summaryrefslogtreecommitdiffstats
path: root/ssh.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* polish whitespace for portable filesDamien Miller2021-04-031-1/+1
|
* upstream: ensure that pkcs11_del_provider() is called before exit -djm@openbsd.org2021-04-031-1/+5
| | | | | | | | | some PKCS#11 providers get upset if C_Initialize is not matched with C_Finalize. From Adithya Baglody via GHPR#234; ok markus OpenBSD-Commit-ID: f8e770e03b416ee9a58f9762e162add900f832b6
* upstream: warn when the user specifies a ForwardAgent path that doesdjm@openbsd.org2021-02-231-1/+7
| | | | | | not exist and exit if ExitOnForwardFailure is set; bz3264 OpenBSD-Commit-ID: 72f7875865e723e464c71bf8692e83110699bf26
* upstream: ssh: add PermitRemoteOpen for remote dynamic forwardingmarkus@openbsd.org2021-02-171-1/+42
| | | | | | with SOCKS ok djm@, dtucker@ OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c
* upstream: whitespacedjm@openbsd.org2021-02-051-2/+1
| | | | OpenBSD-Commit-ID: 544bb092e03fcbecb420196cd0f70af13ea868ad
* upstream: remove global variable used to stash compat flags and use thedjm@openbsd.org2021-01-271-2/+2
| | | | | | purpose-built ssh->compat variable instead; feedback/ok markus@ OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
* upstream: Rename HostbasedKeyTypes (ssh) anddtucker@openbsd.org2021-01-261-3/+4
| | | | | | | | | HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@ OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
* upstream: Rename PubkeyAcceptedKeyTypes keyword todtucker@openbsd.org2021-01-221-2/+3
| | | | | | | | | | PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@ OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
* upstream: plumb ssh_conn_info through to sshconnect.c; feedback/okdjm@openbsd.org2020-12-211-30/+5
| | | | | | markus@ OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0
* upstream: allow UserKnownHostsFile=none; feedback and ok markus@djm@openbsd.org2020-12-211-12/+30
| | | | OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48
* upstream: refactor client percent_expand() argument passing;djm@openbsd.org2020-12-211-65/+80
| | | | | | | consolidate the common arguments into a single struct and pass that around instead of using a bunch of globals. ok markus@ OpenBSD-Commit-ID: 035e6d7ca9145ad504f6af5a021943f1958cd19b
* upstream: prepare readconf.c for fuzzing; remove fatal calls anddjm@openbsd.org2020-12-211-2/+3
| | | | | | fix some (one-off) memory leaks; ok markus@ OpenBSD-Commit-ID: 91c6aec57b0e7aae9190de188e9fe8933aad5ec5
* upstream: Prevent integer overflow when ridiculously largedtucker@openbsd.org2020-11-121-2/+5
| | | | | | | ConnectTimeout is specified, capping the effective value (for most platforms) at 24 days. bz#3229, ok djm@ OpenBSD-Commit-ID: 62d4c4b7b87d111045f8e9f28b5b532d17ac5bc0
* upstream: Replace WITH_OPENSSL ifdefs in log calls with a macro.dtucker@openbsd.org2020-11-081-15/+3
| | | | | | | | The log calls are themselves now macros, and preprocessor directives inside macro arguments are undefined behaviour which some compilers (eg old GCCs) choke on. It also makes the code tidier. ok deraadt@ OpenBSD-Commit-ID: cc12a9029833d222043aecd252d654965c351a69
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-56/+50
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: LogVerbose keyword for ssh and sshddjm@openbsd.org2020-10-161-1/+3
| | | | | | | | | Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@ OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356
* upstream: Zap unused family parameter from ssh_connect_direct()kn@openbsd.org2020-10-141-2/+2
| | | | | | | | sshconnect.c r1.241 from 2013 made it unused; found while reading code. OK djm OpenBSD-Commit-ID: 219ba6d7f9925d0b7992918612680399d86712b5
* upstream: There are lots of place where we want to redirect stdin,djm@openbsd.org2020-10-031-40/+8
| | | | | | | | stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@ OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
