tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

merge the rest of the 9.8 changes from upstream

This commit is contained in:
Tess Gauthier 2024-08-02 17:22:58 -04:00
parent d5d6a52338 c21fc9d953
commit 6384372160
93 changed files with 46961 additions and 503 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.depend
View File

@ -23,6 +23,7 @@ auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-com
auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h
auth2-hostbased.o: monitor_wrap.h pathnames.h match.h
auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h
auth2-methods.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h xmalloc.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h ssh2.h monitor_wrap.h
auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
@ -60,6 +61,7 @@ gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-comp
hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h
kex-names.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kex.h mac.h crypto_api.h log.h ssherr.h match.h digest.h misc.h xmalloc.h
kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h
kex.o: match.h misc.h monitor.h myproposal.h sshbuf.h digest.h xmalloc.h
kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h
@ -82,12 +84,13 @@ monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api
monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h
monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h
monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h
monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h monitor_wrap.h srclimit.h
msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h
mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssherr.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h
nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h
packet.o: channels.h ssh.h packet.h dispatch.h sshbuf.h
packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h ssherr.h canohost.h misc.h
platform-listen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h
platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
@ -123,7 +126,7 @@ sftp-usergroup.o: includes.h config.h defines.h platform.h openbsd-compat/openbs
sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-usergroup.h
sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h
srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h servconf.h openbsd-compat/sys-queue.h match.h
ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h hostfile.h
ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h
ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
@ -146,7 +149,7 @@ ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat
ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels.h
ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h ssherr.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h myproposal.h utf8.h
ssh_api.o: authfile.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h
ssh_api.o: authfile.h dh.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h
ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h ssherr.h
sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
@ -157,8 +160,10 @@ sshconnect.o: authfd.h kex.h mac.h crypto_api.h
sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h match.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h
sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h
sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h
sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h
sshd-session.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h
sshd-session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h
sshd.o: audit.h loginrec.h authfd.h msg.h version.h sk-api.h addr.h srclimit.h
sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshpty.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h digest.h sshkey.h authfile.h pathnames.h canohost.h hostfile.h auth.h auth-pam.h
ssherr.o: ssherr.h
sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h

4
.github/ci-status.md vendored
View File

@ -6,6 +6,10 @@ master :
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
[![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable)
9.8 :
[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_8)
[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_8)
9.7 :
[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7)
[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7)

3
.github/configs vendored
View File

@ -208,6 +208,7 @@ case "$config" in
# and hostbased (since valgrind won't let ssh exec keysign).
# Slow ones are run separately to increase parallelism.
SKIP_LTESTS="agent-timeout connection-timeout hostbased"
SKIP_LTESTS="$SKIP_LTESTS penalty-expire"
SKIP_LTESTS="$SKIP_LTESTS ${tests2} ${tests3} ${tests4} ${tests5}"
;;
valgrind-2)
@ -289,7 +290,7 @@ case "${TARGET_HOST}" in
hostkey-agent key-options keyscan knownhosts-command login-timeout
reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds
sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data
transfer"
transfer penalty penalty-expire"
SKIP_LTESTS="$(echo $T)"
TEST_TARGET=t-exec
SUDO=""

2
.github/workflows/c-cpp.yml vendored
View File

@ -17,7 +17,6 @@ jobs:
target:
- ubuntu-20.04
- ubuntu-22.04
- macos-11
- macos-12
- macos-13
- macos-14
@ -102,7 +101,6 @@ jobs:
- { target: ubuntu-22.04, config: selinux }
- { target: ubuntu-22.04, config: kitchensink }
- { target: ubuntu-22.04, config: without-openssl }
- { target: macos-11, config: pam }
- { target: macos-12, config: pam }
- { target: macos-13, config: pam }
- { target: macos-14, config: pam }

4
.github/workflows/upstream.yml vendored
View File

@ -3,7 +3,7 @@ name: Upstream self-hosted
on:
push:
branches: [ master ]
paths: [ '**.c', '**.h', '.github/configs', '.github/workflows/upstream.yml' ]
paths: [ '**.c', '**.h', '**.sh', '.github/configs', '.github/workflows/upstream.yml' ]
jobs:
selfhosted:
@ -43,7 +43,7 @@ jobs:
- name: make
run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac"
- name: make install
run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install"
run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install && sudo /etc/rc.d/sshd -f restart"
- name: make tests`
run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac"
env:

4
.gitignore vendored
View File

@ -2,18 +2,14 @@
Makefile
buildpkg.sh
config.h
config.h.in
config.h.in~
config.log
config.status
configure
aclocal.m4
openbsd-compat/Makefile
openbsd-compat/regress/Makefile
openssh.xml
opensshd.init
survey.sh
**/*.0
**/*.o
**/*.lo
**/*.so

5
.skipped-commit-ids
View File

@ -32,6 +32,11 @@ e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks
ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 Makefile relinking changes
2fe8d707ae35ba23c7916adcb818bb5b66837ba0 ssh-agent relink kit
866cfcc1955aef8f3fc32da0b70c353a1b859f2e ssh-agent relink changes
8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6 sshd-session relink kit
6d2ded4cd91d4d727c2b26e099b91ea935bed504 relink kit
fb39324748824cb0387e9d67c41d1bef945c54ea Makefile change
5f378c38ad8976d507786dc4db9283a879ec8cd0 Makefile change
112aacedd3b61cc5c34b1fa6d9fb759214179172 Makefile change
Old upstream tree:

8666
ChangeLog Normal file
View File

File diff suppressed because it is too large Load Diff

25
Makefile.in
View File

@ -24,6 +24,7 @@ SSH_PROGRAM=@bindir@/ssh
ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
SSHD_SESSION=$(libexecdir)/sshd-session
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
PRIVSEP_PATH=@PRIVSEP_PATH@
@ -37,6 +38,7 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
-D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
-D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \
-D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
-D_PATH_SSHD_SESSION=\"$(SSHD_SESSION)\" \
-D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
-D_PATH_SSH_SK_HELPER=\"$(SSH_SK_HELPER)\" \
-D_PATH_SSH_PIDDIR=\"$(piddir)\" \
@ -69,7 +71,7 @@ MKDIR_P=@MKDIR_P@
.SUFFIXES: .lo
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) sshd-session$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
XMSS_OBJS=\
ssh-xmss.o \
@ -107,7 +109,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o \
ssh-ed25519.o digest-openssl.o digest-libc.o \
hmac.o ed25519.o hash.o \
kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
kex.o kex-names.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
kexgexc.o kexgexs.o \
kexsntrup761x25519.o sntrup761.o kexgen.o \
sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
@ -118,17 +120,23 @@ SKOBJS= ssh-sk-client.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect2.o mux.o $(SKOBJS)
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
SSHDOBJS=sshd.o \
platform-listen.o \
servconf.o sshpty.o srclimit.o groupaccess.o auth2-methods.o \
dns.o fatal.o compat.o utf8.o authfd.o canohost.o \
$(SKOBJS)
SSHD_SESSION_OBJS=sshd-session.o auth-rhosts.o auth-passwd.o \
audit.o audit-bsm.o audit-linux.o platform.o \
sshpty.o sshlogin.o servconf.o serverloop.o \
auth.o auth2.o auth-options.o session.o \
auth.o auth2.o auth2-methods.o auth-options.o session.o \
auth2-chall.o groupaccess.o \
auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-pubkeyfile.o \
monitor.o monitor_wrap.o auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o \
srclimit.o sftp-server.o sftp-common.o \
sftp-server.o sftp-common.o \
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
sandbox-solaris.o uidswap.o $(SKOBJS)
@ -207,7 +215,10 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS) $(CHANNELLIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(CHANNELLIBS)
sshd-session$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHD_SESSION_OBJS)
$(LD) -o $@ $(SSHD_SESSION_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS)
scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS)
$(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@ -399,6 +410,7 @@ install-files:
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sshd-session$(EXEEXT) $(DESTDIR)$(SSHD_SESSION)$(EXEEXT)
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-sk-helper$(EXEEXT) $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
@ -741,6 +753,7 @@ interop-tests t-exec file-tests extra-tests: regress-prep regress-binaries $(TAR
TEST_SSH_SCP="$(BUILDDIR)/scp" \
TEST_SSH_SSH="$(BUILDDIR)/ssh" \
TEST_SSH_SSHD="$(BUILDDIR)/sshd" \
TEST_SSH_SSHD_SESSION="$(BUILDDIR)/sshd-session" \
TEST_SSH_SSHAGENT="$(BUILDDIR)/ssh-agent" \
TEST_SSH_SSHADD="$(BUILDDIR)/ssh-add" \
TEST_SSH_SSHKEYGEN="$(BUILDDIR)/ssh-keygen" \

2
README
View File

@ -1,4 +1,4 @@
See https://www.openssh.com/releasenotes.html#9.7p1 for the release
See https://www.openssh.com/releasenotes.html#9.8p1 for the release
notes.
Please read https://www.openssh.com/report.html for bug reporting

15
aclocal.m4 vendored Normal file
View File

@ -0,0 +1,15 @@
# generated automatically by aclocal 1.16.5 -*- Autoconf -*-
# Copyright (C) 1996-2021 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
m4_include([m4/openssh.m4])

29
auth-pam.c
View File

@ -67,11 +67,6 @@
#include <pam/pam_appl.h>
#endif
#if !defined(SSHD_PAM_SERVICE)
extern char *__progname;
# define SSHD_PAM_SERVICE __progname
#endif
/* OpenGroup RFC86.0 and XSSO specify no "const" on arguments */
#ifdef PAM_SUN_CODEBASE
# define sshpam_const /* Solaris, HP-UX, SunOS */
@ -105,6 +100,7 @@ extern char *__progname;
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
#include "srclimit.h"
extern ServerOptions options;
extern struct sshbuf *loginmsg;
@ -171,13 +167,13 @@ sshpam_sigchld_handler(int sig)
return;
}
}
if (WIFSIGNALED(sshpam_thread_status) &&
WTERMSIG(sshpam_thread_status) == SIGTERM)
return; /* terminated by pthread_cancel */
if (!WIFEXITED(sshpam_thread_status))
sigdie("PAM: authentication thread exited unexpectedly");
if (WEXITSTATUS(sshpam_thread_status) != 0)
sigdie("PAM: authentication thread exited uncleanly");
if (sshpam_thread_status == -1)
return;
if (WIFSIGNALED(sshpam_thread_status)) {
if (signal_is_crash(WTERMSIG(sshpam_thread_status)))
_exit(EXIT_CHILD_CRASH);
} else if (!WIFEXITED(sshpam_thread_status))
_exit(EXIT_CHILD_CRASH);
}
/* ARGSUSED */
@ -694,6 +690,8 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt)
const char **ptr_pam_user = &pam_user;
int r;
if (options.pam_service_name == NULL)
fatal_f("internal error: NULL PAM service name");
#if defined(PAM_SUN_CODEBASE) && defined(PAM_MAX_RESP_SIZE)
/* Protect buggy PAM implementations from excessively long usernames */
if (strlen(user) >= PAM_MAX_RESP_SIZE)
@ -715,9 +713,10 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt)
pam_end(sshpam_handle, sshpam_err);
sshpam_handle = NULL;
}
debug("PAM: initializing for \"%s\"", user);
sshpam_err =
pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle);
debug("PAM: initializing for \"%s\" with service \"%s\"", user,
options.pam_service_name);
sshpam_err = pam_start(options.pam_service_name, user,
&store_conv, &sshpam_handle);
sshpam_authctxt = authctxt;
if (sshpam_err != PAM_SUCCESS) {

5
auth.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.h,v 1.107 2024/05/17 00:30:23 djm Exp $ */
/* $OpenBSD: auth.h,v 1.108 2024/05/17 06:42:04 jsg Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -159,8 +159,6 @@ void auth2_record_info(Authctxt *authctxt, const char *, ...)
void auth2_update_session_info(Authctxt *, const char *, const char *);
#ifdef KRB5
int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
int auth_krb5_password(Authctxt *authctxt, const char *password);
void krb5_cleanup_proc(Authctxt *authctxt);
#endif /* KRB5 */
@ -219,7 +217,6 @@ int sshd_hostkey_sign(struct ssh *, struct sshkey *, struct sshkey *,
u_char **, size_t *, const u_char *, size_t, const char *);
/* Key / cert options linkage to auth layer */
const struct sshauthopt *auth_options(struct ssh *);
int auth_activate_options(struct ssh *, struct sshauthopt *);
void auth_restrict_session(struct ssh *);
void auth_log_authopts(const char *, const struct sshauthopt *, int);

4
auth2-gss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-gss.c,v 1.35 2024/05/17 00:30:23 djm Exp $ */
/* $OpenBSD: auth2-gss.c,v 1.36 2024/05/17 04:42:13 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -255,7 +255,6 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
{
Authctxt *authctxt = ssh->authctxt;
int r, authenticated;
const char *displayname;
if (authctxt == NULL)
fatal("No authentication or GSSAPI context");
@ -287,7 +286,6 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
int r, authenticated = 0;
struct sshbuf *b;
gss_buffer_desc mic, gssbuf;
const char *displayname;
u_char *p;
size_t len;

6
auth2-methods.c
View File

@ -31,13 +31,13 @@
extern ServerOptions options;
/*
* Configuration of enabled authentication methods. Separate to the rest of
* Configuration of enabled authentication methods. Separate from the rest of
* auth2-*.c because we want to query it during server configuration validity
* checking in the sshd listener process without pulling all the auth code in
* too.
*/
/* "none" is allowed only one time and it cleared by userauth_none() later */
/* "none" is allowed only one time and it is cleared by userauth_none() later */
int none_enabled = 1;
struct authmethod_cfg methodcfg_none = {
"none",
@ -85,7 +85,7 @@ static struct authmethod_cfg *authmethod_cfgs[] = {
};
/*
* Check a comma-separated list of methods for validity. Is need_enable is
* Check a comma-separated list of methods for validity. If need_enable is
* non-zero, then also require that the methods are enabled.
* Returns 0 on success or -1 if the methods list is invalid.
*/

4
channels.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.h,v 1.154 2023/12/18 14:47:20 djm Exp $ */
/* $OpenBSD: channels.h,v 1.156 2024/05/23 23:47:16 jsg Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -85,7 +85,6 @@
struct ssh;
struct Channel;
typedef struct Channel Channel;
struct fwd_perm_list;
typedef void channel_open_fn(struct ssh *, int, int, void *);
typedef void channel_callback_fn(struct ssh *, int, int, void *);
@ -325,7 +324,6 @@ int channel_input_ieof(int, u_int32_t, struct ssh *);
int channel_input_oclose(int, u_int32_t, struct ssh *);
int channel_input_open_confirmation(int, u_int32_t, struct ssh *);
int channel_input_open_failure(int, u_int32_t, struct ssh *);
int channel_input_port_open(int, u_int32_t, struct ssh *);
int channel_input_window_adjust(int, u_int32_t, struct ssh *);
int channel_input_status_confirm(int, u_int32_t, struct ssh *);

4
cipher.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cipher.c,v 1.120 2023/10/10 06:49:54 tb Exp $ */
/* $OpenBSD: cipher.c,v 1.121 2024/05/17 02:39:11 jsg Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -372,7 +372,7 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest,
if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
1, lastiv))
return SSH_ERR_LIBCRYPTO_ERROR;
/* set tag on decyption */
/* set tag on decryption */
if (!cc->encrypt &&
!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG,
authlen, (u_char *)src + aadlen + len))

8
clientloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.406 2024/05/09 09:46:47 djm Exp $ */
/* $OpenBSD: clientloop.c,v 1.408 2024/07/01 04:31:17 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -193,7 +193,6 @@ TAILQ_HEAD(global_confirms, global_confirm);
static struct global_confirms global_confirms =
TAILQ_HEAD_INITIALIZER(global_confirms);
void ssh_process_session2_setup(int, int, int, struct sshbuf *);
static void quit_message(const char *fmt, ...)
__attribute__((__format__ (printf, 1, 2)));
@ -616,8 +615,9 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
if (timespeccmp(&now, &chaff_until, >=)) {
/* Stop if there have been no keystrokes for a while */
stop_reason = "chaff time expired";
} else if (timespeccmp(&now, &next_interval, >=)) {
/* Otherwise if we were due to send, then send chaff */
} else if (timespeccmp(&now, &next_interval, >=) &&
!ssh_packet_have_data_to_write(ssh)) {
/* If due to send but have no data, then send chaff */
if (send_chaff(ssh))
nchaff++;
}

3
clientloop.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.h,v 1.37 2020/04/03 02:40:32 djm Exp $ */
/* $OpenBSD: clientloop.h,v 1.38 2024/05/17 06:42:04 jsg Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -43,7 +43,6 @@ struct ssh;
int client_loop(struct ssh *, int, int, int);
int client_x11_get_proto(struct ssh *, const char *, const char *,
u_int, u_int, char **, char **);
void client_global_request_reply_fwd(int, u_int32_t, void *);
void client_session2_setup(struct ssh *, int, int, int,
const char *, struct termios *, int, struct sshbuf *, char **);
char *client_request_tun_fwd(struct ssh *, int, int, int,

2051
config.h.in Normal file
View File

File diff suppressed because it is too large Load Diff

27691
configure vendored Executable file
View File

File diff suppressed because it is too large Load Diff

28
configure.ac
View File

@ -1348,6 +1348,13 @@ EOD
AC_DEFINE([BROKEN_SETVBUF], [1],
[LynxOS has broken setvbuf() implementation])
;;
*-*-gnu*)
dnl GNU Hurd. Needs to be after the linux and the other *-gnu entries.
dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
dnl _GNU_SOURCE is needed for setres*id prototypes.
CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
;;
esac
AC_MSG_CHECKING([compiler and flags for sanity])
@ -2078,8 +2085,12 @@ AC_ARG_WITH([security-key-builtin],
enable_dsa=
AC_ARG_ENABLE([dsa-keys],
[ --disable-dsa-keys disable DSA key support [no]],
[ enable_dsa="$enableval" ]
[ --enable-dsa-keys enable DSA key support [no]],
[
if test "x$enableval" != "xno" ; then
enable_dsa=1
fi
]
)
AC_SEARCH_LIBS([dlopen], [dl])
@ -3188,8 +3199,9 @@ if test "x$openssl" = "xyes" ; then
AC_MSG_RESULT([no])
]
)
openssl_dsa=no
if test -z "$enable_dsa" || test "x$enable_dsa" = "xyes"; then
if test ! -z "$enable_dsa" ; then
AC_CHECK_DECLS([OPENSSL_NO_DSA], [], [
AC_CHECK_DECLS([OPENSSL_IS_BORINGSSL], [],
[ openssl_dsa=yes ],
@ -3199,15 +3211,6 @@ if test "x$openssl" = "xyes" ; then
[ #include <openssl/opensslconf.h> ]
)
AC_MSG_CHECKING([whether to enable DSA key support])
if test -z "$enable_dsa"; then
if test "x$openssl_dsa" = "xno"; then
AC_MSG_RESULT([not supported by OpenSSL])
else
AC_MSG_RESULT([yes])
AC_DEFINE([WITH_DSA], [1],
[DSA keys enabled by default])
fi
else
if test "x$openssl_dsa" = "xno"; then
AC_MSG_ERROR([DSA requested but not supported by OpenSSL])
else
@ -3217,7 +3220,6 @@ if test "x$openssl" = "xyes" ; then
fi
fi
fi
fi
# PKCS11/U2F depend on OpenSSL and dlopen().
enable_pkcs11=yes

3
contrib/redhat/openssh.spec
View File

@ -1,4 +1,4 @@
%global ver 9.7p1
%global ver 9.8p1
%global rel 1%{?dist}
# OpenSSH privilege separation requires a user & group ID
@ -393,6 +393,7 @@ fi
%defattr(-,root,root)
%dir %attr(0111,root,root) %{_var}/empty/sshd
%attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %{_libexecdir}/openssh/sshd-session
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
%attr(0644,root,root) %{_mandir}/man5/moduli.5*

3
contrib/suse/openssh.spec
View File

@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
Version: 9.7p1
Version: 9.8p1
URL: https://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
@ -211,6 +211,7 @@ rm -rf $RPM_BUILD_ROOT
%attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %dir %{_libdir}/ssh
%attr(0755,root,root) %{_libdir}/ssh/sftp-server
%attr(0755,root,root) %{_libdir}/ssh/sshd-session
%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
%attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper
%attr(0755,root,root) %{_libdir}/ssh/ssh-sk-helper

1
contrib/win32/openssh/config.h.vs
View File

@ -103,6 +103,7 @@
/* Define if your platform needs to skip post auth
file descriptor passing */
/* #undef DISABLE_FD_PASSING */
#define DISABLE_FD_PASSING
/* Define if you don't want to use lastlog */
/* #undef DISABLE_LASTLOG */

1
contrib/win32/openssh/sshd.vcxproj
View File

@ -447,6 +447,7 @@
<ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_sshd.c" />
<ClCompile Include="..\..\..\auth2-methods.c" />
<ClCompile Include="..\..\..\misc.c" />
<ClCompile Include="..\..\..\platform-listen.c" />
<ClCompile Include="..\..\..\srclimit.c" />
<ClCompile Include="..\..\..\ssh-sk-client.c" />
<ClCompile Include="..\..\..\sshkey.c" />

3
contrib/win32/openssh/sshd.vcxproj.filters
View File

@ -93,6 +93,9 @@
<ClCompile Include="..\..\..\auth2-methods.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\..\platform-listen.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="version.rc">

6
contrib/win32/win32compat/inc/signal.h
View File

@ -33,6 +33,9 @@
#define W32_SIGKILL 17
#define W32_SIGUSR1 18
#define W32_SIGUSR2 19
#define W32_SIGBUS 20
#define W32_SIGTRAP 21
#define W32_SIGSYS 22
/* singprocmask "how" codes*/
#define SIG_BLOCK 0
@ -96,6 +99,9 @@ int sigaction(int signum, const struct sigaction * act, struct sigaction * oldac
#define SIGKILL W32_SIGKILL
#define SIGUSR1 W32_SIGUSR1
#define SIGUSR2 W32_SIGUSR2
#define SIGBUS W32_SIGBUS
#define SIGTRAP W32_SIGTRAP
#define SIGSYS W32_SIGSYS
#define SIG_DFL W32_SIG_DFL
#define SIG_IGN W32_SIG_IGN

4
ed25519.sh
View File

@ -1,5 +1,5 @@
#!/bin/sh
# $OpenBSD: ed25519.sh,v 1.1 2023/01/15 23:05:32 djm Exp $
# $OpenBSD: ed25519.sh,v 1.2 2024/05/17 02:39:11 jsg Exp $
# Placed in the Public Domain.
#
AUTHOR="supercop-20221122/crypto_sign/ed25519/ref/implementors"
@ -74,7 +74,7 @@ for i in $FILES; do
sed -e "s/crypto_sign_open/crypto_sign_ed25519_open/g"
;;
*/crypto_sign/ed25519/ref/fe25519.*)
# avoid a couple of name collions with other files
# avoid a couple of name collisions with other files
sed -e "s/reduce_add_sub/fe25519_reduce_add_sub/g" \
-e "s/ equal[(]/ fe25519_equal(/g" \
-e "s/^int /static int /g"

15
log.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: log.c,v 1.61 2023/12/06 21:06:48 djm Exp $ */
/* $OpenBSD: log.c,v 1.62 2024/06/27 22:36:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -452,19 +452,6 @@ sshlogdie(const char *file, const char *func, int line, int showfunc,
cleanup_exit(255);
}
void
sshsigdie(const char *file, const char *func, int line, int showfunc,
LogLevel level, const char *suffix, const char *fmt, ...)
{
va_list args;
va_start(args, fmt);
sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
suffix, fmt, args);
va_end(args);
_exit(1);
}
void
sshlogv(const char *file, const char *func, int line, int showfunc,
LogLevel level, const char *suffix, const char *fmt, va_list args)

9
log.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: log.h,v 1.33 2021/04/15 16:24:31 markus Exp $ */
/* $OpenBSD: log.h,v 1.34 2024/06/27 22:36:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -72,9 +72,6 @@ void sshlog(const char *, const char *, int, int,
__attribute__((format(printf, 7, 8)));
void sshlogv(const char *, const char *, int, int,
LogLevel, const char *, const char *, va_list);
void sshsigdie(const char *, const char *, int, int,
LogLevel, const char *, const char *, ...) __attribute__((noreturn))
__attribute__((format(printf, 7, 8)));
void sshlogdie(const char *, const char *, int, int,
LogLevel, const char *, const char *, ...) __attribute__((noreturn))
__attribute__((format(printf, 7, 8)));
@ -93,7 +90,6 @@ void sshlogdirect(LogLevel, int, const char *, ...)
#define error(...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
#define fatal(...) sshfatal(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_FATAL, NULL, __VA_ARGS__)
#define logdie(...) sshlogdie(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
#define sigdie(...) sshsigdie(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
/* Variants that prepend the caller's function */
#define do_log2_f(level, ...) sshlog(__FILE__, __func__, __LINE__, 1, level, NULL, __VA_ARGS__)
@ -105,7 +101,6 @@ void sshlogdirect(LogLevel, int, const char *, ...)
#define error_f(...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
#define fatal_f(...) sshfatal(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_FATAL, NULL, __VA_ARGS__)
#define logdie_f(...) sshlogdie(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
#define sigdie_f(...) sshsigdie(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
/* Variants that appends a ssh_err message */
#define do_log2_r(r, level, ...) sshlog(__FILE__, __func__, __LINE__, 0, level, ssh_err(r), __VA_ARGS__)
@ -117,7 +112,6 @@ void sshlogdirect(LogLevel, int, const char *, ...)
#define error_r(r, ...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
#define fatal_r(r, ...) sshfatal(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_FATAL, ssh_err(r), __VA_ARGS__)
#define logdie_r(r, ...) sshlogdie(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
#define sigdie_r(r, ...) sshsigdie(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
#define do_log2_fr(r, level, ...) sshlog(__FILE__, __func__, __LINE__, 1, level, ssh_err(r), __VA_ARGS__)
#define debug3_fr(r, ...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG3, ssh_err(r), __VA_ARGS__)
#define debug2_fr(r, ...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG2, ssh_err(r), __VA_ARGS__)
@ -127,6 +121,5 @@ void sshlogdirect(LogLevel, int, const char *, ...)
#define error_fr(r, ...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
#define fatal_fr(r, ...) sshfatal(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), __VA_ARGS__)
#define logdie_fr(r, ...) sshlogdie(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
#define sigdie_fr(r, ...) sshsigdie(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
#endif

20
misc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.c,v 1.194 2024/05/17 00:30:23 djm Exp $ */
/* $OpenBSD: misc.c,v 1.196 2024/06/06 17:15:25 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005-2020 Damien Miller. All rights reserved.
@ -621,7 +621,7 @@ int
convtime(const char *s)
{
int secs, total = 0, multiplier;
char *p, *os, *np, c;
char *p, *os, *np, c = 0;
const char *errstr;
if (s == NULL || *s == '\0')
@ -3228,3 +3228,19 @@ lib_contains_symbol(const char *path, const char *s)
return 0;
#endif /* WINDOWS */
}
int
signal_is_crash(int sig)
{
switch (sig) {
case SIGSEGV:
case SIGBUS:
case SIGTRAP:
case SIGSYS:
case SIGFPE:
case SIGILL:
case SIGABRT:
return 1;
}
return 0;
}

3
misc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.h,v 1.108 2024/05/17 00:30:24 djm Exp $ */
/* $OpenBSD: misc.h,v 1.109 2024/06/06 17:15:25 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -255,6 +255,7 @@ void notify_complete(struct notifier_ctx *, const char *, ...)
typedef void (*sshsig_t)(int);
sshsig_t ssh_signal(int, sshsig_t);
int signal_is_crash(int);
/* On OpenBSD time_t is int64_t which is long long. */
/* #define SSH_TIME_T_MAX LLONG_MAX */

74
moduli.0 Normal file
View File

@ -0,0 +1,74 @@
MODULI(5) File Formats Manual MODULI(5)
NAME
moduli M-bM-^@M-^S Diffie-Hellman moduli
DESCRIPTION
The /etc/moduli file contains prime numbers and generators for use by
sshd(8) in the Diffie-Hellman Group Exchange key exchange method.
New moduli may be generated with ssh-keygen(1) using a two-step process.
An initial candidate generation pass, using ssh-keygen -M generate,
calculates numbers that are likely to be useful. A second primality
testing pass, using ssh-keygen -M screen, provides a high degree of
assurance that the numbers are prime and are safe for use in Diffie-
Hellman operations by sshd(8). This moduli format is used as the output
from each pass.
The file consists of newline-separated records, one per modulus,
containing seven space-separated fields. These fields are as follows:
timestamp The time that the modulus was last processed as
YYYYMMDDHHMMSS.
type Decimal number specifying the internal structure of
the prime modulus. Supported types are:
0 Unknown, not tested.
2 "Safe" prime; (p-1)/2 is also prime.
4 Sophie Germain; 2p+1 is also prime.
Moduli candidates initially produced by ssh-keygen(1)
are Sophie Germain primes (type 4). Further primality
testing with ssh-keygen(1) produces safe prime moduli
(type 2) that are ready for use in sshd(8). Other
types are not used by OpenSSH.
tests Decimal number indicating the type of primality tests
that the number has been subjected to represented as a
bitmask of the following values:
0x00 Not tested.
0x01 Composite number M-bM-^@M-^S not prime.
0x02 Sieve of Eratosthenes.
0x04 Probabilistic Miller-Rabin primality tests.
The ssh-keygen(1) moduli candidate generation uses the
Sieve of Eratosthenes (flag 0x02). Subsequent
ssh-keygen(1) primality tests are Miller-Rabin tests
(flag 0x04).
trials Decimal number indicating the number of primality
trials that have been performed on the modulus.
size Decimal number indicating the size of the prime in
bits.
generator The recommended generator for use with this modulus
(hexadecimal).
modulus The modulus itself in hexadecimal.
When performing Diffie-Hellman Group Exchange, sshd(8) first estimates
the size of the modulus required to produce enough Diffie-Hellman output
to sufficiently key the selected symmetric cipher. sshd(8) then randomly
selects a modulus from /etc/moduli that best meets the size requirement.
SEE ALSO
ssh-keygen(1), sshd(8)
STANDARDS
M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for
the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006.
OpenBSD 7.5 April 16, 2022 OpenBSD 7.5

