summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/sshconnect2.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* check correct variable; unbreak agent keysdjm2018-07-031-2/+2
|
* Improve strictness and control over RSA-SHA2 signature types:djm2018-07-031-129/+216
| | | | | | | | | | | | | | | | | | | | | In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@
* whitespacedjm2018-06-261-2/+2
|
* fix bogus warning when signing cert keys using agent; from djm; ok deraadt dtuckermarkus2018-03-241-1/+3
|
* warn when the agent returns a signature type that was different todjm2018-03-031-7/+34
| | | | | | what was requested. This might happen when an old/non-OpenSSH agent is asked to make a rsa-sha2-256/512 signature but only supports ssh-rsa. bz#2799 feedback and ok markus@
* ssh_free checks for and handles NULL args, remove NULL checks from remainingdtucker2018-02-071-3/+2
| | | | callers. ok djm@
* Drop compatibility hacks for some ancient SSH implementations, includingdjm2018-01-231-45/+10
| | | | | | | | | | ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
* Increase the buffer sizes for user prompts to ensure that they won't bedtucker2017-08-271-3/+3
| | | | | truncated by snprintf. Based on patch from cjwatson at debian.org via bz#2768, ok djm@
* refuse to a private keys when its corresponding .pub key does notdjm2017-08-111-1/+6
| | | | match. bz#2737 ok dtucker@
* Add user@host prefix to client's "Permisison denied" messages, useful indtucker2017-06-141-2/+3
| | | | | particular when using "stacked" connections where it's not clear which host is denying. bz#2720, ok djm@ markus@
* remove now obsolete ctx from ssh_dispatch_run; ok djm@markus2017-05-311-3/+3
|
* another ctx => ssh conversion (in GSSAPI code)djm2017-05-311-5/+4
|
* protocol handlers all get struct ssh passed; ok djm@markus2017-05-301-41/+31
|
* ssh: pass struct ssh to auth functions, too; ok djm@markus2017-05-301-15/+27
|
* switch from Key typedef with struct sshkey; ok djm@markus2017-05-301-7/+7
|
* more simplification and removal of SSHv1-related code; ok djm@naddy2017-05-051-2/+2
|
* remove KEY_RSA1djm2017-04-301-5/+2
| | | | ok markus@
* include key fingerprint in "Offering public key" debug messagedjm2017-04-281-3/+12
|
* allow ssh to use certificates accompanied by a private key file but nodjm2017-03-111-15/+52
| | | | | corresponding plain *.pub public key. bz#2617 based on patch from Adam Eijdenberg; ok dtucker@ markus@
* Make ssh_packet_set_rekey_limits take u32 for the number of secondsdtucker2017-02-031-3/+3
| | | | | | | | | | | | | until rekeying (negative values are rejected at config parse time). This allows the removal of some casts and a signed vs unsigned comparison warning. rekey_time is cast to int64 for the comparison which is a no-op on OpenBSD, but should also do the right thing in -portable on anything still using 32bit time_t (until the system time actually wraps, anyway). some early guidance deraadt@, ok djm@
* misplaced braces in test; from Karsten Weissdjm2017-01-301-2/+2
|
* don't dereference authctxt before testing != NULL, it causes compilersdjm2017-01-301-3/+3
| | | | to make assumptions; from Karsten Weiss
* Fix public key authentication when multiple authentication is in use.djm2016-12-041-3/+13
| | | | | | | | Instead of deleting and re-preparing the entire keys list, just reset the 'used' flags; the keys list is already in a good order (with already- tried keys at the back) Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
* restore pre-auth compression support in the client -- the previousdjm2016-09-281-2/+2
| | | | | | | | | | commit was intended to remove it from the server only. remove a few server-side pre-auth compression bits that escaped adjust wording of Compression directive in sshd_config(5) pointed out by naddy@ ok markus@
* Remove support for pre-authentication compression. Doing compressiondjm2016-09-281-2/+2
| | | | | | | | | | | | | | | | | early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
* If ssh receives a PACKET_DISCONNECT during userauth it will causedtucker2016-09-221-1/+3
| | | | | ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the session being authenticated. Check for this and exit if necessary. ok djm@
* Lower loglevel for "Authenticated with partial success" message similar todtucker2016-07-221-2/+2
| | | | other similar level. bz#2599, patch from cgallek at gmail.com, ok markus@
* support UTF-8 characters in ssh(1) banners using schwarze@'sdjm2016-07-171-13/+8
| | | | | | safe fmprintf printer; bz#2058 feedback schwarze@ ok dtucker@
* KNF compression proposal and simplify the client side a little. ok djm@dtucker2016-05-241-8/+4
|
* prefer agent-hosted keys to keys from PKCS#11; ok markusdjm2016-05-231-24/+24
|
* add support for additional fixed DH groups fromdjm2016-05-021-1/+4
| | | | | | | | | | | draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@
* fix signed/unsigned errors reported by clang-3.7; adddjm2016-05-021-3/+3
| | | | | | sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@
* fix commentdjm2016-04-281-3/+3
|
* unbreak authentication using lone certificate keys in ssh-agent:djm2016-03-141-6/+2
| | | | | | | | when attempting pubkey auth with a certificate, if no separate private key is found among the keys then try with the certificate key itself. bz#2550 reported by Peter Moody
* fix spurious error message when incorrect passphrase entered fordjm2016-02-231-3/+4
| | | | keys; reported by espie@ ok deraadt@
* avoid an uninitialised value when NumberOfPasswordPrompts is 0jsg2016-02-051-2/+2
| | | | ok markus@ djm@
* fd leaks; report Qualys Security Advisory team; ok deraadt@markus2016-01-141-1/+2
|
* remove roaming support; ok djm@markus2016-01-141-5/+1
|
* Remove NULL-checks before sshkey_free().mmcc2015-12-111-3/+2
| | | | ok djm@
* correct error messages; from Tomas Kuthan bz#2507djm2015-12-111-1/+2
|
* Pass (char *)NULL rather than (char *)0 to execl and execlp.mmcc2015-12-111-2/+2
| | | | ok dtucker@
* Remove NULL-checks before free().mmcc2015-12-101-3/+2
| | | | ok dtucker@
* implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)markus2015-12-041-37/+89
| | | | | based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
* clean up agent_fd handling; properly initialise it to -1 anddjm2015-12-041-6/+9
| | | | | | make tests consistent ok markus@
* Add an AddKeysToAgent client option which can be set to 'yes', 'no',jcs2015-11-151-15/+20
| | | | | | | | | | 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@
* apply PubkeyAcceptedKeyTypes filtering earlier, so all skippeddjm2015-10-131-8/+15
| | | | keys are noted before pubkey authentication starts. ok dtucker@
* add ssh_config CertificateFile option to explicitly listdjm2015-09-241-9/+52
| | | | a certificate; patch from Meghana Bhat on bz#2436; ok markus@
* Allow ssh_config and sshd_config kex parameters options be prefixeddjm2015-07-301-21/+12
| | | | | | | by a '+' to indicate that the specified items be appended to the default rather than replacing it. approach suggested by dtucker@, feedback dlg@, ok markus@
* Turn off DSA by default; add HostKeyAlgorithms to the server andmarkus2015-07-101-13/+26
| | | | | PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@
* Remove pattern length argument from match_pattern_list(),djm2015-05-041-3/+2
| | | | | | | | | | we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.