summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ensure that pkcs11_del_provider() is called before exit - some PKCS#11djm2021-04-031-1/+5
| | | | | | providers get upset if C_Initialize is not matched with C_Finalize. From Adithya Baglody via GHPR#234; ok markus
* warn when the user specifies a ForwardAgent path that does not existdjm2021-02-231-1/+7
| | | | and exit if ExitOnForwardFailure is set; bz3264
* ssh: add PermitRemoteOpen for remote dynamic forwarding with SOCKSmarkus2021-02-151-1/+42
| | | | ok djm@, dtucker@
* whitespacedjm2021-02-021-2/+1
|
* remove global variable used to stash compat flags and use thedjm2021-01-271-2/+2
| | | | purpose-built ssh->compat variable instead; feedback/ok markus@
* Rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) todtucker2021-01-261-3/+4
| | | | | | HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@
* Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms.dtucker2021-01-221-2/+3
| | | | | | | | While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
* plumb ssh_conn_info through to sshconnect.c; feedback/ok markus@djm2020-12-201-30/+5
|
* allow UserKnownHostsFile=none; feedback and ok markus@djm2020-12-201-12/+30
|
* refactor client percent_expand() argument passing; consolidate thedjm2020-12-171-65/+80
| | | | | common arguments into a single struct and pass that around instead of using a bunch of globals. ok markus@
* prepare readconf.c for fuzzing; remove fatal calls and fix somedjm2020-12-171-2/+3
| | | | (one-off) memory leaks; ok markus@
* Prevent integer overflow when ridiculously large ConnectTimeout isdtucker2020-11-121-2/+5
| | | | | specified, capping the effective value (for most platforms) at 24 days. bz#3229, ok djm@
* Replace WITH_OPENSSL ifdefs in log calls with a macro. The log callsdtucker2020-11-081-15/+3
| | | | | | are themselves now macros, and preprocessor directives inside macro arguments are undefined behaviour which some compilers (eg old GCCs) choke on. It also makes the code tidier. ok deraadt@
* use the new variant log macros instead of prepending __func__ anddjm2020-10-181-56/+50
| | | | appending ssh_err(r) manually; ok markus@
* LogVerbose keyword for ssh and sshddjm2020-10-161-1/+3
| | | | | | | Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@
* Zap unused family parameter from ssh_connect_direct()kn2020-10-121-2/+2
| | | | | | sshconnect.c r1.241 from 2013 made it unused; found while reading code. OK djm
* There are lots of place where we want to redirect stdin, stdoutdjm2020-10-031-40/+8
| | | | | | and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@
* close stdin when forking after authentication too; ok markusdjm2020-09-211-2/+3
|
* close stdout/stderr after "ssh -f ..." forkingdjm2020-09-201-6/+21
| | | | bz#3137, ok markus
* Also compare username when checking for JumpHost loops. bz#3057, ok djm@dtucker2020-07-311-6/+9
|
* Add a '%k' TOKEN that expands to the effective HostKey of thedtucker2020-07-171-1/+4
| | | | | | destination. This allows, eg, keeping host keys in individual files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@ (man page bits)
* Add %-TOKEN, environment variable and tilde expansion to UserKnownHostsFile,dtucker2020-07-171-1/+17
| | | | | allowing the file to be automagically split up in the configuration (eg bz#1654). ok djm@, man page parts jmc@
* some language improvements; ok markusdjm2020-07-051-6/+6
|
* Defer creation of ~/.ssh by ssh(1) until we attempt to write to it so wedtucker2020-06-261-12/+2
| | | | | | don't leave an empty .ssh directory when it's not needed. Use the same function to replace the code in ssh-keygen that does the same thing. bz#3156, ok djm@
* Correct historical comment: provos@ modified OpenSSH to work with SSLeaydtucker2020-06-051-2/+2
| | | | | (very quickly replaced by OpenSSL) not SSL in general. ok deraadt, historical context markus@
* Allow some keywords to expand shell-style ${ENV} environmentdtucker2020-05-291-7/+33
| | | | | | | | variables on the client side. The supported keywords are CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus LocalForward and RemoteForward when used for Unix domain socket paths. This would for example allow forwarding of Unix domain socket paths that change at runtime. bz#3140, ok djm@
* Add TOKEN percent expansion to LocalFoward and RemoteForward when useddtucker2020-04-101-50/+87
| | | | | | for Unix domain socket forwarding. Factor out the code for the config keywords that use the most common subset of TOKENS into its own function. bz#3014, ok jmc@ (man page bits) djm@
* r1.522 deleted one too many lines; repairdjm2020-04-031-1/+2
|
* fix debug statementdjm2020-04-031-2/+2
|
* the tunnel-forwarding vs ExitOnForwardFailure fix that I committeddjm2020-04-031-3/+14
| | | | | earlier had an off-by-one. Fix this and add some debugging that would have made it apparent sooner.
