RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-10 11:39:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,181 Commits 69 Branches 157 Tags 27 MiB
9d38074b54
Commit Graph

11181 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
djm@openbsd.org
9d38074b54 upstream: test for first-match-wins in authorized_keys environment= 
options

OpenBSD-Regress-ID: 1517c90276fe84b5dc5821c59f88877fcc34c0e8
 2021-07-24 12:31:05 +10:00
dtucker@openbsd.org
2b76f1dd19 upstream: Simplify keygen-convert by using $SSH_KEYTYPES directly. 
OpenBSD-Regress-ID: cdbe408ec3671ea9ee9b55651ee551370d2a4108
 2021-07-24 12:31:05 +10:00
djm@openbsd.org
7d64a9fb58 upstream: don't leak environment= variable when it is not the first 
match

OpenBSD-Commit-ID: 7fbdc3dfe0032deaf003fd937eeb4d434ee4efe0
 2021-07-24 12:30:58 +10:00
jmc@openbsd.org
db2130e234 upstream: punctuation; 
OpenBSD-Commit-ID: 64be152e378c45975073ab1c07e0db7eddd15806
 2021-07-24 12:30:58 +10:00
djm@openbsd.org
03190d1098 upstream: mention in comment that read_passphrase(..., RP_ALLOW_STDIN) 
will try to use askpass first. bz3314

convert a couple of debug() -> debug_f() while here

OpenBSD-Commit-ID: c7e812aebc28fcc5db06d4710e0f73613dee545c
 2021-07-23 15:57:56 +10:00
dtucker@openbsd.org
1653ece683 upstream: Test conversion of ed25519 and ecdsa keys too. 
OpenBSD-Regress-ID: 3676d2d00e58e0d6d37f2878f108cc2b83bbe4bb
 2021-07-23 15:25:34 +10:00
dtucker@openbsd.org
8b7af02dcf upstream: Add test for exporting pubkey from a passphrase-protected 
private key.

OpenBSD-Regress-ID: da99d93e7b235fbd5b5aaa01efc411225e6ba8ac
 2021-07-23 15:25:34 +10:00
djm@openbsd.org
441095d4a3 upstream: regression test for time-limited signature keys 
OpenBSD-Regress-ID: 2a6f3bd900dbee0a3c96f1ff23e032c93ab392bc
 2021-07-23 15:25:34 +10:00
djm@openbsd.org
9e1882ef64 upstream: note successful authentication method in final "Authenticated 
to ..." message and partial auth success messages (all at LogLevel=verbose)
ok dtucker@

OpenBSD-Commit-ID: 06834b89ceb89f8f16c5321d368a66c08f441984
 2021-07-23 15:25:19 +10:00
djm@openbsd.org
a917e973a1 upstream: Add a ForkAfterAuthentication ssh_config(5) counterpart 
to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok
dtucker

OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
 2021-07-23 14:07:19 +10:00
djm@openbsd.org
e0c5088f1c upstream: Add a StdinNull directive to ssh_config(5) that allows 
the config file to do the same thing as -n does on the ssh(1) commandline.
Patch from Volker Diels-Grabsch via GHPR231; ok dtucker

OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
 2021-07-23 14:07:19 +10:00
djm@openbsd.org
e3957e21ff upstream: make authorized_keys environment="..." directives 
first-match-wins and more strictly limit their maximum number; prompted by
OOM reported by OSS-fuzz (35470).

feedback and ok dtucker@

OpenBSD-Commit-ID: 01f63fc10dcd995e7aed9c378ad879161af83121
 2021-07-23 14:07:19 +10:00
djm@openbsd.org
d0bb1ce731 upstream: Let allowed signers files used by ssh-keygen(1) 
signatures support key lifetimes, and allow the verification mode to specify
a signature time to check at. This is intended for use by git to support
signing objects using ssh keys. ok dtucker@

OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
 2021-07-23 14:07:19 +10:00
dtucker@openbsd.org
44142068dc upstream: Use SUDO when setting up hostkey. 
OpenBSD-Regress-ID: 990cf4481cab8dad62e90818a9b4b36c533851a7
 2021-07-19 19:20:33 +10:00
dtucker@openbsd.org
6b67f3f1d1 upstream: Increase time margin for rekey tests. Should help 
reliability on very heavily loaded hosts.

