Commit Graph

278 Commits

Author SHA1 Message Date
djm@openbsd.org
4ba0d54794 upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.

In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.

Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.

Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.

feedback and ok markus@

OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
2018-07-03 23:26:36 +10:00
jmc@openbsd.org
acf4260f09 upstream: sort previous;
OpenBSD-Commit-ID: 27d80d8b8ca99bc33971dee905e8ffd0053ec411
2018-06-11 09:50:06 +10:00
djm@openbsd.org
7082bb58a2 upstream: add a SetEnv directive to ssh_config that allows setting
environment variables for the remote session (subject to the server accepting
them)

refactor SendEnv to remove the arbitrary limit of variable names.

ok markus@

OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
2018-06-09 13:11:00 +10:00
jmc@openbsd.org
e8d59fef10 upstream: add missing punctuation after %i in ssh_config.5, and
make the grammatical format in sshd_config.5 match that in ssh_config.5;

OpenBSD-Commit-ID: e325663b9342f3d556e223e5306e0d5fa1a74fa0
2018-06-04 14:54:43 +10:00
djm@openbsd.org
9c935dd9bf upstream: make UID available as a %-expansion everywhere that the
username is available currently. In the client this is via %i, in the server
%U (since %i was already used in the client in some places for this, but used
for something different in the server); bz#2870, ok dtucker@

OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
2018-06-01 13:35:59 +10:00
djm@openbsd.org
001aa55484 upstream: lots of typos in comments/docs. Patch from Karsten Weiss
after checking with codespell tool
(https://github.com/lucasdemarchi/codespell)

OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
2018-04-10 10:17:15 +10:00
jmc@openbsd.org
8368571efd upstream: tweak previous;
OpenBSD-Commit-ID: 38e347b6f8e888f5e0700d01abb1eba7caa154f9
2018-04-10 10:16:36 +10:00
djm@openbsd.org
555294a727 upstream: Allow "SendEnv -PATTERN" to clear environment variables
previously labeled for sendind. bz#1285 ok dtucker@

OpenBSD-Commit-ID: f6fec9e3d0f366f15903094fbe1754cb359a0df9
2018-04-06 23:15:29 +10:00
djm@openbsd.org
00c5222ddc upstream: We don't offer CBC cipher by default any more. Spotted by
Renaud Allard (via otto@)

OpenBSD-Commit-ID: a559b1eef741557dd959ae378b665a2977d92dca
2018-04-06 14:20:33 +10:00
job@openbsd.org
5ee8448ad7 upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for
interactive and CS1 for bulk

AF21 was selected as this is the highest priority within the low-latency
service class (and it is higher than what we have today). SSH is elastic
and time-sensitive data, where a user is waiting for a response via the
network in order to continue with a task at hand. As such, these flows
should be considered foreground traffic, with delays or drops to such
traffic directly impacting user-productivity.

For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable
networks implementing a scavanger/lower-than-best effort class to
discriminate scp(1) below normal activities, such as web surfing. In
general this type of bulk SSH traffic is a background activity.

An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH
is that they are recognisable values on all common platforms (IANA
https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and
for AF21 specifically a definition of the intended behavior exists
https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition
of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and
for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662

The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE
802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate",
or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e,
MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK").

OK deraadt@, "no objection" djm@

OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181
2018-04-06 14:20:33 +10:00
jmc@openbsd.org
7d330a1ac0 upstream: some cleanup for BindInterface and ssh-keyscan;
OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c
2018-02-26 11:32:29 +11:00
djm@openbsd.org
ac2e3026bb upstream: Add BindInterface ssh_config directive and -B
command-line argument to ssh(1) that directs it to bind its outgoing
connection to the address of the specified network interface.

BindInterface prefers to use addresses that aren't loopback or link-
local, but will fall back to those if no other addresses of the
required family are available on that interface.

Based on patch by Mike Manning in bz#2820, ok dtucker@

OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713
2018-02-23 13:37:49 +11:00
djm@openbsd.org
680321f3eb upstream: Mention recent DH KEX methods:
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512

From Jakub Jelen via bz#2826

OpenBSD-Commit-ID: 51bf769f06e55447f4bfa7306949e62d2401907a
2018-02-16 13:42:09 +11:00
djm@openbsd.org
a7c38215d5 upstream commit
Mention ServerAliveTimeout in context of TCPKeepAlives;
prompted by Christoph Anton Mitterer via github

OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2
2018-02-10 20:06:42 +11:00
djm@openbsd.org
4f011daa4c upstream commit
Shorter, more accurate explanation of
NoHostAuthenticationForLocalhost without the confusing example. Prompted by
Christoph Anton Mitterer via github and bz#2293.

OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df
2018-02-10 17:41:16 +11:00
dtucker@openbsd.org
3e615090de upstream commit
Replace "trojan horse" with the correct term (MITM).
From maikel at predikkta.com via bz#2822, ok markus@

OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53
2018-02-07 07:50:46 +11:00
jmc@openbsd.org
0869627e00 upstream commit
tweak previous; ok djm

Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9
2017-10-25 11:22:23 +11:00
djm@openbsd.org
b7548b12a6 upstream commit
Expose devices allocated for tun/tap forwarding.

At the client, the device may be obtained from a new %T expansion
for LocalCommand.

At the server, the allocated devices will be listed in a
SSH_TUNNEL variable exposed to the environment of any user sessions
started after the tunnel forwarding was established.

ok markus

Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
2017-10-23 16:14:30 +11:00
millert@openbsd.org
887669ef03 upstream commit
Add URI support to ssh, sftp and scp.  For example
ssh://user@host or sftp://user@host/path.  The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type.  OK djm@

Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2017-10-23 16:10:08 +11:00
jmc@openbsd.org
bb3e16ab25 upstream commit
remove unused Pp;

Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550
2017-10-20 12:01:03 +11:00
djm@openbsd.org
05b69e9957 upstream commit
In the description of pattern-lists, clarify negated
matches by explicitly stating that a negated match will never yield a
positive result, and that at least one positive term in the pattern-list must
match. bz#1918

Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14
2017-10-20 12:01:03 +11:00
jmc@openbsd.org
2b4f3ab050 upstream commit
%C is hashed; from klemens nanni ok markus

Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998
2017-10-20 11:58:34 +11:00
markus@openbsd.org
609d7a66ce upstream commit
Add 'reverse' dynamic forwarding which combines dynamic
forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
expects SOCKS-requests.

The SSH server code is unchanged and the parsing happens at the SSH
clients side. Thus the full SOCKS-request is sent over the forwarded
channel and the client parses c->output. Parsing happens in
channel_before_prepare_select(), _before_ the select bitmask is
computed in the pre[] handlers, but after network input processing
in the post[] handlers.

help and ok djm@

Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
2017-09-22 09:14:53 +10:00
jmc@openbsd.org
149a8cd24c upstream commit
tweak previous;

Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b
2017-09-12 16:42:20 +10:00
djm@openbsd.org
22376d27a3 upstream commit
Expand ssh_config's StrictModes option with two new
settings:

StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connections for changed or invalid hostkeys.

StrictModes=off is the same as StrictModes=no

Motivation:

StrictModes=no combines two behaviours for host key processing:
automatically learning new hostkeys and continuing to connect to hosts
with invalid/changed hostkeys. The latter behaviour is quite dangerous
since it removes most of the protections the SSH protocol is supposed to
provide.

Quite a few users want to automatically learn hostkeys however, so
this makes that feature available with less danger.

At some point in the future, StrictModes=no will change to be a synonym
for accept-new, with its current behaviour remaining available via
StrictModes=off.

bz#2400, suggested by Michael Samuel; ok markus

Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
2017-09-04 09:38:57 +10:00
djm@openbsd.org
51676ec614 upstream commit
Allow IPQoS=none in ssh/sshd to not set an explicit
ToS/DSCP value and just use the operating system default; ok dtucker@

Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e
2017-07-24 14:48:47 +10:00
jmc@openbsd.org
1f3d202770 upstream commit
man pages with pseudo synopses which list filenames end
up creating very ugly output in man -k; after some discussion with ingo, we
feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly
helpful at page top, is contained already in FILES, and there are
sufficiently few that just zapping them is simple;

ok schwarze, who also helpfully ran things through a build to check
output;

Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c
2017-07-21 14:17:33 +10:00
djm@openbsd.org
6f8ca3b925 upstream commit
use HostKeyAlias if specified instead of hostname for
matching host certificate principal names; bz#2728; ok dtucker@

Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd
2017-06-24 16:48:39 +10:00
jmc@openbsd.org
a3bb250c93 upstream commit
tweak previous;

Upstream-ID: 66987651046c42d142f7318c9695fb81a6d14031
2017-05-31 10:51:09 +10:00
bluhm@openbsd.org
1112b534a6 upstream commit
Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line.  This
command will be executed on the remote host.  The feature allows to automate
tasks using ssh config. OK markus@

Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
2017-05-31 10:51:09 +10:00
djm@openbsd.org
acaf34fd82 upstream commit
As promised in last release announcement: remove
support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@

Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222
2017-05-08 09:21:00 +10:00
naddy@openbsd.org
9a82e24b98 upstream commit
restore mistakenly deleted description of the
ConnectionAttempts option ok markus@

Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348
2017-05-08 09:18:27 +10:00
naddy@openbsd.org
768405fddf upstream commit
remove miscellaneous SSH1 leftovers; ok markus@

Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c
2017-05-08 09:18:27 +10:00
djm@openbsd.org
788ac799a6 upstream commit
remove SSHv1 configuration options and man pages bits

ok markus@

Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424
2017-05-01 10:05:00 +10:00
jmc@openbsd.org
47a287bb6a upstream commit
sort;

Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a
2017-05-01 09:35:38 +10:00
dtucker@openbsd.org
68d3a2a059 upstream commit
Add SyslogFacility option to ssh(1) matching the
equivalent option in sshd(8).  bz#2705, patch from erahn at arista.com, ok
djm@

Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed
2017-04-28 13:26:36 +10:00
jmc@openbsd.org
78142e3ab3 upstream commit
errant dot; from klemens nanni

Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921
2017-02-28 17:10:41 +11:00
djm@openbsd.org
68bc8cfa76 upstream commit
support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@

Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
2017-02-04 10:08:15 +11:00
jmc@openbsd.org
fd2a8f1033 upstream commit
various formatting fixes, specifically removing Dq;

Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c
2016-10-19 03:30:04 +11:00
jmc@openbsd.org
80d1c963b4 upstream commit
use a separate TOKENS section, as we've done for
sshd_config(5); help/ok djm

Upstream-ID: 640e32b5e4838e4363738cdec955084b3579481d
2016-09-29 06:54:50 +10:00
djm@openbsd.org
16277fc45f upstream commit
mention curve25519-sha256 KEX

Upstream-ID: 33ae1f433ce4795ffa6203761fbdf86e0d7ffbaf
2016-09-24 05:39:37 +10:00
djm@openbsd.org
da95318dbe upstream commit
remove 3des-cbc from the client's default proposal;
64-bit block ciphers are not safe in 2016 and we don't want to wait until
attacks like sweet32 are extended to SSH.

As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may
cause problems connecting to older devices using the defaults, but
it's highly likely that such devices already need explicit
configuration for KEX and hostkeys anyway.

ok deraadt, markus, dtucker

Upstream-ID: a505dfe65c6733af0f751b64cbc4bb7e0761bc2f
2016-09-12 13:39:30 +10:00
djm@openbsd.org
f00211e3c6 upstream commit
improve wording; suggested by jmc@

Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8
2016-07-23 13:24:20 +10:00
djm@openbsd.org
286f5a77c3 upstream commit
reverse the order in which -J/JumpHost proxies are visited to
be more intuitive and document

reported by and manpage bits naddy@

Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
2016-07-22 13:36:40 +10:00
jmc@openbsd.org
e4eb7d9109 upstream commit
- add proxyjump to the options list - formatting fixes -
update usage()

ok djm

Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457
2016-07-17 14:21:09 +10:00
djm@openbsd.org
ed877ef653 upstream commit
Add a ProxyJump ssh_config(5) option and corresponding -J
ssh(1) command-line flag to allow simplified indirection through a SSH
bastion or "jump host".

These options construct a proxy command that connects to the
specified jump host(s) (more than one may be specified) and uses
port-forwarding to establish a connection to the next destination.

This codifies the safest way of indirecting connections through SSH
servers and makes it easy to use.

ok markus@

Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
2016-07-15 14:20:10 +10:00
markus@openbsd.org
1a75d14daf upstream commit
allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@

Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac
2016-05-19 17:48:35 +10:00
markus@openbsd.org
b02ad1ce91 upstream commit
IdentityAgent for specifying specific agent sockets; ok
 djm@

Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
2016-05-05 00:01:49 +10:00
jmc@openbsd.org
6aaabc2b61 upstream commit
tweak previous;

Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f
2016-04-21 16:30:11 +10:00
djm@openbsd.org
dc7990be86 upstream commit
Include directive for ssh_config(5); feedback & ok markus@

Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
2016-04-15 11:16:11 +10:00