* upstream: close stdin when forking after authentication too; ok markusdjm@openbsd.org2020-09-211-2/+3
| | | | OpenBSD-Commit-ID: 43db17e4abc3e6b4a7b033aa8cdab326a7cb6c24
* upstream: close stdout/stderr after "ssh -f ..." forkingdjm@openbsd.org2020-09-211-6/+21
| | | | | | bz#3137, ok markus OpenBSD-Commit-ID: e2d83cc4dea1665651a7aa924ad1ed6bcaaab3e2
* upstream: Also compare username when checking for JumpHost loops.dtucker@openbsd.org2020-08-031-6/+9
| | | | | | bz#3057, ok djm@ OpenBSD-Commit-ID: 9bbc1d138adb34c54f3c03a15a91f75dbf418782
* upstream: Add a '%k' TOKEN that expands to the effective HostKey ofdtucker@openbsd.org2020-07-171-1/+4
| | | | | | | | the destination. This allows, eg, keeping host keys in individual files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@ (man page bits) OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc
* upstream: Add %-TOKEN, environment variable and tilde expansion todtucker@openbsd.org2020-07-171-1/+17
| | | | | | | UserKnownHostsFile, allowing the file to be automagically split up in the configuration (eg bz#1654). ok djm@, man page parts jmc@ OpenBSD-Commit-ID: 7e1b406caf147638bb51558836a72d6cc0bd1b18
* upstream: some language improvements; ok markusdjm@openbsd.org2020-07-151-6/+6
| | | | OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
* upstream: Defer creation of ~/.ssh by ssh(1) until we attempt todtucker@openbsd.org2020-06-261-18/+2
| | | | | | | | write to it so we don't leave an empty .ssh directory when it's not needed. Use the same function to replace the code in ssh-keygen that does the same thing. bz#3156, ok djm@ OpenBSD-Commit-ID: 59c073b569be1a60f4de36f491a4339bc4ae870f
* upstream: Correct historical comment: provos@ modified OpenSSH todtucker@openbsd.org2020-06-051-2/+2
| | | | | | | work with SSLeay (very quickly replaced by OpenSSL) not SSL in general. ok deraadt, historical context markus@ OpenBSD-Commit-ID: 7209e07a2984b50411ed8ca5a4932da5030d2b90
* upstream: Allow some keywords to expand shell-style ${ENV}dtucker@openbsd.org2020-05-291-7/+33
| | | | | | | | | | environment variables on the client side. The supported keywords are CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus LocalForward and RemoteForward when used for Unix domain socket paths. This would for example allow forwarding of Unix domain socket paths that change at runtime. bz#3140, ok djm@ OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa
* upstream: Add TOKEN percent expansion to LocalFoward and RemoteForwarddtucker@openbsd.org2020-04-101-50/+87
| | | | | | | | when used for Unix domain socket forwarding. Factor out the code for the config keywords that use the most common subset of TOKENS into its own function. bz#3014, ok jmc@ (man page bits) djm@ OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
* upstream: r1.522 deleted one too many lines; repairdjm@openbsd.org2020-04-031-1/+2
| | | | OpenBSD-Commit-ID: 1af8851fd7a99e4a887b19aa8f4c41a6b3d25477
* upstream: fix debug statementdjm@openbsd.org2020-04-031-2/+2
| | | | OpenBSD-Commit-ID: 42c6edeeda5ce88b51a20d88c93be3729ce6b916
* upstream: the tunnel-forwarding vs ExitOnForwardFailure fix that Idjm@openbsd.org2020-04-031-3/+14
| | | | | | | committed earlier had an off-by-one. Fix this and add some debugging that would have made it apparent sooner. OpenBSD-Commit-ID: 082f8f72b1423bd81bbdad750925b906e5ac6910
* upstream: make failures when establishing "Tunnel" forwarding terminatedjm@openbsd.org2020-04-031-23/+39
| | | | | | the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker OpenBSD-Commit-ID: ef4b4808de0a419c17579b1081da768625c1d735
* upstream: Make with config keywords support whichdtucker@openbsd.org2020-04-031-67/+53
| | | | | | | | | | | | percent_expansions more consistent. - %C is moved into its own function and added to Match Exec. - move the common (global) options into a macro. This is ugly but it's the least-ugly way I could come up with. - move IdentityAgent and ForwardAgent percent expansion to before the config dump to make it regression-testable. - document all of the above ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest. OpenBSD-Commit-ID: 4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75