OpenBSD-Regress-ID: 4c28a0fce3ea89ebde441d7091464176e9730533
 2021-07-19 17:08:56 +10:00
Darren Tucker
7953e1bfce Add sshfp-connect.sh file missed in previous. 2021-07-19 13:47:51 +10:00
dtucker@openbsd.org
b75a80fa83 upstream: Ensure that all returned SSHFP records for the specified host 
name and hostkey type match instead of only one.  While there, simplify the
code somewhat and add some debugging.  Based on discussion in bz#3322, ok
djm@.

OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4
 2021-07-19 13:46:13 +10:00
dtucker@openbsd.org
1cc1fd0953 upstream: Id sync only, -portable already has this. 
Put dh_set_moduli_file call inside ifdef WITH_OPENSSL. Fixes
build with OPENSSL=no.

OpenBSD-Commit-ID: af54abbebfb12bcde6219a44d544e18204defb15
 2021-07-19 13:04:52 +10:00
dtucker@openbsd.org
33abbe2f41 upstream: Add test for host key verification via SSHFP records. This 
requires some external setup to operate so is disabled by default (see
comments in sshfp-connect.sh).

OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9
 2021-07-19 13:02:55 +10:00
dtucker@openbsd.org
f0cd000d8e upstream: Add ed25519 key and test SSHFP export of it. Only test 
RSA SSHFP export if we have RSA functionality compiled in.

OpenBSD-Regress-ID: b4ff5181b8c9a5862e7f0ecdd96108622333a9af
 2021-07-19 12:50:51 +10:00
dtucker@openbsd.org
0075511e27 upstream: Group keygen tests together. 
OpenBSD-Regress-ID: 07e2d25c527bb44f03b7c329d893a1f2d6c5c40c
 2021-07-19 12:50:12 +10:00
dtucker@openbsd.org
034828820c upstream: Add test for ssh-keygen printing of SSHFP records. 
OpenBSD-Regress-ID: fde9566b56eeb980e149bbe157a884838507c46b
 2021-07-19 09:23:57 +10:00
djm@openbsd.org
52c3b6985e upstream: wrap some long lines 
OpenBSD-Commit-ID: 4f5186b1466656762dae37d3e569438d900c350d
 2021-07-17 10:43:23 +10:00
djm@openbsd.org
43ec991a78 upstream: fix sftp on ControlPersist connections, broken by recent 
SessionType change; spotted by sthen@

OpenBSD-Commit-ID: 4c5ddc5698790ae6ff50d2a4f8f832f0eeeaa234
 2021-07-17 10:43:23 +10:00
djm@openbsd.org
073f45c236 upstream: Explicitly check for and start time-based rekeying in the 
client and server mainloops.

Previously the rekey timeout could expire but rekeying would not start
until a packet was sent or received. This could cause us to spin in
select() on the rekey timeout if the connection was quiet.

ok markus@

OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987
 2021-07-16 19:21:04 +10:00
jmc@openbsd.org
ef7c4e52d5 upstream: reorder SessionType; ok djm 
OpenBSD-Commit-ID: c7dd0b39e942b1caf4976a0b1cf0fed33d05418c
 2021-07-16 19:21:04 +10:00
Darren Tucker
8aa2f9aeb5 Make whitespace consistent. 2021-07-14 11:27:24 +10:00
Darren Tucker
4f4297ee9b Add ARM64 Linux self-hosted runner. 2021-07-14 11:27:24 +10:00
djm@openbsd.org
eda8909d1b upstream: add a SessionType directive to ssh_config, allowing the 
configuration file to offer equivalent control to the -N (no session) and -s
(subsystem) command-line flags.

Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
feedback and ok dtucker@

OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
 2021-07-14 09:49:47 +10:00
djm@openbsd.org
7ae69f2628 upstream: fix some broken tests; clean up output 
OpenBSD-Regress-ID: 1d5038edb511dc4ce1622344c1e724626a253566
 2021-07-14 09:20:56 +10:00
Darren Tucker
f5fc6a4c34 Add configure-time detection for SSH_TIME_T_MAX. 
Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms
were time_t is a long long.  The limit used is for the signed type, so if
some system has a 32bit unsigned time_t then the lower limit will still
be imposed and we would need to add some way to detect this.  Anyone using
an unsigned 64bit can let us know when it starts being a problem.
 2021-07-12 18:21:26 +10:00
dtucker@openbsd.org
fd2d06ae44 upstream: Make limit for time_t test unconditional in the 
format_absolute_time fix for bz#3329 that allows printing of timestamps past
INT_MAX. This was incorrectly included with the previous commit.   Based on
discussion with djm@.

