CVS log for src/usr.bin/ssh/sshd.c

Up to [local] / src / usr.bin / ssh

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.602 / (download) - annotate - [select for diffs], Mon Jan 8 00:34:34 2024 UTC (3 months, 1 week ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE, OPENBSD_7_5, HEAD
Changes since 1.601: +2 -2 lines
Diff to previous 1.601 (colored)

remove ext-info-* in the kex.c code, not in callers; with/ok markus@

Revision 1.601 / (download) - annotate - [select for diffs], Mon Dec 18 14:45:49 2023 UTC (3 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.600: +3 -1 lines
Diff to previous 1.600 (colored)

add "ext-info-in-auth@openssh.com" extension

This adds another transport protocol extension to allow a sshd to send
SSH2_MSG_EXT_INFO during user authentication, after the server has
learned the username that is being logged in to.

This lets sshd to update the acceptable signature algoritms for public
key authentication, and allows these to be varied via sshd_config(5)
"Match" directives, which are evaluated after the server learns the
username being authenticated.

Full details in the PROTOCOL file

Revision 1.600 / (download) - annotate - [select for diffs], Wed Mar 8 04:43:12 2023 UTC (13 months, 1 week ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE, OPENBSD_7_4, OPENBSD_7_3_BASE, OPENBSD_7_3
Changes since 1.599: +1 -5 lines
Diff to previous 1.599 (colored)

Delete obsolete /* ARGSUSED */ lint comments.

ok miod@ millert@

Revision 1.599 / (download) - annotate - [select for diffs], Mon Mar 6 12:14:48 2023 UTC (13 months, 1 week ago) by dtucker
Branch: MAIN
Changes since 1.598: +12 -22 lines
Diff to previous 1.598 (colored)

Refactor creation of KEX proposal.

This adds kex_proposal_populate_entries (and corresponding free) which
populates the KEX proposal array with dynamically allocated strings.
This replaces the previous mix of static and dynamic that has been the
source of previous leaks and bugs.  Remove unused compat functions.
With & ok djm@.

Revision 1.598 / (download) - annotate - [select for diffs], Fri Mar 3 03:12:24 2023 UTC (13 months, 2 weeks ago) by dtucker
Branch: MAIN
Changes since 1.597: +9 -5 lines
Diff to previous 1.597 (colored)

Check return values of dup2.  Spotted by Coverity, ok djm@

Revision 1.597 / (download) - annotate - [select for diffs], Fri Feb 10 04:47:19 2023 UTC (14 months ago) by djm
Branch: MAIN
Changes since 1.596: +28 -16 lines
Diff to previous 1.596 (colored)

add a `sshd -G` option that parses and prints the effective
configuration without attempting to load private keys and perform
other checks. This allows usage of the option before keys have been
generated.

bz3460 feedback/ok dtucker@

Revision 1.596 / (download) - annotate - [select for diffs], Wed Jan 18 01:50:21 2023 UTC (14 months, 4 weeks ago) by millert
Branch: MAIN
Changes since 1.595: +7 -3 lines
Diff to previous 1.595 (colored)

Add a -V (version) option to sshd like the ssh client has.
OK markus@ deraadt@

Revision 1.595 / (download) - annotate - [select for diffs], Fri Jan 6 02:47:19 2023 UTC (15 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.594: +2 -1 lines
Diff to previous 1.594 (colored)

Implement channel inactivity timeouts

This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.

Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.

ok markus dtucker

Revision 1.594 / (download) - annotate - [select for diffs], Fri Dec 16 06:56:47 2022 UTC (16 months ago) by djm
Branch: MAIN
Changes since 1.593: +5 -1 lines
Diff to previous 1.593 (colored)

Clear signal mask early in main(); sshd may have been started with
one or more signals masked (sigprocmask(2) is not cleared on fork/exec)
and this could interfere with various things, e.g. the login grace timer.

Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.

Reported by Sreedhar Balasubramanian; ok dtucker@

Revision 1.593 / (download) - annotate - [select for diffs], Sun Dec 4 23:50:49 2022 UTC (16 months, 1 week ago) by cheloha
Branch: MAIN
Changes since 1.592: +1 -2 lines
Diff to previous 1.592 (colored)

userspace: remove vestigial '?' cases from top-level getopt(3) loops

getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument.  We can
handle this case with the "default" failure case with no loss of
legibility.  Hence, remove all the redundant "case '?':" lines.

Prompted by dlg@.  With help from dlg@ and millert@.

Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2

ok naddy@ millert@ dlg@

Revision 1.592 / (download) - annotate - [select for diffs], Fri Oct 28 00:44:17 2022 UTC (17 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.591: +2 -2 lines
Diff to previous 1.591 (colored)

refactor sshkey_private_serialize_opt()

feedback/ok markus@

Revision 1.591 / (download) - annotate - [select for diffs], Sat Sep 17 10:34:29 2022 UTC (18 months, 4 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE, OPENBSD_7_2
Changes since 1.590: +8 -1 lines
Diff to previous 1.590 (colored)

Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit
will be ignored for user and host-based authentication.

Feedback deraadt@ ok markus@

Revision 1.590 / (download) - annotate - [select for diffs], Fri Jul 1 05:08:23 2022 UTC (21 months, 2 weeks ago) by dtucker
Branch: MAIN
Changes since 1.589: +1 -3 lines
Diff to previous 1.589 (colored)

Remove extra line leftover from merge conflict.  ok djm@

Revision 1.589 / (download) - annotate - [select for diffs], Fri Jul 1 03:39:44 2022 UTC (21 months, 2 weeks ago) by dtucker
Branch: MAIN
Changes since 1.588: +11 -6 lines
Diff to previous 1.588 (colored)

Don't leak the strings allocated by order_hostkeyalgs() and
list_hostkey_types() that are passed to compat_pkalg_proposal().
Part of github PR#324 from ZoltanFridrich, ok djm@

This is a roll-forward of the previous rollback now that the required
changes in compat.c have been done.

Revision 1.588 / (download) - annotate - [select for diffs], Fri Jun 24 10:45:06 2022 UTC (21 months, 3 weeks ago) by dtucker
Branch: MAIN
Changes since 1.587: +1 -5 lines
Diff to previous 1.587 (colored)

Roll back previous KEX changes as they aren't safe until
compat_pkalg_proposal and friends always allocate their returned
strings.  Reported by Qualys.

Revision 1.587 / (download) - annotate - [select for diffs], Fri Jun 24 04:37:00 2022 UTC (21 months, 3 weeks ago) by dtucker
Branch: MAIN
Changes since 1.586: +6 -2 lines
Diff to previous 1.586 (colored)

Don't leak the strings allocated by order_hostkeyalgs() and
list_hostkey_types() that are passed to compat_pkalg_proposal().
Part of github PR#324 from ZoltanFridrich, ok djm@

Revision 1.586 / (download) - annotate - [select for diffs], Fri Jun 17 01:00:03 2022 UTC (21 months, 4 weeks ago) by dtucker
Branch: MAIN
Changes since 1.585: +7 -3 lines
Diff to previous 1.585 (colored)

Log an error if pipe() fails while accepting a connection.  bz#3447, from
vincent-openssh at vinc17 net, ok djm@

Revision 1.585 / (download) - annotate - [select for diffs], Fri Mar 18 04:04:11 2022 UTC (2 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE, OPENBSD_7_1
Changes since 1.584: +2 -2 lines
Diff to previous 1.584 (colored)

don't try to resolve ListenAddress directives in the sshd re-exec
path - we're never going to use the result and if the operation fails
then it can prevent connections from being accepted. Reported by
Aaron Poffenberger; with / ok dtucker@

Revision 1.584 / (download) - annotate - [select for diffs], Tue Mar 1 01:59:19 2022 UTC (2 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.583: +19 -10 lines
Diff to previous 1.583 (colored)

pack pollfd array before server_accept_loop() ppoll() call,
and terminate sshd if ppoll() returns errno==EINVAL

avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by
Daniel Micay

feedback/ok deraadt

Revision 1.583 / (download) - annotate - [select for diffs], Tue Feb 1 07:57:32 2022 UTC (2 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.582: +5 -12 lines
Diff to previous 1.582 (colored)

Remove explicit kill of privsep preauth child's PID in SIGALRM handler.
It's no longer needed since the child will get terminated by the SIGTERM
to the process group that cleans up any auth helpers, it simplifies
the signal handler and removes the risk of a race when updating the PID.
Based on analysis by HerrSpace in github PR#289, ok djm@

Revision 1.582 / (download) - annotate - [select for diffs], Thu Nov 18 03:07:59 2021 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.581: +4 -2 lines
Diff to previous 1.581 (colored)

fd leak in sshd listen loop error path; from Gleb Smirnoff

Revision 1.581 / (download) - annotate - [select for diffs], Thu Nov 18 03:07:20 2021 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.580: +2 -2 lines
Diff to previous 1.580 (colored)

check for POLLHUP as well as POLLIN in sshd listen loop;
ok deraadt millert

Revision 1.580 / (download) - annotate - [select for diffs], Wed Nov 17 21:06:39 2021 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.579: +2 -2 lines
Diff to previous 1.579 (colored)

set num_listen_socks to 0 on close-all instead of -1, which
interferes with the new poll()-based listen loop; spotted and
debugged by anton@+deraadt@

Revision 1.579 / (download) - annotate - [select for diffs], Sun Nov 14 18:47:43 2021 UTC (2 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.578: +23 -22 lines
Diff to previous 1.578 (colored)

use ppoll() instead of pselect()
with djm

Revision 1.578 / (download) - annotate - [select for diffs], Mon Jul 19 02:21:50 2021 UTC (2 years, 8 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE, OPENBSD_7_0
Changes since 1.577: +3 -1 lines
Diff to previous 1.577 (colored)

Put dh_set_moduli_file call inside ifdef WITH_OPENSSL.  Fixes build with
OPENSSL=no.

Revision 1.577 / (download) - annotate - [select for diffs], Fri Jul 2 05:11:21 2021 UTC (2 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.576: +1 -5 lines
Diff to previous 1.576 (colored)

Remove references to ChallengeResponseAuthentication in favour of
KbdInteractiveAuthentication.  The former is what was in SSHv1, the
latter is what is in SSHv2 (RFC4256) and they were treated as somewhat
but not entirely equivalent.  We retain the old name as deprecated alias
so config files continue to work and a reference in the man page for
people looking for it.

Prompted by bz#3303 which pointed out the discrepancy between the two
when used with Match.  Man page help & ok jmc@, with & ok djm@

Revision 1.576 / (download) - annotate - [select for diffs], Thu Jun 10 03:14:14 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.575: +2 -2 lines
Diff to previous 1.575 (colored)

Continue accept loop when pselect returns -1, eg if it was interrupted
by a signal.  This should prevent the hang discovered by sthen@ wherein
sshd receives a SIGHUP while it has an unauthenticated child and goes
on to a blocking read on a notify_pipe.  feedback deraadt@, ok djm@

Revision 1.575 / (download) - annotate - [select for diffs], Sun Jun 6 11:34:16 2021 UTC (2 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.574: +2 -2 lines
Diff to previous 1.574 (colored)

Match host certificates against host public keys, not private keys.
Allows use of certificates with private keys held in a ssh-agent.
Reported by Miles Zhou in bz3524; ok dtucker@

Revision 1.574 / (download) - annotate - [select for diffs], Fri Jun 4 05:09:08 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.573: +31 -14 lines
Diff to previous 1.573 (colored)

Switch the listening select loop from select() to pselect() and
mask signals while checking signal flags, umasking for pselect and
restoring afterwards. Also restore signals before sighup_restart
so they don't remain blocked after restart.

This prevents a race where a SIGTERM or SIGHUP can arrive between
checking the flag and calling select (eg if sshd is processing a
new connection) resulting in sshd not shutting down until the next
time it receives a new connection.  bz#2158, with & ok djm@

Revision 1.573 / (download) - annotate - [select for diffs], Fri May 7 03:09:38 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.572: +8 -5 lines
Diff to previous 1.572 (colored)

don't sigdie() in signal handler in privsep child process;
this can end up causing sandbox violations per bz3286; ok dtucker@

Revision 1.572 / (download) - annotate - [select for diffs], Sat Apr 3 06:18:41 2021 UTC (3 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE, OPENBSD_6_9
Changes since 1.571: +6 -4 lines
Diff to previous 1.571 (colored)

highly polished whitespace, mostly fixing spaces-for-tab and bad
indentation on continuation lines. Prompted by GHPR#185

Revision 1.571 / (download) - annotate - [select for diffs], Fri Mar 12 04:08:19 2021 UTC (3 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.570: +5 -1 lines
Diff to previous 1.570 (colored)

Add ModuliFile keyword to sshd_config to specify the location of the
"moduli" file containing the groups for DH-GEX.  This will allow us to
run tests against arbitrary moduli files without having to install them.
ok djm@

Revision 1.570 / (download) - annotate - [select for diffs], Fri Feb 5 02:20:23 2021 UTC (3 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.569: +1 -3 lines
Diff to previous 1.569 (colored)

Remove debug message from sigchld handler.  While this works on OpenBSD
it can cause problems on other platforms.  From kircherlike at outlook.com
via bz#3259, ok djm@

Revision 1.569 / (download) - annotate - [select for diffs], Wed Jan 27 10:05:28 2021 UTC (3 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.568: +1 -11 lines
Diff to previous 1.568 (colored)

make ssh->kex->session_id a sshbuf instead of u_char*/size_t and
use that instead of global variables containing copies of it.
feedback/ok markus@

Revision 1.568 / (download) - annotate - [select for diffs], Wed Jan 27 09:26:54 2021 UTC (3 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.567: +5 -5 lines
Diff to previous 1.567 (colored)

remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@

Revision 1.567 / (download) - annotate - [select for diffs], Sat Jan 9 12:10:02 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.566: +15 -5 lines
Diff to previous 1.566 (colored)

Add PerSourceMaxStartups and PerSourceNetBlockSize options which provide
more fine grained MaxStartups limits.  Man page help jmc@, feedback &
ok djm@

Revision 1.566 / (download) - annotate - [select for diffs], Tue Dec 29 00:59:15 2020 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.565: +2 -2 lines
Diff to previous 1.565 (colored)

Update/replace the experimental post-quantim hybrid key exchange
method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.

The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).

Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself

(note this both the updated method and the one that it replaced are
disabled by default)

Revision 1.565 / (download) - annotate - [select for diffs], Sun Nov 8 11:46:12 2020 UTC (3 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.564: +3 -16 lines
Diff to previous 1.564 (colored)

Replace WITH_OPENSSL ifdefs in log calls with a macro.  The log calls
are themselves now macros, and preprocessor directives inside macro
arguments are undefined behaviour which some compilers (eg old GCCs)
choke on.  It also makes the code tidier.  ok deraadt@

Revision 1.564 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:02 2020 UTC (3 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.563: +73 -78 lines
Diff to previous 1.563 (colored)

use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@

Revision 1.563 / (download) - annotate - [select for diffs], Fri Oct 16 13:26:13 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.562: +5 -2 lines
Diff to previous 1.562 (colored)

LogVerbose keyword for ssh and sshd

Allows forcing maximum debug logging by file/function/line pattern-
lists.

ok markus@

Revision 1.562 / (download) - annotate - [select for diffs], Sat Oct 3 09:22:26 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.561: +5 -19 lines
Diff to previous 1.561 (colored)

There are lots of place where we want to redirect stdin, stdout
and/or stderr to /dev/null. Factor all these out to a single
stdfd_devnull() function that allows selection of which of these
to redirect. ok markus@

Revision 1.561 / (download) - annotate - [select for diffs], Thu Aug 27 01:06:19 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE, OPENBSD_6_8
Changes since 1.560: +4 -4 lines
Diff to previous 1.560 (colored)

support for user-verified FIDO keys

FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.

This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.

feedback markus@ and Pedro Martelletto; ok markus@

Revision 1.560 / (download) - annotate - [select for diffs], Fri Jul 3 10:12:26 2020 UTC (3 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.559: +2 -1 lines
Diff to previous 1.559 (colored)

update setproctitle after re-exec; ok djm

Revision 1.559 / (download) - annotate - [select for diffs], Fri Jul 3 10:11:33 2020 UTC (3 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.558: +2 -1 lines
Diff to previous 1.558 (colored)

keep ignoring HUP after fork+exec; ok djm

Revision 1.558 / (download) - annotate - [select for diffs], Fri Jul 3 10:10:17 2020 UTC (3 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.557: +2 -2 lines
Diff to previous 1.557 (colored)

don't exit the listener on send_rexec_state errors; ok djm

Revision 1.557 / (download) - annotate - [select for diffs], Thu Jun 18 23:34:19 2020 UTC (3 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.556: +11 -2 lines
Diff to previous 1.556 (colored)

check public host key matches private; ok markus@ (as part of
previous diff)

Revision 1.556 / (download) - annotate - [select for diffs], Fri Jun 5 06:18:07 2020 UTC (3 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.555: +1 -2 lines
Diff to previous 1.555 (colored)

unbreak "sshd -ddd" - close of config passing fd happened too early.
ok markus@

Revision 1.555 / (download) - annotate - [select for diffs], Tue May 26 01:09:05 2020 UTC (3 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.554: +64 -24 lines
Diff to previous 1.554 (colored)

improve logging for MaxStartups connection throttling: have sshd log
when it starts and stops throttling and periodically while in this
state. bz#3055 ok markus@

Revision 1.554 / (download) - annotate - [select for diffs], Fri May 15 08:34:03 2020 UTC (3 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.553: +3 -2 lines
Diff to previous 1.553 (colored)

sshd listener must not block if reexecd sshd exits early:
the call to send_rexec_state() in the parent sshd will block forever
in write(2) on config_s[0] if the forked child exits early before
finishing recv_rexec_state (e.g. with fatal()) because config_s[1] stays
open in the parent. this prevents the parent from accepting new connections.
ok djm, deraadt

Revision 1.553 / (download) - annotate - [select for diffs], Fri May 8 05:13:14 2020 UTC (3 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.552: +6 -5 lines
Diff to previous 1.552 (colored)

fix compilation with DEBUG_KEXDH; bz#3160 ok dtucker@

Revision 1.552 / (download) - annotate - [select for diffs], Fri Mar 13 04:01:57 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE, OPENBSD_6_7
Changes since 1.551: +4 -3 lines
Diff to previous 1.551 (colored)

use sshpkt_fatal() for kex_exchange_identification() errors.
This ensures that the logged errors are consistent with other transport-
layer errors and that the relevant IP addresses are logged. bz3129
ok dtucker@

Revision 1.551 / (download) - annotate - [select for diffs], Fri Mar 13 03:24:49 2020 UTC (4 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.550: +2 -8 lines
Diff to previous 1.550 (colored)

Don't clear alarm timers in listening sshd.  Previously these timers were
used for regenerating the SSH1 ephemeral host keys but those are now gone
so there's no need to clear the timers either.  ok deraadt@

Revision 1.550 / (download) - annotate - [select for diffs], Fri Mar 13 03:17:07 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.549: +2 -2 lines
Diff to previous 1.549 (colored)

spelling errors in comments; no code change
from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html

Revision 1.549 / (download) - annotate - [select for diffs], Fri Jan 31 23:13:04 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.548: +2 -3 lines
Diff to previous 1.548 (colored)

whitespace

Revision 1.548 / (download) - annotate - [select for diffs], Fri Jan 31 23:11:25 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.547: +2 -2 lines
Diff to previous 1.547 (colored)

force early logging to stderr if debug_flag (-d) is set; avoids
missing messages from re-exec config passing

Revision 1.547 / (download) - annotate - [select for diffs], Fri Jan 31 23:08:08 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.546: +2 -2 lines
Diff to previous 1.546 (colored)

mistake in previous: filling the incorrect buffer

Revision 1.546 / (download) - annotate - [select for diffs], Fri Jan 31 22:42:45 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.545: +45 -11 lines
Diff to previous 1.545 (colored)

Add a sshd_config "Include" directive to allow inclusion of files.
This has sensible semantics wrt Match blocks and accepts glob(3)
patterns to specify the included files. Based on patch by Jakub
Jelen in bz2468; feedback and ok markus@

Revision 1.545 / (download) - annotate - [select for diffs], Fri Jan 24 23:56:01 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.544: +18 -4 lines
Diff to previous 1.544 (colored)

tweak proctitle to include sshd arguments, as these are frequently
used to distinguish between multiple independent instances of the
server. New proctitle looks like this:

$ pgrep -lf sshd
12844 sshd: /usr/sbin/sshd -f /etc/ssh/sshd_config [listener] 0 of 10-100 startups

requested by sthen@ and aja@; ok aja@

Revision 1.544 / (download) - annotate - [select for diffs], Thu Jan 23 07:10:22 2020 UTC (4 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.543: +17 -15 lines
Diff to previous 1.543 (colored)

Replace all calls to signal(2) with a wrapper around sigaction(2).
This wrapper blocks all other signals during the handler preventing
races between handlers, and sets SA_RESTART which should reduce the
potential for short read/write operations.

Revision 1.543 / (download) - annotate - [select for diffs], Tue Jan 21 22:39:57 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.542: +8 -2 lines
Diff to previous 1.542 (colored)

expose the number of currently-authenticating connections
along with the MaxStartups limit in the proctitle;
suggestion from Philipp Marek, w/ feedback from Craig Miskell
ok dtucker@

Revision 1.542 / (download) - annotate - [select for diffs], Sun Dec 15 18:57:30 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.541: +35 -7 lines
Diff to previous 1.541 (colored)

allow security keys to act as host keys as well as user keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.

ok markus@

Revision 1.541 / (download) - annotate - [select for diffs], Mon Nov 18 16:10:05 2019 UTC (4 years, 4 months ago) by naddy
Branch: MAIN
Changes since 1.540: +2 -1 lines
Diff to previous 1.540 (colored)

additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@

Revision 1.540 / (download) - annotate - [select for diffs], Wed Nov 13 11:25:11 2019 UTC (4 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.539: +4 -1 lines
Diff to previous 1.539 (colored)

When clients get denied by MaxStartups, send a noification prior to
the SSH2 protocol banner according to RFC4253 section 4.2.  ok djm@
deraadt@ markus@

Revision 1.539 / (download) - annotate - [select for diffs], Thu Oct 31 21:23:19 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.538: +4 -4 lines
Diff to previous 1.538 (colored)

Refactor signing - use sshkey_sign for everything, including the new
U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

Revision 1.538 / (download) - annotate - [select for diffs], Tue Oct 29 07:47:27 2019 UTC (4 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.537: +1 -4 lines
Diff to previous 1.537 (colored)

Signal handler cleanup: remove leftover support for unreliable signals
and now-unneeded save and restore of errno.  ok deraadt@ markus@

Revision 1.537 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE, OPENBSD_6_6
Changes since 1.536: +15 -15 lines
Diff to previous 1.536 (colored)

When system calls indicate an error they return -1, not some arbitrary
value < 0.  errno is only updated in this case.  Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Revision 1.536 / (download) - annotate - [select for diffs], Fri Jun 21 04:21:05 2019 UTC (4 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.535: +8 -2 lines
Diff to previous 1.535 (colored)

Add protection for private keys at rest in RAM against speculation
and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and
Rambleed. This change encrypts private keys when they are not in use
with a symmetic key that is derived from a relatively large "prekey"
consisting of random data (currently 16KB).

Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.

Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.

Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.

been in snaps for a bit already; thanks deraadt@

ok dtucker@ deraadt@

Revision 1.535 / (download) - annotate - [select for diffs], Thu Jun 6 05:13:13 2019 UTC (4 years, 10 months ago) by otto
Branch: MAIN
Changes since 1.534: +1 -2 lines
Diff to previous 1.534 (colored)

Replace calls to ssh_malloc_init() by a static init of malloc_options.
Prepares for changes in the way malloc is initialized.  ok guenther@ dtucker@

Revision 1.534 / (download) - annotate - [select for diffs], Thu Apr 18 18:56:16 2019 UTC (4 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.533: +2 -1 lines
Diff to previous 1.533 (colored)

When running sshd -T, assume any attibute not provided by -C does not match,
which allows it to work when sshd_config contains a Match directive with or
without -C.  bz#2858, ok djm@

Revision 1.533 / (download) - annotate - [select for diffs], Fri Mar 1 02:32:39 2019 UTC (5 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE, OPENBSD_6_5
Changes since 1.532: +86 -28 lines
Diff to previous 1.532 (colored)

Fix two race conditions in sshd relating to SIGHUP:

1. Recently-forked child processes will briefly remain listening to
   listen_socks. If the main server sshd process completes its restart
   via execv() before these sockets are closed by the child processes
   then it can fail to listen at the desired addresses/ports and/or
   fail to restart.

2. When a SIGHUP is received, there may be forked child processes that
   are awaiting their reexecution state. If the main server sshd
   process restarts before passing this state, these child processes
   will yield errors and use a fallback path of reading the current
   sshd_config from the filesystem rather than use the one that sshd
   was started with.

To fix both of these cases, we reuse the startup_pipes that are shared
between the main server sshd and forked children. Previously this was
used solely to implement tracking of pre-auth child processes for
MaxStartups, but this extends the messaging over these pipes to include
a child->parent message that the parent process is safe to restart. This
message is sent from the child after it has completed its preliminaries:
closing listen_socks and receiving its reexec state.

bz#2953, reported by Michal Koutný; ok markus@ dtucker@

Revision 1.532 / (download) - annotate - [select for diffs], Mon Jan 21 10:38:54 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.531: +9 -9 lines
Diff to previous 1.531 (colored)

merge kexkem[cs] into kexgen

from markus@ ok djm@

Revision 1.531 / (download) - annotate - [select for diffs], Mon Jan 21 10:29:56 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.530: +2 -2 lines
Diff to previous 1.530 (colored)

use KEM API for vanilla ECDH

from markus@ ok djm@

Revision 1.530 / (download) - annotate - [select for diffs], Mon Jan 21 10:28:02 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.529: +6 -6 lines
Diff to previous 1.529 (colored)

use KEM API for vanilla DH KEX

from markus@ ok djm@

Revision 1.529 / (download) - annotate - [select for diffs], Mon Jan 21 10:24:09 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.528: +2 -2 lines
Diff to previous 1.528 (colored)

use KEM API for vanilla c25519 KEX

Revision 1.528 / (download) - annotate - [select for diffs], Mon Jan 21 10:20:12 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.527: +2 -1 lines
Diff to previous 1.527 (colored)

Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org
using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP
coupled with X25519 as a stop-loss. Not enabled by default.

introduce KEM API; a simplified framework for DH-ish KEX methods.

from markus@ feedback & ok djm@

Revision 1.527 / (download) - annotate - [select for diffs], Sat Jan 19 21:43:56 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.526: +36 -27 lines
Diff to previous 1.526 (colored)

remove last references to active_state

with & ok markus@

Revision 1.526 / (download) - annotate - [select for diffs], Sat Jan 19 21:43:07 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.525: +5 -6 lines
Diff to previous 1.525 (colored)

convert monitor.c to new packet API

with & ok markus@

Revision 1.525 / (download) - annotate - [select for diffs], Sat Jan 19 21:42:30 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.524: +39 -30 lines
Diff to previous 1.524 (colored)

convert sshd.c to new packet API

with & ok markus@

Revision 1.524 / (download) - annotate - [select for diffs], Sat Jan 19 21:38:24 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.523: +3 -2 lines
Diff to previous 1.523 (colored)

convert auth2.c to new packet API

Revision 1.523 / (download) - annotate - [select for diffs], Sat Jan 19 21:37:48 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.522: +3 -3 lines
Diff to previous 1.522 (colored)

convert servconf.c to new packet API

with & ok markus@

Revision 1.522 / (download) - annotate - [select for diffs], Sat Jan 19 21:31:32 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.521: +4 -1 lines
Diff to previous 1.521 (colored)

begin landing remaining refactoring of packet parsing API, started
almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

Revision 1.521 / (download) - annotate - [select for diffs], Thu Jan 17 01:50:24 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.520: +15 -15 lines
Diff to previous 1.520 (colored)

many of the global variables in this file can be made static;
patch from Markus Schmidt

Revision 1.520 / (download) - annotate - [select for diffs], Thu Dec 27 03:25:25 2018 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.519: +4 -114 lines
Diff to previous 1.519 (colored)

move client/server SSH-* banners to buffers under ssh->kex and factor
out the banner exchange. This eliminates some common code from the
client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

Revision 1.519 / (download) - annotate - [select for diffs], Mon Nov 19 04:12:32 2018 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.518: +8 -5 lines
Diff to previous 1.518 (colored)

silence (to log level debug2) failure messages when loading the default
hostkeys. Hostkeys explicitly specified in the configuration or on
the command-line are still reported as errors, and failure to load at
least one host key remains a fatal error.

