summaryrefslogtreecommitdiffstats
path: root/auth2-pubkey.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Start the process of splitting sshd into separatedjm@openbsd.org2024-05-171-8/+7
| | | | | | | | | | | | | | | | | | | | binaries. This step splits sshd into a listener and a session binary. More splits are planned. After this changes, the listener binary will validate the configuration, load the hostkeys, listen on port 22 and manage MaxStartups only. All session handling will be performed by a new sshd-session binary that the listener fork+execs. This reduces the listener process to the minimum necessary and sets us up for future work on the sshd-session binary. feedback/ok markus@ deraadt@ NB. if you're updating via source, please restart sshd after installing, otherwise you run the risk of locking yourself out. OpenBSD-Commit-ID: 43c04a1ab96cdbdeb53d2df0125a6d42c5f19934
* upstream: make sshd_config AuthorizedPrincipalsCommand anddjm@openbsd.org2023-07-281-12/+23
| | | | | | | AuthorizedKeysCommand accept the %D (routing domain) and a new %C (connection address/port 4-tuple) as expansion sequences; ok markus OpenBSD-Commit-ID: ee9a48bf1a74c4ace71b69de69cfdaa2a7388565
* upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The codedtucker@openbsd.org2023-02-171-7/+1
| | | | | | | to set this was removed in OpenSSH 7.7 when support for SSH implementations dating back to before RFC standardization were removed. "burn it all" djm@ OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda
* upstream: Add RequiredRSASize for sshd(8); RSA keys that falldjm@openbsd.org2022-09-171-1/+6
| | | | | | | | beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1
* upstream: make sure that UseDNS hostname lookup happens in the monitordjm@openbsd.org2022-06-151-11/+8
| | | | | | | and not in the pledge(2)'d unprivileged process; fixes regression caused by recent refactoring spotted by henning@ OpenBSD-Commit-ID: a089870b95101cd8881a2dff65b2f1627d13e88d
* upstream: split the low-level file handling functions out fromdjm@openbsd.org2022-05-271-305/+6
| | | | | | | | | | | | auth2-pubkey.c Put them in a new auth2-pubkeyfile.c to make it easier to refer to them (e.g. in unit/fuzz tests) without having to refer to everything else pubkey auth brings in. ok dtucker@ OpenBSD-Commit-ID: 3fdca2c61ad97dc1b8d4a7346816f83dc4ce2217
* upstream: refactor authorized_keys/principals handlingdjm@openbsd.org2022-05-271-37/+55
| | | | | | | | | | remove "struct ssh *" from arguments - this was only used to pass the remote host/address. These can be passed in instead and the resulting code is less tightly coupled to ssh_api.[ch] ok dtucker@ OpenBSD-Commit-ID: 9d4373d013edc4cc4b5c21a599e1837ac31dda0d
* upstream: include rejected signature algorithm in error message andnaddy@openbsd.org2022-03-011-3/+3
| | | | | | not the (useless) key type; ok djm@ OpenBSD-Commit-ID: d0c0f552a4d9161203e07e95d58a76eb602a76ff
* upstream: sshd side of hostbound public key authdjm@openbsd.org2021-12-191-8/+29
| | | | | | | | | This is identical to the standard "publickey" method, but it also includes the initial server hostkey in the message signed by the client. feedback / ok markus@ OpenBSD-Commit-ID: 7ea01bb7238a560c1bfb426fda0c10a8aac07862
* upstream: prepare for multiple names for authmethodsdjm@openbsd.org2021-12-191-3/+4
| | | | | | | | | | | | | | | | | allow authentication methods to have one additional name beyond their primary name. allow lookup by this synonym Use primary name for authentication decisions, e.g. for PermitRootLogin=publickey Pass actual invoked name to the authmethods, so they can tell whether they were requested via the their primary name or synonym. ok markus@ OpenBSD-Commit-ID: 9e613fcb44b8168823195602ed3d09ffd7994559
* upstream: add some debug output showing how many key file/command linesdjm@openbsd.org2021-09-291-3/+8
| | | | | | | were processed. Useful to see whether a file or command actually has keys present OpenBSD-Commit-ID: 0bd9ff94e84e03a22df8e6c12f6074a95d27f23c
* upstream: Let allowed signers files used by ssh-keygen(1)djm@openbsd.org2021-07-231-3/+3
| | | | | | | | signatures support key lifetimes, and allow the verification mode to specify a signature time to check at. This is intended for use by git to support signing objects using ssh keys. ok dtucker@ OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
