Commit Graph

104 Commits

Author SHA1 Message Date
djm@openbsd.org
66705948c0 upstream commit
Mark the sshd_config UsePrivilegeSeparation option as
deprecated, effectively making privsep mandatory in sandboxing mode. ok
markus@ deraadt@

(note: this doesn't remove the !privsep code paths, though that will
happen eventually).

Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
2017-03-15 11:09:18 +11:00
naddy@openbsd.org
ffe6549c2f upstream commit
Catch up with the SSH1 code removal and delete all
mention of protocol 1 particularities, key files and formats, command line
options, and configuration keywords from the server documentation and
examples.  ok jmc@

Upstream-ID: 850328854675b4b6a0d4a90f0b4a9dd9ca4e905f
2016-08-23 13:28:30 +10:00
tedu@openbsd.org
e0453f3df6 upstream commit
obsolete note about fascistloggin is obsolete. ok djm
dtucker

Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a
2016-07-14 11:27:56 +10:00
djm@openbsd.org
c5c3f3279a upstream commit
make sandboxed privilege separation the default, not just
 for new installs; "absolutely" deraadt@

Upstream-ID: 5221ef3b927d2df044e9aa3f5db74ae91743f69b
2016-02-17 16:37:56 +11:00
deraadt@openbsd.org
1dc8d93ce6 upstream commit
add prohibit-password as a synonymn for without-password,
 since the without-password is causing too many questions.  Harden it to ban
 all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from
 djm, ok markus

Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
2015-08-11 18:57:29 +10:00
deraadt@openbsd.org
f4373ed1e8 upstream commit
change default: PermitRootLogin without-password matching
 install script changes coming as well ok djm markus

Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6
2015-08-02 19:59:25 +10:00
djm@openbsd.org
88a7c598a9 upstream commit
Make sshd default to PermitRootLogin=no; ok deraadt@
 rpe@
2015-04-29 18:20:12 +10:00
deraadt@openbsd.org
3cd5103c1e upstream commit
increasing encounters with difficult DNS setups in
 darknets has convinced me UseDNS off by default is better ok djm
2015-02-03 11:06:15 +11:00
Damien Miller
af5d4481f4 - djm@cvs.openbsd.org 2014/01/10 05:59:19
[sshd_config]
     the /etc/ssh/ssh_host_ed25519_key is loaded by default too
2014-01-12 19:20:47 +11:00
Damien Miller
5ff30c6b68 - djm@cvs.openbsd.org 2013/10/29 09:48:02
[servconf.c servconf.h session.c sshd_config sshd_config.5]
     shd_config PermitTTY to disallow TTY allocation, mirroring the
     longstanding no-pty authorized_keys option;
     bz#2070, patch from Teran McKinney; ok markus@
2013-10-30 22:21:50 +11:00
Darren Tucker
e90a06ae57 - (dtucker) [sshd_config] Trailing whitespace; from jstjohn at purdue edu. 2013-09-18 15:09:38 +10:00
Damien Miller
ff9d6c2a41 - sthen@cvs.openbsd.org 2013/09/07 13:53:11
[sshd_config]
     Remove commented-out kerberos/gssapi config options from sample config,
     kerberos support is currently not enabled in ssh in OpenBSD. Discussed with
     various people; ok deraadt@
     ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
2013-09-14 09:48:55 +10:00
Darren Tucker
5f96f3b4be - dtucker@cvs.openbsd.org 2013/05/16 04:09:14
[sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
     sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
     rekeying based on traffic volume or time.  ok djm@, help & ok jmc@ for the man
     page.
2013-05-16 20:29:28 +10:00
Damien Miller
1f583df8c3 - dtucker@cvs.openbsd.org 2013/02/06 00:20:42
[servconf.c sshd_config sshd_config.5]
     Change default of MaxStartups to 10:30:100 to start doing random early
     drop at 10 connections up to 100 connections.  This will make it harder
     to DoS as CPUs have come a long way since the original value was set
     back in 2000.  Prompted by nion at debian org, ok markus@
2013-02-12 11:02:08 +11:00
Damien Miller
09d3e12512 - djm@cvs.openbsd.org 2012/10/30 21:29:55
[auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
     [sshd.c sshd_config sshd_config.5]
     new sshd_config option AuthorizedKeysCommand to support fetching
     authorized_keys from a command in addition to (or instead of) from
     the filesystem. The command is run as the target server user unless
     another specified via a new AuthorizedKeysCommandUser option.

