summaryrefslogtreecommitdiff
path: root/sshd.c
AgeCommit message (Collapse)Author
2019-12-16upstream: allow security keys to act as host keys as well as userdjm@openbsd.org
keys. Previously we didn't do this because we didn't want to expose the attack surface presented by USB and FIDO protocol handling, but now that this is insulated behind ssh-sk-helper there is less risk. ok markus@ OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
2019-11-20upstream: additional missing stdarg.h includes when built withoutnaddy@openbsd.org
WITH_OPENSSL; ok djm@ OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b
2019-11-15upstream: When clients get denied by MaxStartups, send adtucker@openbsd.org
noification prior to the SSH2 protocol banner according to RFC4253 section 4.2. ok djm@ deraadt@ markus@ OpenBSD-Commit-ID: e5dabcb722d54dea18eafb336d50b733af4f9c63
2019-11-01upstream: Refactor signing - use sshkey_sign for everything,djm@openbsd.org
including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
2019-10-29upstream: Signal handler cleanup: remove leftover support fordtucker@openbsd.org
unreliable signals and now-unneeded save and restore of errno. ok deraadt@ markus@ OpenBSD-Commit-ID: 01dd8a1ebdd991c8629ba1f5237283341a93cd88
2019-07-05upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org
some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-06-21upstream: Add protection for private keys at rest in RAM againstdjm@openbsd.org
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@ OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
2019-06-08upstream: Replace calls to ssh_malloc_init() by a static init ofotto@openbsd.org
malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@ OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
2019-05-08upstream: When running sshd -T, assume any attibute not provided bydtucker@openbsd.org
-C does not match, which allows it to work when sshd_config contains a Match directive with or without -C. bz#2858, ok djm@ OpenBSD-Commit-ID: 1a701f0a33e3bc96753cfda2fe0b0378520b82eb
2019-03-01upstream: Fix two race conditions in sshd relating to SIGHUP:djm@openbsd.org
1. Recently-forked child processes will briefly remain listening to listen_socks. If the main server sshd process completes its restart via execv() before these sockets are closed by the child processes then it can fail to listen at the desired addresses/ports and/or fail to restart. 2. When a SIGHUP is received, there may be forked child processes that are awaiting their reexecution state. If the main server sshd process restarts before passing this state, these child processes will yield errors and use a fallback path of reading the current sshd_config from the filesystem rather than use the one that sshd was started with. To fix both of these cases, we reuse the startup_pipes that are shared between the main server sshd and forked children. Previously this was used solely to implement tracking of pre-auth child processes for MaxStartups, but this extends the messaging over these pipes to include a child->parent message that the parent process is safe to restart. This message is sent from the child after it has completed its preliminaries: closing listen_socks and receiving its reexec state. bz#2953, reported by Michal Koutný; ok markus@ dtucker@ OpenBSD-Commit-ID: 7df09eacfa3ce13e9a7b1e9f17276ecc924d65ab
2019-01-21upstream: rename kex->kem_client_pub -> kex->client_pub now thatdjm@openbsd.org
KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
2019-01-21upstream: use KEM API for vanilla ECDHdjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
2019-01-21upstream: use KEM API for vanilla DH KEXdjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
2019-01-21upstream: use KEM API for vanilla c25519 KEXdjm@openbsd.org
OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
2019-01-21upstream: Add support for a PQC KEX/KEM:djm@openbsd.org
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
2019-01-20last bits of old packet API / active_state globalDamien Miller
2019-01-20upstream: remove last references to active_statedjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
2019-01-20upstream: convert monitor.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5
2019-01-20upstream: convert sshd.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: ea569d3eaf9b5cf1bad52779fbfa5fa0b28af891
2019-01-20upstream: convert auth2.c to new packet APIDamien Miller
OpenBSD-Commit-ID: ed831bb95ad228c6791bc18b60ce7a2edef2c999
2019-01-20upstream: convert servconf.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4
2019-01-20upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org
API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-17upstream: many of the global variables in this file can be made static;djm@openbsd.org
patch from Markus Schmidt OpenBSD-Commit-ID: f3db619f67beb53257b21bac0e92b4fb7d5d5737
2018-12-27upstream: move client/server SSH-* banners to buffers underdjm@openbsd.org
ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@ OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-11-23refactor libcrypto initialisationDamien Miller
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually supports it. Move all libcrypto initialisation to a single function, and call that from seed_rng() that is called early in each tool's main(). Prompted by patch from Rosen Penev
2018-11-19upstream: silence (to log level debug2) failure messages whendjm@openbsd.org