* upstream: Allow argv_split() to optionally terminate tokenisationdjm@openbsd.org2021-06-081-3/+4
| | | | | | | | | | | | when it encounters an unquoted comment. Add some additional utility function for working with argument vectors, since we'll be switching to using them to parse ssh/sshd_config shortly. ok markus@ as part of a larger diff; tested in snaps OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac
* upstream: highly polished whitespace, mostly fixing spaces-for-tabdjm@openbsd.org2021-04-031-3/+4
| | | | | | and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_tdjm@openbsd.org2021-01-271-6/+5
| | | | | | | and use that instead of global variables containing copies of it. feedback/ok markus@ OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
* upstream: move check_host_cert() from sshconnect,c to sshkey.c anddjm@openbsd.org2021-01-261-3/+3
| | | | | | | | refactor it to make it more generally usable and testable. ok markus@ OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4
* upstream: Rename PubkeyAcceptedKeyTypes keyword todtucker@openbsd.org2021-01-221-3/+3
| | | | | | | | | | PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@ OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
* upstream: move subprocess() from auth.c to misc.cdjm@openbsd.org2020-12-221-5/+7
| | | | | | | | | | | | make privilege dropping optional but allow it via callbacks (to avoid need to link uidswap.c everywhere) add some other flags (keep environment, disable strict path safety check) that make this more useful for client-side use. feedback & ok markus@ OpenBSD-Commit-ID: a80ea9fdcc156f1a18e9c166122c759fae1637bf
* upstream: fix possible error("%s", NULL) on error pathsdjm@openbsd.org2020-12-211-3/+3
| | | | OpenBSD-Commit-ID: 0b3833c2cb985453ecca1d76803ebb8f3b736a11
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-58/+46
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: support for requiring user verified FIDO keys in sshddjm@openbsd.org2020-08-271-2/+16
| | | | | | | | | | | | | This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it. feedback and ok markus@ OpenBSD-Commit-ID: 3a2313aae153e043d57763d766bb6d55c4e276e6
* upstream: Replace "security key" with "authenticator" in programnaddy@openbsd.org2020-02-061-2/+3
| | | | | | | | | | | messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@ OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-5/+5
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
* upstream: add a "no-touch-required" option for authorized_keys anddjm@openbsd.org2019-11-251-2/+3
| | | | | | | | | | a similar extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
* upstream: Add a sshd_config PubkeyAuthOptions directivedjm@openbsd.org2019-11-251-3/+19
| | | | | | | | | | | This directive has a single valid option "no-touch-required" that causes sshd to skip checking whether user presence was tested before a security key signature was made (usually by the user touching the key). ok markus@ OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de
* upstream: Add new structure for signature optionsdjm@openbsd.org2019-11-251-2/+9
| | | | | | | | | | | This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
* upstream: lots of things were relying on libcrypto headers todjm@openbsd.org2019-09-061-1/+2
| | | | | | | transitively include various system headers (mostly stdlib.h); include them explicitly OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
* upstream: move advance_past_options to authfile.c and make itdjm@openbsd.org2019-09-031-24/+2
| | | | | | public; ok markus@ OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c
* upstream: move skip_space() to misc.c and make it public; okdjm@openbsd.org2019-09-031-11/+1
| | | | | | markus@ OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae
* upstream: remove mostly vestigal uuencode.[ch]; moving the only uniquedjm@openbsd.org2019-07-161-2/+2
| | | | | | | functionality there (wrapping of base64-encoded data) to sshbuf functions; feedback and ok markus@ OpenBSD-Commit-ID: 4dba6735d88c57232f6fccec8a08bdcfea44ac4c
* upstream: print the correct AuthorizedPrincipalsCommand rather thandjm@openbsd.org2019-06-211-3/+3