Based on patch from Dag-Erling Smørgrav via
https://github.com/openssh/openssh-portable/pull/103

ok markus@

Revision 1.518 / (download) - annotate - [select for diffs], Fri Nov 16 03:26:01 2018 UTC (5 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.517: +2 -2 lines
Diff to previous 1.517 (colored)

use path_absolute() for pathname checks; from Manoj Ampalam

Revision 1.517 / (download) - annotate - [select for diffs], Tue Oct 23 05:56:35 2018 UTC (5 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.516: +3 -3 lines
Diff to previous 1.516 (colored)

refer to OpenSSL not SSLeay;

we're old, but we don't have to act it

Revision 1.516 / (download) - annotate - [select for diffs], Fri Sep 21 12:23:17 2018 UTC (5 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE, OPENBSD_6_4
Changes since 1.515: +2 -3 lines
Diff to previous 1.515 (colored)

when compiled with GSSAPI support, cache supported method OIDs by
calling ssh_gssapi_prepare_supported_oids() regardless of whether
GSSAPI authentication is enabled in the main config.

This avoids sandbox violations for configurations that enable GSSAPI
auth later, e.g.

Match user djm
	GSSAPIAuthentication yes

bz#2107; ok dtucker@

Revision 1.515 / (download) - annotate - [select for diffs], Thu Sep 13 02:08:33 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.514: +4 -4 lines
Diff to previous 1.514 (colored)

hold our collective noses and use the openssl-1.1.x API in OpenSSH;
feedback and ok tb@ jsing@ markus@

Revision 1.514 / (download) - annotate - [select for diffs], Mon Aug 13 02:41:05 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.513: +4 -4 lines
Diff to previous 1.513 (colored)

revert compat.[ch] section of the following change. It causes
double-free under some circumstances.

--

date: 2018/07/31 03:07:24;  author: djm;  state: Exp;  lines: +33 -18;  commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@

Revision 1.513 / (download) - annotate - [select for diffs], Tue Jul 31 03:07:24 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.512: +5 -5 lines
Diff to previous 1.512 (colored)

fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@

Revision 1.512 / (download) - annotate - [select for diffs], Wed Jul 11 18:53:29 2018 UTC (5 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.511: +38 -31 lines
Diff to previous 1.511 (colored)

remove legacy key emulation layer; ok djm@

Revision 1.511 / (download) - annotate - [select for diffs], Mon Jul 9 21:29:36 2018 UTC (5 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.510: +28 -25 lines
Diff to previous 1.510 (colored)

sshd: switch config to sshbuf API; ok djm@

Revision 1.510 / (download) - annotate - [select for diffs], Mon Jul 9 21:26:02 2018 UTC (5 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.509: +5 -4 lines
Diff to previous 1.509 (colored)

sshd: switch loginmsg to sshbuf API; ok djm@

Revision 1.509 / (download) - annotate - [select for diffs], Tue Jul 3 11:39:54 2018 UTC (5 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.508: +34 -29 lines
Diff to previous 1.508 (colored)

Improve strictness and control over RSA-SHA2 signature types:

In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.

In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.

Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.

Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.

feedback and ok markus@

Revision 1.508 / (download) - annotate - [select for diffs], Fri Apr 13 03:57:26 2018 UTC (6 years ago) by dtucker
Branch: MAIN
Changes since 1.507: +40 -1 lines
Diff to previous 1.507 (colored)

Defend against user enumeration timing attacks.
This establishes a minimum time for each failed authentication
attempt (5ms) and adds a per-user constant derived from a host
secret (0-4ms).  Based on work by joona.kannisto at tut.fi, ok
markus@ djm@.

Revision 1.507 / (download) - annotate - [select for diffs], Tue Apr 10 00:10:49 2018 UTC (6 years ago) by djm
Branch: MAIN
Changes since 1.506: +2 -2 lines
Diff to previous 1.506 (colored)

lots of typos in comments/docs. Patch from Karsten Weiss after checking
with codespell tool (https://github.com/lucasdemarchi/codespell)

Revision 1.506 / (download) - annotate - [select for diffs], Sat Mar 3 03:15:51 2018 UTC (6 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE, OPENBSD_6_3
Changes since 1.505: +9 -1 lines
Diff to previous 1.505 (colored)

switch over to the new authorized_keys options API and remove the
legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and ok markus@

Revision 1.505 / (download) - annotate - [select for diffs], Fri Feb 23 15:58:38 2018 UTC (6 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.504: +5 -1 lines
Diff to previous 1.504 (colored)

Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
ok djm@

Revision 1.504 / (download) - annotate - [select for diffs], Sun Feb 11 21:16:56 2018 UTC (6 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.503: +1 -4 lines
Diff to previous 1.503 (colored)

Don't reset signal handlers inside handlers.

The signal handlers from the original ssh1 code on which OpenSSH
is based assume unreliable signals and reinstall their handlers.
Since OpenBSD (and pretty much every current system) has reliable
signals this is not needed.  In the unlikely even that -portable
is still being used on such systems we will deal with it in the
compat layer.  ok deraadt@

Revision 1.503 / (download) - annotate - [select for diffs], Tue Jan 23 20:00:58 2018 UTC (6 years, 2 months ago) by stsp
Branch: MAIN
Changes since 1.502: +2 -2 lines
Diff to previous 1.502 (colored)

Fix a logic bug in sshd_exchange_identification which prevented clients
using major protocol version 2 from connecting to the server.
ok millert@

Revision 1.502 / (download) - annotate - [select for diffs], Tue Jan 23 05:27:21 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.501: +1 -5 lines
Diff to previous 1.501 (colored)

Drop compatibility hacks for some ancient SSH implementations, including
ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

Revision 1.501 / (download) - annotate - [select for diffs], Tue Jan 23 05:12:12 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.500: +2 -2 lines
Diff to previous 1.500 (colored)

unbreak support for clients that advertise a protocol version
of "1.99" (indicating both v2 and v1 support). Busted by me during
SSHv1 purge in r1.358; bz2810, ok dtucker

Revision 1.500 / (download) - annotate - [select for diffs], Tue Jan 23 05:01:15 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.499: +4 -2 lines
Diff to previous 1.499 (colored)

avoid modifying pw->pw_passwd; let endpwent() clean up for us, but
keep a scrubbed copy; bz2777, ok dtucker@

Revision 1.499 / (download) - annotate - [select for diffs], Tue Nov 14 00:45:29 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.498: +13 -2 lines
Diff to previous 1.498 (colored)

fix problem in configuration parsing when in config dump mode (sshd -T)
without providing a full connection specification (sshd -T -C ...)

spotted by bluhm@

Revision 1.498 / (download) - annotate - [select for diffs], Fri Nov 3 03:18:53 2017 UTC (6 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.497: +7 -11 lines
Diff to previous 1.497 (colored)

When doing a config test with sshd -T, only require the attributes
that are actually used in Match criteria rather than (an incomplete
list of) all criteria.  ok djm@, man page help jmc@

Revision 1.497 / (download) - annotate - [select for diffs], Fri Oct 27 00:18:41 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.496: +5 -4 lines
Diff to previous 1.496 (colored)

improve printing of rdomain on accept() a little

Revision 1.496 / (download) - annotate - [select for diffs], Wed Oct 25 00:19:47 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.495: +8 -4 lines
Diff to previous 1.495 (colored)

add a "rdomain" criteria for the sshd_config Match keyword to allow
conditional configuration that depends on which rdomain(4) a connection
was recevied on. ok markus@

Revision 1.495 / (download) - annotate - [select for diffs], Wed Oct 25 00:17:08 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.494: +29 -1 lines
Diff to previous 1.494 (colored)

add sshd_config RDomain keyword to place sshd and the subsequent
user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)

ok markus@

Revision 1.494 / (download) - annotate - [select for diffs], Wed Oct 25 00:15:35 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.493: +32 -13 lines
Diff to previous 1.493 (colored)

Add optional rdomain qualifier to sshd_config's ListenAddress option
to allow listening on a different rdomain(4), e.g.

ListenAddress 0.0.0.0 rdomain 4

Revision 1.493 / (download) - annotate - [select for diffs], Thu Oct 5 15:52:03 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.492: +24 -30 lines
Diff to previous 1.492 (colored)

replace statically-sized arrays in ServerOptions with dynamic ones
managed by xrecallocarray, removing some arbitrary (though large)
limits and saving a bit of memory; "much nicer" markus@

Revision 1.492 / (download) - annotate - [select for diffs], Tue Sep 12 06:32:07 2017 UTC (6 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE, OPENBSD_6_2
Changes since 1.491: +12 -7 lines
Diff to previous 1.491 (colored)

refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

Revision 1.491 / (download) - annotate - [select for diffs], Sat Jul 1 13:50:45 2017 UTC (6 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.490: +1 -2 lines
Diff to previous 1.490 (colored)

remove post-SSHv1 removal dead code from rsa.c and merge the
remaining bit that it still used into ssh-rsa.c; ok markus

Revision 1.490 / (download) - annotate - [select for diffs], Wed May 31 08:09:45 2017 UTC (6 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.489: +3 -1 lines
Diff to previous 1.489 (colored)

clear session keys from memory; ok djm@

Revision 1.489 / (download) - annotate - [select for diffs], Wed May 31 07:00:13 2017 UTC (6 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.488: +2 -2 lines
Diff to previous 1.488 (colored)

remove now obsolete ctx from ssh_dispatch_run; ok djm@

Revision 1.488 / (download) - annotate - [select for diffs], Tue May 30 08:52:20 2017 UTC (6 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.487: +22 -21 lines
Diff to previous 1.487 (colored)

switch from Key typedef with struct sshkey; ok djm@

Revision 1.487 / (download) - annotate - [select for diffs], Sun Apr 30 23:18:44 2017 UTC (6 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.486: +1 -9 lines
Diff to previous 1.486 (colored)

remove KEY_RSA1

ok markus@

Revision 1.486 / (download) - annotate - [select for diffs], Sun Apr 30 23:13:25 2017 UTC (6 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.485: +3 -5 lines
Diff to previous 1.485 (colored)

remove compat20/compat13/compat15 variables

ok markus@

Revision 1.485 / (download) - annotate - [select for diffs], Wed Mar 15 03:52:30 2017 UTC (7 years, 1 month ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE, OPENBSD_6_1
Changes since 1.484: +2 -2 lines
Diff to previous 1.484 (colored)

accidents happen to the best of us; ok djm

Revision 1.484 / (download) - annotate - [select for diffs], Wed Mar 15 02:19:09 2017 UTC (7 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.483: +10 -1 lines
Diff to previous 1.483 (colored)

Fix segfault when sshd attempts to load RSA1 keys (can only happen
when protocol v.1 support is enabled for the client). Reported by
Jakub Jelen in bz#2686; ok dtucker

Revision 1.483 / (download) - annotate - [select for diffs], Fri Feb 24 03:16:34 2017 UTC (7 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.482: +6 -1 lines
Diff to previous 1.482 (colored)

might as well set the listener socket CLOEXEC

Revision 1.482 / (download) - annotate - [select for diffs], Mon Feb 6 09:22:51 2017 UTC (7 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.481: +4 -4 lines
Diff to previous 1.481 (colored)

Restore \r\n newline sequence for server ident string. The CR got
lost in the flensing of SSHv1. Pointed out by Stef Bon

Revision 1.481 / (download) - annotate - [select for diffs], Fri Feb 3 02:56:00 2017 UTC (7 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.480: +2 -2 lines
Diff to previous 1.480 (colored)

Make ssh_packet_set_rekey_limits take u32 for the number of seconds
until rekeying (negative values are rejected at config parse time).
This allows the removal of some casts and a signed vs unsigned
comparison warning.

rekey_time is cast to int64 for the comparison which is a no-op
on OpenBSD, but should also do the right thing in -portable on
anything still using 32bit time_t (until the system time actually
wraps, anyway).

some early guidance deraadt@, ok djm@

Revision 1.480 / (download) - annotate - [select for diffs], Fri Dec 9 03:04:29 2016 UTC (7 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.479: +10 -2 lines
Diff to previous 1.479 (colored)

log connections dropped in excess of MaxStartups at verbose LogLevel;
bz#2613 based on diff from Tomas Kuthan; ok dtucker@

Revision 1.479 / (download) - annotate - [select for diffs], Sun Dec 4 22:27:25 2016 UTC (7 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.478: +4 -2 lines
Diff to previous 1.478 (colored)

Unlink PidFile on SIGHUP and always recreate it when the new sshd starts.
Regression tests (and possibly other things) depend on the pidfile being
recreated after SIGHUP, and unlinking it means it won't contain a stale
pid if sshd fails to restart.  ok djm@ markus@

Revision 1.478 / (download) - annotate - [select for diffs], Wed Nov 30 00:28:31 2016 UTC (7 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.477: +8 -7 lines
Diff to previous 1.477 (colored)

On startup, check to see if sshd is already daemonized and if so,
skip the call to daemon() and do not rewrite the PidFile.  This
means that when sshd re-execs itself on SIGHUP the process ID will
no longer change.  Should address bz#2641.  ok djm@ markus@.

Revision 1.477 / (download) - annotate - [select for diffs], Tue Nov 29 03:54:50 2016 UTC (7 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.476: +2 -12 lines
Diff to previous 1.476 (colored)

Factor out code to disconnect from controlling terminal into its own
function.  ok djm@

Revision 1.476 / (download) - annotate - [select for diffs], Wed Sep 28 16:33:07 2016 UTC (7 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.475: +1 -9 lines
Diff to previous 1.475 (colored)

Remove support for pre-authentication compression. Doing compression
early in the protocol probably seemed reasonable in the 1990s, but
today it's clearly a bad idea in terms of both cryptography (cf.
multiple compression oracle attacks in TLS) and attack surface.

Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.

Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@

NB. pre-auth authentication has been disabled by default in sshd
for >10 years.

