| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
going to known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@
OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
|
|
|
|
|
|
|
|
| |
never write a name with bad characters to a known_hosts file.
reported by David Leadbeater, ok deraadt@
OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
|
|
|
|
| |
OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
|
|
|
|
|
|
| |
message. github PR#320 from jschauma, ok djm@
OpenBSD-Commit-ID: bd60809803c4bfd3ebb7c5c4d918b10e275266f2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Have ssh-add accept a list of "destination constraints" that allow
restricting where keys may be used in conjunction with a ssh-agent/ssh
that supports session ID/hostkey binding.
Constraints are specified as either "[user@]host-pattern" or
"host-pattern>[user@]host-pattern".
The first form permits a key to be used to authenticate as the
specified user to the specified host.
The second form permits a key that has previously been permitted
for use at a host to be available via a forwarded agent to an
additional host.
For example, constraining a key with "user1@host_a" and
"host_a>host_b". Would permit authentication as "user1" at
"host_a", and allow the key to be available on an agent forwarded
to "host_a" only for authentication to "host_b". The key would not
be visible on agent forwarded to other hosts or usable for
authentication there.
Internally, destination constraints use host keys to identify hosts.
The host patterns are used to obtain lists of host keys for that
destination that are communicated to the agent. The user/hostkeys are
encoded using a new restrict-destination-v00@openssh.com key
constraint.
host keys are looked up in the default client user/system known_hosts
files. It is possible to override this set on the command-line.
feedback Jann Horn & markus@
ok markus@
OpenBSD-Commit-ID: ef47fa9ec0e3c2a82e30d37ef616e245df73163e
|
|
|
|
| |
These were omitted from commit 88868fd131.
|
|
|
|
|
|
| |
via github PR#250, ok jmc@
OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf
|
|
|
|
|
|
|
|
|
|
|
|
| |
when it encounters an unquoted comment.
Add some additional utility function for working with argument
vectors, since we'll be switching to using them to parse
ssh/sshd_config shortly.
ok markus@ as part of a larger diff; tested in snaps
OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac
|
|
|
|
|
|
| |
and bad indentation on continuation lines. Prompted by GHPR#185
OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
|
|
|
|
| |
OpenBSD-Commit-ID: 276f58afc97b6f5826e0be58380b737603dbf5f5
|
|
|
|
|
|
| |
This reverts commit 5a878a71a3528c2626aa1d331934fd964782d41c.
Apologies - I accidentally pushed this.
|
|
|
|
|
| |
Allows the -b and -B options to be used together.
For example, when the interface is in the VRF.
|
|
|
|
|
|
|
|
| |
refactor it to make it more generally usable and testable.
ok markus@
OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to obtain known_hosts data from a command in addition to the usual files.
The command accepts bunch of %-expansions, including details of the
connection and the offered server host key. Note that the command may
be invoked up to three times per connection (see the manpage for
details).
ok markus@
OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0
|
|
|
|
|
|
| |
markus@
OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0
|
|
|
|
| |
OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
FILE* argument instead of opening the file directly.
Original load_hostkeys() and hostkeys_foreach() are implemented using
these new interfaces.
Add a u_int note field to the hostkey_entry and hostkey_foreach_line
structs that is passed directly from the load_hostkeys() and
hostkeys_foreach() call. This is a lightweight way to annotate results
between different invocations of load_hostkeys().
ok markus@
OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
|
|
|
|
|
|
|
|
|
|
|
| |
TCP connect. The connection phase of the SSH session is time-sensitive (due
to server side login grace periods) and is frequently interactive (e.g.
entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after
authentication completes.
ok dtucker@
OpenBSD-Commit-ID: f31ab10d9233363a6d2c9996007083ba43a093f1
|
|
|
|
|
|
|
| |
report the type because it is ambiguous as to whether it referred to the
known or new host key. bz3216; ok dtucker@
OpenBSD-Commit-ID: 2d5ce4a83dbcf44e340a572e361decad8aab7bad
|
|
|
|
|
|
|
|
|
| |
find_by_key_ctx struct. Initializing a single member should be enough
(the spec says the remainder should be initialized as per the static
rules) but some GCCs warn on this which prevents us testing with -Werror
on those. ok deraadt@ djm@
OpenBSD-Commit-ID: 687126e60a27d30f02614760ef3c3ae4e8d6af28
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
any other host names/addresses already associated with the key. E.g.
> The authenticity of host 'test (10.0.0.1)' can't be established.
> ECDSA key fingerprint is SHA256:milU4MODXm8iJQI18wlsbPG7Yup+34fuNNmV08qDnax.
