Commit Graph

355 Commits

Author SHA1 Message Date
djm@openbsd.org
54b333d12e
upstream: add a RequiredRSASize for checking RSA key length in
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).

feedback deraadt, Dmitry Belyavskiy; ok markus@

OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
2022-09-17 20:39:02 +10:00
djm@openbsd.org
f964809068 upstream: attemp FIDO key signing without PIN and use the error
code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302

OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
2022-08-19 16:34:06 +10:00
dtucker@openbsd.org
6c31ba10e9 upstream: Don't leak the strings allocated by order_hostkeyalgs()
and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of
github PR#324 from ZoltanFridrich, ok djm@

This is a roll-forward of the previous rollback now that the required
changes in compat.c have been done.

OpenBSD-Commit-ID: c7cd93730b3b9f53cdad3ae32462922834ef73eb
2022-07-01 13:41:16 +10:00
dtucker@openbsd.org
2369a28101 upstream: Roll back previous KEX changes as they aren't safe until
compat_pkalg_proposal and friends always allocate their returned strings.
Reported by Qualys.

OpenBSD-Commit-ID: 1c7a88a0d5033f42f88ab9bec58ef1cf72c81ad0
2022-06-28 07:43:15 +10:00
dtucker@openbsd.org
646686136c upstream: Don't leak the strings allocated by order_hostkeyalgs()
and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of
github PR#324 from ZoltanFridrich, ok djm@

OpenBSD-Commit-ID: b2f6e5f60f2bba293b831654328a8a0035ef4a1b
2022-06-28 07:43:15 +10:00
djm@openbsd.org
541667fe6d upstream: mark const string array contents const too, i.e. static
const char *array => static const char * const array from Mike Frysinger

OpenBSD-Commit-ID: a664e31ea6a795d7c81153274a5f47b22bdc9bc1
2022-02-02 10:38:59 +11:00
djm@openbsd.org
d9dbb5d9a0 upstream: allow hostbased auth to select RSA keys when only
RSA/SHA2 are configured (this is the default case); ok markus@

OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827
2022-01-07 09:21:39 +11:00
djm@openbsd.org
c385abf765 upstream: PubkeyAuthentication=yes|no|unbound|host-bound
Allow control over which pubkey methods are used. Added out of
concern that some hardware devices may have difficulty signing
the longer pubkey authentication challenges. This provides a
way for them to disable the extension. It's also handy for
testing.

feedback / ok markus@

OpenBSD-Commit-ID: ee52580db95c355cf6d563ba89974c210e603b1a
2021-12-20 09:28:08 +11:00
djm@openbsd.org
94ae0c6f0e upstream: client side of host-bound pubkey authentication
Add kex->flags member to enable the publickey-hostbound-v00@openssh.com
authentication method.

Use the new hostbound method in client if the kex->flags flag was set,
and include the inital KEX hostkey in the userauth request.

Note: nothing in kex.c actually sets the new flag yet

ok markus@

OpenBSD-Commit-ID: 5a6fce8c6c8a77a80ee1526dc467d91036a5910d
2021-12-20 09:28:07 +11:00
djm@openbsd.org
e9497ecf73 upstream: ssh client side of binding
send session ID, hostkey, signature and a flag indicating whether the
agent connection is being forwarded to ssh agent each time a connection
is opened via a new "session-bind@openssh.com" agent extension.

ok markus@

OpenBSD-Commit-ID: 2f154844fe13167d3ab063f830d7455fcaa99135
2021-12-20 09:24:42 +11:00
djm@openbsd.org
9e1882ef64 upstream: note successful authentication method in final "Authenticated
to ..." message and partial auth success messages (all at LogLevel=verbose)
ok dtucker@

OpenBSD-Commit-ID: 06834b89ceb89f8f16c5321d368a66c08f441984
2021-07-23 15:25:19 +10:00
Darren Tucker
53237ac789 Sync remaining ChallengeResponse removal.
These were omitted from commit 88868fd131.
2021-07-03 19:23:28 +10:00
djm@openbsd.org
d45b9c63f9 upstream: fix debug message when finding a private key to match a
certificate being attempted for user authentication. Previously it would
print the certificate's path, whereas it was supposed to be showing the
private key's path. Patch from Alex Sherwin via GHPR247

OpenBSD-Commit-ID: d5af3be66d0f22c371dc1fe6195e774a18b2327b
2021-06-07 13:39:41 +10:00
djm@openbsd.org
4265215d73 upstream: Client-side workaround for a bug in OpenSSH 7.4: this release
allows RSA/SHA2 signatures for public key authentication but fails to
advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these
server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse
to offer valid keys.

