| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok djm, man page help jmc@
|
| |
|
|
|
| |
or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
ok djm@
|
| |
|
|
|
|
| |
stuff like html will render with broken links;
issue reported by Eric S. Raymond, via djm
|
| | |
|
| |
|
|
| |
based on traffic volume or time. ok djm@, help & ok jmc@ for the man page.
|
| |
|
|
| |
ok dtucker@ markus@
|
| | |
|
| |
|
|
|
|
| |
drop at 10 connections up to 100 connections. This will make it harder
to DoS as CPUs have come a long way since the original value was set
back in 2000. Prompted by nion at debian org, ok markus@
|
| | |
|
| |
|
|
|
|
|
|
| |
represent lists of revoked keys and certificates, taking as little as
a single bit of incremental cost to revoke a certificate by serial number.
KRLs are loaded via the existing RevokedKeys sshd_config option.
feedback and ok markus@
|
| |
|
|
| |
ok and feedback djm@
|
| |
|
|
|
|
|
| |
that change the packet format and compute the MAC over the encrypted
message (including the packet size) instead of the plaintext data;
these EtM modes are considered more secure and used by default.
feedback and ok djm@
|
| | |
|
| |
|
|
|
| |
current "yes"/"no" to allow the server to specify whether just local or
remote TCP forwarding is enabled. ok markus@
|
| |
|
|
|
|
|
| |
option. This option lists one or more comma-separated lists of
authentication method names. Successful completion of all the methods in
any list is required for authentication to complete;
feedback and ok markus@
|
| |
|
|
| |
to explicitly specify a user. feedback and ok markus@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
authorized_keys from a command in addition to (or instead of) from
the filesystem. The command is run as the target server user unless
another specified via a new AuthorizedKeysCommandUser option.
patch originally by jchadima AT redhat.com, reworked by me; feedback
and ok markus@
|
| | |
|
| | |
|
| |
|
|
|
| |
from draft6 of the spec and will not be in the RFC when published. Patch
from mdb at juniper net via bz#2023, ok markus.
|
| | |
|
| |
|
|
|
| |
this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
ok djm@ (back in March)
|
| | |
|
| |
|
|
| |
to match. Feedback and ok djm@ markus@.
|
| | |
|
| |
|
|
| |
text to the SSH-... banner; ok deraadt@ "don't care" markus@
|
| |
|
|
| |
an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
|
| |
|
|
|
|
| |
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
feedback and ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces a new "UsePrivilegeSeparation=sandbox" option for
sshd_config that applies mandatory restrictions on the syscalls the
privsep child can perform. This prevents a compromised privsep child
from being used to attack other hosts (by opening sockets and proxying)
or probing local kernel attack surface.
The sandbox is implemented using systrace(4) in unsupervised "fast-path"
mode, where a list of permitted syscalls is supplied. Any syscall not
on the list results in SIGKILL being sent to the privsep child. Note
that this requires a kernel with the new SYSTR_POLICY_KILL option.
UsePrivilegeSeparation=sandbox will become the default in the future
so please start testing it now.
feedback dtucker@; ok markus@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in sshd_config so it will
be no longer used on fresh installs. Maybe in 2015 we can remove it
entierly :)
feedback and ok markus@ dtucker@
|
| |
|
|
|
| |
by jmc@ a while back
CVS ----------------------------------------------------------------------
|
| | |
|
| |
|
|
|
|
| |
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
|
| | |
|
| |
|
|
|
|
|
| |
selection of which key exchange methods are used by ssh(1) and sshd(8)
and their order of preference.
ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.
Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).
Certificate host and user keys using the new ECDSA key types are supported.
Note that this code has not been tested for interoperability and may be
subject to change.
feedback and ok markus@
|
| | |
|
| |
|
|
| |
ok markus@
|
| |
|
|
|
|
| |
AuthorizedKeysFile AuthorizedPrincipalsFile
HostbasedUsesNameFromPacketOnly PermitTunnel
bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in certificates. Currently, a certificate must include the a user's name
to be accepted for authentication. This change adds the ability to
specify a list of certificate principal names that are acceptable.
When authenticating using a CA trusted through ~/.ssh/authorized_keys,
this adds a new principals="name1[,name2,...]" key option.
For CAs listed through sshd_config's TrustedCAKeys option, a new config
option "AuthorizedPrincipalsFile" specifies a per-user file containing
the list of acceptable names.
If either option is absent, the current behaviour of requiring the
username to appear in principals continues to apply.
These options are useful for role accounts, disjoint account namespaces
and "user@realm"-style naming policies in certificates.
feedback and ok markus@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
are trusted to authenticate users (in addition than doing it per-user
in authorized_keys).
Add a RevokedKeys option to sshd_config and a @revoked marker to
known_hosts to allow keys to me revoked and banned for user or host
authentication.
feedback and ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSH certificate key types are not X.509 certificates, but a much
simpler format that encodes a public key, identity information and
some validity constraints and signs it with a CA key. CA keys are
regular SSH keys. This certificate style avoids the attack surface
of X.509 certificates and is very easy to deploy.
Certified host keys allow automatic acceptance of new host keys
when a CA certificate is marked as trusted in ~/.ssh/known_hosts.
see VERIFYING HOST KEYS in ssh(1) for details.
Certified user keys allow authentication of users when the signing
CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
FILE FORMAT" in sshd(8) for details.
Certificates are minted using ssh-keygen(1), documentation is in
the "CERTIFICATES" section of that manpage.
Documentation on the format of certificates is in the file
PROTOCOL.certkeys
feedback and ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures
that trafic such as DNS lookups stays withing the specified routingdomain.
For example (from reyk):
# route -T 2 exec /usr/sbin/sshd
or inherited from the parent process
$ route -T 2 exec sh
$ ssh 10.1.2.3
ok deraadt@ markus@ stevesk@ reyk@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
consistent with other options.
NOTE: if you currently use RDomain in the ssh client or server config,
or ssh/sshd -o, you must update to use RoutingDomain.
ok markus@ djm@
|
dtucker
markus
jmc
djm
naddy
stevesk