Commit Graph

190 Commits

Author SHA1 Message Date
djm@openbsd.org c7219f4f54 upstream commit
revert chunk I didn't mean to commit yet; via jmc@
2014-12-18 11:46:15 +11:00
djm@openbsd.org d663bea30a upstream commit
mention AuthorizedKeysCommandUser must be set for
 AuthorizedKeysCommand to be run; bz#2287
2014-12-11 19:17:25 +11:00
jmc@openbsd.org 08c0eebf55 upstream commit
restore word zapped in previous, and remove some useless
 "No" macros;
2014-11-24 10:15:48 +11:00
deraadt@openbsd.org a1418a0033 upstream commit
/dev/random has created the same effect as /dev/arandom
 (and /dev/urandom) for quite some time.  Mop up the last few, by using
 /dev/random where we actually want it, or not even mentioning arandom where
 it is irrelevant.
2014-11-24 10:15:47 +11:00
djm@openbsd.org 48dffd5beb upstream commit
mention permissions on tun(4) devices in PermitTunnel
 documentation; bz#2273
2014-10-13 11:38:46 +11:00
sobrado@openbsd.org 180bcb406b upstream commit
typo.
2014-10-13 11:37:56 +11:00
Damien Miller e8c9f2602c - (djm) [sshd_config.5] typo; from Iain Morgan 2014-10-03 09:24:56 +10:00
Damien Miller 426117b2e9 - schwarze@cvs.openbsd.org 2014/07/28 15:40:08
[sftp-server.8 sshd_config.5]
     some systems no longer need /dev/log;
     issue noticed by jirib;
     ok deraadt
2014-07-30 12:33:20 +10:00
Damien Miller 7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
2014-07-18 14:11:24 +10:00
Damien Miller 72e6b5c9ed - djm@cvs.openbsd.org 2014/07/03 22:40:43
[servconf.c servconf.h session.c sshd.8 sshd_config.5]
     Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is
     executed, mirroring the no-user-rc authorized_keys option;
     bz#2160; ok markus@
2014-07-04 09:00:04 +10:00
Damien Miller c1621c84f2 - naddy@cvs.openbsd.org 2014/03/28 05:17:11
[ssh_config.5 sshd_config.5]
     sync available and default algorithms, improve algorithm list formatting
     help from jmc@ and schwarze@, ok deraadt@
2014-04-20 13:22:46 +10:00
Damien Miller fc5d6759ab - djm@cvs.openbsd.org 2014/02/27 22:47:07
[sshd_config.5]
     bz#2184 clarify behaviour of a keyword that appears in multiple
     matching Match blocks; ok dtucker@
2014-02-28 10:01:28 +11:00
Damien Miller e1e480aee8 - jmc@cvs.openbsd.org 2014/01/29 14:04:51
[sshd_config.5]
     document kbdinteractiveauthentication;
     requested From: Ross L Richardson

     dtucker/markus helped explain its workings;
2014-02-04 11:13:17 +11:00
Damien Miller 6575c3acf3 - dtucker@cvs.openbsd.org 2013/12/08 09:53:27
[sshd_config.5]
     Use a literal for the default value of KEXAlgorithms.  ok deraadt jmc
2013-12-18 17:47:02 +11:00
Damien Miller 8ba0ead698 - naddy@cvs.openbsd.org 2013/12/07 11:58:46
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
     [ssh_config.5 sshd.8 sshd_config.5]
     add missing mentions of ed25519; ok djm@
2013-12-18 17:46:27 +11:00
Damien Miller dec0393f7e - jmc@cvs.openbsd.org 2013/11/21 08:05:09
[ssh_config.5 sshd_config.5]
     no need for .Pp before displays;
2013-12-05 10:18:43 +11:00
Damien Miller 0fde8acdad - djm@cvs.openbsd.org 2013/11/21 00:45:44
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
     [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
     [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
     [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
     cipher "chacha20-poly1305@openssh.com" that combines Daniel
     Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
     authenticated encryption mode.

     Inspired by and similar to Adam Langley's proposal for TLS:
     http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
     but differs in layout used for the MAC calculation and the use of a
     second ChaCha20 instance to separately encrypt packet lengths.
     Details are in the PROTOCOL.chacha20poly1305 file.

     Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
     ok markus@ naddy@
2013-11-21 14:12:23 +11:00
Damien Miller 0bd8f1519d - markus@cvs.openbsd.org 2013/11/02 22:39:19
[ssh_config.5 sshd_config.5]
     the default kex is now curve25519-sha256@libssh.org
2013-11-04 08:55:43 +11:00
Damien Miller 63857c9340 - jmc@cvs.openbsd.org 2013/10/29 18:49:32
[sshd_config.5]
     pty(4), not pty(7);
2013-10-30 22:31:06 +11:00
Damien Miller 5ff30c6b68 - djm@cvs.openbsd.org 2013/10/29 09:48:02
[servconf.c servconf.h session.c sshd_config sshd_config.5]
     shd_config PermitTTY to disallow TTY allocation, mirroring the
     longstanding no-pty authorized_keys option;
     bz#2070, patch from Teran McKinney; ok markus@
2013-10-30 22:21:50 +11:00
Damien Miller cf31f38634 - dtucker@cvs.openbsd.org 2013/10/24 00:51:48
[readconf.c servconf.c ssh_config.5 sshd_config.5]
     Disallow empty Match statements and add "Match all" which matches
     everything.  ok djm, man page help jmc@
2013-10-24 21:02:56 +11:00
Damien Miller 85b45e0918 - markus@cvs.openbsd.org 2013/07/19 07:37:48
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
     [servconf.h session.c sshd.c sshd_config.5]
     add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
     or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
     ok djm@
2013-07-20 13:21:52 +10:00
Damien Miller fecfd118d6 - jmc@cvs.openbsd.org 2013/06/27 14:05:37
[ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     do not use Sx for sections outwith the man page - ingo informs me that
     stuff like html will render with broken links;

     issue reported by Eric S. Raymond, via djm
2013-07-18 16:11:50 +10:00
Darren Tucker 64d22946d6 - jmc@cvs.openbsd.org 2013/05/16 06:30:06
[sshd_config.5]
     oops! avoid Xr to self;
2013-05-16 20:31:29 +10:00
Darren Tucker 5f96f3b4be - dtucker@cvs.openbsd.org 2013/05/16 04:09:14
[sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
     sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
     rekeying based on traffic volume or time.  ok djm@, help & ok jmc@ for the man
     page.
2013-05-16 20:29:28 +10:00
Damien Miller 467b00c38b - djm@cvs.openbsd.org 2013/04/19 01:00:10
[sshd_config.5]
     document the requirment that the AuthorizedKeysCommand be owned by root;
     ok dtucker@ markus@
2013-04-23 15:23:07 +10:00
Damien Miller 91a55f28f3 - markus@cvs.openbsd.org 2013/03/07 19:27:25
[auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
     add submethod support to AuthenticationMethods; ok and freedback djm@
2013-04-23 15:18:10 +10:00
Damien Miller 1f583df8c3 - dtucker@cvs.openbsd.org 2013/02/06 00:20:42
[servconf.c sshd_config sshd_config.5]
     Change default of MaxStartups to 10:30:100 to start doing random early
     drop at 10 connections up to 100 connections.  This will make it harder
     to DoS as CPUs have come a long way since the original value was set
     back in 2000.  Prompted by nion at debian org, ok markus@
2013-02-12 11:02:08 +11:00
Damien Miller 72abeb709e - jmc@cvs.openbsd.org 2013/01/18 08:00:49
[sshd_config.5]
     tweak previous;
2013-01-20 22:33:44 +11:00
Damien Miller f3747bf401 - djm@cvs.openbsd.org 2013/01/17 23:00:01
[auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
     [krl.c krl.h PROTOCOL.krl]
     add support for Key Revocation Lists (KRLs). These are a compact way to
     represent lists of revoked keys and certificates, taking as little as
     a single bit of incremental cost to revoke a certificate by serial number.
     KRLs are loaded via the existing RevokedKeys sshd_config option.
     feedback and ok markus@
2013-01-18 11:44:04 +11:00
Damien Miller 1d75abfe23 - markus@cvs.openbsd.org 2013/01/08 18:49:04
[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
     [myproposal.h packet.c ssh_config.5 sshd_config.5]
     support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
     ok and feedback djm@
2013-01-09 16:12:19 +11:00
Damien Miller af43a7ac2d - markus@cvs.openbsd.org 2012/12/11 22:31:18
[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
     [packet.c ssh_config.5 sshd_config.5]
     add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
     that change the packet format and compute the MAC over the encrypted
     message (including the packet size) instead of the plaintext data;
     these EtM modes are considered more secure and used by default.
     feedback and ok djm@
2012-12-12 10:46:31 +11:00
Darren Tucker f9333d5246 - jmc@cvs.openbsd.org 2012/12/03 08:33:03
[ssh-add.1 sshd_config.5]
     tweak previous;
2012-12-07 13:06:13 +11:00
Damien Miller aa5b3f8314 - djm@cvs.openbsd.org 2012/12/02 20:46:11
[auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
     [sshd_config.5]
     make AllowTcpForwarding accept "local" and "remote" in addition to its
     current "yes"/"no" to allow the server to specify whether just local or
     remote TCP forwarding is enabled. ok markus@
2012-12-03 09:50:54 +11:00
Damien Miller a6e3f01d1e - djm@cvs.openbsd.org 2012/11/04 11:09:15
[auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
     [sshd_config.5]
     Support multiple required authentication via an AuthenticationMethods
     option. This option lists one or more comma-separated lists of
     authentication method names. Successful completion of all the methods in
     any list is required for authentication to complete;
     feedback and ok markus@
2012-11-04 23:21:40 +11:00
Damien Miller d0d1099b3b - djm@cvs.openbsd.org 2012/11/04 10:38:43
[auth2-pubkey.c sshd.c sshd_config.5]
     Remove default of AuthorizedCommandUser. Administrators are now expected
     to explicitly specify a user. feedback and ok markus@
2012-11-04 22:23:14 +11:00
Damien Miller f33580eed0 - OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2012/10/31 08:04:50
     [sshd_config.5]
     tweak previous;
2012-11-04 22:22:52 +11:00
Damien Miller 09d3e12512 - djm@cvs.openbsd.org 2012/10/30 21:29:55
[auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
     [sshd.c sshd_config sshd_config.5]
     new sshd_config option AuthorizedKeysCommand to support fetching
     authorized_keys from a command in addition to (or instead of) from
     the filesystem. The command is run as the target server user unless
     another specified via a new AuthorizedKeysCommandUser option.

