summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Allow overridding TEST_SSH_SSHD.Darren Tucker2024-11-081-1/+3
| | | | | This will allow tests to specify an alternative sshd, eg on a remote machine with different endianness.
* upstream: ssh-agent implemented an all-or-nothing allow-list ofdjm@openbsd.org2024-11-072-10/+35
| | | | | | | | | | | | | FIDO application IDs for security key-backed keys, to prevent web key handles from being used remotely as this would likely lead to unpleasant surprises. By default, only application IDs that start with "ssh:*" are allowed. This adds a -Owebsafe-allow=... argument that can override the default list with a more or less restrictive one. The default remains unchanged. ok markus@ OpenBSD-Commit-ID: 957c1ed92a8d7c87453b9341f70cb3f4e6b23e8d
* upstream: Ignore extra groups that don't fit in the buffer passedjca@openbsd.org2024-11-072-1/+2
| | | | | | | | | | | | | to getgrouplist(3) Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents an admin from adding a user to more groups. With that tweak we'll keep on ignoring them instead of potentially reading past the buffer passed to getgrouplist(3). That behavior is explicitely described in initgroups(3). ok millert@ gilles@ OpenBSD-Commit-ID: a959fc45ea3431b36f52eda04faefc58bcde00db
* Add git signing key for Tim RiceDamien Miller2024-11-041-0/+3
|
* Correct path to c-cpp.yml file in workflow config.Darren Tucker2024-11-011-2/+2
|
* Test new OpenSSL and LibreSSL releases.`Darren Tucker2024-11-011-5/+7
|
* Add nbsd10 default test config.Darren Tucker2024-11-011-0/+1
|
* fix uint64_t types; reported by Tom G. ChristensenDamien Miller2024-10-301-8/+8
|
* htole64() etc for systems without endian.hDamien Miller2024-10-272-1/+26
|
* upstream: explicitly include endian.hdjm@openbsd.org2024-10-271-1/+4
| | | | OpenBSD-Commit-ID: 13511fdef7535bdbc35b644c90090013da43a318
* upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted bydjm@openbsd.org2024-10-272-8/+17
| | | | | | jsg@ feedback/ok deraadt@ OpenBSD-Commit-ID: 26d81a430811672bc762687166986cad40d28cc0
* upstream: mlkem768x25519-sha256 has been promoted to default keynaddy@openbsd.org2024-10-272-6/+6
| | | | | | exchange OpenBSD-Commit-ID: 5a3259a193fd42108a869ebf650b95b5f2d08dcf
* Retire the minix3 test config.Darren Tucker2024-10-251-1/+0
| | | | | | | | It got broken by the sshd-auth change, it's not obvious why, and the platform lacks the debugging tools (eg gdb, strace) to figure it out. The upstream project seems effectively dead (6 years since the last commit, 10 since the last release). It was useful while it lasted (we found a real bug because of it) but its time seems to have passed.
