Commit Graph

229 Commits

Author SHA1 Message Date
jcs@openbsd.org
f361df474c upstream commit
Add an AddKeysToAgent client option which can be set to
 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'.  When enabled, a
 private key that is used during authentication will be added to ssh-agent if
 it is running (with confirmation enabled if set to 'confirm').

Initial version from Joachim Schipper many years ago.

ok markus@

Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
2015-11-16 11:31:39 +11:00
djm@openbsd.org
a4aef3ed29 upstream commit
fix execv arguments in a way less likely to cause grief
 for -portable; ok dtucker@

Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5
2015-10-29 19:07:16 +11:00
djm@openbsd.org
2aaba0cfd5 upstream commit
avoid de-const warning & shrink; ok dtucker@

Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db
2015-10-29 19:07:14 +11:00
dtucker@openbsd.org
97e184e508 upstream commit
Do not prepend "exec" to the shell command run by "Match
 exec" in a config file.  It's an unnecessary optimization from repurposed
 ProxyCommand code and prevents some things working with some shells.
 bz#2471, pointed out by res at qoxp.net.  ok markus@

Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3
2015-10-29 19:07:11 +11:00
djm@openbsd.org
0c46bbe68b upstream commit
include PubkeyAcceptedKeyTypes in ssh -G config dump

Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb
2015-10-08 04:01:05 +11:00
djm@openbsd.org
4e44a79a07 upstream commit
add ssh_config CertificateFile option to explicitly list
 a certificate; patch from Meghana Bhat on bz#2436; ok markus@

Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
2015-10-06 12:21:54 +11:00
djm@openbsd.org
60a92470e2 upstream commit
Fix printing (ssh -G ...) of HostKeyAlgorithms=+...
 Reported by Bryan Drewery

Upstream-ID: 19ad20c41bd5971e006289b6f9af829dd46c1293
2015-08-22 11:17:07 +10:00
djm@openbsd.org
f9eca249d4 upstream commit
Allow ssh_config and sshd_config kex parameters options be
 prefixed by a '+' to indicate that the specified items be appended to the
 default rather than replacing it.

approach suggested by dtucker@, feedback dlg@, ok markus@

Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
2015-07-30 12:32:16 +10:00
markus@openbsd.org
3a1638dda1 upstream commit
Turn off DSA by default; add HostKeyAlgorithms to the
 server and PubkeyAcceptedKeyTypes to the client side, so it still can be
 tested or turned back on; feedback and ok djm@

Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
2015-07-15 15:38:02 +10:00
djm@openbsd.org
78c2a4f883 upstream commit
Fix \-escaping bug that caused forward path parsing to skip
 two characters and skip past the end of the string.

Based on patch by Salvador Fandino; ok dtucker@

Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd
2015-06-27 09:24:04 +10:00
djm@openbsd.org
0882332616 upstream commit
Reorder EscapeChar option parsing to avoid a single-byte
 out- of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@

Upstream-ID: 1dc6b5b63d1c8d9a88619da0b27ade461d79b060
2015-05-22 20:02:18 +10:00
djm@openbsd.org
e661a86353 upstream commit
Remove pattern length argument from match_pattern_list(), we
 only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.

ok markus@
2015-05-10 11:38:04 +10:00
deraadt@openbsd.org
657a5fbc0d upstream commit
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
2015-04-29 18:15:23 +10:00
djm@openbsd.org
26e0bcf766 upstream commit
fix uninitialised memory read when parsing a config file
 consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok
 dtucker
2015-03-30 11:01:08 +11:00
djm@openbsd.org
523463a3a2 upstream commit
Revise hostkeys@openssh.com hostkey learning extension.

The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.

Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.

ok markus@
2015-02-17 09:32:32 +11:00
djm@openbsd.org
15ad750e5e upstream commit
turn UpdateHostkeys off by default until I figure out
 mlarkin@'s warning message; requested by deraadt@
2015-02-03 11:06:16 +11:00
djm@openbsd.org
46347ed596 upstream commit
Add a ssh_config HostbasedKeyType option to control which
 host public key types are tried during hostbased authentication.

This may be used to prevent too many keys being sent to the server,
and blowing past its MaxAuthTries limit.

bz#2211 based on patch by Iain Morgan; ok markus@
2015-01-30 22:47:01 +11:00
djm@openbsd.org
8d4f87258f upstream commit
Host key rotation support.

Add a hostkeys@openssh.com protocol extension (global request) for
a server to inform a client of all its available host key after
authentication has completed. The client may record the keys in
known_hosts, allowing it to upgrade to better host key algorithms
and a server to gracefully rotate its keys.

