summaryrefslogtreecommitdiffstats
path: root/mdoc2man.awk (unfollow)
Commit message (Collapse)AuthorFilesLines
2023-09-04upstream: trigger keystroke timing obfucation only if the channelsdjm@openbsd.org1-10/+14
layer enqueud some data in the last poll() cycle; this avoids triggering the obfuscatior for non-channels data like ClientAlive probes and also fixes a related problem were the obfucations would be triggered on fully quiescent connections. Based on / tested by naddy@ OpenBSD-Commit-ID: d98f32dc62d7663ff4660e4556e184032a0db123
2023-09-04upstream: avoid bogus "obfuscate_keystroke_timing: stopping ..."djm@openbsd.org1-4/+6
debug messages when keystroke timing obfuscation was never started; spotted by naddy@ OpenBSD-Commit-ID: 5c270d35f7d2974db5c1646e9c64188f9393be31
2023-09-04upstream: make channel_output_poll() return a flag indicatingdjm@openbsd.org2-15/+24
whether channel data was enqueued. Will be used to improve keystroke timing obfuscation. Problem spotted by / tested by naddy@ OpenBSD-Commit-ID: f9776c7b0065ba7c3bbe50431fd3b629f44314d0
2023-09-04upstream: set interactive mode for ControlPersist sessions if theydjm@openbsd.org1-4/+7
originally requested a tty; enables keystroke timing obfuscation for most ControlPersist sessions. Spotted by naddy@ OpenBSD-Commit-ID: 72783a26254202e2f3f41a2818a19956fe49a772
2023-08-31Set LLONG_MAX for C89 test.Darren Tucker1-0/+7
If we don't have LLONG_MAX, configure will figure out that it can get it by setting -std=gnu99, at which point we won't be testing C89 any more. To avoid this, feed it in via CFLAGS.
2023-08-29upstream: make PerSourceMaxStartups first-match-wins; ok dtucker@djm@openbsd.org1-2/+2
OpenBSD-Commit-ID: dac0c24cb709e3c595b8b4f422a0355dc5a3b4e7
2023-08-29upstream: descriptive text shouldn't be under .Cmdjm@openbsd.org1-2/+3
OpenBSD-Commit-ID: b1afaeb456a52bc8a58f4f9f8b2f9fa8f6bf651b
2023-08-28upstream: limit artificial login delay to a reasonable maximum (5s)djm@openbsd.org1-2/+9
and don't delay at all for the "none" authentication mechanism. Patch by Dmitry Belyavskiy in bz3602 with polish/ok dtucker@ OpenBSD-Commit-ID: 85b364676dd84cf1de0e98fc2fbdcb1a844ce515
2023-08-28upstream: add spacing for punctuation when macro args;jmc@openbsd.org1-2/+2
OpenBSD-Commit-ID: e80343c16ce0420b2aec98701527cf90371bd0db
2023-08-28upstream: explicit long long type in timing calculations (doesn'tdjm@openbsd.org1-3/+3
matter, since the range is pre-clamped) OpenBSD-Commit-ID: f786ed902d04a5b8ecc581d068fea1a79aa772de
2023-08-28upstream: Add keystroke timing obfuscation to the client.djm@openbsd.org8-21/+255
This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword/ feedback/ok markus@ OpenBSD-Commit-ID: 02231ddd4f442212820976068c34a36e3c1b15be
2023-08-28upstream: Introduce a transport-level ping facilitydjm@openbsd.org5-18/+96
This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to implement a ping capability. These messages use numbers in the "local extensions" number space and are advertised using a "ping@openssh.com" ext-info message with a string version number of "0". ok markus@ OpenBSD-Commit-ID: b6b3c4cb2084c62f85a8dc67cf74954015eb547f
2023-08-28upstream: Log errors in kex_exchange_identification() with leveltobhe@openbsd.org1-5/+5
verbose instead of error to reduce preauth log spam. All of those get logged with a more generic error message by sshpkt_fatal(). feedback from sthen@ ok djm@ OpenBSD-Commit-ID: bd47dab4695b134a44c379f0e9a39eed33047809
2023-08-28upstream: correct math for ClientAliveInterval that caused thedjm@openbsd.org1-2/+2
probes to be sent less frequently than configured; from Dawid Majchrzak OpenBSD-Commit-ID: 641153e7c05117436ddfc58267aa267ca8b80038
2023-08-25Include Portable version in sshd version string.Darren Tucker1-1/+1
bz#3608, ok djm@
2023-08-21obsd-arm64 host is real hardware...Darren Tucker1-1/+1
so put in the correct config location.
