summaryrefslogtreecommitdiffstats
path: root/sshconnect.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: replace recently-added valid_domain() check for hostnamesdjm@openbsd.org2022-11-031-8/+12
| | | | | | | going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
* upstream: Be more paranoid with host/domain names coming from thedjm@openbsd.org2022-10-251-2/+9
| | | | | | | | never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
* upstream: whitespacedjm@openbsd.org2022-08-261-2/+2
| | | | OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
* upstream: Add period at end of "not known by any other names"dtucker@openbsd.org2022-06-031-2/+2
| | | | | | message. github PR#320 from jschauma, ok djm@ OpenBSD-Commit-ID: bd60809803c4bfd3ebb7c5c4d918b10e275266f2
* upstream: ssh-add side of destination constraintsdjm@openbsd.org2021-12-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Have ssh-add accept a list of "destination constraints" that allow restricting where keys may be used in conjunction with a ssh-agent/ssh that supports session ID/hostkey binding. Constraints are specified as either "[user@]host-pattern" or "host-pattern>[user@]host-pattern". The first form permits a key to be used to authenticate as the specified user to the specified host. The second form permits a key that has previously been permitted for use at a host to be available via a forwarded agent to an additional host. For example, constraining a key with "user1@host_a" and "host_a>host_b". Would permit authentication as "user1" at "host_a", and allow the key to be available on an agent forwarded to "host_a" only for authentication to "host_b". The key would not be visible on agent forwarded to other hosts or usable for authentication there. Internally, destination constraints use host keys to identify hosts. The host patterns are used to obtain lists of host keys for that destination that are communicated to the agent. The user/hostkeys are encoded using a new restrict-destination-v00@openssh.com key constraint. host keys are looked up in the default client user/system known_hosts files. It is possible to override this set on the command-line. feedback Jann Horn & markus@ ok markus@ OpenBSD-Commit-ID: ef47fa9ec0e3c2a82e30d37ef616e245df73163e
* Sync remaining ChallengeResponse removal.Darren Tucker2021-07-031-8/+1
| | | | These were omitted from commit 88868fd131.
* upstream: Use better language to refer to the user. From l1vingdtucker@openbsd.org2021-06-251-2/+2
| | | | | | via github PR#250, ok jmc@ OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf
* upstream: Allow argv_split() to optionally terminate tokenisationdjm@openbsd.org2021-06-081-2/+2
| | | | | | | | | | | | when it encounters an unquoted comment. Add some additional utility function for working with argument vectors, since we'll be switching to using them to parse ssh/sshd_config shortly. ok markus@ as part of a larger diff; tested in snaps OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac
* upstream: highly polished whitespace, mostly fixing spaces-for-tabdjm@openbsd.org2021-04-031-7/+9
| | | | | | and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* upstream: typo in other_hostkeys_message() display output, ok djmsthen@openbsd.org2021-03-031-2/+2
| | | | OpenBSD-Commit-ID: 276f58afc97b6f5826e0be58380b737603dbf5f5
* Revert "ssh: optional bind interface if bind address specified."Damien Miller2021-02-261-6/+0
| | | | | | This reverts commit 5a878a71a3528c2626aa1d331934fd964782d41c. Apologies - I accidentally pushed this.
* ssh: optional bind interface if bind address specified.Dmitrii Turlupov2021-02-261-0/+6
| | | | | Allows the -b and -B options to be used together. For example, when the interface is in the VRF.
