| Age | Commit message (Collapse) | Author |
|---|
|
send session ID, hostkey, signature and a flag indicating whether the
agent connection is being forwarded to ssh agent each time a connection
is opened via a new "session-bind@openssh.com" agent extension.
ok markus@
|
|
|
|
|
|
ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch.
ok dtucker
|
|
file to do the same thing as -n does on the ssh(1) commandline.
Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
|
|
and server mainloops.
Previously the rekey timeout could expire but rekeying would not start
until a packet was sent or received. This could cause us to spin in
select() on the rekey timeout if the connection was quiet.
ok markus@
|
|
file to offer equivalent control to the -N (no session) and -s
(subsystem) command-line flags.
Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
feedback and ok dtucker@
|
|
removes two diffs between the two.
|
|
removed more host keys than remain present. Fix tested by reporter
James Cook, via bugs@
|
|
ssh(1) needs to set file descriptors to non-blocking mode to operate
but it was not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell, e.g.
> $ cat > test.sh << _EOF
> #!/bin/sh
> {
> ssh -Fnone -oLogLevel=verbose ::1 hostname
> cat /usr/share/dict/words
> } | sleep 10
> _EOF
> $ ./test.sh
> Authenticated to ::1 ([::1]:22).
> Transferred: sent 2352, received 2928 bytes, in 0.1 seconds
> Bytes per second: sent 44338.9, received 55197.4
> cat: stdout: Resource temporarily unavailable
This restores the blocking status for fds 0,1,2 (stdio) before ssh(1)
abandons/closes them.
This was reported as bz3280 and GHPR246; ok dtucker@
|
|
platforms in -portable. ok djm@
|
|
|
|
failures in multiplexed sessions
|
|
ok dtucker@
|
|
use that instead of global variables containing copies of it.
feedback/ok markus@
|
|
purpose-built ssh->compat variable instead; feedback/ok markus@
|
|
Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
FILE* argument instead of opening the file directly.
Original load_hostkeys() and hostkeys_foreach() are implemented using
these new interfaces.
Add a u_int note field to the hostkey_entry and hostkey_foreach_line
structs that is passed directly from the load_hostkeys() and
hostkeys_foreach() call. This is a lightweight way to annotate results
between different invocations of load_hostkeys().
ok markus@
|
|
other names and addresses; spotted by and debugged with lots of help
from jca@
|
|
appending ssh_err(r) manually; ok markus@
|
|
one of the keys offered by the server is already in known_hosts under
another name. This avoid collisions between address entries for
different host aliases when CheckHostIP=yes
Also, do not attempt to fix known_hosts with incomplete host/ip matches
when there are no new or deprecated hostkeys.
|
|
Stop UpdateHostkeys from automatically removing deprecated keys from
known_hosts files if the same keys exist under a different name or
address to the host that is being connected to.
This avoids UpdateHostkeys from making known_hosts inconsistent in
some cases. For example, multiple host aliases sharing address-based
known_hosts on different lines, or hosts that resolves to multiple
addresses.
ok markus@
|
|
When preparing to update the known_hosts file, fully check both
entries for both the host and the address (if CheckHostIP enabled)
and ensure that, at the end of the operation, entries for both are
recorded.
Make sure this works with HashKnownHosts too, which requires maintaining
a list of entry-types seen across the whole file for each key.
ok markus@
|
|
Disable UpdateHostkeys if the known_hosts line has more than two
entries in the pattern-list. ssh(1) only writes "host" or "host,ip"
lines so anything else was added by a different tool or by a human.
ok markus@
|
|
spotted by naddy@
|
|
(commitid VtF8vozGOF8DMKVg). We now do this a simpler way that
needs less plumbing.
ok markus@
|
|
encountered or when a certificate host key is in use.
feedback/ok markus@
|
|
Patch from Sebastian Andrzej Siewior.
|
|
and ignore traffic from a port forwarding client, preventing a client from
keeping a connection alive when it should be terminated. Based on a patch
from jxraynor at gmail.com via openssh-unix-dev and bz#2265, ok djm@
|
|
in_non_blocking_mode any more. Patch from michaael.meeks at collabora.com,
ok djm@
|
|
connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker
|
|
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
|
|
|
suggested by markus@
|
|
|
|
sshpkt_fatal() if it fails; avoid potential busy-loop under some
circumstances. Based on patch by Mike Frysinger; ok dtucker@
|
|
|
|
changes are validated by the existing trusted host key.
Prompted by espie@ feedback and ok markus@
|
|
just ignore them. spotted by and ok dtucker@
|
|
as it was intended to be; spotted by dtucker@
|
|
are in use. When updating host keys, ssh will now search subsequent
known_hosts files, but will add new/changed host keys to the first
specified file only. bz#2738
ok markus@
|
|
This wrapper blocks all other signals during the handler preventing
races between handlers, and sets SA_RESTART which should reduce the
potential for short read/write operations.
|
|
remove ifdef and distinct settings for OPENSSL=no case.
This will make things much simpler for -portable where the exact set
of algos depends on the configuration of both OpenSSH and the libcrypto
it's linked against (if any). ok djm@
|
|
$SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable
in addition to yes/no.
Patch by Eric Chiang, manpage by me; ok markus@
|
|
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
|
|
|
|
(and options ControlMaster+RemoteForward in ssh_config(5)) then the codepath
taken will call mux_client_request_session -> mm_send_fd -> sendmsg(2). Since
sendmsg(2) is not allowed in that codepath then pledge(2) kills the process.
The solution is to add "sendfd" to pledge(2), which is not too bad considering
a little bit later we reduce pledge(2) to only "stdio proc tty" in that
codepath.
Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org>
OK deraadt@
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
github, ok djm@ deraadt@
|
|
ok dtucker
|
|
Markus Schmidt via openssh-unix-dev, ok markus@
|
