Commit Graph

390 Commits

Author SHA1 Message Date
djm@openbsd.org
21b79af6c8
upstream: typo in comment
OpenBSD-Commit-ID: 69285e0ce962a7c6b0ab5f17a293c60a0a360a18
2023-09-11 09:13:42 +10:00
djm@openbsd.org
90ccc5918e
upstream: randomise keystroke obfuscation intervals and average
interval rate. ok dtucker@

OpenBSD-Commit-ID: 05f61d051ab418fcfc4857ff306e420037502382
2023-09-10 13:27:40 +10:00
djm@openbsd.org
694150ad92
upstream: trigger keystroke timing obfucation only if the channels
layer enqueud some data in the last poll() cycle; this avoids triggering the
obfuscatior for non-channels data like ClientAlive probes and also fixes a
related problem were the obfucations would be triggered on fully quiescent
connections.

Based on / tested by naddy@

OpenBSD-Commit-ID: d98f32dc62d7663ff4660e4556e184032a0db123
2023-09-04 10:09:54 +10:00
djm@openbsd.org
b5fd97896b
upstream: avoid bogus "obfuscate_keystroke_timing: stopping ..."
debug messages when keystroke timing obfuscation was never started; spotted
by naddy@

OpenBSD-Commit-ID: 5c270d35f7d2974db5c1646e9c64188f9393be31
2023-09-04 10:09:53 +10:00
djm@openbsd.org
3867361ca6
upstream: explicit long long type in timing calculations (doesn't
matter, since the range is pre-clamped)

OpenBSD-Commit-ID: f786ed902d04a5b8ecc581d068fea1a79aa772de
2023-08-28 14:07:56 +10:00
djm@openbsd.org
7603ba7126
upstream: Add keystroke timing obfuscation to the client.
This attempts to hide inter-keystroke timings by sending interactive
traffic at fixed intervals (default: every 20ms) when there is only a
small amount of data being sent. It also sends fake "chaff" keystrokes
for a random interval after the last real keystroke. These are
controlled by a new ssh_config ObscureKeystrokeTiming keyword/

feedback/ok markus@

OpenBSD-Commit-ID: 02231ddd4f442212820976068c34a36e3c1b15be
2023-08-28 13:34:10 +10:00
dtucker@openbsd.org
09d8da0849
upstream: Move up null check and simplify process_escapes.
Based on Coverity CID 291863 which points out we check the channel
pointer for NULLness after dereferencing it.  Move this to the start
of the function, and while there simplify initialization of efc a bit.
ok djm@

OpenBSD-Commit-ID: de36e5ad6fde0fe263ca134e986b9095dc59380a
2023-04-03 18:35:04 +10:00
djm@openbsd.org
c6011129ca
upstream: remove redundant test
OpenBSD-Commit-ID: 6a0b719f9b1ae9d42ad8c5b144c7962c93792f7c
2023-03-31 15:06:20 +11:00
guenther@openbsd.org
51875897b8
upstream: Delete obsolete /* ARGSUSED */ lint comments.
ok miod@ millert@

OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
2023-03-08 17:26:53 +11:00
dtucker@openbsd.org
e44846a448
upstream: Check for non-NULL before string
comparison. From jjelen at redhat.com via bz#2687.

OpenBSD-Commit-ID: 0d9b2e0cac88a311b5766b1aef737082583c285f
2023-03-04 14:42:56 +11:00
dtucker@openbsd.org
e37261dff3
upstream: Use time_t for x11_refuse_time timeout. We need
SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available.
Fixes a Coverity warning for 64bit time_t safety, ok djm@

OpenBSD-Commit-ID: c69c4c3152cdaab953706db4ccf4d5fd682f7d8d
2023-03-03 14:16:42 +11:00
djm@openbsd.org
c60438158a
upstream: Add channel_force_close()
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.

Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.

ok markus dtucker

OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
2023-01-06 16:21:39 +11:00
djm@openbsd.org
d478cdc7ad
upstream: replace manual poll/ppoll timeout math with ptimeout API
feedback markus / ok markus dtucker

OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
2023-01-06 16:21:39 +11:00
dtucker@openbsd.org
4a1805d532
upstream: Add void to client_repledge args to fix compiler warning. ok djm@
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
2022-11-30 12:16:14 +11:00
djm@openbsd.org
815c470493
upstream: tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@

OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
2022-11-30 12:16:10 +11:00
djm@openbsd.org
f7cebbbf40
upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.

feedback deraadt@ dtucker@; tested in snaps for a while

OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
2022-11-30 12:16:08 +11:00
dtucker@openbsd.org
650de7ecd3
upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@

OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
2022-11-11 11:24:46 +11:00
djm@openbsd.org
db2027a687
upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change

OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
2022-11-09 20:43:16 +11:00
djm@openbsd.org
22e1a3a71a upstream: Make SetEnv directives first-match-wins in both
sshd_config and sshd_config; previously if the same name was reused then the
last would win (which is the opposite to how the config is supposed to work).

While there, make the ssh_config parsing more like sshd_config.

bz3438, ok dtucker

OpenBSD-Commit-ID: 797909c1e0262c0d00e09280459d7ab00f18273b
2022-06-03 14:33:18 +10:00
djm@openbsd.org
fec014785d upstream: Try to continue running local I/O for channels in state
OPEN during SSH transport rekeying. The most visible benefit is that it
should make ~-escapes work in the client (e.g. to exit) if the connection
happened to have stalled during a rekey event. Based work by and ok dtucker@

OpenBSD-Commit-ID: a66e8f254e92edd4ce09c9f750883ec8f1ea5f45
2022-04-20 15:08:54 +10:00
Darren Tucker
9fa63a19f6 Put poll.h inside ifdef. 2022-02-10 23:51:02 +11:00
djm@openbsd.org
b30d32159d upstream: add a ssh_packet_process_read() function that reads from
a fd directly into the transport input buffer.

Use this in the client and server mainloops to avoid unnecessary
copying. It also lets us use a more greedy read size without penalty.

Yields a 2-3% performance gain on cipher-speed.sh (in a fairly
unscientific test tbf)

feedback dtucker@ ok markus@

OpenBSD-Commit-ID: df4112125bf79d8e38e79a77113e1b373078e632
2022-01-25 12:18:35 +11:00
djm@openbsd.org
c7964fb982 upstream: add a helper for writing an error message to the
stderr_buf and setting quit_pending; no functional change but saves a bunch
of boilerplate

OpenBSD-Commit-ID: 0747657cad6b9eabd514a6732adad537568e232d
2022-01-25 10:45:39 +11:00
djm@openbsd.org
a882a09722 upstream: suppress "Connection to xxx closed" messages at LogLevel >=
error bz3378; ok dtucker@

OpenBSD-Commit-ID: d5bf457d5d2eb927b81d0663f45248a31028265c
2022-01-12 09:33:35 +11:00
djm@openbsd.org
291721bc7c upstream: stricter UpdateHostkey signature verification logic on
the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when
RSA/SHA1 was explicitly negotiated during initial KEX; bz3375

ok markus@

OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29
2022-01-07 09:21:38 +11:00
djm@openbsd.org
17877bc81d upstream: convert ssh, sshd mainloops from select() to poll();
feedback & ok deraadt@ and markus@ has been in snaps for a few months

OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c
2022-01-07 09:21:38 +11:00
jsg@openbsd.org
cb885178f3 upstream: spelling ok dtucker@
OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19
2022-01-01 15:19:48 +11:00
djm@openbsd.org
e9497ecf73 upstream: ssh client side of binding
send session ID, hostkey, signature and a flag indicating whether the
agent connection is being forwarded to ssh agent each time a connection
is opened via a new "session-bind@openssh.com" agent extension.

ok markus@

OpenBSD-Commit-ID: 2f154844fe13167d3ab063f830d7455fcaa99135
2021-12-20 09:24:42 +11:00
djm@openbsd.org
199c4df66c upstream: less confusing debug message; bz#3365
OpenBSD-Commit-ID: 836268d3642c2cdc84d39b98d65837f5241e4a50
2021-11-19 08:33:19 +11:00
djm@openbsd.org
56c4455d3b upstream: wrap at 80 columns
OpenBSD-Commit-ID: 47ca2286d6b52a9747f34da16d742879e1a37bf0
2021-08-30 09:58:15 +10:00
djm@openbsd.org
a917e973a1 upstream: Add a ForkAfterAuthentication ssh_config(5) counterpart
to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok
dtucker

OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
2021-07-23 14:07:19 +10:00
djm@openbsd.org
e0c5088f1c upstream: Add a StdinNull directive to ssh_config(5) that allows
the config file to do the same thing as -n does on the ssh(1) commandline.
Patch from Volker Diels-Grabsch via GHPR231; ok dtucker

OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
2021-07-23 14:07:19 +10:00
djm@openbsd.org
073f45c236 upstream: Explicitly check for and start time-based rekeying in the
client and server mainloops.

Previously the rekey timeout could expire but rekeying would not start
until a packet was sent or received. This could cause us to spin in
select() on the rekey timeout if the connection was quiet.

ok markus@

OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987
2021-07-16 19:21:04 +10:00
djm@openbsd.org
eda8909d1b upstream: add a SessionType directive to ssh_config, allowing the
configuration file to offer equivalent control to the -N (no session) and -s
(subsystem) command-line flags.

Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
feedback and ok dtucker@

OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
2021-07-14 09:49:47 +10:00
dtucker@openbsd.org
b5d23150b4 upstream: Fix a couple of whitespace things. Portable already has
these so this removes two diffs between the two.

OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56
2021-07-08 14:57:17 +10:00
djm@openbsd.org
2e1efcfd9f upstream: fix SEGV in UpdateHostkeys debug() message, triggered
when the update removed more host keys than remain present. Fix tested by
reporter James Cook, via bugs@

OpenBSD-Commit-ID: 44f641f6ee02bb957f0c1d150495b60cf7b869d3
2021-05-26 12:46:01 +10:00
djm@openbsd.org
7be4ac8136 upstream: restore blocking status on stdio fds before close
ssh(1) needs to set file descriptors to non-blocking mode to operate
but it was not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell, e.g.

> $ cat > test.sh << _EOF
> #!/bin/sh
> {
>         ssh -Fnone -oLogLevel=verbose ::1 hostname
>         cat /usr/share/dict/words
> } | sleep 10
> _EOF
> $ ./test.sh
> Authenticated to ::1 ([::1]:22).
> Transferred: sent 2352, received 2928 bytes, in 0.1 seconds
> Bytes per second: sent 44338.9, received 55197.4
> cat: stdout: Resource temporarily unavailable

This restores the blocking status for fds 0,1,2 (stdio) before ssh(1)
abandons/closes them.

This was reported as bz3280 and GHPR246; ok dtucker@

OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce
2021-05-19 11:52:14 +10:00
dtucker@openbsd.org
f43859159c upstream: Don't pass NULL as a string in debugging as it does not work
on some platforms in -portable.  ok djm@

OpenBSD-Commit-ID: 937c892c99aa3c9c272a8ed78fa7c2aba3a44fc9
2021-05-05 10:08:43 +10:00
djm@openbsd.org
ac31aa3c63 upstream: more debugging for UpdateHostKeys signature failures
OpenBSD-Commit-ID: 1ee95f03875e1725df15d5e4bea3e73493d57d36
2021-05-03 11:05:31 +10:00
djm@openbsd.org
f068930635 upstream: a little debugging in the main mux process for status
confirmation failures in multiplexed sessions

OpenBSD-Commit-ID: 6e27b87c95176107597035424e1439c3232bcb49
2021-04-30 14:32:18 +10:00
Damien Miller
57ed647ee0 polish whitespace for portable files 2021-04-03 17:47:37 +11:00
djm@openbsd.org
8a9520836e upstream: return non-zero exit status when killed by signal; bz#3281 ok
dtucker@

OpenBSD-Commit-ID: 117b31cf3c807993077b596bd730c24da9e9b816
2021-03-19 13:24:56 +11:00
djm@openbsd.org
39be3dc209 upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t
and use that instead of global variables containing copies of it. feedback/ok
markus@

OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
2021-01-27 21:10:57 +11:00
djm@openbsd.org
4ca6a1fac3 upstream: remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@

OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
2021-01-27 20:28:25 +11:00
djm@openbsd.org
b4c7cd1185 upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*
Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
FILE* argument instead of opening the file directly.

Original load_hostkeys() and hostkeys_foreach() are implemented using
these new interfaces.

Add a u_int note field to the hostkey_entry and hostkey_foreach_line
structs that is passed directly from the load_hostkeys() and
hostkeys_foreach() call. This is a lightweight way to annotate results
between different invocations of load_hostkeys().

ok markus@

OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
2020-12-21 10:52:28 +11:00
djm@openbsd.org
815209abfd upstream: UpdateHostkeys: fixed/better detection of host keys that
exist under other names and addresses; spotted by and debugged with lots of
help from jca@

OpenBSD-Commit-ID: 5113d7f550bbd48243db1705afbf16b63792d4b7
2020-10-29 13:53:59 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org
95b0bcfd15 upstream: make UpdateHostkeys still more conservative: refuse to
proceed if one of the keys offered by the server is already in known_hosts
under another name. This avoid collisions between address entries for
different host aliases when CheckHostIP=yes

Also, do not attempt to fix known_hosts with incomplete host/ip matches
when there are no new or deprecated hostkeys.

OpenBSD-Commit-ID: 95c19842f7c41f9bd9c92aa6441a278c0fd0c4a3
2020-10-14 11:57:13 +11:00
djm@openbsd.org
f92424970c upstream: UpdateHostkeys: check for keys under other names
Stop UpdateHostkeys from automatically removing deprecated keys from
known_hosts files if the same keys exist under a different name or
address to the host that is being connected to.

This avoids UpdateHostkeys from making known_hosts inconsistent in
some cases. For example, multiple host aliases sharing address-based
known_hosts on different lines, or hosts that resolves to multiple
addresses.

ok markus@

OpenBSD-Commit-ID: 6444a705ba504c3c8ccddccd8d1b94aa33bd11c1
2020-10-12 11:22:55 +11:00
djm@openbsd.org
d98f14b532 upstream: UpdateHostkeys: better CheckHostIP handling
When preparing to update the known_hosts file, fully check both
entries for both the host and the address (if CheckHostIP enabled)
and ensure that, at the end of the operation, entries for both are
recorded.

Make sure this works with HashKnownHosts too, which requires maintaining
a list of entry-types seen across the whole file for each key.

ok markus@

OpenBSD-Commit-ID: 374dc263103f6b343d9671f87dbf81ffd0d6abdd
2020-10-12 11:22:55 +11:00