| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in certificates. Currently, a certificate must include the a user's name
to be accepted for authentication. This change adds the ability to
specify a list of certificate principal names that are acceptable.
When authenticating using a CA trusted through ~/.ssh/authorized_keys,
this adds a new principals="name1[,name2,...]" key option.
For CAs listed through sshd_config's TrustedCAKeys option, a new config
option "AuthorizedPrincipalsFile" specifies a per-user file containing
the list of acceptable names.
If either option is absent, the current behaviour of requiring the
username to appear in principals continues to apply.
These options are useful for role accounts, disjoint account namespaces
and "user@realm"-style naming policies in certificates.
feedback and ok markus@
|
| |
|
|
|
|
|
|
|
|
|
| |
are trusted to authenticate users (in addition than doing it per-user
in authorized_keys).
Add a RevokedKeys option to sshd_config and a @revoked marker to
known_hosts to allow keys to me revoked and banned for user or host
authentication.
feedback and ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSH certificate key types are not X.509 certificates, but a much
simpler format that encodes a public key, identity information and
some validity constraints and signs it with a CA key. CA keys are
regular SSH keys. This certificate style avoids the attack surface
of X.509 certificates and is very easy to deploy.
Certified host keys allow automatic acceptance of new host keys
when a CA certificate is marked as trusted in ~/.ssh/known_hosts.
see VERIFYING HOST KEYS in ssh(1) for details.
Certified user keys allow authentication of users when the signing
CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
FILE FORMAT" in sshd(8) for details.
Certificates are minted using ssh-keygen(1), documentation is in
the "CERTIFICATES" section of that manpage.
Documentation on the format of certificates is in the file
PROTOCOL.certkeys
feedback and ok markus@
|
| |
|
|
| |
path by prepending the cwd in these cases; bz#1290; ok dtucker@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures
that trafic such as DNS lookups stays withing the specified routingdomain.
For example (from reyk):
# route -T 2 exec /usr/sbin/sshd
or inherited from the parent process
$ route -T 2 exec sh
$ ssh 10.1.2.3
ok deraadt@ markus@ stevesk@ reyk@
|
| |
|
|
| |
ok markus@
|
| |
|
|
|
|
|
|
|
|
|
| |
rather than 0, which it will now treat as valid (needed for future work)
adjust current consumers of a2port() to check its return value is <= 0,
which in turn required some things to be converted from u_short => int
make use of int vs. u_short consistent in some other places too
feedback & ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
method using the J-PAKE protocol described in F. Hao, P. Ryan,
"Password Authenticated Key Exchange by Juggling", 16th Workshop on
Security Protocols, Cambridge, April 2008.
This method allows password-based authentication without exposing
the password to the server. Instead, the client and server exchange
cryptographic proofs to demonstrate of knowledge of the password while
revealing nothing useful to an attacker or compromised endpoint.
This is experimental, work-in-progress code and is presently
compiled-time disabled (turn on -DJPAKE in Makefile.inc).
"just commit it. It isn't too intrusive." deraadt@
|
| |
|
|
|
|
| |
-T causes sshd to write its effective configuration to stdout and exit.
-C causes any relevant Match rules to be applied before output. The
combination allows tesing of the parser and config files. ok deraadt djm
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a sshd_config MaxSessions knob. This is useful for disabling
login/shell/subsystem access while leaving port-forwarding working
(MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
simply increasing the number of allows multiplexed sessions.
Because some bozos are sure to configure MaxSessions in excess of the
number of available file descriptors in sshd (which, at peak, might be
as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
on error paths, and make it fail gracefully on out-of-fd conditions -
sending channel errors instead of than exiting with fatal().
bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
ok markus@
|
| |
|
|
|
|
|
|
|
|
|
| |
context), to specify if agents should be permitted on the server.
As the man page states:
``Note that disabling Agent forwarding does not improve security
unless users are also denied shell access, as they can always install
their own forwarders.''
ok djm@, ok and a mild frown markus@
|
| |
|
|
|
| |
closefrom fds > 2 before shell/command execution
ok markus@
|
| |
|
|
|
| |
tweak internal sftp server to work with it (no special files in chroot
required). ok markus@
|
| |
|
|
|
|
| |
This allows configurations such as permitting password authentication from
the local net only while requiring pubkey from offsite. ok djm@, man page
bits ok jmc@
|
| |
|
|
| |
stevesk@, ok stevesk@.
|
| |
|
|
|
| |
ok djm, sort of ok stevesk
makes the pain stop in one easy step
|
| |
|
|
|
| |
keywords (ie the first match is the effective setting). This also makes it
easier to override a previously set PermitOpen. ok djm@
|
| |
|
|
|
| |
key option, man page entry and example in sshd_config. Feedback & ok djm@,
man page corrections & ok jmc@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
which works similarly to the "Host" directive in ssh_config.
Lines after a Match line override the default set in the main section
if the condition on the Match line is true, eg
AllowTcpForwarding yes
Match User anoncvs
AllowTcpForwarding no
will allow port forwarding by all users except "anoncvs".
Currently only a very small subset of directives are supported.
ok djm@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
| |
|
|
| |
ok deraadt@
|
| | |
|
| | |
|
| |
|
|
| |
client to the server; ok markus@
|
| | |
|
| |
|
|
| |
confusion; ok djm, dtucker; with help from jmc@
|
| | |
|
| |
|
|
| |
stripped down and tested by Jakob and myself.
|
| |
|
|
| |
fgsch@, miod@, henning@, jakob@ and others
|
| |
|
|
| |
test+ok henning@
|
| |
|
|
|
|
|
| |
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
|
| | |
|
| |
|
|
| |
work done by me and markus@
|
| |
|
|
|
| |
missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
files. ok markus@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
----------------------------------------------------------------------
|
| |
|
|
| |
and out of sync
|
| | |
|
| |
|
|
|
| |
- () -> (void)
- no variable names
|
| | |
|
djm
dtucker
reyk
pyr
deraadt
jakob
markus
stevesk
provos
dugsong
itojun