Commit Graph

241 Commits

Author SHA1 Message Date
djm@openbsd.org
88b6fcdeb8 upstream commit
ban ConnectionAttempts=0, it makes no sense and would cause
 ssh_connect_direct() to print an uninitialised stack variable; bz#2500
 reported by dvw AT phas.ubc.ca

Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5
2015-11-19 19:25:04 +11:00
djm@openbsd.org
f96516d052 upstream commit
print host certificate contents at debug level

Upstream-ID: 39354cdd8a2b32b308fd03f98645f877f540f00d
2015-11-19 12:11:38 +11:00
jcs@openbsd.org
f361df474c upstream commit
Add an AddKeysToAgent client option which can be set to
 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'.  When enabled, a
 private key that is used during authentication will be added to ssh-agent if
 it is running (with confirmation enabled if set to 'confirm').

Initial version from Joachim Schipper many years ago.

ok markus@

Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
2015-11-16 11:31:39 +11:00
djm@openbsd.org
46152af8d2 upstream commit
correct function name in error messages

Upstream-ID: 92fb2798617ad9561370897f4ab60adef2ff4c0e
2015-09-04 16:57:02 +10:00
djm@openbsd.org
ac3451dd65 upstream commit
remove extra newline in nethack-mode hostkey; from
 Christian Hesse bz#2686

Upstream-ID: 4f56368b1cc47baeea0531912186f66007fd5b92
2015-09-04 16:57:01 +10:00
deraadt@openbsd.org
ce445b0ed9 upstream commit
Do not cast result of malloc/calloc/realloc* if stdlib.h
 is in scope ok krw millert

Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
2015-08-21 13:43:25 +10:00
dtucker@openbsd.org
496aeb25bc upstream commit
Increase the allowed length of the known host file name
 in the log message to be consistent with other cases.  Part of bz#1993, ok
 deraadt.

Upstream-ID: a9e97567be49f25daf286721450968251ff78397
2015-05-28 18:54:57 +10:00
dtucker@openbsd.org
bb2289e2a4 upstream commit
Output remote username in debug output since with Host
 and Match it's not always obvious what it will be.  bz#2368, ok djm@
2015-04-29 18:13:07 +10:00
djm@openbsd.org
53097b2022 upstream commit
fix double-negative error message "ssh1 is not
 unsupported"
2015-03-27 12:00:33 +11:00
djm@openbsd.org
9ce86c926d upstream commit
update to new API (key_fingerprint => sshkey_fingerprint)
 check sshkey_fingerprint return values; ok markus
2015-01-29 10:18:56 +11:00
djm@openbsd.org
5104db7cbd upstream commit
correctly match ECDSA subtype (== curve) for
 offered/recevied host keys. Fixes connection-killing host key mismatches when
 a server offers multiple ECDSA keys with different curve type (an extremely
 unlikely configuration).

ok markus, "looks mechanical" deraadt@
2015-01-27 00:00:57 +11:00
djm@openbsd.org
8d4f87258f upstream commit
Host key rotation support.

Add a hostkeys@openssh.com protocol extension (global request) for
a server to inform a client of all its available host key after
authentication has completed. The client may record the keys in
known_hosts, allowing it to upgrade to better host key algorithms
and a server to gracefully rotate its keys.

The client side of this is controlled by a UpdateHostkeys config
option (default on).

ok markus@
2015-01-27 00:00:57 +11:00
deraadt@openbsd.org
087266ec33 upstream commit
Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus
2015-01-26 23:58:53 +11:00
markus@openbsd.org
48b3b2ba75 upstream commit
store compat flags in struct ssh; ok djm@
2015-01-20 09:19:40 +11:00
djm@openbsd.org
56d1c83cdd upstream commit
Add FingerprintHash option to control algorithm used for
 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
 base64.

Feedback and ok naddy@ markus@
2014-12-22 09:32:29 +11:00
djm@openbsd.org
48b68ce19c upstream commit
explicitly include sys/param.h in files that use the
 howmany() macro; from portable
2014-12-11 19:20:29 +11:00
djm@openbsd.org
5e39a49930 upstream commit
add RevokedHostKeys option for the client

Allow textfile or KRL-based revocation of hostkeys.
2014-12-05 09:29:47 +11:00
Damien Miller
7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
2014-07-18 14:11:24 +10:00
Damien Miller
6b37fbb792 - djm@cvs.openbsd.org 2014/07/03 22:23:46
[sshconnect.c]
     when rekeying, skip file/DNS lookup if it is the same as the key sent
     during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@
2014-07-04 08:59:24 +10:00
Damien Miller
8668706d0f - djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
2014-07-02 15:28:02 +10:00
Damien Miller
1f0311c7c7 - markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
     [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
     [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
     make compiling against OpenSSL optional (make OPENSSL=no);
     reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
     allows us to explore further options; with and ok djm
2014-05-15 14:24:09 +10:00
Damien Miller
7d6a9fb660 - djm@cvs.openbsd.org 2014/04/01 03:34:10
[sshconnect.c]
     When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
     certificate keys to plain keys and attempt SSHFP resolution.

     Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
     dialog by offering only certificate keys.

     Reported by mcv21 AT cam.ac.uk
2014-04-20 13:23:43 +10:00
Damien Miller
d1a7a9c0fd - djm@cvs.openbsd.org 2014/02/06 22:21:01
[sshconnect.c]
     in ssh_create_socket(), only do the getaddrinfo for BindAddress when
     BindAddress is actually specified. Fixes regression in 6.5 for
     UsePrivilegedPort=yes; patch from Corinna Vinschen
2014-02-07 09:24:33 +11:00
Damien Miller
a5103f413b - djm@cvs.openbsd.org 2014/02/02 03:44:32
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
     [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
     [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
     [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
     [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c]
     convert memset of potentially-private data to explicit_bzero()
2014-02-04 11:20:14 +11:00
Damien Miller
58cd63bc63 - djm@cvs.openbsd.org 2014/01/09 23:26:48
[sshconnect.c sshd.c]
     ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
     deranged and might make some attacks on KEX easier; ok markus@
2014-01-10 10:59:24 +11:00
Damien Miller
324541e526 - djm@cvs.openbsd.org 2013/12/30 23:52:28
[auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
     [sshconnect.c sshconnect2.c sshd.c]
     refuse RSA keys from old proprietary clients/servers that use the
     obsolete RSA+MD5 signature scheme. it will still be possible to connect
     with these clients/servers but only DSA keys will be accepted, and we'll
     deprecate them entirely in a future release. ok markus@
2013-12-31 12:25:40 +11:00
Damien Miller
106bf1ca3c - djm@cvs.openbsd.org 2013/12/29 05:57:02
[sshconnect.c]
     when showing other hostkeys, don't forget Ed25519 keys
2013-12-29 17:54:03 +11:00
Damien Miller
0faf747e2f - djm@cvs.openbsd.org 2013/10/16 02:31:47
[readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
     [sshconnect.c sshconnect.h]
     Implement client-side hostname canonicalisation to allow an explicit
     search path of domain suffixes to use to convert unqualified host names
     to fully-qualified ones for host key matching.
     This is particularly useful for host certificates, which would otherwise
     need to list unqualified names alongside fully-qualified ones (and this
     causes a number of problems).
     "looks fine" markus@
2013-10-17 11:47:23 +11:00
Darren Tucker
e6e52f8c5d - djm@cvs.openbsd.org 2013/09/19 01:26:29
[sshconnect.c]
     bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
     swp AT swp.pp.ru; ok dtucker@
2013-10-10 10:28:07 +11:00
Damien Miller
1262b6638f - djm@cvs.openbsd.org 2013/08/20 00:11:38
[readconf.c readconf.h ssh_config.5 sshconnect.c]
     Add a ssh_config ProxyUseFDPass option that supports the use of
     ProxyCommands that establish a connection and then pass a connected
     file descriptor back to ssh(1). This allows the ProxyCommand to exit
     rather than have to shuffle data back and forth and enables ssh to use
     getpeername, etc. to obtain address information just like it does with
     regular directly-connected sockets. ok markus@
2013-08-21 02:44:24 +10:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Darren Tucker
5d1d9541a7 - markus@cvs.openbsd.org 2013/02/22 19:13:56
[sshconnect.c]
     support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
2013-04-05 11:20:00 +11:00
Darren Tucker
26b9e3b0c5 - markus@cvs.openbsd.org 2012/09/14 16:51:34
[sshconnect.c]
     remove unused variable
2012-09-17 13:25:44 +10:00
Darren Tucker
00c1518a4d - djm@cvs.openbsd.org 2012/08/17 01:30:00
[compat.c sshconnect.c]
     Send client banner immediately, rather than waiting for the server to
     move first for SSH protocol 2 connections (the default). Patch based on
     one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
2012-09-06 21:21:56 +10:00
Damien Miller
295ee63ab2 - djm@cvs.openbsd.org 2011/05/24 07:15:47
[readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
     Remove undocumented legacy options UserKnownHostsFile2 and
     GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
     accept multiple paths per line and making their defaults include
     known_hosts2; ok markus
2011-05-29 21:42:31 +10:00
Damien Miller
201f425d29 - djm@cvs.openbsd.org 2011/05/23 03:52:55
[sshconnect.c]
     remove extra newline
2011-05-29 21:41:03 +10:00
Damien Miller
6fb6fd5662 - djm@cvs.openbsd.org 2011/01/16 11:50:36
[sshconnect.c]
     reset the SIGPIPE handler when forking to execute child processes;
     ok dtucker@
2011-01-16 23:17:45 +11:00
Damien Miller
ed3a8eb65f - djm@cvs.openbsd.org 2011/01/06 23:01:35
[sshconnect.c]
     reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
     ok markus@
2011-01-07 10:02:52 +11:00
Damien Miller
05c8997b33 - markus@cvs.openbsd.org 2010/12/14 11:59:06
[sshconnect.c]
     don't mention key type in key-changed-warning, since we also print
     this warning if a new key type appears. ok djm@
2011-01-06 22:42:04 +11:00
Damien Miller
d925dcd8a5 - djm@cvs.openbsd.org 2010/11/29 23:45:51
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
     [sshconnect.h sshconnect2.c]
     automatically order the hostkeys requested by the client based on
     which hostkeys are already recorded in known_hosts. This avoids
     hostkey warnings when connecting to servers with new ECDSA keys
     that are preferred by default; with markus@
2010-12-01 12:21:51 +11:00
Damien Miller
9c0c31d2db - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) 2010-10-12 13:30:44 +11:00
Damien Miller
45fcdaa1cf - djm@cvs.openbsd.org 2010/10/06 21:10:21
[sshconnect.c]
     swapped args to kill(2)
2010-10-07 22:07:58 +11:00
Damien Miller
a41ccca643 - djm@cvs.openbsd.org 2010/10/06 06:39:28
[clientloop.c ssh.c sshconnect.c sshconnect.h]
     kill proxy command on fatal() (we already kill it on clean exit);
     ok markus@
2010-10-07 22:07:32 +11:00
Damien Miller
38d9a965bf - djm@cvs.openbsd.org 2010/10/05 05:13:18
[sftp.c sshconnect.c]
     use default shell /bin/sh if $SHELL is ""; ok markus@
2010-10-07 22:07:11 +11:00
Damien Miller
eb8b60e320 - djm@cvs.openbsd.org 2010/08/31 11:54:45
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
     [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
     [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
     [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
     [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
     [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
     [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
     Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
     host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
     better performance than plain DH and DSA at the same equivalent symmetric
     key length, as well as much shorter keys.

