summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/sshconnect2.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* allow ssh to use certificates accompanied by a private key file but nodjm2017-03-111-15/+52
| | | | | corresponding plain *.pub public key. bz#2617 based on patch from Adam Eijdenberg; ok dtucker@ markus@
* Make ssh_packet_set_rekey_limits take u32 for the number of secondsdtucker2017-02-031-3/+3
| | | | | | | | | | | | | until rekeying (negative values are rejected at config parse time). This allows the removal of some casts and a signed vs unsigned comparison warning. rekey_time is cast to int64 for the comparison which is a no-op on OpenBSD, but should also do the right thing in -portable on anything still using 32bit time_t (until the system time actually wraps, anyway). some early guidance deraadt@, ok djm@
* misplaced braces in test; from Karsten Weissdjm2017-01-301-2/+2
|
* don't dereference authctxt before testing != NULL, it causes compilersdjm2017-01-301-3/+3
| | | | to make assumptions; from Karsten Weiss
* Fix public key authentication when multiple authentication is in use.djm2016-12-041-3/+13
| | | | | | | | Instead of deleting and re-preparing the entire keys list, just reset the 'used' flags; the keys list is already in a good order (with already- tried keys at the back) Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
* restore pre-auth compression support in the client -- the previousdjm2016-09-281-2/+2
| | | | | | | | | | commit was intended to remove it from the server only. remove a few server-side pre-auth compression bits that escaped adjust wording of Compression directive in sshd_config(5) pointed out by naddy@ ok markus@
* Remove support for pre-authentication compression. Doing compressiondjm2016-09-281-2/+2
| | | | | | | | | | | | | | | | | early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
* If ssh receives a PACKET_DISCONNECT during userauth it will causedtucker2016-09-221-1/+3
| | | | | ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the session being authenticated. Check for this and exit if necessary. ok djm@
* Lower loglevel for "Authenticated with partial success" message similar todtucker2016-07-221-2/+2
| | | | other similar level. bz#2599, patch from cgallek at gmail.com, ok markus@
* support UTF-8 characters in ssh(1) banners using schwarze@'sdjm2016-07-171-13/+8
| | | | | | safe fmprintf printer; bz#2058 feedback schwarze@ ok dtucker@
* KNF compression proposal and simplify the client side a little. ok djm@dtucker2016-05-241-8/+4
|
* prefer agent-hosted keys to keys from PKCS#11; ok markusdjm2016-05-231-24/+24
|
* add support for additional fixed DH groups fromdjm2016-05-021-1/+4
| | | | | | | | | | | draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@
* fix signed/unsigned errors reported by clang-3.7; adddjm2016-05-021-3/+3
| | | | | | sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@
* fix commentdjm2016-04-281-3/+3
|
* unbreak authentication using lone certificate keys in ssh-agent:djm2016-03-141-6/+2
| | | | | | | | when attempting pubkey auth with a certificate, if no separate private key is found among the keys then try with the certificate key itself. bz#2550 reported by Peter Moody
* fix spurious error message when incorrect passphrase entered fordjm2016-02-231-3/+4
| | | | keys; reported by espie@ ok deraadt@
* avoid an uninitialised value when NumberOfPasswordPrompts is 0jsg2016-02-051-2/+2
| | | | ok markus@ djm@
* fd leaks; report Qualys Security Advisory team; ok deraadt@markus2016-01-141-1/+2
|
* remove roaming support; ok djm@markus2016-01-141-5/+1
|
* Remove NULL-checks before sshkey_free().mmcc2015-12-111-3/+2
| | | | ok djm@
* correct error messages; from Tomas Kuthan bz#2507djm2015-12-111-1/+2
|
* Pass (char *)NULL rather than (char *)0 to execl and execlp.mmcc2015-12-111-2/+2
| | | | ok dtucker@
* Remove NULL-checks before free().mmcc2015-12-101-3/+2
| | | | ok dtucker@
* implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)markus2015-12-041-37/+89
| | | | | based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
* clean up agent_fd handling; properly initialise it to -1 anddjm2015-12-041-6/+9
| | | | | | make tests consistent ok markus@
* Add an AddKeysToAgent client option which can be set to 'yes', 'no',jcs2015-11-151-15/+20
| | | | | | | | | | 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@
* apply PubkeyAcceptedKeyTypes filtering earlier, so all skippeddjm2015-10-131-8/+15
| | | | keys are noted before pubkey authentication starts. ok dtucker@
* add ssh_config CertificateFile option to explicitly listdjm2015-09-241-9/+52
| | | | a certificate; patch from Meghana Bhat on bz#2436; ok markus@
* Allow ssh_config and sshd_config kex parameters options be prefixeddjm2015-07-301-21/+12
| | | | | | | by a '+' to indicate that the specified items be appended to the default rather than replacing it. approach suggested by dtucker@, feedback dlg@, ok markus@
* Turn off DSA by default; add HostKeyAlgorithms to the server andmarkus2015-07-101-13/+26
| | | | | PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@
* Remove pattern length argument from match_pattern_list(),djm2015-05-041-3/+2
| | | | | | | | | | we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
* Add a ssh_config HostbasedKeyType option to control whichdjm2015-01-301-108/+198
| | | | | | | | | host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
* update to new API (key_fingerprint => sshkey_fingerprint)djm2015-01-281-3/+7
| | | | | check sshkey_fingerprint return values; ok markus
* kex_setup errors are fatal()markus2015-01-201-2/+4
|
* make this compile with KERBEROS5 enableddjm2015-01-201-8/+12
|
* adapt kex to sshbuf and struct ssh; ok djm@markus2015-01-191-6/+6
|
* move dispatch to struct ssh; ok djm@markus2015-01-191-23/+31
|
* update packet.c & isolate, introduce struct sshmarkus2015-01-191-5/+2
| | | | | | | | a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
* avoid trailing ',' in host key algorithmsdjm2015-01-181-2/+3
|
* fix regression reported by brad@ for passworded keys withoutdjm2015-01-151-3/+5
| | | | agent present
* move authfd.c and its tentacles to the new buffer/key API;djm2015-01-141-69/+102
| | | | ok markus@
* deprecate key_load_private_pem() and sshkey_load_private_pem()djm2015-01-081-1/+3
| | | | | | | | | | | | | | | interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@
* Add FingerprintHash option to control algorithm used for keydjm2014-12-211-3/+3
| | | | | | | fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* show in debug output which hostkeys are being tried when attemptingdjm2014-12-111-1/+5
| | | | hostbased auth; patch from Iain Morgan
* Add support for Unix domain socket forwarding. A remote TCP portmillert2014-07-151-2/+2
| | | | | | | | may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* New key API: refactor key-related functions to be more library-like,djm2014-06-241-4/+4
| | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
* fix inverted test that caused PKCS#11 keys that were explicitly listeddjm2014-06-051-2/+2
| | | | not to be preferred. Reported by Dirk-Willem van Gulik
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-1/+3
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connectionsdjm2014-04-181-1/+3
| | | | | | | | | | using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. reported by Aris Adamantiadis; ok markus@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.