summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* fix minor memleak of kex->hostkey_alg on rekexdjm2020-12-041-1/+2
|
* typos: s/hex/kex/ in error messagesdjm2020-12-041-3/+3
|
* make program name be constdjm2020-12-042-5/+6
|
* Ignore comments at the end of config lines in ssh_config, similar to whatdtucker2020-11-301-2/+9
| | | | we already do for sshd_config. bz#2320, with & ok djm@
* Include cipher.h for declaration of cipher_by_name.dtucker2020-11-281-1/+2
|
* check result of strchr() against NULL rather than searched-fordjm2020-11-281-2/+2
| | | | characters; from zhongjubin@huawei.com
* Document ssh-keygen -Z, sanity check its argument earlier and providedtucker2020-11-272-5/+17
| | | | | a better error message if it's not correct. Prompted by bz#2879, ok djm@ jmc@
* Set the specified TOS/DSCP for interactive use prior to TCP connect.djm2020-11-274-30/+57
| | | | | | | | | The connection phase of the SSH session is time-sensitive (due to server side login grace periods) and is frequently interactive (e.g. entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after authentication completes. ok dtucker@
* clean up passing of struct passwd from monitor to preauth privsepdjm2020-11-272-14/+30
| | | | | | | process. No longer copy entire struct w/ pointer addresses, but pass remaining scalar fields explicitly, Prompted by Yuichiro NAITO, feedback Thorsten Glaser; ok dtucker@
* when loading PKCS#11 keys, include the key fingerprints and provider/slotdjm2020-11-221-3/+22
| | | | information in debug output.
* when mentioning that the host key has changed, don't report the typedjm2020-11-221-3/+3
| | | | | because it is ambiguous as to whether it referred to the known or new host key. bz3216; ok dtucker@
* When doing an sftp recursive upload or download of a read-only directory,dtucker2020-11-201-6/+16
| | | | | | | ensure that the directory is created with write and execute permissions in the interim so that we can actually complete the transfer, then set the directory permission as the final step. (The execute bit is only likely to be an issue with a non-POSIX server). bz#3222, ok djm@
* Explicitly initialize all members of the find_by_key_ctx struct. Initializingdtucker2020-11-201-2/+2
| | | | | | a single member should be enough (the spec says the remainder should be initialized as per the static rules) but some GCCs warn on this which prevents us testing with -Werror on those. ok deraadt@ djm@
* draft-ietf-secsh-architecture is now RFC4251.dtucker2020-11-191-2/+2
|
* Specify that the KDF function is bcrypt. Based on github PR#214dtucker2020-11-171-3/+5
| | | | from rafork, ok markus@, mdoc correction jmc@
* revert r1.341; it breaks ProxyJump; reported by sthen@djm2020-11-151-3/+3
|
* scrub keyboard-interactive authentication prompts coming from thedjm2020-11-131-3/+5
| | | | | server through asmprintf() prior to display; suggested by and ok dtucker@
* prefix keyboard interactive prompts with (user@host) to make it easierdjm2020-11-131-7/+12
| | | | | to determine which connection they are associated with in cases like scp -3, ProxyJump, etc. bz#3224 ok dtucker
* when prompting the user to accept a new hostkey, display any otherdjm2020-11-121-28/+191
| | | | | | | | | | | | | | | | host names/addresses already associated with the key. E.g. > The authenticity of host 'test (10.0.0.1)' can't be established. > ECDSA key fingerprint is SHA256:milU4MODXm8iJQI18wlsbPG7Yup+34fuNNmV08qDnax. > This host key is known by the following other names/addresses: > ~/.ssh/known_hosts:1: host.example.org,10.0.0.1 > ~/.ssh/known_hosts:2: [hashed name] > ~/.ssh/known_hosts:3: [hashed name] > ~/.ssh/known_hosts:4: host > ~/.ssh/known_hosts:5: [host]:2222 > Are you sure you want to continue connecting (yes/no/[fingerprint])? feedback and ok markus@
* Prevent integer overflow when ridiculously large ConnectTimeout isdtucker2020-11-121-2/+5
| | | | | specified, capping the effective value (for most platforms) at 24 days. bz#3229, ok djm@
* fix logic error that broke URI parsing in ProxyJump directives;djm2020-11-111-3/+3
| | | | ok dtucker@
* Free the previously allocated msg buffer after writing it out.claudio2020-11-101-1/+2
| | | | OK djm@
* unbreak; missing NULL checkdjm2020-11-081-2/+2
|
* when requesting a security key touch on stderr, inform the user oncedjm2020-11-085-16/+37
| | | | the touch has been recorded; requested by claudio@ ok markus@