     Only the mandatory sections of RFC5656 are implemented, specifically the
     three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
     ECDSA. Point compression (optional in RFC5656 is NOT implemented).

     Certificate host and user keys using the new ECDSA key types are supported.

     Note that this code has not been tested for interoperability and may be
     subject to change.

     feedback and ok markus@
2010-08-31 22:41:14 +10:00
Damien Miller
c617aa9ff5 - djm@cvs.openbsd.org 2010/04/16 21:14:27
[sshconnect.c]
     oops, %r => remote username, not %u
2010-04-18 08:08:20 +10:00
Damien Miller
4e270b05dd - djm@cvs.openbsd.org 2010/04/16 01:47:26
[PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
     [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
     [sshconnect.c sshconnect2.c sshd.c]
     revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
     following changes:

     move the nonce field to the beginning of the certificate where it can
     better protect against chosen-prefix attacks on the signature hash

     Rename "constraints" field to "critical options"

     Add a new non-critical "extensions" field

     Add a serial number

     The older format is still support for authentication and cert generation
     (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)

     ok markus@
2010-04-16 15:56:21 +10:00
Damien Miller
b1b17047e3 - djm@cvs.openbsd.org 2010/04/14 22:27:42
[ssh_config.5 sshconnect.c]
     expand %r => remote username in ssh_config:ProxyCommand;
     ok deraadt markus
2010-04-16 15:54:19 +10:00
Damien Miller
672839994e - djm@cvs.openbsd.org 2010/04/10 00:04:30
[sshconnect.c]
     fix terminology: we didn't find a certificate in known_hosts, we found
     a CA key
2010-04-16 15:53:02 +10:00
Damien Miller
1aed65eb27 - djm@cvs.openbsd.org 2010/03/04 10:36:03
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
     [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
     [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
     Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
     are trusted to authenticate users (in addition than doing it per-user
     in authorized_keys).

     Add a RevokedKeys option to sshd_config and a @revoked marker to
     known_hosts to allow keys to me revoked and banned for user or host
     authentication.

     feedback and ok markus@
2010-03-04 21:53:35 +11:00