* make failures when establishing "Tunnel" forwarding terminate thedjm2020-04-031-23/+39
| | | | connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker
* Make with config keywords support which percent_expansions more consistent.dtucker2020-04-031-67/+53
| | | | | | | | | | | - %C is moved into its own function and added to Match Exec. - move the common (global) options into a macro. This is ugly but it's the least-ugly way I could come up with. - move IdentityAgent and ForwardAgent percent expansion to before the config dump to make it regression-testable. - document all of the above ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest.
* initialize cname in case ai_canonname is NULL or too long; ok djmmarkus2020-03-061-2/+3
|
* Detect and prevent simple configuration loops when using ProxyJump.dtucker2020-02-181-1/+9
| | | | bz#3057, ok djm@
* Add ssh -Q key-sig for all key and signature types. Teach ssh -Q to acceptdtucker2020-02-071-5/+14
| | | | | ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the corresponding query. Man page help jmc@, ok djm@.
* Replace "security key" with "authenticator" in program messages.naddy2020-02-061-2/+2
| | | | | | | This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@
* disable UpdateHostKeys=ask when in quiet mode;djm2020-01-281-1/+4
| | | | "work for me" matthieu@
* disable UpdateHostKeys=ask if command is specified; ok djm@ sthen@markus2020-01-271-6/+13
|
* allow UpdateKnownHosts=yes to function when multiple known_hosts filesdjm2020-01-251-2/+2
| | | | | | | | are in use. When updating host keys, ssh will now search subsequent known_hosts files, but will add new/changed host keys to the first specified file only. bz#2738 ok markus@
* expose PKCS#11 key labels/X.509 subjects as commentsdjm2020-01-251-5/+7
| | | | | | | | | | | Extract the key label or X.509 subject string when PKCS#11 keys are retrieved from the token and plumb this through to places where it may be used as a comment. based on https://github.com/openssh/openssh-portable/pull/138 by Danielle Church feedback and ok markus@
* Make zlib optional. This adds a "ZLIB" build time option that allowsdtucker2020-01-231-4/+15
| | | | | building without zlib compression and associated options. With feedback from markus@, ok djm@
* Replace all calls to signal(2) with a wrapper around sigaction(2).dtucker2020-01-231-3/+3
| | | | | | This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
* fix CanonicalizeHostname, broken by rev 1.507beck2020-01-051-2/+2
| | | | | Issue noticed and reported by Pierre-Olivier Martel <pom@apple.com> ok dtucker@ markus@ djm@
* Allow forwarding a different agent socket to the path specified bydjm2019-12-211-1/+33
| | | | | | | | $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. Patch by Eric Chiang, manpage by me; ok markus@
* additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@naddy2019-11-181-1/+2
|
* ssh client support for U2F/FIDO keysdjm2019-10-311-1/+17
|
* allow %n to be expanded in ProxyCommand stringsdjm2019-09-131-2/+2
| | | | | From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@
* Allow prepending a list of algorithms to the default set by startingnaddy2019-09-061-2/+2
| | | | | | | | | the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-10/+10
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* slightly more instructive error message when the user specifies multipledjm2019-06-141-3/+6
| | | | -J options on the commandline. bz3015 ok dtucker@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.