summaryrefslogtreecommitdiffstats
path: root/sshconnect2.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: whitespacedjm@openbsd.org2018-06-261-2/+2
| | | | OpenBSD-Commit-ID: 9276951caf4daf555f6d262e95720e7f79244572
* upstream: fix bogus warning when signing cert keys using agent;markus@openbsd.org2018-03-241-1/+3
| | | | | | from djm; ok deraadt dtucker OpenBSD-Commit-ID: 12e50836ba2040042383a8b71e12d7ea06e9633d
* upstream: warn when the agent returns a signature type that wasdjm@openbsd.org2018-03-031-7/+34
| | | | | | | | different to what was requested. This might happen when an old/non-OpenSSH agent is asked to make a rsa-sha2-256/512 signature but only supports ssh-rsa. bz#2799 feedback and ok markus@ OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce
* upstream commitdtucker@openbsd.org2018-02-091-3/+2
| | | | | | | ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@ OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
* upstream commitdjm@openbsd.org2018-01-231-45/+10
| | | | | | | | | | | | | Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
* upstream commitdtucker@openbsd.org2017-09-041-3/+3
| | | | | | | | Increase the buffer sizes for user prompts to ensure that they won't be truncated by snprintf. Based on patch from cjwatson at debian.org via bz#2768, ok djm@ Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e
* upstream commitdjm@openbsd.org2017-08-121-1/+6
| | | | | | | refuse to a private keys when its corresponding .pub key does not match. bz#2737 ok dtucker@ Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913
* upstream commitdtucker@openbsd.org2017-06-161-2/+3
| | | | | | | | Add user@host prefix to client's "Permisison denied" messages, useful in particular when using "stacked" connections where it's not clear which host is denying. bz#2720, ok djm@ markus@ Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be
* upstream commitmarkus@openbsd.org2017-06-011-3/+3
| | | | | | remove now obsolete ctx from ssh_dispatch_run; ok djm@ Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
* upstream commitdjm@openbsd.org2017-05-311-5/+4
| | | | | | another ctx => ssh conversion (in GSSAPI code) Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0
* upstream commitmarkus@openbsd.org2017-05-311-41/+31
| | | | | | protocol handlers all get struct ssh passed; ok djm@ Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
* upstream commitmarkus@openbsd.org2017-05-311-15/+27
| | | | | | ssh: pass struct ssh to auth functions, too; ok djm@ Upstream-ID: d13c509cc782f8f19728fbea47ac7cf36f6e85dd
* upstream commitmarkus@openbsd.org2017-05-311-7/+7
| | | | | | switch from Key typedef with struct sshkey; ok djm@ Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
* upstream commitnaddy@openbsd.org2017-05-081-2/+2
| | | | | | | more simplification and removal of SSHv1-related code; ok djm@ Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55
* upstream commitdjm@openbsd.org2017-05-011-5/+2
| | | | | | | | remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
* upstream commitdjm@openbsd.org2017-04-281-3/+12
| | | | | | | include key fingerprint in "Offering public key" debug message Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52
* upstream commitdjm@openbsd.org2017-03-121-15/+52
| | | | | | | | allow ssh to use certificates accompanied by a private key file but no corresponding plain *.pub public key. bz#2617 based on patch from Adam Eijdenberg; ok dtucker@ markus@ Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9
* upstream commitdtucker@openbsd.org2017-02-031-3/+3
| | | | | | | | | | | | | | | | Make ssh_packet_set_rekey_limits take u32 for the number of seconds until rekeying (negative values are rejected at config parse time). This allows the removal of some casts and a signed vs unsigned comparison warning. rekey_time is cast to int64 for the comparison which is a no-op on OpenBSD, but should also do the right thing in -portable on anything still using 32bit time_t (until the system time actually wraps, anyway). some early guidance deraadt@, ok djm@ Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
* upstream commitdjm@openbsd.org2017-01-301-2/+2
| | | | | | misplaced braces in test; from Karsten Weiss Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae
* upstream commitdjm@openbsd.org2017-01-301-3/+3
| | | | | | | don't dereference authctxt before testing != NULL, it causes compilers to make assumptions; from Karsten Weiss Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
* upstream commitdjm@openbsd.org2016-12-051-3/+13
| | | | | | | | | | | Fix public key authentication when multiple authentication is in use. Instead of deleting and re-preparing the entire keys list, just reset the 'used' flags; the keys list is already in a good order (with already- tried keys at the back) Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@ Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176
* upstream commitdjm@openbsd.org2016-09-281-2/+2
| | | | | | | | | | | | | restore pre-auth compression support in the client -- the previous commit was intended to remove it from the server only. remove a few server-side pre-auth compression bits that escaped adjust wording of Compression directive in sshd_config(5) pointed out by naddy@ ok markus@ Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
* upstream commitdjm@openbsd.org2016-09-281-2/+2
| | | | | | | | | | | | | | | | | | | | Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years. Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
* upstream commitdtucker@openbsd.org2016-09-231-1/+3
| | | | | | | | If ssh receives a PACKET_DISCONNECT during userauth it will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the session being authenticated. Check for this and exit if necessary. ok djm@ Upstream-ID: b3afe126c0839d2eae6cddd41ff2ba317eda0903
* upstream commitdtucker@openbsd.org2016-07-231-2/+2
| | | | | | | | Lower loglevel for "Authenticated with partial success" message similar to other similar level. bz#2599, patch from cgallek at gmail.com, ok markus@ Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd
* upstream commitdjm@openbsd.org2016-07-171-13/+8
| | | | | | | | | support UTF-8 characters in ssh(1) banners using schwarze@'s safe fmprintf printer; bz#2058 feedback schwarze@ ok dtucker@ Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7
* upstream commitdtucker@openbsd.org2016-06-061-8/+4
| | | | | | | KNF compression proposal and simplify the client side a little. ok djm@ Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605
* upstream commitdjm@openbsd.org2016-06-061-24/+24
| | | | | | prefer agent-hosted keys to keys from PKCS#11; ok markus Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4
* upstream commitdjm@openbsd.org2016-05-021-1/+4
| | | | | | | | | | | | | | add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@ Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
* upstream commitdjm@openbsd.org2016-05-021-3/+3
| | | | | | | | fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@ Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
* upstream commitdjm@openbsd.org2016-04-291-3/+3
| | | | | | fix comment Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15
* upstream commitdjm@openbsd.org2016-03-141-6/+2
| | | | | | | | | | unbreak authentication using lone certificate keys in ssh-agent: when attempting pubkey auth with a certificate, if no separate private key is found among the keys then try with the certificate key itself. bz#2550 reported by Peter Moody Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
* upstream commitdjm@openbsd.org2016-02-231-3/+4
| | | | | | | fix spurious error message when incorrect passphrase entered for keys; reported by espie@ ok deraadt@ Upstream-ID: 58b2e46e63ed6912ed1ee780bd3bd8560f9a5899
* upstream commitjsg@openbsd.org2016-02-081-2/+2
| | | | | | | avoid an uninitialised value when NumberOfPasswordPrompts is 0 ok markus@ djm@ Upstream-ID: 11b068d83c2865343aeb46acf1e9eec00f829b6b
* upstream commitmarkus@openbsd.org2016-01-271-1/+2
| | | | | | | fd leaks; report Qualys Security Advisory team; ok deraadt@ Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d
* upstream commitmarkus@openbsd.org2016-01-271-5/+1
| | | | | | remove roaming support; ok djm@ Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
* upstream commitmmcc@openbsd.org2015-12-181-3/+2
| | | | | | | | Remove NULL-checks before sshkey_free(). ok djm@ Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
* upstream commitdjm@openbsd.org2015-12-111-1/+2
| | | | | | correct error messages; from Tomas Kuthan bz#2507 Upstream-ID: 7454a0affeab772398052954c79300aa82077093
* upstream commitmmcc@openbsd.org2015-12-111-2/+2
| | | | | | | | | Pass (char *)NULL rather than (char *)0 to execl and execlp. ok dtucker@ Upstream-ID: 56c955106cbddba86c3dd9bbf786ac0d1b361492
* upstream commitmmcc@openbsd.org2015-12-111-3/+2
| | | | | | | | Remove NULL-checks before free(). ok dtucker@ Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
* upstream commitmarkus@openbsd.org2015-12-071-37/+89
| | | | | | | | implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@ Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
* upstream commitdjm@openbsd.org2015-12-041-6/+9
| | | | | | | | | clean up agent_fd handling; properly initialise it to -1 and make tests consistent ok markus@ Upstream-ID: ac9554323d5065745caf17b5e37cb0f0d4825707
* upstream commitjcs@openbsd.org2015-11-161-15/+20
| | | | | | | | | | | | | Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@ Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
* upstream commitdjm@openbsd.org2015-10-131-8/+15
| | | | | | | apply PubkeyAcceptedKeyTypes filtering earlier, so all skipped keys are noted before pubkey authentication starts. ok dtucker@ Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8
* upstream commitdjm@openbsd.org2015-10-061-9/+52
| | | | | | | add ssh_config CertificateFile option to explicitly list a certificate; patch from Meghana Bhat on bz#2436; ok markus@ Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
* upstream commitdjm@openbsd.org2015-07-301-21/+12
| | | | | | | | | | Allow ssh_config and sshd_config kex parameters options be prefixed by a '+' to indicate that the specified items be appended to the default rather than replacing it. approach suggested by dtucker@, feedback dlg@, ok markus@ Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
* upstream commitmarkus@openbsd.org2015-07-151-13/+26
| | | | | | | | Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@ Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
* upstream commitdjm@openbsd.org2015-05-101-3/+2
| | | | | | | | | | | Remove pattern length argument from match_pattern_list(), we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
* Repair for non-ECC OpenSSL.Darren Tucker2015-02-221-0/+2
| | | | | Ifdef out the ECC parts when building with an OpenSSL that doesn't have it.
* upstream commitdjm@openbsd.org2015-01-301-108/+198
| | | | | | | | | | Add a ssh_config HostbasedKeyType option to control which host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 06:51:20 +0100