summaryrefslogtreecommitdiffstats
path: root/ssh_api.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-09-19upstream: better error message for ~user failures when thedjm@openbsd.org1-2/+3
sftp-server lacks the expand-path extension; ok deraadt@ OpenBSD-Commit-ID: 9c1d965d389411f7e86f0a445158bf09b8f9e4bc
2021-09-19upstream: make some more scp-in-SFTP mode better match Unix idiomsdjm@openbsd.org1-9/+8
suggested by deraadt@ OpenBSD-Commit-ID: 0f2439404ed4cf0b0be8bf49a1ee734836e1ac87
2021-09-19upstream: allow log_stderr==2 to prefix log messages with argv[0]djm@openbsd.org2-11/+12
use this to make scp's SFTP mode error messages more scp-like prompted by and ok deraadt@ OpenBSD-Commit-ID: 0e821dbde423fc2280e47414bdc22aaa5b4e0733
2021-09-17Test against LibreSSL 3.2.6, 3.3.4, 3.4.0.Darren Tucker1-1/+3
2021-09-16upstream: missing space character in ssh -G output broke thedjm@openbsd.org1-2/+2
t-sshcfgparse regression test; spotted by anton@ OpenBSD-Commit-ID: bcc36fae2f233caac4baa8e58482da4aa350eed0
2021-09-16upstream: allow CanonicalizePermittedCNAMEs=none in ssh_config; okdjm@openbsd.org4-17/+60
markus@ OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623
2021-09-15upstream: put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENTmbuhl@openbsd.org1-3/+5
OK mfriedl@ OpenBSD-Commit-ID: 1aba1da828956cacaadb81a637338734697d9798
2021-09-11upstream: Do not ignore SIGINT while waiting for input if editline(3)schwarze@openbsd.org1-11/+14
is not used. Instead, in non-interactive mode, exit sftp(1), like for other serious errors. As pointed out by dtucker@, when compiled without editline(3) support in portable OpenSSH, the el == NULL branch is also used for interactive mode. In that case, discard the input line and provide a fresh prompt to the user just like in the case where editline(3) is used. OK djm@ OpenBSD-Commit-ID: 7d06f4d3ebba62115527fafacf38370d09dfb393
2021-09-11upstream: when using SFTP protocol, continue transferring files after adjm@openbsd.org1-6/+10
transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@ OpenBSD-Commit-ID: dfe4558d71dd09707e9b5d6e7d2e53b793da69fa
2021-09-10upstream: Document that non-interactive commands are run via the user'sdtucker@openbsd.org1-3/+8
shell using the -c flag. ok jmc@ OpenBSD-Commit-ID: 4f0d912077732eead10423afd1acf4fc0ceec477
2021-09-10upstream: Document behaviour of arguments following non-interactivedtucker@openbsd.org2-6/+11
commands. Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@ OpenBSD-Commit-ID: fc758d1fe0471dfab4304fcad6cd4ecc3d79162a
2021-09-10upstream: Clarify which file's attributes -p preserves, and thatdtucker@openbsd.org1-5/+5
it's specifically the file mode bits. bz#3340 from calestyo at scientia.net, ok djm@ jmc@ OpenBSD-Commit-ID: f09e6098ed1c4be00c730873049825f8ee7cb884
2021-09-10upstream: openssh-7.4 was incorrectly listed twice; spotted bydjm@openbsd.org1-2/+1
Dmitry Belyavskiy, ok dtucker@ OpenBSD-Commit-ID: 4b823ae448f6e899927ce7b04225ac9e489f58ef
2021-09-10upstream: - move CAVEATS to its correct order - use the termjmc@openbsd.org1-10/+10
"legacy" protocol rather than "original", as the latter made the text misleading - uppercase SCP ok djm OpenBSD-Commit-ID: 8479255746d5fa76a358ee59e7340fecf4245ff0
2021-09-09Disable tracing on FreeBSD using procctl.David Carlier2-0/+12
Placed at the start of platform_disable_tracing() to prevent declaration after code errors from strict C89 compilers (in the unlikely event that more than one method is enabled).
