summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/sshconnect.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Free host on exit path. Patch from markus at blueflash.cc, ok djm@dtucker2019-05-031-1/+2
|
* dup stdout/in for proxycommand=-, otherwise stdout might bemarkus2019-02-271-3/+11
| | | | redirected to /dev/null; ok djm@
* Save connection timeout and restore for 2nd and subsequent attempts,dtucker2019-02-011-2/+3
| | | | preventing them from having no timeout. bz#2918, ok djm@
* Accept the host key fingerprint as a synonym for "yes" when acceptingdtucker2019-01-241-8/+11
| | | | | | an unknown host key. This allows you to paste a fingerprint obtained out of band into the yes/no prompt and have the client do the comparison for you. ok markus@ djm@
* convert sshconnect.c to new packet APIdjm2019-01-191-22/+1
| | | | with & ok markus@
* begin landing remaining refactoring of packet parsing API, starteddjm2019-01-191-1/+4
| | | | | | | | | | | almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@
* move client/server SSH-* banners to buffers under ssh->kex and factordjm2018-12-271-180/+8
| | | | | | | | | | | out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
* Fix inverted logic for redirecting ProxyCommand stderr to /dev/null.dtucker2018-11-181-3/+5
| | | | | Fixes mosh in proxycommand mode that was broken by the previous ProxyCommand change that was reported by matthieu@. ok djm@ danj@
* redirect stderr of ProxyCommands to /dev/null when ssh is started withdjm2018-11-161-5/+32
| | | | ControlPersist; based on patch from Steffen Prohaska
* struct sockaddr_storage is guaranteed to be large enough, no need to checkflorian2018-10-151-5/+1
| | | | | the size. OK kn, deraadt
* add CASignatureAlgorithms option for the client, allowing it to specifydjm2018-09-201-4/+13
| | | | | which signature algorithms may be used by CAs when signing certificates. Useful if you want to ban RSA/SHA1; ok markus@
* Now that ssh can't be setuid, remove the original_real_uid anddtucker2018-07-271-3/+1
| | | | | original_effective_uid globals and replace with calls to plain getuid(). ok djm@
* Fix typo in comment. From Alexandru Iacob via github.dtucker2018-07-191-2/+2
|
* Deprecate UsePrivilegedPort now that support for running ssh(1)dtucker2018-07-191-14/+10
| | | | | | | | | | | setuid has been removed, remove supporting code and clean up references to it in the man pages We have not shipped ssh(1) the setuid bit since 2002. If ayone really needs to make connections from a low port number this can be implemented via a small setuid ProxyCommand. ok markus@ jmc@ djm@
* Remove support for running ssh(1) setuid and fatal if attempted.dtucker2018-07-181-25/+3
| | | | | Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@
* remove legacy key emulation layer; ok djm@markus2018-07-111-6/+6
|
* client: switch to sshbuf API; ok djm@markus2018-07-091-3/+3
|
* lots of typos in comments/docs. Patch from Karsten Weiss after checkingdjm2018-04-101-2/+2
| | | | with codespell tool (https://github.com/lucasdemarchi/codespell)
* Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)markus2018-02-231-2/+3
| | | | | | | The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
* Add missing braces.dtucker2018-02-231-2/+3
| | | | Caught by the tinderbox's -Werror=misleading-indentation, ok djm@
* Add BindInterface ssh_config directive and -B command-line argumentdjm2018-02-231-21/+121
| | | | | | | | | | | to ssh(1) that directs it to bind its outgoing connection to the address of the specified network interface. BindInterface prefers to use addresses that aren't loopback or link- local, but will fall back to those if no other addresses of the required family are available on that interface. Based on patch by Mike Manning in bz#2820, ok dtucker@
* constify some private key-related functions; based ondjm2018-02-101-3/+3
| | | | https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault
* ssh_free checks for and handles NULL args, remove NULL checks from remainingdtucker2018-02-071-3/+2
| | | | callers. ok djm@
* Add missing braces; fixes 'write: Socket is not connected' error in ssh.stsp2018-01-231-2/+3