10
monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.238 2024/05/17 00:30:24 djm Exp $ */
/* $OpenBSD: monitor.c,v 1.240 2024/06/06 17:15:25 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -126,8 +126,6 @@ int mm_answer_keyverify(struct ssh *, int, struct sshbuf *);
int mm_answer_pty(struct ssh *, int, struct sshbuf *);
int mm_answer_pty_cleanup(struct ssh *, int, struct sshbuf *);
int mm_answer_term(struct ssh *, int, struct sshbuf *);
int mm_answer_sesskey(struct ssh *, int, struct sshbuf *);
int mm_answer_sessid(struct ssh *, int, struct sshbuf *);
#ifdef USE_PAM
int mm_answer_pam_start(struct ssh *, int, struct sshbuf *);
@ -168,6 +166,7 @@ static u_int session_id2_len = 0;
#endif /* WINDOWS */
static u_char *session_id2 = NULL;
static pid_t monitor_child_pid;
int auth_attempted = 0;
struct mon_table {
enum monitor_reqtype type;
@ -303,6 +302,10 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
authenticated = (monitor_read(ssh, pmonitor,
mon_dispatch, &ent) == 1);
/* Record that auth was attempted to set exit status later */
if ((ent->flags & MON_AUTH) != 0)
auth_attempted = 1;
/* Special handling for multiple required authentications */
if (options.num_auth_methods != 0) {
if (authenticated &&
@ -360,6 +363,7 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
fatal_f("authentication method name unknown");
debug_f("user %s authenticated by privileged process", authctxt->user);
auth_attempted = 0;
ssh->authctxt = NULL;
ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);

58
monitor_wrap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.c,v 1.130 2024/05/17 00:30:24 djm Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.136 2024/06/19 23:24:47 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -29,6 +29,7 @@
#include <sys/types.h>
#include <sys/uio.h>
#include <sys/wait.h>
#include <errno.h>
#include <pwd.h>
@ -73,6 +74,7 @@
#include "session.h"
#include "servconf.h"
#include "monitor_wrap.h"
#include "srclimit.h"
#include "ssherr.h"
@ -132,6 +134,37 @@ mm_is_monitor(void)
return (pmonitor && pmonitor->m_pid > 0);
}
static void
mm_reap(void)
{
int status = -1;
if (!mm_is_monitor())
return;
while (waitpid(pmonitor->m_pid, &status, 0) == -1) {
if (errno == EINTR)
continue;
pmonitor->m_pid = -1;
fatal_f("waitpid: %s", strerror(errno));
}
if (WIFEXITED(status)) {
if (WEXITSTATUS(status) != 0) {
debug_f("preauth child exited with status %d",
WEXITSTATUS(status));
cleanup_exit(255);
}
} else if (WIFSIGNALED(status)) {
error_f("preauth child terminated by signal %d",
WTERMSIG(status));
cleanup_exit(signal_is_crash(WTERMSIG(status)) ?
EXIT_CHILD_CRASH : 255);
} else {
error_f("preauth child terminated abnormally (status=0x%x)",
status);
cleanup_exit(EXIT_CHILD_CRASH);
}
}
void
mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m)
{
@ -144,24 +177,30 @@ mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m)
fatal_f("bad length %zu", mlen);
POKE_U32(buf, mlen + 1);
buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
fatal_f("write: %s", strerror(errno));
if (atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen)
if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf) ||
atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen) {
if (errno == EPIPE) {
debug3_f("monitor fd closed");
mm_reap();
cleanup_exit(255);
}
fatal_f("write: %s", strerror(errno));
}
}
void
mm_request_receive(int sock, struct sshbuf *m)
{
u_char buf[4], *p = NULL;
u_int msg_len;
int r;
int oerrno, r;
debug3_f("entering");
if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
if (errno == EPIPE) {
debug3_f("monitor fd closed");
mm_reap();
cleanup_exit(255);
}
fatal_f("read: %s", strerror(errno));
@ -172,8 +211,13 @@ mm_request_receive(int sock, struct sshbuf *m)
sshbuf_reset(m);
if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
fatal_fr(r, "reserve");
if (atomicio(read, sock, p, msg_len) != msg_len)
fatal_f("read: %s", strerror(errno));
if (atomicio(read, sock, p, msg_len) != msg_len) {
oerrno = errno;
error_f("read: %s", strerror(errno));
if (oerrno == EPIPE)
mm_reap();
cleanup_exit(255);
}
}
void

6
monitor_wrap.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.h,v 1.50 2024/05/17 00:30:24 djm Exp $ */
/* $OpenBSD: monitor_wrap.h,v 1.51 2024/05/17 06:42:04 jsg Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -88,10 +88,6 @@ void mm_terminate(void);
int mm_pty_allocate(int *, int *, char *, size_t);
void mm_session_pty_cleanup2(struct Session *);
/* Key export functions */
struct newkeys *mm_newkeys_from_blob(u_char *, int);
int mm_newkeys_to_blob(int, u_char **, u_int *);
void mm_send_keystate(struct ssh *, struct monitor*);
/* bsdauth */

2
openbsd-compat/port-linux.c
View File

@ -366,7 +366,7 @@ ssh_systemd_notify(const char *fmt, ...)
error_f("socket \"%s\": %s", path, strerror(errno));
goto out;
}
if (connect(fd, &addr, sizeof(addr)) != 0) {
if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
error_f("socket \"%s\" connect: %s", path, strerror(errno));
goto out;
}

4
packet.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: packet.c,v 1.314 2024/05/17 00:30:24 djm Exp $ */
/* $OpenBSD: packet.c,v 1.315 2024/05/31 08:49:35 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -539,7 +539,7 @@ ssh_remote_ipaddr(struct ssh *ssh)
* be freed. NB. this will usually trigger a DNS query. Return value is on
* heap and no caching is performed.
* This function does additional checks on the hostname to mitigate some
* attacks on based on conflation of hostnames and addresses and will
* attacks based on conflation of hostnames and addresses and will
* fall back to returning an address on error.
*/

4
packet.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: packet.h,v 1.97 2024/05/17 00:30:24 djm Exp $ */
/* $OpenBSD: packet.h,v 1.98 2024/05/17 06:42:04 jsg Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -124,14 +124,12 @@ int ssh_packet_send2_wrapped(struct ssh *);
int ssh_packet_send2(struct ssh *);
int ssh_packet_read(struct ssh *);
int ssh_packet_read_poll(struct ssh *);
int ssh_packet_read_poll2(struct ssh *, u_char *, u_int32_t *seqnr_p);
int ssh_packet_process_incoming(struct ssh *, const char *buf, u_int len);
int ssh_packet_process_read(struct ssh *, int);
int ssh_packet_read_seqnr(struct ssh *, u_char *, u_int32_t *seqnr_p);
int ssh_packet_read_poll_seqnr(struct ssh *, u_char *, u_int32_t *seqnr_p);
const void *ssh_packet_get_string_ptr(struct ssh *, u_int *length_ptr);
void ssh_packet_disconnect(struct ssh *, const char *fmt, ...)
__attribute__((format(printf, 2, 3)))
__attribute__((noreturn));

84
platform-listen.c Normal file
View File

@ -0,0 +1,84 @@
/*
* Copyright (c) 2006 Darren Tucker. All rights reserved.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include "log.h"
#include "misc.h"
#include "platform.h"
#include "openbsd-compat/openbsd-compat.h"
void
platform_pre_listen(void)
{
#ifdef LINUX_OOM_ADJUST
/* Adjust out-of-memory killer so listening process is not killed */
oom_adjust_setup();
#endif
}
void
platform_post_listen(void)
{
#ifdef SYSTEMD_NOTIFY
ssh_systemd_notify_ready();
#endif
}
void
platform_pre_fork(void)
{
#ifdef USE_SOLARIS_PROCESS_CONTRACTS
solaris_contract_pre_fork();
#endif
}
void
platform_pre_restart(void)
{
#ifdef SYSTEMD_NOTIFY
ssh_systemd_notify_reload();
#endif
#ifdef LINUX_OOM_ADJUST
oom_adjust_restore();
#endif
}
void
platform_post_fork_parent(pid_t child_pid)
{
#ifdef USE_SOLARIS_PROCESS_CONTRACTS
solaris_contract_post_fork_parent(child_pid);
#endif
}
void
platform_post_fork_child(void)
{
#ifdef USE_SOLARIS_PROCESS_CONTRACTS
solaris_contract_post_fork_child();
#endif
#ifdef LINUX_OOM_ADJUST
oom_adjust_restore();
#endif
}

60
platform.c
View File

@ -32,64 +32,8 @@
#include "openbsd-compat/openbsd-compat.h"
extern int use_privsep;
extern ServerOptions options;
void
platform_pre_listen(void)
{
#ifdef LINUX_OOM_ADJUST
/* Adjust out-of-memory killer so listening process is not killed */
oom_adjust_setup();
#endif
}
void
platform_post_listen(void)
{
#ifdef SYSTEMD_NOTIFY
ssh_systemd_notify_ready();
#endif
}
void
platform_pre_fork(void)
{
#ifdef USE_SOLARIS_PROCESS_CONTRACTS
solaris_contract_pre_fork();
#endif
}
void
platform_pre_restart(void)
{
#ifdef SYSTEMD_NOTIFY
ssh_systemd_notify_reload();
#endif
#ifdef LINUX_OOM_ADJUST
oom_adjust_restore();
#endif
}
void
platform_post_fork_parent(pid_t child_pid)
{
#ifdef USE_SOLARIS_PROCESS_CONTRACTS
solaris_contract_post_fork_parent(child_pid);
#endif
}
void
platform_post_fork_child(void)
{
#ifdef USE_SOLARIS_PROCESS_CONTRACTS
solaris_contract_post_fork_child();
#endif
#ifdef LINUX_OOM_ADJUST
oom_adjust_restore();
#endif
}
/* return 1 if we are running with privilege to swap UIDs, 0 otherwise */
int
platform_privileged_uidswap(void)
@ -136,7 +80,7 @@ platform_setusercontext(struct passwd *pw)
*/
if (getuid() == 0 || geteuid() == 0) {
if (options.use_pam) {
do_pam_setcred(use_privsep);
do_pam_setcred();
}
}
# endif /* USE_PAM */
@ -164,7 +108,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
* Reestablish them here.
*/
if (options.use_pam) {
do_pam_setcred(use_privsep);
do_pam_setcred();
}
#endif /* USE_PAM */

4
readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.386 2024/03/04 04:13:18 djm Exp $ */
/* $OpenBSD: readconf.c,v 1.387 2024/05/17 02:39:11 jsg Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -3363,7 +3363,7 @@ parse_ssh_uri(const char *uri, char **userp, char **hostp, int *portp)
return r;
}
/* XXX the following is a near-vebatim copy from servconf.c; refactor */
/* XXX the following is a near-verbatim copy from servconf.c; refactor */
static const char *
fmt_multistate_int(int val, const struct multistate *m)
{

6
regress/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.133 2024/01/11 04:50:28 djm Exp $
# $OpenBSD: Makefile,v 1.135 2024/06/14 04:43:11 djm Exp $
tests: prep file-tests t-exec unit
@ -109,7 +109,9 @@ LTESTS= connect \
connection-timeout \
match-subsystem \
agent-pkcs11-restrict \
agent-pkcs11-cert
agent-pkcs11-cert \
penalty \
penalty-expire
INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
INTEROP_TESTS+= dropbear-ciphers dropbear-kex

15
regress/dropbear-ciphers.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: dropbear-ciphers.sh,v 1.1 2023/10/20 06:56:45 dtucker Exp $
# $OpenBSD: dropbear-ciphers.sh,v 1.3 2024/06/20 08:23:18 dtucker Exp $
# Placed in the Public Domain.
tid="dropbear ciphers"
@ -7,13 +7,18 @@ if test "x$REGRESS_INTEROP_DROPBEAR" != "xyes" ; then
skip "dropbear interop tests not enabled"
fi
# Enable all support algorithms
algs=`$SSH -Q key-sig | tr '\n' ,`
cat >>$OBJ/sshd_proxy <<EOD
PubkeyAcceptedAlgorithms +ssh-rsa,ssh-dss
HostkeyAlgorithms +ssh-rsa,ssh-dss
PubkeyAcceptedAlgorithms $algs
HostkeyAlgorithms $algs
EOD
ciphers=`$DBCLIENT -c help 2>&1 | awk '/ ciphers: /{print $4}' | tr ',' ' '`
macs=`$DBCLIENT -m help 2>&1 | awk '/ MACs: /{print $4}' | tr ',' ' '`
ciphers=`$DBCLIENT -c help hst 2>&1 | awk '/ ciphers: /{print $4}' | tr ',' ' '`
macs=`$DBCLIENT -m help hst 2>&1 | awk '/ MACs: /{print $4}' | tr ',' ' '`
if [ -z "$macs" ] || [ -z "$ciphers" ]; then
skip "dbclient query ciphers '$ciphers' or macs '$macs' failed"
fi
keytype=`(cd $OBJ/.dropbear && ls id_*)`
for c in $ciphers ; do

14
regress/dropbear-kex.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: dropbear-kex.sh,v 1.1 2023/10/20 06:56:45 dtucker Exp $
# $OpenBSD: dropbear-kex.sh,v 1.3 2024/06/19 10:10:46 dtucker Exp $
# Placed in the Public Domain.
tid="dropbear kex"
@ -7,21 +7,19 @@ if test "x$REGRESS_INTEROP_DROPBEAR" != "xyes" ; then
skip "dropbear interop tests not enabled"
fi
cat >>$OBJ/sshd_proxy <<EOD
PubkeyAcceptedAlgorithms +ssh-rsa,ssh-dss
HostkeyAlgorithms +ssh-rsa,ssh-dss
EOD
cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
kex="curve25519-sha256 curve25519-sha256@libssh.org
diffie-hellman-group14-sha256 diffie-hellman-group14-sha1"
kex="curve25519-sha256 curve25519-sha256@libssh.org"
if $SSH -Q kex | grep 'diffie-hellman-group14-sha1'; then
kex="$kex diffie-hellman-group14-sha256 diffie-hellman-group14-sha1"
fi
for k in $kex; do
verbose "$tid: kex $k"
rm -f ${COPY}
# dbclient doesn't have switch for kex, so force in server
(cat $OBJ/sshd_proxy.bak; echo "KexAlgorithms $k") >$OBJ/sshd_proxy
env HOME=$OBJ dbclient -y -i $OBJ/.dropbear/id_rsa 2>$OBJ/dbclient.log \
env HOME=$OBJ dbclient -y -i $OBJ/.dropbear/id_ed25519 2>$OBJ/dbclient.log \
-J "$OBJ/ssh_proxy.sh" somehost cat ${DATA} > ${COPY}
if [ $? -ne 0 ]; then
fail "ssh cat $DATA failed"

1
regress/misc/fuzz-harness/agent_fuzz_helper.c
View File

@ -112,7 +112,6 @@ reset_idtab(void)
idtab_init();
// Load keys.
add_key(PRIV_RSA, CERT_RSA);
add_key(PRIV_DSA, CERT_DSA);
add_key(PRIV_ECDSA, CERT_ECDSA);
add_key(PRIV_ED25519, CERT_ED25519);
add_key(PRIV_ECDSA_SK, CERT_ECDSA_SK);

8
regress/misc/fuzz-harness/kex_fuzz.cc
View File

@ -144,7 +144,6 @@ static int
prepare_keys(struct shared_state *st)
{
if (prepare_key(st, KEY_RSA, 2048) != 0 ||
prepare_key(st, KEY_DSA, 1024) != 0 ||
prepare_key(st, KEY_ECDSA, 256) != 0 ||
prepare_key(st, KEY_ED25519, 256) != 0) {
error_f("key prepare failed");
@ -264,10 +263,6 @@ prepare_key(struct shared_state *st, int kt, int bits)
pubstr = PUB_RSA;
privstr = PRIV_RSA;
break;
case KEY_DSA:
pubstr = PUB_DSA;
privstr = PRIV_DSA;
break;
case KEY_ECDSA:
pubstr = PUB_ECDSA;
privstr = PRIV_ECDSA;
@ -325,7 +320,7 @@ int main(void)
{
static struct shared_state *st;
struct test_state *ts;
const int keytypes[] = { KEY_RSA, KEY_DSA, KEY_ECDSA, KEY_ED25519, -1 };
const int keytypes[] = { KEY_RSA, KEY_ECDSA, KEY_ED25519, -1 };
static const char * const kextypes[] = {
"sntrup761x25519-sha512@openssh.com",
"curve25519-sha256@libssh.org",
@ -399,7 +394,6 @@ static void
do_kex(struct shared_state *st, struct test_state *ts, const char *kex)
{
do_kex_with_key(st, ts, kex, KEY_RSA);
do_kex_with_key(st, ts, kex, KEY_DSA);
do_kex_with_key(st, ts, kex, KEY_ECDSA);
do_kex_with_key(st, ts, kex, KEY_ED25519);
}

8
regress/misc/fuzz-harness/sig_fuzz.cc
View File

@ -26,7 +26,6 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
{
#ifdef WITH_OPENSSL
static struct sshkey *rsa = generate_or_die(KEY_RSA, 2048);
static struct sshkey *dsa = generate_or_die(KEY_DSA, 1024);
static struct sshkey *ecdsa256 = generate_or_die(KEY_ECDSA, 256);
static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
@ -41,19 +40,20 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
sshkey_sig_details_free(details);
details = NULL;
sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
sshkey_sig_details_free(details);
details = NULL;
sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
sshkey_sig_details_free(details);
details = NULL;
sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
sshkey_sig_details_free(details);
details = NULL;
sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
sshkey_sig_details_free(details);
details = NULL;
#endif
sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
sshkey_sig_details_free(details);
return 0;

35
regress/penalty-expire.sh Normal file
View File

@ -0,0 +1,35 @@
# $OpenBSD
# Placed in the Public Domain.
tid="penalties"
grep -vi PerSourcePenalties $OBJ/sshd_config > $OBJ/sshd_config.bak
cp $OBJ/authorized_keys_${USER} $OBJ/authorized_keys_${USER}.bak
conf() {
test -z "$PIDFILE" || stop_sshd
(cat $OBJ/sshd_config.bak ;
echo "PerSourcePenalties $@") > $OBJ/sshd_config
cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER}
start_sshd
}
conf "noauth:10s authfail:10s max:20s min:1s"
verbose "test connect"
${SSH} -F $OBJ/ssh_config somehost true || fatal "basic connect failed"
verbose "penalty expiry"
# Incur a penalty
cat /dev/null > $OBJ/authorized_keys_${USER}
${SSH} -F $OBJ/ssh_config somehost true && fatal "authfail connect succeeded"
sleep 2
# Check denied
cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER}
${SSH} -F $OBJ/ssh_config somehost true && fatal "authfail not rejected"
# Let it expire and try again.
sleep 11
${SSH} -F $OBJ/ssh_config somehost true || fail "authfail not expired"

52
regress/penalty.sh Normal file
View File

@ -0,0 +1,52 @@
# $OpenBSD
# Placed in the Public Domain.
tid="penalties"
grep -vi PerSourcePenalties $OBJ/sshd_config > $OBJ/sshd_config.bak
cp $OBJ/authorized_keys_${USER} $OBJ/authorized_keys_${USER}.bak
conf() {
test -z "$PIDFILE" || stop_sshd
(cat $OBJ/sshd_config.bak ;
echo "PerSourcePenalties $@") > $OBJ/sshd_config
cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER}
start_sshd
}
conf "authfail:300s min:350s max:900s"
verbose "test connect"
${SSH} -F $OBJ/ssh_config somehost true || fatal "basic connect failed"
verbose "penalty for authentication failure"
# Fail authentication once
cat /dev/null > $OBJ/authorized_keys_${USER}
${SSH} -F $OBJ/ssh_config somehost true && fatal "noauth connect succeeded"
cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER}
sleep 2
# Should be below penalty threshold
${SSH} -F $OBJ/ssh_config somehost true || fatal "authfail not expired"
sleep 2
# Fail authentication again; penalty should activate
cat /dev/null > $OBJ/authorized_keys_${USER}
${SSH} -F $OBJ/ssh_config somehost true && fatal "noauth connect succeeded"
cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER}
sleep 2
# These should be refused by the active penalty
${SSH} -F $OBJ/ssh_config somehost true && fail "authfail not rejected"
${SSH} -F $OBJ/ssh_config somehost true && fail "repeat authfail not rejected"
conf "noauth:100s"
${SSH} -F $OBJ/ssh_config somehost true || fatal "basic connect failed"
verbose "penalty for no authentication"
${SSHKEYSCAN} -t ssh-ed25519 -p $PORT 127.0.0.1 >/dev/null || fatal "keyscan failed"
sleep 2
# Repeat attempt should be penalised
${SSHKEYSCAN} -t ssh-ed25519 -p $PORT 127.0.0.1 >/dev/null 2>&1 && fail "keyscan not rejected"

4
regress/rekey.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: rekey.sh,v 1.19 2021/07/19 05:08:54 dtucker Exp $
# $OpenBSD: rekey.sh,v 1.20 2024/05/22 04:20:00 djm Exp $
# Placed in the Public Domain.
tid="rekey"
@ -14,7 +14,7 @@ ssh_data_rekeying()
{
_kexopt=$1 ; shift
_opts="$@"
if ! test -z "$_kexopts" ; then
if ! test -z "$_kexopt" ; then
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
echo "$_kexopt" >> $OBJ/sshd_proxy
_opts="$_opts -o$_kexopt"

4
regress/sftp-cmds.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: sftp-cmds.sh,v 1.19 2024/03/29 10:40:07 dtucker Exp $
# $OpenBSD: sftp-cmds.sh,v 1.20 2024/07/01 03:10:19 djm Exp $
# Placed in the Public Domain.
# XXX - TODO:
@ -32,7 +32,7 @@ rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2
mkdir ${COPY}.dd
verbose "$tid: lls"
printf "cd ${OBJ}\nlls\n" | ${SFTP} -D ${SFTPSERVER} 2>&1 | \
printf "lcd ${OBJ}\nlls\n" | ${SFTP} -D ${SFTPSERVER} 2>&1 | \
grep copy.dd >/dev/null || fail "lls failed"
verbose "$tid: lls w/path"

60
regress/test-exec.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: test-exec.sh,v 1.109 2024/03/25 01:28:29 dtucker Exp $
# $OpenBSD: test-exec.sh,v 1.119 2024/06/20 08:18:34 dtucker Exp $
# Placed in the Public Domain.
#SUDO=sudo
@ -96,6 +96,7 @@ SSHKEYGEN=ssh-keygen
SSHKEYSCAN=ssh-keyscan
SFTP=sftp
SFTPSERVER=/usr/libexec/openssh/sftp-server
SSHD_SESSION=/usr/libexec/sshd-session
SCP=scp
# Set by make_tmpdir() on demand (below).
@ -121,6 +122,9 @@ NC=$OBJ/netcat
if [ "x$TEST_SSH_SSH" != "x" ]; then
SSH="${TEST_SSH_SSH}"
fi
if [ "x$TEST_SSH_SSHD_SESSION" != "x" ]; then
SSHD_SESSION="${TEST_SSH_SSHD_SESSION}"
fi
if [ "x$TEST_SSH_SSHD" != "x" ]; then
SSHD="${TEST_SSH_SSHD}"
fi
@ -370,7 +374,7 @@ ssh_logfile ()
# [kbytes] to ensure the file is at least that large.
DATANAME=data
DATA=$OBJ/${DATANAME}
cat ${SSHAGENT_BIN} >${DATA}
cat ${SSH_BIN} >${DATA}
chmod u+w ${DATA}
COPY=$OBJ/copy
rm -f ${COPY}
@ -381,7 +385,7 @@ fi
increase_datafile_size()
{
while [ `du -k ${DATA} | cut -f1` -lt $1 ]; do
cat ${SSHAGENT_BIN} >>${DATA}
cat ${SSH_BIN} >>${DATA}
done
}
@ -493,14 +497,16 @@ stop_sshd ()
if [ "$os" == "windows" ]; then
powershell.exe /c "stop-process -Name sshd -Force" >/dev/null 2>&1
else
if [ -f $PIDFILE ]; then
[ -z $PIDFILE ] && return
[ -f $PIDFILE ] || return
pid=`$SUDO cat $PIDFILE`
if [ "X$pid" = "X" ]; then
echo no sshd running
else
if [ $pid -lt 2 ]; then
echo bad pid for sshd: $pid
else
echo "no sshd running" 1>&2
return
elif [ $pid -lt 2 ]; then
echo "bad pid for sshd: $pid" 1>&2
return
fi
$SUDO kill $pid
trace "wait for sshd to exit"
i=0;
@ -510,17 +516,13 @@ stop_sshd ()
done
if test -f $PIDFILE; then
if $SUDO kill -0 $pid; then
echo "sshd didn't exit " \
"port $PORT pid $pid"
echo "sshd didn't exit port $PORT pid $pid" 1>&2
else
echo "sshd died without cleanup"
echo "sshd died without cleanup" 1>&2
fi
exit 1
fi
fi
fi
fi
fi
PIDFILE=""
}
# helper
@ -667,6 +669,8 @@ cat << EOF > $OBJ/sshd_config
AcceptEnv _XXX_TEST_*
AcceptEnv _XXX_TEST
Subsystem sftp $SFTPSERVER
SshdSessionPath $SSHD_SESSION
PerSourcePenalties no
EOF
if [ "$os" != "windows" ]; then
@ -923,15 +927,25 @@ esac
if test "$REGRESS_INTEROP_DROPBEAR" = "yes" ; then
trace Create dropbear keys and add to authorized_keys
mkdir -p $OBJ/.dropbear
for i in rsa ecdsa ed25519 dss; do
if [ ! -f "$OBJ/.dropbear/id_$i" ]; then
($DROPBEARKEY -t $i -f $OBJ/.dropbear/id_$i
$DROPBEARCONVERT dropbear openssh \
$OBJ/.dropbear/id_$i $OBJ/.dropbear/ossh.id_$i
) > /dev/null 2>&1
kt="ed25519"
for i in dss rsa ecdsa; do
if $SSH -Q key-plain | grep "$i" >/dev/null; then
kt="$kt $i"
else
rm -f "$OBJ/.dropbear/id_$i"
fi
done
for i in $kt; do
if [ ! -f "$OBJ/.dropbear/id_$i" ]; then
verbose Create dropbear key type $i
$DROPBEARKEY -t $i -f $OBJ/.dropbear/id_$i \
>/dev/null 2>&1
fi
$DROPBEARCONVERT dropbear openssh $OBJ/.dropbear/id_$i \
$OBJ/.dropbear/ossh.id_$i >/dev/null 2>&1
$SSHKEYGEN -y -f $OBJ/.dropbear/ossh.id_$i \
>>$OBJ/authorized_keys_$USER
rm -f $OBJ/.dropbear/id_$i.pub $OBJ/.dropbear/ossh.id_$i
done
fi
@ -958,6 +972,7 @@ chmod a+x $OBJ/ssh_proxy.sh
start_sshd ()
{
PIDFILE=$OBJ/pidfile
# start sshd
logfile="${TEST_SSH_LOGDIR}/sshd.`$OBJ/timestamp`.$$.log"
$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
@ -977,6 +992,7 @@ start_sshd ()
i=`expr $i + 1`
sleep $i
done
ln -f -s ${logfile} $TEST_SSHD_LOGFILE
test -f $PIDFILE || fatal "no sshd running on port $PORT"
}

3
regress/unittests/kex/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.14 2023/02/02 12:12:52 djm Exp $
# $OpenBSD: Makefile,v 1.15 2024/05/19 19:10:01 anton Exp $
PROG=test_kex
SRCS=tests.c test_kex.c test_proposal.c
@ -14,6 +14,7 @@ SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c
SRCS+=ssh-ed25519-sk.c sk-usbhid.c
SRCS+= kex.c
SRCS+= kex-names.c
SRCS+= dh.c
SRCS+= kexdh.c
SRCS+= kexecdh.c