     patch originally by jchadima AT redhat.com, reworked by me; feedback
     and ok markus@
2012-10-31 08:58:58 +11:00
Damien Miller
5a5c2b9063 - djm@cvs.openbsd.org 2012/07/10 02:19:15
[servconf.c servconf.h sshd.c sshd_config]
     Turn on systrace sandboxing of pre-auth sshd by default for new installs
     by shipping a config that overrides the current UsePrivilegeSeparation=yes
     default. Make it easier to flip the default in the future by adding too.
2012-07-31 12:21:34 +10:00
Damien Miller
8fef9ebbab - djm@cvs.openbsd.org 2012/04/12 02:43:55
[sshd_config sshd_config.5]
     mention AuthorizedPrincipalsFile=none default
2012-04-22 11:25:10 +10:00
Damien Miller
23528816dc - djm@cvs.openbsd.org 2012/04/12 02:42:32
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     VersionAddendum option to allow server operators to append some arbitrary
     text to the SSH-... banner; ok deraadt@ "don't care" markus@
2012-04-22 11:24:43 +10:00
Damien Miller
d8478b6a9b OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/05/23 03:30:07
     [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
     allow AuthorizedKeysFile to specify multiple files, separated by spaces.
     Bring back authorized_keys2 as a default search path (to avoid breaking
     existing users of this file), but override this in sshd_config so it will
     be no longer used on fresh installs. Maybe in 2015 we can remove it
     entierly :)