2023-08-21Add OpenBSD ARM64 test host.Darren Tucker1-0/+1
2023-08-21Add test for zlib development branch.Darren Tucker3-0/+13
2023-08-21upstream: want stdlib.h for free(3)djm@openbsd.org1-1/+2
OpenBSD-Commit-ID: 743af3c6e3ce5e6cecd051668f0327a01f44af29
2023-08-18Fix zlib version check for 1.3 and future version.Darren Tucker1-1/+1
bz#3604.
2023-08-18Add 9.4 branch to CI status page.Darren Tucker1-0/+4
2023-08-18upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that causeddjm@openbsd.org4-18/+39
multiplexed sessions to ignore SIGINT under some circumstances. Reported by / feedback naddy@, ok dtucker@ OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a
2023-08-18upstream: defence-in-depth MaxAuthTries check in monitor; ok markusdjm@openbsd.org1-1/+6
OpenBSD-Commit-ID: 65a4225dc708e2dae71315adf93677edace46c21
2023-08-15upstream: add message number of SSH2_MSG_NEWCOMPRESS defined in RFC8308djm@openbsd.org1-1/+2
OpenBSD-Commit-ID: 6c984171c96ed67effd7b5092f3d3975d55d6028
2023-08-13Add obsd72 and obsd73 test targets.Darren Tucker1-0/+2
2023-08-11upstream: better debug logging of sessions' exit statusdjm@openbsd.org1-4/+11
OpenBSD-Commit-ID: 82237567fcd4098797cbdd17efa6ade08e1a36b0
2023-08-11upstream: drop a wayward comma, ok jmc@naddy@openbsd.org1-3/+3
OpenBSD-Commit-ID: 5c11fbb9592a29b37bbf36f66df50db9d38182c6
2023-08-10dependDamien Miller1-19/+0
2023-08-10update versions in RPM specsDamien Miller2-2/+2
2023-08-10update version in READMEDamien Miller1-1/+1
2023-08-10upstream: openssh-9.4djm@openbsd.org1-2/+2
OpenBSD-Commit-ID: 71fc1e01a4c4ea061b252bd399cda7be757e6e35
2023-08-10Only include unistd.h once.Darren Tucker1-1/+0
2023-08-10wrap poll.h include in HAVE_POLL_HDamien Miller1-1/+3
2023-08-04upstream: Apply ConnectTimeout to multiplexing local socketdtucker@openbsd.org2-17/+27
connections. If the multiplex socket exists but the connection times out, ssh will fall back to a direct connection the same way it would if the socket did not exist at all. ok djm@ OpenBSD-Commit-ID: 2fbe1a36d4a24b98531b2d298a6557c8285dc1b4
2023-08-03Fix RNG seeding for OpenSSL w/out self seeding.Darren Tucker1-1/+5
When sshd is built with an OpenSSL that does not self-seed, it would fail in the preauth privsep process while handling a new connection. Sanity checked by djm@
2023-08-03upstream: CheckHostIP has defaulted to 'no' for a while; make thedjm@openbsd.org1-2/+2
commented- out config option match. From Ed Maste OpenBSD-Commit-ID: e66e934c45a9077cb1d51fc4f8d3df4505db58d9
2023-08-01upstream: remove unnecessary if statement.dtucker@openbsd.org1-7/+5
github PR#422 from eyalasulin999, ok djm@ OpenBSD-Commit-ID: 2b6b0dde4407e039f58f86c8d2ff584a8205ea55
2023-08-01upstream: %C is a callable macro in mdoc(7)jmc@openbsd.org1-3/+3
so, as we do for %D, escape it; OpenBSD-Commit-ID: 538cfcddbbb59dc3a8739604319491dcb8e0c0c9
