Commit Graph

437 Commits

Author SHA1 Message Date
djm@openbsd.org
d2d6bf864e upstream commit
close ControlPersist background process stderr when not
 in debug mode or when logging to a file or syslog. bz#1988 ok dtucker

Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24
2016-04-29 18:09:02 +10:00
djm@openbsd.org
95767262ca upstream commit
refactor canohost.c: move functions that cache results closer
 to the places that use them (authn and session code). After this, no state is
 cached in canohost.c

feedback and ok markus@

Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
2016-03-08 06:20:35 +11:00
dtucker@openbsd.org
ffb1e7e896 upstream commit
Add a function to enable security-related malloc_options.
  With and ok deraadt@, something similar has been in the snaps for a while.

Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
2016-02-16 10:44:00 +11:00
markus@openbsd.org
a306863831 upstream commit
remove roaming support; ok djm@

Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
2016-01-27 16:54:10 +11:00
deraadt@openbsd.org
6ef49e83e3 upstream commit
Disable experimental client-side roaming support.  Server
 side was disabled/gutted for years already, but this aspect was surprisingly
 forgotten. Thanks for report from Qualys

Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df
2016-01-27 16:41:49 +11:00
Damien Miller
e6c85f8889 forcibly disable roaming support in the client 2016-01-15 01:30:36 +11:00
djm@openbsd.org
ed4ce82dbf upstream commit
eliminate fallback from untrusted X11 forwarding to trusted
 forwarding when the X server disables the SECURITY extension; Reported by
 Thomas Hoger; ok deraadt@

Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
2016-01-14 10:06:01 +11:00
djm@openbsd.org
6091c362e8 upstream commit
don't try to load SSHv1 private key when compiled without
 SSHv1 support. From Iain Morgan bz#2505

Upstream-ID: 8b8e7b02a448cf5e5635979df2d83028f58868a7
2015-12-18 14:50:09 +11:00
mmcc@openbsd.org
d59ce08811 upstream commit
Remove NULL-checks before free().

ok dtucker@

Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
2015-12-11 13:23:14 +11:00
djm@openbsd.org
88b6fcdeb8 upstream commit
ban ConnectionAttempts=0, it makes no sense and would cause
 ssh_connect_direct() to print an uninitialised stack variable; bz#2500
 reported by dvw AT phas.ubc.ca

Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5
2015-11-19 19:25:04 +11:00
dtucker@openbsd.org
03239c1831 upstream commit
Expand tildes in filenames passed to -i before checking
 whether or not the identity file exists.  This means that if the shell
 doesn't do the expansion (eg because the option and filename were given as a
 single argument) then we'll still add the key.  bz#2481, ok markus@

Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6
2015-10-29 19:07:13 +11:00
djm@openbsd.org
5ee0063f02 upstream commit
better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
 hostname canonicalisation - treat them as already canonical and remove the
 trailing '.' before matching ssh_config; ok markus@

Upstream-ID: f7619652e074ac3febe8363f19622aa4853b679a
2015-10-17 05:45:11 +11:00
djm@openbsd.org
b1d38a3cc6 upstream commit
fix some signed/unsigned integer type mismatches in
 format strings; reported by Nicholas Lemonias

Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
2015-10-16 10:54:08 +11:00
djm@openbsd.org
4e44a79a07 upstream commit
add ssh_config CertificateFile option to explicitly list
 a certificate; patch from Meghana Bhat on bz#2436; ok markus@

Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
2015-10-06 12:21:54 +11:00
jmc@openbsd.org
846f6fa4cf upstream commit
sync -Q in usage() to SYNOPSIS; since it's drastically
 shorter, i've reformatted the block to sync with the man (80 cols) and saved
 a line;

Upstream-ID: 86e2c65c3989a0777a6258a77e589b9f6f354abd
2015-09-16 17:52:06 +10:00
dtucker@openbsd.org
86ac462f83 upstream commit
Update usage to match man page.