     feedback and ok markus@ dtucker@
2011-05-29 21:39:36 +10:00
Damien Miller
fd53abd00b - dtucker@cvs.openbsd.org 2011/05/06 01:03:35
[sshd_config]
     clarify language about overriding defaults.  bz#1892, from Petr Cerny
2011-05-15 08:36:02 +10:00
Damien Miller
80ed82aaf4 - naddy@cvs.openbsd.org 2010/09/06 17:10:19
[sshd_config]
     add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
     <mattieu.b@gmail.com>
     ok deraadt@
2010-09-10 11:20:11 +10:00
Darren Tucker
bad5076bb5 - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2009/10/08 14:03:41
     [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
     disable protocol 1 by default (after a transition period of about 10 years)
     ok deraadt
2009-10-11 21:51:08 +11:00
Darren Tucker
7499b0cca0 - djm@cvs.openbsd.org 2008/07/02 02:24:18
[sshd_config sshd_config.5 sshd.8 servconf.c]
     increase default size of ssh protocol 1 ephemeral key from 768 to 1024
     bits; prodded by & ok dtucker@ ok deraadt@
2008-07-02 22:35:43 +10:00
Damien Miller
7207f64a23 - djm@cvs.openbsd.org 2008/05/08 12:21:16
[monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c]
     [sshd_config sshd_config.5]
     Make the maximum number of sessions run-time controllable via
     a sshd_config MaxSessions knob. This is useful for disabling
     login/shell/subsystem access while leaving port-forwarding working
     (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
     simply increasing the number of allows multiplexed sessions.
     Because some bozos are sure to configure MaxSessions in excess of the
     number of available file descriptors in sshd (which, at peak, might be
     as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
     on error paths, and make it fail gracefully on out-of-fd conditions -
     sending channel errors instead of than exiting with fatal().
     bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
     ok markus@
2008-05-19 15:34:50 +10:00
Damien Miller
ba3a6599a2 - pyr@cvs.openbsd.org 2008/05/07 06:43:35
[sshd_config]
     push the sshd_config bits in, spotted by ajacoutot@
2008-05-19 14:58:22 +10:00
Damien Miller
d8cb1f184f - djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
     [sshd_config.5]
     add sshd_config ChrootDirectory option to chroot(2) users to a directory
     and tweak internal sftp server to work with it (no special files in
     chroot required). ok markus@
2008-02-10 22:40:12 +11:00
Damien Miller
4890e53977 - djm@cvs.openbsd.org 2007/08/23 03:22:16
[auth2-none.c sshd_config sshd_config.5]
     Support "Banner=none" to disable displaying of the pre-login banner;
     ok dtucker@ deraadt@
2007-09-17 11:57:38 +10:00
Darren Tucker
506ed88cef - djm@cvs.openbsd.org 2007/03/19 01:01:29
[sshd_config]
     Disable the legacy SSH protocol 1 for new installations via
     a configuration override. In the future, we will change the
     server's default itself so users who need the legacy protocol
     will need to turn it on explicitly
2007-03-21 20:42:24 +11:00
Damien Miller
e275443f66 - dtucker@cvs.openbsd.org 2006/07/19 13:07:10
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
     Add ForceCommand keyword to sshd_config, equivalent to the "command="
     key option, man page entry and example in sshd_config.
     Feedback & ok djm@, man page corrections & ok jmc@
2006-07-24 14:06:47 +10:00
Darren Tucker
a4904f7bf1 - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
reality.  Pointed out by tryponraj at gmail.com.
2006-02-23 21:35:30 +11:00
Damien Miller
d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Damien Miller
9786e6e2a0 - markus@cvs.openbsd.org 2005/07/25 11:59:40
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
     [sshconnect2.c sshd.c sshd_config sshd_config.5]
     add a new compression method that delays compression until the user
     has been authenticated successfully and set compression to 'delayed'
     for sshd.
     this breaks older openssh clients (< 3.5) if they insist on
     compression, so you have to re-enable compression in sshd_config.
     ok djm@
2005-07-26 21:54:56 +10:00
Damien Miller
06b75ad56b - djm@cvs.openbsd.org 2005/05/19 02:40:52
[sshd_config]
     whitespace nit, from grunk AT pestilenz.org
2005-05-26 12:12:37 +10:00
Darren Tucker
0f38323222 - djm@cvs.openbsd.org 2004/12/23 23:11:00
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     bz #898: support AddressFamily in sshd_config. from
     peak@argo.troja.mff.cuni.cz; ok deraadt@
2005-01-20 10:57:56 +11:00
Darren Tucker
89413dbafa - dtucker@cvs.openbsd.org 2004/05/23 23:59:53
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
     Add MaxAuthTries sshd config option; ok markus@
2004-05-24 10:36:23 +10:00
Damien Miller
701d0514ee - (djm) Explain consequences of UsePAM=yes a little better in sshd_config;
ok dtucker@
2004-05-23 11:47:58 +10:00
Darren Tucker
0b3b97512f - millert@cvs.openbsd.org 2003/12/29 16:39:50
[sshd_config]
     KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
2003-12-31 11:38:32 +11:00
Darren Tucker
22ef508754 - jakob@cvs.openbsd.org 2003/12/23 16:12:10
[servconf.c servconf.h session.c sshd_config]
     implement KerberosGetAFSToken server option. ok markus@, beck@
2003-12-31 11:37:34 +11:00
Damien Miller
418a386f2b - (djm) Clarify UsePAM consequences a little more 2003-11-06 20:27:51 +11:00
Darren Tucker
a49d36e7b9 - markus@cvs.openbsd.org 2003/09/29 20:19:57
[servconf.c sshd_config]
     GSSAPICleanupCreds -> GSSAPICleanupCredentials
2003-10-02 16:20:54 +10:00
Tim Rice
d4d1815cae [sshd_config] UsePAM defaults to no. 2003-09-25 19:04:34 -07:00
Damien Miller
1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker
0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Darren Tucker
ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker
c20c60bc99 - markus@cvs.openbsd.org 2003/07/23 07:42:43
[sshd_config]
     remove AFS; itojun@
2003-08-02 22:31:45 +10:00
Darren Tucker
b8dae8ece0 20030622
- (dtucker) OpenBSD CVS Sync
   - djm@cvs.openbsd.org 2003/06/20 05:48:21
     [sshd_config]
     sync some implemented options; ok markus@
2003-06-22 20:48:45 +10:00
Damien Miller
3a961dc0d3 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller
e3e71247c3 clarify 2003-05-16 12:00:44 +10:00
Damien Miller
2aa0ab463f - jakob@cvs.openbsd.org 2003/05/15 01:48:10
[readconf.c readconf.h servconf.c servconf.h]
     always parse kerberos options. ok djm@ markus@
 - (djm) Always parse UsePAM
2003-05-15 12:05:28 +10:00
Damien Miller
d681d2602c - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/09/25 11:17:16
     [sshd_config]
     sync LoginGraceTime with default
2002-09-27 13:21:57 +10:00