* Updated gitignore to ignore sshd-session and sshd-auth targetsPreetish Amballi2024-10-251-0/+2
|
* Simplify pselect shim and remove side effects.Darren Tucker2024-10-251-55/+51
| | | | | | | | | Instead of maintaing state (pipe descriptors, signal handlers) across pselect-on-select invocations, set up and restore them each call. This prevents outside factors (eg a closefrom or signal handler installation) from potentially causing problems. This does result in a drop in throughput of a couple of percent on geriatric platforms without a native pselect due to the extra overhead. Tweaks & ok djm@
* upstream: promote mlkem768x25519-sha256 to be the default key exchange;djm@openbsd.org2024-10-251-2/+2
| | | | | | ok markus@ OpenBSD-Commit-ID: fc673065e6505bb06b2e2b9362f78ccb4200a828
* upstream: test SIGUSR1 dropping all keys from ssh-agentdjm@openbsd.org2024-10-241-2/+25
| | | | OpenBSD-Regress-ID: 8654b9aa8eb695b1499fffc408c25319592bf0e0
* upstream: amake ssh-agent drop all keys when it receives SIGUSR1;djm@openbsd.org2024-10-242-8/+33
| | | | | | | | let's users zap keys without access to $SSH_AUTH_SOCK ok deraadt@ OpenBSD-Commit-ID: dae9db0516b1011e5ba8c655ac702fce42e6c023
* upstream: relax valid_domain() checks to allow an underscore as thedjm@openbsd.org2024-10-241-2/+3
| | | | | | first character. ok deraadt@ OpenBSD-Commit-ID: 3f8be6d32496e5596dd8b14e19cb067ddd7969ef
* upstream: Remove sshd logfile in start_sshddtucker@openbsd.org2024-10-221-1/+4
| | | | | | | | ... and ssh and sshd log wrappers before recreating them. Prevents "can't create" errors during tests when running tests without SUDO after having run them with SUDO. OpenBSD-Regress-ID: 2f0a83532e3dccd673a9bf0291090277268c69a6
* upstream: Add a sshd debug wrapperdtucker@openbsd.org2024-10-221-0/+52
| | | | | | | | ... to run all of the subprograms from the build directory while developing and debugging. Should help prevent accidentally testing against unchanged installed sshd-auth and sshd-session binaries. ok djm@ OpenBSD-Commit-ID: 61760cdc98c2bc8f1e9f83a6f97cca0f66b52e69
* upstream: Make debug call printf("%s", NULL) safe.dtucker@openbsd.org2024-10-221-2/+3
| | | | | | | Prevents problems on platforms where this isn't safe (which it's not required to be). ok djm@ OpenBSD-Commit-ID: 8fa4ce3ad90915c925b81b99a79ab920b0523387
* Resync cvsid missed in commit 6072e4c9.Darren Tucker2024-10-221-1/+1
|
* upstream: mention that LocalForward and RemoteForward can accept Unixdjm@openbsd.org2024-10-181-7/+20
| | | | | | domain socket paths; GHPR115 OpenBSD-Commit-ID: a8a34d0a0c51a9ddab3dfce615f9878fa76ef842
* upstream: remove duplicate check; GHPR392 from Pedro Martellettodjm@openbsd.org2024-10-181-5/+3
| | | | OpenBSD-Commit-ID: 597ab7dd3f0e78939d2659fc1904d0f39ee95487
* upstream: allow "-" as output file for moduli screeningdjm@openbsd.org2024-10-181-3/+7
| | | | | | based on GHPR393 OpenBSD-Commit-ID: 1517763764eb55d03a6092dd120d2909c6fef0e1
* upstream: ssh-keyscan doesn't need it's own sshfatal() definition, itdjm@openbsd.org2024-10-181-13/+1
| | | | | | | | can use the shared one from fatal.c based on GHPR401 from lengyijun OpenBSD-Commit-ID: 8ea75ea99f27f464c9223cbc89cb046ccf9cd5c4
* upstream: in _ssh_order_hostkeyalgs() consider ECDSA curve type whendjm@openbsd.org2024-10-181-10/+15
| | | | | | | | | arranging the hostkey algorithms. AFAIK this code is unused in OpenSSH, but I guess others are using it based on GHPR387 from Pawel Jakub Dawidek OpenBSD-Commit-ID: 4d462495ac0c40f7b7dd66178e0005b9b2128225
* upstream: require control-escape character sequences passed via the '-edjm@openbsd.org2024-10-181-2/+2
| | | | | | | | | ^x' commandline to be exactly two characters long. Avoids one by OOB read if ssh is invoked as "ssh -e^ ..." Spotted by Maciej Domanski in GHPR368 OpenBSD-Commit-ID: baa72bc60898fc5639e6c62de7493a202c95823d
* upstream: remove addr.[ch] functions that are unused anddjm@openbsd.org2024-10-182-21/+12
| | | | | | | visbility-restrict ones that are unused outside the implementation itself; based on GHPR#282 by tobias@ OpenBSD-Commit-ID: a0140f2418b4d46cfaa7b33febc0a0931f9b2744
* upstream: unreachable POLLERR case; from ya0guang via GHPR485djm@openbsd.org2024-10-181-2/+2
| | | | OpenBSD-Commit-ID: b3c82655190532b01eb817e532742cfaa4687eff
* upstream: s/Sx/Cm/ for external references; from Domen Puncerdjm@openbsd.org2024-10-181-4/+4
| | | | | | Kugler via GHPR501 OpenBSD-Commit-ID: f864a34feb5d5ff17160cf7c42ad0f7744fe8a3f
* upstream: mention SshdAuthPath option; ok djm@naddy@openbsd.org2024-10-181-2/+9
| | | | OpenBSD-Commit-ID: 9a5d3add25e4e77bd3805bc5583a842ecf34d85c
* Remove references to systrace and pledge sandboxes.Darren Tucker2024-10-183-19/+2
| | | | ok djm@
* Fix "undeclared 'ut'" error by replacing it with 'utx'Pavel Miadzvedzeu2024-10-181-1/+1
|
* Seed RNG when starting up sshd-auth.Darren Tucker2024-10-171-0/+2
| | | | | | Makes builds configured --without-openssl work again since otherwise the first use of the RNG comes after the sandbox init and it can't open /dev/random.