Revision 1.475 / (download) - annotate - [select for diffs], Sun Aug 28 22:28:12 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.474: +2 -2 lines
Diff to previous 1.474 (colored)

fix uninitialised optlen in getsockopt() call; harmless on Unix/BSD
but potentially crashy on Cygwin. Reported by James Slepicka
ok deraadt@

Revision 1.474 / (download) - annotate - [select for diffs], Fri Aug 19 03:18:07 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.473: +2 -2 lines
Diff to previous 1.473 (colored)

remove UseLogin option and support for having /bin/login manage
login sessions; ok deraadt markus dtucker

Revision 1.473 / (download) - annotate - [select for diffs], Mon Aug 15 12:27:56 2016 UTC (7 years, 8 months ago) by naddy
Branch: MAIN
Changes since 1.472: +6 -27 lines
Diff to previous 1.472 (colored)

Remove more SSH1 server code:
* Drop sshd's -k option.
* Retire configuration keywords that only apply to protocol 1, as well as
  the "protocol" keyword.
* Remove some related vestiges of protocol 1 support.

ok markus@

Revision 1.472 / (download) - annotate - [select for diffs], Sat Aug 13 17:47:41 2016 UTC (7 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.471: +17 -462 lines
Diff to previous 1.471 (colored)

remove ssh1 server code; ok djm@

Revision 1.471 / (download) - annotate - [select for diffs], Wed Aug 3 04:23:55 2016 UTC (7 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.470: +2 -2 lines
Diff to previous 1.470 (colored)

Fix bug introduced in rev 1.467 which causes "buffer_get_bignum_ret:
incomplete message" errors when built with WITH_SSH1 and run such that no
Protocol 1 ephemeral host key is generated (eg "Protocol 2", no SSH1 host
key supplied).  Reported by rainer.laatsch at t-online.de, ok deraadt@

Revision 1.470 / (download) - annotate - [select for diffs], Tue May 24 04:43:45 2016 UTC (7 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE, OPENBSD_6_0
Changes since 1.469: +4 -3 lines
Diff to previous 1.469 (colored)

KNF compression proposal and simplify the client side a little.  ok djm@

Revision 1.469 / (download) - annotate - [select for diffs], Mon May 2 14:10:58 2016 UTC (7 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.468: +2 -2 lines
Diff to previous 1.468 (colored)

unbreak config parsing on reexec from previous commit

Revision 1.468 / (download) - annotate - [select for diffs], Mon May 2 10:26:04 2016 UTC (7 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.467: +4 -1 lines
Diff to previous 1.467 (colored)

add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03

diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)

based on patch from Mark D. Baushke and Darren Tucker
ok markus@

Revision 1.467 / (download) - annotate - [select for diffs], Mon May 2 08:49:03 2016 UTC (7 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.466: +30 -19 lines
Diff to previous 1.466 (colored)

fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of
strdup(sshbuf_ptr()) with better safety checking;
feedback and ok markus@

Revision 1.466 / (download) - annotate - [select for diffs], Mon Mar 7 19:02:43 2016 UTC (8 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.465: +82 -36 lines
Diff to previous 1.465 (colored)

refactor canohost.c: move functions that cache results closer to the
places that use them (authn and session code). After this, no state is
cached in canohost.c

feedback and ok markus@

Revision 1.465 / (download) - annotate - [select for diffs], Mon Feb 15 09:47:49 2016 UTC (8 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE, OPENBSD_5_9
Changes since 1.464: +2 -1 lines
Diff to previous 1.464 (colored)

Add a function to enable security-related malloc_options.  With and ok
deraadt@, something similar has been in the snaps for a while.

Revision 1.464 / (download) - annotate - [select for diffs], Fri Jan 29 02:54:45 2016 UTC (8 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.463: +2 -2 lines
Diff to previous 1.463 (colored)

Allow RekeyLimits in excess of 4G up to 2**63 bits (limited by the return
type of scan_scaled).  Part of bz#2521, ok djm.

Revision 1.463 / (download) - annotate - [select for diffs], Thu Jan 14 16:17:40 2016 UTC (8 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.462: +3 -4 lines
Diff to previous 1.462 (colored)

remove roaming support; ok djm@

Revision 1.462 / (download) - annotate - [select for diffs], Thu Dec 10 17:08:40 2015 UTC (8 years, 4 months ago) by mmcc
Branch: MAIN
Changes since 1.461: +2 -3 lines
Diff to previous 1.461 (colored)

Remove NULL-checks before free().

ok dtucker@

Revision 1.461 / (download) - annotate - [select for diffs], Fri Dec 4 16:41:28 2015 UTC (8 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.460: +13 -5 lines
Diff to previous 1.460 (colored)

implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@

Revision 1.460 / (download) - annotate - [select for diffs], Mon Nov 16 22:51:05 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.459: +28 -29 lines
Diff to previous 1.459 (colored)

always call privsep_preauth_child() regardless of whether sshd
was started by root; it does important priming before sandboxing
and failing to call it could result in sandbox violations later;
ok markus@

Revision 1.459 / (download) - annotate - [select for diffs], Fri Sep 4 08:21:47 2015 UTC (8 years, 7 months ago) by dtucker
Branch: MAIN
Changes since 1.458: +3 -5 lines
Diff to previous 1.458 (colored)

Plug minor memory leaks when options are used more than once.  bz#2182,
patch from Tiago Cunha, ok deraadt djm

Revision 1.458 / (download) - annotate - [select for diffs], Thu Aug 20 22:32:42 2015 UTC (8 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.457: +2 -2 lines
Diff to previous 1.457 (colored)

Do not cast result of malloc/calloc/realloc* if stdlib.h is in scope
ok krw millert

Revision 1.457 / (download) - annotate - [select for diffs], Thu Jul 30 00:01:34 2015 UTC (8 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE, OPENBSD_5_8
Changes since 1.456: +10 -19 lines
Diff to previous 1.456 (colored)

Allow ssh_config and sshd_config kex parameters options be prefixed
by a '+' to indicate that the specified items be appended to the
default rather than replacing it.

approach suggested by dtucker@, feedback dlg@, ok markus@

Revision 1.456 / (download) - annotate - [select for diffs], Fri Jul 17 02:47:45 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.455: +2 -2 lines
Diff to previous 1.455 (colored)

fix incorrect test for SSH1 keys when compiled without SSH1 support

Revision 1.455 / (download) - annotate - [select for diffs], Wed Jul 15 08:00:11 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.454: +2 -2 lines
Diff to previous 1.454 (colored)

fix NULL-deref when SSH1 reenabled

Revision 1.454 / (download) - annotate - [select for diffs], Fri Jul 10 06:21:53 2015 UTC (8 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.453: +9 -1 lines
Diff to previous 1.453 (colored)

Turn off DSA by default; add HostKeyAlgorithms to the server and
PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@

Revision 1.453 / (download) - annotate - [select for diffs], Fri Jul 3 03:49:45 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.452: +3 -3 lines
Diff to previous 1.452 (colored)

refuse to generate or accept RSA keys smaller than 1024 bits;
feedback and ok dtucker@

Revision 1.452 / (download) - annotate - [select for diffs], Fri Jul 3 03:47:00 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.451: +2 -4 lines
Diff to previous 1.451 (colored)

turn off 1024 bit diffie-hellman-group1-sha1 key exchange method
(already off in server, this turns it off in the client by default too)
ok dtucker@

Revision 1.451 / (download) - annotate - [select for diffs], Fri Jul 3 03:43:18 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.450: +1 -5 lines
Diff to previous 1.450 (colored)

delete support for legacy v00 certificates; "sure" markus@ dtucker@

Revision 1.450 / (download) - annotate - [select for diffs], Sun May 24 23:39:16 2015 UTC (8 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.449: +3 -2 lines
Diff to previous 1.449 (colored)

add missing 'c' option to getopt(), case statement was already
there; from Felix Bolte

Revision 1.449 / (download) - annotate - [select for diffs], Thu May 21 06:43:31 2015 UTC (8 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.448: +6 -1 lines
Diff to previous 1.448 (colored)

add AuthorizedPrincipalsCommand that allows getting authorized_principals
from a subprocess rather than a file, which is quite useful in
deployments with large userbases

feedback and ok markus@

Revision 1.448 / (download) - annotate - [select for diffs], Mon Apr 27 00:21:21 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.447: +2 -2 lines
Diff to previous 1.447 (colored)

allow "sshd -f none" to skip reading the config file, much like
"ssh -F none" does. ok dtucker

Revision 1.447 / (download) - annotate - [select for diffs], Wed Apr 15 23:23:25 2015 UTC (9 years ago) by dtucker
Branch: MAIN
Changes since 1.446: +5 -4 lines
Diff to previous 1.446 (colored)

Plug leak of address passed to logging.  bz#2373, patch from jjelen at redhat,
ok markus@

Revision 1.446 / (download) - annotate - [select for diffs], Fri Apr 10 05:16:50 2015 UTC (9 years ago) by dtucker
Branch: MAIN
Changes since 1.445: +5 -1 lines
Diff to previous 1.445 (colored)

Don't send hostkey advertisments (hostkeys-00@openssh.com) to current
versions of Tera Term as they can't handle them.  Newer versions should
be OK.  Patch from Bryan Drewery and IWAMOTO Kouichi, ok djm@

Revision 1.445 / (download) - annotate - [select for diffs], Tue Mar 31 22:55:24 2015 UTC (9 years ago) by djm
Branch: MAIN
Changes since 1.444: +1 -3 lines
Diff to previous 1.444 (colored)

don't fatal when a !ssh1 sshd is reexeced from a w/ssh1 listener;
reported by miod@; ok miod@ markus@

Revision 1.444 / (download) - annotate - [select for diffs], Fri Feb 20 22:17:21 2015 UTC (9 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE, OPENBSD_5_7
Changes since 1.443: +2 -2 lines
Diff to previous 1.443 (colored)

UpdateHostKeys fixes:

I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@

s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.

Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)

Revision 1.443 / (download) - annotate - [select for diffs], Mon Feb 16 22:30:03 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.442: +7 -8 lines
Diff to previous 1.442 (colored)

partial backout of:

revision 1.441
date: 2015/01/31 20:30:05;  author: djm;  state: Exp;  lines: +17 -10;  commitid
: x8klYPZMJSrVlt3O;
Let sshd load public host keys even when private keys are missing.
Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@

hostkey updates now require access to the private key, so we can't
load public keys only. The improved log messages (fingerprints of keys
loaded) are kept.

Revision 1.442 / (download) - annotate - [select for diffs], Mon Feb 16 22:13:32 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.441: +23 -12 lines
Diff to previous 1.441 (colored)

Revise hostkeys@openssh.com hostkey learning extension.

The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.

Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.

ok markus@

Revision 1.441 / (download) - annotate - [select for diffs], Sat Jan 31 20:30:05 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.440: +17 -10 lines
Diff to previous 1.440 (colored)

Let sshd load public host keys even when private keys are missing.
Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@

Revision 1.440 / (download) - annotate - [select for diffs], Mon Jan 26 06:10:03 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.439: +8 -7 lines
Diff to previous 1.439 (colored)

correctly match ECDSA subtype (== curve) for offered/recevied
host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with different curve type
(an extremely unlikely configuration).

ok markus, "looks mechanical" deraadt@

Revision 1.439 / (download) - annotate - [select for diffs], Mon Jan 26 03:04:46 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.438: +43 -1 lines
Diff to previous 1.438 (colored)

Host key rotation support.

Add a hostkeys@openssh.com protocol extension (global request) for
a server to inform a client of all its available host key after
authentication has completed. The client may record the keys in
known_hosts, allowing it to upgrade to better host key algorithms
and a server to gracefully rotate its keys.

The client side of this is controlled by a UpdateHostkeys config
option (default on).

ok markus@

Revision 1.438 / (download) - annotate - [select for diffs], Tue Jan 20 23:14:00 2015 UTC (9 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.437: +5 -5 lines
Diff to previous 1.437 (colored)

Reduce use of <sys/param.h> and transition to <limits.h> throughout.
ok djm markus

Revision 1.437 / (download) - annotate - [select for diffs], Tue Jan 20 20:16:21 2015 UTC (9 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.436: +4 -2 lines
Diff to previous 1.436 (colored)

kex_setup errors are fatal()

Revision 1.436 / (download) - annotate - [select for diffs], Mon Jan 19 20:20:20 2015 UTC (9 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.435: +2 -2 lines
Diff to previous 1.435 (colored)

store compat flags in struct ssh; ok djm@

Revision 1.435 / (download) - annotate - [select for diffs], Mon Jan 19 20:16:15 2015 UTC (9 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.434: +24 -23 lines
Diff to previous 1.434 (colored)

adapt kex to sshbuf and struct ssh; ok djm@

Revision 1.434 / (download) - annotate - [select for diffs], Mon Jan 19 19:52:16 2015 UTC (9 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.433: +4 -9 lines
Diff to previous 1.433 (colored)

update packet.c & isolate, introduce struct ssh
a) switch packet.c to buffer api and isolate per-connection info into struct ssh
b) (de)serialization of the state is moved from monitor to packet.c
c) the old packet.c API is implemented in opacket.[ch]
d) compress.c/h is removed and integrated into packet.c
with and ok djm@

Revision 1.433 / (download) - annotate - [select for diffs], Sat Jan 17 18:53:34 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.432: +7 -3 lines
Diff to previous 1.432 (colored)

fix hostkeys on ssh agent; found by unit test I'm about to commit

Revision 1.432 / (download) - annotate - [select for diffs], Wed Jan 14 20:05:27 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.431: +31 -12 lines
Diff to previous 1.431 (colored)

move authfd.c and its tentacles to the new buffer/key API;
ok markus@

Revision 1.431 / (download) - annotate - [select for diffs], Wed Jan 7 18:15:07 2015 UTC (9 years, 3 months ago) by tedu
Branch: MAIN
Changes since 1.430: +47 -57 lines
Diff to previous 1.430 (colored)

workaround for the Meyer, et al, Bleichenbacher Side Channel Attack.
fake up a bignum key before RSA decryption.
discussed/ok djm markus

Revision 1.430 / (download) - annotate - [select for diffs], Mon Dec 22 07:55:51 2014 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.429: +8 -7 lines
Diff to previous 1.429 (colored)

make internal handling of filename arguments of "none" more consistent
with ssh. "none" arguments are now replaced with NULL when the
configuration is finalised.

Simplifies checking later on (just need to test not-NULL rather than
that + strcmp) and cleans up some inconsistencies. ok markus@

Revision 1.429 / (download) - annotate - [select for diffs], Thu Dec 11 08:20:09 2014 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.428: +2 -1 lines
Diff to previous 1.428 (colored)

explicitly include sys/param.h in files that use the howmany() macro;
from portable

Revision 1.428 / (download) - annotate - [select for diffs], Tue Jul 15 15:54:14 2014 UTC (9 years, 9 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE, OPENBSD_5_6
Changes since 1.427: +2 -2 lines
Diff to previous 1.427 (colored)

Add support for Unix domain socket forwarding.  A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket.  This is a reimplementation
of the streamlocal patches by William Ahern from:
    http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@

Revision 1.427 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.426: +9 -7 lines
Diff to previous 1.426 (colored)

New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.

with and ok markus@

Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.

