| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok dtucker@
|
| |
|
|
|
| |
use that instead of global variables containing copies of it.
feedback/ok markus@
|
| |
|
|
| |
purpose-built ssh->compat variable instead; feedback/ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
FILE* argument instead of opening the file directly.
Original load_hostkeys() and hostkeys_foreach() are implemented using
these new interfaces.
Add a u_int note field to the hostkey_entry and hostkey_foreach_line
structs that is passed directly from the load_hostkeys() and
hostkeys_foreach() call. This is a lightweight way to annotate results
between different invocations of load_hostkeys().
ok markus@
|
| |
|
|
|
| |
other names and addresses; spotted by and debugged with lots of help
from jca@
|
| |
|
|
| |
appending ssh_err(r) manually; ok markus@
|
| |
|
|
|
|
|
|
|
| |
one of the keys offered by the server is already in known_hosts under
another name. This avoid collisions between address entries for
different host aliases when CheckHostIP=yes
Also, do not attempt to fix known_hosts with incomplete host/ip matches
when there are no new or deprecated hostkeys.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Stop UpdateHostkeys from automatically removing deprecated keys from
known_hosts files if the same keys exist under a different name or
address to the host that is being connected to.
This avoids UpdateHostkeys from making known_hosts inconsistent in
some cases. For example, multiple host aliases sharing address-based
known_hosts on different lines, or hosts that resolves to multiple
addresses.
ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When preparing to update the known_hosts file, fully check both
entries for both the host and the address (if CheckHostIP enabled)
and ensure that, at the end of the operation, entries for both are
recorded.
Make sure this works with HashKnownHosts too, which requires maintaining
a list of entry-types seen across the whole file for each key.
ok markus@
|
| |
|
|
|
|
|
|
| |
Disable UpdateHostkeys if the known_hosts line has more than two
entries in the pattern-list. ssh(1) only writes "host" or "host,ip"
lines so anything else was added by a different tool or by a human.
ok markus@
|
| |
|
|
| |
spotted by naddy@
|
| |
|
|
|
|
|
| |
(commitid VtF8vozGOF8DMKVg). We now do this a simpler way that
needs less plumbing.
ok markus@
|
| |
|
|
|
| |
encountered or when a certificate host key is in use.
feedback/ok markus@
|
| |
|
|
| |
Patch from Sebastian Andrzej Siewior.
|
| |
|
|
|
|
| |
and ignore traffic from a port forwarding client, preventing a client from
keeping a connection alive when it should be terminated. Based on a patch
from jxraynor at gmail.com via openssh-unix-dev and bz#2265, ok djm@
|
| |
|
|
|
| |
in_non_blocking_mode any more. Patch from michaael.meeks at collabora.com,
ok djm@
|
| |
|
|
| |
connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker
|
| |
|
|
|
|
|
|
| |
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
| | |
|
| |
|
|
| |
suggested by markus@
|
| | |
|
| |
|
|
|
| |
sshpkt_fatal() if it fails; avoid potential busy-loop under some
circumstances. Based on patch by Mike Frysinger; ok dtucker@
|
| | |
|
| |
|
|
|
| |
changes are validated by the existing trusted host key.
Prompted by espie@ feedback and ok markus@
|
| |
|
|
| |
just ignore them. spotted by and ok dtucker@
|
| |
|
|
| |
as it was intended to be; spotted by dtucker@
|
| |
|
|
|
|
|
|
| |
are in use. When updating host keys, ssh will now search subsequent
known_hosts files, but will add new/changed host keys to the first
specified file only. bz#2738
ok markus@
|
| |
|
|
|
|
| |
This wrapper blocks all other signals during the handler preventing
races between handlers, and sets SA_RESTART which should reduce the
potential for short read/write operations.
|
| |
|
|
|
|
|
|
| |
remove ifdef and distinct settings for OPENSSL=no case.
This will make things much simpler for -portable where the exact set
of algos depends on the configuration of both OpenSSH and the libcrypto
it's linked against (if any). ok djm@
|
| |
|
|
|
|
|
|
| |
$SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable
in addition to yes/no.
Patch by Eric Chiang, manpage by me; ok markus@
|
| |
|
|
|
|
|
|
|
| |
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(and options ControlMaster+RemoteForward in ssh_config(5)) then the codepath
taken will call mux_client_request_session -> mm_send_fd -> sendmsg(2). Since
sendmsg(2) is not allowed in that codepath then pledge(2) kills the process.
The solution is to add "sendfd" to pledge(2), which is not too bad considering
a little bit later we reduce pledge(2) to only "stdio proc tty" in that
codepath.
Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org>
OK deraadt@
|
| |
|
|
|
|
| |
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
| |
|
|
| |
github, ok djm@ deraadt@
|
| |
|
|
| |
ok dtucker
|
| |
|
|
| |
Markus Schmidt via openssh-unix-dev, ok markus@
|
| |
|
|
| |
function name and the error message
|
| |
|
|
| |
with & ok markus@
|
| |
|
|
| |
with & ok markus@
|
| |
|
|
|
|
|
|
|
|
|
| |
almost exactly six years ago.
This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.
with & ok markus@
|
| |
|
|
| |
X11 connections in untrusted mode indefinitely. ok dtucker@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
variables for the remote session (subject to the server accepting them)
refactor SendEnv to remove the arbitrary limit of variable names.
ok markus@
|
| |
|
|
| |
with codespell tool (https://github.com/lucasdemarchi/codespell)
|
| |
|
|
|
|
|
|
|
| |
The signal handlers from the original ssh1 code on which OpenSSH
is based assume unreliable signals and reinstall their handlers.
Since OpenBSD (and pretty much every current system) has reliable
signals this is not needed. In the unlikely even that -portable
is still being used on such systems we will deal with it in the
compat layer. ok deraadt@
|
| |
|
|
|
|
|
|
|
|
| |
ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
|
djm
dtucker
jsg
deraadt
mestre
jmc
markus