2023-07-30upstream: don't need to start a command here; use ssh -N instead.djm@openbsd.org1-3/+3
Fixes failure on cygwin spotted by Darren OpenBSD-Regress-ID: ff678a8cc69160a3b862733d935ec4a383f93cfb
2023-07-30upstream: add LTESTS_FROM variable to allow skipping of tests up todjm@openbsd.org1-1/+9
a specific point. e.g. "make LTESTS_FROM=t-sftp" will only run the sftp.sh test and subsequent ones. ok dtucker@ OpenBSD-Regress-ID: 07f653de731def074b29293db946042706fcead3
2023-07-30upstream: test ChrootDirectory in Match blockdjm@openbsd.org1-2/+21
OpenBSD-Regress-ID: a6150262f39065939f025e546af2a346ffe674c1
2023-07-30upstream: better error messagesdjm@openbsd.org1-4/+4
OpenBSD-Regress-ID: 55e4186604e80259496d841e690ea2090981bc7a
2023-07-28upstream: don't incorrectly truncate logged strings retrieved fromdjm@openbsd.org1-20/+19
PKCS#11 modules; based on GHPR406 by Jakub Jelen; ok markus OpenBSD-Commit-ID: 7ed1082f23a13b38c373008f856fd301d50012f9
2023-07-28upstream: make sshd_config AuthorizedPrincipalsCommand anddjm@openbsd.org2-16/+31
AuthorizedKeysCommand accept the %D (routing domain) and a new %C (connection address/port 4-tuple) as expansion sequences; ok markus OpenBSD-Commit-ID: ee9a48bf1a74c4ace71b69de69cfdaa2a7388565
2023-07-28upstream: increase default KDF work-factor for OpenSSH formatdjm@openbsd.org1-2/+2
private keys from 16 to 24; { feedback ok } x { deraadt markus } OpenBSD-Commit-ID: a3afb1383f8ff0a49613d449f02395d9e8d4a9ec
2023-07-27Prefer OpenSSL's SHA256 in sk-dummy.soDarren Tucker1-30/+9
Previously sk-dummy.so used libc's (or compat's) SHA256 since it may be built without OpenSSL. In many cases, however, including both libc's and OpenSSL's headers together caused conflicting definitions. We tried working around this (on OpenSSL <1.1 you could define OPENSSL_NO_SHA, NetBSD had USE_LIBC_SHA2, various #define hacks) with varying levels of success. Since OpenSSL >=1.1 removed OPENSSL_NO_SHA and including most OpenSSL headers would bring sha.h in, even if it wasn't used directly this was a constant hassle. Admit defeat and use OpenSSL's SHA256 unless we aren't using OpenSSL at all. ok djm@
2023-07-27Retire dfly58 test VM. Add dfly64.Darren Tucker1-1/+1
2023-07-27upstream: make ssh -f (fork after authentication) work properly indjm@openbsd.org2-11/+22
multiplexed cases (inc. ControlPersist). bz3589 bz3589 Based on patches by Peter Chubb; ok dtucker@ OpenBSD-Commit-ID: a7a2976a54b93e6767dc846b85647e6ec26969ac
2023-07-27upstream: man page typos; ok jmc@naddy@openbsd.org3-10/+10
OpenBSD-Commit-ID: e6ddfef94b0eb867ad88abe07cedc8ed581c07f0
2023-07-27upstream: tweak the allow-remote-pkcs11 text;jmc@openbsd.org1-5/+5
OpenBSD-Commit-ID: bc965460a89edf76865b7279b45cf9cbdebd558a
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 03:24:01 +0100