Reported by and based on patch from Gordon Messmer via bz3213, thanks
also for additional analysis by Jakub Jelen. ok dtucker

OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7
2021-06-06 13:41:36 +10:00
djm@openbsd.org
31d8d231eb upstream: highly polished whitespace, mostly fixing spaces-for-tab
and bad indentation on continuation lines. Prompted by GHPR#185

OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
2021-04-03 17:23:02 +11:00
djm@openbsd.org
39be3dc209 upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t
and use that instead of global variables containing copies of it. feedback/ok
markus@

OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
2021-01-27 21:10:57 +11:00
djm@openbsd.org
4ca6a1fac3 upstream: remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@

OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
2021-01-27 20:28:25 +11:00
dtucker@openbsd.org
e9f78d6b06 upstream: Rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAcceptedAlgorithms.  The previous names are retained as aliases.  ok
djm@

OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
2021-01-26 22:50:40 +11:00
djm@openbsd.org
d1e578afe7 upstream: make ssh hostbased authentication send the signature
algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on
signature algorithm and not key type.

spotted with dtucker@ ok markus@

OpenBSD-Commit-ID: 25bffe19f0326972f5728170f7da81d5f45c78c6
2021-01-25 17:04:40 +11:00
dtucker@openbsd.org
ee9c0da803 upstream: Rename PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. While the two were originally equivalent, this
actually specifies the signature algorithms that are accepted.  Some key
types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512)
so the old name is becoming increasingly misleading.  The old name is
retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@

OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
2021-01-22 15:03:56 +11:00
djm@openbsd.org
4c7af01f9d upstream: If a signature operation on a FIDO key fails with a
"incorrect PIN" reason and no PIN was initially requested from the user, then
request a PIN and retry the operation.

This smoothes over a few corner cases including FIDO devices that
require PINs for all hosted credentials, biometric FIDO devices that
fall back to requiring PIN when reading the biometric failed, devices
that don't implement reading credProtect status for downloaded keys
and probably a few more cases that I haven't though of yet.

ok dtucker@

OpenBSD-Commit-ID: 176db8518933d6a5bbf81a2e3cf62447158dc878
2021-01-08 13:58:27 +11:00
djm@openbsd.org
2c71cec020 upstream: Update/replace the experimental post-quantim hybrid key
exchange method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.

The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).

Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself

(note this both the updated method and the one that it replaced are
disabled by default)

OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
2020-12-29 12:38:53 +11:00
djm@openbsd.org
da4bf0db94 upstream: add a ssh_config KnownHostsCommand that allows the client
to obtain known_hosts data from a command in addition to the usual files.

The command accepts bunch of %-expansions, including details of the
connection and the offered server host key. Note that the command may
be invoked up to three times per connection (see the manpage for
details).

ok markus@

OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0
2020-12-22 15:43:59 +11:00
djm@openbsd.org
0f504f592d upstream: plumb ssh_conn_info through to sshconnect.c; feedback/ok
markus@

OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0
2020-12-21 10:52:28 +11:00
djm@openbsd.org
b4c7cd1185 upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*
Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
FILE* argument instead of opening the file directly.

Original load_hostkeys() and hostkeys_foreach() are implemented using
these new interfaces.

Add a u_int note field to the hostkey_entry and hostkey_foreach_line
structs that is passed directly from the load_hostkeys() and
hostkeys_foreach() call. This is a lightweight way to annotate results
between different invocations of load_hostkeys().

ok markus@

OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
2020-12-21 10:52:28 +11:00
djm@openbsd.org
04088725ec upstream: scrub keyboard-interactive authentication prompts coming
from the server through asmprintf() prior to display; suggested by and ok
dtucker@

OpenBSD-Commit-ID: 31fe93367645c37fbfe4691596bf6cf1e3972a58
2020-11-13 18:32:24 +11:00
djm@openbsd.org
5442b491d0 upstream: prefix keyboard interactive prompts with (user@host) to
make it easier to determine which connection they are associated with in
cases like scp -3, ProxyJump, etc. bz#3224 ok dtucker

OpenBSD-Commit-ID: 67e6189b04b46c867662f8a6759cf3ecb5f59170
2020-11-13 18:32:24 +11:00
djm@openbsd.org
d5a0cd4fc4 upstream: when requesting a security key touch on stderr, inform the
user once the touch has been recorded; requested by claudio@ ok markus@

OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233
2020-11-09 09:39:22 +11:00
djm@openbsd.org
7d680448db upstream: print reason in fatal error message when
kex_assemble_namelist() fails

OpenBSD-Commit-ID: a9975ee8db6c98d6f32233d88051b2077ca63dab
2020-11-04 10:09:25 +11:00
djm@openbsd.org
1a14c13147 upstream: whitespace; no code change
OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79
2020-10-29 13:54:13 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org
acadbb3402 upstream: use do_log2 instead of function pointers to different log
functions