2021-09-09upstream: Use the SFTP protocol by default. The original scp/rcpdjm@openbsd.org2-23/+25
protocol remains available via the -O flag. Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7. ok deraadt, after baking in snaps for a while without incident OpenBSD-Commit-ID: 23588976e28c281ff5988da0848cb821fec9213c
2021-09-08Really fix test on OpenSSL 1.1.1 stable.Darren Tucker2-1/+2
2021-09-08Correct OpenSSL 1.1.1 stable identifier.Darren Tucker1-1/+1
2021-09-08Increment nfds when coming from startup_pipe.Darren Tucker1-1/+1
If we have to increase nfds because startup_pipe[0] is above any of the descriptors passed in the fd_sets, we also need to add 1 to nfds since select takes highest FD number plus one. bz#3345 from yaroslav.kuzmin at vmssoftware.com.
2021-09-08Tests for OpenSSL 3.0.0 release & 1.1.1 branch.Darren Tucker1-1/+3
2021-09-08upstream: correct my mistake in previous fix; spotted by halexdjm@openbsd.org1-2/+2
OpenBSD-Commit-ID: 3cc62d92e3f70006bf02468fc146bfc36fffa183
2021-09-07upstream: avoid NULL deref in -Y find-principals. Report and fixdjm@openbsd.org1-2/+3
from Carlo Marcelo Arenas Belón MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 6238486f8ecc888d6ccafcd9ad99e621bb41f1e0
2021-09-07upstream: revision 1.381 neglected to removemillert@openbsd.org1-4/+3
sChallengeResponseAuthentication from the enum. Noticed by christos@zoulas.com. OK dtucker@ OpenBSD-Commit-ID: b533283a4dd6d04a867da411a4c7a8fbc90e34ff
2021-09-05Correct version_num for OpenSSL dev branch.Darren Tucker1-1/+1
2021-09-05Test against OpenSSL 3 branch as well as dev.Darren Tucker1-0/+1
Now that OpenSSL development has moved to 3.1, test against the most recent version of the openssl-3.0 branch too.
2021-09-05OpenSSL development is now 3.1.*Darren Tucker1-1/+2
2021-09-03upstream: Use .Cm instead of .Dq in StrictHostKeyChecking list fordtucker@openbsd.org1-4/+4
consistency. Patch from scop via github PR#257, ok jmc@ OpenBSD-Commit-ID: 3652a91564570779431802c31224fb4a9cf39872
2021-09-03upstream: Mention using ssh -i for specifying the public key filedtucker@openbsd.org1-2/+6
in the case where the private key is loaded into ssh-agent but is not present locally. Based on patch from rafork via github PR#215, ok jmc@ OpenBSD-Commit-ID: 2282e83b0ff78d2efbe705883b67240745fa5bb2
2021-09-03upstream: Refer to KEX "algorithms" instead of "methods" to matchdtucker@openbsd.org2-10/+10
other references and improve consistency. Patch from scop via github PR#241, ok djm@ OpenBSD-Commit-ID: 840bc94ff6861b28d8603c8e8c16499bfb65e32c
2021-09-03upstream: Remove redundant attrib_clear in upload_dir_internal.dtucker@openbsd.org1-2/+1
The subsequent call to stat_to_attrib clears the struct as its first step anyway. From pmeinhardt via github PR#220, ok djm@ OpenBSD-Commit-ID: f5234fc6d7425b607e179acb3383f21716f3029e
2021-09-03upstream: Add test for client termination status on signal.dtucker@openbsd.org2-1/+26
Based on patch from Alexxz via github PR#235 with some tweaks, to match patch in bz#3281. OpenBSD-Regress-ID: d87c7446fb8b5f8b45894fbbd6875df326e729e2
2021-09-03upstream: sys/param.h is not needed for any visible reasonderaadt@openbsd.org1-2/+1
OpenBSD-Commit-ID: 8bdea2d0c75692e4c5777670ac039d4b01c1f368
2021-09-03Fix memory leak in error path.Shchelkunov Artem1-0/+1
*info is allocated via xstrdup but was leaked in the PAM_AUTH_ERR path. From github PR#266.