232
scp.0 Normal file
View File

@ -0,0 +1,232 @@
SCP(1) General Commands Manual SCP(1)
NAME
scp M-bM-^@M-^S OpenSSH secure file copy
SYNOPSIS
scp [-346ABCOpqRrsTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]
[-i identity_file] [-J destination] [-l limit] [-o ssh_option]
[-P port] [-S program] [-X sftp_option] source ... target
DESCRIPTION
scp copies files between hosts on a network.
scp uses the SFTP protocol over a ssh(1) connection for data transfer,
and uses the same authentication and provides the same security as a
login session.
scp will ask for passwords or passphrases if they are needed for
authentication.
The source and target may be specified as a local pathname, a remote host
with optional path in the form [user@]host:[path], or a URI in the form
scp://[user@]host[:port][/path]. Local file names can be made explicit
using absolute or relative pathnames to avoid scp treating file names
containing M-bM-^@M-^X:M-bM-^@M-^Y as host specifiers.
When copying between two remote hosts, if the URI format is used, a port
cannot be specified on the target if the -R option is used.
The options are as follows:
-3 Copies between two remote hosts are transferred through the local
host. Without this option the data is copied directly between
the two remote hosts. Note that, when using the legacy SCP
protocol (via the -O flag), this option selects batch mode for
the second host as scp cannot ask for passwords or passphrases
for both hosts. This mode is the default.
-4 Forces scp to use IPv4 addresses only.
-6 Forces scp to use IPv6 addresses only.
-A Allows forwarding of ssh-agent(1) to the remote system. The
default is not to forward an authentication agent.
-B Selects batch mode (prevents asking for passwords or
passphrases).
-C Compression enable. Passes the -C flag to ssh(1) to enable
compression.
-c cipher
Selects the cipher to use for encrypting the data transfer. This
option is directly passed to ssh(1).
-D sftp_server_path
Connect directly to a local SFTP server program rather than a
remote one via ssh(1). This option may be useful in debugging
the client and server.
-F ssh_config
Specifies an alternative per-user configuration file for ssh.
This option is directly passed to ssh(1).
-i identity_file
Selects the file from which the identity (private key) for public
key authentication is read. This option is directly passed to
ssh(1).
-J destination
Connect to the target host by first making an scp connection to
the jump host described by destination and then establishing a
TCP forwarding to the ultimate destination from there. Multiple
jump hops may be specified separated by comma characters. This
is a shortcut to specify a ProxyJump configuration directive.
This option is directly passed to ssh(1).
-l limit
Limits the used bandwidth, specified in Kbit/s.
-O Use the legacy SCP protocol for file transfers instead of the
SFTP protocol. Forcing the use of the SCP protocol may be
necessary for servers that do not implement SFTP, for backwards-
compatibility for particular filename wildcard patterns and for
expanding paths with a M-bM-^@M-^X~M-bM-^@M-^Y prefix for older SFTP servers.
-o ssh_option
Can be used to pass options to ssh in the format used in
ssh_config(5). This is useful for specifying options for which
there is no separate scp command-line flag. For full details of
the options listed below, and their possible values, see
ssh_config(5).
AddressFamily
BatchMode
BindAddress
BindInterface
CanonicalDomains
CanonicalizeFallbackLocal
CanonicalizeHostname
CanonicalizeMaxDots
CanonicalizePermittedCNAMEs
CASignatureAlgorithms
CertificateFile
CheckHostIP
Ciphers
Compression
ConnectionAttempts
ConnectTimeout
ControlMaster
ControlPath
ControlPersist
GlobalKnownHostsFile
GSSAPIAuthentication
GSSAPIDelegateCredentials
HashKnownHosts
Host
HostbasedAcceptedAlgorithms
HostbasedAuthentication
HostKeyAlgorithms
HostKeyAlias
Hostname
IdentitiesOnly
IdentityAgent
IdentityFile
IPQoS
KbdInteractiveAuthentication
KbdInteractiveDevices
KexAlgorithms
KnownHostsCommand
LogLevel
MACs
NoHostAuthenticationForLocalhost
NumberOfPasswordPrompts
PasswordAuthentication
PKCS11Provider
Port
PreferredAuthentications
ProxyCommand
ProxyJump
PubkeyAcceptedAlgorithms
PubkeyAuthentication
RekeyLimit
RequiredRSASize
SendEnv
ServerAliveInterval
ServerAliveCountMax
SetEnv
StrictHostKeyChecking
TCPKeepAlive
UpdateHostKeys
User
UserKnownHostsFile
VerifyHostKeyDNS
-P port
Specifies the port to connect to on the remote host. Note that
this option is written with a capital M-bM-^@M-^XPM-bM-^@M-^Y, because -p is already
reserved for preserving the times and mode bits of the file.
-p Preserves modification times, access times, and file mode bits
from the source file.
-q Quiet mode: disables the progress meter as well as warning and
diagnostic messages from ssh(1).
-R Copies between two remote hosts are performed by connecting to
the origin host and executing scp there. This requires that scp
running on the origin host can authenticate to the destination
host without requiring a password.
-r Recursively copy entire directories. Note that scp follows
symbolic links encountered in the tree traversal.
-S program
Name of program to use for the encrypted connection. The program
must understand ssh(1) options.
-T Disable strict filename checking. By default when copying files
from a remote host to a local directory scp checks that the
received filenames match those requested on the command-line to
prevent the remote end from sending unexpected or unwanted files.
Because of differences in how various operating systems and
shells interpret filename wildcards, these checks may cause
wanted files to be rejected. This option disables these checks
at the expense of fully trusting that the server will not send
unexpected filenames.
-v Verbose mode. Causes scp and ssh(1) to print debugging messages
about their progress. This is helpful in debugging connection,
authentication, and configuration problems.
-X sftp_option
Specify an option that controls aspects of SFTP protocol
behaviour. The valid options are:
nrequests=value
Controls how many concurrent SFTP read or write requests
may be in progress at any point in time during a download
or upload. By default 64 requests may be active
concurrently.
buffer=value
Controls the maximum buffer size for a single SFTP
read/write operation used during download or upload. By
default a 32KB buffer is used.
EXIT STATUS
The scp utility exitsM-BM- 0 on success, andM-BM- >0 if an error occurs.
SEE ALSO
sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5),
sftp-server(8), sshd(8)
HISTORY
scp is based on the rcp program in BSD source code from the Regents of
the University of California.
Since OpenSSH 9.0, scp has used the SFTP protocol for transfers by
default.
AUTHORS
Timo Rinne <tri@iki.fi>
Tatu Ylonen <ylo@cs.hut.fi>
CAVEATS
The legacy SCP protocol (selected by the -O flag) requires execution of
the remote user's shell to perform glob(3) pattern matching. This
requires careful quoting of any characters that have special meaning to
the remote shell, such as quote characters.
OpenBSD 7.5 December 16, 2022 OpenBSD 7.5

4
scp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: scp.c,v 1.260 2023/10/11 05:42:08 djm Exp $ */
/* $OpenBSD: scp.c,v 1.261 2024/06/26 23:14:14 deraadt Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@ -234,9 +234,11 @@ suspone(int pid, int signo)
static void
suspchild(int signo)
{
int save_errno = errno;
suspone(do_cmd_pid, signo);
suspone(do_cmd_pid2, signo);
kill(getpid(), SIGSTOP);
errno = save_errno;
}
static int

186
servconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.c,v 1.406 2024/05/17 00:30:24 djm Exp $ */
/* $OpenBSD: servconf.c,v 1.411 2024/06/12 22:36:00 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -69,6 +69,10 @@
#include "myproposal.h"
#include "digest.h"
#if !defined(SSHD_PAM_SERVICE)
# define SSHD_PAM_SERVICE "sshd"
#endif
static void add_listen_addr(ServerOptions *, const char *,
const char *, int);
static void add_one_listen_addr(ServerOptions *, const char *,
@ -88,6 +92,7 @@ initialize_server_options(ServerOptions *options)
/* Portable-specific options */
options->use_pam = -1;
options->pam_service_name = NULL;
/* Standard Options */
options->num_ports = 0;
@ -163,6 +168,18 @@ initialize_server_options(ServerOptions *options)
options->per_source_max_startups = -1;
options->per_source_masklen_ipv4 = -1;
options->per_source_masklen_ipv6 = -1;
options->per_source_penalty_exempt = NULL;
options->per_source_penalty.enabled = -1;
options->per_source_penalty.max_sources4 = -1;
options->per_source_penalty.max_sources6 = -1;
options->per_source_penalty.overflow_mode = -1;
options->per_source_penalty.overflow_mode6 = -1;
options->per_source_penalty.penalty_crash = -1;
options->per_source_penalty.penalty_authfail = -1;
options->per_source_penalty.penalty_noauth = -1;
options->per_source_penalty.penalty_grace = -1;
options->per_source_penalty.penalty_max = -1;
options->per_source_penalty.penalty_min = -1;
options->max_authtries = -1;
options->max_sessions = -1;
options->banner = NULL;
@ -281,6 +298,8 @@ fill_default_server_options(ServerOptions *options)
/* Portable-specific options */
if (options->use_pam == -1)
options->use_pam = 0;
if (options->pam_service_name == NULL)
options->pam_service_name = xstrdup(SSHD_PAM_SERVICE);
/* Standard Options */
if (options->num_host_key_files == 0) {
@ -404,6 +423,28 @@ fill_default_server_options(ServerOptions *options)
options->per_source_masklen_ipv4 = 32;
if (options->per_source_masklen_ipv6 == -1)
options->per_source_masklen_ipv6 = 128;
if (options->per_source_penalty.enabled == -1)
options->per_source_penalty.enabled = 1;
if (options->per_source_penalty.max_sources4 == -1)
options->per_source_penalty.max_sources4 = 65536;
if (options->per_source_penalty.max_sources6 == -1)
options->per_source_penalty.max_sources6 = 65536;
if (options->per_source_penalty.overflow_mode == -1)
options->per_source_penalty.overflow_mode = PER_SOURCE_PENALTY_OVERFLOW_PERMISSIVE;
if (options->per_source_penalty.overflow_mode6 == -1)
options->per_source_penalty.overflow_mode6 = options->per_source_penalty.overflow_mode;
if (options->per_source_penalty.penalty_crash == -1)
options->per_source_penalty.penalty_crash = 90;
if (options->per_source_penalty.penalty_grace == -1)
options->per_source_penalty.penalty_grace = 20;
if (options->per_source_penalty.penalty_authfail == -1)
options->per_source_penalty.penalty_authfail = 5;
if (options->per_source_penalty.penalty_noauth == -1)
options->per_source_penalty.penalty_noauth = 1;
if (options->per_source_penalty.penalty_min == -1)
options->per_source_penalty.penalty_min = 15;
if (options->per_source_penalty.penalty_max == -1)
options->per_source_penalty.penalty_max = 600;
if (options->max_authtries == -1)
options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
if (options->max_sessions == -1)
@ -481,6 +522,7 @@ fill_default_server_options(ServerOptions *options)
CLEAR_ON_NONE(options->chroot_directory);
CLEAR_ON_NONE(options->routing_domain);
CLEAR_ON_NONE(options->host_key_agent);
CLEAR_ON_NONE(options->per_source_penalty_exempt);
for (i = 0; i < options->num_host_key_files; i++)
CLEAR_ON_NONE(options->host_key_files[i]);
@ -497,7 +539,7 @@ fill_default_server_options(ServerOptions *options)
typedef enum {
sBadOption, /* == unknown option */
/* Portable-specific options */
sUsePAM,
sUsePAM, sPAMServiceName,
/* Standard Options */
sPort, sHostKeyFile, sLoginGraceTime,
sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
@ -515,6 +557,7 @@ typedef enum {
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms,
sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize,
sPerSourcePenalties, sPerSourcePenaltyExemptList,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
sAcceptEnv, sSetEnv, sPermitTunnel,
@ -530,7 +573,7 @@ typedef enum {
sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
sRequiredRSASize, sChannelTimeout, sUnusedConnectionTimeout,
sSshdMonitorPath,
sSshdSessionPath,
sDeprecated, sIgnore, sUnsupported
} ServerOpCodes;
@ -549,8 +592,10 @@ static struct {
/* Portable-specific options */
#ifdef USE_PAM
{ "usepam", sUsePAM, SSHCFG_GLOBAL },
{ "pamservicename", sPAMServiceName, SSHCFG_ALL },
#else
{ "usepam", sUnsupported, SSHCFG_GLOBAL },
{ "pamservicename", sUnsupported, SSHCFG_ALL },
#endif
{ "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
/* Standard Options */
@ -647,6 +692,8 @@ static struct {
{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
{ "persourcemaxstartups", sPerSourceMaxStartups, SSHCFG_GLOBAL },
{ "persourcenetblocksize", sPerSourceNetBlockSize, SSHCFG_GLOBAL },
{ "persourcepenalties", sPerSourcePenalties, SSHCFG_GLOBAL },
{ "persourcepenaltyexemptlist", sPerSourcePenaltyExemptList, SSHCFG_GLOBAL },
{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
{ "maxsessions", sMaxSessions, SSHCFG_ALL },
{ "banner", sBanner, SSHCFG_ALL },
@ -693,7 +740,7 @@ static struct {
{ "requiredrsasize", sRequiredRSASize, SSHCFG_ALL },
{ "channeltimeout", sChannelTimeout, SSHCFG_ALL },
{ "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL },
{ "sshdmonitorpath", sSshdMonitorPath, SSHCFG_GLOBAL },
{ "sshdsessionpath", sSshdSessionPath, SSHCFG_GLOBAL },
{ NULL, sBadOption, 0 }
};
@ -1284,6 +1331,16 @@ process_server_config_line_depth(ServerOptions *options, char *line,
case sUsePAM:
intptr = &options->use_pam;
goto parse_flag;
case sPAMServiceName:
charptr = &options->pam_service_name;
arg = argv_next(&ac, &av);
if (!arg || *arg == '\0') {
fatal("%s line %d: missing argument.",
filename, linenum);
}
if (*activep && *charptr == NULL)
*charptr = xstrdup(arg);
break;
/* Standard Options */
case sBadOption:
@ -1949,6 +2006,100 @@ process_server_config_line_depth(ServerOptions *options, char *line,
options->per_source_max_startups = value;
break;
case sPerSourcePenaltyExemptList:
charptr = &options->per_source_penalty_exempt;
arg = argv_next(&ac, &av);
if (!arg || *arg == '\0')
fatal("%s line %d: missing argument.",
filename, linenum);
if (addr_match_list(NULL, arg) != 0) {
fatal("%s line %d: keyword %s "
"invalid address argument.",
filename, linenum, keyword);
}
if (*activep && *charptr == NULL)
*charptr = xstrdup(arg);
break;
case sPerSourcePenalties:
while ((arg = argv_next(&ac, &av)) != NULL) {
found = 1;
value = -1;
value2 = 0;
p = NULL;
/* Allow no/yes only in first position */
if (strcasecmp(arg, "no") == 0 ||
(value2 = (strcasecmp(arg, "yes") == 0))) {
if (ac > 0) {
fatal("%s line %d: keyword %s \"%s\" "
"argument must appear alone.",
filename, linenum, keyword, arg);
}
if (*activep &&
options->per_source_penalty.enabled == -1)
options->per_source_penalty.enabled = value2;
continue;
} else if (strncmp(arg, "crash:", 6) == 0) {
p = arg + 6;
intptr = &options->per_source_penalty.penalty_crash;
} else if (strncmp(arg, "authfail:", 9) == 0) {
p = arg + 9;
intptr = &options->per_source_penalty.penalty_authfail;
} else if (strncmp(arg, "noauth:", 7) == 0) {
p = arg + 7;
intptr = &options->per_source_penalty.penalty_noauth;
} else if (strncmp(arg, "grace-exceeded:", 15) == 0) {
p = arg + 15;
intptr = &options->per_source_penalty.penalty_grace;
} else if (strncmp(arg, "max:", 4) == 0) {
p = arg + 4;
intptr = &options->per_source_penalty.penalty_max;
} else if (strncmp(arg, "min:", 4) == 0) {
p = arg + 4;
intptr = &options->per_source_penalty.penalty_min;
} else if (strncmp(arg, "max-sources4:", 13) == 0) {
intptr = &options->per_source_penalty.max_sources4;
if ((errstr = atoi_err(arg+13, &value)) != NULL)
fatal("%s line %d: %s value %s.",
filename, linenum, keyword, errstr);
} else if (strncmp(arg, "max-sources6:", 13) == 0) {
intptr = &options->per_source_penalty.max_sources6;
if ((errstr = atoi_err(arg+13, &value)) != NULL)
fatal("%s line %d: %s value %s.",
filename, linenum, keyword, errstr);
} else if (strcmp(arg, "overflow:deny-all") == 0) {
intptr = &options->per_source_penalty.overflow_mode;
value = PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL;
} else if (strcmp(arg, "overflow:permissive") == 0) {
intptr = &options->per_source_penalty.overflow_mode;
value = PER_SOURCE_PENALTY_OVERFLOW_PERMISSIVE;
} else if (strcmp(arg, "overflow6:deny-all") == 0) {
intptr = &options->per_source_penalty.overflow_mode6;
value = PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL;
} else if (strcmp(arg, "overflow6:permissive") == 0) {
intptr = &options->per_source_penalty.overflow_mode6;
value = PER_SOURCE_PENALTY_OVERFLOW_PERMISSIVE;
} else {
fatal("%s line %d: unsupported %s keyword %s",
filename, linenum, keyword, arg);
}
/* If no value was parsed above, assume it's a time */
if (value == -1 && (value = convtime(p)) == -1) {
fatal("%s line %d: invalid %s time value.",
filename, linenum, keyword);
}
if (*activep && *intptr == -1) {
*intptr = value;
/* any option implicitly enables penalties */
options->per_source_penalty.enabled = 1;
}
}
if (!found) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
break;
case sMaxAuthTries:
intptr = &options->max_authtries;
goto parse_int;
@ -2514,7 +2665,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
}
goto parse_time;
case sSshdMonitorPath:
case sSshdSessionPath:
charptr = &options->sshd_session_path;
goto parse_filename;
@ -3062,6 +3213,7 @@ dump_config(ServerOptions *o)
/* integer arguments */
#ifdef USE_PAM
dump_cfg_fmtint(sUsePAM, o->use_pam);
dump_cfg_string(sPAMServiceName, o->pam_service_name);
#endif
dump_cfg_int(sLoginGraceTime, o->login_grace_time);
dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
@ -3147,7 +3299,8 @@ dump_config(ServerOptions *o)
#if defined(__OpenBSD__) || defined(HAVE_SYS_SET_PROCESS_RDOMAIN)
dump_cfg_string(sRDomain, o->routing_domain);
#endif
dump_cfg_string(sSshdMonitorPath, o->sshd_session_path);
dump_cfg_string(sSshdSessionPath, o->sshd_session_path);
dump_cfg_string(sPerSourcePenaltyExemptList, o->per_source_penalty_exempt);
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
@ -3235,4 +3388,25 @@ dump_config(ServerOptions *o)
if (o->pubkey_auth_options & PUBKEYAUTH_VERIFY_REQUIRED)
printf(" verify-required");
printf("\n");
if (o->per_source_penalty.enabled) {
printf("persourcepenalties crash:%d authfail:%d noauth:%d "
"grace-exceeded:%d max:%d min:%d max-sources4:%d "
"max-sources6:%d overflow:%s overflow6:%s\n",
o->per_source_penalty.penalty_crash,
o->per_source_penalty.penalty_authfail,
o->per_source_penalty.penalty_noauth,
o->per_source_penalty.penalty_grace,
o->per_source_penalty.penalty_max,
o->per_source_penalty.penalty_min,
o->per_source_penalty.max_sources4,
o->per_source_penalty.max_sources6,
o->per_source_penalty.overflow_mode ==
PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL ?
"deny-all" : "permissive",
o->per_source_penalty.overflow_mode6 ==
PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL ?
"deny-all" : "permissive");
} else
printf("persourcepenalties no\n");
}

25
servconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.h,v 1.161 2024/05/17 00:30:24 djm Exp $ */
/* $OpenBSD: servconf.h,v 1.165 2024/06/12 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -47,7 +47,6 @@
#define PUBKEYAUTH_VERIFY_REQUIRED (1<<1)
struct ssh;
struct fwd_perm_list;
/*
* Used to store addresses from ListenAddr directives. These may be
@ -66,6 +65,22 @@ struct listenaddr {
struct addrinfo *addrs;
};
#define PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL 1
#define PER_SOURCE_PENALTY_OVERFLOW_PERMISSIVE 2
struct per_source_penalty {
int enabled;
int max_sources4;
int max_sources6;
int overflow_mode;
int overflow_mode6;
int penalty_crash;
int penalty_grace;
int penalty_authfail;
int penalty_noauth;
int penalty_max;
int penalty_min;
};
typedef struct {
u_int num_ports;
u_int ports_from_cmdline;
@ -173,6 +188,8 @@ typedef struct {
int per_source_max_startups;
int per_source_masklen_ipv4;
int per_source_masklen_ipv6;
char *per_source_penalty_exempt;
struct per_source_penalty per_source_penalty;
int max_authtries;
int max_sessions;
char *banner; /* SSH-2 banner message */
@ -193,6 +210,7 @@ typedef struct {
char *adm_forced_command;
int use_pam; /* Enable auth via PAM */
char *pam_service_name;
int permit_tun;
@ -277,6 +295,7 @@ TAILQ_HEAD(include_list, include_item);
M_CP_STROPT(ca_sign_algorithms); \
M_CP_STROPT(routing_domain); \
M_CP_STROPT(permit_user_env_allowlist); \
M_CP_STROPT(pam_service_name); \
M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
M_CP_STRARRAYOPT(allow_users, num_allow_users); \
M_CP_STRARRAYOPT(deny_users, num_deny_users); \
@ -303,9 +322,7 @@ void parse_server_config(ServerOptions *, const char *, struct sshbuf *,
struct include_list *includes, struct connection_info *, int);
void parse_server_match_config(ServerOptions *,
struct include_list *includes, struct connection_info *);
int parse_channel_timeout(const char *, char **, u_int *);
int parse_server_match_testspec(struct connection_info *, char *);
int server_match_spec_complete(struct connection_info *);
void servconf_merge_subsystems(ServerOptions *, ServerOptions *);
void copy_set_server_options(ServerOptions *, ServerOptions *, int);
void dump_config(ServerOptions *);

6
serverloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.239 2024/05/17 00:30:24 djm Exp $ */
/* $OpenBSD: serverloop.c,v 1.240 2024/06/17 08:28:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -266,11 +266,11 @@ process_input(struct ssh *ssh, int connection_in)
if (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK)
return 0;
if (errno == EPIPE) {
verbose("Connection closed by %.100s port %d",
logit("Connection closed by %.100s port %d",
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
return -1;
}
verbose("Read error from remote host %s port %d: %s",
logit("Read error from remote host %s port %d: %s",
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
strerror(errno));
cleanup_exit(255);

15
session.c
View File

@ -104,9 +104,16 @@
#include <selinux/selinux.h>
#endif
#ifdef WINDOWS
/*
* Hack for systems that do not support FD passing: allocate PTYs directly
* without calling into the monitor. This requires either the post-auth
* privsep process retain root privileges (see the comment in
* sshd-session.c:privsep_postauth) or that PTY allocation doesn't require
* privileges to begin with (e.g. Cygwin).
*/
#ifdef DISABLE_FD_PASSING
#define mm_pty_allocate pty_allocate
#endif /* WINDOWS */
#endif
#define IS_INTERNAL_SFTP(c) \
(!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \
@ -716,13 +723,13 @@ do_exec(struct ssh *ssh, Session *s, const char *command)
#ifdef SSH_AUDIT_EVENTS
if (command != NULL)
PRIVSEP(audit_run_command(command));
mm_audit_run_command(command);
else if (s->ttyfd == -1) {
char *shell = s->pw->pw_shell;
if (shell[0] == '\0') /* empty shell means /bin/sh */
shell =_PATH_BSHELL;
PRIVSEP(audit_run_command(shell));
mm_audit_run_command(shell);
}
#endif
if (s->ttyfd != -1)

4
sftp-client.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-client.c,v 1.175 2023/11/13 09:18:19 tobhe Exp $ */
/* $OpenBSD: sftp-client.c,v 1.176 2024/05/17 02:39:11 jsg Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -2449,7 +2449,7 @@ handle_dest_replies(struct sftp_conn *to, const char *to_path, int synchronous,
* server not to have reordered replies that could have
* inserted holes where none existed in the source file.
*
* XXX we could get a more accutate progress bar if we updated
* XXX we could get a more accurate progress bar if we updated
* the counter based on the reply from the destination...
*/
(*nreqsp)--;

98
sftp-server.0 Normal file
View File

@ -0,0 +1,98 @@
SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8)
NAME
sftp-server M-bM-^@M-^S OpenSSH SFTP server subsystem
SYNOPSIS
sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level]
[-P denied_requests] [-p allowed_requests] [-u umask]
sftp-server -Q protocol_feature
DESCRIPTION
sftp-server is a program that speaks the server side of SFTP protocol to
stdout and expects client requests from stdin. sftp-server is not
intended to be called directly, but from sshd(8) using the Subsystem
option.
Command-line flags to sftp-server should be specified in the Subsystem
declaration. See sshd_config(5) for more information.
Valid options are:
-d start_directory
Specifies an alternate starting directory for users. The
pathname may contain the following tokens that are expanded at
runtime: %% is replaced by a literal '%', %d is replaced by the
home directory of the user being authenticated, and %u is
replaced by the username of that user. The default is to use the
user's home directory. This option is useful in conjunction with
the sshd_config(5) ChrootDirectory option.
-e Causes sftp-server to print logging information to stderr instead
of syslog for debugging.
-f log_facility
Specifies the facility code that is used when logging messages
from sftp-server. The possible values are: DAEMON, USER, AUTH,
LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
-h Displays sftp-server usage information.
-l log_level
Specifies which messages will be logged by sftp-server. The
possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG,
DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions
that sftp-server performs on behalf of the client. DEBUG and
DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher
levels of debugging output. The default is ERROR.
-P denied_requests
Specifies a comma-separated list of SFTP protocol requests that
are banned by the server. sftp-server will reply to any denied
request with a failure. The -Q flag can be used to determine the
supported request types. If both denied and allowed lists are
specified, then the denied list is applied before the allowed
list.
-p allowed_requests
Specifies a comma-separated list of SFTP protocol requests that
are permitted by the server. All request types that are not on
the allowed list will be logged and replied to with a failure
message.
Care must be taken when using this feature to ensure that
requests made implicitly by SFTP clients are permitted.
-Q protocol_feature
Queries protocol features supported by sftp-server. At present
the only feature that may be queried is M-bM-^@M-^\requestsM-bM-^@M-^], which may be
used to deny or allow specific requests (flags -P and -p
respectively).
-R Places this instance of sftp-server into a read-only mode.
Attempts to open files for writing, as well as other operations
that change the state of the filesystem, will be denied.
-u umask
Sets an explicit umask(2) to be applied to newly-created files
and directories, instead of the user's default mask.
On some systems, sftp-server must be able to access /dev/log for logging
to work, and use of sftp-server in a chroot configuration therefore
requires that syslogd(8) establish a logging socket inside the chroot
directory.
SEE ALSO
sftp(1), ssh(1), sshd_config(5), sshd(8)
T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
filexfer-02.txt, October 2001, work in progress material.
HISTORY
sftp-server first appeared in OpenBSD 2.8.
AUTHORS
Markus Friedl <markus@openbsd.org>
OpenBSD 7.5 July 27, 2021 OpenBSD 7.5