     patch originally by jchadima AT redhat.com, reworked by me; feedback
     and ok markus@
2012-10-31 08:58:58 +11:00
Darren Tucker 427e409e99 - markus@cvs.openbsd.org 2012/10/04 13:21:50
[myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
     add umac128 variant; ok djm@ at n2k12
     (note: further Makefile work is required)
2012-10-05 11:02:39 +10:00
Darren Tucker ecbf14aa53 - naddy@cvs.openbsd.org 2012/06/29 13:57:25
[ssh_config.5 sshd_config.5]
     match the documented MAC order of preference to the actual one;
     ok dtucker@
2012-07-02 18:53:37 +10:00
Damien Miller db4f8e8618 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
[mac.c myproposal.h ssh_config.5 sshd_config.5]
     Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
     from draft6 of the spec and will not be in the RFC when published.  Patch
     from mdb at juniper net via bz#2023, ok markus.
2012-06-30 08:34:59 +10:00
Damien Miller f8268503d1 - jmc@cvs.openbsd.org 2012/06/19 21:35:54
[sshd_config.5]
     tweak previous; ok markus
2012-06-20 21:54:15 +10:00
Damien Miller c24da77015 - markus@cvs.openbsd.org 2012/06/19 18:25:28
[servconf.c servconf.h sshd_config.5]
     sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
     this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
     ok djm@ (back in March)
2012-06-20 21:53:58 +10:00
Darren Tucker ba9ea3200d - dtucker@cvs.openbsd.org 2012/05/19 06:30:30
[sshd_config.5]
     Document PermitOpen none.  bz#2001, patch from Loganaden Velvindron
2012-05-19 19:37:33 +10:00
Darren Tucker fbcf827559 - (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2012/05/13 01:42:32
     [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
     Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
     to match.  Feedback and ok djm@ markus@.
2012-05-19 19:37:01 +10:00
Damien Miller 8fef9ebbab - djm@cvs.openbsd.org 2012/04/12 02:43:55
[sshd_config sshd_config.5]
     mention AuthorizedPrincipalsFile=none default
2012-04-22 11:25:10 +10:00
Damien Miller 23528816dc - djm@cvs.openbsd.org 2012/04/12 02:42:32
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     VersionAddendum option to allow server operators to append some arbitrary
     text to the SSH-... banner; ok deraadt@ "don't care" markus@
2012-04-22 11:24:43 +10:00
Damien Miller f6e758cdba - djm@cvs.openbsd.org 2011/09/09 00:43:00
[ssh_config.5 sshd_config.5]
     fix typo in IPQoS parsing: there is no "AF14" class, but there is
     an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
2011-09-22 21:37:13 +10:00
Damien Miller 20bd4535c0 - djm@cvs.openbsd.org 2011/08/02 01:22:11
[mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     Add new SHA256 and SHA512 based HMAC modes from
     http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
     Patch from mdb AT juniper.net; feedback and ok markus@
2011-08-06 06:17:30 +10:00
Damien Miller 69ff1df952 - djm@cvs.openbsd.org 2011/06/22 21:57:01
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c]
     [sandbox-systrace.c sandbox.h configure.ac Makefile.in]
     introduce sandboxing of the pre-auth privsep child using systrace(4).

     This introduces a new "UsePrivilegeSeparation=sandbox" option for
     sshd_config that applies mandatory restrictions on the syscalls the
     privsep child can perform. This prevents a compromised privsep child
     from being used to attack other hosts (by opening sockets and proxying)
     or probing local kernel attack surface.

     The sandbox is implemented using systrace(4) in unsupervised "fast-path"
     mode, where a list of permitted syscalls is supplied. Any syscall not
     on the list results in SIGKILL being sent to the privsep child. Note
     that this requires a kernel with the new SYSTR_POLICY_KILL option.

     UsePrivilegeSeparation=sandbox will become the default in the future
     so please start testing it now.

     feedback dtucker@; ok markus@
2011-06-23 08:30:03 +10:00