* MacOS 12 runners are deprecated, replace with 15.Darren Tucker2024-10-171-2/+2
|
* Fix lookup path for sshd-auth; bz3745Damien Miller2024-10-171-0/+1
|
* fix breakage; missing saved_argc symbolDamien Miller2024-10-151-0/+2
|
* fix capsicum sandboxDamien Miller2024-10-141-2/+2
|
* put back some portable bits for sshd-auth.cDamien Miller2024-10-141-3/+20
|
* there's only one sandbox, move to a static globalDamien Miller2024-10-141-2/+5
|
* dependDamien Miller2024-10-141-3/+3
|
* upstream: regress support for split sshd-auth binarydjm@openbsd.org2024-10-141-1/+6
| | | | OpenBSD-Regress-ID: df7d18a87b475f70004770f0f4e404adba5f6ab7
* upstream: test some more Match syntax, including criteria=arg anddjm@openbsd.org2024-10-143-48/+50
| | | | | | negations OpenBSD-Regress-ID: 67476baccc60bf1a255fd4e329ada950047b8b8d
* upstream: Split per-connection sshd-session binarydjm@openbsd.org2024-10-1422-633/+1193
| | | | | | | | | | | | | | | | | | | This splits the user authentication code from the sshd-session binary into a separate sshd-auth binary. This will be executed by sshd-session to complete the user authentication phase of the protocol only. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after thhe authentication phase completes. Joint work with markus@ feedback deraadt@ Tested in snaps since last week OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c
* upstream: don't start the ObscureKeystrokeTiming mitigations ifdjm@openbsd.org2024-10-143-5/+26
| | | | | | | | | there has been traffic on a X11 forwarding channel recently. Should fix X11 forwarding performance problems when this setting is enabled. Patch from Antonio Larrosa via bz3655 OpenBSD-Commit-ID: 820284a92eb4592fcd3d181a62c1b86b08a4a7ab
* upstream: remove duplicate misc.h include ok dtucker@jsg@openbsd.org2024-10-141-2/+1
| | | | OpenBSD-Commit-ID: fdd056e7854294834d54632b4282b877cfe4c12e
* upstream: Turn off finite field (a.k.a modp) Diffie-Hellman keydjm@openbsd.org2024-10-142-10/+7
| | | | | | | | | | | | | | | | | | exchange in sshd by default. Specifically, this removes the diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client is unchanged and continues to support these methods by default. Finite field Diffie Hellman is slow and computationally expensive for the same security level as Elliptic Curve DH or PQ key agreement while offering no redeeming advantages. ECDH has been specified for the SSH protocol for 15 years and some form of ECDH has been the default key exchange in OpenSSH for the last 14 years. ok markus@ OpenBSD-Commit-ID: 4e238ad480a33312667cc10ae0eb6393abaec8da
* upstream: fix previous change to ssh_config Match, which broken ondjm@openbsd.org2024-09-271-7/+7
| | | | | | negated Matches; spotted by phessler@ ok deraadt@ OpenBSD-Commit-ID: b1c6acec66cd5bd1252feff1d02ad7129ced37c7
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 03:40:58 +0100