summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/sshconnect.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* add a ssh_config KnownHostsCommand that allows the client to obtaindjm2020-12-221-1/+5
| | | | | | | | | | | known_hosts data from a command in addition to the usual files. The command accepts bunch of %-expansions, including details of the connection and the offered server host key. Note that the command may be invoked up to three times per connection (see the manpage for details). ok markus@
* plumb ssh_conn_info through to sshconnect.c; feedback/ok markus@djm2020-12-201-4/+23
|
* refactor client percent_expand() argument passing; consolidate thedjm2020-12-171-1/+15
| | | | | common arguments into a single struct and pass that around instead of using a bunch of globals. ok markus@
* Zap unused family parameter from ssh_connect_direct()kn2020-10-121-2/+2
| | | | | | sshconnect.c r1.241 from 2013 made it unused; found while reading code. OK djm
* revert kex->flags cert hostkey downgrade back to a plain keydjm2020-10-071-2/+2
| | | | | | | (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@
* record when the host key checking code downgrades a certificate hostdjm2020-10-031-2/+2
| | | | | | key to a plain key. This occurs when the user connects to a host with a certificate host key but no corresponding CA key configured in known_hosts; feedback and ok markus@
* when AddKeysToAgent=yes is set and the key contains no comment,djm2020-01-251-2/+3
| | | | | add the key to the agent with the key's path as the comment. bz2564
* allow %n to be expanded in ProxyCommand stringsdjm2019-09-131-3/+4
| | | | | From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@
* Add protection for private keys at rest in RAM against speculationdjm2019-06-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@
* convert sshconnect.c to new packet APIdjm2019-01-191-2/+1
| | | | with & ok markus@
* move client/server SSH-* banners to buffers under ssh->kex and factordjm2018-12-271-9/+6
| | | | | | | | | | | out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
* Deprecate UsePrivilegedPort now that support for running ssh(1)dtucker2018-07-191-2/+2
| | | | | | | | | | | setuid has been removed, remove supporting code and clean up references to it in the man pages We have not shipped ssh(1) the setuid bit since 2002. If ayone really needs to make connections from a low port number this can be implemented via a small setuid ProxyCommand. ok markus@ jmc@ djm@
* Remove support for running ssh(1) setuid and fatal if attempted.dtucker2018-07-181-20/+1
| | | | | Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@
* Remove support for loading HostBasedAuthentication keys directly indtucker2018-07-161-2/+1
| | | | | ssh(1) and always use ssh-keysign. This removes one of the few remaining reasons why ssh(1) might be setuid. ok markus@
* constify some private key-related functions; based ondjm2018-02-101-2/+2
| | | | https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault
* refactor channels.cdjm2017-09-121-3/+5
| | | | | | | | | | | | | | | | | | Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
* switch from Key typedef with struct sshkey; ok djm@markus2017-05-301-6/+6
|
* Add an AddKeysToAgent client option which can be set to 'yes', 'no',jcs2015-11-151-1/+3
| | | | | | | | | | 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@
* Implement client-side hostname canonicalisation to allow an explicitdjm2013-10-161-4/+4
| | | | | | | | | | search path of domain suffixes to use to convert unqualified host names to fully-qualified ones for host key matching. This is particularly useful for host certificates, which would otherwise need to list unqualified names alongside fully-qualified ones (and this causes a number of problems). "looks fine" markus@
* automatically order the hostkeys requested by the client based ondjm2010-11-291-4/+7
| | | | | | which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys that are preferred by default; with markus@
* kill proxy command on fatal() (we already kill it on clean exit);djm2010-10-061-1/+2
| | | | ok markus@
* Un-static ssh_exchange_identification(), part of a larger change fromandreas2009-05-271-1/+3
| | | | | Martin Forssen and needed for upcoming changes. ok markus@
* make ssh(1)'s ConnectTimeout option apply to both the TCP connection anddjm2007-09-041-3/+3
| | | | | | | | SSH banner exchange (previously it just covered the TCP connection). This allows callers of ssh(1) to better detect and deal with stuck servers that accept a TCP connection but don't progress the protocol, and also makes ConnectTimeout useful for connections via a ProxyCommand; feedback and "looks ok" markus@
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-10/+1
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <sys/socket.h> out of includes.hstevesk2006-07-081-1/+2
|
* move #include <pwd.h> out of includes.h; ok markus@stevesk2006-07-061-1/+5
|
* replace remaining setuid() calls with permanently_set_uid() andmarkus2006-06-061-9/+13
| | | | check seteuid() return values; report Marcus Meissner; ok dtucker djm
* standardise spacing in $OpenBSD$ tags; requested by deraadt@djm2006-03-251-1/+1
|
* Add support for tun(4) forwarding over OpenSSH, based on an idea andreyk2005-12-061-2/+2
| | | | | | | | | | | | initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
* KNF done automatically while reading....deraadt2002-06-191-12/+12
|
* no longer use uidswap.[ch] from the ssh clientmarkus2002-06-111-2/+18
| | | | | | run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@
* use tab not spaces (|unexpand)markus2002-06-091-4/+4
|
* add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authenticationmarkus2002-05-231-4/+11
| | | | in protocol v2 (needs to access the hostkeys).
* some more IPv4or6 cleanupmarkus2001-10-081-2/+2
|
* remove comments from .h, since they are cut&paste from the .c filesmarkus2001-06-261-7/+7
| | | | and out of sync
* prototype pedant. not very creative...itojun2001-06-261-17/+10
| | | | | - () -> (void) - no variable names
* get rid of known_hosts2, use it for hostkey lookup, but do not modify.markus2001-06-231-4/+2
|
* implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)markus2001-04-121-27/+11
| | | | | similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
* do gid/groups-swap in addition to uid-swap, should help if /home/groupmarkus2001-04-061-3/+3
| | | | | is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
* simpler key load/save interface, see authfile.hmarkus2001-03-261-3/+3
|
* genericize password padding function for SSH1 and SSH2.markus2001-02-151-1/+3
| | | | add stylized echo to 2, too.
* $OpenBSD$niklas2001-01-291-0/+2
|
* split ssh.h and try to cleanup the #include mess. remove unnecessary #includes.markus2001-01-211-0/+28
| | | | rename util.[ch] -> misc.[ch]
* indentderaadt2001-01-161-1/+1
|
* cleanup copyright notices on all files. I have attempted to be accurate withderaadt2000-09-071-0/+23
| | | | | | | the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
* split auth/sshconnect in one file per protocol versionmarkus2000-04-261-0/+16
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.