Age | Commit message (Collapse) | Author |
|
This patch has been rejected upstream: "None of the OpenSSH developers are
in favour of adding this, and this situation has not changed for several
years. This is not a slight on Simon's patch, which is of fine quality, but
just that a) we don't trust GSSAPI implementations that much and b) we don't
like adding new KEX since they are pre-auth attack surface. This one is
particularly scary, since it requires hooks out to typically root-owned
system resources."
However, quite a lot of people rely on this in Debian, and it's better to
have it merged into the main openssh package rather than having separate
-krb5 packages (as we used to have). It seems to have a generally good
security history.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
Last-Updated: 2016-03-21
Patch-Name: gssapi.patch
|
|
rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly
in *KeyTypes options yet. Remove them from the lists of algorithms for now.
committing on behalf of markus@ ok djm@
Upstream-ID: c6e8820eb8e610ac21551832c0c89684a9a51bb7
|
|
since these pages now clearly tell folks to avoid v1,
normalise the docs from a v2 perspective (i.e. stop pointing out which bits
are v2 only);
ok/tweaks djm ok markus
Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
|
|
Replace list of ciphers and MACs adjacent to -1/-2 flag
descriptions in ssh(1) with a strong recommendation not to use protocol 1.
Add a similar warning to the Protocol option descriptions in ssh_config(5)
and sshd_config(5);
prompted by and ok mmcc@
Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e
|
|
sync crypto algorithm lists in ssh_config(5) and
sshd_config(5) with current reality. bz#2527
Upstream-ID: d7fd1b6c1ed848d866236bcb1d7049d2bb9b2ff6
|
|
better description for MaxSessions; bz#2531
Upstream-ID: e2c0d74ee185cd1a3e9d4ca1f1b939b745b354da
|
|
Support "none" as an argument for sshd_config
ForceCommand and ChrootDirectory. Useful inside Match blocks to override a
global default. bz#2486 ok dtucker@
Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5
|
|
list a couple more options usable in Match blocks;
bz#2489
Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879
|
|
UsePrivilegeSeparation defaults to sandbox now.
ok djm@
Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
|
|
more clarity on what AuthorizedKeysFile=none does; based
on diff by Thiebaud Weksteen
Upstream-ID: 78ab87f069080f0cc3bc353bb04eddd9e8ad3704
|
|
match myproposal.h order; from brian conway (i snuck in a
tweak while here)
ok dtucker
Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67
|
|
add prohibit-password as a synonymn for without-password,
since the without-password is causing too many questions. Harden it to ban
all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from
djm, ok markus
Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
|
|
change default: PermitRootLogin without-password matching
install script changes coming as well ok djm markus
Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6
|
|
Allow ssh_config and sshd_config kex parameters options be
prefixed by a '+' to indicate that the specified items be appended to the
default rather than replacing it.
approach suggested by dtucker@, feedback dlg@, ok markus@
Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
|
|
mention that the default of UseDNS=no implies that
hostnames cannot be used for host matching in sshd_config and
authorized_keys; bz#2045, ok dtucker@
Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1
|
|
Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@
Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
|
|
refuse to generate or accept RSA keys smaller than 1024
bits; feedback and ok dtucker@
Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
|
|
typo: accidental repetition; bz#2386
Upstream-ID: 45e620d99f6bc301e5949d34a54027374991c88b
|
|
add knob to relax GSSAPI host credential check for
multihomed hosts bz#928, patch by Simon Wilkinson; ok dtucker
(kerberos/GSSAPI is not compiled by default on OpenBSD)
Upstream-ID: 15ddf1c6f7fd9d98eea9962f480079ae3637285d
|
|
add AuthorizedPrincipalsCommand that allows getting
authorized_principals from a subprocess rather than a file, which is quite
useful in deployments with large userbases
feedback and ok markus@
Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6
|
|
support arguments to AuthorizedKeysCommand
bz#2081 loosely based on patch by Sami Hartikainen
feedback and ok markus@
Upstream-ID: b080387a14aa67dddd8ece67c00f268d626541f7
|
|
Allow ListenAddress, Port and AddressFamily in any
order. bz#68, ok djm@, jmc@ (for the man page bit).
|
|
enviroment -> environment: apologies to darren for not
spotting that first time round...
|
|
Fix typo in previous
|
|
Document that the TERM environment variable is not
subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from
jjelen at redhat, help and ok jmc@
|
|
Make sshd default to PermitRootLogin=no; ok deraadt@
rpe@
|
|
Document "none" for PidFile XAuthLocation
TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@
|
|
sort options useable under Match case-insensitively; prodded
jmc@
|
|
more options that are available under Match; bz#2353 reported
by calestyo AT scientia.net
|
|
increasing encounters with difficult DNS setups in
darknets has convinced me UseDNS off by default is better ok djm
|
|
heirarchy -> hierarchy;
|
|
Provide a warning about chroot misuses (which sadly, seem
to have become quite popular because shiny). sshd cannot detect/manage/do
anything about these cases, best we can do is warn in the right spot in the
man page. ok markus
|
|
add sshd_config HostbasedAcceptedKeyTypes and
PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
will be accepted. Currently defaults to all. Feedback & ok markus@
|
|
mention ssh -Q feature to list supported { MAC, cipher,
KEX, key } algorithms in more places and include the query string used to
list the relevant information; bz#2288
|
|
tweak previous;
|
|
correct description of what will happen when a
AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd
will refuse to start)
|
|
remember which public keys have been used for
authentication and refuse to accept previously-used keys.
This allows AuthenticationMethods=publickey,publickey to require
that users authenticate using two _different_ pubkeys.
ok markus@
|
|
tweak previous;
|
|
Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.
Feedback and ok naddy@ markus@
|
|
revert chunk I didn't mean to commit yet; via jmc@
|
|
mention AuthorizedKeysCommandUser must be set for
AuthorizedKeysCommand to be run; bz#2287
|
|
restore word zapped in previous, and remove some useless
"No" macros;
|
|
/dev/random has created the same effect as /dev/arandom
(and /dev/urandom) for quite some time. Mop up the last few, by using
/dev/random where we actually want it, or not even mentioning arandom where
it is irrelevant.
|
|
mention permissions on tun(4) devices in PermitTunnel
documentation; bz#2273
|
|
typo.
|
|
|
|
[sftp-server.8 sshd_config.5]
some systems no longer need /dev/log;
issue noticed by jirib;
ok deraadt
|
|
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
[clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
[readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
[ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
[sshd_config.5 sshlogin.c]
Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
|
|
[servconf.c servconf.h session.c sshd.8 sshd_config.5]
Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is
executed, mirroring the no-user-rc authorized_keys option;
bz#2160; ok markus@
|
|
[ssh_config.5 sshd_config.5]
sync available and default algorithms, improve algorithm list formatting
help from jmc@ and schwarze@, ok deraadt@
|