438
sftp.0 Normal file
View File

@ -0,0 +1,438 @@
SFTP(1) General Commands Manual SFTP(1)
NAME
sftp M-bM-^@M-^S OpenSSH secure file transfer
SYNOPSIS
sftp [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
[-D sftp_server_command] [-F ssh_config] [-i identity_file]
[-J destination] [-l limit] [-o ssh_option] [-P port]
[-R num_requests] [-S program] [-s subsystem | sftp_server]
[-X sftp_option] destination
DESCRIPTION
sftp is a file transfer program, similar to ftp(1), which performs all
operations over an encrypted ssh(1) transport. It may also use many
features of ssh, such as public key authentication and compression.
The destination may be specified either as [user@]host[:path] or as a URI
in the form sftp://[user@]host[:port][/path].
If the destination includes a path and it is not a directory, sftp will
retrieve files automatically if a non-interactive authentication method
is used; otherwise it will do so after successful interactive
authentication.
If no path is specified, or if the path is a directory, sftp will log in
to the specified host and enter interactive command mode, changing to the
remote directory if one was specified. An optional trailing slash can be
used to force the path to be interpreted as a directory.
Since the destination formats use colon characters to delimit host names
from path names or port numbers, IPv6 addresses must be enclosed in
square brackets to avoid ambiguity.
The options are as follows:
-4 Forces sftp to use IPv4 addresses only.
-6 Forces sftp to use IPv6 addresses only.
-A Allows forwarding of ssh-agent(1) to the remote system. The
default is not to forward an authentication agent.
-a Attempt to continue interrupted transfers rather than overwriting
existing partial or complete copies of files. If the partial
contents differ from those being transferred, then the resultant
file is likely to be corrupt.
-B buffer_size
Specify the size of the buffer that sftp uses when transferring
files. Larger buffers require fewer round trips at the cost of
higher memory consumption. The default is 32768 bytes.
-b batchfile
Batch mode reads a series of commands from an input batchfile
instead of stdin. Since it lacks user interaction, it should be
used in conjunction with non-interactive authentication to
obviate the need to enter a password at connection time (see
sshd(8) and ssh-keygen(1) for details).
A batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may be used to indicate standard input. sftp
will abort if any of the following commands fail: get, put,
reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, copy, cp,
chmod, chown, chgrp, lpwd, df, symlink, and lmkdir.
Termination on error can be suppressed on a command by command
basis by prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y character (for example,
-rm /tmp/blah*). Echo of the command may be suppressed by
prefixing the command with a M-bM-^@M-^X@M-bM-^@M-^Y character. These two prefixes
may be combined in any order, for example -@ls /bsd.
-C Enables compression (via ssh's -C flag).
-c cipher
Selects the cipher to use for encrypting the data transfers.
This option is directly passed to ssh(1).
-D sftp_server_command
Connect directly to a local sftp server (rather than via ssh(1)).
A command and arguments may be specified, for example
"/path/sftp-server -el debug3". This option may be useful in
debugging the client and server.
-F ssh_config
Specifies an alternative per-user configuration file for ssh(1).
This option is directly passed to ssh(1).
-f Requests that files be flushed to disk immediately after
transfer. When uploading files, this feature is only enabled if
the server implements the "fsync@openssh.com" extension.
-i identity_file
Selects the file from which the identity (private key) for public
key authentication is read. This option is directly passed to
ssh(1).
-J destination
Connect to the target host by first making an sftp connection to
the jump host described by destination and then establishing a
TCP forwarding to the ultimate destination from there. Multiple
jump hops may be specified separated by comma characters. This
is a shortcut to specify a ProxyJump configuration directive.
This option is directly passed to ssh(1).
-l limit
Limits the used bandwidth, specified in Kbit/s.
-N Disables quiet mode, e.g. to override the implicit quiet mode set
by the -b flag.
-o ssh_option
Can be used to pass options to ssh in the format used in
ssh_config(5). This is useful for specifying options for which
there is no separate sftp command-line flag. For example, to
specify an alternate port use: sftp -oPort=24. For full details
of the options listed below, and their possible values, see
ssh_config(5).
AddressFamily
BatchMode
BindAddress
BindInterface
CanonicalDomains
CanonicalizeFallbackLocal
CanonicalizeHostname
CanonicalizeMaxDots
CanonicalizePermittedCNAMEs
CASignatureAlgorithms
CertificateFile
CheckHostIP
Ciphers
Compression
ConnectionAttempts
ConnectTimeout
ControlMaster
ControlPath
ControlPersist
GlobalKnownHostsFile
GSSAPIAuthentication
GSSAPIDelegateCredentials
HashKnownHosts
Host
HostbasedAcceptedAlgorithms
HostbasedAuthentication
HostKeyAlgorithms
HostKeyAlias
Hostname
IdentitiesOnly
IdentityAgent
IdentityFile
IPQoS
KbdInteractiveAuthentication
KbdInteractiveDevices
KexAlgorithms
KnownHostsCommand
LogLevel
MACs
NoHostAuthenticationForLocalhost
NumberOfPasswordPrompts
PasswordAuthentication
PKCS11Provider
Port
PreferredAuthentications
ProxyCommand
ProxyJump
PubkeyAcceptedAlgorithms
PubkeyAuthentication
RekeyLimit
RequiredRSASize
SendEnv
ServerAliveInterval
ServerAliveCountMax
SetEnv
StrictHostKeyChecking
TCPKeepAlive
UpdateHostKeys
User
UserKnownHostsFile
VerifyHostKeyDNS
-P port
Specifies the port to connect to on the remote host.
-p Preserves modification times, access times, and modes from the
original files transferred.
-q Quiet mode: disables the progress meter as well as warning and
diagnostic messages from ssh(1).
-R num_requests
Specify how many requests may be outstanding at any one time.
Increasing this may slightly improve file transfer speed but will
increase memory usage. The default is 64 outstanding requests.
-r Recursively copy entire directories when uploading and
downloading. Note that sftp does not follow symbolic links
encountered in the tree traversal.
-S program
Name of the program to use for the encrypted connection. The
program must understand ssh(1) options.
-s subsystem | sftp_server
Specifies the SSH2 subsystem or the path for an sftp server on
the remote host. A path is useful when the remote sshd(8) does
not have an sftp subsystem configured.
-v Raise logging level. This option is also passed to ssh.
-X sftp_option
Specify an option that controls aspects of SFTP protocol
behaviour. The valid options are:
nrequests=value
Controls how many concurrent SFTP read or write requests
may be in progress at any point in time during a download
or upload. By default 64 requests may be active
concurrently.
buffer=value
Controls the maximum buffer size for a single SFTP
read/write operation used during download or upload. By
default a 32KB buffer is used.
INTERACTIVE COMMANDS
Once in interactive mode, sftp understands a set of commands similar to
those of ftp(1). Commands are case insensitive. Pathnames that contain
spaces must be enclosed in quotes. Any special characters contained
within pathnames that are recognized by glob(3) must be escaped with
backslashes (M-bM-^@M-^X\M-bM-^@M-^Y).
bye Quit sftp.
cd [path]
Change remote directory to path. If path is not specified, then
change directory to the one the session started in.
chgrp [-h] grp path
Change group of file path to grp. path may contain glob(7)
characters and may match multiple files. grp must be a numeric
GID.
If the -h flag is specified, then symlinks will not be followed.
Note that this is only supported by servers that implement the
"lsetstat@openssh.com" extension.
chmod [-h] mode path
Change permissions of file path to mode. path may contain
glob(7) characters and may match multiple files.
If the -h flag is specified, then symlinks will not be followed.
Note that this is only supported by servers that implement the
"lsetstat@openssh.com" extension.
chown [-h] own path
Change owner of file path to own. path may contain glob(7)
characters and may match multiple files. own must be a numeric
UID.
If the -h flag is specified, then symlinks will not be followed.
Note that this is only supported by servers that implement the
"lsetstat@openssh.com" extension.
copy oldpath newpath
Copy remote file from oldpath to newpath.
Note that this is only supported by servers that implement the
"copy-data" extension.
cp oldpath newpath
Alias to copy command.
df [-hi] [path]
Display usage information for the filesystem holding the current
directory (or path if specified). If the -h flag is specified,
the capacity information will be displayed using "human-readable"
suffixes. The -i flag requests display of inode information in
addition to capacity information. This command is only supported
on servers that implement the M-bM-^@M-^\statvfs@openssh.comM-bM-^@M-^] extension.
exit Quit sftp.
get [-afpR] remote-path [local-path]
Retrieve the remote-path and store it on the local machine. If
the local path name is not specified, it is given the same name
it has on the remote machine. remote-path may contain glob(7)
characters and may match multiple files. If it does and
local-path is specified, then local-path must specify a
directory.
If the -a flag is specified, then attempt to resume partial
transfers of existing files. Note that resumption assumes that
any partial copy of the local file matches the remote copy. If
the remote file contents differ from the partial local copy then
the resultant file is likely to be corrupt.
If the -f flag is specified, then fsync(2) will be called after
the file transfer has completed to flush the file to disk.
If the -p flag is specified, then full file permissions and
access times are copied too.
If the -R flag is specified then directories will be copied
recursively. Note that sftp does not follow symbolic links when
performing recursive transfers.
help Display help text.
lcd [path]
Change local directory to path. If path is not specified, then
change directory to the local user's home directory.
lls [ls-options [path]]
Display local directory listing of either path or current
directory if path is not specified. ls-options may contain any
flags supported by the local system's ls(1) command. path may
contain glob(7) characters and may match multiple files.
lmkdir path
Create local directory specified by path.
ln [-s] oldpath newpath
Create a link from oldpath to newpath. If the -s flag is
specified the created link is a symbolic link, otherwise it is a
hard link.
lpwd Print local working directory.
ls [-1afhlnrSt] [path]
Display a remote directory listing of either path or the current
directory if path is not specified. path may contain glob(7)
characters and may match multiple files.
The following flags are recognized and alter the behaviour of ls
accordingly:
-1 Produce single columnar output.
-a List files beginning with a dot (M-bM-^@M-^X.M-bM-^@M-^Y).
-f Do not sort the listing. The default sort order is
lexicographical.
-h When used with a long format option, use unit suffixes:
Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte,
and Exabyte in order to reduce the number of digits to
four or fewer using powers of 2 for sizes (K=1024,
M=1048576, etc.).
-l Display additional details including permissions and
ownership information.
-n Produce a long listing with user and group information
presented numerically.
-r Reverse the sort order of the listing.
-S Sort the listing by file size.
-t Sort the listing by last modification time.
lumask umask
Set local umask to umask.
mkdir path
Create remote directory specified by path.
progress
Toggle display of progress meter.
put [-afpR] local-path [remote-path]
Upload local-path and store it on the remote machine. If the
remote path name is not specified, it is given the same name it
has on the local machine. local-path may contain glob(7)
characters and may match multiple files. If it does and
remote-path is specified, then remote-path must specify a
directory.
If the -a flag is specified, then attempt to resume partial
transfers of existing files. Note that resumption assumes that
any partial copy of the remote file matches the local copy. If
the local file contents differ from the remote local copy then
the resultant file is likely to be corrupt.
If the -f flag is specified, then a request will be sent to the
server to call fsync(2) after the file has been transferred.
Note that this is only supported by servers that implement the
"fsync@openssh.com" extension.
If the -p flag is specified, then full file permissions and
access times are copied too.
If the -R flag is specified then directories will be copied
recursively. Note that sftp does not follow symbolic links when
performing recursive transfers.
pwd Display remote working directory.
quit Quit sftp.
reget [-fpR] remote-path [local-path]
Resume download of remote-path. Equivalent to get with the -a
flag set.
reput [-fpR] local-path [remote-path]
Resume upload of local-path. Equivalent to put with the -a flag
set.
rename oldpath newpath
Rename remote file from oldpath to newpath.
rm path
Delete remote file specified by path.
rmdir path
Remove remote directory specified by path.
symlink oldpath newpath
Create a symbolic link from oldpath to newpath.
version
Display the sftp protocol version.
!command
Execute command in local shell.
! Escape to local shell.
? Synonym for help.
SEE ALSO
ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5),
glob(7), sftp-server(8), sshd(8)
T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
filexfer-00.txt, January 2001, work in progress material.
OpenBSD 7.5 December 16, 2022 OpenBSD 7.5

4
sftp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp.c,v 1.238 2024/04/30 06:16:55 djm Exp $ */
/* $OpenBSD: sftp.c,v 1.239 2024/06/26 23:14:14 deraadt Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -238,12 +238,14 @@ killchild(int signo)
static void
suspchild(int signo)
{
int save_errno = errno;
if (sshpid > 1) {
kill(sshpid, signo);
while (waitpid(sshpid, NULL, WUNTRACED) == -1 && errno == EINTR)
continue;
}
kill(getpid(), SIGSTOP);
errno = save_errno;
}
static void

398
srclimit.c
View File

@ -1,5 +1,6 @@
/*
* Copyright (c) 2020 Darren Tucker <dtucker@openbsd.org>
* Copyright (c) 2024 Damien Miller <djm@mindrot.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -18,11 +19,13 @@
#include <sys/socket.h>
#include <sys/types.h>
#include <openbsd-compat/sys-tree.h>
#include <limits.h>
#include <netdb.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "addr.h"
#include "canohost.h"
@ -30,17 +33,71 @@
#include "misc.h"
#include "srclimit.h"
#include "xmalloc.h"
#include "servconf.h"
#include "match.h"
static int max_children, max_persource, ipv4_masklen, ipv6_masklen;
static struct per_source_penalty penalty_cfg;
static char *penalty_exempt;
/* Per connection state, used to enforce unauthenticated connection limit. */
static struct child_info {
int id;
struct xaddr addr;
} *child;
} *children;
/*
* Penalised addresses, active entries here prohibit connections until expired.
* Entries become active when more than penalty_min seconds of penalty are
* outstanding.
*/
struct penalty {
struct xaddr addr;
time_t expiry;
int active;
const char *reason;
RB_ENTRY(penalty) by_addr;
RB_ENTRY(penalty) by_expiry;
};
static int penalty_addr_cmp(struct penalty *a, struct penalty *b);
static int penalty_expiry_cmp(struct penalty *a, struct penalty *b);
RB_HEAD(penalties_by_addr, penalty) penalties_by_addr4, penalties_by_addr6;
RB_HEAD(penalties_by_expiry, penalty) penalties_by_expiry4, penalties_by_expiry6;
RB_GENERATE_STATIC(penalties_by_addr, penalty, by_addr, penalty_addr_cmp)
RB_GENERATE_STATIC(penalties_by_expiry, penalty, by_expiry, penalty_expiry_cmp)
static size_t npenalties4, npenalties6;
static int
srclimit_mask_addr(const struct xaddr *addr, int bits, struct xaddr *masked)
{
struct xaddr xmask;
/* Mask address off address to desired size. */
if (addr_netmask(addr->af, bits, &xmask) != 0 ||
addr_and(masked, addr, &xmask) != 0) {
debug3_f("%s: invalid mask %d bits", __func__, bits);
return -1;
}
return 0;
}
static int
srclimit_peer_addr(int sock, struct xaddr *addr)
{
struct sockaddr_storage storage;
socklen_t addrlen = sizeof(storage);
struct sockaddr *sa = (struct sockaddr *)&storage;
if (getpeername(sock, sa, &addrlen) != 0)
return 1; /* not remote socket? */
if (addr_sa_to_xaddr(sa, addrlen, addr) != 0)
return 1; /* unknown address family? */
return 0;
}
void
srclimit_init(int max, int persource, int ipv4len, int ipv6len)
srclimit_init(int max, int persource, int ipv4len, int ipv6len,
struct per_source_penalty *penalty_conf, const char *penalty_exempt_conf)
{
int i;
@ -48,25 +105,31 @@ srclimit_init(int max, int persource, int ipv4len, int ipv6len)
ipv4_masklen = ipv4len;
ipv6_masklen = ipv6len;
max_persource = persource;
penalty_cfg = *penalty_conf;
if (penalty_cfg.max_sources4 < 0 || penalty_cfg.max_sources6 < 0)
fatal_f("invalid max_sources"); /* shouldn't happen */
penalty_exempt = penalty_exempt_conf == NULL ?
NULL : xstrdup(penalty_exempt_conf);
RB_INIT(&penalties_by_addr4);
RB_INIT(&penalties_by_expiry4);
RB_INIT(&penalties_by_addr6);
RB_INIT(&penalties_by_expiry6);
if (max_persource == INT_MAX) /* no limit */
return;
debug("%s: max connections %d, per source %d, masks %d,%d", __func__,
max, persource, ipv4len, ipv6len);
if (max <= 0)
fatal("%s: invalid number of sockets: %d", __func__, max);
child = xcalloc(max_children, sizeof(*child));
children = xcalloc(max_children, sizeof(*children));
for (i = 0; i < max_children; i++)
child[i].id = -1;
children[i].id = -1;
}
/* returns 1 if connection allowed, 0 if not allowed. */
int
srclimit_check_allow(int sock, int id)
{
struct xaddr xa, xb, xmask;
struct sockaddr_storage addr;
socklen_t addrlen = sizeof(addr);
struct sockaddr *sa = (struct sockaddr *)&addr;
struct xaddr xa, xb;
int i, bits, first_unused, count = 0;
char xas[NI_MAXHOST];
@ -74,26 +137,19 @@ srclimit_check_allow(int sock, int id)
return 1;
debug("%s: sock %d id %d limit %d", __func__, sock, id, max_persource);
if (getpeername(sock, sa, &addrlen) != 0)
return 1; /* not remote socket? */
if (addr_sa_to_xaddr(sa, addrlen, &xa) != 0)
return 1; /* unknown address family? */
/* Mask address off address to desired size. */
bits = xa.af == AF_INET ? ipv4_masklen : ipv6_masklen;
if (addr_netmask(xa.af, bits, &xmask) != 0 ||
addr_and(&xb, &xa, &xmask) != 0) {
debug3("%s: invalid mask %d bits", __func__, bits);
if (srclimit_peer_addr(sock, &xa) != 0)
return 1;
bits = xa.af == AF_INET ? ipv4_masklen : ipv6_masklen;
if (srclimit_mask_addr(&xa, bits, &xb) != 0)
return 1;
}
first_unused = max_children;
/* Count matching entries and find first unused one. */
for (i = 0; i < max_children; i++) {
if (child[i].id == -1) {
if (children[i].id == -1) {
if (i < first_unused)
first_unused = i;
} else if (addr_cmp(&child[i].addr, &xb) == 0) {
} else if (addr_cmp(&children[i].addr, &xb) == 0) {
count++;
}
}
@ -116,8 +172,8 @@ srclimit_check_allow(int sock, int id)
return 0;
/* Connection allowed, store masked address. */
child[first_unused].id = id;
memcpy(&child[first_unused].addr, &xb, sizeof(xb));
children[first_unused].id = id;
memcpy(&children[first_unused].addr, &xb, sizeof(xb));
return 1;
}
@ -132,9 +188,301 @@ srclimit_done(int id)
debug("%s: id %d", __func__, id);
/* Clear corresponding state entry. */
for (i = 0; i < max_children; i++) {
if (child[i].id == id) {
child[i].id = -1;
if (children[i].id == id) {
children[i].id = -1;
return;
}
}
}
static int
penalty_addr_cmp(struct penalty *a, struct penalty *b)
{
return addr_cmp(&a->addr, &b->addr);
/* Addresses must be unique in by_addr, so no need to tiebreak */
}
static int
penalty_expiry_cmp(struct penalty *a, struct penalty *b)
{
if (a->expiry != b->expiry)
return a->expiry < b->expiry ? -1 : 1;
/* Tiebreak on addresses */
return addr_cmp(&a->addr, &b->addr);
}
static void
expire_penalties_from_tree(time_t now, const char *t,
struct penalties_by_expiry *by_expiry,
struct penalties_by_addr *by_addr, size_t *npenaltiesp)
{
struct penalty *penalty, *tmp;
/* XXX avoid full scan of tree, e.g. min-heap */
RB_FOREACH_SAFE(penalty, penalties_by_expiry, by_expiry, tmp) {
if (penalty->expiry >= now)
break;
if (RB_REMOVE(penalties_by_expiry, by_expiry,
penalty) != penalty ||
RB_REMOVE(penalties_by_addr, by_addr,
penalty) != penalty)
fatal_f("internal error: %s penalty table corrupt", t);
free(penalty);
if ((*npenaltiesp)-- == 0)
fatal_f("internal error: %s npenalties underflow", t);
}
}
static void
expire_penalties(time_t now)
{
expire_penalties_from_tree(now, "ipv4",
&penalties_by_expiry4, &penalties_by_addr4, &npenalties4);
expire_penalties_from_tree(now, "ipv6",
&penalties_by_expiry6, &penalties_by_addr6, &npenalties6);
}
static void
addr_masklen_ntop(struct xaddr *addr, int masklen, char *s, size_t slen)
{
size_t o;
if (addr_ntop(addr, s, slen) != 0) {
strlcpy(s, "UNKNOWN", slen);
return;
}
if ((o = strlen(s)) < slen)
snprintf(s + o, slen - o, "/%d", masklen);
}
int
srclimit_penalty_check_allow(int sock, const char **reason)
{
struct xaddr addr;
struct penalty find, *penalty;
time_t now;
int bits, max_sources, overflow_mode;
char addr_s[NI_MAXHOST];
struct penalties_by_addr *by_addr;
size_t npenalties;
if (!penalty_cfg.enabled)
return 1;
if (srclimit_peer_addr(sock, &addr) != 0)
return 1;
if (penalty_exempt != NULL) {
if (addr_ntop(&addr, addr_s, sizeof(addr_s)) != 0)
return 1; /* shouldn't happen */
if (addr_match_list(addr_s, penalty_exempt) == 1) {
return 1;
}
}
now = monotime();
expire_penalties(now);
by_addr = addr.af == AF_INET ?
&penalties_by_addr4 : &penalties_by_addr6;
max_sources = addr.af == AF_INET ?
penalty_cfg.max_sources4 : penalty_cfg.max_sources6;
overflow_mode = addr.af == AF_INET ?
penalty_cfg.overflow_mode : penalty_cfg.overflow_mode6;
npenalties = addr.af == AF_INET ? npenalties4 : npenalties6;
if (npenalties >= (size_t)max_sources &&
overflow_mode == PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL) {
*reason = "too many penalised addresses";
return 0;
}
bits = addr.af == AF_INET ? ipv4_masklen : ipv6_masklen;
memset(&find, 0, sizeof(find));
if (srclimit_mask_addr(&addr, bits, &find.addr) != 0)
return 1;
if ((penalty = RB_FIND(penalties_by_addr, by_addr, &find)) == NULL)
return 1; /* no penalty */
if (penalty->expiry < now) {
expire_penalties(now);
return 1; /* expired penalty */
}
if (!penalty->active)
return 1; /* Penalty hasn't hit activation threshold yet */
*reason = penalty->reason;
return 0;
}
static void
srclimit_early_expire_penalties_from_tree(const char *t,
struct penalties_by_expiry *by_expiry,
struct penalties_by_addr *by_addr, size_t *npenaltiesp, size_t max_sources)
{
struct penalty *p = NULL;
int bits;
char s[NI_MAXHOST + 4];
/* Delete the soonest-to-expire penalties. */
while (*npenaltiesp > max_sources) {
if ((p = RB_MIN(penalties_by_expiry, by_expiry)) == NULL)
fatal_f("internal error: %s table corrupt (find)", t);
bits = p->addr.af == AF_INET ? ipv4_masklen : ipv6_masklen;
addr_masklen_ntop(&p->addr, bits, s, sizeof(s));
debug3_f("%s overflow, remove %s", t, s);
if (RB_REMOVE(penalties_by_expiry, by_expiry, p) != p ||
RB_REMOVE(penalties_by_addr, by_addr, p) != p)
fatal_f("internal error: %s table corrupt (remove)", t);
free(p);
(*npenaltiesp)--;
}
}
static void
srclimit_early_expire_penalties(void)
{
srclimit_early_expire_penalties_from_tree("ipv4",
&penalties_by_expiry4, &penalties_by_addr4, &npenalties4,
(size_t)penalty_cfg.max_sources4);
srclimit_early_expire_penalties_from_tree("ipv6",
&penalties_by_expiry6, &penalties_by_addr6, &npenalties6,
(size_t)penalty_cfg.max_sources6);
}
void
srclimit_penalise(struct xaddr *addr, int penalty_type)
{
struct xaddr masked;
struct penalty *penalty = NULL, *existing = NULL;
time_t now;
int bits, penalty_secs, max_sources = 0, overflow_mode;
char addrnetmask[NI_MAXHOST + 4];
const char *reason = NULL, *t;
size_t *npenaltiesp = NULL;
struct penalties_by_addr *by_addr = NULL;
struct penalties_by_expiry *by_expiry = NULL;
if (!penalty_cfg.enabled)
return;
if (penalty_exempt != NULL) {
if (addr_ntop(addr, addrnetmask, sizeof(addrnetmask)) != 0)
return; /* shouldn't happen */
if (addr_match_list(addrnetmask, penalty_exempt) == 1) {
debug3_f("address %s is exempt", addrnetmask);
return;
}
}
switch (penalty_type) {
case SRCLIMIT_PENALTY_NONE:
return;
case SRCLIMIT_PENALTY_CRASH:
penalty_secs = penalty_cfg.penalty_crash;
reason = "penalty: caused crash";
break;
case SRCLIMIT_PENALTY_AUTHFAIL:
penalty_secs = penalty_cfg.penalty_authfail;
reason = "penalty: failed authentication";
break;
case SRCLIMIT_PENALTY_NOAUTH:
penalty_secs = penalty_cfg.penalty_noauth;
reason = "penalty: connections without attempting authentication";
break;
case SRCLIMIT_PENALTY_GRACE_EXCEEDED:
penalty_secs = penalty_cfg.penalty_crash;
reason = "penalty: exceeded LoginGraceTime";
break;
default:
fatal_f("internal error: unknown penalty %d", penalty_type);
}
bits = addr->af == AF_INET ? ipv4_masklen : ipv6_masklen;
if (srclimit_mask_addr(addr, bits, &masked) != 0)
return;
addr_masklen_ntop(addr, bits, addrnetmask, sizeof(addrnetmask));
now = monotime();
expire_penalties(now);
by_expiry = addr->af == AF_INET ?
&penalties_by_expiry4 : &penalties_by_expiry6;
by_addr = addr->af == AF_INET ?
&penalties_by_addr4 : &penalties_by_addr6;
max_sources = addr->af == AF_INET ?
penalty_cfg.max_sources4 : penalty_cfg.max_sources6;
overflow_mode = addr->af == AF_INET ?
penalty_cfg.overflow_mode : penalty_cfg.overflow_mode6;
npenaltiesp = addr->af == AF_INET ? &npenalties4 : &npenalties6;
t = addr->af == AF_INET ? "ipv4" : "ipv6";
if (*npenaltiesp >= (size_t)max_sources &&
overflow_mode == PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL) {
verbose_f("%s penalty table full, cannot penalise %s for %s", t,
addrnetmask, reason);
return;
}
penalty = xcalloc(1, sizeof(*penalty));
penalty->addr = masked;
penalty->expiry = now + penalty_secs;
penalty->reason = reason;
if ((existing = RB_INSERT(penalties_by_addr, by_addr,
penalty)) == NULL) {
/* penalty didn't previously exist */
if (penalty_secs > penalty_cfg.penalty_min)
penalty->active = 1;
if (RB_INSERT(penalties_by_expiry, by_expiry, penalty) != NULL)
fatal_f("internal error: %s penalty tables corrupt", t);
verbose_f("%s: new %s %s penalty of %d seconds for %s", t,
addrnetmask, penalty->active ? "active" : "deferred",
penalty_secs, reason);
if (++(*npenaltiesp) > (size_t)max_sources)
srclimit_early_expire_penalties(); /* permissive */
return;
}
debug_f("%s penalty for %s %s already exists, %lld seconds remaining",
existing->active ? "active" : "inactive", t,
addrnetmask, (long long)(existing->expiry - now));
/* Expiry information is about to change, remove from tree */
if (RB_REMOVE(penalties_by_expiry, by_expiry, existing) != existing)
fatal_f("internal error: %s penalty table corrupt (remove)", t);
/* An entry already existed. Accumulate penalty up to maximum */
existing->expiry += penalty_secs;
if (existing->expiry - now > penalty_cfg.penalty_max)
existing->expiry = now + penalty_cfg.penalty_max;
if (existing->expiry - now > penalty_cfg.penalty_min &&
!existing->active) {
verbose_f("%s: activating %s penalty of %lld seconds for %s",
addrnetmask, t, (long long)(existing->expiry - now),
reason);
existing->active = 1;
}
existing->reason = penalty->reason;
free(penalty);
penalty = NULL;
/* Re-insert into expiry tree */
if (RB_INSERT(penalties_by_expiry, by_expiry, existing) != NULL)
fatal_f("internal error: %s penalty table corrupt (insert)", t);
}
static void
srclimit_penalty_info_for_tree(const char *t,
struct penalties_by_expiry *by_expiry, size_t npenalties)
{
struct penalty *p = NULL;
int bits;
char s[NI_MAXHOST + 4];
time_t now;
now = monotime();
logit("%zu active %s penalties", npenalties, t);
RB_FOREACH(p, penalties_by_expiry, by_expiry) {
bits = p->addr.af == AF_INET ? ipv4_masklen : ipv6_masklen;
addr_masklen_ntop(&p->addr, bits, s, sizeof(s));
if (p->expiry < now)
logit("client %s %s (expired)", s, p->reason);
else {
logit("client %s %s (%llu secs left)", s, p->reason,
(long long)(p->expiry - now));
}
}
}
void
srclimit_penalty_info(void)
{
srclimit_penalty_info_for_tree("ipv4",
&penalties_by_expiry4, npenalties4);
srclimit_penalty_info_for_tree("ipv6",
&penalties_by_expiry6, npenalties6);
}

22
srclimit.h
View File

@ -13,6 +13,26 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
void srclimit_init(int, int, int, int);
struct xaddr;
struct per_source_penalty;
void srclimit_init(int, int, int, int,
struct per_source_penalty *, const char *);
int srclimit_check_allow(int, int);
void srclimit_done(int);
#define SRCLIMIT_PENALTY_NONE 0
#define SRCLIMIT_PENALTY_CRASH 1
#define SRCLIMIT_PENALTY_AUTHFAIL 2
#define SRCLIMIT_PENALTY_GRACE_EXCEEDED 3
#define SRCLIMIT_PENALTY_NOAUTH 4
/* meaningful exit values, used by sshd listener for penalties */
#define EXIT_LOGIN_GRACE 3 /* login grace period exceeded */
#define EXIT_CHILD_CRASH 4 /* preauth child crashed */
#define EXIT_AUTH_ATTEMPTED 5 /* at least one auth attempt made */
void srclimit_penalise(struct xaddr *, int);
int srclimit_penalty_check_allow(int, const char **);
void srclimit_penalty_info(void);

209
ssh-add.0 Normal file
View File

@ -0,0 +1,209 @@
SSH-ADD(1) General Commands Manual SSH-ADD(1)
NAME
ssh-add M-bM-^@M-^S adds private key identities to the OpenSSH authentication agent
SYNOPSIS
ssh-add [-CcDdKkLlqvXx] [-E fingerprint_hash] [-H hostkey_file]
[-h destination_constraint] [-S provider] [-t life] [file ...]
ssh-add -s pkcs11 [-Cv] [certificate ...]
ssh-add -e pkcs11
ssh-add -T pubkey ...
DESCRIPTION
ssh-add adds private key identities to the authentication agent,
ssh-agent(1). When run without arguments, it adds the files
~/.ssh/id_rsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519 and
~/.ssh/id_ed25519_sk. After loading a private key, ssh-add will try to
load corresponding certificate information from the filename obtained by
appending -cert.pub to the name of the private key file. Alternative
file names can be given on the command line.
If any file requires a passphrase, ssh-add asks for the passphrase from
the user. The passphrase is read from the user's tty. ssh-add retries
the last passphrase if multiple identity files are given.
The authentication agent must be running and the SSH_AUTH_SOCK
environment variable must contain the name of its socket for ssh-add to
work.
The options are as follows:
-C When loading keys into or deleting keys from the agent, process
certificates only and skip plain keys.
-c Indicates that added identities should be subject to confirmation
before being used for authentication. Confirmation is performed
by ssh-askpass(1). Successful confirmation is signaled by a zero
exit status from ssh-askpass(1), rather than text entered into
the requester.
-D Deletes all identities from the agent.
-d Instead of adding identities, removes identities from the agent.
If ssh-add has been run without arguments, the keys for the
default identities and their corresponding certificates will be
removed. Otherwise, the argument list will be interpreted as a
list of paths to public key files to specify keys and
certificates to be removed from the agent. If no public key is
found at a given path, ssh-add will append .pub and retry. If
the argument list consists of M-bM-^@M-^\-M-bM-^@M-^] then ssh-add will read public
keys to be removed from standard input.
-E fingerprint_hash
Specifies the hash algorithm used when displaying key
fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
default is M-bM-^@M-^\sha256M-bM-^@M-^].
-e pkcs11
Remove keys provided by the PKCS#11 shared library pkcs11.
-H hostkey_file
Specifies a known hosts file to look up hostkeys when using
destination-constrained keys via the -h flag. This option may be
specified multiple times to allow multiple files to be searched.
If no files are specified, ssh-add will use the default
ssh_config(5) known hosts files: ~/.ssh/known_hosts,
~/.ssh/known_hosts2, /etc/ssh/ssh_known_hosts, and
/etc/ssh/ssh_known_hosts2.
-h destination_constraint
When adding keys, constrain them to be usable only through
specific hosts or to specific destinations.
Destination constraints of the form M-bM-^@M-^X[user@]dest-hostnameM-bM-^@M-^Y permit
use of the key only from the origin host (the one running
ssh-agent(1)) to the listed destination host, with optional user
name.
Constraints of the form M-bM-^@M-^Xsrc-hostname>[user@]dst-hostnameM-bM-^@M-^Y allow
a key available on a forwarded ssh-agent(1) to be used through a
particular host (as specified by M-bM-^@M-^Xsrc-hostnameM-bM-^@M-^Y) to authenticate
to a further host, specified by M-bM-^@M-^Xdst-hostnameM-bM-^@M-^Y.
Multiple destination constraints may be added when loading keys.
When attempting authentication with a key that has destination
constraints, the whole connection path, including ssh-agent(1)
forwarding, is tested against those constraints and each hop must
be permitted for the attempt to succeed. For example, if key is
forwarded to a remote host, M-bM-^@M-^Xhost-bM-bM-^@M-^Y, and is attempting
authentication to another host, M-bM-^@M-^Xhost-cM-bM-^@M-^Y, then the operation will
be successful only if M-bM-^@M-^Xhost-bM-bM-^@M-^Y was permitted from the origin host
and the subsequent M-bM-^@M-^Xhost-b>host-cM-bM-^@M-^Y hop is also permitted by
destination constraints.
Hosts are identified by their host keys, and are looked up from
known hosts files by ssh-add. Wildcards patterns may be used for
hostnames and certificate host keys are supported. By default,
keys added by ssh-add are not destination constrained.
Destination constraints were added in OpenSSH release 8.9.
Support in both the remote SSH client and server is required when
using destination-constrained keys over a forwarded ssh-agent(1)
channel.
It is also important to note that destination constraints can
only be enforced by ssh-agent(1) when a key is used, or when it
is forwarded by a cooperating ssh(1). Specifically, it does not
prevent an attacker with access to a remote SSH_AUTH_SOCK from
forwarding it again and using it on a different host (but only to
a permitted destination).
-K Load resident keys from a FIDO authenticator.
-k When loading keys into or deleting keys from the agent, process
plain private keys only and skip certificates.
-L Lists public key parameters of all identities currently
represented by the agent.
-l Lists fingerprints of all identities currently represented by the
agent.
-q Be quiet after a successful operation.
-S provider
Specifies a path to a library that will be used when adding FIDO
authenticator-hosted keys, overriding the default of using the
internal USB HID support.
-s pkcs11
Add keys provided by the PKCS#11 shared library pkcs11.
Certificate files may optionally be listed as command-line
arguments. If these are present, then they will be loaded into
the agent using any corresponding private keys loaded from the
PKCS#11 token.
-T pubkey ...
Tests whether the private keys that correspond to the specified
pubkey files are usable by performing sign and verify operations
on each.
-t life
Set a maximum lifetime when adding identities to an agent. The
lifetime may be specified in seconds or in a time format
specified in sshd_config(5).
-v Verbose mode. Causes ssh-add to print debugging messages about
its progress. This is helpful in debugging problems. Multiple
-v options increase the verbosity. The maximum is 3.
-X Unlock the agent.
-x Lock the agent with a password.
ENVIRONMENT
DISPLAY, SSH_ASKPASS and SSH_ASKPASS_REQUIRE
If ssh-add needs a passphrase, it will read the passphrase from
the current terminal if it was run from a terminal. If ssh-add
does not have a terminal associated with it but DISPLAY and
SSH_ASKPASS are set, it will execute the program specified by
SSH_ASKPASS (by default M-bM-^@M-^\ssh-askpassM-bM-^@M-^]) and open an X11 window to
read the passphrase. This is particularly useful when calling
ssh-add from a .xsession or related script.
SSH_ASKPASS_REQUIRE allows further control over the use of an
askpass program. If this variable is set to M-bM-^@M-^\neverM-bM-^@M-^] then ssh-add
will never attempt to use one. If it is set to M-bM-^@M-^\preferM-bM-^@M-^], then
ssh-add will prefer to use the askpass program instead of the TTY
when requesting passwords. Finally, if the variable is set to
M-bM-^@M-^\forceM-bM-^@M-^], then the askpass program will be used for all passphrase
input regardless of whether DISPLAY is set.
SSH_AUTH_SOCK
Identifies the path of a UNIX-domain socket used to communicate
with the agent.
SSH_SK_PROVIDER
Specifies a path to a library that will be used when loading any
FIDO authenticator-hosted keys, overriding the default of using
the built-in USB HID support.
FILES
~/.ssh/id_ecdsa
~/.ssh/id_ecdsa_sk
~/.ssh/id_ed25519
~/.ssh/id_ed25519_sk
~/.ssh/id_rsa
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of
the user.
Identity files should not be readable by anyone but the user. Note that
ssh-add ignores identity files if they are accessible by others.
EXIT STATUS
Exit status is 0 on success, 1 if the specified command fails, and 2 if
ssh-add is unable to contact the authentication agent.
SEE ALSO
ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by
Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
de Raadt and Dug Song removed many bugs, re-added newer features and
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 7.5 June 17, 2024 OpenBSD 7.5

