Age | Commit message (Collapse) | Author |
|
Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported
in previous versions of Debian's OpenSSH package but since superseded by
ServerAliveInterval. (We're probably stuck with this bit for
compatibility.)
In batch mode, default ServerAliveInterval to five minutes.
Adjust documentation to match and to give some more advice on use of
keepalives.
Author: Ian Jackson <ian@chiark.greenend.org.uk>
Author: Matthew Vernon <matthew@debian.org>
Author: Colin Watson <cjwatson@debian.org>
Last-Update: 2016-12-26
Patch-Name: keepalive-extensions.patch
|
|
This patch has been rejected upstream: "None of the OpenSSH developers are
in favour of adding this, and this situation has not changed for several
years. This is not a slight on Simon's patch, which is of fine quality, but
just that a) we don't trust GSSAPI implementations that much and b) we don't
like adding new KEX since they are pre-auth attack surface. This one is
particularly scary, since it requires hooks out to typically root-owned
system resources."
However, quite a lot of people rely on this in Debian, and it's better to
have it merged into the main openssh package rather than having separate
-krb5 packages (as we used to have). It seems to have a generally good
security history.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
Last-Updated: 2017-01-16
Patch-Name: gssapi.patch
|
|
Mark the sshd_config UsePrivilegeSeparation option as
deprecated, effectively making privsep mandatory in sandboxing mode. ok
markus@ deraadt@
(note: this doesn't remove the !privsep code paths, though that will
happen eventually).
Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
|
|
support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@
Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
|
|
keep the tokens list sorted;
Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638
|
|
Re-add '%k' token for AuthorizedKeysCommand which was
lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com.
Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38
|
|
Add a sshd_config DisableForwaring option that disables
X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
anything else we might implement in the future.
This, like the 'restrict' authorized_keys flag, is intended to be a
simple and future-proof way of restricting an account. Suggested as
a complement to 'restrict' by Jann Horn; ok markus@
Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7
|
|
allow ClientAlive{Interval,CountMax} in Match; ok dtucker,
djm
Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55
|
|
tidy up the formatting in this file. more specifically,
replace .Dq, which looks appalling, with .Cm, where appropriate;
Upstream-ID: ff8e90aa0343d9bb56f40a535e148607973cc738
|
|
restore pre-auth compression support in the client -- the
previous commit was intended to remove it from the server only.
remove a few server-side pre-auth compression bits that escaped
adjust wording of Compression directive in sshd_config(5)
pointed out by naddy@ ok markus@
Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
|
|
organise the token stuff into a separate section; ok
markus for an earlier version of the diff ok/tweaks djm
Upstream-ID: 81a6daa506a4a5af985fce7cf9e59699156527c8
|
|
mention curve25519-sha256 KEX
Upstream-ID: 33ae1f433ce4795ffa6203761fbdf86e0d7ffbaf
|
|
add a way for principals command to get see key ID and serial
too
Upstream-ID: 0d30978bdcf7e8eaeee4eea1b030eb2eb1823fcb
|
|
add %-escapes to AuthorizedPrincipalsCommand to match those
supported for AuthorizedKeysCommand (key, key type, fingerprint, etc) and a
few more to provide access to the certificate's CA key; 'looks ok' dtucker@
Upstream-ID: 6b00fd446dbebe67f4e4e146d2e492d650ae04eb
|
|
sort; from matthew martin
Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7
|
|
remove UseLogin option and support for having /bin/login
manage login sessions; ok deraadt markus dtucker
Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712
|
|
Catch up with the SSH1 code removal and delete all
mention of protocol 1 particularities, key files and formats, command line
options, and configuration keywords from the server documentation and
examples. ok jmc@
Upstream-ID: 850328854675b4b6a0d4a90f0b4a9dd9ca4e905f
|
|
Use 2001:db8::/32, the official IPv6 subnet for
configuration examples.