loading the default hostkeys. Hostkeys explicitly specified in the configuration or on the command-line are still reported as errors, and failure to load at least one host key remains a fatal error. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Based on patch from Dag-Erling Smørgrav via https://github.com/openssh/openssh-portable/pull/103 ok markus@ OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684
2018-11-16upstream: use path_absolute() for pathname checks; from Manoj Ampalamdjm@openbsd.org
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
2018-10-23upstream: refer to OpenSSL not SSLeay;djm@openbsd.org
we're old, but we don't have to act it OpenBSD-Commit-ID: 9ca38d11f8ed19e61a55108d1e892d696cee08ec
2018-09-21upstream: when compiled with GSSAPI support, cache supported methoddjm@openbsd.org
OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether GSSAPI authentication is enabled in the main config. This avoids sandbox violations for configurations that enable GSSAPI auth later, e.g. Match user djm GSSAPIAuthentication yes bz#2107; ok dtucker@ OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d
2018-09-13upstream: hold our collective noses and use the openssl-1.1.x API indjm@openbsd.org
OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
2018-08-13upstream: revert compat.[ch] section of the following change. Itdjm@openbsd.org
causes double-free under some circumstances. -- date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh; fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 feedback and ok dtucker@ OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
2018-07-31upstream: fix some memory leaks spotted by Coverity via Jakub Jelendjm@openbsd.org
in bz#2366 feedback and ok dtucker@ OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563
2018-07-12upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-10Adapt portable to legacy buffer API removalDamien Miller
2018-07-10upstream: sshd: switch config to sshbuf API; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd
2018-07-10upstream: sshd: switch loginmsg to sshbuf API; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
2018-07-03upstream: Improve strictness and control over RSA-SHA2 signaturedjm@openbsd.org
In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@ OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
2018-04-13upstream: Defend against user enumeration timing attacks. Thisdtucker@openbsd.org
establishes a minimum time for each failed authentication attempt (5ms) and adds a per-user constant derived from a host secret (0-4ms). Based on work by joona.kannisto at tut.fi, ok markus@ djm@. OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca
2018-04-10upstream: lots of typos in comments/docs. Patch from Karsten Weissdjm@openbsd.org
after checking with codespell tool (https://github.com/lucasdemarchi/codespell) OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
2018-03-03upstream: switch over to the new authorized_keys options API anddjm@openbsd.org
remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-02-26upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
2018-02-15Remove UNICOS support.Darren Tucker
The code required to support it is quite invasive to the mainline code that is synced with upstream and is an ongoing maintenance burden. Both the hardware and software are literal museum pieces these days and we could not find anyone still running OpenSSH on one.
2018-02-13upstream Don't reset signal handlers inside handlers.dtucker@openbsd.org
The signal handlers from the original ssh1 code on which OpenSSH is based assume unreliable signals and reinstall their handlers. Since OpenBSD (and pretty much every current system) has reliable signals this is not needed. In the unlikely even that -portable is still being used on such systems we will deal with it in the compat layer. ok deraadt@ OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c
2018-01-24upstream commitstsp@openbsd.org
Fix a logic bug in sshd_exchange_identification which prevented clients using major protocol version 2 from connecting to the server. ok millert@ OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9
2018-01-23upstream commitdjm@openbsd.org
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2018-01-23upstream commitdjm@openbsd.org
unbreak support for clients that advertise a protocol version of "1.99" (indicating both v2 and v1 support). Busted by me during SSHv1 purge in r1.358; bz2810, ok dtucker OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b
2018-01-23upstream commitdjm@openbsd.org
avoid modifying pw->pw_passwd; let endpwent() clean up for us, but keep a scrubbed copy; bz2777, ok dtucker@ OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752
2017-11-14upstream commitdjm@openbsd.org@openbsd.org
fix problem in configuration parsing when in config dump mode (sshd -T) without providing a full connection specification (sshd -T -C ...) spotted by bluhm@ OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f
2017-11-03upstream commitdtucker@openbsd.org@openbsd.org
When doing a config test with sshd -T, only require the attributes that are actually used in Match criteria rather than (an incomplete list of) all criteria. ok djm@, man page help jmc@ OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc
2017-10-31upstream commitdjm@openbsd.org@openbsd.org
improve printing of rdomain on accept() a little OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a