summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/sshconnect.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* oops, %r => remote username, not %udjm2010-04-161-2/+2
|
* revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with thedjm2010-04-161-4/+4
| | | | | | | | | | | | | | | | | | following changes: move the nonce field to the beginning of the certificate where it can better protect against chosen-prefix attacks on the signature hash Rename "constraints" field to "critical options" Add a new non-critical "extensions" field Add a serial number The older format is still support for authentication and cert generation (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) ok markus@
* expand %r => remote username in ssh_config:ProxyCommand;djm2010-04-141-3/+3
| | | | ok deraadt markus
* fix terminology: we didn't find a certificate in known_hosts, we founddjm2010-04-101-2/+2
| | | | a CA key
* Add a TrustedUserCAKeys option to sshd_config to specify CA keys thatdjm2010-03-041-2/+22
| | | | | | | | | | | are trusted to authenticate users (in addition than doing it per-user in authorized_keys). Add a RevokedKeys option to sshd_config and a @revoked marker to known_hosts to allow keys to me revoked and banned for user or host authentication. feedback and ok markus@
* Add support for certificate key types for users and hosts.djm2010-02-261-13/+65
| | | | | | | | | | | | | | | | | | | | | | | | OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
* Fix a couple of typos/mispellings in commentsdtucker2010-01-131-2/+2
|
* Remove RoutingDomain from ssh since it's now not needed. It can be replaceddtucker2010-01-091-3/+2
| | | | | | | | | | | | | with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
* Set close-on-exec on various descriptors so they don't get leaked todtucker2009-11-101-2/+6
| | | | child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
* Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.reyk2009-10-281-2/+3
| | | | ok markus@
* Keep track of number of bytes read and written. Needed for upcomingandreas2009-05-281-3/+5
| | | | | changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@
* Un-static ssh_exchange_identification(), part of a larger change fromandreas2009-05-271-2/+2
| | | | | Martin Forssen and needed for upcoming changes. ok markus@
* use #define ROQUIET here; no binary change. ok dtucker@stevesk2008-10-141-3/+3
|
* Send CR LF during protocol banner exchanges, but only for Protocol 2 only,dtucker2008-07-011-3/+3
| | | | in order to comply with RFC 4253. bz #1443, ok djm@
* Check ExitOnForwardFailure if forwardings are disabled due to a faileddtucker2008-07-011-2/+13
| | | | host key check. ok djm@
* Move SSH Fingerprint Visualization away from sharing the config optiongrunk2008-06-261-11/+7
| | | | | | | | | CheckHostIP to an own config option named VisualHostKey. While there, fix the behaviour that ssh would draw a random art picture on every newly seen host even when the option was not enabled. prodded by deraadt@, discussions, help and ok markus@ djm@ dtucker@
* tweak wording in message, ok deraadt@ jmc@ian2008-06-121-2/+2
|
* Make keepalive timeouts apply while waiting for a packet, particularly duringdtucker2008-06-121-18/+5
| | | | key renegotiation (bz #1363). With djm and Matt Day, ok djm@
* Make ssh print the random art also when ssh'ing to a host using IP only.grunk2008-06-121-2/+10
| | | | spotted by naddy@, ok and help djm@ dtucker@
* Do not pass "0" strings as ports to getaddrinfo because the lookupsdtucker2008-06-121-2/+2
| | | | | | | | | | | | | | | can slow things down and we never use the service info anyway. bz #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok deraadt@ djm@ djm belives that the reason for the "0" strings is to ensure that it's not possible to call getaddrinfo with both host and port being NULL. In the case of canohost.c host is a local array. In the case of sshconnect.c, it's checked for null immediately before use. In dns.c it ultimately comes from ssh.c:main() and is guaranteed to be non-null but it's not obvious, so I added a warning message in case it is ever passed a null.