Revision 1.426 / (download) - annotate - [select for diffs], Tue Apr 29 18:01:49 2014 UTC (9 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.425: +38 -6 lines
Diff to previous 1.425 (colored)

make compiling against OpenSSL optional (make OPENSSL=no);
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm

Revision 1.420.4.1 / (download) - annotate - [select for diffs], Mon Apr 21 00:30:48 2014 UTC (9 years, 11 months ago) by djm
Branch: OPENBSD_5_5
Changes since 1.420: +4 -1 lines
Diff to previous 1.420 (colored) next main 1.421 (colored)

MFC:

reliability fix for OpenSSH using curve25519-sha256@libssh.org key
exchange method.

revision 1.71
date: 2014/04/18 23:52:25;  author: djm;  state: Exp;  lines: +2 -2;
OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the curve25519-sha256@libssh.org KEX exchange method to fail
when connecting with something that implements the spec properly.

Disable this KEX method when speaking to one of the affected
versions.

revision 1.57
date: 2014/04/16 23:22:45;  author: djm;  state: Exp;  lines: +4 -1;
skip leading zero bytes in buffer_put_bignum2_from_string();
reported by jan AT mojzis.com; ok markus@

Revision 1.425 / (download) - annotate - [select for diffs], Sat Apr 19 14:53:48 2014 UTC (9 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.424: +1 -21 lines
Diff to previous 1.424 (colored)

Delete futile calls to RAND_seed. ok djm

Revision 1.424 / (download) - annotate - [select for diffs], Fri Apr 18 23:52:25 2014 UTC (10 years ago) by djm
Branch: MAIN
Changes since 1.423: +4 -1 lines
Diff to previous 1.423 (colored)

OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the curve25519-sha256@libssh.org KEX exchange method to fail
when connecting with something that implements the spec properly.

Disable this KEX method when speaking to one of the affected
versions.

reported by Aris Adamantiadis; ok markus@

Revision 1.423 / (download) - annotate - [select for diffs], Sat Apr 12 04:55:53 2014 UTC (10 years ago) by djm
Branch: MAIN
Changes since 1.422: +3 -2 lines
Diff to previous 1.422 (colored)

avoid crash at exit: check that pmonitor!=NULL before dereferencing;
bz#2225, patch from kavi AT juniper.net

Revision 1.422 / (download) - annotate - [select for diffs], Thu Mar 27 23:01:27 2014 UTC (10 years ago) by markus
Branch: MAIN
Changes since 1.421: +2 -1 lines
Diff to previous 1.421 (colored)

disable weak proposals in sshd, but keep them in ssh; ok djm@

Revision 1.421 / (download) - annotate - [select for diffs], Wed Mar 26 19:58:37 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.420: +1 -25 lines
Diff to previous 1.420 (colored)

remove libwrap support. ok deraadt djm mfriedl

Revision 1.420 / (download) - annotate - [select for diffs], Wed Feb 26 21:53:37 2014 UTC (10 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE
Branch point for: OPENBSD_5_5
Changes since 1.419: +3 -1 lines
Diff to previous 1.419 (colored)

ssh_gssapi_prepare_supported_oids needs GSSAPI

Revision 1.419 / (download) - annotate - [select for diffs], Wed Feb 26 20:28:44 2014 UTC (10 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.418: +5 -1 lines
Diff to previous 1.418 (colored)

bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@

Revision 1.418 / (download) - annotate - [select for diffs], Sun Feb 2 03:44:32 2014 UTC (10 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.417: +6 -6 lines
Diff to previous 1.417 (colored)

convert memset of potentially-private data to explicit_bzero()

Revision 1.417 / (download) - annotate - [select for diffs], Fri Jan 31 16:39:19 2014 UTC (10 years, 2 months ago) by tedu
Branch: MAIN
Changes since 1.416: +4 -4 lines
Diff to previous 1.416 (colored)

replace most bzero with explicit_bzero, except a few that cna be memset
ok djm dtucker

Revision 1.416 / (download) - annotate - [select for diffs], Wed Jan 29 00:19:26 2014 UTC (10 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.415: +2 -2 lines
Diff to previous 1.415 (colored)

use kill(0, ...) instead of killpg(0, ...); on most operating systems
they are equivalent, but SUSv2 describes the latter as having undefined
behaviour; from portable; ok dtucker

Revision 1.415 / (download) - annotate - [select for diffs], Mon Jan 27 19:18:54 2014 UTC (10 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.414: +18 -12 lines
Diff to previous 1.414 (colored)

replace openssl MD5 with our ssh_digest_*; ok djm@

Revision 1.414 / (download) - annotate - [select for diffs], Thu Jan 9 23:26:48 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.413: +7 -2 lines
Diff to previous 1.413 (colored)

ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
deranged and might make some attacks on KEX easier; ok markus@

Revision 1.413 / (download) - annotate - [select for diffs], Mon Dec 30 23:52:28 2013 UTC (10 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.412: +8 -5 lines
Diff to previous 1.412 (colored)

refuse RSA keys from old proprietary clients/servers that use the
obsolete RSA+MD5 signature scheme. it will still be possible to connect
with these clients/servers but only DSA keys will be accepted, and we'll
deprecate them entirely in a future release. ok markus@

Revision 1.412 / (download) - annotate - [select for diffs], Fri Dec 6 13:39:49 2013 UTC (10 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.411: +5 -1 lines
Diff to previous 1.411 (colored)

support ed25519 keys (hostkeys and user identities) using the public domain
ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@

Revision 1.411 / (download) - annotate - [select for diffs], Wed Nov 20 02:19:01 2013 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.410: +3 -3 lines
Diff to previous 1.410 (colored)

delay closure of in/out fds until after "Bad protocol version
identification..." message, as get_remote_ipaddr/get_remote_port
require them open.

Revision 1.410 / (download) - annotate - [select for diffs], Sat Nov 2 21:59:15 2013 UTC (10 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.409: +2 -1 lines
Diff to previous 1.409 (colored)

use curve25519 for default key exchange (curve25519-sha256@libssh.org);
initial patch from Aris Adamantiadis; ok djm@

Revision 1.409 / (download) - annotate - [select for diffs], Wed Oct 23 23:35:32 2013 UTC (10 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.408: +4 -2 lines
Diff to previous 1.408 (colored)

include local address and port in "Connection from ..." message (only
shown at loglevel>=verbose)

Revision 1.408 / (download) - annotate - [select for diffs], Thu Oct 17 22:08:04 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.407: +4 -3 lines
Diff to previous 1.407 (colored)

include remote port in bad banner message; bz#2162

Revision 1.407 / (download) - annotate - [select for diffs], Thu Oct 10 01:43:03 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.406: +5 -6 lines
Diff to previous 1.406 (colored)

bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly
updated; ok dtucker@

Revision 1.406 / (download) - annotate - [select for diffs], Mon Sep 2 22:00:34 2013 UTC (10 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.405: +1 -8 lines
Diff to previous 1.405 (colored)

All the instances of arc4random_stir() are bogus, since arc4random()
does this itself, inside itself, and has for a very long time..  Actually,
this was probably reducing the entropy available.
ok djm

Revision 1.405 / (download) - annotate - [select for diffs], Thu Aug 22 19:02:21 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.404: +7 -1 lines
Diff to previous 1.404 (colored)

Stir PRNG after post-accept fork. The child gets a different PRNG state
anyway via rexec and explicit privsep reseeds, but it's good to be sure.
ok markus@

Revision 1.404 / (download) - annotate - [select for diffs], Fri Jul 19 07:37:48 2013 UTC (10 years, 9 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE, OPENBSD_5_4
Changes since 1.403: +75 -8 lines
Diff to previous 1.403 (colored)

add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
ok djm@

Revision 1.403 / (download) - annotate - [select for diffs], Wed Jun 5 02:27:50 2013 UTC (10 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.402: +4 -2 lines
Diff to previous 1.402 (colored)

When running sshd -D, close stderr unless we have explicitly requesting
logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
so, err, ok dtucker.

Revision 1.402 / (download) - annotate - [select for diffs], Fri May 17 00:13:14 2013 UTC (10 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.401: +6 -6 lines
Diff to previous 1.401 (colored)

bye, bye xfree(); ok markus@

Revision 1.401 / (download) - annotate - [select for diffs], Thu May 16 09:08:41 2013 UTC (10 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.400: +3 -2 lines
Diff to previous 1.400 (colored)

Fix some "unused result" warnings found via clang and -portable.  ok markus@

Revision 1.400 / (download) - annotate - [select for diffs], Thu May 16 04:09:14 2013 UTC (10 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.399: +5 -1 lines
Diff to previous 1.399 (colored)

Add RekeyLimit to sshd with the same syntax as the client allowing rekeying
based on traffic volume or time.  ok djm@, help & ok jmc@ for the man page.

Revision 1.399 / (download) - annotate - [select for diffs], Sun Apr 7 02:10:33 2013 UTC (11 years ago) by dtucker
Branch: MAIN
Changes since 1.398: +14 -5 lines
Diff to previous 1.398 (colored)

Add -E option to ssh and sshd to append debugging logs to a specified file
instead of stderr or syslog.  ok markus@, man page help jmc@

Revision 1.398 / (download) - annotate - [select for diffs], Sat Apr 6 16:07:00 2013 UTC (11 years ago) by markus
Branch: MAIN
Changes since 1.397: +3 -2 lines
Diff to previous 1.397 (colored)

handle ECONNABORTED for accept(); ok deraadt some time ago...

Revision 1.397 / (download) - annotate - [select for diffs], Mon Feb 11 21:21:58 2013 UTC (11 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE, OPENBSD_5_3
Changes since 1.396: +3 -2 lines
Diff to previous 1.396 (colored)

Add openssl version to debug output similar to the client.  ok markus@

Revision 1.396 / (download) - annotate - [select for diffs], Sun Nov 4 11:09:15 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.395: +22 -1 lines
Diff to previous 1.395 (colored)

Support multiple required authentication via an AuthenticationMethods
option. This option lists one or more comma-separated lists of
authentication method names. Successful completion of all the methods in
any list is required for authentication to complete;
feedback and ok markus@

Revision 1.395 / (download) - annotate - [select for diffs], Sun Nov 4 10:38:43 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.394: +8 -1 lines
Diff to previous 1.394 (colored)

Remove default of AuthorizedCommandUser. Administrators are now expected
to explicitly specify a user. feedback and ok markus@

Revision 1.394 / (download) - annotate - [select for diffs], Tue Oct 30 21:29:55 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.393: +10 -1 lines
Diff to previous 1.393 (colored)

new sshd_config option AuthorizedKeysCommand to support fetching
authorized_keys from a command in addition to (or instead of) from
the filesystem. The command is run as the target server user unless
another specified via a new AuthorizedKeysCommandUser option.

patch originally by jchadima AT redhat.com, reworked by me; feedback
and ok markus@

Revision 1.393 / (download) - annotate - [select for diffs], Tue Jul 10 02:19:15 2012 UTC (11 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE, OPENBSD_5_2
Changes since 1.392: +2 -2 lines
Diff to previous 1.392 (colored)

Turn on systrace sandboxing of pre-auth sshd by default for new installs
by shipping a config that overrides the current UsePrivilegeSeparation=yes
default. Make it easier to flip the default in the future by adding too.
prodded markus@ feedback dtucker@ "get it in" deraadt@

Revision 1.392 / (download) - annotate - [select for diffs], Sat Jun 30 14:35:09 2012 UTC (11 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.391: +2 -2 lines
Diff to previous 1.391 (colored)

fix a during the load of the sandbox policies (child can still make
the read-syscall and wait forever for systrace-answers) by replacing
the read/write synchronisation with SIGSTOP/SIGCONT;
report and help hshoexer@; ok djm@, dtucker@

Revision 1.391 / (download) - annotate - [select for diffs], Sun May 13 01:42:32 2012 UTC (11 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.390: +12 -27 lines
Diff to previous 1.390 (colored)

Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
to match.  Feedback and ok djm@ markus@.

Revision 1.390 / (download) - annotate - [select for diffs], Thu Apr 12 02:42:32 2012 UTC (12 years ago) by djm
Branch: MAIN
Changes since 1.389: +6 -4 lines
Diff to previous 1.389 (colored)

VersionAddendum option to allow server operators to append some arbitrary
text to the SSH-... banner; ok deraadt@ "don't care" markus@

Revision 1.389 / (download) - annotate - [select for diffs], Wed Apr 11 13:26:40 2012 UTC (12 years ago) by djm
Branch: MAIN
Changes since 1.388: +5 -2 lines
Diff to previous 1.388 (colored)

don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@

Revision 1.388 / (download) - annotate - [select for diffs], Fri Sep 30 21:22:49 2011 UTC (12 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE, OPENBSD_5_1
Changes since 1.387: +2 -2 lines
Diff to previous 1.387 (colored)

fix inverted test that caused logspam; spotted by henning@

Revision 1.387 / (download) - annotate - [select for diffs], Fri Sep 30 00:47:37 2011 UTC (12 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.386: +2 -2 lines
Diff to previous 1.386 (colored)

don't attempt privsep cleanup when not using privsep; ok markus@

Revision 1.386 / (download) - annotate - [select for diffs], Fri Sep 9 22:38:21 2011 UTC (12 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.385: +17 -5 lines
Diff to previous 1.385 (colored)

kill the preauth privsep child on fatal errors in the monitor;
ok markus@

Revision 1.385 / (download) - annotate - [select for diffs], Thu Jun 23 09:34:13 2011 UTC (12 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE, OPENBSD_5_0
Changes since 1.384: +2 -2 lines
Diff to previous 1.384 (colored)

rename sandbox.h => ssh-sandbox.h to make things easier for portable

Revision 1.384 / (download) - annotate - [select for diffs], Wed Jun 22 21:57:01 2011 UTC (12 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.383: +25 -5 lines
Diff to previous 1.383 (colored)

introduce sandboxing of the pre-auth privsep child using systrace(4).

This introduces a new "UsePrivilegeSeparation=sandbox" option for
sshd_config that applies mandatory restrictions on the syscalls the
privsep child can perform. This prevents a compromised privsep child
from being used to attack other hosts (by opening sockets and proxying)
or probing local kernel attack surface.

The sandbox is implemented using systrace(4) in unsupervised "fast-path"
mode, where a list of permitted syscalls is supplied. Any syscall not
on the list results in SIGKILL being sent to the privsep child. Note
that this requires a kernel with the new SYSTR_POLICY_KILL option.

