Age | Commit message (Collapse) | Author |
|
Setting this to "no" causes sshd to omit the Debian revision from its
initial protocol handshake, for those scared by package-versioning.patch.
Bug-Debian: http://bugs.debian.org/562048
Forwarded: not-needed
Last-Update: 2018-08-24
Patch-Name: debian-banner.patch
|
|
This makes it easier to audit networks for versions patched against security
vulnerabilities. It has little detrimental effect, as attackers will
generally just try attacks rather than bothering to scan for
vulnerable-looking version strings. (However, see debian-banner.patch.)
Forwarded: not-needed
Last-Update: 2017-10-04
Patch-Name: package-versioning.patch
|
|
Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change. In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2018-08-24
Patch-Name: selinux-role.patch
|
|
Support for TCP wrappers was dropped in OpenSSH 6.7. See this message
and thread:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
It is true that this reduces preauth attack surface in sshd. On the
other hand, this support seems to be quite widely used, and abruptly
dropping it (from the perspective of users who don't read
openssh-unix-dev) could easily cause more serious problems in practice.
It's not entirely clear what the right long-term answer for Debian is,
but it at least probably doesn't involve dropping this feature shortly
before a freeze.
Forwarded: not-needed
Last-Update: 2018-08-24
Patch-Name: restore-tcp-wrappers.patch
|
|
This patch has been rejected upstream: "None of the OpenSSH developers are
in favour of adding this, and this situation has not changed for several
years. This is not a slight on Simon's patch, which is of fine quality, but
just that a) we don't trust GSSAPI implementations that much and b) we don't
like adding new KEX since they are pre-auth attack surface. This one is
particularly scary, since it requires hooks out to typically root-owned
system resources."
However, quite a lot of people rely on this in Debian, and it's better to
have it merged into the main openssh package rather than having separate
-krb5 packages (as we used to have). It seems to have a generally good
security history.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
Last-Updated: 2018-08-24
Patch-Name: gssapi.patch
|
|
causes double-free under some circumstances.
--
date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@
OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
|
|
in bz#2366 feedback and ok dtucker@
OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563
|
|
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
|
|
|
|
OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd
|
|
OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
|
|
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
|
|
establishes a minimum time for each failed authentication attempt (5ms) and
adds a per-user constant derived from a host secret (0-4ms). Based on work
by joona.kannisto at tut.fi, ok markus@ djm@.
OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca
|
|
after checking with codespell tool
(https://github.com/lucasdemarchi/codespell)
OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
|
|
remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.
feedback and ok markus@
OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
|
|
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@
OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
|
|
The code required to support it is quite invasive to the mainline
code that is synced with upstream and is an ongoing maintenance burden.
Both the hardware and software are literal museum pieces these days and
we could not find anyone still running OpenSSH on one.
|
|
The signal handlers from the original ssh1 code on which OpenSSH
is based assume unreliable signals and reinstall their handlers.
Since OpenBSD (and pretty much every current system) has reliable
signals this is not needed. In the unlikely even that -portable
is still being used on such systems we will deal with it in the
compat layer. ok deraadt@
OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c
|
|
Fix a logic bug in sshd_exchange_identification which
prevented clients using major protocol version 2 from connecting to the
server. ok millert@
OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9
|
|
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
|
|
unbreak support for clients that advertise a protocol
version of "1.99" (indicating both v2 and v1 support). Busted by me during
SSHv1 purge in r1.358; bz2810, ok dtucker
OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b
|
|
avoid modifying pw->pw_passwd; let endpwent() clean up
for us, but keep a scrubbed copy; bz2777, ok dtucker@
OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752
|
|
fix problem in configuration parsing when in config dump mode
(sshd -T) without providing a full connection specification (sshd -T -C ...)
spotted by bluhm@
OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f
|
|
When doing a config test with sshd -T, only require the
attributes that are actually used in Match criteria rather than (an
incomplete list of) all criteria. ok djm@, man page help jmc@
OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc
|
|
improve printing of rdomain on accept() a little
OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a
|
|
|
|
add a "rdomain" criteria for the sshd_config Match
keyword to allow conditional configuration that depends on which rdomain(4) a
connection was recevied on. ok markus@
Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb
|
|
add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)
ok markus@
Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
|
|
Add optional rdomain qualifier to sshd_config's
ListenAddress option to allow listening on a different rdomain(4), e.g.
ListenAddress 0.0.0.0 rdomain 4
Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
|
|
|
|
replace statically-sized arrays in ServerOptions with
dynamic ones managed by xrecallocarray, removing some arbitrary (though
large) limits and saving a bit of memory; "much nicer" markus@
Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
|
|
refactor channels.c
Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.
Explicitly pass "struct ssh" to all channels functions.
Replace use of the legacy packet APIs in channels.c.
Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.
ok markus@
Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
|
|
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus
Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
|
|
clear session keys from memory; ok djm@
Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f
|
|
remove now obsolete ctx from ssh_dispatch_run; ok djm@
Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
|
|
switch from Key typedef with struct sshkey; ok djm@
Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
|
|
remove KEY_RSA1
ok markus@
Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
|
|
remove compat20/compat13/compat15 variables
ok markus@
Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
|
|
If running with privsep (mandatory now) as a non-privileged user, we
don't chroot or change to an unprivileged user however we still checked
the existence of the user and directory. Don't do those checks if we're
not going to use them. Based in part on a patch from Lionel Fourquaux
via Corinna Vinschen, ok djm@
|
|
accidents happen to the best of us; ok djm
Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
|
|
Fix segfault when sshd attempts to load RSA1 keys (can
only happen when protocol v.1 support is enabled for the client). Reported by
Jakub Jelen in bz#2686; ok dtucker
Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
|
|
might as well set the listener socket CLOEXEC
Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57
|
|
Restore \r\n newline sequence for server ident string. The CR
got lost in the flensing of SSHv1. Pointed out by Stef Bon
Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac
|
|
Make ssh_packet_set_rekey_limits take u32 for the number of
seconds until rekeying (negative values are rejected at config parse time).
This allows the removal of some casts and a signed vs unsigned comparison
warning.
rekey_time is cast to int64 for the comparison which is a no-op
on OpenBSD, but should also do the right thing in -portable on
anything still using 32bit time_t (until the system time actually
wraps, anyway).
some early guidance deraadt@, ok djm@
Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
|
|
log connections dropped in excess of MaxStartups at
verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@
Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b
|
|
Unlink PidFile on SIGHUP and always recreate it when the
new sshd starts. Regression tests (and possibly other things) depend on the
pidfile being recreated after SIGHUP, and unlinking it means it won't contain
a stale pid if sshd fails to restart. ok djm@ markus@
Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870
|
|
On startup, check to see if sshd is already daemonized
and if so, skip the call to daemon() and do not rewrite the PidFile. This
means that when sshd re-execs itself on SIGHUP the process ID will no longer
change. Should address bz#2641. ok djm@ markus@.
Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9
|
|
Add a call to RAND_poll() to ensure than more than pid+time gets
stirred into child processes states. Prompted by analysis from Jann
Horn at Project Zero. ok dtucker@
|
|
Factor out code to disconnect from controlling terminal
into its own function. ok djm@
Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885
|
|
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
|