* Add a comment documenting the source of the moduli group sizes.dtucker2020-11-081-1/+2
|
* Replace WITH_OPENSSL ifdefs in log calls with a macro. The log callsdtucker2020-11-083-32/+9
| | | | | | are themselves now macros, and preprocessor directives inside macro arguments are undefined behaviour which some compilers (eg old GCCs) choke on. It also makes the code tidier. ok deraadt@
* fold consecutive '*' wildcards to mitigate combinatorial explosiondjm2020-11-031-4/+4
| | | | of recursive searches; ok dtucker
* print reason in fatal error message when kex_assemble_namelist() failsdjm2020-10-301-4/+4
|
* fix sshd_config SetEnv directive inside Match blocks; part of githubdjm2020-10-291-1/+2
| | | | PR#201 from github user manuelm
* fix type of nid in type_bits_valid(); github PR#202 from github userdjm2020-10-291-2/+2
| | | | thingsconnected
* whitespace; no code changedjm2020-10-296-17/+17
|
* UpdateHostkeys: fixed/better detection of host keys that exist underdjm2020-10-291-9/+16
| | | | | other names and addresses; spotted by and debugged with lots of help from jca@
* Minor man page fixes (capitalization, commas) identified by thedtucker2020-10-261-5/+5
| | | | manpage-l10n project via bz#3223. feedback deraadt@, ok jmc@
* Adapt XMSS to new logging infrastructure. With markus@, ok djm@.dtucker2020-10-196-26/+27
|
* fix SEGV on fatal() errors spotted by dtucker@djm2020-10-192-4/+4
|
* use the new variant log macros instead of prepending __func__ anddjm2020-10-1866-2767/+2369
| | | | appending ssh_err(r) manually; ok markus@
* variants of the log methods that append a ssherr.h string fromdjm2020-10-185-39/+80
| | | | a supplied error code; ok markus@
* remove a level of macro indirection; ok markus@djm2020-10-181-35/+11
|
* add some variant log.h calls that prepend the calling functiondjm2020-10-181-1/+13
| | | | name; ok markus@
* make the log functions that exit (sshlogdie(), sshfatal(), etc) havedjm2020-10-174-22/+28
| | | | identical signatures. Makes things a bit more consistent...
* add space between macro arg and punctuation;jmc2020-10-162-4/+4
|
* LogVerbose keyword for ssh and sshddjm2020-10-1610-17/+99
| | | | | | | Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@
* revised log infrastructure for OpenSSHdjm2020-10-168-136/+157
| | | | | | | log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists. ok markus@
* use do_log2 instead of function pointers to different log functionsdjm2020-10-161-3/+4
|
* make UpdateHostkeys still more conservative: refuse to proceed ifdjm2020-10-141-38/+76
| | | | | | | | | one of the keys offered by the server is already in known_hosts under another name. This avoid collisions between address entries for different host aliases when CheckHostIP=yes Also, do not attempt to fix known_hosts with incomplete host/ip matches when there are no new or deprecated hostkeys.
* Zap unused family parameter from ssh_connect_direct()kn2020-10-123-9/+9
| | | | | | sshconnect.c r1.241 from 2013 made it unused; found while reading code. OK djm
* UpdateHostkeys: check for keys under other namesdjm2020-10-111-7/+82
| | | | | | | | | | | | | Stop UpdateHostkeys from automatically removing deprecated keys from known_hosts files if the same keys exist under a different name or address to the host that is being connected to. This avoids UpdateHostkeys from making known_hosts inconsistent in some cases. For example, multiple host aliases sharing address-based known_hosts on different lines, or hosts that resolves to multiple addresses. ok markus@
* UpdateHostkeys: better CheckHostIP handlingdjm2020-10-112-53/+95
| | | | | | | | | | | | When preparing to update the known_hosts file, fully check both entries for both the host and the address (if CheckHostIP enabled) and ensure that, at the end of the operation, entries for both are recorded. Make sure this works with HashKnownHosts too, which requires maintaining a list of entry-types seen across the whole file for each key. ok markus@
* UpdateHostkeys: better detect manual host entriesdjm2020-10-111-17/+37
| | | | | | | | Disable UpdateHostkeys if the known_hosts line has more than two entries in the pattern-list. ssh(1) only writes "host" or "host,ip" lines so anything else was added by a different tool or by a human. ok markus@
* don't misdetect comma-separated hostkey names as wildcards;djm2020-10-081-4/+4
| | | | spotted by naddy@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.