Commit Graph

8104 Commits

Author SHA1 Message Date
doug@openbsd.org
bcce47466b upstream commit
Add "cpath" to the ssh-agent pledge so the cleanup
 handler can unlink().

ok djm@

Upstream-ID: 9e632991d48241d56db645602d381253a3d8c29d
2015-12-04 15:14:59 +11:00
djm@openbsd.org
a90d001543 upstream commit
ssh-agent pledge needs proc for askpass; spotted by todd@

Upstream-ID: 349aa261b29cc0e7de47ef56167769c432630b2a
2015-12-04 15:14:58 +11:00
djm@openbsd.org
d952162b3c upstream commit
basic pledge() for ssh-agent, more refinement needed

Upstream-ID: 5b5b03c88162fce549e45e1b6dd833f20bbb5e13
2015-12-04 15:14:58 +11:00
Damien Miller
f0191d7c8e Revert "stub for pledge(2) for systems that lack it"
This reverts commit 14c887c839.

dtucker beat me to it :/
2015-11-30 10:53:25 +11:00
Damien Miller
6283cc72eb revert 7d4c7513: bring back S/Key prototypes
(but leave RCSID changes)
2015-11-30 10:37:03 +11:00
Damien Miller
14c887c839 stub for pledge(2) for systems that lack it 2015-11-30 09:45:54 +11:00
djm@openbsd.org
452c0b6af5 upstream commit
pledge, better fatal() messages; feedback deraadt@

Upstream-ID: 3e00f6ccfe2b9a7a2d1dbba5409586180801488f
2015-11-30 09:45:53 +11:00
deraadt@openbsd.org
6da413c085 upstream commit
do not leak temp file if there is no known_hosts file
 from craig leres, ok djm

Upstream-ID: c820497fd5574844c782e79405c55860f170e426
2015-11-30 09:45:53 +11:00
Darren Tucker
3ddd15e1b6 Add a null implementation of pledge.
Fixes builds on almost everything.
2015-11-30 07:23:53 +11:00
djm@openbsd.org
b1d6b3971e upstream commit
don't include port number in tcpip-forward replies for
 requests that don't allocate a port; bz#2509 diagnosed by Ron Frederick ok
 markus

Upstream-ID: 77efad818addb61ec638b5a2362f1554e21a970a
2015-11-28 17:44:33 +11:00
deraadt@openbsd.org
9080bd0b9c upstream commit
pledge "stdio rpath wpath cpath fattr tty proc exec"
 except for the -p option (which sadly has insane semantics...) ok semarie
 dtucker

Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059
2015-11-28 17:44:33 +11:00
halex@openbsd.org
4d90625b22 upstream commit
allow comment change for all supported formats

ok djm@

Upstream-ID: 5fc477cf2f119b2d44aa9c683af16cb00bb3744b
2015-11-28 17:44:32 +11:00
djm@openbsd.org
8ca915fc76 upstream commit
add cast to make -Werror clean

Upstream-ID: 288db4f8f810bd475be01320c198250a04ff064d
2015-11-20 12:46:06 +11:00
Damien Miller
ac9473580d fix multiple authentication using S/Key w/ privsep
bz#2502, patch from Kevin Korb and feandil_
2015-11-20 12:35:41 +11:00
djm@openbsd.org
88b6fcdeb8 upstream commit
ban ConnectionAttempts=0, it makes no sense and would cause
 ssh_connect_direct() to print an uninitialised stack variable; bz#2500
 reported by dvw AT phas.ubc.ca

Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5
2015-11-19 19:25:04 +11:00
djm@openbsd.org
964ab3ee7a upstream commit
trailing whitespace

Upstream-ID: 31fe0ad7c4d08e87f1d69c79372f5e3c5cd79051
2015-11-19 12:13:38 +11:00
djm@openbsd.org
f96516d052 upstream commit
print host certificate contents at debug level

Upstream-ID: 39354cdd8a2b32b308fd03f98645f877f540f00d
2015-11-19 12:11:38 +11:00
djm@openbsd.org
499cf36fec upstream commit
move the certificate validity formatting code to
 sshkey.[ch]

Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523
2015-11-19 12:11:37 +11:00
djm@openbsd.org
bcb7bc77bb upstream commit
fix "ssh-keygen -l" of private key, broken in support for
 multiple plain keys on stdin

Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d
2015-11-18 19:40:25 +11:00
millert@openbsd.org
259adb6179 upstream commit
Replace remaining calls to index(3) with strchr(3).  OK
 jca@ krw@

Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d
2015-11-17 11:22:15 +11:00
djm@openbsd.org
c56a255162 upstream commit
Allow fingerprinting from standard input "ssh-keygen -lf
 -"

Support fingerprinting multiple plain keys in a file and authorized_keys
files too (bz#1319)

ok markus@

Upstream-ID: 903f8b4502929d6ccf53509e4e07eae084574b77
2015-11-17 11:22:15 +11:00
djm@openbsd.org
5b4010d9b9 upstream commit
always call privsep_preauth_child() regardless of whether
 sshd was started by root; it does important priming before sandboxing and
 failing to call it could result in sandbox violations later; ok markus@

Upstream-ID: c8a6d0d56c42f3faab38460dc917ca0d1705d383
2015-11-17 11:22:14 +11:00
djm@openbsd.org
3a9f84b58b upstream commit
improve sshkey_read() semantics; only update *cpp when a
 key is successfully read; ok markus@

Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089
2015-11-17 11:18:58 +11:00
logan@openbsd.org
db6f8dc5dd upstream commit
1) Use xcalloc() instead of xmalloc() to check for
 potential overflow.    (Feedback from both mmcc@ and djm@) 2) move set_size
 just before the for loop. (suggested by djm@)

OK djm@

Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213
2015-11-17 11:15:20 +11:00
djm@openbsd.org
383f10fb84 upstream commit
Add a new authorized_keys option "restrict" that
 includes all current and future key restrictions (no-*-forwarding, etc). Also
 add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty".
 This simplifies the task of setting up restricted keys and ensures they are
 maximally-restricted, regardless of any permissions we might implement in the
 future.

Example:

restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1...

Idea from Jann Horn; ok markus@

Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0
2015-11-16 11:31:41 +11:00
jmc@openbsd.org
e41a071f7b upstream commit
correct section number for ssh-agent;

Upstream-ID: 44be72fd8bcc167635c49b357b1beea8d5674bd6
2015-11-16 11:31:40 +11:00
jmc@openbsd.org
1a11670286 upstream commit
do not confuse mandoc by presenting "Dd";

Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65
2015-11-16 11:31:40 +11:00
jcs@openbsd.org
f361df474c upstream commit
Add an AddKeysToAgent client option which can be set to
 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'.  When enabled, a
 private key that is used during authentication will be added to ssh-agent if
 it is running (with confirmation enabled if set to 'confirm').

Initial version from Joachim Schipper many years ago.

ok markus@

Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
2015-11-16 11:31:39 +11:00
djm@openbsd.org
d87063d9ba upstream commit
send SSH2_MSG_UNIMPLEMENTED replies to unexpected
 messages during KEX; bz#2949, ok dtucker@

Upstream-ID: 2b3abdff344d53c8d505f45c83a7b12e84935786
2015-11-16 11:31:38 +11:00
djm@openbsd.org
9fd04681a1 upstream commit
Support "none" as an argument for sshd_config
 ForceCommand and ChrootDirectory. Useful inside Match blocks to override a
 global default. bz#2486 ok dtucker@

Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5
2015-11-16 11:31:37 +11:00
djm@openbsd.org
94bc0b72c2 upstream commit
support multiple certificates (one per line) and
 reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@

Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
2015-11-16 11:31:36 +11:00
djm@openbsd.org
b6b9108f5b upstream commit
list a couple more options usable in Match blocks;
 bz#2489

Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879
2015-11-16 11:31:36 +11:00
djm@openbsd.org
a7994b3f5a upstream commit
improve PEEK/POKE macros: better casts, don't multiply
 evaluate arguments; ok deraadt@

Upstream-ID: 9a1889e19647615ededbbabab89064843ba92d3e
2015-11-16 11:31:35 +11:00
djm@openbsd.org
7d4c7513a7 upstream commit
remove prototypes for long-gone s/key support; ok
 dtucker@

Upstream-ID: db5bed3c57118af986490ab23d399df807359a79
2015-11-16 11:31:35 +11:00
Damien Miller
07889c7592 read back from libcrypto RAND when privdropping
makes certain libcrypto implementations cache a /dev/urandom fd
in preparation of sandboxing. Based on patch by Greg Hartman.
2015-11-14 18:49:04 +11:00
Darren Tucker
1560596f44 Fix compiler warnings in the openssl header check.
Noted by Austin English.
2015-11-10 11:14:47 +11:00
jmc@openbsd.org
e72a8575ff upstream commit
-c before -H, in SYNOPSIS and usage();

Upstream-ID: 25e8c58a69e1f37fcd54ac2cd1699370acb5e404
2015-11-09 14:25:41 +11:00
djm@openbsd.org
3a424cdd21 upstream commit
Add "ssh-keyscan -c ..." flag to allow fetching
 certificates instead of plain keys; ok markus@

Upstream-ID: 0947e2177dba92339eced9e49d3c5bf7dda69f82
2015-11-09 14:25:40 +11:00
jmc@openbsd.org
69fead5d7c upstream commit
remove slogin links; ok deraadt markus djm

Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730
2015-11-09 14:25:39 +11:00
djm@openbsd.org
2fecfd486b upstream commit
fix OOB read in packet code caused by missing return
 statement found by Ben Hawkes; ok markus@ deraadt@

Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
2015-11-09 14:25:37 +11:00
mmcc@openbsd.org
5e288923a3 upstream commit
1. rlogin and rsh are long gone 2. protocol version isn't
 of core relevance here, and v1 is going away

ok markus@, deraadt@

Upstream-ID: 8b46bc94cf1ca7c8c1a75b1c958b2bb38d7579c8
2015-11-09 14:25:36 +11:00
jmc@openbsd.org
8b29008bbe upstream commit
"commandline" -> "command line", since there are so few
 examples of the former in the pages, so many of the latter, and in some of
 these pages we had multiple spellings;

prompted by tj

Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
2015-11-09 14:25:35 +11:00
Darren Tucker
996b24cebf (re)wrap SYS_sendsyslog in ifdef.
Replace ifdef that went missing in commit
c61b42f267.  Fixes build on older
OpenBSDs.
2015-10-29 20:57:34 +11:00
djm@openbsd.org
b67e2e76fc upstream commit
regress test for "PubkeyAcceptedKeyTypes +..." inside a
 Match block

Upstream-Regress-ID: 246c37ed64a2e5704d4c158ccdca1ff700e10647
2015-10-29 19:07:20 +11:00
dtucker@openbsd.org
abd9dbc3c0 upstream commit
Fix typo certopt->certopts in shell variable.  This would
 cause the test to hang at a host key prompt if you have an A or CNAME for
 "proxy" in your local domain.

Upstream-Regress-ID: 6ea03bcd39443a83c89e2c5606392ceb9585836a
2015-10-29 19:07:19 +11:00
djm@openbsd.org
ed08510d38 upstream commit
Fix "PubkeyAcceptedKeyTypes +..." inside a Match block;
 ok dtucker@

Upstream-ID: 853662c4036730b966aab77684390c47b9738c69
2015-10-29 19:07:18 +11:00
djm@openbsd.org
a4aef3ed29 upstream commit
fix execv arguments in a way less likely to cause grief
 for -portable; ok dtucker@

Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5
2015-10-29 19:07:16 +11:00
djm@openbsd.org
63d188175a upstream commit
log certificate serial in verbose() messages to match the
 main auth success/fail message; ok dtucker@

Upstream-ID: dfc48b417c320b97c36ff351d303c142f2186288
2015-10-29 19:07:15 +11:00
djm@openbsd.org
2aaba0cfd5 upstream commit
avoid de-const warning & shrink; ok dtucker@

Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db
2015-10-29 19:07:14 +11:00
dtucker@openbsd.org
03239c1831 upstream commit
Expand tildes in filenames passed to -i before checking
 whether or not the identity file exists.  This means that if the shell
 doesn't do the expansion (eg because the option and filename were given as a
 single argument) then we'll still add the key.  bz#2481, ok markus@

Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6
2015-10-29 19:07:13 +11:00