| Age | Commit message (Collapse) | Author |
|---|
|
IDs for security key-backed keys, to prevent web key handles from
being used remotely as this would likely lead to unpleasant surprises.
By default, only application IDs that start with "ssh:*" are allowed.
This adds a -Owebsafe-allow=... argument that can override the default
list with a more or less restrictive one. The default remains unchanged.
ok markus@
|
|
Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents
an admin from adding a user to more groups. With that tweak we'll keep
on ignoring them instead of potentially reading past the buffer passed to
getgrouplist(3). That behavior is explicitely described in initgroups(3).
ok millert@ gilles@
|
|
|
|
spotted by jsg@ feedback/ok deraadt@
|
|
|
|
ok markus@
|
|
let's users zap keys without access to $SSH_AUTH_SOCK
ok deraadt@
|
|
character. ok deraadt@
|
|
directory while developing and debugging. Should help prevent accidentally
testing against unchanged installed sshd-auth and sshd-session binaries.
ok djm@
|
|
where this isn't safe (which it's not required to be). ok djm@
|
|
paths; GHPR115
|
|
|
|
based on GHPR393
|
|
use the shared one from fatal.c
based on GHPR401 from lengyijun
|
|
the hostkey algorithms. AFAIK this code is unused in OpenSSH, but I
guess others are using it
based on GHPR387 from Pawel Jakub Dawidek
|
|
commandline to be exactly two characters long. Avoids one by OOB
read if ssh is invoked as "ssh -e^ ..."
Spotted by Maciej Domanski in GHPR368
|
|
ones that are unused outside the implementation itself; based on
GHPR#282 by tobias@
|
|
|
|
|
|
|
|
This splits the user authentication code from the sshd-session
binary into a separate sshd-auth binary. This will be executed by
sshd-session to complete the user authentication phase of the
protocol only.
Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after thhe authentication phase completes.
Joint work with markus@ feedback deraadt@
Tested in snaps since last week
|
|
traffic on a X11 forwarding channel recently.
Should fix X11 forwarding performance problems when this setting is
enabled. Patch from Antonio Larrosa via bz3655
|
|
ok dtucker@
|
|
by default. Specifically, this removes the diffie-hellman-group* and
diffie-hellman-group-exchange-* methods. The client is unchanged and
continues to support these methods by default.
Finite field Diffie Hellman is slow and computationally expensive for
the same security level as Elliptic Curve DH or PQ key agreement while
offering no redeeming advantages.
ECDH has been specified for the SSH protocol for 15 years and some
form of ECDH has been the default key exchange in OpenSSH for the last
14 years.
ok markus@
|
|
Matches; spotted by phessler@ ok deraadt@
|
|
|
|
the original diff had a couple of errors, which i've fixed
|
|
to a more shell-like one. Apparently the old tokeniser (accidentally?)
allowed "Match criteria=argument" as well as the "Match criteria argument"
syntax that we tested for.
People were using this syntax so this adds back support for
"Match criteria=argument"
bz3739 ok dtucker
|
|
|
|
|
|
|
|
|
|
using -fwrapv to provide defined over/underflow behaviour, but we use
-ftrapv to catch integer errors and abort the program. ok dtucker@
|
|
|
|
|
|
in SUPERCOP 20201130 to the "compact" implementation in SUPERCOP
20240808. The new version is substantially faster.
Thanks to Daniel J Bernstein for pointing out the new implementation
(and of course for writing it).
tested in snaps/ok deraadt@
|
|
|
|
This allows writing Match conditions that trigger for invalid username.
E.g.
PerSourcePenalties refuseconnection:90s
Match invalid-user
RefuseConnection yes
Will effectively penalise bots try to guess passwords for bogus accounts,
at the cost of implicitly revealing which accounts are invalid.
feedback markus@
|
|
PerSourcePenalties
This allows penalising connection sources that have had connections
dropped by the RefuseConnection option. ok markus@
|
|
If set, this will terminate the connection at the first authentication
request (this is the earliest we can evaluate sshd_config Match blocks)
ok markus@
|
|
ok markus@
|
|
tokeniser, making it possible to use shell-like quoting in Match
directives, particularly "Match exec". ok markus@
|
|
the user know what's going on when ssh-keygen is invoked via other
tools. Requested in GHPR503
|
|
fails. Prevents restrictive key options being incorrectly applied
to subsequent keys in authorized_keys. bz3733, ok markus@
|
|
which incorrectly required that sshd was started with an absolute path
in inetd mode. bz3717, patch from Colin Wilson
|
|
|
|
flag now than an IANA codepoint has been assigned for the algorithm.
Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot.
ok markus@
|
|
string rather than the first. This makes it possible to use usernames
that contain '@' characters.
Prompted by Max ZettlmeiÃl; feedback/ok millert@
|
|
"rsa") in user-interface code and require full SSH protocol names (e.g.
"ssh-rsa") everywhere else.
Prompted by bz3725; ok markus@
|
|
|
