompts
is 0 ok markus@ djm@
Upstream-ID: 11b068d83c2865343aeb46acf1e9eec00f829b6b
|
|
fd leaks; report Qualys Security Advisory team; ok
deraadt@
Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d
|
|
remove roaming support; ok djm@
Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
|
|
Remove NULL-checks before sshkey_free().
ok djm@
Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
|
|
correct error messages; from Tomas Kuthan bz#2507
Upstream-ID: 7454a0affeab772398052954c79300aa82077093
|
|
Pass (char *)NULL rather than (char *)0 to execl and
execlp.
ok dtucker@
Upstream-ID: 56c955106cbddba86c3dd9bbf786ac0d1b361492
|
|
Remove NULL-checks before free().
ok dtucker@
Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
|
|
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@
Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
|
|
clean up agent_fd handling; properly initialise it to -1
and make tests consistent
ok markus@
Upstream-ID: ac9554323d5065745caf17b5e37cb0f0d4825707
|
|
Add an AddKeysToAgent client option which can be set to
'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
private key that is used during authentication will be added to ssh-agent if
it is running (with confirmation enabled if set to 'confirm').
Initial version from Joachim Schipper many years ago.
ok markus@
Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
|
|
apply PubkeyAcceptedKeyTypes filtering earlier, so all
skipped keys are noted before pubkey authentication starts. ok dtucker@
Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8
|
|
add ssh_config CertificateFile option to explicitly list
a certificate; patch from Meghana Bhat on bz#2436; ok markus@
Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
|
|
Allow ssh_config and sshd_config kex parameters options be
prefixed by a '+' to indicate that the specified items be appended to the
default rather than replacing it.
approach suggested by dtucker@, feedback dlg@, ok markus@
Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
|
|
Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@
Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
|
|
Remove pattern length argument from match_pattern_list(), we
only ever use it for strlen(pattern).
Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.
ok markus@
|
|
Ifdef out the ECC parts when building with an OpenSSL that doesn't have
it.
|
|
Add a ssh_config HostbasedKeyType option to control which
host public key types are tried during hostbased authentication.
This may be used to prevent too many keys being sent to the server,
and blowing past its MaxAuthTries limit.
bz#2211 based on patch by Iain Morgan; ok markus@
|
|
update to new API (key_fingerprint => sshkey_fingerprint)
check sshkey_fingerprint return values; ok markus
|
|
kex_setup errors are fatal()
|
|
make this compile with KERBEROS5 enabled
|
|
adapt kex to sshbuf and struct ssh; ok djm@
|