This makes the IPv6 example consistent with IPv4, and removes a dubious
mention of a 6bone subnet.
ok sthen@ millert@
Upstream-ID: b027f3d0e0073419a132fd1bf002e8089b233634
|
|
tweak previous;
Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534
|
|
Allow wildcard for PermitOpen hosts as well as ports.
bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok
markus@
Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
|
|
grammar fix;
Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463
|
|
ban AuthenticationMethods="" and accept
AuthenticationMethods=any for the default behaviour of not requiring multiple
authentication
bz#2398 from Jakub Jelen; ok dtucker@
Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27
|
|
allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@
Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac
|
|
cidr permitted for {allow,deny}users; from lars nooden ok djm
Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11
|
|
UseDNS affects ssh hostname processing in authorized_keys,
not known_hosts; bz#2554 reported by jjelen AT redhat.com
Upstream-ID: c1c1bb895dde46095fc6d81d8653703928437591
|
|
rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly
in *KeyTypes options yet. Remove them from the lists of algorithms for now.
committing on behalf of markus@ ok djm@
Upstream-ID: c6e8820eb8e610ac21551832c0c89684a9a51bb7
|
|
since these pages now clearly tell folks to avoid v1,
normalise the docs from a v2 perspective (i.e. stop pointing out which bits
are v2 only);
ok/tweaks djm ok markus
Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
|
|
Replace list of ciphers and MACs adjacent to -1/-2 flag
descriptions in ssh(1) with a strong recommendation not to use protocol 1.
Add a similar warning to the Protocol option descriptions in ssh_config(5)
and sshd_config(5);
prompted by and ok mmcc@
Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e
|
|
sync crypto algorithm lists in ssh_config(5) and
sshd_config(5) with current reality. bz#2527
Upstream-ID: d7fd1b6c1ed848d866236bcb1d7049d2bb9b2ff6
|
|
better description for MaxSessions; bz#2531
Upstream-ID: e2c0d74ee185cd1a3e9d4ca1f1b939b745b354da
|
|
Support "none" as an argument for sshd_config
ForceCommand and ChrootDirectory. Useful inside Match blocks to override a
global default. bz#2486 ok dtucker@
Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5
|
|
list a couple more options usable in Match blocks;
bz#2489
Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879
|
|
UsePrivilegeSeparation defaults to sandbox now.
ok djm@
Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
|
|
more clarity on what AuthorizedKeysFile=none does; based
on diff by Thiebaud Weksteen
Upstream-ID: 78ab87f069080f0cc3bc353bb04eddd9e8ad3704
|
|
match myproposal.h order; from brian conway (i snuck in a
tweak while here)
ok dtucker
Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67
|
|
add prohibit-password as a synonymn for without-password,
since the without-password is causing too many questions. Harden it to ban
all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from
djm, ok markus
Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
|
|
change default: PermitRootLogin without-password matching
install script changes coming as well ok djm markus
Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6
|
|
Allow ssh_config and sshd_config kex parameters options be
prefixed by a '+' to indicate that the specified items be appended to the
default rather than replacing it.
approach suggested by dtucker@, feedback dlg@, ok markus@
Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
|
|
mention that the default of UseDNS=no implies that
hostnames cannot be used for host matching in sshd_config and
authorized_keys; bz#2045, ok dtucker@
Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1
|
|
Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@
Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
|
|
refuse to generate or accept RSA keys smaller than 1024
bits; feedback and ok dtucker@
Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
|
|
typo: accidental repetition; bz#2386
Upstream-ID: 45e620d99f6bc301e5949d34a54027374991c88b
|
|
add knob to relax GSSAPI host credential check for
multihomed hosts bz#928, patch by Simon Wilkinson; ok dtucker
(kerberos/GSSAPI is not compiled by default on OpenBSD)
Upstream-ID: 15ddf1c6f7fd9d98eea9962f480079ae3637285d
|
|
add AuthorizedPrincipalsCommand that allows getting
authorized_principals from a subprocess rather than a file, which is quite
useful in deployments with large userbases
feedback and ok markus@
Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6
|
|
support arguments to AuthorizedKeysCommand
bz#2081 loosely based on patch by Sami Hartikainen
feedback and ok markus@
Upstream-ID: b080387a14aa67dddd8ece67c00f268d626541f7
|
|
Allow ListenAddress, Port and AddressFamily in any
order. bz#68, ok djm@, jmc@ (for the man page bit).
|
|
enviroment -> environment: apologies to darren for not
spotting that first time round...
|
|
Fix typo in previous
|
|
Document that the TERM environment variable is not
subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from
jjelen at redhat, help and ok jmc@
|
|
Make sshd default to PermitRootLogin=no; ok deraadt@
rpe@
|