summaryrefslogtreecommitdiffstats
path: root/ssh.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: require control-escape character sequences passed via the '-edjm@openbsd.org2024-10-181-2/+2
| | | | | | | | | ^x' commandline to be exactly two characters long. Avoids one by OOB read if ssh is invoked as "ssh -e^ ..." Spotted by Maciej Domanski in GHPR368 OpenBSD-Commit-ID: baa72bc60898fc5639e6c62de7493a202c95823d
* upstream: make DSA key support compile-time optional, defaulting todjm@openbsd.org2024-01-111-1/+5
| | | | | | | | on ok markus@ OpenBSD-Commit-ID: 4f8e98fc1fd6de399d0921d5b31b3127a03f581d
* upstream: ban user/hostnames with most shell metacharactersdjm@openbsd.org2023-12-181-1/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | This makes ssh(1) refuse user or host names provided on the commandline that contain most shell metacharacters. Some programs that invoke ssh(1) using untrusted data do not filter metacharacters in arguments they supply. This could create interactions with user-specified ProxyCommand and other directives that allow shell injection attacks to occur. It's a mistake to invoke ssh(1) with arbitrary untrusted arguments, but getting this stuff right can be tricky, so this should prevent most obvious ways of creating risky situations. It however is not and cannot be perfect: ssh(1) has no practical way of interpreting what shell quoting rules are in use and how they interact with the user's specified ProxyCommand. To allow configurations that use strange user or hostnames to continue to work, this strictness is applied only to names coming from the commandline. Names specified using User or Hostname directives in ssh_config(5) are not affected. feedback/ok millert@ markus@ dtucker@ deraadt@ OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9
* upstream: don't dereference NULL pointer when hashing jumphostdjm@openbsd.org2023-10-121-3/+3
| | | | OpenBSD-Commit-ID: 251c0263e1759a921341c7efe7f1d4c73e1c70f4
* upstream: add %j token that expands to the configured ProxyJumpdjm@openbsd.org2023-10-121-2/+5
| | | | | | | hostname (or the empty string if this option is not being used). bz3610, ok dtucker OpenBSD-Commit-ID: ce9983f7efe6a178db90dc5c1698df025df5e339
* upstream: sync usage() with ssh.1; spotted by kn@djm@openbsd.org2023-10-121-3/+4
| | | | OpenBSD-Commit-ID: 191a85639477dcb5fa1616d270d93b7c8d5c1dfd
* upstream: add ChannelTimeout support to the client, mirroring thedjm@openbsd.org2023-10-121-1/+15
| | | | | | same option in the server. ok markus@ OpenBSD-Commit-ID: 55630b26f390ac063980cfe7ad8c54b03284ef02
* upstream: set interactive mode for ControlPersist sessions if theydjm@openbsd.org2023-09-041-4/+7
| | | | | | | originally requested a tty; enables keystroke timing obfuscation for most ControlPersist sessions. Spotted by naddy@ OpenBSD-Commit-ID: 72783a26254202e2f3f41a2818a19956fe49a772
* upstream: make ssh -f (fork after authentication) work properly indjm@openbsd.org2023-07-271-6/+11
| | | | | | | multiplexed cases (inc. ControlPersist). bz3589 bz3589 Based on patches by Peter Chubb; ok dtucker@ OpenBSD-Commit-ID: a7a2976a54b93e6767dc846b85647e6ec26969ac
* upstream: - add -P to usage() - sync the arg name to -J in usage()jmc@openbsd.org2023-07-171-8/+8
| | | | | | with that in ssh.1 - reformat usage() to match what "man ssh" does on 80width OpenBSD-Commit-ID: 5235dd7aa42e5bf90ae54579d519f92fc107036e
* upstream: Add support for configuration tags to ssh(1).djm@openbsd.org2023-07-171-3/+5
| | | | | | | | | | | This adds a ssh_config(5) "Tag" directive and corresponding "Match tag" predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. ok markus OpenBSD-Commit-ID: dc08358e70e702b59ac3e591827e5a96141b06a3
* upstream: add support for unix domain sockets to ssh -Wdlg@openbsd.org2023-07-071-2/+4
| | | | | | ok djm@ dtucker@ OpenBSD-Commit-ID: 3e6d47567b895c7c28855c7bd614e106c987a6d8
* upstream: make `ssh -Q CASignatureAlgorithms` only list signaturedjm@openbsd.org2023-06-211-2/+4
| | | | | | | | algorithms that are valid for CA signing. Previous behaviour was to list all signing algorithms, including certificate algorithms (OpenSSH certificates do not support CA chains). part of bz3577; ok dtucker@ OpenBSD-Commit-ID: 99c2b072dbac0f44fd1f2269e3ff6c1b5d7d3e59
* upstream: Check for ProxyJump=none in CanonicalizeHostname logic.djm@openbsd.org2023-04-261-3/+3
| | | | | | | | | Previously ssh would incorrectly refuse to canonicalise the hostname if ProxyJump was explicitly set to "none" when CanonicalizeHostname=yes bz3567; ok dtucker OpenBSD-Commit-ID: 80a58e43c3a32f97361282f756ec8d3f37989efd
* upstream: Ignore return value from muxclient(). It normally loopsdtucker@openbsd.org2023-03-311-2/+2
| | | | | | | without returning, but it if returns on failure we immediately exit. Coverity CID 405050. OpenBSD-Commit-ID: ab3fde6da384ea588226037c38635a6b2e015295
* upstream: Add tilde and environment variable expansion todtucker@openbsd.org2023-03-271-1/+9
| | | | | | RevokedHostKeys. bz#3552, ok djm@ OpenBSD-Commit-ID: ce5d8e0219b63cded594c17d4c2958c06918ec0d
* upstream: make `ssh -Q CASignatureAlgorithms` work as the manpage saysdjm@openbsd.org2023-02-101-1/+2
| | | | | | it should bz3532 OpenBSD-Commit-ID: 0ddb17b3fcbd99bfb5baea4ac5e449620cbd3adc
* upstream: For "ssh -V" always exit 0, there is no need to check optmillert@openbsd.org2023-01-181-3/+2
| | | | | | | again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120
* upstream: Add a "Host" line to the output of ssh -G showing thedtucker@openbsd.org2023-01-131-9/+9
| | | | | | | original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
* upstream: Add channel_force_close()djm@openbsd.org2023-01-061-2/+2
| | | | | | | | | | | | | | | This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
* upstream: Warn if no host keys for hostbased auth can be loaded.dtucker@openbsd.org2022-12-091-3/+12
| | | | OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
* upstream: typo in commentdjm@openbsd.org2022-11-091-2/+2
| | | | OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
* upstream: Be more paranoid with host/domain names coming from thedjm@openbsd.org2022-10-251-2/+6
| | | | | | | | never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
* upstream: use correct type with sizeof ok djm@jsg@openbsd.org2022-10-241-2/+2
| | | | OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
* upstream: honour user's umask if it is more restrictive then the sshdjm@openbsd.org2022-10-071-2/+2
| | | | | | default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
* upstream: add a RequiredRSASize for checking RSA key length indjm@openbsd.org2022-09-171-9/+18
| | | | | | | | | | | ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: ignore SIGPIPE earlier in main(), specifically beforedjm@openbsd.org2022-07-011-2/+3
| | | | | | | muxclient() which performs operations that could cause one; Reported by Noam Lewis via bz3454, ok dtucker@ OpenBSD-Commit-ID: 63d8e13276869eebac6d7a05d5a96307f9026e47
* upstream: ssh is almost out of getopt() characters; note thedjm@openbsd.org2022-03-301-2/+2
| | | | | | remaining remaining available ones in a comment OpenBSD-Commit-ID: 48d38cef59d6bc8e84c6c066f6d601875d3253fd
* upstream: Switch hpdelim interface to accept only ":" as delimiter.dtucker@openbsd.org2022-02-101-5/+4
| | | | | | | | | | Historicallly, hpdelim accepted ":" or "/" as a port delimiter between hosts (or addresses) and ports. These days most of the uses for "/" are no longer accepted, so there are several places where it checks the delimiter to disallow it. Make hpdelim accept only ":" and use hpdelim2 in the other cases. ok djm@ OpenBSD-Commit-ID: 7e6420bd1be87590b6840973f5ad5305804e3102
* upstream: log some details on hostkeys that ssh loads fordjm@openbsd.org2022-01-061-1/+7
| | | | | | hostbased authn ok markus@ OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38
* upstream: spellingjsg@openbsd.org2022-01-041-2/+2
| | | | OpenBSD-Commit-ID: c63e43087a64d0727af13409c708938e05147b62
* upstream: don't put the tty into raw mode when SessionType=none, avoidsdjm@openbsd.org2021-12-021-2/+3
| | | | | | ^c being unable to kill such a session. bz3360; ok dtucker@ OpenBSD-Commit-ID: 83960c433052303b643b4c380ae2f799ac896f65
* upstream: Fix "Allocated port" debug messagedtucker@openbsd.org2021-09-201-2/+3
| | | | | | | for unix domain sockets. From peder.stray at gmail.com via github PR#272, ok deraadt@ OpenBSD-Commit-ID: 8d5ef3fbdcdd29ebb0792b5022a4942db03f017e
* upstream: allow CanonicalizePermittedCNAMEs=none in ssh_config; okdjm@openbsd.org2021-09-161-3/+4
| | | | | | markus@ OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623
* upstream: Document behaviour of arguments following non-interactivedtucker@openbsd.org2021-09-101-2/+2
| | | | | | commands. Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@ OpenBSD-Commit-ID: fc758d1fe0471dfab4304fcad6cd4ecc3d79162a
* upstream: xstrdup environment variable used by ForwardAgent. bz#3328dtucker@openbsd.org2021-08-081-2/+2
| | | | | | from goetze at dovetail.com, ok djm@ deraadt@ OpenBSD-Commit-ID: 760320dac1c3b26904284ba417a7d63fccc5e742
* upstream: note successful authentication method in final "Authenticateddjm@openbsd.org2021-07-231-8/+1
| | | | | | | to ..." message and partial auth success messages (all at LogLevel=verbose) ok dtucker@ OpenBSD-Commit-ID: 06834b89ceb89f8f16c5321d368a66c08f441984
* upstream: Add a ForkAfterAuthentication ssh_config(5) counterpartdjm@openbsd.org2021-07-231-15/+8
| | | | | | | to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok dtucker OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
* upstream: Add a StdinNull directive to ssh_config(5) that allowsdjm@openbsd.org2021-07-231-14/+8
| | | | | | | the config file to do the same thing as -n does on the ssh(1) commandline. Patch from Volker Diels-Grabsch via GHPR231; ok dtucker OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
* upstream: wrap some long linesdjm@openbsd.org2021-07-171-4/+7
| | | | OpenBSD-Commit-ID: 4f5186b1466656762dae37d3e569438d900c350d
* upstream: fix sftp on ControlPersist connections, broken by recentdjm@openbsd.org2021-07-171-1/+2
| | | | | | SessionType change; spotted by sthen@ OpenBSD-Commit-ID: 4c5ddc5698790ae6ff50d2a4f8f832f0eeeaa234
* upstream: add a SessionType directive to ssh_config, allowing thedjm@openbsd.org2021-07-141-19/+19
| | | | | | | | | | configuration file to offer equivalent control to the -N (no session) and -s (subsystem) command-line flags. Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; feedback and ok dtucker@ OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
* Move closefrom() to before first malloc.Darren Tucker2021-06-251-6/+6
| | | | | | | | When built against tcmalloc, tcmalloc allocates a descriptor for its internal use, so calling closefrom() afterward causes the descriptor number to be reused resulting in a corrupted connection. Moving the closefrom a little earlier should resolve this. From kircherlike at outlook.com via bz#3321, ok djm@
* upstream: Switch ssh_config parsing to use argv_split()djm@openbsd.org2021-06-081-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a couple of problems with the previous tokeniser, strdelim() 1. strdelim() is permissive wrt accepting '=' characters. This is intended to allow it to tokenise "Option=value" but because it cannot keep state, it will incorrectly split "Opt=val=val2". 2. strdelim() has rudimentry handling of quoted strings, but it is incomplete and inconsistent. E.g. it doesn't handle escaped quotes inside a quoted string. 3. It has no support for stopping on a (unquoted) comment. Because of this readconf.c r1.343 added chopping of lines at '#', but this caused a regression because these characters may legitimately appear inside quoted strings. The new tokeniser is stricter is a number of cases, including #1 above but previously it was also possible for some directives to appear without arguments. AFAIK these were nonsensical in all cases, and the new tokeniser refuses to accept them. The new code handles quotes much better, permitting quoted space as well as escaped closing quotes. Finally, comment handling should be fixed - the tokeniser will terminate only on unquoted # characters. feedback & ok markus@ tested in snaps for the last five or so days - thanks Theo and those who caught bugs OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5
* upstream: allow ssh_config SetEnv to override $TERM, which is otherwisedjm@openbsd.org2021-06-041-3/+6
| | | | | | | | handled specially by the protocol. Useful in ~/.ssh/config to set TERM to something generic (e.g. "xterm" instead of "xterm-256color") for destinations that lack terminfo entries. feedback and ok dtucker@ OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758
* upstream: restore blocking status on stdio fds before closedjm@openbsd.org2021-05-191-12/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | ssh(1) needs to set file descriptors to non-blocking mode to operate but it was not restoring the original state on exit. This could cause problems with fds shared with other programs via the shell, e.g. > $ cat > test.sh << _EOF > #!/bin/sh > { > ssh -Fnone -oLogLevel=verbose ::1 hostname > cat /usr/share/dict/words > } | sleep 10 > _EOF > $ ./test.sh > Authenticated to ::1 ([::1]:22). > Transferred: sent 2352, received 2928 bytes, in 0.1 seconds > Bytes per second: sent 44338.9, received 55197.4 > cat: stdout: Resource temporarily unavailable This restores the blocking status for fds 0,1,2 (stdio) before ssh(1) abandons/closes them. This was reported as bz3280 and GHPR246; ok dtucker@ OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce
* upstream: fix breakage of -W forwaring introduced in 1.554; reported bydjm@openbsd.org2021-05-181-2/+3
| | | | | | naddy@ and sthen@, ok sthen@ OpenBSD-Commit-ID: f72558e643a26dc4150cff6e5097b5502f6c85fd
* upstream: fix previous: test saved no_shell_flag, not the one that justdjm@openbsd.org2021-05-141-2/+2
| | | | | | got clobbered OpenBSD-Commit-ID: b8deace085d9d941b2d02f810243b9c302e5355d
* upstream: Fix ssh started with ControlPersist incorrectly executing adjm@openbsd.org2021-05-141-2/+2
| | | | | | | shell when the -N (no shell) option was specified. bz3290 reported by Richard Schwab; patch from markus@ ok me OpenBSD-Commit-ID: ea1ea4af16a95687302f7690bdbe36a6aabf87e1
* polish whitespace for portable filesDamien Miller2021-04-031-1/+1
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 17:38:18 +0100