* upstream: move check_host_cert() from sshconnect,c to sshkey.c anddjm@openbsd.org2021-01-261-36/+20
| | | | | | | | refactor it to make it more generally usable and testable. ok markus@ OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4
* upstream: add a ssh_config KnownHostsCommand that allows the clientdjm@openbsd.org2020-12-221-6/+104
| | | | | | | | | | | | | to obtain known_hosts data from a command in addition to the usual files. The command accepts bunch of %-expansions, including details of the connection and the offered server host key. Note that the command may be invoked up to three times per connection (see the manpage for details). ok markus@ OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0
* upstream: plumb ssh_conn_info through to sshconnect.c; feedback/okdjm@openbsd.org2020-12-211-12/+17
| | | | | | markus@ OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0
* upstream: allow UserKnownHostsFile=none; feedback and ok markus@djm@openbsd.org2020-12-211-1/+5
| | | | OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48
* upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*djm@openbsd.org2020-12-211-6/+6
| | | | | | | | | | | | | | | | | Add load_hostkeys_file() and hostkeys_foreach_file() that accept a FILE* argument instead of opening the file directly. Original load_hostkeys() and hostkeys_foreach() are implemented using these new interfaces. Add a u_int note field to the hostkey_entry and hostkey_foreach_line structs that is passed directly from the load_hostkeys() and hostkeys_foreach() call. This is a lightweight way to annotate results between different invocations of load_hostkeys(). ok markus@ OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
* upstream: Set the specified TOS/DSCP for interactive use prior todjm@openbsd.org2020-11-271-1/+6
| | | | | | | | | | | TCP connect. The connection phase of the SSH session is time-sensitive (due to server side login grace periods) and is frequently interactive (e.g. entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after authentication completes. ok dtucker@ OpenBSD-Commit-ID: f31ab10d9233363a6d2c9996007083ba43a093f1
* upstream: when mentioning that the host key has changed, don'tdjm@openbsd.org2020-11-271-3/+3
| | | | | | | report the type because it is ambiguous as to whether it referred to the known or new host key. bz3216; ok dtucker@ OpenBSD-Commit-ID: 2d5ce4a83dbcf44e340a572e361decad8aab7bad
* upstream: Explicitly initialize all members of thedtucker@openbsd.org2020-11-201-2/+2
| | | | | | | | | find_by_key_ctx struct. Initializing a single member should be enough (the spec says the remainder should be initialized as per the static rules) but some GCCs warn on this which prevents us testing with -Werror on those. ok deraadt@ djm@ OpenBSD-Commit-ID: 687126e60a27d30f02614760ef3c3ae4e8d6af28
* upstream: when prompting the user to accept a new hostkey, displaydjm@openbsd.org2020-11-121-28/+191
| | | | | | | | | | | | | | | | | | any other host names/addresses already associated with the key. E.g. > The authenticity of host 'test (10.0.0.1)' can't be established. > ECDSA key fingerprint is SHA256:milU4MODXm8iJQI18wlsbPG7Yup+34fuNNmV08qDnax. > This host key is known by the following other names/addresses: > ~/.ssh/known_hosts:1: host.example.org,10.0.0.1 > ~/.ssh/known_hosts:2: [hashed name] > ~/.ssh/known_hosts:3: [hashed name] > ~/.ssh/known_hosts:4: host > ~/.ssh/known_hosts:5: [host]:2222 > Are you sure you want to continue connecting (yes/no/[fingerprint])? feedback and ok markus@ OpenBSD-Commit-ID: f6f58a77b49f1368b5883b3a1f776447cfcc7ef4
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-37/+31
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: Zap unused family parameter from ssh_connect_direct()kn@openbsd.org2020-10-141-5/+5
| | | | | | | | sshconnect.c r1.241 from 2013 made it unused; found while reading code. OK djm OpenBSD-Commit-ID: 219ba6d7f9925d0b7992918612680399d86712b5
* upstream: Disable UpdateHostkeys when hostkey checking failsdjm@openbsd.org2020-10-071-1/+6
| | | | | | | | | | If host key checking fails (i.e. a wrong host key is recorded for the server) and the user elects to continue (via StrictHostKeyChecking=no), then disable UpdateHostkeys for the session. reminded by Mark D. Baushke; ok markus@ OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a
* upstream: don't UpdateHostkeys when the hostkey is verified by thedjm@openbsd.org2020-10-071-4/+28
| | | | | | | | GlobalKnownHostsFile file, support only UserKnownHostsFile matches suggested by Mark D. Baushke; feedback and ok markus@ OpenBSD-Commit-ID: eabb771a6add676c398d38a143a1aff5f04abbb9
* upstream: revert kex->flags cert hostkey downgrade back to a plaindjm@openbsd.org2020-10-071-43/+12
| | | | | | | | | key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@ OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
* upstream: simply disable UpdateHostkeys when a certificatedjm@openbsd.org2020-10-071-2/+7