* Introduce SSH Fingerprint ASCII Visualization, a technique inspired by thegrunk2008-06-111-7/+19
| | | | | | | | | | | | | | | | | | | | | | | graphical hash visualization schemes known as "random art", and by Dan Kaminsky's musings on the subject during a BlackOp talk at the 23C3 in Berlin. Scientific publication (original paper): "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf The algorithm used here is a worm crawling over a discrete plane, leaving a trace (augmenting the field) everywhere it goes. Movement is taken from dgst_raw 2bit-wise. Bumping into walls makes the respective movement vector be ignored for this turn, thus switching to the other color of the chessboard. Graphs are not unambiguous for now, because circles in graphs can be walked in either direction. discussions with several people, help, corrections and ok markus@ djm@
* Add a small helper function to consistently handle the EAI_SYSTEM errordtucker2007-12-271-4/+4
| | | | | code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@
* make ssh(1)'s ConnectTimeout option apply to both the TCP connection anddjm2007-09-041-21/+84
| | | | | | | | SSH banner exchange (previously it just covered the TCP connection). This allows callers of ssh(1) to better detect and deal with stuck servers that accept a TCP connection but don't progress the protocol, and also makes ConnectTimeout useful for connections via a ProxyCommand; feedback and "looks ok" markus@
* Execute ProxyCommands with $SHELL rather than /bin/sh unconditionallydjm2007-08-231-3/+6
|
* sleep before retrying (not after) since sleep changes errno; fixesmarkus2006-10-101-6/+5
| | | | pr 5250; rad@twig.com; ok dtucker djm
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-4/+3
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* Allow fallback to known_hosts entries without port qualifiers fordtucker2006-08-011-9/+25
| | | | | non-standard ports too, so that all existing known_hosts entries will be recognised. Requested by, feedback and ok markus@
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <sys/time.h> out of includes.hstevesk2006-07-251-1/+2
|
* disable tunnel forwarding when no strict host key checkingstevesk2006-07-241-2/+7
| | | | and key changed; ok djm@ markus@ dtucker@
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* move #include <unistd.h> out of includes.hstevesk2006-07-171-1/+2
|
* move #include <netdb.h> out of includes.h; ok djm@stevesk2006-07-121-1/+2
|
* move #include <errno.h> out of includes.h; ok markus@stevesk2006-07-111-1/+2
|
* Add port identifier to known_hosts for non-default ports, based originallydtucker2006-07-101-10/+15
| | | | | | | | | | on a patch from Devin Nate in bz#910. For any connection using the default port or using a HostKeyAlias the format is unchanged, otherwise the host name or address is enclosed within square brackets in the same format as sshd's ListenAddress. Tested by many, ok markus@.
* move #include <pwd.h> out of includes.h; ok markus@stevesk2006-07-061-1/+2
|
* move #include <netinet/in.h> out of includes.h; ok deraadt@stevesk2006-07-051-1/+4
|
* move #include "version.h" out of includes.h; ok markus@stevesk2006-07-031-1/+2
|
* limit the number of pre-banner characters we will accept; ok markus@djm2006-06-141-3/+5
|
* do not set the gid, noted by solar; ok djmmarkus2006-06-081-2/+2
|
* replace remaining setuid() calls with permanently_set_uid() andmarkus2006-06-061-3/+2
| | | | check seteuid() return values; report Marcus Meissner; ok dtucker djm
* fix leak; coverity via Kylene Jo Hallmarkus2006-05-171-1/+2
|
* simplify; ok djm@markus2006-04-201-20/+9
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* introduce xcalloc() and xasprintf() failure-checked allocations functionsdjm2006-03-251-12/+5
| | | | | | | | | | and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
* be strict with tolower() castingderaadt2006-03-201-1/+1
|
* RCSID() can diederaadt2006-03-191-1/+0
|
* move #include <ctype.h> out of includes.h; ok djm@stevesk2006-02-221-1/+2
|
* move #include <sys/stat.h> out of includes.h; ok markus@stevesk2006-02-201-1/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.