2021-09-01upstream: Fix ssh-rsa fallback for old PuTTY interop tests.dtucker@openbsd.org3-6/+9
OpenBSD-Regress-ID: a19ac929da604843a5b5f0f48d2c0eb6e0773d37
2021-09-01upstream: Add a function to skip remaining tests.dtucker@openbsd.org8-26/+27
Many tests skip tests for various reasons but not in a consistent way and don't always clean up, so add that and switch the tests that do that over. OpenBSD-Regress-ID: 72d2ec90a3ee8849486956a808811734281af735
2021-09-01upstream: Specify path to PuTTY keys.dtucker@openbsd.org3-3/+3
Portable needs this and it makes no difference on OpenBSD, so resync them. (Id sync only, Portable already had this.) OpenBSD-Regress-ID: 33f6f66744455886d148527af8368811e4264162
2021-08-31upstream: Better compat tests with old PuTTY.dtucker@openbsd.org3-3/+21
When running PuTTY interop tests and using a PuTTY version older than 0.76, re-enable the ssh-rsa host key algorithm (the 256 and 512 variants of RSA were added some time between 0.73 and 0.76). OpenBSD-Regress-ID: e6138d6987aa705fa1e4f216db0bb386e1ff38e1
2021-08-31Resync PuTTY interop tests.Darren Tucker3-6/+3
Resync behaviour when REGRESS_INTEROP_PUTTY is not set with OpenBSD.
2021-08-31upstream: Specify hostkeyalgorithms in SSHFP test.dtucker@openbsd.org1-7/+7
Specify host key algorithms in sshd's default set for the SSHFP test, from djm@. Make the reason for when the test is skipped a bit clearer. OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea
2021-08-30upstream: adapt to RSA/SHA1 deprectationdjm@openbsd.org1-2/+4
OpenBSD-Regress-ID: 952397c39a22722880e4de9d1c50bb1a14f907bb
2021-08-30upstream: After years of forewarning, disable the RSA/SHA-1djm@openbsd.org1-4/+2
signature algorithm by default. It is feasible to create colliding SHA1 hashes, so we need to deprecate its use. RSA/SHA-256/512 remains available and will be transparently selected instead of RSA/SHA1 for most SSH servers released in the last five+ years. There is no need to regenerate RSA keys. The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the PubkeyAcceptedAlgorithms directives on the client and server. ok dtucker deraadt OpenBSD-Commit-ID: 189bcc4789c7254e09e23734bdd5def8354ff1d5
2021-08-30upstream: wrap at 80 columnsdjm@openbsd.org1-2/+3
OpenBSD-Commit-ID: 47ca2286d6b52a9747f34da16d742879e1a37bf0
2021-08-20Replace shell function with ssh-keygen -A.Darren Tucker2-26/+1
Prevents the init script in the SysV package from trying (and failing) to generate unsupported key types. Remove now-unused COMMENT_OUT_ECC. ok tim@
2021-08-20Remove obsolete Redhat PAM config and init script.Darren Tucker2-163/+0
2021-08-20dependV_8_7_P1Damien Miller1-158/+158
2021-08-20update version numbersDamien Miller3-3/+3
2021-08-20upstream: openssh-8.7djm@openbsd.org1-2/+2
OpenBSD-Commit-ID: 8769dff0fd76ae3193d77bf83b439adee0f300cd
2021-08-20Also check pid in pselect_notify_setup.Darren Tucker1-1/+1
Spotted by djm@.
2021-08-20Prefix pselect functions to clarify debug messagesDarren Tucker1-14/+14
2021-08-20Fix race in pselect replacement code.Darren Tucker1-4/+19
On the second and subsequent calls to pselect the notify_pipe was not added to the select readset, opening up a race that om G. Christensen discovered on multiprocessor Solaris <=9 systems. Also reinitialize notify_pipe if the pid changes. This will prevent a parent and child from using the same FD, although this is not an issue in the current structure it might be in future.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-12 19:59:06 +0100