| Age | Commit message (Collapse) | Author |
|---|
|
|
|
and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and
Rambleed. This change encrypts private keys when they are not in use
with a symmetic key that is derived from a relatively large "prekey"
consisting of random data (currently 16KB).
Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.
Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.
Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.
been in snaps for a bit already; thanks deraadt@
ok dtucker@ deraadt@
|
|
uninitialised variable; spotted by dtucker@
|
|
- for reput, it is remote-path which is optional, not local-path
- sync help
from deraadt:
- prefer -R and undocument -r (but add a comment for future editors)
from schwarze:
- prefer -p and undocument -P (as above. the comment was schwarze's too)
more:
- add the -f flag to reput and reget
- sort help (i can;t remember who suggested this originally)
djm and deraadt were ok with earlier versions of this;
tim and schwarze ok
|
|
-J options on the commandline. bz3015 ok dtucker@
|
|
signature algorithm when requested. Patch from Jakub Jelen in bz3016
ok dtucker markus
|
|
consulting AuthorizedKeysCommand; ok dtucker markus
|
|
|
|
ok dtucker
|
|
"X11UseLocalhost" keywords; this makes things consistent (effectively reversing
my commit of yesterday);
ok deraadt markus djm
|
|
|
|
knweiss at gmail.com via -portable.
|
|
to work without a path in addition to with one. bz#2999, ok djm@
|
|
Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
|
(STDIN_FILENO vs STDERR_FILENO)
|
|
pair's comments (using -c and -C) more applicable to both methods.
ok and suggestions djm@ dtucker@
|
|
|
|
that it will fit a full 64 bit integer. bz#3012 from Manoel Domingues
Junior
|
|
rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
will therefore be incompatible with OpenSSH < 7.2 unless the default
is overridden.
Document the ability of the ssh-keygen -t flag to override the
signature algorithm when signing certificates, and the new default.
ok deraadt@
|
|
a little tidier for -portable.
|
|
into fd3, so as to not mistakenly leak other fd forward accidentally.
ok djm
|
|
Part of a patch from Stephen Gregoratto <dev at sgregoratto dot me>.
|
|
be able to find out from where the request was comming.
Add the same logging for PermitListen violations which where not
logged at all.
Pointed out by Robert Kisteleki (robert AT ripe.net)
input markus
OK deraadt
|
|
in snmprintf. bz#3002, patch from velemas at gmail.com, ok markus@.
|
|
ok deraadt
|
|
|
|
|
|
|
|
Markus Schmidt via openssh-unix-dev, ok markus@
|
|
via bz#2997.
|
|
which allows it to work when sshd_config contains a Match directive with or
without -C. bz#2858, ok djm@
|
|
Patch from yumkam at gmail.com, ok deraadt.
|
|
|
|
function name and the error message
|
|
cause connection to close incorrectly; Report and patch from Jakub
Jelen in bz#2757; ok dtucker@ markus@
|
|
Match block overrides a more restrictive global default.
Spotted by jmc@, ok markus@
|
|
|
|
"seems worthwhile" deraadt.
|
|
from NIST Special Publication 800-57, 3k bits provides security equivalent
to 128 bits which is the smallest symmetric cipher we enable by default.
ok markus@ deraadt@
|
|
|
|
|
|
|
|
This is a no-op on OpenBSD but will make things easier in -portable,
eg on systems where these checks should be case-insensitive. ok djm@
|
|
keepalives successively and prematurely terminating connection when
ClientAliveCount=1. While there, collapse two similar tests into one.
ok markus@
|
|
|
|
messages. Previously it would be difficult to tell which direction
it was talking about
|
|
1. Recently-forked child processes will briefly remain listening to
listen_socks. If the main server sshd process completes its restart
via execv() before these sockets are closed by the child processes
then it can fail to listen at the desired addresses/ports and/or
fail to restart.
2. When a SIGHUP is received, there may be forked child processes that
are awaiting their reexecution state. If the main server sshd
process restarts before passing this state, these child processes
will yield errors and use a fallback path of reading the current
sshd_config from the filesystem rather than use the one that sshd
was started with.
To fix both of these cases, we reuse the startup_pipes that are shared
between the main server sshd and forked children. Previously this was
used solely to implement tracking of pre-auth child processes for
MaxStartups, but this extends the messaging over these pipes to include
a child->parent message that the parent process is safe to restart. This
message is sent from the child after it has completed its preliminaries:
closing listen_socks and receiving its reexec state.
bz#2953, reported by Michal Koutný; ok markus@ dtucker@
|
|
RSA keys only (since we support ECDSA now and might support others in
the future). Inspired by Jakub Jelen via bz#2974
|
|
print PKCS11Provider instead of obsolete SmartcardDevice in config dump.
bz#2974 ok dtucker@
|
|
redirected to /dev/null; ok djm@
|