Upstream-ID: 9e85aefaecfb6aaf34c7cfd0700cd21783a35675
2015-09-16 17:52:05 +10:00
djm@openbsd.org
674b3b68c1 upstream commit
expand %i in ControlPath to UID; bz#2449

patch from Christian Hesse w/ feedback from dtucker@

Upstream-ID: 2ba8d303e555a84e2f2165ab4b324b41e80ab925
2015-09-16 17:52:04 +10:00
dtucker@openbsd.org
4f7cc2f8cc upstream commit
Plug minor memory leaks when options are used more than
 once.  bz#2182, patch from Tiago Cunha, ok deraadt djm

Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e
2015-09-11 13:28:00 +10:00
djm@openbsd.org
a85768a932 upstream commit
add a debug2() right before DNS resolution; it's a place
 where ssh could previously silently hang for a while. bz#2433

Upstream-ID: 52a1a3e0748db66518e7598352c427145692a6a0
2015-09-04 16:57:03 +10:00
djm@openbsd.org
f9eca249d4 upstream commit
Allow ssh_config and sshd_config kex parameters options be
 prefixed by a '+' to indicate that the specified items be appended to the
 default rather than replacing it.

approach suggested by dtucker@, feedback dlg@, ok markus@

Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
2015-07-30 12:32:16 +10:00
millert@openbsd.org
d5d91d0da8 upstream commit
Sync usage with SYNOPSIS

Upstream-ID: 7a321a170181a54f6450deabaccb6ef60cf3f0b7
2015-07-21 13:05:12 +10:00
djm@openbsd.org
e661a86353 upstream commit
Remove pattern length argument from match_pattern_list(), we
 only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.

ok markus@
2015-05-10 11:38:04 +10:00
djm@openbsd.org
a58be33cb6 upstream commit
debug log missing DISPLAY environment when X11
 forwarding requested; bz#1682 ok dtucker@
2015-04-29 18:13:35 +10:00
djm@openbsd.org
68d2dfc464 upstream commit
Allow "ssh -Q protocol-version" to list supported SSH
 protocol versions. Useful for detecting builds without SSH v.1 support; idea
 and ok markus@
2015-03-04 04:54:11 +11:00
djm@openbsd.org
44732de068 upstream commit
UpdateHostKeys fixes:

I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@

s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.

Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)
2015-02-21 09:20:28 +11:00
deraadt@openbsd.org
087266ec33 upstream commit
Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus
2015-01-26 23:58:53 +11:00
djm@openbsd.org
9010902954 upstream commit
when hostname canonicalisation is enabled, try to parse
 hostnames as addresses before looking them up for canonicalisation. fixes
 bz#2074 and avoids needless DNS lookups in some cases; ok markus
2015-01-16 18:24:49 +11:00
djm@openbsd.org
141efe4954 upstream commit
move authfd.c and its tentacles to the new buffer/key
 API; ok markus@
2015-01-15 21:37:34 +11:00
djm@openbsd.org
ab24ab847b upstream commit
reorder hostbased key attempts to better match the
 default hostkey algorithms order in myproposal.h; ok markus@
2015-01-09 00:20:25 +11:00
krw@openbsd.org
335c83d5f3 upstream commit
Nuke more obvious #include duplications.

ok deraadt@ millert@ tedu@
2014-11-24 10:15:04 +11:00
jmc@openbsd.org
b1ba15f388 upstream commit
tweak previous;
2014-10-20 14:40:05 +11:00
djm@openbsd.org
957fbceb0f upstream commit
Tweak config reparsing with host canonicalisation

Make the second pass through the config files always run when
hostname canonicalisation is enabled.

Add a "Match canonical" criteria that allows ssh_config Match
blocks to trigger only in the second config pass.

Add a -G option to ssh that causes it to parse its configuration
and dump the result to stdout, similar to "sshd -T"

Allow ssh_config Port options set in the second config parse
phase to be applied (they were being ignored).

bz#2267 bz#2286; ok markus
2014-10-13 11:41:48 +11:00
Damien Miller
357610d159 - djm@cvs.openbsd.org 2014/07/17 07:22:19
[mux.c ssh.c]
     reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
     previously we were always returning 0. bz#2255 reported by Brendan
     Germain; ok dtucker
2014-07-18 15:04:10 +10:00
Damien Miller
7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
2014-07-18 14:11:24 +10:00
Damien Miller
9c38643c5c - djm@cvs.openbsd.org 2014/07/03 06:39:19
[ssh.c ssh_config.5]
     Add a %C escape sequence for LocalCommand and ControlPath that expands
     to a unique identifer based on a has of the tuple of (local host,
     remote user, hostname, port).