OpenBSD-Commit-ID: 835936f6837c86504b07cabb596b613600cf0f6e
 2021-07-12 17:38:47 +10:00
dtucker@openbsd.org
6c29b387cd upstream: Use existing format_absolute_time() function when 
printing cert validity instead of doing it inline.  Part of bz#3329.

OpenBSD-Commit-ID: a13d4e3c4f59644c23745eb02a09b2a4e717c00c
 2021-07-12 17:38:47 +10:00
djm@openbsd.org
99981d5f8b upstream: silence redundant error message; reported by Fabian Stelzer 
OpenBSD-Commit-ID: 9349a703016579a60557dafd03af2fe1d44e6aa2
 2021-07-09 19:57:16 +10:00
John Ericson
e860978134 Re-indent krb5 section after pkg-config addition. 2021-07-09 15:35:13 +10:00
John Ericson
32dd2daa56 Support finding Kerberos via pkg-config 
This makes cross compilation easier.
 2021-07-09 15:27:09 +10:00
Darren Tucker
def7a72234 Update comments about EGD to include prngd. 2021-07-09 14:34:06 +10:00
dtucker@openbsd.org
b5d23150b4 upstream: Fix a couple of whitespace things. Portable already has 
these so this removes two diffs between the two.

OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56
 2021-07-08 14:57:17 +10:00
dtucker@openbsd.org
8f57be9f27 upstream: Order includes as per style(9). Portable already has 
these so this removes a handful of diffs between the two.

OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77
 2021-07-08 14:51:47 +10:00
dtucker@openbsd.org
b75624f873 upstream: Remove comment referencing now-removed 
RhostsRSAAuthentication.  ok djm@

OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9
 2021-07-08 14:50:59 +10:00
djm@openbsd.org
b67eb12f01 upstream: allow spaces to appear in usernames for local to remote, 
and scp -3 remote to remote copies. with & ok dtucker bz#1164

OpenBSD-Commit-ID: e9b550f3a85ffbb079b6720833da31317901d6dd
 2021-07-05 10:27:03 +10:00
dtucker@openbsd.org
8c4ef0943e upstream: Remove obsolete comments about SSHv1 auth methods. ok 
djm@

OpenBSD-Commit-ID: 6060f70966f362d8eb4bec3da2f6c4712fbfb98f
 2021-07-05 10:27:03 +10:00
Darren Tucker
88908c9b61 Remove reference to ChallengeResponse. 
challenge_response_authentication was removed from the struct, keeping
kbd_interactive_authentication.
 2021-07-03 23:00:19 +10:00
Darren Tucker
321874416d Move signal.h up include order to match upstream. 2021-07-03 20:38:09 +10:00
Darren Tucker
4fa83e2d0e Remove old OpenBSD version marker. 
Looks like an accidental leftover from a sync.
 2021-07-03 20:36:06 +10:00
Darren Tucker
9d5e31f55d Remove duplicate error on error path. 
There's an extra error() call on the listen error path, it looks like
its removal was missed during an upstream sync.
 2021-07-03 20:34:19 +10:00
Darren Tucker
888c459925 Remove some whitespace not in upstream. 
Reduces diff vs OpenBSD by a small amount.
 2021-07-03 20:32:46 +10:00
Darren Tucker
4d2d4d47a1 Replace remaining references to ChallengeResponse. 
Portable had a few additional references to ChallengeResponse related to
UsePAM, replaces these with equivalent keyboard-interactive ones.
 2021-07-03 19:27:43 +10:00
Darren Tucker
53237ac789 Sync remaining ChallengeResponse removal. 
These were omitted from commit 88868fd131.
 2021-07-03 19:23:28 +10:00
Darren Tucker
2c9e4b319f Disable rocky84 to figure out why agent test fails 2021-07-03 19:17:31 +10:00