| | | | | | | | | successfully authenticated the host; simpler than the complicated plumbing via kex->flags we have now. ok markus@ OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c
* upstream: when ordering host key algorithms in the client, considerdjm@openbsd.org2020-10-071-2/+3
| | | | | | the ECDSA key subtype; ok markus@ OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece
* upstream: There are lots of place where we want to redirect stdin,djm@openbsd.org2020-10-031-23/+5
| | | | | | | | stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@ OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
* upstream: record when the host key checking code downgrades adjm@openbsd.org2020-10-031-12/+43
| | | | | | | | certificate host key to a plain key. This occurs when the user connects to a host with a certificate host key but no corresponding CA key configured in known_hosts; feedback and ok markus@ OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901
* upstream: For the hostkey confirmation message:djm@openbsd.org2020-09-161-2/+2
| | | | | | | | | > Are you sure you want to continue connecting (yes/no/[fingerprint])? compare the fingerprint case sensitively; spotted Patrik Lundin ok dtucker OpenBSD-Commit-ID: 73097afee1b3a5929324e345ba4a4a42347409f2
* upstream: let ssh_config(5)'s AddKeysToAgent keyword accept a timedjm@openbsd.org2020-08-271-2/+3
| | | | | | | | limit for keys in addition to its current flag options. Time-limited keys will automatically be removed from ssh-agent after their expiry time has passed; ok markus@ OpenBSD-Commit-ID: 792e71cacbbc25faab5424cf80bee4a006119f94
* upstream: Add a '%k' TOKEN that expands to the effective HostKey ofdtucker@openbsd.org2020-07-171-1/+4
| | | | | | | | the destination. This allows, eg, keeping host keys in individual files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@ (man page bits) OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc
* upstream: use sshpkt_fatal() for kex_exchange_identification()djm@openbsd.org2020-03-141-3/+4
| | | | | | | | errors. This ensures that the logged errors are consistent with other transport- layer errors and that the relevant IP addresses are logged. bz3129 ok dtucker@ OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab
* upstream: when AddKeysToAgent=yes is set and the key contains nodjm@openbsd.org2020-01-251-4/+5
| | | | | | comment, add the key to the agent with the key's path as the comment. bz2564 OpenBSD-Commit-ID: 8dd8ca9340d7017631a27f4ed5358a4cfddec16f
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-5/+5
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
* upstream: Ignore whitespace when checking explict fingerprint.dtucker@openbsd.org2020-01-231-5/+6
| | | | | | | When confirming a host key using the fingerprint itself, ignore leading and trailing whitespace. ok deraadt@ djm@ OpenBSD-Commit-ID: cafd7f803bbdcd40c3a8f8f1a77747e6b6d8c011
* upstream: revise the fix for reversed arguments onnaddy@openbsd.org2020-01-211-4/+4
| | | | | | | | expand_proxy_command() Always put 'host' before 'host_arg' for consistency. ok markus@ djm@ OpenBSD-Commit-ID: 1ba5b25472779f1b1957295fcc6907bb961472a3
* upstream: fix reversed arguments on expand_proxy_command(); spotteddjm@openbsd.org2020-01-091-2/+2
| | | | | | by anton@ OpenBSD-Commit-ID: db1c32478a01dfbc9c4db171de0f25907bea5775
* upstream: stdarg.h required more broadly; ok djmderaadt@openbsd.org2019-11-141-2/+2
| | | | OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513
* upstream: enable ed25519 support; ok djmmarkus@openbsd.org2019-11-121-2/+2
| | | | OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
* upstream: ssh AddKeysToAgent support for U2F/FIDO keysdjm@openbsd.org2019-10-311-3/+5
| | | | | | feedback & ok markus@ OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91
* upstream: add new agent key constraint for U2F/FIDO providerdjm@openbsd.org2019-10-311-2/+2
| | | | | | feedback & ok markus@ OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
* remove duplicate #includesDamien Miller2019-10-021-1/+0
| | | | Prompted by Jakub Jelen
* upstream: whitespacedjm@openbsd.org2019-09-131-3/+3
| | | | OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700
* upstream: allow %n to be expanded in ProxyCommand stringsdjm@openbsd.org2019-09-131-15/+20
| | | | | | | From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@ OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-13/+13
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* upstream: Add protection for private keys at rest in RAM againstdjm@openbsd.org2019-06-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@ OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
* upstream: Free host on exit path. Patch from markus atdtucker@openbsd.org2019-05-081-1/+2
| | | | | | blueflash.cc, ok djm@ OpenBSD-Commit-ID: c54e9945d93c4ce28350d8b9fa8b71f744ef2b5a
* upstream: dup stdout/in for proxycommand=-, otherwise stdout mightmarkus@openbsd.org2019-03-011-3/+11
| | | | | | be redirected to /dev/null; ok djm@ OpenBSD-Commit-ID: 97dfce4c47ed4055042de8ebde85b7d88793e595