summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2023-10-04upstream: add some cautionary text about % token expansion anddjm@openbsd.org
shell metacharacters; based on report from vinci AT protonmail.ch OpenBSD-Commit-ID: aa1450a54fcee2f153ef70368d90edb1e7019113
2023-10-04upstream: fix link to agent draft; spotted by Jann Horndjm@openbsd.org
OpenBSD-Commit-ID: ff5bda21a83ec013db683e282256a85201d2dc4b
2023-10-04use portable provider allowlist path in manpageDamien Miller
spotted by Jann Horn
2023-10-01upstream: typo; from Jim Spathderaadt@openbsd.org
OpenBSD-Commit-ID: 2f5fba917b5d4fcf93d9e0b0756c7f63189e228e
2023-09-11upstream: rename remote_glob() -> sftp_glob() to match other APIdjm@openbsd.org
OpenBSD-Commit-ID: d9dfb3708d824ec02970a84d96cf5937e0887229
2023-09-11upstream: typo in commentdjm@openbsd.org
OpenBSD-Commit-ID: 69285e0ce962a7c6b0ab5f17a293c60a0a360a18
2023-09-10Use zero-call-used-regs=used with Apple compilers.Darren Tucker
Apple's versions of clang have version numbers that do not match the corresponding upstream clang versions. Unfortunately, they do still have the clang-15 zero-call-used-regs=all bug, so for now use the value that doesn't result in segfaults. We could allowlist future versions that are known to work. bz#3584 (and probably also our github CI failures).
2023-09-10upstream: randomise keystroke obfuscation intervals and averagedjm@openbsd.org
interval rate. ok dtucker@ OpenBSD-Commit-ID: 05f61d051ab418fcfc4857ff306e420037502382
2023-09-08upstream: fix sizeof(*ptr) instead sizeof(ptr) in realloc (pointer heredjm@openbsd.org
is char**, so harmless); spotted in CID 416964 OpenBSD-Commit-ID: c61caa4a5a667ee20bb1042098861e6c72c69002
2023-09-08upstream: regress test recursive remote-remote directories copies wheredjm@openbsd.org
the directory contains a symlink to another directory. also remove errant `set -x` that snuck in at some point OpenBSD-Regress-ID: 1c94a48bdbd633ef2285954ee257725cd7bc456f
2023-09-08upstream: fix recursive remote-remote copies of directories thatdjm@openbsd.org
contain symlinks to other directories (similar to bz3611) OpenBSD-Commit-ID: 7e19d2ae09b4f941bf8eecc3955c9120171da37f
2023-09-08upstream: regress test for recursive copies of directories containingdjm@openbsd.org
symlinks to other directories. bz3611, ok dtucker@ OpenBSD-Regress-ID: eaa4c29cc5cddff4e72a16bcce14aeb1ecfc94b9
2023-09-08upstream: the sftp code was one of my first contributions todjm@openbsd.org
OpenSSH and it shows - the function names are terrible. Rename do_blah() to sftp_blah() to make them less so. Completely mechanical except for sftp_stat() and sftp_lstat() which change from returning a pointer to a static variable (error-prone) to taking a pointer to a caller-provided receiver. OpenBSD-Commit-ID: eb54d6a72d0bbba4d623e2175cf5cc4c75dc2ba4
2023-09-08upstream: fix scp in SFTP mode recursive upload and download ofdjm@openbsd.org
directories that contain symlinks to other directories. In scp mode, the links would be followed, but in SFTP mode they were not. bz3611, ok dtucker@ OpenBSD-Commit-ID: 9760fda668eaa94a992250d7670dfbc62a45197c
2023-09-07upstream: regression test for override of subsystem in match blocksdjm@openbsd.org
OpenBSD-Regress-ID: 5f8135da3bfda71067084c048d717b0e8793e87c
2023-09-07upstream: allow override of Sybsystem directives in sshd Matchdjm@openbsd.org
blocks OpenBSD-Commit-ID: 3911d18a826a2d2fe7e4519075cf3e57af439722
2023-09-07upstream: allocate the subsystems array as necessary and remove thedjm@openbsd.org
fixed limit of subsystems. Saves a few kb of memory in the server and makes it more like the other options. OpenBSD-Commit-ID: e683dfca6bdcbc3cc339bb6c6517c0c4736a547f
2023-09-07upstream: preserve quoting of Subsystem commands and arguments.djm@openbsd.org
This may change behaviour of exotic configurations, but the most common subsystem configuration (sftp-server) is unlikely to be affected. OpenBSD-Commit-ID: 8ffa296aeca981de5b0945242ce75aa6dee479bf
2023-09-07upstream: downgrade duplicate Subsystem directives from being adjm@openbsd.org
fatal error to being a debug message to match behaviour with just about all other directives. OpenBSD-Commit-ID: fc90ed2cc0c18d4eb8e33d2c5e98d25f282588ce
2023-09-07upstream: handle cr+lf (instead of just cr) in sshsig signaturedjm@openbsd.org
files OpenBSD-Commit-ID: 647460a212b916540016d066568816507375fd7f
2023-09-07upstream: Generate Ed25519 keys when invoked without argumentsjob@openbsd.org
Ed25519 public keys are very convenient due to their small size. OpenSSH has supported Ed25519 since version 6.5 (January 2014). OK djm@ markus@ sthen@ deraadt@ OpenBSD-Commit-ID: f498beaad19c8cdcc357381a60df4a9c69858b3f
2023-09-04upstream: trigger keystroke timing obfucation only if the channelsdjm@openbsd.org
layer enqueud some data in the last poll() cycle; this avoids triggering the obfuscatior for non-channels data like ClientAlive probes and also fixes a related problem were the obfucations would be triggered on fully quiescent connections. Based on / tested by naddy@ OpenBSD-Commit-ID: d98f32dc62d7663ff4660e4556e184032a0db123
2023-09-04upstream: avoid bogus "obfuscate_keystroke_timing: stopping ..."djm@openbsd.org
debug messages when keystroke timing obfuscation was never started; spotted by naddy@ OpenBSD-Commit-ID: 5c270d35f7d2974db5c1646e9c64188f9393be31
2023-09-04upstream: make channel_output_poll() return a flag indicatingdjm@openbsd.org
whether channel data was enqueued. Will be used to improve keystroke timing obfuscation. Problem spotted by / tested by naddy@ OpenBSD-Commit-ID: f9776c7b0065ba7c3bbe50431fd3b629f44314d0
2023-09-04upstream: set interactive mode for ControlPersist sessions if theydjm@openbsd.org
originally requested a tty; enables keystroke timing obfuscation for most ControlPersist sessions. Spotted by naddy@ OpenBSD-Commit-ID: 72783a26254202e2f3f41a2818a19956fe49a772
2023-08-31Set LLONG_MAX for C89 test.Darren Tucker
If we don't have LLONG_MAX, configure will figure out that it can get it by setting -std=gnu99, at which point we won't be testing C89 any more. To avoid this, feed it in via CFLAGS.
2023-08-29upstream: make PerSourceMaxStartups first-match-wins; ok dtucker@djm@openbsd.org
OpenBSD-Commit-ID: dac0c24cb709e3c595b8b4f422a0355dc5a3b4e7
2023-08-29upstream: descriptive text shouldn't be under .Cmdjm@openbsd.org
OpenBSD-Commit-ID: b1afaeb456a52bc8a58f4f9f8b2f9fa8f6bf651b
2023-08-28upstream: limit artificial login delay to a reasonable maximum (5s)djm@openbsd.org
and don't delay at all for the "none" authentication mechanism. Patch by Dmitry Belyavskiy in bz3602 with polish/ok dtucker@ OpenBSD-Commit-ID: 85b364676dd84cf1de0e98fc2fbdcb1a844ce515
2023-08-28upstream: add spacing for punctuation when macro args;jmc@openbsd.org
OpenBSD-Commit-ID: e80343c16ce0420b2aec98701527cf90371bd0db
2023-08-28upstream: explicit long long type in timing calculations (doesn'tdjm@openbsd.org
matter, since the range is pre-clamped) OpenBSD-Commit-ID: f786ed902d04a5b8ecc581d068fea1a79aa772de
2023-08-28upstream: Add keystroke timing obfuscation to the client.djm@openbsd.org
This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword/ feedback/ok markus@ OpenBSD-Commit-ID: 02231ddd4f442212820976068c34a36e3c1b15be
2023-08-28upstream: Introduce a transport-level ping facilitydjm@openbsd.org
This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to implement a ping capability. These messages use numbers in the "local extensions" number space and are advertised using a "ping@openssh.com" ext-info message with a string version number of "0". ok markus@ OpenBSD-Commit-ID: b6b3c4cb2084c62f85a8dc67cf74954015eb547f
2023-08-28upstream: Log errors in kex_exchange_identification() with leveltobhe@openbsd.org
verbose instead of error to reduce preauth log spam. All of those get logged with a more generic error message by sshpkt_fatal(). feedback from sthen@ ok djm@ OpenBSD-Commit-ID: bd47dab4695b134a44c379f0e9a39eed33047809
2023-08-28upstream: correct math for ClientAliveInterval that caused thedjm@openbsd.org
probes to be sent less frequently than configured; from Dawid Majchrzak OpenBSD-Commit-ID: 641153e7c05117436ddfc58267aa267ca8b80038
2023-08-25Include Portable version in sshd version string.Darren Tucker
bz#3608, ok djm@
2023-08-21obsd-arm64 host is real hardware...Darren Tucker
so put in the correct config location.
2023-08-21Add OpenBSD ARM64 test host.Darren Tucker
2023-08-21Add test for zlib development branch.Darren Tucker
2023-08-21upstream: want stdlib.h for free(3)djm@openbsd.org
OpenBSD-Commit-ID: 743af3c6e3ce5e6cecd051668f0327a01f44af29
2023-08-19Fix zlib version check for 1.3 and future version.Darren Tucker
bz#3604.
2023-08-18Add 9.4 branch to CI status page.Darren Tucker
2023-08-18upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that causeddjm@openbsd.org
multiplexed sessions to ignore SIGINT under some circumstances. Reported by / feedback naddy@, ok dtucker@ OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a
2023-08-18upstream: defence-in-depth MaxAuthTries check in monitor; ok markusdjm@openbsd.org
OpenBSD-Commit-ID: 65a4225dc708e2dae71315adf93677edace46c21
2023-08-15upstream: add message number of SSH2_MSG_NEWCOMPRESS defined in RFC8308djm@openbsd.org
OpenBSD-Commit-ID: 6c984171c96ed67effd7b5092f3d3975d55d6028
2023-08-13Add obsd72 and obsd73 test targets.Darren Tucker
2023-08-11upstream: better debug logging of sessions' exit statusdjm@openbsd.org
OpenBSD-Commit-ID: 82237567fcd4098797cbdd17efa6ade08e1a36b0
2023-08-11upstream: drop a wayward comma, ok jmc@naddy@openbsd.org
OpenBSD-Commit-ID: 5c11fbb9592a29b37bbf36f66df50db9d38182c6
2023-08-10dependDamien Miller
2023-08-10update versions in RPM specsDamien Miller
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-06 03:39:35 +0000