summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/sshconnect2.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.orgdjm2019-01-211-1/+2
| | | | | | | | | using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@
* GSSAPI code got missed when converting to new packet APIdjm2019-01-211-4/+4
|
* convert the remainder of sshconnect2.c to new packet APIdjm2019-01-191-49/+46
| | | | with & ok markus@
* convert sshconnect2.c to new packet APIdjm2019-01-191-13/+16
| | | | with & ok markus@
* begin landing remaining refactoring of packet parsing API, starteddjm2019-01-191-1/+4
| | | | | | | | | | | almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@
* eliminate function-static attempt counters for passwd/kbdintdjm2019-01-041-8/+10
| | | | | authmethods by moving them to the client authctxt; Patch from Markus Schmidt, ok markus@
* move client/server SSH-* banners to buffers under ssh->kex and factordjm2018-12-271-26/+23
| | | | | | | | | | | out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
* don't truncate user or host name in "user@host's password: " prompts.djm2018-11-281-6/+5
| | | | requested by Marcel Logen; ok dtucker@
* fix bug in client that was keeping a redundant ssh-agent socket arounddjm2018-11-161-3/+5
| | | | | for the life of the connection; bz#2912; reported by Simon Tatham; ok dtucker@
* don't send new-style rsa-sha2-*-cert-v01@openssh.com names to olderdjm2018-10-111-2/+3
| | | | OpenSSH that can't handle them. spotted by Adam Eijdenberg; ok dtucker
* second try, deals properly with missing and private-only keys:djm2018-09-141-26/+53
| | | | | | | | | Use consistent format in debug log for keys readied, offered and received during public key authentication. This makes it a little easier to see what is going on, as each message now contains (where available) the key filename, its type and fingerprint, and whether the key is hosted in an agent or a token.
* revert following; deals badly with agent keysdjm2018-09-141-47/+26
| | | | | | | | | | | revision 1.285 date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK; Use consistent format in debug log for keys readied, offered and received during public key authentication. This makes it a little easier to see what is going on, as each message now contains the key filename, its type and fingerprint, and whether the key is hosted in an agent or a token.
* Use consistent format in debug log for keys readied, offered anddjm2018-09-141-26/+47
| | | | | | | | received during public key authentication. This makes it a little easier to see what is going on, as each message now contains the key filename, its type and fingerprint, and whether the key is hosted in an agent or a token.
* revert compat.[ch] section of the following change. It causesdjm2018-08-131-8/+7
| | | | | | | | | | double-free under some circumstances. -- date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh; fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 feedback and ok dtucker@
* fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366djm2018-07-311-7/+8
| | | | feedback and ok dtucker@
* Remove support for running ssh(1) setuid and fatal if attempted.dtucker2018-07-181-2/+1
| | | | | Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@
* Remove support for loading HostBasedAuthentication keys directly indtucker2018-07-161-7/+3
| | | | | ssh(1) and always use ssh-keysign. This removes one of the few remaining reasons why ssh(1) might be setuid. ok markus@
* treat ssh_packet_write_wait() errors as fatal; ok djm@markus2018-07-111-3/+3
|
* remove legacy key emulation layer; ok djm@markus2018-07-111-6/+6
|
* client: switch to sshbuf API; ok djm@markus2018-07-091-212/+277
|
* Revert previous two commitssf2018-07-091-2/+2
| | | | | | | | | | | | | | | | | | | | It turns out we still support pre-auth compression on the client. Therefore revert the previous two commits: date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; Rename COMP_DELAYED to COMP_ZLIB Only delayed compression is supported nowadays. ok markus@ date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@
* Remove leftovers from pre-authentication compressionsf2018-07-061-2/+2
| | | | | | | Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@
* repair PubkeyAcceptedKeyTypes (and friends) after RSA signature work -djm2018-07-041-4/+6