The client side of this is controlled by a UpdateHostkeys config
option (default on).

ok markus@
2015-01-27 00:00:57 +11:00
deraadt@openbsd.org
2ae4f337b2 upstream commit
Replace <sys/param.h> with <limits.h> and other less
 dirty headers where possible.  Annotate <sys/param.h> lines with their
 current reasons.  Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
 LOGIN_NAME_MAX, etc.  Change MIN() and MAX() to local definitions of
 MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
 These are the files confirmed through binary verification. ok guenther,
 millert, doug (helped with the verification protocol)
2015-01-16 18:24:48 +11:00
djm@openbsd.org
1129dcfc5a upstream commit
sync ssh-keysign, ssh-keygen and some dependencies to the
 new buffer/key API; mostly mechanical, ok markus@
2015-01-15 21:39:14 +11:00
djm@openbsd.org
1f729f0614 upstream commit
add sshd_config HostbasedAcceptedKeyTypes and
 PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
 will be accepted. Currently defaults to all. Feedback & ok markus@
2015-01-13 19:27:18 +11:00
djm@openbsd.org
e752c6d547 upstream commit
fix ssh_config FingerprintHash evaluation order; from Petr
 Lautrbach
2015-01-09 00:45:50 +11:00
djm@openbsd.org
56d1c83cdd upstream commit
Add FingerprintHash option to control algorithm used for
 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
 base64.

Feedback and ok naddy@ markus@
2014-12-22 09:32:29 +11:00
djm@openbsd.org
5e39a49930 upstream commit
add RevokedHostKeys option for the client

Allow textfile or KRL-based revocation of hostkeys.
2014-12-05 09:29:47 +11:00
lteo@openbsd.org
3bcb92e04d upstream commit
Remove unnecessary include: netinet/in_systm.h is not needed
 by these programs.

NB. skipped for portable

ok deraadt@ millert@
2014-10-27 16:34:52 +11:00
djm@openbsd.org
957fbceb0f upstream commit
Tweak config reparsing with host canonicalisation

Make the second pass through the config files always run when
hostname canonicalisation is enabled.

Add a "Match canonical" criteria that allows ssh_config Match
blocks to trigger only in the second config pass.

Add a -G option to ssh that causes it to parse its configuration
and dump the result to stdout, similar to "sshd -T"

Allow ssh_config Port options set in the second config parse
phase to be applied (they were being ignored).

bz#2267 bz#2286; ok markus
2014-10-13 11:41:48 +11:00
Damien Miller
7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
2014-07-18 14:11:24 +10:00
Damien Miller
1527190784 - djm@cvs.openbsd.org 2014/04/23 12:42:34
[readconf.c]
     don't record duplicate IdentityFiles
2014-05-15 13:47:56 +10:00
Damien Miller
13f97b2286 - djm@cvs.openbsd.org 2014/02/23 20:11:36
[readconf.c readconf.h ssh.c ssh_config.5]
     reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
     the hostname. This allows users to write configurations that always
     refer to canonical hostnames, e.g.

     CanonicalizeHostname yes
     CanonicalDomains int.example.org example.org
     CanonicalizeFallbackLocal no

     Host *.int.example.org
         Compression off
     Host *.example.org
         User djm

