| Age | Commit message (Collapse) | Author |
|---|
|
traffic on a X11 forwarding channel recently.
Should fix X11 forwarding performance problems when this setting is
enabled. Patch from Antonio Larrosa via bz3655
|
|
rely on channel_did_enqueue to tell that there is data to send.
This flag indicates that the channels code enqueued a packet
on _this_ ppoll() iteration, not that data was enqueued in _any_
ppoll() iteration in the timeslice. ok markus@
|
|
|
|
it needed to be because of unexpunged ssh1 remnants. ok markus@
|
|
reported by Tõivo Leedjärv; ok deraadt@
|
|
Allows HostkeyAlgorithms to disable implicit fallback from certificate
keys to plain keys. ok markus@
|
|
obfuscation was added. GHPR#463 from montag451
|
|
Coverity CID#427852, ok djm@
|
|
only consider enabling it when a channel with a tty is open.
Avoids turning on the obfucation when X11 forwarding only is in use,
which slows it right down. Reported by Roger Marsh
|
|
to unmask them in the mainloop. Avoids race condition between signaling
ssh to exit and polling. bz3531; ok dtucker
|
|
in the server. ok markus@
|
|
|
|
ok dtucker@
|
|
some data in the last poll() cycle; this avoids triggering the
obfuscatior for non-channels data like ClientAlive probes and also
fixes a related problem were the obfucations would be triggered on
fully quiescent connections.
Based on / tested by naddy@
|
|
messages when keystroke timing obfuscation was never started;
spotted by naddy@
|
|
the range is pre-clamped)
|
|
This attempts to hide inter-keystroke timings by sending interactive
traffic at fixed intervals (default: every 20ms) when there is only a
small amount of data being sent. It also sends fake "chaff" keystrokes
for a random interval after the last real keystroke. These are
controlled by a new ssh_config ObscureKeystrokeTiming keyword/
feedback/ok markus@
|
|
291863 which points out we check the channel pointer for NULLness after
dereferencing it. Move this to the start of the function, and while
there simplify initialization of efc a bit. ok djm@
|
|
|
|
ok miod@ millert@
|
|
via bz#2687.
|
|
this, so move from misc.c to misc.h so it's available. Fixes a Coverity
warning for 64bit time_t safety, ok djm@
|
|
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
|
|
feedback markus / ok markus dtucker
|
|
|
|
feedback, ok & testing in snaps deraadt@
|
|
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
|
|
bz#3499, ok djm@
|
|
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change
|
|
sshd_config; previously if the same name was reused then the last
would win (which is the opposite to how the config is supposed to
work).
While there, make the ssh_config parsing more like sshd_config.
bz3438, ok dtucker
|
|
SSH transport rekeying. The most visible benefit is that it should make
~-escapes work in the client (e.g. to exit) if the connection happened
to have stalled during a rekey event. Based work by and ok dtucker@
|
|
directly into the transport input buffer.
Use this in the client and server mainloops to avoid unnecessary
copying. It also lets us use a more greedy read size without penalty.
Yields a 2-3% performance gain on cipher-speed.sh (in a fairly
unscientific test tbf)
feedback dtucker@ ok markus@
|
|
quit_pending; no functional change but saves a bunch of boilerplate
|
|
bz3378; ok dtucker@
|
|
side. Require RSA/SHA2 signatures for RSA hostkeys except when
RSA/SHA1 was explicitly negotiated during initial KEX; bz3375
ok markus@
|
|
feedback & ok deraadt@ and markus@
has been in snaps for a few months
|
|
ok dtucker@
|
|
send session ID, hostkey, signature and a flag indicating whether the
agent connection is being forwarded to ssh agent each time a connection
is opened via a new "session-bind@openssh.com" agent extension.
ok markus@
|
|
|
|
|
|
ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch.
ok dtucker
|
|
file to do the same thing as -n does on the ssh(1) commandline.
Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
|
|
and server mainloops.
Previously the rekey timeout could expire but rekeying would not start
until a packet was sent or received. This could cause us to spin in
select() on the rekey timeout if the connection was quiet.
ok markus@
|
|
file to offer equivalent control to the -N (no session) and -s
(subsystem) command-line flags.
Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
feedback and ok dtucker@
|
|
removes two diffs between the two.
|
|
removed more host keys than remain present. Fix tested by reporter
James Cook, via bugs@
|
|
ssh(1) needs to set file descriptors to non-blocking mode to operate
but it was not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell, e.g.
> $ cat > test.sh << _EOF
> #!/bin/sh
> {
> ssh -Fnone -oLogLevel=verbose ::1 hostname
> cat /usr/share/dict/words
> } | sleep 10
> _EOF
> $ ./test.sh
> Authenticated to ::1 ([::1]:22).
> Transferred: sent 2352, received 2928 bytes, in 0.1 seconds
> Bytes per second: sent 44338.9, received 55197.4
> cat: stdout: Resource temporarily unavailable
This restores the blocking status for fds 0,1,2 (stdio) before ssh(1)
abandons/closes them.
This was reported as bz3280 and GHPR246; ok dtucker@
|
|
platforms in -portable. ok djm@
|
|
|
|
failures in multiplexed sessions
|