12
ssh-add.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-add.1,v 1.86 2023/12/19 06:57:34 jmc Exp $
.\" $OpenBSD: ssh-add.1,v 1.87 2024/06/17 08:30:29 djm Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 19 2023 $
.Dd $Mdocdate: June 17 2024 $
.Dt SSH-ADD 1
.Os
.Sh NAME
@ -67,10 +67,9 @@ When run without arguments, it adds the files
.Pa ~/.ssh/id_rsa ,
.Pa ~/.ssh/id_ecdsa ,
.Pa ~/.ssh/id_ecdsa_sk ,
.Pa ~/.ssh/id_ed25519 ,
.Pa ~/.ssh/id_ed25519_sk ,
.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/id_dsa .
.Pa ~/.ssh/id_ed25519_sk .
After loading a private key,
.Nm
will try to load corresponding certificate information from the
@ -314,13 +313,12 @@ the built-in USB HID support.
.El
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.ssh/id_dsa
.It Pa ~/.ssh/id_ecdsa
.It Pa ~/.ssh/id_ecdsa_sk
.It Pa ~/.ssh/id_ed25519
.It Pa ~/.ssh/id_ed25519_sk
.It Pa ~/.ssh/id_rsa
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of the user.
.El
.Pp

140
ssh-agent.0 Normal file
View File

@ -0,0 +1,140 @@
SSH-AGENT(1) General Commands Manual SSH-AGENT(1)
NAME
ssh-agent M-bM-^@M-^S OpenSSH authentication agent
SYNOPSIS
ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]
[-O option] [-P allowed_providers] [-t life]
ssh-agent [-a bind_address] [-E fingerprint_hash] [-O option]
[-P allowed_providers] [-t life] command [arg ...]
ssh-agent [-c | -s] -k
DESCRIPTION
ssh-agent is a program to hold private keys used for public key
authentication. Through use of environment variables the agent can be
located and automatically used for authentication when logging in to
other machines using ssh(1).
The options are as follows:
-a bind_address
Bind the agent to the UNIX-domain socket bind_address. The
default is $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>.
-c Generate C-shell commands on stdout. This is the default if
SHELL looks like it's a csh style of shell.
-D Foreground mode. When this option is specified, ssh-agent will
not fork.
-d Debug mode. When this option is specified, ssh-agent will not
fork and will write debug information to standard error.
-E fingerprint_hash
Specifies the hash algorithm used when displaying key
fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
default is M-bM-^@M-^\sha256M-bM-^@M-^].
-k Kill the current agent (given by the SSH_AGENT_PID environment
variable).
-O option
Specify an option when starting ssh-agent. Currently two options
are supported: allow-remote-pkcs11 and no-restrict-websafe.
The allow-remote-pkcs11 option allows clients of a forwarded
ssh-agent to load PKCS#11 or FIDO provider libraries. By default
only local clients may perform this operation. Note that
signalling that an ssh-agent client is remote is performed by
ssh(1), and use of other tools to forward access to the agent
socket may circumvent this restriction.
The no-restrict-websafe option instructs ssh-agent to permit
signatures using FIDO keys that might be web authentication
requests. By default, ssh-agent refuses signature requests for
FIDO keys where the key application string does not start with
M-bM-^@M-^\ssh:M-bM-^@M-^] and when the data to be signed does not appear to be a
ssh(1) user authentication request or a ssh-keygen(1) signature.
The default behaviour prevents forwarded access to a FIDO key
from also implicitly forwarding the ability to authenticate to
websites.
-P allowed_providers
Specify a pattern-list of acceptable paths for PKCS#11 provider
and FIDO authenticator middleware shared libraries that may be
used with the -S or -s options to ssh-add(1). Libraries that do
not match the pattern list will be refused. See PATTERNS in
ssh_config(5) for a description of pattern-list syntax. The
default list is M-bM-^@M-^\usr/lib*/*,/usr/local/lib*/*M-bM-^@M-^].
-s Generate Bourne shell commands on stdout. This is the default if
SHELL does not look like it's a csh style of shell.
-t life
Set a default value for the maximum lifetime of identities added
to the agent. The lifetime may be specified in seconds or in a
time format specified in sshd_config(5). A lifetime specified
for an identity with ssh-add(1) overrides this value. Without
this option the default maximum lifetime is forever.
command [arg ...]
If a command (and optional arguments) is given, this is executed
as a subprocess of the agent. The agent exits automatically when
the command given on the command line terminates.
There are two main ways to get an agent set up. The first is at the
start of an X session, where all other windows or programs are started as
children of the ssh-agent program. The agent starts a command under
which its environment variables are exported, for example ssh-agent xterm
&. When the command terminates, so does the agent.
The second method is used for a login session. When ssh-agent is
started, it prints the shell commands required to set its environment
variables, which in turn can be evaluated in the calling shell, for
example eval `ssh-agent -s`.
In both cases, ssh(1) looks at these environment variables and uses them
to establish a connection to the agent.
The agent initially does not have any private keys. Keys are added using
ssh-add(1) or by ssh(1) when AddKeysToAgent is set in ssh_config(5).
Multiple identities may be stored in ssh-agent concurrently and ssh(1)
will automatically use them if present. ssh-add(1) is also used to
remove keys from ssh-agent and to query the keys that are held in one.
Connections to ssh-agent may be forwarded from further remote hosts using
the -A option to ssh(1) (but see the caveats documented therein),
avoiding the need for authentication data to be stored on other machines.
Authentication passphrases and private keys never go over the network:
the connection to the agent is forwarded over SSH remote connections and
the result is returned to the requester, allowing the user access to
their identities anywhere in the network in a secure fashion.
ENVIRONMENT
SSH_AGENT_PID When ssh-agent starts, it stores the name of the agent's
process ID (PID) in this variable.
SSH_AUTH_SOCK When ssh-agent starts, it creates a UNIX-domain socket and
stores its pathname in this variable. It is accessible
only to the current user, but is easily abused by root or
another instance of the same user.
FILES
$TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>
UNIX-domain sockets used to contain the connection to the
authentication agent. These sockets should only be readable by
the owner. The sockets should get automatically removed when the
agent exits.
SEE ALSO
ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5), sshd(8)
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by
Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
de Raadt and Dug Song removed many bugs, re-added newer features and
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 7.5 August 10, 2023 OpenBSD 7.5

3
ssh-gss.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-gss.h,v 1.15 2021/01/27 10:05:28 djm Exp $ */
/* $OpenBSD: ssh-gss.h,v 1.16 2024/05/17 06:42:04 jsg Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
@ -103,7 +103,6 @@ int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
void ssh_gssapi_set_oid(Gssctxt *, gss_OID);
void ssh_gssapi_supported_oids(gss_OID_set *);
ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *);
void ssh_gssapi_prepare_supported_oids(void);
OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *);

907
ssh-keygen.0 Normal file
View File

@ -0,0 +1,907 @@
SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1)
NAME
ssh-keygen M-bM-^@M-^S OpenSSH authentication key utility
SYNOPSIS
ssh-keygen [-q] [-a rounds] [-b bits] [-C comment] [-f output_keyfile]
[-m format] [-N new_passphrase] [-O option]
[-t ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]
[-w provider] [-Z cipher]
ssh-keygen -p [-a rounds] [-f keyfile] [-m format] [-N new_passphrase]
[-P old_passphrase] [-Z cipher]
ssh-keygen -i [-f input_keyfile] [-m key_format]
ssh-keygen -e [-f input_keyfile] [-m key_format]
ssh-keygen -y [-f input_keyfile]
ssh-keygen -c [-a rounds] [-C comment] [-f keyfile] [-P passphrase]
ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
ssh-keygen -B [-f input_keyfile]
ssh-keygen -D pkcs11
ssh-keygen -F hostname [-lv] [-f known_hosts_file]
ssh-keygen -H [-f known_hosts_file]
ssh-keygen -K [-a rounds] [-w provider]
ssh-keygen -R hostname [-f known_hosts_file]
ssh-keygen -r hostname [-g] [-f input_keyfile]
ssh-keygen -M generate [-O option] output_file
ssh-keygen -M screen [-f input_file] [-O option] output_file
ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]
[-n principals] [-O option] [-V validity_interval]
[-z serial_number] file ...
ssh-keygen -L [-f input_keyfile]
ssh-keygen -A [-a rounds] [-f prefix_path]
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
file ...
ssh-keygen -Q [-l] -f krl_file file ...
ssh-keygen -Y find-principals [-O option] -s signature_file
-f allowed_signers_file
ssh-keygen -Y match-principals -I signer_identity -f allowed_signers_file
ssh-keygen -Y check-novalidate [-O option] -n namespace -s signature_file
ssh-keygen -Y sign [-O option] -f key_file -n namespace file ...
ssh-keygen -Y verify [-O option] -f allowed_signers_file
-I signer_identity -n namespace -s signature_file
[-r revocation_file]
DESCRIPTION
ssh-keygen generates, manages and converts authentication keys for
ssh(1). ssh-keygen can create keys for use by SSH protocol version 2.
The type of key to be generated is specified with the -t option. If
invoked without any arguments, ssh-keygen will generate an Ed25519 key.
ssh-keygen is also used to generate groups for use in Diffie-Hellman
group exchange (DH-GEX). See the MODULI GENERATION section for details.
Finally, ssh-keygen can be used to generate and update Key Revocation
Lists, and to test whether given keys have been revoked by one. See the
KEY REVOCATION LISTS section for details.
Normally each user wishing to use SSH with public key authentication runs
this once to create the authentication key in ~/.ssh/id_ecdsa,
~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, ~/.ssh/id_ed25519_sk or
~/.ssh/id_rsa. Additionally, the system administrator may use this to
generate host keys, as seen in /etc/rc.
Normally this program generates the key and asks for a file in which to
store the private key. The public key is stored in a file with the same
name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The
passphrase may be empty to indicate no passphrase (host keys must have an
empty passphrase), or it may be a string of arbitrary length. A
passphrase is similar to a password, except it can be a phrase with a
series of words, punctuation, numbers, whitespace, or any string of
characters you want. Good passphrases are 10-30 characters long, are not
simple sentences or otherwise easily guessable (English prose has only
1-2 bits of entropy per character, and provides very bad passphrases),
and contain a mix of upper and lowercase letters, numbers, and non-
alphanumeric characters. The passphrase can be changed later by using
the -p option.
There is no way to recover a lost passphrase. If the passphrase is lost
or forgotten, a new key must be generated and the corresponding public
key copied to other machines.
ssh-keygen will by default write keys in an OpenSSH-specific format.
This format is preferred as it offers better protection for keys at rest
as well as allowing storage of key comments within the private key file
itself. The key comment may be useful to help identify the key. The
comment is initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be
changed using the -c option.
It is still possible for ssh-keygen to write the previously-used PEM
format private keys using the -m flag. This may be used when generating
new keys, and existing new-format keys may be converted using this option
in conjunction with the -p (change passphrase) flag.
After a key is generated, ssh-keygen will ask where the keys should be
placed to be activated.
The options are as follows:
-A Generate host keys of all default key types (rsa, ecdsa, and
ed25519) if they do not already exist. The host keys are
generated with the default key file path, an empty passphrase,
default bits for the key type, and default comment. If -f has
also been specified, its argument is used as a prefix to the
default path for the resulting host key files. This is used by
/etc/rc to generate new host keys.
-a rounds
When saving a private key, this option specifies the number of
KDF (key derivation function, currently bcrypt_pbkdf(3)) rounds
used. Higher numbers result in slower passphrase verification
and increased resistance to brute-force password cracking (should
the keys be stolen). The default is 16 rounds.
-B Show the bubblebabble digest of specified private or public key
file.
-b bits
Specifies the number of bits in the key to create. For RSA keys,
the minimum size is 1024 bits and the default is 3072 bits.
Generally, 3072 bits is considered sufficient. For ECDSA keys,
the -b flag determines the key length by selecting from one of
three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
use bit lengths other than these three values for ECDSA keys will
fail. ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length
and the -b flag will be ignored.
-C comment
Provides a new comment.
-c Requests changing the comment in the private and public key
files. The program will prompt for the file containing the
private keys, for the passphrase if the key has one, and for the
new comment.
-D pkcs11
Download the public keys provided by the PKCS#11 shared library
pkcs11. When used in combination with -s, this option indicates
that a CA key resides in a PKCS#11 token (see the CERTIFICATES
section for details).
-E fingerprint_hash
Specifies the hash algorithm used when displaying key
fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
default is M-bM-^@M-^\sha256M-bM-^@M-^].
-e This option will read a private or public OpenSSH key file and
print to stdout a public key in one of the formats specified by
the -m option. The default export format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. This
option allows exporting OpenSSH keys for use by other programs,
including several commercial SSH implementations.
-F hostname | [hostname]:port
Search for the specified hostname (with optional port number) in
a known_hosts file, listing any occurrences found. This option
is useful to find hashed host names or addresses and may also be
used in conjunction with the -H option to print found keys in a
hashed format.
-f filename
Specifies the filename of the key file.
-g Use generic DNS format when printing fingerprint resource records
using the -r command.
-H Hash a known_hosts file. This replaces all hostnames and
addresses with hashed representations within the specified file;
the original content is moved to a file with a .old suffix.
These hashes may be used normally by ssh and sshd, but they do
not reveal identifying information should the file's contents be
disclosed. This option will not modify existing hashed hostnames
and is therefore safe to use on files that mix hashed and non-
hashed names.
-h When signing a key, create a host certificate instead of a user
certificate. See the CERTIFICATES section for details.
-I certificate_identity
Specify the key identity when signing a public key. See the
CERTIFICATES section for details.
-i This option will read an unencrypted private (or public) key file
in the format specified by the -m option and print an OpenSSH
compatible private (or public) key to stdout. This option allows
importing keys from other software, including several commercial
SSH implementations. The default import format is M-bM-^@M-^\RFC4716M-bM-^@M-^].
-K Download resident keys from a FIDO authenticator. Public and
private key files will be written to the current directory for
each downloaded key. If multiple FIDO authenticators are
attached, keys will be downloaded from the first touched
authenticator. See the FIDO AUTHENTICATOR section for more
information.
-k Generate a KRL file. In this mode, ssh-keygen will generate a
KRL file at the location specified via the -f flag that revokes
every key or certificate presented on the command line.
Keys/certificates to be revoked may be specified by public key
file or using the format described in the KEY REVOCATION LISTS
section.
-L Prints the contents of one or more certificates.
-l Show fingerprint of specified public key file. ssh-keygen will
try to find the matching public key file and prints its
fingerprint. If combined with -v, a visual ASCII art
representation of the key is supplied with the fingerprint.
-M generate
Generate candidate Diffie-Hellman Group Exchange (DH-GEX)
parameters for eventual use by the
M-bM-^@M-^Xdiffie-hellman-group-exchange-*M-bM-^@M-^Y key exchange methods. The
numbers generated by this operation must be further screened
before use. See the MODULI GENERATION section for more
information.
-M screen
Screen candidate parameters for Diffie-Hellman Group Exchange.
This will accept a list of candidate numbers and test that they
are safe (Sophie Germain) primes with acceptable group
generators. The results of this operation may be added to the
/etc/moduli file. See the MODULI GENERATION section for more
information.
-m key_format
Specify a key format for key generation, the -i (import), -e
(export) conversion options, and the -p change passphrase
operation. The latter may be used to convert between OpenSSH
private key and PEM private key formats. The supported key
formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^] (RFC 4716/SSH2 public or private key),
M-bM-^@M-^\PKCS8M-bM-^@M-^] (PKCS8 public or private key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key).
By default OpenSSH will write newly-generated private keys in its
own format, but when converting public keys for export the
default format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. Setting a format of M-bM-^@M-^\PEMM-bM-^@M-^] when
generating or updating a supported private key type will cause
the key to be stored in the legacy PEM private key format.
-N new_passphrase
Provides the new passphrase.
-n principals
Specify one or more principals (user or host names) to be
included in a certificate when signing a key. Multiple
principals may be specified, separated by commas. See the
CERTIFICATES section for details.
-O option
Specify a key/value option. These are specific to the operation
that ssh-keygen has been requested to perform.
When signing certificates, one of the options listed in the
CERTIFICATES section may be specified here.
When performing moduli generation or screening, one of the
options listed in the MODULI GENERATION section may be specified.
When generating FIDO authenticator-backed keys, the options
listed in the FIDO AUTHENTICATOR section may be specified.
When performing signature-related options using the -Y flag, the
following options are accepted:
hashalg=algorithm
Selects the hash algorithm to use for hashing the message
to be signed. Valid algorithms are M-bM-^@M-^\sha256M-bM-^@M-^] and
M-bM-^@M-^\sha512.M-bM-^@M-^] The default is M-bM-^@M-^\sha512.M-bM-^@M-^]
print-pubkey
Print the full public key to standard output after
signature verification.
verify-time=timestamp
Specifies a time to use when validating signatures
instead of the current time. The time may be specified
as a date or time in the YYYYMMDD[Z] or in
YYYYMMDDHHMM[SS][Z] formats. Dates and times will be
interpreted in the current system time zone unless
suffixed with a Z character, which causes them to be
interpreted in the UTC time zone.
When generating SSHFP DNS records from public keys using the -r
flag, the following options are accepted:
hashalg=algorithm
Selects a hash algorithm to use when printing SSHFP
records using the -D flag. Valid algorithms are M-bM-^@M-^\sha1M-bM-^@M-^]
and M-bM-^@M-^\sha256M-bM-^@M-^]. The default is to print both.
The -O option may be specified multiple times.
-P passphrase
Provides the (old) passphrase.
-p Requests changing the passphrase of a private key file instead of
creating a new private key. The program will prompt for the file
containing the private key, for the old passphrase, and twice for
the new passphrase.
-Q Test whether keys have been revoked in a KRL. If the -l option
is also specified then the contents of the KRL will be printed.
-q Silence ssh-keygen.
-R hostname | [hostname]:port
Removes all keys belonging to the specified hostname (with
optional port number) from a known_hosts file. This option is
useful to delete hashed hosts (see the -H option above).
-r hostname
Print the SSHFP fingerprint resource record named hostname for
the specified public key file.
-s ca_key
Certify (sign) a public key using the specified CA key. See the
CERTIFICATES section for details.
When generating a KRL, -s specifies a path to a CA public key
file used to revoke certificates directly by key ID or serial
number. See the KEY REVOCATION LISTS section for details.
-t ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
Specifies the type of key to create. The possible values are
M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ecdsa-skM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], M-bM-^@M-^\ed25519-skM-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^].
This flag may also be used to specify the desired signature type
when signing certificates using an RSA CA key. The available RSA
signature variants are M-bM-^@M-^\ssh-rsaM-bM-^@M-^] (SHA1 signatures, not
recommended), M-bM-^@M-^\rsa-sha2-256M-bM-^@M-^], and M-bM-^@M-^\rsa-sha2-512M-bM-^@M-^] (the default).
-U When used in combination with -s or -Y sign, this option
indicates that a CA key resides in a ssh-agent(1). See the
CERTIFICATES section for more information.
-u Update a KRL. When specified with -k, keys listed via the
command line are added to the existing KRL rather than a new KRL
being created.
-V validity_interval
Specify a validity interval when signing a certificate. A
validity interval may consist of a single time, indicating that
the certificate is valid beginning now and expiring at that time,
or may consist of two times separated by a colon to indicate an
explicit time interval.
The start time may be specified as:
M-bM-^@M-M-bM-^@M-" The string M-bM-^@M-^\alwaysM-bM-^@M-^] to indicate the certificate has no
specified start time.
M-bM-^@M-M-bM-^@M-" A date or time in the system time zone formatted as YYYYMMDD
or YYYYMMDDHHMM[SS].
M-bM-^@M-M-bM-^@M-" A date or time in the UTC time zone as YYYYMMDDZ or
YYYYMMDDHHMM[SS]Z.
M-bM-^@M-M-bM-^@M-" A relative time before the current system time consisting of
a minus sign followed by an interval in the format described
in the TIME FORMATS section of sshd_config(5).
M-bM-^@M-M-bM-^@M-" A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a
hexadecimal number beginning with M-bM-^@M-^\0xM-bM-^@M-^].
The end time may be specified similarly to the start time:
M-bM-^@M-M-bM-^@M-" The string M-bM-^@M-^\foreverM-bM-^@M-^] to indicate the certificate has no
specified end time.
M-bM-^@M-M-bM-^@M-" A date or time in the system time zone formatted as YYYYMMDD
or YYYYMMDDHHMM[SS].
M-bM-^@M-M-bM-^@M-" A date or time in the UTC time zone as YYYYMMDDZ or
YYYYMMDDHHMM[SS]Z.
M-bM-^@M-M-bM-^@M-" A relative time after the current system time consisting of a
plus sign followed by an interval in the format described in
the TIME FORMATS section of sshd_config(5).
M-bM-^@M-M-bM-^@M-" A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a
hexadecimal number beginning with M-bM-^@M-^\0xM-bM-^@M-^].
For example:
+52w1d Valid from now to 52 weeks and one day from now.
-4w:+4w
Valid from four weeks ago to four weeks from now.
20100101123000:20110101123000
Valid from 12:30 PM, January 1st, 2010 to 12:30 PM,
January 1st, 2011.
20100101123000Z:20110101123000Z
Similar, but interpreted in the UTC time zone rather than
the system time zone.
-1d:20110101
Valid from yesterday to midnight, January 1st, 2011.
0x1:0x2000000000
Valid from roughly early 1970 to May 2033.
-1m:forever
Valid from one minute ago and never expiring.
-v Verbose mode. Causes ssh-keygen to print debugging messages
about its progress. This is helpful for debugging moduli
generation. Multiple -v options increase the verbosity. The
maximum is 3.
-w provider
Specifies a path to a library that will be used when creating
FIDO authenticator-hosted keys, overriding the default of using
the internal USB HID support.
-Y find-principals
Find the principal(s) associated with the public key of a
signature, provided using the -s flag in an authorized signers
file provided using the -f flag. The format of the allowed
signers file is documented in the ALLOWED SIGNERS section below.
If one or more matching principals are found, they are returned
on standard output.
-Y match-principals
Find principal matching the principal name provided using the -I
flag in the authorized signers file specified using the -f flag.
If one or more matching principals are found, they are returned
on standard output.
-Y check-novalidate
Checks that a signature generated using ssh-keygen -Y sign has a
valid structure. This does not validate if a signature comes
from an authorized signer. When testing a signature, ssh-keygen
accepts a message on standard input and a signature namespace
using -n. A file containing the corresponding signature must
also be supplied using the -s flag. Successful testing of the
signature is signalled by ssh-keygen returning a zero exit
status.
-Y sign
Cryptographically sign a file or some data using an SSH key.
When signing, ssh-keygen accepts zero or more files to sign on
the command-line - if no files are specified then ssh-keygen will
sign data presented on standard input. Signatures are written to
the path of the input file with M-bM-^@M-^\.sigM-bM-^@M-^] appended, or to standard
output if the message to be signed was read from standard input.
The key used for signing is specified using the -f option and may
refer to either a private key, or a public key with the private
half available via ssh-agent(1). An additional signature
namespace, used to prevent signature confusion across different
domains of use (e.g. file signing vs email signing) must be
provided via the -n flag. Namespaces are arbitrary strings, and
may include: M-bM-^@M-^\fileM-bM-^@M-^] for file signing, M-bM-^@M-^\emailM-bM-^@M-^] for email signing.
For custom uses, it is recommended to use names following a
NAMESPACE@YOUR.DOMAIN pattern to generate unambiguous namespaces.
-Y verify
Request to verify a signature generated using ssh-keygen -Y sign
as described above. When verifying a signature, ssh-keygen
accepts a message on standard input and a signature namespace
using -n. A file containing the corresponding signature must
also be supplied using the -s flag, along with the identity of
the signer using -I and a list of allowed signers via the -f
flag. The format of the allowed signers file is documented in
the ALLOWED SIGNERS section below. A file containing revoked
keys can be passed using the -r flag. The revocation file may be
a KRL or a one-per-line list of public keys. Successful
verification by an authorized signer is signalled by ssh-keygen
returning a zero exit status.
-y This option will read a private OpenSSH format file and print an
OpenSSH public key to stdout.
-Z cipher
Specifies the cipher to use for encryption when writing an
OpenSSH-format private key file. The list of available ciphers
may be obtained using "ssh -Q cipher". The default is
M-bM-^@M-^\aes256-ctrM-bM-^@M-^].
-z serial_number
Specifies a serial number to be embedded in the certificate to
distinguish this certificate from others from the same CA. If
the serial_number is prefixed with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
serial number will be incremented for each certificate signed on
a single command-line. The default serial number is zero.
When generating a KRL, the -z flag is used to specify a KRL
version number.
MODULI GENERATION
ssh-keygen may be used to generate groups for the Diffie-Hellman Group
Exchange (DH-GEX) protocol. Generating these groups is a two-step
process: first, candidate primes are generated using a fast, but memory
intensive process. These candidate primes are then tested for
suitability (a CPU-intensive process).
Generation of primes is performed using the -M generate option. The
desired length of the primes may be specified by the -O bits option. For
example:
# ssh-keygen -M generate -O bits=2048 moduli-2048.candidates
By default, the search for primes begins at a random point in the desired
length range. This may be overridden using the -O start option, which
specifies a different start point (in hex).
Once a set of candidates have been generated, they must be screened for
suitability. This may be performed using the -M screen option. In this
mode ssh-keygen will read candidates from standard input (or a file
specified using the -f option). For example:
# ssh-keygen -M screen -f moduli-2048.candidates moduli-2048
By default, each candidate will be subjected to 100 primality tests.
This may be overridden using the -O prime-tests option. The DH generator
value will be chosen automatically for the prime under consideration. If
a specific generator is desired, it may be requested using the -O
generator option. Valid generator values are 2, 3, and 5.
Screened DH groups may be installed in /etc/moduli. It is important that
this file contains moduli of a range of bit lengths.
A number of options are available for moduli generation and screening via
the -O flag:
lines=number
Exit after screening the specified number of lines while
performing DH candidate screening.
start-line=line-number
Start screening at the specified line number while performing DH
candidate screening.
checkpoint=filename
Write the last line processed to the specified file while
performing DH candidate screening. This will be used to skip
lines in the input file that have already been processed if the
job is restarted.
memory=mbytes
Specify the amount of memory to use (in megabytes) when
generating candidate moduli for DH-GEX.
start=hex-value
Specify start point (in hex) when generating candidate moduli for
DH-GEX.
generator=value
Specify desired generator (in decimal) when testing candidate
moduli for DH-GEX.
CERTIFICATES
ssh-keygen supports signing of keys to produce certificates that may be
used for user or host authentication. Certificates consist of a public
key, some identity information, zero or more principal (user or host)
names and a set of options that are signed by a Certification Authority
(CA) key. Clients or servers may then trust only the CA key and verify
its signature on a certificate rather than trusting many user/host keys.
Note that OpenSSH certificates are a different, and much simpler, format
to the X.509 certificates used in ssl(8).
ssh-keygen supports two types of certificates: user and host. User
certificates authenticate users to servers, whereas host certificates
authenticate server hosts to users. To generate a user certificate:
$ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
The resultant certificate will be placed in /path/to/user_key-cert.pub.
A host certificate requires the -h option:
$ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
The host certificate will be output to /path/to/host_key-cert.pub.
It is possible to sign using a CA key stored in a PKCS#11 token by
providing the token library using -D and identifying the CA key by
providing its public half as an argument to -s:
$ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
Similarly, it is possible for the CA key to be hosted in a ssh-agent(1).
This is indicated by the -U flag and, again, the CA key must be
identified by its public half.
$ ssh-keygen -Us ca_key.pub -I key_id user_key.pub
In all cases, key_id is a "key identifier" that is logged by the server
when the certificate is used for authentication.
Certificates may be limited to be valid for a set of principal
(user/host) names. By default, generated certificates are valid for all
users or hosts. To generate a certificate for a specified set of
principals:
$ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
$ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub
Additional limitations on the validity and use of user certificates may
be specified through certificate options. A certificate option may
disable features of the SSH session, may be valid only when presented
from particular source addresses or may force the use of a specific
command.
The options that are valid for user certificates are:
clear Clear all enabled permissions. This is useful for clearing the
default set of permissions so permissions may be added
individually.
critical:name[=contents]
extension:name[=contents]
Includes an arbitrary certificate critical option or extension.
The specified name should include a domain suffix, e.g.
M-bM-^@M-^\name@example.comM-bM-^@M-^]. If contents is specified then it is included
as the contents of the extension/option encoded as a string,
otherwise the extension/option is created with no contents
(usually indicating a flag). Extensions may be ignored by a
client or server that does not recognise them, whereas unknown
critical options will cause the certificate to be refused.
force-command=command
Forces the execution of command instead of any shell or command
specified by the user when the certificate is used for
authentication.
no-agent-forwarding
Disable ssh-agent(1) forwarding (permitted by default).
no-port-forwarding
Disable port forwarding (permitted by default).
no-pty Disable PTY allocation (permitted by default).
no-user-rc
Disable execution of ~/.ssh/rc by sshd(8) (permitted by default).
no-x11-forwarding
Disable X11 forwarding (permitted by default).
permit-agent-forwarding
Allows ssh-agent(1) forwarding.
permit-port-forwarding
Allows port forwarding.
permit-pty
Allows PTY allocation.
permit-user-rc
Allows execution of ~/.ssh/rc by sshd(8).
permit-X11-forwarding
Allows X11 forwarding.
no-touch-required
Do not require signatures made using this key include
demonstration of user presence (e.g. by having the user touch the
authenticator). This option only makes sense for the FIDO
authenticator algorithms ecdsa-sk and ed25519-sk.
source-address=address_list
Restrict the source addresses from which the certificate is
considered valid. The address_list is a comma-separated list of
one or more address/netmask pairs in CIDR format.
verify-required
Require signatures made using this key indicate that the user was
first verified. This option only makes sense for the FIDO
authenticator algorithms ecdsa-sk and ed25519-sk. Currently PIN
authentication is the only supported verification method, but
other methods may be supported in the future.
At present, no standard options are valid for host keys.
Finally, certificates may be defined with a validity lifetime. The -V
option allows specification of certificate start and end times. A
certificate that is presented at a time outside this range will not be
considered valid. By default, certificates are valid from the UNIX Epoch
to the distant future.
For certificates to be used for user or host authentication, the CA
public key must be trusted by sshd(8) or ssh(1). Refer to those manual
pages for details.
FIDO AUTHENTICATOR
ssh-keygen is able to generate FIDO authenticator-backed keys, after
which they may be used much like any other key type supported by OpenSSH,
so long as the hardware authenticator is attached when the keys are used.
FIDO authenticators generally require the user to explicitly authorise
operations by touching or tapping them. FIDO keys consist of two parts:
a key handle part stored in the private key file on disk, and a per-
device private key that is unique to each FIDO authenticator and that
cannot be exported from the authenticator hardware. These are combined
by the hardware at authentication time to derive the real key that is
used to sign authentication challenges. Supported key types are ecdsa-sk
and ed25519-sk.
The options that are valid for FIDO keys are:
application
Override the default FIDO application/origin string of M-bM-^@M-^\ssh:M-bM-^@M-^].
This may be useful when generating host or domain-specific
resident keys. The specified application string must begin with
M-bM-^@M-^\ssh:M-bM-^@M-^].
challenge=path
Specifies a path to a challenge string that will be passed to the
FIDO authenticator during key generation. The challenge string
may be used as part of an out-of-band protocol for key enrollment
(a random challenge is used by default).
device Explicitly specify a fido(4) device to use, rather than letting
the authenticator middleware select one.
no-touch-required
Indicate that the generated private key should not require touch
events (user presence) when making signatures. Note that sshd(8)
will refuse such signatures by default, unless overridden via an
authorized_keys option.
resident
Indicate that the key handle should be stored on the FIDO
authenticator itself. This makes it easier to use the
authenticator on multiple computers. Resident keys may be
supported on FIDO2 authenticators and typically require that a
PIN be set on the authenticator prior to generation. Resident
keys may be loaded off the authenticator using ssh-add(1).
Storing both parts of a key on a FIDO authenticator increases the
likelihood of an attacker being able to use a stolen
authenticator device.
user A username to be associated with a resident key, overriding the
empty default username. Specifying a username may be useful when
generating multiple resident keys for the same application name.
verify-required
Indicate that this private key should require user verification
for each signature. Not all FIDO authenticators support this
option. Currently PIN authentication is the only supported
verification method, but other methods may be supported in the
future.
write-attestation=path
May be used at key generation time to record the attestation data
returned from FIDO authenticators during key generation. This
information is potentially sensitive. By default, this
information is discarded.
KEY REVOCATION LISTS
ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs).
These binary files specify keys or certificates to be revoked using a
compact format, taking as little as one bit per certificate if they are
being revoked by serial number.
KRLs may be generated using the -k flag. This option reads one or more
files from the command line and generates a new KRL. The files may
either contain a KRL specification (see below) or public keys, listed one
per line. Plain public keys are revoked by listing their hash or
contents in the KRL and certificates revoked by serial number or key ID
(if the serial is zero or not available).
Revoking keys using a KRL specification offers explicit control over the
types of record used to revoke keys and may be used to directly revoke
certificates by serial number or key ID without having the complete
original certificate on hand. A KRL specification consists of lines
containing one of the following directives followed by a colon and some
directive-specific information.
serial: serial_number[-serial_number]
Revokes a certificate with the specified serial number. Serial
numbers are 64-bit values, not including zero and may be
expressed in decimal, hex or octal. If two serial numbers are
specified separated by a hyphen, then the range of serial numbers
including and between each is revoked. The CA key must have been
specified on the ssh-keygen command line using the -s option.
id: key_id
Revokes a certificate with the specified key ID string. The CA
key must have been specified on the ssh-keygen command line using
the -s option.
key: public_key
Revokes the specified key. If a certificate is listed, then it
is revoked as a plain public key.
sha1: public_key
Revokes the specified key by including its SHA1 hash in the KRL.
sha256: public_key
Revokes the specified key by including its SHA256 hash in the
KRL. KRLs that revoke keys by SHA256 hash are not supported by
OpenSSH versions prior to 7.9.
hash: fingerprint
Revokes a key using a fingerprint hash, as obtained from a
sshd(8) authentication log message or the ssh-keygen -l flag.
Only SHA256 fingerprints are supported here and resultant KRLs
are not supported by OpenSSH versions prior to 7.9.
KRLs may be updated using the -u flag in addition to -k. When this
option is specified, keys listed via the command line are merged into the
KRL, adding to those already there.
It is also possible, given a KRL, to test whether it revokes a particular
key (or keys). The -Q flag will query an existing KRL, testing each key
specified on the command line. If any key listed on the command line has
been revoked (or an error encountered) then ssh-keygen will exit with a
non-zero exit status. A zero exit status will only be returned if no key
was revoked.
ALLOWED SIGNERS
When verifying signatures, ssh-keygen uses a simple list of identities
and keys to determine whether a signature comes from an authorized
source. This "allowed signers" file uses a format patterned after the
AUTHORIZED_KEYS FILE FORMAT described in sshd(8). Each line of the file
contains the following space-separated fields: principals, options,
keytype, base64-encoded key. Empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y
are ignored as comments.
The principals field is a pattern-list (see PATTERNS in ssh_config(5))
consisting of one or more comma-separated USER@DOMAIN identity patterns
that are accepted for signing. When verifying, the identity presented
via the -I option must match a principals pattern in order for the
corresponding key to be considered acceptable for verification.
The options (if present) consist of comma-separated option
specifications. No spaces are permitted, except within double quotes.
The following option specifications are supported (note that option
keywords are case-insensitive):
cert-authority
Indicates that this key is accepted as a certificate authority
(CA) and that certificates signed by this CA may be accepted for
verification.
namespaces=namespace-list
Specifies a pattern-list of namespaces that are accepted for this
key. If this option is present, the signature namespace embedded
in the signature object and presented on the verification
command-line must match the specified list before the key will be
considered acceptable.
valid-after=timestamp
Indicates that the key is valid for use at or after the specified
timestamp, which may be a date or time in the YYYYMMDD[Z] or
YYYYMMDDHHMM[SS][Z] formats. Dates and times will be interpreted
in the current system time zone unless suffixed with a Z
character, which causes them to be interpreted in the UTC time
zone.
valid-before=timestamp
Indicates that the key is valid for use at or before the
specified timestamp.
When verifying signatures made by certificates, the expected principal
name must match both the principals pattern in the allowed signers file
and the principals embedded in the certificate itself.
An example allowed signers file:
# Comments allowed at start of line
user1@example.com,user2@example.com ssh-rsa AAAAX1...
# A certificate authority, trusted for all principals in a domain.
*@example.com cert-authority ssh-ed25519 AAAB4...
# A key that is accepted only for file signing.
user2@example.com namespaces="file" ssh-ed25519 AAA41...
ENVIRONMENT
SSH_SK_PROVIDER
Specifies a path to a library that will be used when loading any
FIDO authenticator-hosted keys, overriding the default of using
the built-in USB HID support.
FILES
~/.ssh/id_ecdsa
~/.ssh/id_ecdsa_sk
~/.ssh/id_ed25519
~/.ssh/id_ed25519_sk
~/.ssh/id_rsa
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of
the user. This file should not be readable by anyone but the
user. It is possible to specify a passphrase when generating the
key; that passphrase will be used to encrypt the private part of
this file using 128-bit AES. This file is not automatically
accessed by ssh-keygen but it is offered as the default file for
the private key. ssh(1) will read this file when a login attempt
is made.
~/.ssh/id_ecdsa.pub
~/.ssh/id_ecdsa_sk.pub
~/.ssh/id_ed25519.pub
~/.ssh/id_ed25519_sk.pub
~/.ssh/id_rsa.pub
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA public key for
authentication. The contents of this file should be added to
~/.ssh/authorized_keys on all machines where the user wishes to
log in using public key authentication. There is no need to keep
the contents of this file secret.
/etc/moduli
Contains Diffie-Hellman groups used for DH-GEX. The file format
is described in moduli(5).
SEE ALSO
ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8)
The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006.
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by
Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
de Raadt and Dug Song removed many bugs, re-added newer features and
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 7.5 June 17, 2024 OpenBSD 7.5