* upstream: initialize cname in case ai_canonname is NULL or toomarkus@openbsd.org2020-03-131-2/+3
| | | | | | long; ok djm OpenBSD-Commit-ID: c27984636fdb1035d1642283664193e91aab6e37
* upstream: Detect and prevent simple configuration loops when usingdtucker@openbsd.org2020-02-181-1/+9
| | | | | | ProxyJump. bz#3057, ok djm@ OpenBSD-Commit-ID: 077d21c564c886c98309d871ed6f8ef267b9f037
* upstream: Add ssh -Q key-sig for all key and signature types.dtucker@openbsd.org2020-02-071-5/+14
| | | | | | | Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the corresponding query. Man page help jmc@, ok djm@. OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8
* upstream: Replace "security key" with "authenticator" in programnaddy@openbsd.org2020-02-061-2/+2
| | | | | | | | | | | messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@ OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
* upstream: disable UpdateHostKeys=ask when in quiet mode; "work fordjm@openbsd.org2020-01-291-1/+4
| | | | | | me" matthieu@ OpenBSD-Commit-ID: 60d7b5eb91accf935ed9852650a826d86db2ddc7
* upstream: disable UpdateHostKeys=ask if command is specified; okmarkus@openbsd.org2020-01-281-6/+13
| | | | | | djm@ sthen@ OpenBSD-Commit-ID: e5bcc45eadb78896637d4143d289f1e42c2ef5d7
* upstream: allow UpdateKnownHosts=yes to function when multipledjm@openbsd.org2020-01-251-2/+2
| | | | | | | | | | known_hosts files are in use. When updating host keys, ssh will now search subsequent known_hosts files, but will add new/changed host keys to the first specified file only. bz#2738 ok markus@ OpenBSD-Commit-ID: 6ded6d878a03e57d5aa20bab9c31f92e929dbc6c
* upstream: expose PKCS#11 key labels/X.509 subjects as commentsdjm@openbsd.org2020-01-251-5/+7
| | | | | | | | | | | | | Extract the key label or X.509 subject string when PKCS#11 keys are retrieved from the token and plumb this through to places where it may be used as a comment. based on https://github.com/openssh/openssh-portable/pull/138 by Danielle Church feedback and ok markus@ OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
* upstream: Make zlib optional. This adds a "ZLIB" build time optiondtucker@openbsd.org2020-01-231-4/+15
| | | | | | | that allows building without zlib compression and associated options. With feedback from markus@, ok djm@ OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-3/+3
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
* upstream: fix CanonicalizeHostname, broken by rev 1.507beck@openbsd.org2020-01-061-2/+2
| | | | | | | Issue noticed and reported by Pierre-Olivier Martel <pom@apple.com> ok dtucker@ markus@ djm@ OpenBSD-Commit-ID: 749f3168ec520609c35b0c4e1984e5fa47f16094
* upstream: Allow forwarding a different agent socket to the pathdjm@openbsd.org2019-12-211-1/+33
| | | | | | | | | | specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. Patch by Eric Chiang, manpage by me; ok markus@ OpenBSD-Commit-ID: 98f2ed80bf34ea54d8b2ddd19ac14ebbf40e9265
* upstream: additional missing stdarg.h includes when built withoutnaddy@openbsd.org2019-11-191-1/+2
| | | | | | WITH_OPENSSL; ok djm@ OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b
* upstream: ssh client support for U2F/FIDO keysdjm@openbsd.org2019-10-311-1/+17
| | | | OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc
* upstream: allow %n to be expanded in ProxyCommand stringsdjm@openbsd.org2019-09-131-2/+2
| | | | | | | From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@ OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
* upstream: Allow prepending a list of algorithms to the default setnaddy@openbsd.org2019-09-081-2/+2
| | | | | | | | | | | by starting the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@ OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-9/+9
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-30 16:43:27 +0100