| | | | | | an uninitialised variable; spotted by dtucker@ OpenBSD-Commit-ID: 02802018784250f68202f01c8561de82e17b0638
* upstream: for public key authentication, check AuthorizedKeysFilesdjm@openbsd.org2019-06-141-11/+18
| | | | | | files before consulting AuthorizedKeysCommand; ok dtucker markus OpenBSD-Commit-ID: 13652998bea5cb93668999c39c3c48e8429db8b3
* upstream: embiggen format buffer size for certificate serial number sodjm@openbsd.org2019-05-201-2/+2
| | | | | | that it will fit a full 64 bit integer. bz#3012 from Manoel Domingues Junior OpenBSD-Commit-ID: a51f3013056d05b976e5af6b978dcb9e27bbc12b
* upstream: print the full pubkey being attempted at loglevel >=djm@openbsd.org2019-01-221-1/+17
| | | | | | debug2; bz2939 OpenBSD-Commit-ID: ac0fe5ca1429ebf4d460bad602adc96de0d7e290
* upstream: Add sshd_config CASignatureAlgorithms option to allowdjm@openbsd.org2018-09-201-2/+8
| | | | | | | | | | control over which signature algorithms a CA may use when signing certificates. In particular, this allows a sshd to ban certificates signed with RSA/SHA1. ok markus@ OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac
* upstream: fix misplaced parenthesis inside if-clause. it's harmlessmestre@openbsd.org2018-09-091-2/+2
| | | | | | | | | and the only issue is showing an unknown error (since it's not defined) during fatal(), if it ever an error occurs inside that condition. OK deraadt@ markus@ djm@ OpenBSD-Commit-ID: acb0a8e6936bfbe590504752d01d1d251a7101d8
* upstream: memleak introduced in r1.83; from Colin Watsondjm@openbsd.org2018-08-231-2/+2
| | | | OpenBSD-Commit-ID: 5c019104c280cbd549a264a7217b67665e5732dc
* upstream: delay bailout for invalid authenticdjm@openbsd.org2018-07-311-10/+15
| | | | | | | | | | | =?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?= =?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?= =?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
* upstream: treat ssh_packet_write_wait() errors as fatal; ok djm@markus@openbsd.org2018-07-121-3/+3
| | | | OpenBSD-Commit-ID: f88ba43c9d54ed2d911218aa8d3f6285430629c3
* upstream: sshd: switch authentication to sshbuf API; ok djm@markus@openbsd.org2018-07-101-2/+2
| | | | OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
* upstream: Improve strictness and control over RSA-SHA2 signaturedjm@openbsd.org2018-07-031-6/+7
| | | | | | | | | | | | | | | | | | | | | | | In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@ OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
* upstream: switch config file parsing to getline(3) as this avoidsmarkus@openbsd.org2018-06-061-5/+11
| | | | | | static limits noted by gerhard@; ok dtucker@, djm@ OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
* upstream: make UID available as a %-expansion everywhere that thedjm@openbsd.org2018-06-011-3/+9
| | | | | | | | username is available currently. In the client this is via %i, in the server %U (since %i was already used in the client in some places for this, but used for something different in the server); bz#2870, ok dtucker@ OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
* upstream: switch over to the new authorized_keys options API anddjm@openbsd.org2018-03-031-167/+365
| | | | | | | | | | | remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
* upstream commitdtucker@openbsd.org2018-02-091-5/+3
| | | | | | | ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@ OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
* upstream commitdjm@openbsd.org2018-01-231-37/+10
| | | | | | | | | | | | | Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
* upstream commitdjm@openbsd.org2017-12-211-2/+2
| | | | | | | | revert stricter key type / signature type checking in userauth path; too much software generates inconsistent messages, so we need a better plan. OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519
* upstream commitdjm@openbsd.org2017-12-191-8/+28
| | | | | | | include signature type and CA key (if applicable) in some debug messages OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5
* upstream commitdjm@openbsd.org2017-12-191-2/+2
| | | | | | | | pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
* upstream commitdjm@openbsd.org2017-09-121-2/+2
| | | | | | typo in comment Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 14:03:53 +0100