20
ssh-keygen.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.230 2023/09/04 10:29:58 job Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.232 2024/06/17 13:50:18 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 4 2023 $
.Dd $Mdocdate: June 17 2024 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@ -51,7 +51,7 @@
.Op Fl m Ar format
.Op Fl N Ar new_passphrase
.Op Fl O Ar option
.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
.Op Fl t Cm ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
.Op Fl w Ar provider
.Op Fl Z Ar cipher
.Nm ssh-keygen
@ -205,7 +205,6 @@ section for details.
Normally each user wishing to use SSH
with public key authentication runs this once to create the authentication
key in
.Pa ~/.ssh/id_dsa ,
.Pa ~/.ssh/id_ecdsa ,
.Pa ~/.ssh/id_ecdsa_sk ,
.Pa ~/.ssh/id_ed25519 ,
@ -296,7 +295,6 @@ Show the bubblebabble digest of specified private or public key file.
Specifies the number of bits in the key to create.
For RSA keys, the minimum size is 1024 bits and the default is 3072 bits.
Generally, 3072 bits is considered sufficient.
DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
For ECDSA keys, the
.Fl b
flag determines the key length by selecting from one of three elliptic
@ -414,9 +412,8 @@ section.
Prints the contents of one or more certificates.
.It Fl l
Show fingerprint of specified public key file.
For RSA and DSA keys
.Nm
tries to find the matching public key file and prints its fingerprint.
will try to find the matching public key file and prints its fingerprint.
If combined with
.Fl v ,
a visual ASCII art representation of the key is supplied with the
@ -579,10 +576,9 @@ by key ID or serial number.
See the
.Sx KEY REVOCATION LISTS
section for details.
.It Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
.It Fl t Cm ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
Specifies the type of key to create.
The possible values are
.Dq dsa ,
.Dq ecdsa ,
.Dq ecdsa-sk ,
.Dq ed25519 ,
@ -1290,13 +1286,12 @@ the built-in USB HID support.
.El
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.ssh/id_dsa
.It Pa ~/.ssh/id_ecdsa
.It Pa ~/.ssh/id_ecdsa_sk
.It Pa ~/.ssh/id_ed25519
.It Pa ~/.ssh/id_ed25519_sk
.It Pa ~/.ssh/id_rsa
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
@ -1308,13 +1303,12 @@ but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.Pp
.It Pa ~/.ssh/id_dsa.pub
.It Pa ~/.ssh/id_ecdsa.pub
.It Pa ~/.ssh/id_ecdsa_sk.pub
.It Pa ~/.ssh/id_ed25519.pub
.It Pa ~/.ssh/id_ed25519_sk.pub
.It Pa ~/.ssh/id_rsa.pub
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA public key for authentication.
The contents of this file should be added to
.Pa ~/.ssh/authorized_keys

123
ssh-keyscan.0 Normal file
View File

@ -0,0 +1,123 @@
SSH-KEYSCAN(1) General Commands Manual SSH-KEYSCAN(1)
NAME
ssh-keyscan M-bM-^@M-^S gather SSH public keys from servers
SYNOPSIS
ssh-keyscan [-46cDHqv] [-f file] [-O option] [-p port] [-T timeout]
[-t type] [host | addrlist namelist]
DESCRIPTION
ssh-keyscan is a utility for gathering the public SSH host keys of a
number of hosts. It was designed to aid in building and verifying
ssh_known_hosts files, the format of which is documented in sshd(8).
ssh-keyscan provides a minimal interface suitable for use by shell and
perl scripts.
ssh-keyscan uses non-blocking socket I/O to contact as many hosts as
possible in parallel, so it is very efficient. The keys from a domain of
1,000 hosts can be collected in tens of seconds, even when some of those
hosts are down or do not run sshd(8). For scanning, one does not need
login access to the machines that are being scanned, nor does the
scanning process involve any encryption.
Hosts to be scanned may be specified by hostname, address or by CIDR
network range (e.g. 192.168.16/28). If a network range is specified,
then all addresses in that range will be scanned.
The options are as follows:
-4 Force ssh-keyscan to use IPv4 addresses only.
-6 Force ssh-keyscan to use IPv6 addresses only.
-c Request certificates from target hosts instead of plain keys.
-D Print keys found as SSHFP DNS records. The default is to print
keys in a format usable as a ssh(1) known_hosts file.
-f file
Read hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from file, one per line.
If M-bM-^@M-^X-M-bM-^@M-^Y is supplied instead of a filename, ssh-keyscan will read
from the standard input. Names read from a file must start with
an address, hostname or CIDR network range to be scanned.
Addresses and hostnames may optionally be followed by comma-
separated name or address aliases that will be copied to the
output. For example:
192.168.11.0/24
10.20.1.1
happy.example.org
10.0.0.1,sad.example.org
-H Hash all hostnames and addresses in the output. Hashed names may
be used normally by ssh(1) and sshd(8), but they do not reveal
identifying information should the file's contents be disclosed.
-O option
Specify a key/value option. At present, only a single option is
supported:
hashalg=algorithm
Selects a hash algorithm to use when printing SSHFP
records using the -D flag. Valid algorithms are M-bM-^@M-^\sha1M-bM-^@M-^]
and M-bM-^@M-^\sha256M-bM-^@M-^]. The default is to print both.
-p port
Connect to port on the remote host.
-q Quiet mode: do not print server host name and banners in
comments.
-T timeout
Set the timeout for connection attempts. If timeout seconds have
elapsed since a connection was initiated to a host or since the
last time anything was read from that host, the connection is
closed and the host in question considered unavailable. The
default is 5 seconds.
-t type
Specify the type of the key to fetch from the scanned hosts. The
possible values are M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], M-bM-^@M-^\ecdsa-skM-bM-^@M-^], M-bM-^@M-^\ed25519-skM-bM-^@M-^],
or M-bM-^@M-^\rsaM-bM-^@M-^]. Multiple values may be specified by separating them
with commas. The default is to fetch all the above key types.
-v Verbose mode: print debugging messages about progress.
If an ssh_known_hosts file is constructed using ssh-keyscan without
verifying the keys, users will be vulnerable to man in the middle
attacks. On the other hand, if the security model allows such a risk,
ssh-keyscan can help in the detection of tampered keyfiles or man in the
middle attacks which have begun after the ssh_known_hosts file was
created.
FILES
/etc/ssh/ssh_known_hosts
EXAMPLES
Print the RSA host key for machine hostname:
$ ssh-keyscan -t rsa hostname
Search a network range, printing all supported key types:
$ ssh-keyscan 192.168.0.64/25
Find all hosts from the file ssh_hosts which have new or different keys
from those in the sorted file ssh_known_hosts:
$ ssh-keyscan -t rsa,ecdsa,ed25519 -f ssh_hosts | \
sort -u - ssh_known_hosts | diff ssh_known_hosts -
SEE ALSO
ssh(1), sshd(8)
Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints, RFC
4255, 2006.
AUTHORS
David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne
Davison <wayned@users.sourceforge.net> added support for protocol version
2.
OpenBSD 7.5 June 17, 2024 OpenBSD 7.5

21
ssh-keyscan.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keyscan.1,v 1.49 2023/02/10 06:41:53 jmc Exp $
.\" $OpenBSD: ssh-keyscan.1,v 1.52 2024/06/17 08:30:29 djm Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@ -6,7 +6,7 @@
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
.Dd $Mdocdate: February 10 2023 $
.Dd $Mdocdate: June 17 2024 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
@ -14,7 +14,7 @@
.Nd gather SSH public keys from servers
.Sh SYNOPSIS
.Nm ssh-keyscan
.Op Fl 46cDHv
.Op Fl 46cDHqv
.Op Fl f Ar file
.Op Fl O Ar option
.Op Fl p Ar port
@ -116,6 +116,9 @@ The default is to print both.
Connect to
.Ar port
on the remote host.
.It Fl q
Quiet mode:
do not print server host name and banners in comments.
.It Fl T Ar timeout
Set the timeout for connection attempts.
If
@ -127,7 +130,6 @@ The default is 5 seconds.
.It Fl t Ar type
Specify the type of the key to fetch from the scanned hosts.
The possible values are
.Dq dsa ,
.Dq ecdsa ,
.Dq ed25519 ,
.Dq ecdsa-sk ,
@ -135,14 +137,7 @@ The possible values are
or
.Dq rsa .
Multiple values may be specified by separating them with commas.
The default is to fetch
.Dq rsa ,
.Dq ecdsa ,
.Dq ed25519 ,
.Dq ecdsa-sk ,
and
.Dq ed25519-sk
keys.
The default is to fetch all the above key types.
.It Fl v
Verbose mode:
print debugging messages about progress.
@ -174,7 +169,7 @@ Find all hosts from the file
which have new or different keys from those in the sorted file
.Pa ssh_known_hosts :
.Bd -literal -offset indent
$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e
$ ssh-keyscan -t rsa,ecdsa,ed25519 -f ssh_hosts | \e
sort -u - ssh_known_hosts | diff ssh_known_hosts -
.Ed
.Sh SEE ALSO

15
ssh-keyscan.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keyscan.c,v 1.157 2024/05/06 19:26:17 tobias Exp $ */
/* $OpenBSD: ssh-keyscan.c,v 1.158 2024/06/14 00:25:25 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@ -84,6 +84,8 @@ int found_one = 0; /* Successfully found a key */
int hashalg = -1; /* Hash for SSHFP records or -1 for all */
int quiet = 0; /* Don't print key comment lines */
#define MAXMAXFD 256
/* The number of seconds after which to give up on a TCP connection */
@ -542,8 +544,10 @@ congreet(int s)
confree(s);
return;
}
fprintf(stderr, "%c %s:%d %s\n", print_sshfp ? ';' : '#',
if (!quiet) {
fprintf(stdout, "%c %s:%d %s\n", print_sshfp ? ';' : '#',
c->c_name, ssh_port, chop(buf));
}
keygrab_ssh2(c);
confree(s);
}
@ -665,7 +669,7 @@ static void
usage(void)
{
fprintf(stderr,
"usage: ssh-keyscan [-46cDHv] [-f file] [-O option] [-p port] [-T timeout]\n"
"usage: ssh-keyscan [-46cDHqv] [-f file] [-O option] [-p port] [-T timeout]\n"
" [-t type] [host | addrlist namelist]\n");
exit(1);
}
@ -692,7 +696,7 @@ main(int argc, char **argv)
if (argc <= 1)
usage();
while ((opt = getopt(argc, argv, "cDHv46O:p:T:t:f:")) != -1) {
while ((opt = getopt(argc, argv, "cDHqv46O:p:T:t:f:")) != -1) {
switch (opt) {
case 'H':
hash_hosts = 1;
@ -727,6 +731,9 @@ main(int argc, char **argv)
else
fatal("Too high debugging level.");
break;
case 'q':
quiet = 1;
break;
case 'f':
if (strcmp(optarg, "-") == 0)
optarg = NULL;

50
ssh-keysign.0 Normal file
View File

@ -0,0 +1,50 @@
SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8)
NAME
ssh-keysign M-bM-^@M-^S OpenSSH helper for host-based authentication
SYNOPSIS
ssh-keysign
DESCRIPTION
ssh-keysign is used by ssh(1) to access the local host keys and generate
the digital signature required during host-based authentication.
ssh-keysign is disabled by default and can only be enabled in the global
client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign
to M-bM-^@M-^\yesM-bM-^@M-^].
ssh-keysign is not intended to be invoked by the user, but from ssh(1).
See ssh(1) and sshd(8) for more information about host-based
authentication.
FILES
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to
generate the digital signature. They should be owned by root,
readable only by root, and not accessible to others. Since they
are readable only by root, ssh-keysign must be set-uid root if
host-based authentication is used.
/etc/ssh/ssh_host_ecdsa_key-cert.pub
/etc/ssh/ssh_host_ed25519_key-cert.pub
/etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist, they are assumed to contain public
certificate information corresponding with the private keys
above.
SEE ALSO
ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
HISTORY
ssh-keysign first appeared in OpenBSD 3.2.
AUTHORS
Markus Friedl <markus@openbsd.org>
OpenBSD 7.5 June 17, 2024 OpenBSD 7.5

6
ssh-keysign.8
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keysign.8,v 1.17 2022/03/31 17:27:27 naddy Exp $
.\" $OpenBSD: ssh-keysign.8,v 1.18 2024/06/17 08:30:29 djm Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 31 2022 $
.Dd $Mdocdate: June 17 2024 $
.Dt SSH-KEYSIGN 8
.Os
.Sh NAME
@ -61,7 +61,6 @@ Controls whether
.Nm
is enabled.
.Pp
.It Pa /etc/ssh/ssh_host_dsa_key
.It Pa /etc/ssh/ssh_host_ecdsa_key
.It Pa /etc/ssh/ssh_host_ed25519_key
.It Pa /etc/ssh/ssh_host_rsa_key
@ -73,7 +72,6 @@ Since they are readable only by root,
.Nm
must be set-uid root if host-based authentication is used.
.Pp
.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub

35
ssh-pkcs11-helper.0 Normal file
View File

@ -0,0 +1,35 @@
SSH-PKCS11-HELPER(8) System Manager's Manual SSH-PKCS11-HELPER(8)
NAME
ssh-pkcs11-helper M-bM-^@M-^S OpenSSH helper for PKCS#11 support
SYNOPSIS
ssh-pkcs11-helper [-v]
DESCRIPTION
ssh-pkcs11-helper is used by ssh(1), ssh-agent(1), and ssh-keygen(1) to
access keys provided by a PKCS#11 token.
ssh-pkcs11-helper is not intended to be invoked directly by the user.
A single option is supported:
-v Verbose mode. Causes ssh-pkcs11-helper to print debugging
messages about its progress. This is helpful in debugging
problems. Multiple -v options increase the verbosity. The
maximum is 3.
Note that ssh(1), ssh-agent(1), and ssh-keygen(1) will
automatically pass the -v flag to ssh-pkcs11-helper when they
have themselves been placed in debug mode.
SEE ALSO
ssh(1), ssh-agent(1), ssh-keygen(1)
HISTORY
ssh-pkcs11-helper first appeared in OpenBSD 4.7.
AUTHORS
Markus Friedl <markus@openbsd.org>
OpenBSD 7.5 April 29, 2022 OpenBSD 7.5

34
ssh-sk-helper.0 Normal file
View File

@ -0,0 +1,34 @@
SSH-SK-HELPER(8) System Manager's Manual SSH-SK-HELPER(8)
NAME
ssh-sk-helper M-bM-^@M-^S OpenSSH helper for FIDO authenticator support
SYNOPSIS
ssh-sk-helper [-v]
DESCRIPTION
ssh-sk-helper is used by ssh(1), ssh-agent(1), and ssh-keygen(1) to
access keys provided by a FIDO authenticator.
ssh-sk-helper is not intended to be invoked directly by the user.
A single option is supported:
-v Verbose mode. Causes ssh-sk-helper to print debugging messages
about its progress. This is helpful in debugging problems.
Multiple -v options increase the verbosity. The maximum is 3.
Note that ssh(1), ssh-agent(1), and ssh-keygen(1) will
automatically pass the -v flag to ssh-sk-helper when they have
themselves been placed in debug mode.
SEE ALSO
ssh(1), ssh-agent(1), ssh-keygen(1)
HISTORY
ssh-sk-helper first appeared in OpenBSD 6.7.
AUTHORS
Damien Miller <djm@openbsd.org>
OpenBSD 7.5 April 29, 2022 OpenBSD 7.5

1019
ssh.0 Normal file
View File

File diff suppressed because it is too large Load Diff

24
ssh.1
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.439 2024/03/14 06:23:14 job Exp $
.Dd $Mdocdate: March 14 2024 $
.\" $OpenBSD: ssh.1,v 1.442 2024/06/27 21:02:16 jmc Exp $
.Dd $Mdocdate: June 27 2024 $
.Dt SSH 1
.Os
.Sh NAME
@ -304,10 +304,9 @@ The default is
.Pa ~/.ssh/id_rsa ,
.Pa ~/.ssh/id_ecdsa ,
.Pa ~/.ssh/id_ecdsa_sk ,
.Pa ~/.ssh/id_ed25519 ,
.Pa ~/.ssh/id_ed25519_sk
.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/id_dsa .
.Pa ~/.ssh/id_ed25519_sk .
Identity files may also be specified on
a per-host basis in the configuration file.
It is possible to have multiple
@ -929,10 +928,7 @@ key pair for authentication purposes.
The server knows the public key, and only the user knows the private key.
.Nm
implements public key authentication protocol automatically,
using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
The HISTORY section of
.Xr ssl 8
contains a brief discussion of the DSA and RSA algorithms.
using one of the ECDSA, Ed25519 or RSA algorithms.
.Pp
The file
.Pa ~/.ssh/authorized_keys
@ -959,8 +955,6 @@ flag).
The user creates their key pair by running
.Xr ssh-keygen 1 .
This stores the private key in
.Pa ~/.ssh/id_dsa
(DSA),
.Pa ~/.ssh/id_ecdsa
(ECDSA),
.Pa ~/.ssh/id_ecdsa_sk
@ -973,8 +967,6 @@ or
.Pa ~/.ssh/id_rsa
(RSA)
and stores the public key in
.Pa ~/.ssh/id_dsa.pub
(DSA),
.Pa ~/.ssh/id_ecdsa.pub
(ECDSA),
.Pa ~/.ssh/id_ecdsa_sk.pub
@ -1556,7 +1548,7 @@ secret, but the recommended permissions are read/write/execute for the user,
and not accessible by others.
.Pp
.It Pa ~/.ssh/authorized_keys
Lists the public keys (DSA, ECDSA, Ed25519, RSA)
Lists the public keys (ECDSA, Ed25519, RSA)
that can be used for logging in as this user.
The format of this file is described in the
.Xr sshd 8
@ -1576,7 +1568,6 @@ Contains additional definitions for environment variables; see
.Sx ENVIRONMENT ,
above.
.Pp
.It Pa ~/.ssh/id_dsa
.It Pa ~/.ssh/id_ecdsa
.It Pa ~/.ssh/id_ecdsa_sk
.It Pa ~/.ssh/id_ed25519
@ -1592,7 +1583,6 @@ It is possible to specify a passphrase when
generating the key which will be used to encrypt the
sensitive part of this file using AES-128.
.Pp
.It Pa ~/.ssh/id_dsa.pub
.It Pa ~/.ssh/id_ecdsa.pub
.It Pa ~/.ssh/id_ecdsa_sk.pub
.It Pa ~/.ssh/id_ed25519.pub
@ -1633,8 +1623,6 @@ Systemwide configuration file.
The file format and configuration options are described in
.Xr ssh_config 5 .
.Pp
.It Pa /etc/ssh/ssh_host_key
.It Pa /etc/ssh/ssh_host_dsa_key
.It Pa /etc/ssh/ssh_host_ecdsa_key
.It Pa /etc/ssh/ssh_host_ed25519_key
.It Pa /etc/ssh/ssh_host_rsa_key

1431
ssh_config.0 Normal file
View File

File diff suppressed because it is too large Load Diff

20
ssh_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.394 2024/02/21 06:01:13 djm Exp $
.Dd $Mdocdate: February 21 2024 $
.\" $OpenBSD: ssh_config.5,v 1.396 2024/06/17 08:30:29 djm Exp $
.Dd $Mdocdate: June 17 2024 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@ -1114,7 +1114,7 @@ section and environment variables as described in the
.Sx ENVIRONMENT VARIABLES
section.
.It Cm IdentityFile
Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
Specifies a file from which the user's ECDSA, authenticator-hosted ECDSA,
Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
You can also specify a public key file to use the corresponding
private key that is loaded in
@ -1124,10 +1124,9 @@ The default is
.Pa ~/.ssh/id_rsa ,
.Pa ~/.ssh/id_ecdsa ,
.Pa ~/.ssh/id_ecdsa_sk ,
.Pa ~/.ssh/id_ed25519 ,
.Pa ~/.ssh/id_ed25519_sk
.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/id_dsa .
.Pa ~/.ssh/id_ed25519_sk .
Additionally, any identities represented by the authentication agent
will be used for authentication unless
.Cm IdentitiesOnly
@ -1261,8 +1260,12 @@ it may be zero or more of:
and
.Cm pam .
.It Cm KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms.
Specifies the permitted KEX (Key Exchange) algorithms that will be used and
their preference order.
The selected algorithm will the the first algorithm in this list that
the server also supports.
Multiple algorithms must be comma-separated.
.Pp
If the specified list begins with a
.Sq +
character, then the specified algorithms will be appended to the default set
@ -1275,6 +1278,7 @@ If the specified list begins with a
.Sq ^
character, then the specified algorithms will be placed at the head of the
default set.
.Pp
The default is:
.Bd -literal -offset indent
sntrup761x25519-sha512@openssh.com,
@ -1286,7 +1290,7 @@ diffie-hellman-group18-sha512,
diffie-hellman-group14-sha256
.Ed
.Pp
The list of available key exchange algorithms may also be obtained using
The list of supported key exchange algorithms may also be obtained using
.Qq ssh -Q kex .
.It Cm KnownHostsCommand
Specifies a command to use to obtain a list of host keys, in addition to