OpenBSD-Commit-ID: 88077b826d348c58352a6b394755520f4e484480
2020-10-17 00:37:13 +11:00
djm@openbsd.org
aa623142e4 upstream: revert kex->flags cert hostkey downgrade back to a plain
key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less
plumbing.

ok markus@

OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
2020-10-07 13:34:11 +11:00
djm@openbsd.org
af889a40ff upstream: when ordering host key algorithms in the client, consider
the ECDSA key subtype; ok markus@

OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece
2020-10-07 13:33:12 +11:00
djm@openbsd.org
13cee44ef9 upstream: record when the host key checking code downgrades a
certificate host key to a plain key. This occurs when the user connects to a
host with a certificate host key but no corresponding CA key configured in
known_hosts; feedback and ok markus@

OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901
2020-10-03 18:31:49 +10:00
djm@openbsd.org
b3855ff053 upstream: tweak the client hostkey preference ordering algorithm to
prefer the default ordering if the user has a key that matches the
best-preference default algorithm.

feedback and ok markus@

OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f
2020-09-18 15:25:01 +10:00
djm@openbsd.org
9b8ad93824 upstream: support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.

This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.

feedback markus@ and Pedro Martelletto; ok markus@

OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
2020-08-27 11:28:36 +10:00
bket@openbsd.org
e1c401109b upstream: Replace TAILQ concatenation loops with TAILQ_CONCAT
OK djm@

OpenBSD-Commit-ID: 454b40e09a117ddb833794358970a65b14c431ef
2020-07-03 15:12:31 +10:00
djm@openbsd.org
6704288957 upstream: wrap long line
OpenBSD-Commit-ID: ed405a12bd27bdc9c52e169bc5ff3529b4ebbbb2
2020-06-05 13:28:29 +10:00
djm@openbsd.org
05a651400d upstream: when ordering the hostkey algorithms to request from a
server, prefer certificate types if the known_hosts files contain a key
marked as a @cert-authority; bz#3157 ok markus@

OpenBSD-Commit-ID: 8f194573e5bb7c01b69bbfaabc68f27c9fa5e0db
2020-05-27 10:09:18 +10:00
djm@openbsd.org
54688e937a upstream: fix reversed test that caused IdentitiesOnly=yes to not
apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@

OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677
2020-04-17 14:03:36 +10:00
djm@openbsd.org
96bd895a0a upstream: When using HostkeyAlgorithms to merely append or remove
algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the
default behaviour of preferring those algorithms that have existing keys in
known_hosts; ok markus

OpenBSD-Commit-ID: 040e7fcc38ea00146b5d224ce31ce7a1795ee6ed
2020-02-07 09:53:00 +11:00
naddy@openbsd.org
a47f6a6c0e upstream: Replace "security key" with "authenticator" in program
messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".

ok djm@

OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
2020-02-07 09:52:59 +11:00
dtucker@openbsd.org
7f8e66fea8 upstream: Make zlib optional. This adds a "ZLIB" build time option
that allows building without zlib compression and associated options.  With
feedback from markus@, ok djm@

OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
2020-01-23 21:53:54 +11:00
dtucker@openbsd.org
3bf2a6ac79 upstream: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.

OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
2020-01-23 18:51:25 +11:00
dtucker@openbsd.org
c4b3a12895 upstream: Remove unsupported algorithms from list of defaults at run
time and remove ifdef and distinct settings for OPENSSL=no case.

This will make things much simpler for -portable where the exact set
of algos depends on the configuration of both OpenSSH and the libcrypto
it's linked against (if any).  ok djm@

OpenBSD-Commit-ID: e0116d0183dcafc7a9c40ba5fe9127805c5dfdd2
2020-01-23 14:40:15 +11:00
djm@openbsd.org
881aded038 upstream: a little more verbosity in sign_and_send_pubkey() debug
messages

OpenBSD-Commit-ID: 6da47a0e6373f6683006f49bc2a516d197655508
2020-01-21 18:09:09 +11:00
djm@openbsd.org
49dc9fa928 upstream: close the "touch your security key" notifier on the error
path too

OpenBSD-Commit-ID: c7628bf80505c1aefbb1de7abc8bb5ee51826829
2019-11-15 13:41:40 +11:00
deraadt@openbsd.org
72687c8e7c upstream: stdarg.h required more broadly; ok djm
OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513
2019-11-15 08:50:10 +11:00
djm@openbsd.org
e44bb61824 upstream: security keys typically need to be tapped/touched in
order to perform a signature operation. Notify the user when this is expected
via the TTY (if available) or $SSH_ASKPASS if we can.

ok markus@

OpenBSD-Commit-ID: 0ef90a99a85d4a2a07217a58efb4df8444818609
2019-11-13 10:15:47 +11:00