> This host key is known by the following other names/addresses:
> ~/.ssh/known_hosts:1: host.example.org,10.0.0.1
> ~/.ssh/known_hosts:2: [hashed name]
> ~/.ssh/known_hosts:3: [hashed name]
> ~/.ssh/known_hosts:4: host
> ~/.ssh/known_hosts:5: [host]:2222
> Are you sure you want to continue connecting (yes/no/[fingerprint])?
feedback and ok markus@
OpenBSD-Commit-ID: f6f58a77b49f1368b5883b3a1f776447cfcc7ef4
|
|
|
|
|
|
| |
__func__ and appending ssh_err(r) manually; ok markus@
OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
|
|
|
|
|
|
|
|
| |
sshconnect.c r1.241 from 2013 made it unused; found while reading code.
OK djm
OpenBSD-Commit-ID: 219ba6d7f9925d0b7992918612680399d86712b5
|
|
|
|
|
|
|
|
|
|
| |
If host key checking fails (i.e. a wrong host key is recorded for the
server) and the user elects to continue (via StrictHostKeyChecking=no),
then disable UpdateHostkeys for the session.
reminded by Mark D. Baushke; ok markus@
OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a
|
|
|
|
|
|
|
|
| |
GlobalKnownHostsFile file, support only UserKnownHostsFile matches
suggested by Mark D. Baushke; feedback and ok markus@
OpenBSD-Commit-ID: eabb771a6add676c398d38a143a1aff5f04abbb9
|
|
|
|
|
|
|
|
|
| |
key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less
plumbing.
ok markus@
OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
|
|
|
|
|
|
|
|
|
| |
successfully authenticated the host; simpler than the complicated plumbing
via kex->flags we have now.
ok markus@
OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c
|
|
|
|
|
|
| |
the ECDSA key subtype; ok markus@
OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece
|
|
|
|
|
|
|
|
| |
stdout and/or stderr to /dev/null. Factor all these out to a single
stdfd_devnull() function that allows selection of which of these to redirect.
ok markus@
OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
|
|
|
|
|
|
|
|
| |
certificate host key to a plain key. This occurs when the user connects to a
host with a certificate host key but no corresponding CA key configured in
known_hosts; feedback and ok markus@
OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901
|
|
|
|
|
|
|
|
|
| |
> Are you sure you want to continue connecting (yes/no/[fingerprint])?
compare the fingerprint case sensitively; spotted Patrik Lundin
ok dtucker
OpenBSD-Commit-ID: 73097afee1b3a5929324e345ba4a4a42347409f2
|
|
|
|
|
|
|
|
| |
limit for keys in addition to its current flag options. Time-limited keys
will automatically be removed from ssh-agent after their expiry time has
passed; ok markus@
OpenBSD-Commit-ID: 792e71cacbbc25faab5424cf80bee4a006119f94
|
|
|
|
|
|
|
|
| |
the destination. This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@
(man page bits)
OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc
|
|
|
|
|
|
|
|
| |
errors. This ensures that the logged errors are consistent with other
transport- layer errors and that the relevant IP addresses are logged. bz3129
ok dtucker@
OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab
|
|
|
|
|
|
| |
comment, add the key to the agent with the key's path as the comment. bz2564
OpenBSD-Commit-ID: 8dd8ca9340d7017631a27f4ed5358a4cfddec16f
|
|
|
|
|
|
|
|
| |
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.
OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
|
|
|
|
|
|
|
| |
When confirming a host key using the fingerprint itself, ignore leading and
trailing whitespace. ok deraadt@ djm@
OpenBSD-Commit-ID: cafd7f803bbdcd40c3a8f8f1a77747e6b6d8c011
|
|
|
|
|
|
|
|
| |
expand_proxy_command()
Always put 'host' before 'host_arg' for consistency. ok markus@ djm@
OpenBSD-Commit-ID: 1ba5b25472779f1b1957295fcc6907bb961472a3
|
|
|
|
|
|
| |
by anton@
OpenBSD-Commit-ID: db1c32478a01dfbc9c4db171de0f25907bea5775
|
|
|
|
| |
OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513
|
|
|
|
| |
OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
|
|
|
|
|
|
| |
feedback & ok markus@
OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91
|
|
|
|
|
|
| |
feedback & ok markus@
OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
|
|
|
|
| |
Prompted by Jakub Jelen
|
|
|
|
| |
OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700
|
|
|
|
|
|
|
| |
From Zachary Harmany via github.com/openssh/openssh-portable/pull/118
ok dtucker@
OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
|
|
|
|
|
|
|
|
| |
some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.
OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
and Rambleed. This change encrypts private keys when they are not in use with
a symmetic key that is derived from a relatively large "prekey" consisting of
random data (currently 16KB).
Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.
Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.
Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.
been in snaps for a bit already; thanks deraadt@
ok dtucker@ deraadt@
OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
|
|
|
|
|
|
| |
blueflash.cc, ok djm@
OpenBSD-Commit-ID: c54e9945d93c4ce28350d8b9fa8b71f744ef2b5a
|
|
|
|
|
|
| |
be redirected to /dev/null; ok djm@
OpenBSD-Commit-ID: 97dfce4c47ed4055042de8ebde85b7d88793e595
|