| | | | | | | | | | | | | returns ability to add/remove/specify algorithms by wildcard. Algorithm lists are now fully expanded when the server/client configs are finalised, so errors are reported early and the config dumps (e.g. "ssh -G ...") now list the actual algorithms selected. Clarify that, while wildcards are accepted in algorithm lists, they aren't full pattern-lists that support negation. (lots of) feedback, ok markus@
* some finesse to fix RSA-SHA2 certificate authentication for certsdjm2018-07-031-3/+6
| | | | hosted in ssh-agent
* check correct variable; unbreak agent keysdjm2018-07-031-2/+2
|
* Improve strictness and control over RSA-SHA2 signature types:djm2018-07-031-129/+216
| | | | | | | | | | | | | | | | | | | | | In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@
* whitespacedjm2018-06-261-2/+2
|
* fix bogus warning when signing cert keys using agent; from djm; ok deraadt dtuckermarkus2018-03-241-1/+3
|
* warn when the agent returns a signature type that was different todjm2018-03-031-7/+34
| | | | | | what was requested. This might happen when an old/non-OpenSSH agent is asked to make a rsa-sha2-256/512 signature but only supports ssh-rsa. bz#2799 feedback and ok markus@
* ssh_free checks for and handles NULL args, remove NULL checks from remainingdtucker2018-02-071-3/+2
| | | | callers. ok djm@
* Drop compatibility hacks for some ancient SSH implementations, includingdjm2018-01-231-45/+10
| | | | | | | | | | ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
* Increase the buffer sizes for user prompts to ensure that they won't bedtucker2017-08-271-3/+3
| | | | | truncated by snprintf. Based on patch from cjwatson at debian.org via bz#2768, ok djm@
* refuse to a private keys when its corresponding .pub key does notdjm2017-08-111-1/+6
| | | | match. bz#2737 ok dtucker@
* Add user@host prefix to client's "Permisison denied" messages, useful indtucker2017-06-141-2/+3
| | | | | particular when using "stacked" connections where it's not clear which host is denying. bz#2720, ok djm@ markus@
* remove now obsolete ctx from ssh_dispatch_run; ok djm@markus2017-05-311-3/+3
|
* another ctx => ssh conversion (in GSSAPI code)djm2017-05-311-5/+4
|
* protocol handlers all get struct ssh passed; ok djm@markus2017-05-301-41/+31
|
* ssh: pass struct ssh to auth functions, too; ok djm@markus2017-05-301-15/+27
|
* switch from Key typedef with struct sshkey; ok djm@markus2017-05-301-7/+7
|
* more simplification and removal of SSHv1-related code; ok djm@naddy2017-05-051-2/+2
|
* remove KEY_RSA1djm2017-04-301-5/+2
| | | | ok markus@
* include key fingerprint in "Offering public key" debug messagedjm2017-04-281-3/+12
|
* allow ssh to use certificates accompanied by a private key file but nodjm2017-03-111-15/+52
| | | | | corresponding plain *.pub public key. bz#2617 based on patch from Adam Eijdenberg; ok dtucker@ markus@
* Make ssh_packet_set_rekey_limits take u32 for the number of secondsdtucker2017-02-031-3/+3
| | | | | | | | | | | | | until rekeying (negative values are rejected at config parse time). This allows the removal of some casts and a signed vs unsigned comparison warning. rekey_time is cast to int64 for the comparison which is a no-op on OpenBSD, but should also do the right thing in -portable on anything still using 32bit time_t (until the system time actually wraps, anyway). some early guidance deraadt@, ok djm@
* misplaced braces in test; from Karsten Weissdjm2017-01-301-2/+2
|
* don't dereference authctxt before testing != NULL, it causes compilersdjm2017-01-301-3/+3
| | | | to make assumptions; from Karsten Weiss
* Fix public key authentication when multiple authentication is in use.djm2016-12-041-3/+13
| | | | | | | | Instead of deleting and re-preparing the entire keys list, just reset the 'used' flags; the keys list is already in a good order (with already- tried keys at the back) Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
* restore pre-auth compression support in the client -- the previousdjm2016-09-281-2/+2
| | | | | | | | | | commit was intended to remove it from the server only. remove a few server-side pre-auth compression bits that escaped adjust wording of Compression directive in sshd_config(5) pointed out by naddy@ ok markus@
* Remove support for pre-authentication compression. Doing compressiondjm2016-09-281-2/+2
| | | | | | | | | | | | | | | | | early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
* If ssh receives a PACKET_DISCONNECT during userauth it will causedtucker2016-09-221-1/+3
| | | | | ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the session being authenticated. Check for this and exit if necessary. ok djm@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.