     Helps avoid exceeding sockaddr_un's miserly pathname limits for mux
     control paths.

     bz#2220, based on patch from mancha1 AT zoho.com; ok markus@
2014-07-03 21:27:46 +10:00
Damien Miller
4b3ed647d5 - markus@cvs.openbsd.org 2014/06/27 16:41:56
[channels.c channels.h clientloop.c ssh.c]
     fix remote fwding with same listen port but different listen address
     with gerhard@, ok djm@
2014-07-02 15:29:40 +10:00
Damien Miller
19439e9a2a - djm@cvs.openbsd.org 2014/06/24 02:19:48
[ssh.c]
     don't fatal() when hostname canonicalisation fails with a
     ProxyCommand in use; continue and allow the ProxyCommand to
     connect anyway (e.g. to a host with a name outside the DNS
     behind a bastion)
2014-07-02 15:28:40 +10:00
Damien Miller
1f0311c7c7 - markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
     [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
     [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
     make compiling against OpenSSL optional (make OPENSSL=no);
     reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
     allows us to explore further options; with and ok djm
2014-05-15 14:24:09 +10:00
Damien Miller
c2e49062fa - (djm) Use full release (e.g. 6.5p1) in debug output rather than just
version. From des@des.no
2014-04-01 14:42:46 +11:00
Damien Miller
08b57c67f3 - djm@cvs.openbsd.org 2014/02/26 20:18:37
[ssh.c]
     bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
     ok dtucker@ markus@
2014-02-27 10:17:13 +11:00
Damien Miller
13f97b2286 - djm@cvs.openbsd.org 2014/02/23 20:11:36
[readconf.c readconf.h ssh.c ssh_config.5]
     reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
     the hostname. This allows users to write configurations that always
     refer to canonical hostnames, e.g.

     CanonicalizeHostname yes
     CanonicalDomains int.example.org example.org
     CanonicalizeFallbackLocal no

     Host *.int.example.org
         Compression off
     Host *.example.org
         User djm

     ok markus@
2014-02-24 15:57:55 +11:00
Damien Miller
d56b44d2df - djm@cvs.openbsd.org 2014/02/04 00:24:29
[ssh.c]
     delay lowercasing of hostname until right before hostname
     canonicalisation to unbreak case-sensitive matching of ssh_config;
     reported by Ike Devolder; ok markus@
2014-02-04 11:26:04 +11:00
Damien Miller
1d2c456426 - tedu@cvs.openbsd.org 2014/01/31 16:39:19
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
     replace most bzero with explicit_bzero, except a few that cna be memset
     ok djm dtucker
2014-02-04 11:18:20 +11:00
Damien Miller
0fa47cfb32 - djm@cvs.openbsd.org 2013/12/29 05:42:16
[ssh.c]
     don't forget to load Ed25519 certs too
2013-12-29 17:53:39 +11:00
Damien Miller
5be9d9e3cb - markus@cvs.openbsd.org 2013/12/06 13:39:49
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
     [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
     [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
     [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
     [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
     support ed25519 keys (hostkeys and user identities) using the public
     domain ed25519 reference code from SUPERCOP, see
     http://ed25519.cr.yp.to/software.html
     feedback, help & ok djm@
2013-12-07 11:24:01 +11:00
Damien Miller
bdb352a54f - jmc@cvs.openbsd.org 2013/11/26 12:14:54
[ssh.1 ssh.c]
     - put -Q in the right place
     - Ar was a poor choice for the arguments to -Q. i've chosen an
       admittedly equally poor Cm, at least consistent with the rest
       of the docs. also no need for multiple instances
     - zap a now redundant Nm
     - usage() sync
2013-12-05 10:20:52 +11:00
Damien Miller
d937dc084a - deraadt@cvs.openbsd.org 2013/11/25 18:04:21
[ssh.1 ssh.c]
     improve -Q usage and such.  One usage change is that the option is now
     case-sensitive
     ok dtucker markus djm
2013-12-05 10:19:54 +11:00
Damien Miller
0fde8acdad - djm@cvs.openbsd.org 2013/11/21 00:45:44
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
     [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
     [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
     [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
     cipher "chacha20-poly1305@openssh.com" that combines Daniel
     Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
     authenticated encryption mode.

     Inspired by and similar to Adam Langley's proposal for TLS:
     http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
     but differs in layout used for the MAC calculation and the use of a
     second ChaCha20 instance to separately encrypt packet lengths.
     Details are in the PROTOCOL.chacha20poly1305 file.

     Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
     ok markus@ naddy@
2013-11-21 14:12:23 +11:00
Damien Miller
690d989008 - dtucker@cvs.openbsd.org 2013/11/07 11:58:27
[cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
     Output the effective values of Ciphers, MACs and KexAlgorithms when
     the default has not been overridden.  ok markus@
2013-11-08 12:16:49 +11:00
Damien Miller
28631ceaa7 - djm@cvs.openbsd.org 2013/10/25 23:04:51
[ssh.c]
     fix crash when using ProxyCommand caused by previous commit - was calling
     freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
2013-10-26 10:07:56 +11:00