4
sshconnect2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.372 2024/01/08 00:34:34 djm Exp $ */
/* $OpenBSD: sshconnect2.c,v 1.373 2024/05/17 06:38:00 jsg Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@ -84,8 +84,6 @@
#endif
/* import */
extern char *client_version_string;
extern char *server_version_string;
extern Options options;
/*

79
sshd-session.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd-session.c,v 1.1 2024/05/17 00:30:24 djm Exp $ */
/* $OpenBSD: sshd-session.c,v 1.4 2024/06/26 23:16:52 deraadt Exp $ */
/*
* SSH2 implementation:
* Privilege Separation:
@ -554,23 +554,32 @@ privsep_child_cmdline(int authenticated)
/*
* Signal handler for the alarm after the login grace period has expired.
* As usual, this may only take signal-safe actions, even though it is
* terminal.
*/
static void
grace_alarm_handler(int sig)
{
#ifdef WINDOWS
// TODO: figure out if we need to kill any child processes
#else /* WINDOWS */
/*
* Try to kill any processes that we have spawned, E.g. authorized
* keys command helpers or privsep children.
*/
if (getpgid(0) == getpid()) {
ssh_signal(SIGTERM, SIG_IGN);
struct sigaction sa;
/* mask all other signals while in handler */
memset(&sa, 0, sizeof(sa));
sa.sa_handler = SIG_IGN;
sigfillset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
(void)sigaction(SIGTERM, &sa, NULL);
kill(0, SIGTERM);
}
/* Log error and exit. */
sigdie("Timeout before authentication for %s port %d",
ssh_remote_ipaddr(the_active_state),
ssh_remote_port(the_active_state));
#endif /* WINDOWS */
_exit(EXIT_LOGIN_GRACE);
}
/* Destroy the host and server keys. They will no longer be needed. */
@ -815,6 +824,21 @@ privsep_preauth(struct ssh *ssh)
static void
privsep_postauth(struct ssh *ssh, Authctxt *authctxt)
{
int skip_privdrop = 0;
/*
* Hack for systems that don't support FD passing: retain privileges
* in the post-auth privsep process so it can allocate PTYs directly.
* This is basically equivalent to what we did <= 9.7, which was to
* disable post-auth privsep entriely.
* Cygwin doesn't need to drop privs here although it doesn't support
* fd passing, as AFAIK PTY allocation on this platform doesn't require
* special privileges to begin with.
*/
#if defined(DISABLE_FD_PASSING) && !defined(HAVE_CYGWIN)
skip_privdrop = 1;
#endif
/* New socket pair */
#ifdef WINDOWS
monitor_reinit_withlogs(pmonitor);
@ -909,6 +933,7 @@ skip:
reseed_prngs();
/* Drop privileges */
if (!skip_privdrop)
do_setusercontext(authctxt->pw);
/* It is safe now to apply the key state */
@ -1569,25 +1594,10 @@ main(int ac, char **av)
debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);
/* Store privilege separation user for later use if required. */
privsep_chroot = (getuid() == 0 || geteuid() == 0);
if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
if (privsep_chroot || options.kerberos_authentication)
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
} else {
privsep_pw = pwcopy(privsep_pw);
freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd));
privsep_pw->pw_passwd = xstrdup("*");
}
endpwent();
/* Fetch our configuration */
if ((cfg = sshbuf_new()) == NULL)
fatal("sshbuf_new config buf failed");
setproctitle("%s", "[rexeced]");
#ifdef WINDOWS
if (privsep_unauth_child || privsep_auth_child) {
recv_rexec_state(PRIVSEP_MONITOR_FD, cfg, &timing_secret); //TODO - should starup_pipe be closed as above ?B
@ -1600,12 +1610,24 @@ main(int ac, char **av)
recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg, &timing_secret);
close(REEXEC_CONFIG_PASS_FD);
#endif /* WINDOWS */
parse_server_config(&options, "rexec", cfg, &includes, NULL, 1);
/* Fill in default values for those options not explicitly set. */
fill_default_server_options(&options);
options.timing_secret = timing_secret;
/* Store privilege separation user for later use if required. */
privsep_chroot = (getuid() == 0 || geteuid() == 0);
if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
if (privsep_chroot || options.kerberos_authentication)
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
} else {
privsep_pw = pwcopy(privsep_pw);
freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd));
privsep_pw->pw_passwd = xstrdup("*");
}
endpwent();
#ifdef WINDOWS
if (!debug_flag && !privsep_unauth_child && !privsep_auth_child) {
#else /* WINDOWS */
@ -1678,7 +1700,7 @@ main(int ac, char **av)
}
}
if (!have_key)
fatal("internal error: monitor recieved no hostkeys");
fatal("internal error: monitor received no hostkeys");
/* Ensure that umask disallows at least group and world write */
new_umask = umask(0077) | 0022;
@ -1873,6 +1895,8 @@ idexch_done:
ssh_signal(SIGALRM, SIG_DFL);
authctxt->authenticated = 1;
if (startup_pipe != -1) {
/* signal listener that authentication completed successfully */
(void)atomicio(vwrite, startup_pipe, "\001", 1);
close(startup_pipe);
startup_pipe = -1;
}
@ -2021,6 +2045,8 @@ do_ssh2_kex(struct ssh *ssh)
void
cleanup_exit(int i)
{
extern int auth_attempted; /* monitor.c */
if (the_active_state != NULL && the_authctxt != NULL) {
do_cleanup(the_active_state, the_authctxt);
if (privsep_is_preauth &&
@ -2033,9 +2059,12 @@ cleanup_exit(int i)
}
}
}
/* Override default fatal exit value when auth was attempted */
if (i == 255 && auth_attempted)
_exit(EXIT_AUTH_ATTEMPTED);
#ifdef SSH_AUDIT_EVENTS
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
if (the_active_state != NULL && (!use_privsep || mm_is_monitor()))
if (the_active_state != NULL && mm_is_monitor())
audit_event(the_active_state, SSH_CONNECTION_ABANDON);
#endif
_exit(i);

685
sshd.0 Normal file
View File

@ -0,0 +1,685 @@
SSHD(8) System Manager's Manual SSHD(8)
NAME
sshd M-bM-^@M-^S OpenSSH daemon
SYNOPSIS
sshd [-46DdeGiqTtV] [-C connection_spec] [-c host_certificate_file]
[-E log_file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-o option] [-p port] [-u len]
DESCRIPTION
sshd (OpenSSH Daemon) is the daemon program for ssh(1). It provides
secure encrypted communications between two untrusted hosts over an
insecure network.
sshd listens for connections from clients. It is normally started at
boot from /etc/rc. It forks a new daemon for each incoming connection.
The forked daemons handle key exchange, encryption, authentication,
command execution, and data exchange.
sshd can be configured using command-line options or a configuration file
(by default sshd_config(5)); command-line options override values
specified in the configuration file. sshd rereads its configuration file
when it receives a hangup signal, SIGHUP, by executing itself with the
name and options it was started with, e.g. /usr/sbin/sshd.
The options are as follows:
-4 Forces sshd to use IPv4 addresses only.
-6 Forces sshd to use IPv6 addresses only.
-C connection_spec
Specify the connection parameters to use for the -T extended test
mode. If provided, any Match directives in the configuration
file that would apply are applied before the configuration is
written to standard output. The connection parameters are
supplied as keyword=value pairs and may be supplied in any order,
either with multiple -C options or as a comma-separated list.
The keywords are M-bM-^@M-^\addrM-bM-^@M-^], M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and
M-bM-^@M-^\rdomainM-bM-^@M-^] and correspond to source address, user, resolved source
host name, local address, local port number and routing domain
respectively.
-c host_certificate_file
Specifies a path to a certificate file to identify sshd during
key exchange. The certificate file must match a host key file
specified using the -h option or the HostKey configuration
directive.
-D When this option is specified, sshd will not detach and does not
become a daemon. This allows easy monitoring of sshd.
-d Debug mode. The server sends verbose debug output to standard
error, and does not put itself in the background. The server
also will not fork(2) and will only process one connection. This
option is only intended for debugging for the server. Multiple
-d options increase the debugging level. Maximum is 3.
-E log_file
Append debug logs to log_file instead of the system log.
-e Write debug logs to standard error instead of the system log.
-f config_file
Specifies the name of the configuration file. The default is
/etc/ssh/sshd_config. sshd refuses to start if there is no
configuration file.
-G Parse and print configuration file. Check the validity of the
configuration file, output the effective configuration to stdout
and then exit. Optionally, Match rules may be applied by
specifying the connection parameters using one or more -C
options.
-g login_grace_time
Gives the grace time for clients to authenticate themselves
(default 120 seconds). If the client fails to authenticate the
user within this many seconds, the server disconnects and exits.
A value of zero indicates no limit.
-h host_key_file
Specifies a file from which a host key is read. This option must
be given if sshd is not run as root (as the normal host key files
are normally not readable by anyone but root). The default is
/etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and
/etc/ssh/ssh_host_rsa_key. It is possible to have multiple host
key files for the different host key algorithms.
-i Specifies that sshd is being run from inetd(8).
-o option
Can be used to give options in the format used in the
configuration file. This is useful for specifying options for
which there is no separate command-line flag. For full details
of the options, and their values, see sshd_config(5).
-p port
Specifies the port on which the server listens for connections
(default 22). Multiple port options are permitted. Ports
specified in the configuration file with the Port option are
ignored when a command-line port is specified. Ports specified
using the ListenAddress option override command-line ports.
-q Quiet mode. Nothing is sent to the system log. Normally the
beginning, authentication, and termination of each connection is
logged.
-T Extended test mode. Check the validity of the configuration
file, output the effective configuration to stdout and then exit.
Optionally, Match rules may be applied by specifying the
connection parameters using one or more -C options. This is
similar to the -G flag, but it includes the additional testing
performed by the -t flag.
-t Test mode. Only check the validity of the configuration file and
sanity of the keys. This is useful for updating sshd reliably as
configuration options may change.
-u len This option is used to specify the size of the field in the utmp
structure that holds the remote host name. If the resolved host
name is longer than len, the dotted decimal value will be used
instead. This allows hosts with very long host names that
overflow this field to still be uniquely identified. Specifying
-u0 indicates that only dotted decimal addresses should be put
into the utmp file. -u0 may also be used to prevent sshd from
making DNS requests unless the authentication mechanism or
configuration requires it. Authentication mechanisms that may
require DNS include HostbasedAuthentication and using a
from="pattern-list" option in a key file. Configuration options
that require DNS include using a USER@HOST pattern in AllowUsers
or DenyUsers.
-V Display the version number and exit.
AUTHENTICATION
The OpenSSH SSH daemon supports SSH protocol 2 only. Each host has a
host-specific key, used to identify the host. Whenever a client
connects, the daemon responds with its public host key. The client
compares the host key against its own database to verify that it has not
changed. Forward secrecy is provided through a Diffie-Hellman key
agreement. This key agreement results in a shared session key. The rest
of the session is encrypted using a symmetric cipher. The client selects
the encryption algorithm to use from those offered by the server.
Additionally, session integrity is provided through a cryptographic
message authentication code (MAC).
Finally, the server and the client enter an authentication dialog. The
client tries to authenticate itself using host-based authentication,
public key authentication, challenge-response authentication, or password
authentication.
Regardless of the authentication type, the account is checked to ensure
that it is accessible. An account is not accessible if it is locked,
listed in DenyUsers or its group is listed in DenyGroups . The
definition of a locked account is system dependent. Some platforms have
their own account database (eg AIX) and some modify the passwd field (
M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on
Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most
Linuxes). If there is a requirement to disable password authentication
for the account while allowing still public-key, then the passwd field
should be set to something other than these values (eg M-bM-^@M-^XNPM-bM-^@M-^Y or M-bM-^@M-^X*NP*M-bM-^@M-^Y ).
If the client successfully authenticates itself, a dialog for preparing
the session is entered. At this time the client may request things like
allocating a pseudo-tty, forwarding X11 connections, forwarding TCP
connections, or forwarding the authentication agent connection over the
secure channel.
After this, the client either requests an interactive shell or execution
of a non-interactive command, which sshd will execute via the user's
shell using its -c option. The sides then enter session mode. In this
mode, either side may send data at any time, and such data is forwarded
to/from the shell or command on the server side, and the user terminal in
the client side.
When the user program terminates and all forwarded X11 and other
connections have been closed, the server sends command exit status to the
client, and both sides exit.
LOGIN PROCESS
When a user successfully logs in, sshd does the following:
1. If the login is on a tty, and no command has been specified,
prints last login time and /etc/motd (unless prevented in the
configuration file or by ~/.hushlogin; see the FILES section).
2. If the login is on a tty, records login time.
3. Checks /etc/nologin; if it exists, prints contents and quits
(unless root).
4. Changes to run with normal user privileges.
5. Sets up basic environment.
6. Reads the file ~/.ssh/environment, if it exists, and users are
allowed to change their environment. See the
PermitUserEnvironment option in sshd_config(5).
7. Changes to user's home directory.
8. If ~/.ssh/rc exists and the sshd_config(5) PermitUserRC option
is set, runs it; else if /etc/ssh/sshrc exists, runs it;
otherwise runs xauth(1). The M-bM-^@M-^\rcM-bM-^@M-^] files are given the X11
authentication protocol and cookie in standard input. See
SSHRC, below.
9. Runs user's shell or command. All commands are run under the
user's login shell as specified in the system password
database.
SSHRC
If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment
files but before starting the user's shell or command. It must not
produce any output on stdout; stderr must be used instead. If X11
forwarding is in use, it will receive the "proto cookie" pair in its
standard input (and DISPLAY in its environment). The script must call
xauth(1) because sshd will not run xauth automatically to add X11
cookies.
The primary purpose of this file is to run any initialization routines
which may be needed before the user's home directory becomes accessible;
AFS is a particular example of such an environment.
This file will probably contain some initialization code followed by
something similar to:
if read proto cookie && [ -n "$DISPLAY" ]; then
if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
# X11UseLocalhost=yes
echo add unix:`echo $DISPLAY |
cut -c11-` $proto $cookie
else
# X11UseLocalhost=no
echo add $DISPLAY $proto $cookie
fi | xauth -q -
fi
If this file does not exist, /etc/ssh/sshrc is run, and if that does not
exist either, xauth is used to add the cookie.
AUTHORIZED_KEYS FILE FORMAT
AuthorizedKeysFile specifies the files containing public keys for public
key authentication; if this option is not specified, the default is
~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the
file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are
ignored as comments). Public keys consist of the following space-
separated fields: options, keytype, base64-encoded key, comment. The
options field is optional. The supported key types are:
sk-ecdsa-sha2-nistp256@openssh.com
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
sk-ssh-ed25519@openssh.com
ssh-ed25519
ssh-rsa
The comment field is not used for anything (but may be convenient for the
user to identify the key).
Note that lines in this file can be several hundred bytes long (because
of the size of the public key encoding) up to a limit of 8 kilobytes,
which permits RSA keys up to 16 kilobits. You don't want to type them
in; instead, copy the id_ecdsa.pub, id_ecdsa_sk.pub, id_ed25519.pub,
id_ed25519_sk.pub, or the id_rsa.pub file and edit it.
sshd enforces a minimum RSA key modulus size of 1024 bits.
The options (if present) consist of comma-separated option
specifications. No spaces are permitted, except within double quotes.
The following option specifications are supported (note that option
keywords are case-insensitive):
agent-forwarding
Enable authentication agent forwarding previously disabled by the
restrict option.
cert-authority
Specifies that the listed key is a certification authority (CA)
that is trusted to validate signed certificates for user
authentication.
Certificates may encode access restrictions similar to these key
options. If both certificate restrictions and key options are
present, the most restrictive union of the two is applied.
command="command"
Specifies that the command is executed whenever this key is used
for authentication. The command supplied by the user (if any) is
ignored. The command is run on a pty if the client requests a
pty; otherwise it is run without a tty. If an 8-bit clean
channel is required, one must not request a pty or should specify
no-pty. A quote may be included in the command by quoting it
with a backslash.
This option might be useful to restrict certain public keys to
perform just a specific operation. An example might be a key
that permits remote backups but nothing else. Note that the
client may specify TCP and/or X11 forwarding unless they are
explicitly prohibited, e.g. using the restrict key option.
The command originally supplied by the client is available in the
SSH_ORIGINAL_COMMAND environment variable. Note that this option
applies to shell, command or subsystem execution. Also note that
this command may be superseded by a sshd_config(5) ForceCommand
directive.
If a command is specified and a forced-command is embedded in a
certificate used for authentication, then the certificate will be
accepted only if the two commands are identical.
environment="NAME=value"
Specifies that the string is to be added to the environment when
logging in using this key. Environment variables set this way
override other default environment values. Multiple options of
this type are permitted. Environment processing is disabled by
default and is controlled via the PermitUserEnvironment option.
expiry-time="timespec"
Specifies a time after which the key will not be accepted. The
time may be specified as a YYYYMMDD[Z] date or a
YYYYMMDDHHMM[SS][Z] time. Dates and times will be interpreted in
the system time zone unless suffixed by a Z character, in which
case they will be interpreted in the UTC time zone.
from="pattern-list"
Specifies that in addition to public key authentication, either
the canonical name of the remote host or its IP address must be
present in the comma-separated list of patterns. See PATTERNS in
ssh_config(5) for more information on patterns.
In addition to the wildcard matching that may be applied to
hostnames or addresses, a from stanza may match IP addresses
using CIDR address/masklen notation.
The purpose of this option is to optionally increase security:
public key authentication by itself does not trust the network or
name servers or anything (but the key); however, if somebody
somehow steals the key, the key permits an intruder to log in
from anywhere in the world. This additional option makes using a
stolen key more difficult (name servers and/or routers would have
to be compromised in addition to just the key).
no-agent-forwarding
Forbids authentication agent forwarding when this key is used for
authentication.
no-port-forwarding
Forbids TCP forwarding when this key is used for authentication.
Any port forward requests by the client will return an error.
This might be used, e.g. in connection with the command option.
no-pty Prevents tty allocation (a request to allocate a pty will fail).
no-user-rc
Disables execution of ~/.ssh/rc.
no-X11-forwarding
Forbids X11 forwarding when this key is used for authentication.
Any X11 forward requests by the client will return an error.
permitlisten="[host:]port"
Limit remote port forwarding with the ssh(1) -R option such that
it may only listen on the specified host (optional) and port.
IPv6 addresses can be specified by enclosing the address in
square brackets. Multiple permitlisten options may be applied
separated by commas. Hostnames may include wildcards as
described in the PATTERNS section in ssh_config(5). A port
specification of * matches any port. Note that the setting of
GatewayPorts may further restrict listen addresses. Note that
ssh(1) will send a hostname of M-bM-^@M-^\localhostM-bM-^@M-^] if a listen host was
not specified when the forwarding was requested, and that this
name is treated differently to the explicit localhost addresses
M-bM-^@M-^\127.0.0.1M-bM-^@M-^] and M-bM-^@M-^\::1M-bM-^@M-^].
permitopen="host:port"
Limit local port forwarding with the ssh(1) -L option such that
it may only connect to the specified host and port. IPv6
addresses can be specified by enclosing the address in square
brackets. Multiple permitopen options may be applied separated
by commas. No pattern matching or name lookup is performed on
the specified hostnames, they must be literal host names and/or
addresses. A port specification of * matches any port.
port-forwarding
Enable port forwarding previously disabled by the restrict
option.
principals="principals"
On a cert-authority line, specifies allowed principals for
certificate authentication as a comma-separated list. At least
one name from the list must appear in the certificate's list of
principals for the certificate to be accepted. This option is
ignored for keys that are not marked as trusted certificate
signers using the cert-authority option.
pty Permits tty allocation previously disabled by the restrict
option.
no-touch-required
Do not require demonstration of user presence for signatures made
using this key. This option only makes sense for the FIDO
authenticator algorithms ecdsa-sk and ed25519-sk.
verify-required
Require that signatures made using this key attest that they
verified the user, e.g. via a PIN. This option only makes sense
for the FIDO authenticator algorithms ecdsa-sk and ed25519-sk.
restrict
Enable all restrictions, i.e. disable port, agent and X11
forwarding, as well as disabling PTY allocation and execution of
~/.ssh/rc. If any future restriction capabilities are added to
authorized_keys files, they will be included in this set.
tunnel="n"
Force a tun(4) device on the server. Without this option, the
next available device will be used if the client requests a
tunnel.
user-rc
Enables execution of ~/.ssh/rc previously disabled by the
restrict option.
X11-forwarding
Permits X11 forwarding previously disabled by the restrict
option.
An example authorized_keys file:
# Comments are allowed at start of line. Blank lines are allowed.
# Plain key, no restrictions
ssh-rsa ...
# Forced command, disable PTY and all forwarding
restrict,command="dump /home" ssh-rsa ...
# Restriction of ssh -L forwarding destinations
permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa ...
# Restriction of ssh -R forwarding listeners
permitlisten="localhost:8080",permitlisten="[::1]:22000" ssh-rsa ...
# Configuration for tunnel forwarding
tunnel="0",command="sh /etc/netstart tun0" ssh-rsa ...
# Override of restriction to allow PTY allocation
restrict,pty,command="nethack" ssh-rsa ...
# Allow FIDO key without requiring touch
no-touch-required sk-ecdsa-sha2-nistp256@openssh.com ...
# Require user-verification (e.g. PIN or biometric) for FIDO key
verify-required sk-ecdsa-sha2-nistp256@openssh.com ...
# Trust CA key, allow touch-less FIDO if requested in certificate
cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
SSH_KNOWN_HOSTS FILE FORMAT
The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host
public keys for all known hosts. The global file should be prepared by
the administrator (optional), and the per-user file is maintained
automatically: whenever the user connects to an unknown host, its key is
added to the per-user file.
Each line in these files contains the following fields: marker
(optional), hostnames, keytype, base64-encoded key, comment. The fields
are separated by spaces.
The marker is optional, but if it is present then it must be one of
M-bM-^@M-^\@cert-authorityM-bM-^@M-^], to indicate that the line contains a certification
authority (CA) key, or M-bM-^@M-^\@revokedM-bM-^@M-^], to indicate that the key contained on
the line is revoked and must not ever be accepted. Only one marker
should be used on a key line.
Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as
wildcards); each pattern in turn is matched against the host name. When
sshd is authenticating a client, such as when using
HostbasedAuthentication, this will be the canonical client host name.
When ssh(1) is authenticating a server, this will be the host name given
by the user, the value of the ssh(1) HostkeyAlias if it was specified, or
the canonical server hostname if the ssh(1) CanonicalizeHostname option
was used.
A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to indicate negation: if the host
name matches a negated pattern, it is not accepted (by that line) even if
it matched another pattern on the line. A hostname or address may
optionally be enclosed within M-bM-^@M-^X[M-bM-^@M-^Y and M-bM-^@M-^X]M-bM-^@M-^Y brackets then followed by M-bM-^@M-^X:M-bM-^@M-^Y
and a non-standard port number.
Alternately, hostnames may be stored in a hashed form which hides host
names and addresses should the file's contents be disclosed. Hashed
hostnames start with a M-bM-^@M-^X|M-bM-^@M-^Y character. Only one hashed hostname may
appear on a single line and none of the above negation or wildcard
operators may be applied.
The keytype and base64-encoded key are taken directly from the host key;
they can be obtained, for example, from /etc/ssh/ssh_host_rsa_key.pub.
The optional comment field continues to the end of the line, and is not
used.
Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are ignored as comments.
When performing host authentication, authentication is accepted if any
matching line has the proper key; either one that matches exactly or, if
the server has presented a certificate for authentication, the key of the
certification authority that signed the certificate. For a key to be
trusted as a certification authority, it must use the M-bM-^@M-^\@cert-authorityM-bM-^@M-^]
marker described above.
The known hosts file also provides a facility to mark keys as revoked,
for example when it is known that the associated private key has been
stolen. Revoked keys are specified by including the M-bM-^@M-^\@revokedM-bM-^@M-^] marker at
the beginning of the key line, and are never accepted for authentication
or as certification authorities, but instead will produce a warning from
ssh(1) when they are encountered.
It is permissible (but not recommended) to have several lines or
different host keys for the same names. This will inevitably happen when
short forms of host names from different domains are put in the file. It
is possible that the files contain conflicting information;
authentication is accepted if valid information can be found from either
file.
Note that the lines in these files are typically hundreds of characters
long, and you definitely don't want to type in the host keys by hand.
Rather, generate them by a script, ssh-keyscan(1) or by taking, for
example, /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the
front. ssh-keygen(1) also offers some basic automated editing for
~/.ssh/known_hosts including removing hosts matching a host name and
converting all host names to their hashed representations.
An example ssh_known_hosts file:
# Comments allowed at start of line
cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....=
# A hashed hostname
|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
AAAA1234.....=
# A revoked key
@revoked * ssh-rsa AAAAB5W...
# A CA key, accepted for any host in *.mydomain.com or *.mydomain.org
@cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
FILES
~/.hushlogin
This file is used to suppress printing the last login time and
/etc/motd, if PrintLastLog and PrintMotd, respectively, are
enabled. It does not suppress printing of the banner specified
by Banner.
~/.rhosts
This file is used for host-based authentication (see ssh(1) for
more information). On some machines this file may need to be
world-readable if the user's home directory is on an NFS
partition, because sshd reads it as root. Additionally, this
file must be owned by the user, and must not have write
permissions for anyone else. The recommended permission for most
machines is read/write for the user, and not accessible by
others.
~/.shosts
This file is used in exactly the same way as .rhosts, but allows
host-based authentication without permitting login with
rlogin/rsh.
~/.ssh/
This directory is the default location for all user-specific
configuration and authentication information. There is no
general requirement to keep the entire contents of this directory
secret, but the recommended permissions are read/write/execute
for the user, and not accessible by others.
~/.ssh/authorized_keys
Lists the public keys (ECDSA, Ed25519, RSA) that can be used for
logging in as this user. The format of this file is described
above. The content of the file is not highly sensitive, but the
recommended permissions are read/write for the user, and not
accessible by others.
If this file, the ~/.ssh directory, or the user's home directory
are writable by other users, then the file could be modified or
replaced by unauthorized users. In this case, sshd will not
allow it to be used unless the StrictModes option has been set to
M-bM-^@M-^\noM-bM-^@M-^].
~/.ssh/environment
This file is read into the environment at login (if it exists).
It can only contain empty lines, comment lines (that start with
M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file
should be writable only by the user; it need not be readable by
anyone else. Environment processing is disabled by default and
is controlled via the PermitUserEnvironment option.
~/.ssh/known_hosts
Contains a list of host keys for all hosts the user has logged
into that are not already in the systemwide list of known host
keys. The format of this file is described above. This file
should be writable only by root/the owner and can, but need not
be, world-readable.
~/.ssh/rc
Contains initialization routines to be run before the user's home
directory becomes accessible. This file should be writable only
by the user, and need not be readable by anyone else.
/etc/hosts.equiv
This file is for host-based authentication (see ssh(1)). It
should only be writable by root.
/etc/moduli
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group
Exchange" key exchange method. The file format is described in
moduli(5). If no usable groups are found in this file then fixed
internal groups will be used.
/etc/motd
See motd(5).
/etc/nologin
If this file exists, sshd refuses to let anyone except root log
in. The contents of the file are displayed to anyone trying to
log in, and non-root connections are refused. The file should be
world-readable.
/etc/shosts.equiv
This file is used in exactly the same way as hosts.equiv, but
allows host-based authentication without permitting login with
rlogin/rsh.
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys. These
files should only be owned by root, readable only by root, and
not accessible to others. Note that sshd does not start if these
files are group/world-accessible.
/etc/ssh/ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_ed25519_key.pub
/etc/ssh/ssh_host_rsa_key.pub
These files contain the public parts of the host keys. These
files should be world-readable but writable only by root. Their
contents should match the respective private parts. These files
are not really used for anything; they are provided for the
convenience of the user so their contents can be copied to known
hosts files. These files are created using ssh-keygen(1).
/etc/ssh/ssh_known_hosts
Systemwide list of known host keys. This file should be prepared
by the system administrator to contain the public host keys of
all machines in the organization. The format of this file is
described above. This file should be writable only by root/the
owner and should be world-readable.
/etc/ssh/sshd_config
Contains configuration data for sshd. The file format and
configuration options are described in sshd_config(5).
/etc/ssh/sshrc
Similar to ~/.ssh/rc, it can be used to specify machine-specific
login-time initializations globally. This file should be
writable only by root, and should be world-readable.
/var/empty
chroot(2) directory used by sshd during privilege separation in
the pre-authentication phase. The directory should not contain
any files and must be owned by root and not group or world-
writable.
/var/run/sshd.pid
Contains the process ID of the sshd listening for connections (if
there are several daemons running concurrently for different
ports, this contains the process ID of the one started last).
The content of this file is not sensitive; it can be world-
readable.
SEE ALSO
scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
ssh-keyscan(1), chroot(2), login.conf(5), moduli(5), sshd_config(5),
inetd(8), sftp-server(8)
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by
Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
de Raadt and Dug Song removed many bugs, re-added newer features and
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
for privilege separation.
OpenBSD 7.5 June 17, 2024 OpenBSD 7.5