     ok markus@
2014-02-24 15:57:55 +11:00
Damien Miller
0628780abe - djm@cvs.openbsd.org 2014/02/22 01:32:19
[readconf.c]
     when processing Match blocks, skip 'exec' clauses if previous predicates
     failed to match; ok markus@
2014-02-24 15:56:45 +11:00
Damien Miller
7cc194f70d - djm@cvs.openbsd.org 2014/01/29 06:18:35
[Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
     [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
     [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
     remove experimental, never-enabled JPAKE code; ok markus@
2014-02-04 11:12:56 +11:00
Darren Tucker
0eeafcd76b - (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros. Fixes
build with HP-UX's compiler.  Patch from Kevin Brott.
2014-01-31 14:18:51 +11:00
Darren Tucker
a3357661ee - (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on
Solaris.
2014-01-18 00:03:57 +11:00
Damien Miller
5be9d9e3cb - markus@cvs.openbsd.org 2013/12/06 13:39:49
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
     [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
     [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
     [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
     [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
     support ed25519 keys (hostkeys and user identities) using the public
     domain ed25519 reference code from SUPERCOP, see
     http://ed25519.cr.yp.to/software.html
     feedback, help & ok djm@
2013-12-07 11:24:01 +11:00
Damien Miller
fdb2306acd - deraadt@cvs.openbsd.org 2013/11/20 20:54:10
[canohost.c clientloop.c match.c readconf.c sftp.c]
     unsigned casts for ctype macros where neccessary
     ok guenther millert markus
2013-11-21 13:57:15 +11:00
Damien Miller
cf31f38634 - dtucker@cvs.openbsd.org 2013/10/24 00:51:48
[readconf.c servconf.c ssh_config.5 sshd_config.5]
     Disallow empty Match statements and add "Match all" which matches
     everything.  ok djm, man page help jmc@
2013-10-24 21:02:56 +11:00
Damien Miller
eff5cada58 - djm@cvs.openbsd.org 2013/10/23 03:05:19
[readconf.c ssh.c]
     comment
2013-10-23 16:31:10 +11:00
Damien Miller
084bcd24e9 - djm@cvs.openbsd.org 2013/10/23 03:03:07
[readconf.c]
     Hostname may have %h sequences that should be expanded prior to Match
     evaluation; spotted by Iain Morgan
2013-10-23 16:30:51 +11:00
Damien Miller
8a04be795f - djm@cvs.openbsd.org 2013/10/20 06:19:28
[readconf.c ssh_config.5]
     rename "command" subclause of the recently-added "Match" keyword to
     "exec"; it's shorter, clearer in intent and we might want to add the
     ability to match against the command being executed at the remote end in
     the future.
2013-10-23 16:29:40 +11:00
Damien Miller
3850559be9 - djm@cvs.openbsd.org 2013/10/16 22:49:39
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
     s/canonicalise/canonicalize/ for consistency with existing spelling,
     e.g. authorized_keys; pointed out by naddy@
2013-10-17 11:48:13 +11:00
Damien Miller
0faf747e2f - djm@cvs.openbsd.org 2013/10/16 02:31:47
[readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
     [sshconnect.c sshconnect.h]
     Implement client-side hostname canonicalisation to allow an explicit
     search path of domain suffixes to use to convert unqualified host names
     to fully-qualified ones for host key matching.
     This is particularly useful for host certificates, which would otherwise
     need to list unqualified names alongside fully-qualified ones (and this
     causes a number of problems).
     "looks fine" markus@
2013-10-17 11:47:23 +11:00
Damien Miller
e9fc72edd6 - djm@cvs.openbsd.org 2013/10/14 23:28:23
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
     refactor client config code a little:
     add multistate option partsing to readconf.c, similar to servconf.c's
     existing code.
     move checking of options that accept "none" as an argument to readconf.c
     add a lowercase() function and use it instead of explicit tolower() in
     loops
     part of a larger diff that was ok markus@
2013-10-15 12:14:12 +11:00
Damien Miller
194fd904d8 - djm@cvs.openbsd.org 2013/10/14 22:22:05
[readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5]
     add a "Match" keyword to ssh_config that allows matching on hostname,
     user and result of arbitrary commands. "nice work" markus@
2013-10-15 12:13:05 +11:00
Damien Miller
1262b6638f - djm@cvs.openbsd.org 2013/08/20 00:11:38
[readconf.c readconf.h ssh_config.5 sshconnect.c]
     Add a ssh_config ProxyUseFDPass option that supports the use of
     ProxyCommands that establish a connection and then pass a connected
     file descriptor back to ssh(1). This allows the ProxyCommand to exit
     rather than have to shuffle data back and forth and enables ssh to use
     getpeername, etc. to obtain address information just like it does with
     regular directly-connected sockets. ok markus@
2013-08-21 02:44:24 +10:00
Damien Miller
9a66155421 - dtucker@cvs.openbsd.org 2013/06/10 19:19:44
[readconf.c]
     revert 1.203 while we investigate crashes reported by okan@
2013-07-18 16:09:04 +10:00
Darren Tucker
408eaf3ab7 - dtucker@cvs.openbsd.org 2013/06/05 22:00:28
[readconf.c]
     plug another memleak.  bz#1967, from Zhenbo Xu, detected by Melton, ok djm
2013-06-06 08:22:46 +10:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Darren Tucker
9113d0c238 - dtucker@cvs.openbsd.org 2013/05/16 10:43:34
[servconf.c readconf.c]
     remove now-unused variables
2013-05-16 20:48:14 +10:00
Darren Tucker
e194ba4111 - (dtucker) [configure.ac readconf.c servconf.c
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
2013-05-16 20:47:31 +10:00
Darren Tucker
b7ee852144 - dtucker@cvs.openbsd.org 2013/05/16 09:12:31
[readconf.c servconf.c]
     switch RekeyLimit traffic volume parsing to scan_scaled.  ok djm@
2013-05-16 20:33:10 +10:00