UsePrivilegeSeparation=sandbox will become the default in the future
so please start testing it now.

feedback dtucker@; ok markus@

Revision 1.383 / (download) - annotate - [select for diffs], Fri Jun 17 21:44:31 2011 UTC (12 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.382: +8 -5 lines
Diff to previous 1.382 (colored)

make the pre-auth privsep slave log via a socketpair shared with the
monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@

Revision 1.382 / (download) - annotate - [select for diffs], Tue Apr 12 05:32:49 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.381: +2 -2 lines
Diff to previous 1.381 (colored)

exit with 0 status on SIGTERM; bz#1879

Revision 1.381 / (download) - annotate - [select for diffs], Tue Jan 11 06:13:10 2011 UTC (13 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE, OPENBSD_4_9
Changes since 1.380: +3 -2 lines
Diff to previous 1.380 (colored)

some unsigned long long casts that make things a bit easier for
portable without resorting to dropping PRIu64 formats everywhere

Revision 1.380 / (download) - annotate - [select for diffs], Wed Sep 22 05:01:29 2010 UTC (13 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.379: +3 -1 lines
Diff to previous 1.379 (colored)

add a KexAlgorithms knob to the client and server configuration to allow
selection of which key exchange methods are used by ssh(1) and sshd(8)
and their order of preference.

ok markus@

Revision 1.379 / (download) - annotate - [select for diffs], Tue Aug 31 12:33:38 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.378: +2 -2 lines
Diff to previous 1.378 (colored)

reintroduce commit from tedu@, which I pulled out for release engineering:

  OpenSSL_add_all_algorithms is the name of the function we have a man page
  for, so use that.  ok djm

Revision 1.378 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.377: +6 -1 lines
Diff to previous 1.377 (colored)

Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.

Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).

Certificate host and user keys using the new ECDSA key types are supported.

Note that this code has not been tested for interoperability and may be
subject to change.

feedback and ok markus@

Revision 1.377 / (download) - annotate - [select for diffs], Mon Aug 16 04:06:06 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.376: +1 -1 lines
Diff to previous 1.376 (colored)

backout previous temporarily; discussed with deraadt@

Revision 1.376 / (download) - annotate - [select for diffs], Thu Aug 12 23:34:39 2010 UTC (13 years, 8 months ago) by tedu
Branch: MAIN
Changes since 1.375: +2 -2 lines
Diff to previous 1.375 (colored)

OpenSSL_add_all_algorithms is the name of the function we have a man page
for, so use that.  ok djm

Revision 1.375 / (download) - annotate - [select for diffs], Fri Apr 16 01:47:26 2010 UTC (14 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE, OPENBSD_4_8
Changes since 1.374: +12 -3 lines
Diff to previous 1.374 (colored)

revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
following changes:

move the nonce field to the beginning of the certificate where it can
better protect against chosen-prefix attacks on the signature hash

Rename "constraints" field to "critical options"

Add a new non-critical "extensions" field

Add a serial number

The older format is still support for authentication and cert generation
(use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)

ok markus@

Revision 1.374 / (download) - annotate - [select for diffs], Sun Mar 7 11:57:13 2010 UTC (14 years, 1 month ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE, OPENBSD_4_7
Changes since 1.373: +2 -1 lines
Diff to previous 1.373 (colored)

Hold authentication debug messages until after successful authentication.
Fixes an info leak of environment variables specified in authorized_keys,
reported by Jacob Appelbaum.  ok djm@

Revision 1.373 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.372: +104 -13 lines
Diff to previous 1.372 (colored)

Add support for certificate key types for users and hosts.

OpenSSH certificate key types are not X.509 certificates, but a much
simpler format that encodes a public key, identity information and
some validity constraints and signs it with a CA key. CA keys are
regular SSH keys. This certificate style avoids the attack surface
of X.509 certificates and is very easy to deploy.

Certified host keys allow automatic acceptance of new host keys
when a CA certificate is marked as trusted in ~/.ssh/known_hosts.
see VERIFYING HOST KEYS in ssh(1) for details.

Certified user keys allow authentication of users when the signing
CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
FILE FORMAT" in sshd(8) for details.

Certificates are minted using ssh-keygen(1), documentation is in
the "CERTIFICATES" section of that manpage.

Documentation on the format of certificates is in the file
PROTOCOL.certkeys

feedback and ok markus@

Revision 1.372 / (download) - annotate - [select for diffs], Fri Jan 29 00:20:41 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.371: +5 -1 lines
Diff to previous 1.371 (colored)

set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com
ok dtucker@

Revision 1.371 / (download) - annotate - [select for diffs], Wed Jan 13 03:48:13 2010 UTC (14 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.370: +3 -2 lines
Diff to previous 1.370 (colored)

avoid run-time failures when specifying hostkeys via a relative
path by prepending the cwd in these cases; bz#1290; ok dtucker@

Revision 1.370 / (download) - annotate - [select for diffs], Sat Jan 9 23:04:13 2010 UTC (14 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.369: +4 -5 lines
Diff to previous 1.369 (colored)

Remove RoutingDomain from ssh since it's now not needed.  It can be replaced
with "route exec" or "nc -V" as a proxycommand.  "route exec" also ensures
that trafic such as DNS lookups stays withing the specified routingdomain.

For example (from reyk):
# route -T 2 exec /usr/sbin/sshd
or inherited from the parent process
$ route -T 2 exec sh
$ ssh 10.1.2.3

ok deraadt@ markus@ stevesk@ reyk@

Revision 1.369 / (download) - annotate - [select for diffs], Sat Jan 9 11:17:56 2010 UTC (14 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.368: +2 -1 lines
Diff to previous 1.368 (colored)

Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs
itself.  Prevents two HUPs in quick succession from resulting in sshd
dying.  bz#1692, patch from Colin Watson via Ubuntu.

Revision 1.368 / (download) - annotate - [select for diffs], Wed Oct 28 16:38:18 2009 UTC (14 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.367: +5 -4 lines
Diff to previous 1.367 (colored)

Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.

ok markus@

Revision 1.367 / (download) - annotate - [select for diffs], Thu May 28 16:50:16 2009 UTC (14 years, 10 months ago) by andreas
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE, OPENBSD_4_6
Changes since 1.366: +4 -3 lines
Diff to previous 1.366 (colored)

Keep track of number of bytes read and written. Needed for upcoming
changes. Most code from Martin Forssen, maf at appgate dot com.
ok markus@

Revision 1.366 / (download) - annotate - [select for diffs], Thu Jan 22 10:02:34 2009 UTC (15 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE, OPENBSD_4_5
Changes since 1.365: +2 -2 lines
Diff to previous 1.365 (colored)

make a2port() return -1 when it encounters an invalid port number
rather than 0, which it will now treat as valid (needed for future work)

adjust current consumers of a2port() to check its return value is <= 0,
which in turn required some things to be converted from u_short => int

make use of int vs. u_short consistent in some other places too

feedback & ok markus@

Revision 1.365 / (download) - annotate - [select for diffs], Thu Oct 30 19:31:16 2008 UTC (15 years, 5 months ago) by stevesk
Branch: MAIN
Changes since 1.364: +1 -2 lines
Diff to previous 1.364 (colored)

don't need to #include "monitor_fdpass.h"

Revision 1.364 / (download) - annotate - [select for diffs], Thu Jul 10 18:08:11 2008 UTC (15 years, 9 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE, OPENBSD_4_4
Changes since 1.363: +8 -3 lines
Diff to previous 1.363 (colored)

sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@

Revision 1.363 / (download) - annotate - [select for diffs], Tue Jul 1 07:24:22 2008 UTC (15 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.362: +5 -3 lines
Diff to previous 1.362 (colored)

Send CR LF during protocol banner exchanges, but only for Protocol 2 only,
in order to comply with RFC 4253.  bz #1443, ok djm@

Revision 1.362 / (download) - annotate - [select for diffs], Sat Jun 14 17:07:11 2008 UTC (15 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.361: +6 -1 lines
Diff to previous 1.361 (colored)

ensure default umask disallows at least group and world write; ok djm@

Revision 1.361 / (download) - annotate - [select for diffs], Sat Jun 14 15:49:48 2008 UTC (15 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.360: +3 -2 lines
Diff to previous 1.360 (colored)

wrap long line at 80 chars

Revision 1.360 / (download) - annotate - [select for diffs], Thu Jun 12 20:38:28 2008 UTC (15 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.359: +4 -1 lines
Diff to previous 1.359 (colored)

Make keepalive timeouts apply while waiting for a packet, particularly during
key renegotiation (bz #1363).  With djm and Matt Day, ok djm@

Revision 1.359 / (download) - annotate - [select for diffs], Tue Jun 10 08:17:40 2008 UTC (15 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.358: +4 -3 lines
Diff to previous 1.358 (colored)

- update usage()
- fix SYNOPSIS, and sort options
- some minor additional fixes

Revision 1.358 / (download) - annotate - [select for diffs], Tue Jun 10 04:50:25 2008 UTC (15 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.357: +44 -3 lines
Diff to previous 1.357 (colored)

Add extended test mode (-T) and connection parameters for test mode (-C).
-T causes sshd to write its effective configuration to stdout and exit.
-C causes any relevant Match rules to be applied before output.  The
combination allows tesing of the parser and config files.  ok deraadt djm

Revision 1.357 / (download) - annotate - [select for diffs], Thu May 8 12:02:23 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.356: +2 -1 lines
Diff to previous 1.356 (colored)

Implement a channel success/failure status confirmation callback
mechanism. Each channel maintains a queue of callbacks, which will
be drained in order (RFC4253 guarantees confirm messages are not
reordered within an channel).

Also includes a abandonment callback to clean up if a channel is
closed without sending confirmation messages. This probably
shouldn't happen in compliant implementations, but it could be
abused to leak memory.

ok markus@ (as part of a larger diff)

Revision 1.356 / (download) - annotate - [select for diffs], Sun Apr 13 00:22:17 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.355: +6 -24 lines
Diff to previous 1.355 (colored)

Use arc4random_buf() when requesting more than a single word of output

Use arc4random_uniform() when the desired random number upper bound
is not a power of two

ok deraadt@ millert@

Revision 1.355 / (download) - annotate - [select for diffs], Thu Feb 14 13:10:31 2008 UTC (16 years, 2 months ago) by mbalmer
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE, OPENBSD_4_3
Changes since 1.354: +2 -2 lines
Diff to previous 1.354 (colored)

When started in configuration test mode (-t) do not check that sshd is
being started with an absolute path.

ok djm

Revision 1.354 / (download) - annotate - [select for diffs], Wed Feb 13 22:38:17 2008 UTC (16 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.353: +11 -2 lines
Diff to previous 1.353 (colored)

rekey arc4random and OpenSSL RNG in postauth child
closefrom fds > 2 before shell/command execution
ok markus@

Revision 1.353 / (download) - annotate - [select for diffs], Mon Dec 31 15:27:04 2007 UTC (16 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.352: +5 -5 lines
Diff to previous 1.352 (colored)

When in inetd mode, have sshd generate a Protocol 1 ephemeral server
key only for connections where the client chooses Protocol 1 as opposed
to when it's enabled in the server's config.  Speeds up Protocol 2
connections to inetd-mode servers that also allow Protocol 1.  bz #440,
based on a patch from bruno at wolff.to, ok markus@

Revision 1.352 / (download) - annotate - [select for diffs], Thu Dec 27 14:22:08 2007 UTC (16 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.351: +2 -3 lines
Diff to previous 1.351 (colored)

Add a small helper function to consistently handle the EAI_SYSTEM error
code of getaddrinfo.  Prompted by vgiffin at apple com via bz #1417.
ok markus@ stevesk@

Revision 1.351 / (download) - annotate - [select for diffs], Tue May 22 10:18:52 2007 UTC (16 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE, OPENBSD_4_2
Changes since 1.350: +1 -2 lines
Diff to previous 1.350 (colored)

zap double include; from p_nowaczyk AT o2.pl

Revision 1.350 / (download) - annotate - [select for diffs], Fri Mar 9 05:20:06 2007 UTC (17 years, 1 month ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE, OPENBSD_4_1
Changes since 1.349: +5 -1 lines
Diff to previous 1.349 (colored)

Move C/R -> kbdint special case to after the defaults have been
loaded, which makes ChallengeResponse default to yes again.  This
was broken by the Match changes and not fixed properly subsequently.
Found by okan at demirmen.com, ok djm@ "please do it" deraadt@

Revision 1.349 / (download) - annotate - [select for diffs], Wed Feb 21 11:00:05 2007 UTC (17 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.348: +2 -1 lines
Diff to previous 1.348 (colored)

Clear alarm() before restarting sshd on SIGHUP.  Without this, if there's
a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
newly exec'ed sshd will get the SIGALRM and not have a handler for it,
and the default action will terminate the listening sshd.  Analysis and
patch from andrew at gaul.org.

Revision 1.312.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 00:44:05 2006 UTC (17 years, 5 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.312.2.2: +3 -3 lines
Diff to previous 1.312.2.2 (colored) to branchpoint 1.312 (colored) next main 1.313 (colored)

upgrade to OpenSSH 4.5

Revision 1.347.4.1 / (download) - annotate - [select for diffs], Wed Nov 8 00:42:11 2006 UTC (17 years, 5 months ago) by brad
Branch: OPENBSD_4_0
Changes since 1.347: +3 -3 lines
Diff to previous 1.347 (colored) next main 1.348 (colored)

upgrade to OpenSSH 4.5

Revision 1.323.2.2 / (download) - annotate - [select for diffs], Wed Nov 8 00:17:14 2006 UTC (17 years, 5 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.323.2.1: +3 -3 lines
Diff to previous 1.323.2.1 (colored) to branchpoint 1.323 (colored) next main 1.324 (colored)

upgrade to OpenSSH 4.5

Revision 1.348 / (download) - annotate - [select for diffs], Mon Nov 6 21:25:28 2006 UTC (17 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.347: +3 -3 lines
Diff to previous 1.347 (colored)

add missing checks for openssl return codes; with & ok djm@

Revision 1.312.2.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:33 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.312.2.1: +401 -335 lines
Diff to previous 1.312.2.1 (colored) to branchpoint 1.312 (colored)

upgrade to OpenSSH 4.4

Revision 1.323.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:51 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.323: +395 -337 lines
Diff to previous 1.323 (colored)

upgrade to OpenSSH 4.4

Revision 1.347 / (download) - annotate - [select for diffs], Fri Aug 18 09:15:20 2006 UTC (17 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE
Branch point for: OPENBSD_4_0
Changes since 1.346: +2 -1 lines
Diff to previous 1.346 (colored)

delay authentication related cleanups until we're authenticated and
all alarms have been cancelled; ok deraadt

Revision 1.346 / (download) - annotate - [select for diffs], Fri Aug 18 09:13:26 2006 UTC (17 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.345: +2 -4 lines
Diff to previous 1.345 (colored)

make signal handler termination path shorter; risky code pointed out by
mark dowd; ok djm markus

Revision 1.345 / (download) - annotate - [select for diffs], Wed Aug 16 11:47:15 2006 UTC (17 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.344: +333 -308 lines
Diff to previous 1.344 (colored)

factor inetd connection, TCP listen and main TCP accept loop out of main()
into separate functions to improve readability; ok markus@

Revision 1.344 / (download) - annotate - [select for diffs], Sat Aug 5 07:52:52 2006 UTC (17 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.343: +2 -1 lines
Diff to previous 1.343 (colored)

Add headers required to build with KERBEROS5=no.  ok djm@

Revision 1.343 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.342: +11 -8 lines
Diff to previous 1.342 (colored)

almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step

Revision 1.342 / (download) - annotate - [select for diffs], Tue Aug 1 23:22:48 2006 UTC (17 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.341: +2 -1 lines
Diff to previous 1.341 (colored)

move #include <stdio.h> out of includes.h

Revision 1.341 / (download) - annotate - [select for diffs], Wed Jul 26 13:57:17 2006 UTC (17 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.340: +2 -1 lines
Diff to previous 1.340 (colored)

move #include <stdlib.h> out of includes.h

Revision 1.340 / (download) - annotate - [select for diffs], Tue Jul 25 02:59:21 2006 UTC (17 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.339: +2 -1 lines
Diff to previous 1.339 (colored)

move #include <sys/time.h> out of includes.h

Revision 1.339 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.338: +2 -1 lines
Diff to previous 1.338 (colored)

move #include <string.h> out of includes.h

Revision 1.338 / (download) - annotate - [select for diffs], Wed Jul 12 22:28:52 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.337: +2 -1 lines
Diff to previous 1.337 (colored)

move #include <netdb.h> out of includes.h; ok djm@

Revision 1.337 / (download) - annotate - [select for diffs], Wed Jul 12 11:34:58 2006 UTC (17 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.336: +8 -9 lines
Diff to previous 1.336 (colored)

Add support for conditional directives to sshd_config via a "Match" keyword,
which works similarly to the "Host" directive in ssh_config.

Lines after a Match line override the default set in the main section
if the condition on the Match line is true, eg

AllowTcpForwarding yes
Match User anoncvs
        AllowTcpForwarding no

will allow port forwarding by all users except "anoncvs".

Currently only a very small subset of directives are supported.

ok djm@

Revision 1.336 / (download) - annotate - [select for diffs], Tue Jul 11 20:07:25 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.335: +2 -1 lines
Diff to previous 1.335 (colored)

move #include <errno.h> out of includes.h; ok markus@

Revision 1.335 / (download) - annotate - [select for diffs], Sun Jul 9 15:15:11 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.334: +2 -1 lines
Diff to previous 1.334 (colored)

move #include <fcntl.h> out of includes.h

Revision 1.334 / (download) - annotate - [select for diffs], Sat Jul 8 21:47:12 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.333: +2 -1 lines
Diff to previous 1.333 (colored)

move #include <sys/socket.h> out of includes.h

Revision 1.333 / (download) - annotate - [select for diffs], Thu Jul 6 16:03:53 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.332: +2 -1 lines
Diff to previous 1.332 (colored)

move #include <pwd.h> out of includes.h; ok markus@

Revision 1.332 / (download) - annotate - [select for diffs], Mon Jul 3 08:54:20 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.331: +2 -1 lines
Diff to previous 1.331 (colored)

move #include "version.h" out of includes.h; ok markus@

Revision 1.331 / (download) - annotate - [select for diffs], Thu Jun 1 09:21:48 2006 UTC (17 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.330: +8 -2 lines
Diff to previous 1.330 (colored)

call get_remote_ipaddr() early; fixes logging after client disconnects;
report mpf@; ok dtucker@

Revision 1.330 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years ago) by djm
Branch: MAIN
Changes since 1.329: +1 -0 lines
Diff to previous 1.329 (colored)

Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files

Revision 1.329 / (download) - annotate - [select for diffs], Sat Mar 25 00:05:41 2006 UTC (18 years ago) by djm
Branch: MAIN
Changes since 1.328: +7 -9 lines
Diff to previous 1.328 (colored)

introduce xcalloc() and xasprintf() failure-checked allocations functions
and use them throughout openssh

xcalloc is particularly important because malloc(nmemb * size) is a
dangerous idiom (subject to integer overflow) and it is time for it to
die

feedback and ok deraadt@

Revision 1.328 / (download) - annotate - [select for diffs], Mon Mar 20 18:17:20 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.327: +0 -1 lines
Diff to previous 1.327 (colored)

sprinkle some ARGSUSED for table driven functions (which sometimes must ignore their args)

Revision 1.327 / (download) - annotate - [select for diffs], Sun Mar 19 18:56:41 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.326: +37 -20 lines
Diff to previous 1.326 (colored)

ARGSUSED for signal handlers

Revision 1.326 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:19 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.325: +0 -1 lines
Diff to previous 1.325 (colored)

RCSID() can die

Revision 1.325 / (download) - annotate - [select for diffs], Mon Mar 13 08:16:00 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.324: +4 -4 lines
Diff to previous 1.324 (colored)

don't log that we are listening on a socket before the listen() call
actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@

Revision 1.324 / (download) - annotate - [select for diffs], Tue Mar 7 09:07:40 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.323: +2 -1 lines
Diff to previous 1.323 (colored)

Implement the diffie-hellman-group-exchange-sha256 key exchange method
using the SHA256 code in libc (and wrapper to make it into an OpenSSL
EVP), interop tested against CVS PuTTY

Revision 1.323 / (download) - annotate - [select for diffs], Mon Feb 20 17:19:54 2006 UTC (18 years, 1 month ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.322: +2 -1 lines
Diff to previous 1.322 (colored)

move #include <sys/stat.h> out of includes.h; ok markus@

Revision 1.322 / (download) - annotate - [select for diffs], Mon Feb 20 17:02:44 2006 UTC (18 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.321: +2 -1 lines
Diff to previous 1.321 (colored)

move #include <signal.h> out of includes.h; ok markus@

Revision 1.321 / (download) - annotate - [select for diffs], Fri Feb 10 01:44:27 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.320: +3 -1 lines
Diff to previous 1.320 (colored)

move #include <sys/wait.h> out of includes.h; ok markus@

Revision 1.320 / (download) - annotate - [select for diffs], Fri Feb 10 00:27:13 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.319: +3 -1 lines
Diff to previous 1.319 (colored)

move #include <sys/ioctl.h> out of includes.h; ok markus@

Revision 1.319 / (download) - annotate - [select for diffs], Wed Feb 8 12:15:27 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.318: +3 -1 lines
Diff to previous 1.318 (colored)

move #include <paths.h> out of includes.h; ok markus@

Revision 1.312.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:58 2006 UTC (18 years, 2 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.312: +25 -13 lines
Diff to previous 1.312 (colored)

upgrade to OpenSSH 4.3

Revision 1.308.2.2 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:46 2006 UTC (18 years, 2 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.308.2.1: +25 -13 lines
Diff to previous 1.308.2.1 (colored) to branchpoint 1.308 (colored) next main 1.309 (colored)

upgrade to OpenSSH 4.3

Revision 1.318 / (download) - annotate - [select for diffs], Sat Dec 24 02:27:41 2005 UTC (18 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.317: +12 -8 lines
Diff to previous 1.317 (colored)

eliminate some code duplicated in privsep and non-privsep paths, and
explicitly clear SIGALRM handler; "groovy" deraadt@

Revision 1.317 / (download) - annotate - [select for diffs], Sun Oct 30 08:52:18 2005 UTC (18 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.316: +3 -3 lines
Diff to previous 1.316 (colored)

no need to escape single quotes in comments, no binary change

Revision 1.316 / (download) - annotate - [select for diffs], Sun Oct 30 08:29:29 2005 UTC (18 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.315: +7 -2 lines
Diff to previous 1.315 (colored)

Check for connections with IP options earlier and drop silently.  ok djm@

Revision 1.315 / (download) - annotate - [select for diffs], Wed Sep 21 23:37:11 2005 UTC (18 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.314: +3 -3 lines
Diff to previous 1.314 (colored)

change label at markus@'s request

Revision 1.314 / (download) - annotate - [select for diffs], Mon Sep 19 11:47:09 2005 UTC (18 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.313: +3 -3 lines
Diff to previous 1.313 (colored)

stop connection abort on rekey with delayed compression enabled when
post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@

Revision 1.313 / (download) - annotate - [select for diffs], Tue Sep 13 23:40:07 2005 UTC (18 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.312: +4 -1 lines
Diff to previous 1.312 (colored)

ensure that stdio fds are attached; ok deraadt@

Revision 1.308.2.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:11 2005 UTC (18 years, 7 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.308: +25 -11 lines
Diff to previous 1.308 (colored)

upgrade to OpenSSH 4.2

Revision 1.302.2.2 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:01 2005 UTC (18 years, 7 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.302.2.1: +25 -11 lines
Diff to previous 1.302.2.1 (colored) to branchpoint 1.302 (colored) next main 1.303 (colored)

upgrade to OpenSSH 4.2

Revision 1.312 / (download) - annotate - [select for diffs], Mon Jul 25 11:59:40 2005 UTC (18 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_8
Changes since 1.311: +13 -2 lines
Diff to previous 1.311 (colored)

add a new compression method that delays compression until the user
has been authenticated successfully and set compression to 'delayed'
for sshd.

this breaks older openssh clients (< 3.5) if they insist on
compression, so you have to re-enable compression in sshd_config.
ok djm@

Revision 1.311 / (download) - annotate - [select for diffs], Fri Jun 17 02:44:33 2005 UTC (18 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.310: +4 -3 lines
Diff to previous 1.310 (colored)

make this -Wsign-compare clean; ok avsm@ markus@

Revision 1.310 / (download) - annotate - [select for diffs], Thu Jun 16 08:00:00 2005 UTC (18 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.309: +5 -2 lines
Diff to previous 1.309 (colored)

don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm

Revision 1.309 / (download) - annotate - [select for diffs], Wed Apr 6 09:43:59 2005 UTC (19 years ago) by djm
Branch: MAIN
Changes since 1.308: +6 -7 lines
Diff to previous 1.308 (colored)

avoid harmless logspam by not performing setsockopt() on non-socket; ok markus@

Revision 1.290.2.2 / (download) - annotate - [select for diffs], Thu Mar 10 17:15:05 2005 UTC (19 years, 1 month ago) by brad
Branch: OPENBSD_3_5
Changes since 1.290.2.1: +23 -24 lines
Diff to previous 1.290.2.1 (colored) to branchpoint 1.290 (colored) next main 1.291 (colored)

upgrade to OpenSSH 4.0

Revision 1.302.2.1 / (download) - annotate - [select for diffs], Thu Mar 10 16:28:28 2005 UTC (19 years, 1 month ago) by brad
Branch: OPENBSD_3_6
Changes since 1.302: +20 -22 lines
Diff to previous 1.302 (colored)

upgrade to OpenSSH 4.0

Revision 1.308 / (download) - annotate - [select for diffs], Tue Feb 8 22:24:57 2005 UTC (19 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE
Branch point for: OPENBSD_3_7
Changes since 1.307: +6 -4 lines
Diff to previous 1.307 (colored)

Provide reason in error message if getnameinfo fails; ok markus@

Revision 1.307 / (download) - annotate - [select for diffs], Fri Jan 21 08:32:02 2005 UTC (19 years, 2 months ago) by otto
Branch: MAIN
Changes since 1.306: +5 -4 lines
Diff to previous 1.306 (colored)

Warn in advance for password and account expiry; initialize loginmsg
buffer earlier and clear it after privsep fork. ok and help dtucker@ markus@

Revision 1.306 / (download) - annotate - [select for diffs], Mon Jan 17 22:48:39 2005 UTC (19 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.305: +2 -2 lines
Diff to previous 1.305 (colored)

Make debugging output continue after reexec; ok djm@

Revision 1.305 / (download) - annotate - [select for diffs], Thu Dec 23 23:11:00 2004 UTC (19 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.304: +6 -10 lines
Diff to previous 1.304 (colored)

bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz
ok deraadt@

Revision 1.304 / (download) - annotate - [select for diffs], Sat Sep 25 03:45:14 2004 UTC (19 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.303: +2 -2 lines
Diff to previous 1.303 (colored)

these printf args are no longer double; ok deraadt@ markus@

Revision 1.303 / (download) - annotate - [select for diffs], Wed Sep 15 18:42:27 2004 UTC (19 years, 7 months ago) by mickey
Branch: MAIN
Changes since 1.302: +4 -5 lines
Diff to previous 1.302 (colored)

use less doubles in daemons; markus@ ok

Revision 1.302 / (download) - annotate - [select for diffs], Sat Aug 28 01:01:48 2004 UTC (19 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.301: +4 -3 lines
Diff to previous 1.301 (colored)

don't erroneously close stdin for !reexec case, from Dave Johnson; ok markus@

Revision 1.276.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:33 2004 UTC (19 years, 8 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.276.2.1: +251 -45 lines
Diff to previous 1.276.2.1 (colored) to branchpoint 1.276 (colored) next main 1.277 (colored)

upgrade to OpenSSH 3.9

Revision 1.290.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:28 2004 UTC (19 years, 8 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.290: +244 -25 lines
Diff to previous 1.290 (colored)

upgrade to OpenSSH 3.9

Revision 1.301 / (download) - annotate - [select for diffs], Wed Aug 11 11:50:09 2004 UTC (19 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.300: +3 -2 lines
Diff to previous 1.300 (colored)

Don't try to close startup_pipe if it's not open; ok djm@

Revision 1.300 / (download) - annotate - [select for diffs], Wed Jul 28 08:56:22 2004 UTC (19 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.299: +9 -9 lines
Diff to previous 1.299 (colored)

call setsid() _before_ re-exec

Revision 1.299 / (download) - annotate - [select for diffs], Sat Jul 17 05:31:41 2004 UTC (19 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.298: +7 -1 lines
Diff to previous 1.298 (colored)

Move "Last logged in at.." message generation to the monitor, right
before recording the new login.  Fixes missing lastlog message when
/var/log/lastlog is not world-readable and incorrect datestamp when
multiple sessions are used (bz #463);  much assistance & ok markus@

Revision 1.298 / (download) - annotate - [select for diffs], Sun Jul 11 17:48:47 2004 UTC (19 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.297: +3 -3 lines
Diff to previous 1.297 (colored)

spaces

Revision 1.297 / (download) - annotate - [select for diffs], Sat Jun 26 20:07:16 2004 UTC (19 years, 9 months ago) by avsm
Branch: MAIN
Changes since 1.296: +3 -2 lines
Diff to previous 1.296 (colored)

initialise some fd variables to -1, djm@ ok

Revision 1.296 / (download) - annotate - [select for diffs], Fri Jun 25 18:43:36 2004 UTC (19 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.295: +28 -14 lines
Diff to previous 1.295 (colored)

fix broken fd handling in the re-exec fallback path, particularly when
/dev/crypto is in use; ok deraadt@ markus@

Revision 1.295 / (download) - annotate - [select for diffs], Fri Jun 25 01:16:09 2004 UTC (19 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.294: +2 -2 lines
Diff to previous 1.294 (colored)

only perform tcp wrappers checks when the incoming connection is on a socket.
silences useless warnings from regress tests that use proxycommand="sshd -i"
prompted by david@ ok markus@

Revision 1.294 / (download) - annotate - [select for diffs], Thu Jun 24 19:30:54 2004 UTC (19 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.293: +214 -16 lines
Diff to previous 1.293 (colored)

re-exec sshd on accept(); initial work, final debugging and ok markus@

Revision 1.293 / (download) - annotate - [select for diffs], Mon Jun 14 01:44:39 2004 UTC (19 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.292: +3 -5 lines
Diff to previous 1.292 (colored)

set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@

Revision 1.292 / (download) - annotate - [select for diffs], Sun Jun 13 12:53:24 2004 UTC (19 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.291: +2 -1 lines
Diff to previous 1.291 (colored)

implement diffie-hellman-group14-sha1 kex method (trivial extension to
existing diffie-hellman-group1-sha1); ok markus@

Revision 1.291 / (download) - annotate - [select for diffs], Sun May 9 01:19:28 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.290: +5 -5 lines
Diff to previous 1.290 (colored)

kill some more tiny files; ok deraadt@

Revision 1.290 / (download) - annotate - [select for diffs], Thu Mar 11 10:21:17 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.289: +2 -2 lines
Diff to previous 1.289 (colored)

ssh, sshd: sync version output, ok djm

Revision 1.289 / (download) - annotate - [select for diffs], Thu Mar 11 08:36:26 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.288: +5 -19 lines
Diff to previous 1.288 (colored)

trim usage; ok deraadt

Revision 1.263.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:17 2004 UTC (20 years, 1 month ago) by brad
Branch: OPENBSD_3_3
Changes since 1.263.2.1: +55 -41 lines
Diff to previous 1.263.2.1 (colored) to branchpoint 1.263 (colored) next main 1.264 (colored)

upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8

Revision 1.288 / (download) - annotate - [select for diffs], Wed Mar 3 06:47:52 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.287: +2 -1 lines
Diff to previous 1.287 (colored)

change proctiltle after accept(2); ok henning, deraadt, djm

Revision 1.276.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:34 2004 UTC (20 years, 1 month ago) by brad
Branch: OPENBSD_3_4
Changes since 1.276: +55 -41 lines
Diff to previous 1.276 (colored)

upgrade to OpenSSH 3.8

Revision 1.287 / (download) - annotate - [select for diffs], Wed Feb 25 00:22:45 2004 UTC (20 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.286: +2 -2 lines
Diff to previous 1.286 (colored)

typo in comment

Revision 1.286 / (download) - annotate - [select for diffs], Mon Feb 23 12:02:33 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.285: +11 -1 lines
Diff to previous 1.285 (colored)

backout revision 1.279; set listen socket to non-block; ok henning.

Revision 1.285 / (download) - annotate - [select for diffs], Thu Feb 5 05:37:17 2004 UTC (20 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.284: +6 -2 lines
Diff to previous 1.284 (colored)

Pass SIGALRM through to privsep child if LoginGraceTime expires.  ok markus@

Revision 1.284 / (download) - annotate - [select for diffs], Tue Dec 9 21:53:37 2003 UTC (20 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.283: +3 -3 lines
Diff to previous 1.283 (colored)

rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@

Revision 1.283 / (download) - annotate - [select for diffs], Tue Dec 9 17:29:04 2003 UTC (20 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.282: +5 -2 lines
Diff to previous 1.282 (colored)

fix -o and HUP; ok henning@

Revision 1.282 / (download) - annotate - [select for diffs], Tue Dec 2 17:01:15 2003 UTC (20 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.281: +2 -2 lines
Diff to previous 1.281 (colored)

use SSH_LISTEN_BACKLOG (=128) in listen(2).

Revision 1.281 / (download) - annotate - [select for diffs], Mon Nov 10 16:23:41 2003 UTC (20 years, 5 months ago) by jakob
Branch: MAIN
Changes since 1.280: +6 -5 lines
Diff to previous 1.280 (colored)

constify. ok markus@ & djm@

Revision 1.280 / (download) - annotate - [select for diffs], Thu Oct 2 10:41:59 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.279: +3 -2 lines
Diff to previous 1.279 (colored)

print openssl version, too, several requests; ok henning/djm.

Revision 1.279 / (download) - annotate - [select for diffs], Fri Sep 26 08:19:29 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.278: +1 -11 lines
Diff to previous 1.278 (colored)

no need to set the listen sockets to non-block; ok deraadt@

Revision 1.278 / (download) - annotate - [select for diffs], Tue Sep 23 20:17:11 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.277: +36 -23 lines
Diff to previous 1.277 (colored)

replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@

Revision 1.277 / (download) - annotate - [select for diffs], Fri Sep 19 11:33:09 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.276: +1 -9 lines
Diff to previous 1.276 (colored)

do not call packet_close on fatal; ok deraadt

Revision 1.260.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:29 2003 UTC (20 years, 7 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.260.2.1: +51 -102 lines
Diff to previous 1.260.2.1 (colored) to branchpoint 1.260 (colored) next main 1.261 (colored)

upgrade to OpenSSH 3.7

Revision 1.263.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:44 2003 UTC (20 years, 7 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.263: +51 -102 lines
Diff to previous 1.263 (colored)

upgrade to OpenSSH 3.7

Revision 1.276 / (download) - annotate - [select for diffs], Thu Aug 28 12:54:34 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.275: +1 -15 lines
Diff to previous 1.275 (colored)

remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...

Revision 1.275 / (download) - annotate - [select for diffs], Wed Aug 13 08:46:31 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.274: +2 -17 lines
Diff to previous 1.274 (colored)

remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others

Revision 1.274 / (download) - annotate - [select for diffs], Tue Jul 22 13:35:22 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.273: +4 -17 lines
Diff to previous 1.273 (colored)

remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@

Revision 1.273 / (download) - annotate - [select for diffs], Wed Jul 16 10:34:53 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.272: +3 -7 lines
Diff to previous 1.272 (colored)

don't exit on multiple -v or -d; ok deraadt@

Revision 1.272 / (download) - annotate - [select for diffs], Mon Jul 14 12:36:37 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.271: +28 -35 lines
Diff to previous 1.271 (colored)

remove undocumented -V option. would be only useful if openssh is used
as ssh v1 server for ssh.com's ssh v2.

Revision 1.271 / (download) - annotate - [select for diffs], Sat Jun 28 16:23:06 2003 UTC (20 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.270: +4 -4 lines
Diff to previous 1.270 (colored)

deal with typing of write vs read in atomicio

Revision 1.270 / (download) - annotate - [select for diffs], Sat Jun 28 07:48:10 2003 UTC (20 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.269: +5 -2 lines
Diff to previous 1.269 (colored)

report pidfile creation errors, based on patch from Roumen Petrov; ok markus@

Revision 1.269 / (download) - annotate - [select for diffs], Tue Jun 24 08:23:46 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.268: +2 -2 lines
Diff to previous 1.268 (colored)

int -> u_int; ok djm@, deraadt@, mouring@

Revision 1.268 / (download) - annotate - [select for diffs], Wed Jun 4 10:23:48 2003 UTC (20 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.267: +1 -5 lines
Diff to previous 1.267 (colored)

remove duplicated group-dropping code; ok markus@

Revision 1.267 / (download) - annotate - [select for diffs], Thu May 29 16:58:45 2003 UTC (20 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.266: +4 -2 lines
Diff to previous 1.266 (colored)

seteuid and setegid; markus ok

Revision 1.266 / (download) - annotate - [select for diffs], Sat May 24 09:30:40 2003 UTC (20 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.265: +2 -2 lines
Diff to previous 1.265 (colored)

cast some types for printing; ok markus@

Revision 1.265 / (download) - annotate - [select for diffs], Mon Apr 14 14:17:50 2003 UTC (21 years ago) by markus
Branch: MAIN
Changes since 1.264: +3 -2 lines
Diff to previous 1.264 (colored)

avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP

Revision 1.264 / (download) - annotate - [select for diffs], Tue Apr 8 20:21:29 2003 UTC (21 years ago) by itojun
Branch: MAIN
Changes since 1.263: +15 -15 lines
Diff to previous 1.263 (colored)

rename log() into logit() to avoid name conflict.  markus ok, from netbsd

Revision 1.239.2.5 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:18 2003 UTC (21 years ago) by miod
Branch: OPENBSD_3_1
Changes since 1.239.2.4: +8 -6 lines
Diff to previous 1.239.2.4 (colored) to branchpoint 1.239 (colored) next main 1.240 (colored)

Merge OpenSSH 3.6.1

Revision 1.260.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:14 2003 UTC (21 years ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.260: +8 -6 lines
Diff to previous 1.260 (colored)

Update to OpenSSH 3.6

Revision 1.263 / (download) - annotate - [select for diffs], Sun Feb 16 17:09:57 2003 UTC (21 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.262: +5 -3 lines
Diff to previous 1.262 (colored)

split kex into client and server code, no need to link
server code into the client; ok provos@

Revision 1.262 / (download) - annotate - [select for diffs], Mon Jan 27 17:06:31 2003 UTC (21 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.261: +3 -3 lines
Diff to previous 1.261 (colored)

more specific error message when /var/empty has wrong permissions;
bug #46, map@appgate.com; ok henning@, provos@, stevesk@

Revision 1.261 / (download) - annotate - [select for diffs], Thu Nov 7 16:28:47 2002 UTC (21 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.260: +2 -2 lines
Diff to previous 1.260 (colored)

log to stderr if -ie is given, bug #414, prj@po.cwru.edu

Revision 1.206.2.6 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:07 2002 UTC (21 years, 6 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.206.2.5: +41 -41 lines
Diff to previous 1.206.2.5 (colored) to branchpoint 1.206 (colored) next main 1.207 (colored)

Update to OpenSSH 3.5

Revision 1.239.2.4 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:53 2002 UTC (21 years, 6 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.239.2.3: +41 -41 lines
Diff to previous 1.239.2.3 (colored) to branchpoint 1.239 (colored)

Update to OpenSSH 3.5

Revision 1.260 / (download) - annotate - [select for diffs], Fri Sep 27 10:42:09 2002 UTC (21 years, 6 months ago) by mickey
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.259: +7 -1 lines
Diff to previous 1.259 (colored)

add a generic match for a prober, such as sie big brother; idea from stevesk@; markus@ ok

Revision 1.259 / (download) - annotate - [select for diffs], Wed Sep 25 15:19:02 2002 UTC (21 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.258: +2 -2 lines
Diff to previous 1.258 (colored)

typo; pilot@monkey.org

Revision 1.258 / (download) - annotate - [select for diffs], Fri Sep 13 19:23:09 2002 UTC (21 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.257: +6 -22 lines
Diff to previous 1.257 (colored)

remove use of SO_LINGER, it should not be needed. error check
SO_REUSEADDR. fixup comments. ok markus@

Revision 1.257 / (download) - annotate - [select for diffs], Tue Jul 23 16:03:10 2002 UTC (21 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.256: +5 -3 lines
Diff to previous 1.256 (colored)

utmp_len is unsigned; display error consistent with other options.
ok markus@

Revision 1.256 / (download) - annotate - [select for diffs], Fri Jul 19 15:43:33 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.255: +9 -4 lines
Diff to previous 1.255 (colored)

remove fatal cleanups after fork; based on discussions with and code
from solar.

Revision 1.255 / (download) - annotate - [select for diffs], Sun Jun 30 21:59:45 2002 UTC (21 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.254: +5 -4 lines
Diff to previous 1.254 (colored)

minor KNF

Revision 1.254 / (download) - annotate - [select for diffs], Sun Jun 30 21:54:16 2002 UTC (21 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.253: +12 -12 lines
Diff to previous 1.253 (colored)

lint asks that we use names that do not overlap

Revision 1.253 / (download) - annotate - [select for diffs], Fri Jun 28 23:05:06 2002 UTC (21 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.252: +2 -2 lines
Diff to previous 1.252 (colored)

gidset[2] -> gidset[1]; markus ok

Revision 1.252 / (download) - annotate - [select for diffs], Fri Jun 28 10:08:25 2002 UTC (21 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.251: +3 -1 lines
Diff to previous 1.251 (colored)

range check -u option at invocation

Revision 1.206.2.5 / (download) - annotate - [select for diffs], Wed Jun 26 18:22:36 2002 UTC (21 years, 9 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.206.2.4: +34 -12 lines
Diff to previous 1.206.2.4 (colored) to branchpoint 1.206 (colored)

There was an update to OpenSSH 3.4, and people rejoiced.

Revision 1.239.2.3 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:39 2002 UTC (21 years, 9 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.239.2.2: +57 -18 lines
Diff to previous 1.239.2.2 (colored) to branchpoint 1.239 (colored)

Pull in OpenSSH-3.4

Revision 1.251 / (download) - annotate - [select for diffs], Tue Jun 25 18:51:04 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.250: +12 -1 lines
Diff to previous 1.250 (colored)

lightweight do_setusercontext after chroot()

Revision 1.250 / (download) - annotate - [select for diffs], Sun Jun 23 10:29:52 2002 UTC (21 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.249: +16 -8 lines
Diff to previous 1.249 (colored)

some minor KNF and %u

Revision 1.249 / (download) - annotate - [select for diffs], Sun Jun 23 03:30:17 2002 UTC (21 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.248: +3 -3 lines
Diff to previous 1.248 (colored)

various KNF and %d for unsigned

Revision 1.248 / (download) - annotate - [select for diffs], Sat Jun 22 20:05:27 2002 UTC (21 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.247: +2 -2 lines
Diff to previous 1.247 (colored)

don't call setsid() if debugging or run from inetd; no "Operation not
permitted" errors now; ok millert@ markus@

Revision 1.247 / (download) - annotate - [select for diffs], Sat Jun 22 16:40:19 2002 UTC (21 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.246: +4 -1 lines
Diff to previous 1.246 (colored)