9
sshd.8
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.325 2023/09/19 20:37:07 deraadt Exp $
.Dd $Mdocdate: September 19 2023 $
.\" $OpenBSD: sshd.8,v 1.326 2024/06/17 08:30:29 djm Exp $
.Dd $Mdocdate: June 17 2024 $
.Dt SSHD 8
.Os
.Sh NAME
@ -465,8 +465,6 @@ sk-ssh-ed25519@openssh.com
.It
ssh-ed25519
.It
ssh-dss
.It
ssh-rsa
.El
.Pp
@ -477,7 +475,6 @@ Note that lines in this file can be several hundred bytes long
(because of the size of the public key encoding) up to a limit of
8 kilobytes, which permits RSA keys up to 16 kilobits.
You don't want to type them in; instead, copy the
.Pa id_dsa.pub ,
.Pa id_ecdsa.pub ,
.Pa id_ecdsa_sk.pub ,
.Pa id_ed25519.pub ,
@ -881,7 +878,7 @@ secret, but the recommended permissions are read/write/execute for the user,
and not accessible by others.
.Pp
.It Pa ~/.ssh/authorized_keys
Lists the public keys (DSA, ECDSA, Ed25519, RSA)
Lists the public keys (ECDSA, Ed25519, RSA)
that can be used for logging in as this user.
The format of this file is described above.
The content of the file is not highly sensitive, but the recommended

466
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.603 2024/05/17 00:30:24 djm Exp $ */
/* $OpenBSD: sshd.c,v 1.609 2024/06/27 23:01:15 djm Exp $ */
/*
* Copyright (c) 2000, 2001, 2002 Markus Friedl. All rights reserved.
* Copyright (c) 2002 Niels Provos. All rights reserved.
@ -93,6 +93,7 @@
#include "version.h"
#include "ssherr.h"
#include "sk-api.h"
#include "addr.h"
#include "srclimit.h"
/* Re-exec fds */
@ -157,6 +158,8 @@ struct {
} sensitive_data;
/* This is set to true when a signal is received. */
static volatile sig_atomic_t received_siginfo = 0;
static volatile sig_atomic_t received_sigchld = 0;
static volatile sig_atomic_t received_sighup = 0;
static volatile sig_atomic_t received_sigterm = 0;
@ -164,8 +167,9 @@ static volatile sig_atomic_t received_sigterm = 0;
u_int utmp_len = HOST_NAME_MAX+1;
/*
* startup_pipes/flags are used for tracking children of the listening sshd
* process early in their lifespans. This tracking is needed for three things:
* The early_child/children array below is used for tracking children of the
* listening sshd process early in their lifespans, before they have
* completed authentication. This tracking is needed for four things:
*
* 1) Implementing the MaxStartups limit of concurrent unauthenticated
* connections.
@ -174,14 +178,31 @@ u_int utmp_len = HOST_NAME_MAX+1;
* after it restarts.
* 3) Ensuring that rexec'd sshd processes have received their initial state
* from the parent listen process before handling SIGHUP.
* 4) Tracking and logging unsuccessful exits from the preauth sshd monitor,
* including and especially those for LoginGraceTime timeouts.
*
* Child processes signal that they have completed closure of the listen_socks
* and (if applicable) received their rexec state by sending a char over their
* sock. Child processes signal that authentication has completed by closing
* the sock (or by exiting).
* sock.
*
* Child processes signal that authentication has completed by sending a
* second char over the socket before closing it, otherwise the listener will
* continue tracking the child (and using up a MaxStartups slot) until the
* preauth subprocess exits, whereupon the listener will log its exit status.
* preauth processes will exit with a status of EXIT_LOGIN_GRACE to indicate
* they did not authenticate before the LoginGraceTime alarm fired.
*/
static int *startup_pipes = NULL;
static int *startup_flags = NULL; /* Indicates child closed listener */
struct early_child {
int pipefd;
int early; /* Indicates child closed listener */
char *id; /* human readable connection identifier */
pid_t pid;
struct xaddr addr;
int have_addr;
int status, have_status;
};
static struct early_child *children;
static int children_active;
static int startup_pipe = -1; /* in child */
/* sshd_config buffer */
@ -211,15 +232,255 @@ close_listen_socks(void)
num_listen_socks = 0;
}
/* Allocate and initialise the children array */
static void
child_alloc(void)
{
int i;
children = xcalloc(options.max_startups, sizeof(*children));
for (i = 0; i < options.max_startups; i++) {
children[i].pipefd = -1;
children[i].pid = -1;
}
}
/* Register a new connection in the children array; child pid comes later */
static struct early_child *
child_register(int pipefd, int sockfd)
{
int i, lport, rport;
char *laddr = NULL, *raddr = NULL;
struct early_child *child = NULL;
struct sockaddr_storage addr;
socklen_t addrlen = sizeof(addr);
struct sockaddr *sa = (struct sockaddr *)&addr;
for (i = 0; i < options.max_startups; i++) {
if (children[i].pipefd != -1 || children[i].pid > 0)
continue;
child = &(children[i]);
break;
}
if (child == NULL) {
fatal_f("error: accepted connection when all %d child "
" slots full", options.max_startups);
}
child->pipefd = pipefd;
child->early = 1;
/* record peer address, if available */
if (getpeername(sockfd, sa, &addrlen) == 0 &&
addr_sa_to_xaddr(sa, addrlen, &child->addr) == 0)
child->have_addr = 1;
/* format peer address string for logs */
if ((lport = get_local_port(sockfd)) == 0 ||
(rport = get_peer_port(sockfd)) == 0) {
/* Not a TCP socket */
raddr = get_peer_ipaddr(sockfd);
xasprintf(&child->id, "connection from %s", raddr);
} else {
laddr = get_local_ipaddr(sockfd);
raddr = get_peer_ipaddr(sockfd);
xasprintf(&child->id, "connection from %s to %s", laddr, raddr);
}
free(laddr);
free(raddr);
if (++children_active > options.max_startups)
fatal_f("internal error: more children than max_startups");
return child;
}
/*
* Finally free a child entry. Don't call this directly.
*/
static void
child_finish(struct early_child *child)
{
if (children_active == 0)
fatal_f("internal error: children_active underflow");
if (child->pipefd != -1)
close(child->pipefd);
free(child->id);
memset(child, '\0', sizeof(*child));
child->pipefd = -1;
child->pid = -1;
children_active--;
}
/*
* Close a child's pipe. This will not stop tracking the child immediately
* (it will still be tracked for waitpid()) unless force_final is set, or
* child has already exited.
*/
static void
child_close(struct early_child *child, int force_final, int quiet)
{
if (!quiet)
debug_f("enter%s", force_final ? " (forcing)" : "");
if (child->pipefd != -1) {
close(child->pipefd);
child->pipefd = -1;
}
if (child->pid == -1 || force_final)
child_finish(child);
}
/* Record a child exit. Safe to call from signal handlers */
static void
child_exit(pid_t pid, int status)
{
int i;
if (children == NULL || pid <= 0)
return;
for (i = 0; i < options.max_startups; i++) {
if (children[i].pid == pid) {
children[i].have_status = 1;
children[i].status = status;
break;
}
}
}
/*
* Reap a child entry that has exited, as previously flagged
* using child_exit().
* Handles logging of exit condition and will finalise the child if its pipe
* had already been closed.
*/
static void
child_reap(struct early_child *child)
{
LogLevel level = SYSLOG_LEVEL_DEBUG1;
int was_crash, penalty_type = SRCLIMIT_PENALTY_NONE;
/* Log exit information */
if (WIFSIGNALED(child->status)) {
/*
* Increase logging for signals potentially associated
* with serious conditions.
*/
if ((was_crash = signal_is_crash(WTERMSIG(child->status))))
level = SYSLOG_LEVEL_ERROR;
do_log2(level, "session process %ld for %s killed by "
"signal %d%s", (long)child->pid, child->id,
WTERMSIG(child->status), child->early ? " (early)" : "");
if (was_crash)
penalty_type = SRCLIMIT_PENALTY_CRASH;
} else if (!WIFEXITED(child->status)) {
penalty_type = SRCLIMIT_PENALTY_CRASH;
error("session process %ld for %s terminated abnormally, "
"status=0x%x%s", (long)child->pid, child->id, child->status,
child->early ? " (early)" : "");
} else {
/* Normal exit. We care about the status */
switch (WEXITSTATUS(child->status)) {
case 0:
debug3_f("preauth child %ld for %s completed "
"normally %s", (long)child->pid, child->id,
child->early ? " (early)" : "");
break;
case EXIT_LOGIN_GRACE:
penalty_type = SRCLIMIT_PENALTY_GRACE_EXCEEDED;
logit("Timeout before authentication for %s, "
"pid = %ld%s", child->id, (long)child->pid,
child->early ? " (early)" : "");
break;
case EXIT_CHILD_CRASH:
penalty_type = SRCLIMIT_PENALTY_CRASH;
logit("Session process %ld unpriv child crash for %s%s",
(long)child->pid, child->id,
child->early ? " (early)" : "");
break;
case EXIT_AUTH_ATTEMPTED:
penalty_type = SRCLIMIT_PENALTY_AUTHFAIL;
debug_f("preauth child %ld for %s exited "
"after unsuccessful auth attempt %s",
(long)child->pid, child->id,
child->early ? " (early)" : "");
break;
default:
penalty_type = SRCLIMIT_PENALTY_NOAUTH;
debug_f("preauth child %ld for %s exited "
"with status %d%s", (long)child->pid, child->id,
WEXITSTATUS(child->status),
child->early ? " (early)" : "");
break;
}
}
if (child->have_addr)
srclimit_penalise(&child->addr, penalty_type);
child->pid = -1;
child->have_status = 0;
if (child->pipefd == -1)
child_finish(child);
}
/* Reap all children that have exited; called after SIGCHLD */
static void
child_reap_all_exited(void)
{
int i;
pid_t pid;
int status;
if (children == NULL)
return;
for (;;) {
if ((pid = waitpid(-1, &status, WNOHANG)) == 0)
break;
else if (pid == -1) {
if (errno == EINTR || errno == EAGAIN)
continue;
if (errno != ECHILD)
error_f("waitpid: %s", strerror(errno));
break;
}
child_exit(pid, status);
}
for (i = 0; i < options.max_startups; i++) {
if (!children[i].have_status)
continue;
child_reap(&(children[i]));
}
}
static void
close_startup_pipes(void)
{
int i;
if (startup_pipes)
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1)
close(startup_pipes[i]);
if (children == NULL)
return;
for (i = 0; i < options.max_startups; i++) {
if (children[i].pipefd != -1)
child_close(&(children[i]), 1, 1);
}
}
/* Called after SIGINFO */
static void
show_info(void)
{
int i;
/* XXX print listening sockets here too */
if (children == NULL)
return;
logit("%d active startups", children_active);
for (i = 0; i < options.max_startups; i++) {
if (children[i].pipefd == -1 && children[i].pid <= 0)
continue;
logit("child %d: fd=%d pid=%ld %s%s", i, children[i].pipefd,
(long)children[i].pid, children[i].id,
children[i].early ? " (early)" : "");
}
srclimit_penalty_info();
}
/*
@ -265,21 +526,18 @@ sigterm_handler(int sig)
received_sigterm = sig;
}
/*
* SIGCHLD handler. This is called whenever a child dies. This will then
* reap any zombies left by exited children.
*/
#ifdef SIGINFO
static void
siginfo_handler(int sig)
{
received_siginfo = 1;
}
#endif
static void
main_sigchld_handler(int sig)
{
int save_errno = errno;
pid_t pid;
int status;
while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
(pid == -1 && errno == EINTR))
;
errno = save_errno;
received_sigchld = 1;
}
#ifdef WINDOWS
@ -365,7 +623,7 @@ should_drop_connection(int startups)
}
/*
* Check whether connection should be accepted by MaxStartups.
* Check whether connection should be accepted by MaxStartups or for penalty.
* Returns 0 if the connection is accepted. If the connection is refused,
* returns 1 and attempts to send notification to client.
* Logs when the MaxStartups condition is entered or exited, and periodically
@ -375,12 +633,17 @@ static int
drop_connection(int sock, int startups, int notify_pipe)
{
char *laddr, *raddr;
const char msg[] = "Exceeded MaxStartups\r\n";
const char *reason = NULL, msg[] = "Not allowed at this time\r\n";
static time_t last_drop, first_drop;
static u_int ndropped;
LogLevel drop_level = SYSLOG_LEVEL_VERBOSE;
time_t now;
if (!srclimit_penalty_check_allow(sock, &reason)) {
drop_level = SYSLOG_LEVEL_INFO;
goto handle;
}
now = monotime();
if (!should_drop_connection(startups) &&
srclimit_check_allow(sock, notify_pipe) == 1) {
@ -410,12 +673,16 @@ drop_connection(int sock, int startups, int notify_pipe)
}
last_drop = now;
ndropped++;
reason = "past Maxstartups";
handle:
laddr = get_local_ipaddr(sock);
raddr = get_peer_ipaddr(sock);
do_log2(drop_level, "drop connection #%d from [%s]:%d on [%s]:%d "
"past MaxStartups", startups, raddr, get_peer_port(sock),
laddr, get_local_port(sock));
do_log2(drop_level, "drop connection #%d from [%s]:%d on [%s]:%d %s",
startups,
raddr, get_peer_port(sock),
laddr, get_local_port(sock),
reason);
free(laddr);
free(raddr);
/* best-effort notification to client */
@ -624,8 +891,12 @@ server_listen(void)
u_int i;
/* Initialise per-source limit tracking. */
srclimit_init(options.max_startups, options.per_source_max_startups,
options.per_source_masklen_ipv4, options.per_source_masklen_ipv6);
srclimit_init(options.max_startups,
options.per_source_max_startups,
options.per_source_masklen_ipv4,
options.per_source_masklen_ipv6,
&options.per_source_penalty,
options.per_source_penalty_exempt);
for (i = 0; i < options.num_listen_addrs; i++) {
listen_on_addrs(&options.listen_addrs[i]);
@ -651,32 +922,32 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
int log_stderr)
{
struct pollfd *pfd = NULL;
int i, j, ret, npfd;
int ostartups = -1, startups = 0, listening = 0, lameduck = 0;
int i, ret, npfd;
int oactive = -1, listening = 0, lameduck = 0;
int startup_p[2] = { -1 , -1 }, *startup_pollfd;
char c = 0;
struct sockaddr_storage from;
struct early_child *child;
socklen_t fromlen;
pid_t pid;
u_char rnd[256];
sigset_t nsigset, osigset;
/* pipes connected to unauthenticated child sshd processes */
startup_pipes = xcalloc(options.max_startups, sizeof(int));
startup_flags = xcalloc(options.max_startups, sizeof(int));
child_alloc();
startup_pollfd = xcalloc(options.max_startups, sizeof(int));
for (i = 0; i < options.max_startups; i++)
startup_pipes[i] = -1;
/*
* Prepare signal mask that we use to block signals that might set
* received_sigterm or received_sighup, so that we are guaranteed
* received_sigterm/hup/chld/info, so that we are guaranteed
* to immediately wake up the ppoll if a signal is received after
* the flag is checked.
*/
sigemptyset(&nsigset);
sigaddset(&nsigset, SIGHUP);
sigaddset(&nsigset, SIGCHLD);
#ifdef SIGINFO
sigaddset(&nsigset, SIGINFO);
#endif
sigaddset(&nsigset, SIGTERM);
sigaddset(&nsigset, SIGQUIT);
@ -698,11 +969,19 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
unlink(options.pid_file);
exit(received_sigterm == SIGTERM ? 0 : 255);
}
if (ostartups != startups) {
if (received_sigchld) {
child_reap_all_exited();
received_sigchld = 0;
}
if (received_siginfo) {
show_info();
received_siginfo = 0;
}
if (oactive != children_active) {
setproctitle("%s [listener] %d of %d-%d startups",
listener_proctitle, startups,
listener_proctitle, children_active,
options.max_startups_begin, options.max_startups);
ostartups = startups;
oactive = children_active;
}
if (received_sighup) {
if (!lameduck) {
@ -723,8 +1002,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
npfd = num_listen_socks;
for (i = 0; i < options.max_startups; i++) {
startup_pollfd[i] = -1;
if (startup_pipes[i] != -1) {
pfd[npfd].fd = startup_pipes[i];
if (children[i].pipefd != -1) {
pfd[npfd].fd = children[i].pipefd;
pfd[npfd].events = POLLIN;
startup_pollfd[i] = npfd++;
}
@ -742,34 +1021,46 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
continue;
for (i = 0; i < options.max_startups; i++) {
if (startup_pipes[i] == -1 ||
if (children[i].pipefd == -1 ||
startup_pollfd[i] == -1 ||
!(pfd[startup_pollfd[i]].revents & (POLLIN|POLLHUP)))
continue;
switch (read(startup_pipes[i], &c, sizeof(c))) {
switch (read(children[i].pipefd, &c, sizeof(c))) {
case -1:
if (errno == EINTR || errno == EAGAIN)
continue;
if (errno != EPIPE) {
error_f("startup pipe %d (fd=%d): "
"read %s", i, startup_pipes[i],
"read %s", i, children[i].pipefd,
strerror(errno));
}
/* FALLTHROUGH */
case 0:
/* child exited or completed auth */
close(startup_pipes[i]);
srclimit_done(startup_pipes[i]);
startup_pipes[i] = -1;
startups--;
if (startup_flags[i])
/* child exited preauth */
if (children[i].early)
listening--;
srclimit_done(children[i].pipefd);
child_close(&(children[i]), 0, 0);
break;
case 1:
if (children[i].early && c == '\0') {
/* child has finished preliminaries */
if (startup_flags[i]) {
listening--;
startup_flags[i] = 0;
children[i].early = 0;
debug2_f("child %lu for %s received "
"config", (long)children[i].pid,
children[i].id);
} else if (!children[i].early && c == '\001') {
/* child has completed auth */
debug2_f("child %lu for %s auth done",
(long)children[i].pid,
children[i].id);
child_close(&(children[i]), 1, 0);
} else {
error_f("unexpected message 0x%02x "
"child %ld for %s in state %d",
(int)c, (long)children[i].pid,
children[i].id, children[i].early);
}
break;
}
@ -798,7 +1089,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
close(*newsock);
continue;
}
if (drop_connection(*newsock, startups, startup_p[0])) {
if (drop_connection(*newsock,
children_active, startup_p[0])) {
close(*newsock);
close(startup_p[0]);
close(startup_p[1]);
@ -815,20 +1107,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
continue;
}
fcntl(startup_p[0], F_SETFD, FD_CLOEXEC);
fcntl(startup_p[1], F_SETFD, FD_CLOEXEC);
fcntl(config_s[0], F_SETFD, FD_CLOEXEC);
fcntl(config_s[1], F_SETFD, FD_CLOEXEC);
for (j = 0; j < options.max_startups; j++)
if (startup_pipes[j] == -1) {
startup_pipes[j] = startup_p[0];
startups++;
startup_flags[j] = 1;
break;
}
/*
* Got connection. Fork a child to handle it, unless
* we are in debugging mode.
@ -846,7 +1124,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
close(startup_p[0]);
close(startup_p[1]);
startup_pipe = -1;
pid = getpid();
#ifndef WINDOWS
send_rexec_state(config_s[0], cfg);
#endif /* !WINDOWS */
@ -869,6 +1146,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
posix_spawnattr_setpgroup(&attributes, 0) != 0)
error("posix_spawn initialization failed");
else {
pid_t pid;
if (posix_spawn(&pid, rexec_argv[0], &actions, &attributes, rexec_argv, NULL) != 0)
error("%s, posix_spawn failed", __func__);
posix_spawn_file_actions_destroy(&actions);
@ -883,7 +1161,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
*/
platform_pre_fork();
listening++;
if ((pid = fork()) == 0) {
child = child_register(startup_p[0], *newsock);
if ((child->pid = fork()) == 0) {
/*
* Child. Close the listening and
* max_startup sockets. Start using
@ -908,11 +1187,11 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
}
/* Parent. Stay in the loop. */
platform_post_fork_parent(pid);
if (pid == -1)
platform_post_fork_parent(child->pid);
if (child->pid == -1)
error("fork: %.100s", strerror(errno));
else
debug("Forked child %ld.", (long)pid);
debug("Forked child %ld.", (long)child->pid);
#endif /* fork unsupported */
close(startup_p[1]);
@ -1006,8 +1285,8 @@ main(int ac, char **av)
char *config_file_name = _PATH_SERVER_CONFIG_FILE;
int r, opt, do_dump_cfg = 0, keytype, already_daemon, have_agent = 0;
int sock_in = -1, sock_out = -1, newsock = -1, rexec_argc = 0;
int config_s[2] = { -1 , -1 }, have_connection_info = 0;
int need_privsep = 1;
int devnull, config_s[2] = { -1 , -1 }, have_connection_info = 0;
int need_chroot = 1;
#ifdef WINDOWS
// rexec_argv is still defined globally for use in server_accept_loop
char* fp, * line, * logfile = NULL;
@ -1094,7 +1373,7 @@ main(int ac, char **av)
inetd_flag = 1;
break;
case 'r':
/* ignored */
logit("-r option is deprecated");
break;
case 'R':
fatal("-R not supported here");
@ -1169,9 +1448,17 @@ main(int ac, char **av)
}
}
if (!test_flag && !do_dump_cfg && !path_absolute(av[0]))
fatal("sshd re-exec requires execution with an absolute path");
fatal("sshd requires execution with an absolute path");
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
closefrom(STDERR_FILENO + 1);
/* Reserve fds we'll need later for reexec things */
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
fatal("open %s: %s", _PATH_DEVNULL, strerror(errno));
while (devnull < REEXEC_MIN_FREE_FD) {
if ((devnull = dup(devnull)) == -1)
fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));
}
seed_rng();
@ -1419,15 +1706,15 @@ main(int ac, char **av)
}
/* Ensure privsep directory is correctly configured. */
need_privsep = ((getuid() == 0 || geteuid() == 0) ||
need_chroot = ((getuid() == 0 || geteuid() == 0) ||
options.kerberos_authentication);
if ((getpwnam(SSH_PRIVSEP_USER)) == NULL && need_privsep) {
if ((getpwnam(SSH_PRIVSEP_USER)) == NULL && need_chroot) {
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
}
endpwent();
if (need_privsep) {
if (need_chroot) {
if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &sb) == -1) ||
(S_ISDIR(sb.st_mode) == 0))
fatal("Missing privilege separation directory: %s",
@ -1533,6 +1820,9 @@ main(int ac, char **av)
ssh_signal(SIGCHLD, main_sigchld_handler);
ssh_signal(SIGTERM, sigterm_handler);
ssh_signal(SIGQUIT, sigterm_handler);
#ifdef SIGINFO
ssh_signal(SIGINFO, siginfo_handler);
#endif
platform_post_listen();
@ -1573,22 +1863,26 @@ main(int ac, char **av)
sock_in, sock_out, newsock, startup_pipe, config_s[0], config_s[1]);
if (!inetd_flag) {
if (dup2(newsock, STDIN_FILENO) == -1)
debug3("dup2 stdin: %s", strerror(errno));
fatal("dup2 stdin: %s", strerror(errno));
if (dup2(STDIN_FILENO, STDOUT_FILENO) == -1)
debug3("dup2 stdout: %s", strerror(errno));
fatal("dup2 stdout: %s", strerror(errno));
if (newsock > STDOUT_FILENO)
close(newsock);
}
if (config_s[1] != REEXEC_CONFIG_PASS_FD) {
if (dup2(config_s[1], REEXEC_CONFIG_PASS_FD) == -1)
debug3("dup2 config_s: %s", strerror(errno));
fatal("dup2 config_s: %s", strerror(errno));
close(config_s[1]);
}
if (startup_pipe == -1)
close(REEXEC_STARTUP_PIPE_FD);
else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) {
if (dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD) == -1)
debug3("dup2 startup_p: %s", strerror(errno));
fatal("dup2 startup_p: %s", strerror(errno));
close(startup_pipe);
}
log_redirect_stderr_to(NULL);
closefrom(REEXEC_MIN_FREE_FD);
ssh_signal(SIGHUP, SIG_IGN); /* avoid reset to SIG_DFL */
execv(rexec_argv[0], rexec_argv);

1393
sshd_config.0 Normal file
View File

File diff suppressed because it is too large Load Diff

112
sshd_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.355 2024/02/21 06:17:29 djm Exp $
.Dd $Mdocdate: February 21 2024 $
.\" $OpenBSD: sshd_config.5,v 1.365 2024/06/24 06:59:39 jmc Exp $
.Dd $Mdocdate: June 24 2024 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@ -1003,9 +1003,13 @@ file on logout.
The default is
.Cm yes .
.It Cm KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms.
Specifies the permitted KEX (Key Exchange) algorithms that the server will
offer to clients.
The ordering of this list is not important, as the client specifies the
preference order.
Multiple algorithms must be comma-separated.
Alternately if the specified list begins with a
.Pp
If the specified list begins with a
.Sq +
character, then the specified algorithms will be appended to the default set
instead of replacing them.
@ -1017,6 +1021,7 @@ If the specified list begins with a
.Sq ^
character, then the specified algorithms will be placed at the head of the
default set.
.Pp
The supported algorithms are:
.Pp
.Bl -item -compact -offset indent
@ -1058,7 +1063,7 @@ diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
diffie-hellman-group14-sha256
.Ed
.Pp
The list of available key exchange algorithms may also be obtained using
The list of supported key exchange algorithms may also be obtained using
.Qq ssh -Q KexAlgorithms .
.It Cm ListenAddress
Specifies the local addresses
@ -1302,6 +1307,7 @@ Available keywords are
.Cm LogLevel ,
.Cm MaxAuthTries ,
.Cm MaxSessions ,
.Cm PAMServiceName ,
.Cm PasswordAuthentication ,
.Cm PermitEmptyPasswords ,
.Cm PermitListen ,
@ -1368,10 +1374,17 @@ and
key exchange methods.
The default is
.Pa /etc/moduli .
.It Cm PAMServiceName
Specifies the service name used for Pluggable Authentication Modules (PAM)
authentication, authorisation and session controls when
.Cm UsePAM
is enabled.
The default is
.Cm sshd .
.It Cm PasswordAuthentication
Specifies whether password authentication is allowed.
The default is
.Cm yes .
.Cm sshd .
.It Cm PermitEmptyPasswords
When password authentication is allowed, it specifies whether the
server allows login to accounts with empty password strings.
@ -1557,6 +1570,86 @@ Values for IPv4 and optionally IPv6 may be specified, separated by a colon.
The default is
.Cm 32:128 ,
which means each address is considered individually.
.It Cm PerSourcePenalties
Controls penalties for various conditions that may represent attacks on
.Xr sshd 8 .
If a penalty is enforced against a client then its source address and any
others in the same network, as defined by
.Cm PerSourceNetBlockSize ,
will be refused connection for a period.
.Pp
A penalty doesn't affect concurrent connections in progress, but multiple
penalties from the same source from concurrent connections will accumulate
up to a maximum.
Conversely, penalties are not applied until a minimum threshold time has been
accumulated.
.Pp
Penalties are enabled by default with the default settings listed below
but may disabled using the
.Cm no
keyword.
The defaults may be overridden by specifying one or more of the keywords below,
separated by whitespace.
All keywords accept arguments, e.g.\&
.Qq crash:2m .
.Bl -tag -width Ds
.It Cm crash:duration
Specifies how long to refuse clients that cause a crash of
.Xr sshd 8 (default: 90s).
.It Cm authfail:duration
Specifies how long to refuse clients that disconnect after making one or more
unsuccessful authentication attempts (default: 5s).
.It Cm noauth:duration
Specifies how long to refuse clients that disconnect without attempting
authentication (default: 1s).
This timeout should be used cautiously otherwise it may penalise legitimate
scanning tools such as
.Xr ssh-keyscan 1 .
.It Cm grace-exceeded:duration
Specifies how long to refuse clients that fail to authenticate after
.Cm LoginGraceTime
(default: 20s).
.It Cm max:duration
Specifies the maximum time a particular source address range will be refused
access for (default: 10m).
Repeated penalties will accumulate up to this maximum.
.It Cm min:duration
Specifies the minimum penalty that must accrue before enforcement begins
(default: 15s).
.It Cm max-sources4:number , max-sources6:number
Specifies the maximum number of client IPv4 and IPv6 address ranges to
track for penalties (default: 65536 for both).
.It Cm overflow:mode
Controls how the server behaves when
.Cm max-sources4
or
.Cm max-sources6
is exceeded.
There are two operating modes:
.Cm deny-all ,
which denies all incoming connections other than those exempted via
.Cm PerSourcePenaltyExemptList
until a penalty expires, and
.Cm permissive ,
which allows new connections by removing existing penalties early
(default: permissive).
Note that client penalties below the
.Cm min
threshold count against the total number of tracked penalties.
IPv4 and IPv6 addresses are tracked separately, so an overflow in one will
not affect the other.
.It Cm overflow6:mode
Allows specifying a different overflow mode for IPv6 addresses.
The default it to use the same overflow mode as was specified for IPv4.
.El
.It Cm PerSourcePenaltyExemptList
Specifies a comma-separated list of addresses to exempt from penalties.
This list may contain wildcards and CIDR address/masklen ranges.
Note that the mask length provided must be consistent with the address -
it is an error to specify a mask length that is too long for the address
or one with bits set in this host portion of the address.
For example, 192.0.2.0/33 and 192.0.2.0/8, respectively.
The default is not to exempt any addresses.
.It Cm PidFile
Specifies the file that contains the process ID of the
SSH daemon, or
@ -1738,6 +1831,13 @@ via
.Cm AcceptEnv
or
.Cm PermitUserEnvironment .
.It Cm SshdSessionPath
Overrides the default path to the
.Cm sshd-session
binary that is invoked to handle each connection.
The default is
.Pa /usr/libexec/sshd-session .
This option is intended for use by tests.
.It Cm StreamLocalBindMask
Sets the octal file creation mode mask
.Pq umask

3
sshkey.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.h,v 1.62 2023/06/21 05:10:26 djm Exp $ */
/* $OpenBSD: sshkey.h,v 1.63 2024/05/17 06:42:04 jsg Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -316,7 +316,6 @@ int ssh_rsa_complete_crt_parameters(struct sshkey *, const BIGNUM *);
int sshkey_set_filename(struct sshkey *, const char *);
int sshkey_enable_maxsign(struct sshkey *, u_int32_t);
u_int32_t sshkey_signatures_left(const struct sshkey *);
int sshkey_forward_state(const struct sshkey *, u_int32_t, int);
int sshkey_private_serialize_maxsign(struct sshkey *key,
struct sshbuf *buf, u_int32_t maxsign, int);

4
version.h
View File

@ -1,6 +1,6 @@
/* $OpenBSD: version.h,v 1.101 2024/03/11 04:59:47 djm Exp $ */
/* $OpenBSD: version.h,v 1.102 2024/07/01 04:31:59 djm Exp $ */
#define SSH_VERSION "OpenSSH_for_Windows_9.7"
#define SSH_VERSION "OpenSSH_for_Windows_9.8"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE