| Age | Commit message (Collapse) | Author |
|---|
|
OPEN during SSH transport rekeying. The most visible benefit is that it
should make ~-escapes work in the client (e.g. to exit) if the connection
happened to have stalled during a rekey event. Based work by and ok dtucker@
OpenBSD-Commit-ID: a66e8f254e92edd4ce09c9f750883ec8f1ea5f45
|
|
|
|
a fd directly into the transport input buffer.
Use this in the client and server mainloops to avoid unnecessary
copying. It also lets us use a more greedy read size without penalty.
Yields a 2-3% performance gain on cipher-speed.sh (in a fairly
unscientific test tbf)
feedback dtucker@ ok markus@
OpenBSD-Commit-ID: df4112125bf79d8e38e79a77113e1b373078e632
|
|
stderr_buf and setting quit_pending; no functional change but saves a bunch
of boilerplate
OpenBSD-Commit-ID: 0747657cad6b9eabd514a6732adad537568e232d
|
|
error bz3378; ok dtucker@
OpenBSD-Commit-ID: d5bf457d5d2eb927b81d0663f45248a31028265c
|
|
the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when
RSA/SHA1 was explicitly negotiated during initial KEX; bz3375
ok markus@
OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29
|
|
feedback & ok deraadt@ and markus@ has been in snaps for a few months
OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c
|
|
OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19
|
|
send session ID, hostkey, signature and a flag indicating whether the
agent connection is being forwarded to ssh agent each time a connection
is opened via a new "session-bind@openssh.com" agent extension.
ok markus@
OpenBSD-Commit-ID: 2f154844fe13167d3ab063f830d7455fcaa99135
|
|
OpenBSD-Commit-ID: 836268d3642c2cdc84d39b98d65837f5241e4a50
|
|
OpenBSD-Commit-ID: 47ca2286d6b52a9747f34da16d742879e1a37bf0
|
|
to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok
dtucker
OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
|
|
the config file to do the same thing as -n does on the ssh(1) commandline.
Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
|
|
client and server mainloops.
Previously the rekey timeout could expire but rekeying would not start
until a packet was sent or received. This could cause us to spin in
select() on the rekey timeout if the connection was quiet.
ok markus@
OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987
|
|
configuration file to offer equivalent control to the -N (no session) and -s
(subsystem) command-line flags.
Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
feedback and ok dtucker@
OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
|
|
these so this removes two diffs between the two.
OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56
|
|
when the update removed more host keys than remain present. Fix tested by
reporter James Cook, via bugs@
OpenBSD-Commit-ID: 44f641f6ee02bb957f0c1d150495b60cf7b869d3
|
|
ssh(1) needs to set file descriptors to non-blocking mode to operate
but it was not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell, e.g.
> $ cat > test.sh << _EOF
> #!/bin/sh
> {
> ssh -Fnone -oLogLevel=verbose ::1 hostname
> cat /usr/share/dict/words
> } | sleep 10
> _EOF
> $ ./test.sh
> Authenticated to ::1 ([::1]:22).
> Transferred: sent 2352, received 2928 bytes, in 0.1 seconds
> Bytes per second: sent 44338.9, received 55197.4
> cat: stdout: Resource temporarily unavailable
This restores the blocking status for fds 0,1,2 (stdio) before ssh(1)
abandons/closes them.
This was reported as bz3280 and GHPR246; ok dtucker@
OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce
|
|
on some platforms in -portable. ok djm@
OpenBSD-Commit-ID: 937c892c99aa3c9c272a8ed78fa7c2aba3a44fc9
|
|
OpenBSD-Commit-ID: 1ee95f03875e1725df15d5e4bea3e73493d57d36
|
|
confirmation failures in multiplexed sessions
OpenBSD-Commit-ID: 6e27b87c95176107597035424e1439c3232bcb49
|
|
|
|
dtucker@
OpenBSD-Commit-ID: 117b31cf3c807993077b596bd730c24da9e9b816
|
|
and use that instead of global variables containing copies of it. feedback/ok
markus@
OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
|
|
purpose-built ssh->compat variable instead; feedback/ok markus@
OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
|
|
Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
FILE* argument instead of opening the file directly.
Original load_hostkeys() and hostkeys_foreach() are implemented using
these new interfaces.
Add a u_int note field to the hostkey_entry and hostkey_foreach_line
structs that is passed directly from the load_hostkeys() and
hostkeys_foreach() call. This is a lightweight way to annotate results
between different invocations of load_hostkeys().
ok markus@
OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
|
|
exist under other names and addresses; spotted by and debugged with lots of
help from jca@
OpenBSD-Commit-ID: 5113d7f550bbd48243db1705afbf16b63792d4b7
|
|
__func__ and appending ssh_err(r) manually; ok markus@
OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
|
|
proceed if one of the keys offered by the server is already in known_hosts
under another name. This avoid collisions between address entries for
different host aliases when CheckHostIP=yes
Also, do not attempt to fix known_hosts with incomplete host/ip matches
when there are no new or deprecated hostkeys.
OpenBSD-Commit-ID: 95c19842f7c41f9bd9c92aa6441a278c0fd0c4a3
|
|
Stop UpdateHostkeys from automatically removing deprecated keys from
known_hosts files if the same keys exist under a different name or
address to the host that is being connected to.
This avoids UpdateHostkeys from making known_hosts inconsistent in
some cases. For example, multiple host aliases sharing address-based
known_hosts on different lines, or hosts that resolves to multiple
addresses.
ok markus@
OpenBSD-Commit-ID: 6444a705ba504c3c8ccddccd8d1b94aa33bd11c1
|
|
When preparing to update the known_hosts file, fully check both
entries for both the host and the address (if CheckHostIP enabled)
and ensure that, at the end of the operation, entries for both are
recorded.
Make sure this works with HashKnownHosts too, which requires maintaining
a list of entry-types seen across the whole file for each key.
ok markus@
OpenBSD-Commit-ID: 374dc263103f6b343d9671f87dbf81ffd0d6abdd
|
|
Disable UpdateHostkeys if the known_hosts line has more than two
entries in the pattern-list. ssh(1) only writes "host" or "host,ip"
lines so anything else was added by a different tool or by a human.
ok markus@
OpenBSD-Commit-ID: e434828191fb5f3877d4887c218682825aa59820
|
|
spotted by naddy@
OpenBSD-Commit-ID: 4b874edfec7fc324a21b130bdb42f912177739ce
|
|
key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less
plumbing.
ok markus@
OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
|
|
is encountered or when a certificate host key is in use. feedback/ok markus@
OpenBSD-Commit-ID: b6e5575af7e6732322be82ec299e09051a5413bd
|
|
to the sshbuf API. Patch from Sebastian Andrzej Siewior.
OpenBSD-Commit-ID: 250fa17f0cec01039cc4abd95917d9746e24c889
|
|
the server and ignore traffic from a port forwarding client, preventing a
client from keeping a connection alive when it should be terminated. Based
on a patch from jxraynor at gmail.com via openssh-unix-dev and bz#2265, ok
djm@
OpenBSD-Commit-ID: a941a575a5cbc244c0ef5d7abd0422bbf02c2dcd
|
|
because nothing sets in_non_blocking_mode any more. Patch from
michaael.meeks at collabora.com, ok djm@
OpenBSD-Commit-ID: c403cefe97a5a99eca816e19cc849cdf926bd09c
|
|
the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker
OpenBSD-Commit-ID: ef4b4808de0a419c17579b1081da768625c1d735
|
|
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
|
|
OpenBSD-Commit-ID: bc462cc843947feea26a2e21c750b3a7469ff01b
|
|
as suggested by markus@
OpenBSD-Commit-ID: 4ab9117ee5261cbbd1868717fcc3142eea6385cf
|
|
OpenBSD-Commit-ID: 37b252e2e6f690efed6682437ef75734dbc8addf
|
|
call sshpkt_fatal() if it fails; avoid potential busy-loop under some
circumstances. Based on patch by Mike Frysinger; ok dtucker@
OpenBSD-Commit-ID: c79fe5cf4f0cd8074cb6db257c1394d5139408ec
|
|
OpenBSD-Commit-ID: 10bbfb6607ebbb9a018dcd163f0964941adf58de
|
|
that the changes are validated by the existing trusted host key. Prompted by
espie@ feedback and ok markus@
OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5
|
|
key types - just ignore them. spotted by and ok dtucker@
OpenBSD-Commit-ID: 91769e443f6197c983932fc8ae9d39948727d473
|
|
files to debug() as it was intended to be; spotted by dtucker@
OpenBSD-Commit-ID: 18cfea382cb52f2da761be524e309cc3d5354ef9
|
|
known_hosts files are in use. When updating host keys, ssh will now search
subsequent known_hosts files, but will add new/changed host keys to the first
specified file only. bz#2738
ok markus@
OpenBSD-Commit-ID: 6ded6d878a03e57d5aa20bab9c31f92e929dbc6c
|
|
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.
OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
|