| | | | ok deraadt@
* Drop compatibility hacks for some ancient SSH implementations, includingdjm2018-01-231-4/+1
| | | | | | | | | | ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
* try harder to preserve errno during ssh_connect_direct() to make thedjm2018-01-231-5/+12
| | | | final error message possibly accurate; bz#2814, ok dtucker@
* don't accept junk after "yes" or "no" responses to hostkey prompts.djm2017-12-061-5/+6
| | | | bz#2803 reported by Maksim Derbasov; ok dtucker@
* Add monotime_ts and monotime_tv that return monotonic timespec anddtucker2017-11-251-2/+2
| | | | | | | timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@
* Revert commitid: gJtIN6rRTS3CHy9b.djm2017-09-141-43/+6
| | | | | | | | | | | | | ------------- identify the case where SSHFP records are missing but other DNS RR types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ ------------- This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results are missing but the user already has the key in known_hosts Spotted by dtucker@
* refactor channels.cdjm2017-09-121-16/+22
| | | | | | | | | | | | | | | | | | Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
* Expand ssh_config's StrictModes option with two new settings:djm2017-09-031-12/+18
| | | | | | | | | | | | | | | | | | | | | | | | StrictModes=accept-new will automatically accept hitherto-unseen keys but will refuse connections for changed or invalid hostkeys. StrictModes=off is the same as StrictModes=no Motivation: StrictModes=no combines two behaviours for host key processing: automatically learning new hostkeys and continuing to connect to hosts with invalid/changed hostkeys. The latter behaviour is quite dangerous since it removes most of the protections the SSH protocol is supposed to provide. Quite a few users want to automatically learn hostkeys however, so this makes that feature available with less danger. At some point in the future, StrictModes=no will change to be a synonym for accept-new, with its current behaviour remaining available via StrictModes=off. bz#2400, suggested by Michael Samuel; ok markus
* identify the case where SSHFP records are missing but other DNS RRdjm2017-09-011-6/+43
| | | | | types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
* remove post-SSHv1 removal dead code from rsa.c and merge thedjm2017-07-011-2/+1
| | | | remaining bit that it still used into ssh-rsa.c; ok markus
* switch sshconnect.c from (slightly abused) select() to poll();djm2017-06-241-91/+61
| | | | ok deraadt@ a while back
* use HostKeyAlias if specified instead of hostname for matching hostdjm2017-06-241-2/+4
| | | | certificate principal names; bz#2728; ok dtucker@
* switch sshconnect.c to modern APIs; ok djm@markus2017-05-301-12/+15
|
* switch from Key typedef with struct sshkey; ok djm@markus2017-05-301-11/+11
|
* remove unused variabledjm2017-05-011-3/+1
|
* remove KEY_RSA1djm2017-04-301-2/+1
| | | | ok markus@
* remove compat20/compat13/compat15 variablesdjm2017-04-301-23/+9
| | | | ok markus@
* remove options.protocol and client Protocol configuration knobdjm2017-04-301-39/+10
| | | | ok markus@
* unifdef WITH_SSH1djm2017-04-301-6/+1
| | | | ok markus@
* Plug descriptor leaks of auth_sock. From jjelen at redhat.com viadtucker2017-03-101-1/+3
| | | | bz#2687, ok djm@
* Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitionsderaadt2016-09-121-3/+2
| | | | | rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
* fd leaks; report Qualys Security Advisory team; ok deraadt@markus2016-01-141-1/+2
|
* remove roaming support; ok djm@markus2016-01-141-4/+3
|
* add cast to make -Werror cleandjm2015-11-201-2/+3
|
* ban ConnectionAttempts=0, it makes no sense and would causedjm2015-11-191-1/+3
| | | | | ssh_connect_direct() to print an uninitialised stack variable; bz#2500 reported by dvw AT phas.ubc.ca
* print host certificate contents at debug leveldjm2015-11-191-4/+28
|
* Add an AddKeysToAgent client option which can be set to 'yes', 'no',jcs2015-11-151-1/+29
| | | | | | | | | | 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.