Commit Graph

353 Commits

Author SHA1 Message Date
Damien Miller 6c3eec7ab2 - djm@cvs.openbsd.org 2011/04/17 22:42:42
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
     allow graceful shutdown of multiplexing: request that a mux server
     removes its listener socket and refuse future multiplexing requests;
     ok markus@
2011-05-05 14:16:22 +10:00
Damien Miller f22019bdbf - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
   [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
   [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
   [regress/README.regress] Remove ssh-rand-helper and all its
   tentacles. PRNGd seeding has been rolled into entropy.c directly.
   Thanks to tim@ for testing on affected platforms.
2011-05-05 13:48:37 +10:00
Damien Miller 71adf127e8 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
   port-linux.c to avoid compilation errors. Add -lselinux to ssh when
   building with SELinux support to avoid linking failure; report from
   amk AT spamfence.net; ok dtucker
2011-01-25 12:16:15 +11:00
Damien Miller 83f8a4014d - djm@cvs.openbsd.org 2011/01/06 22:23:53
[ssh.c]
     unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
     googlemail.com; ok markus@
2011-01-07 09:51:17 +11:00
Damien Miller d925dcd8a5 - djm@cvs.openbsd.org 2010/11/29 23:45:51
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
     [sshconnect.h sshconnect2.c]
     automatically order the hostkeys requested by the client based on
     which hostkeys are already recorded in known_hosts. This avoids
     hostkey warnings when connecting to servers with new ECDSA keys
     that are preferred by default; with markus@
2010-12-01 12:21:51 +11:00
Damien Miller 0dac6fb6b2 - djm@cvs.openbsd.org 2010/11/13 23:27:51
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
     [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
     allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
     hardcoding lowdelay/throughput.

     bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-11-20 15:19:38 +11:00
Damien Miller a41ccca643 - djm@cvs.openbsd.org 2010/10/06 06:39:28
[clientloop.c ssh.c sshconnect.c sshconnect.h]
     kill proxy command on fatal() (we already kill it on clean exit);
     ok markus@
2010-10-07 22:07:32 +11:00
Damien Miller 857b02e37f - djm@cvs.openbsd.org 2010/09/20 04:41:47
[ssh.c]
     install a SIGCHLD handler to reap expiried child process; ok markus@
2010-09-24 22:02:56 +10:00
Darren Tucker 8ccb7392e7 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
for missing headers and compiler warnings.
2010-09-10 12:28:24 +10:00
Damien Miller 6af914a15c - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
   [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
   platforms that don't have the requisite OpenSSL support. ok dtucker@
2010-09-10 11:39:26 +10:00
Damien Miller 5929c52f65 - markus@cvs.openbsd.org 2010/09/02 16:08:39
[ssh.c]
     unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
2010-09-10 11:17:02 +10:00
Damien Miller 4314c2b548 - djm@cvs.openbsd.org 2010/08/31 12:33:38
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     reintroduce commit from tedu@, which I pulled out for release
     engineering:
       OpenSSL_add_all_algorithms is the name of the function we have a
       man page for, so use that.  ok djm
2010-09-10 11:12:09 +10:00
Damien Miller eb8b60e320 - djm@cvs.openbsd.org 2010/08/31 11:54:45
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
     [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
     [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
     [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
     [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
     [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
     [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
     Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
     host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
     better performance than plain DH and DSA at the same equivalent symmetric
     key length, as well as much shorter keys.

     Only the mandatory sections of RFC5656 are implemented, specifically the
     three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
     ECDSA. Point compression (optional in RFC5656 is NOT implemented).

     Certificate host and user keys using the new ECDSA key types are supported.

     Note that this code has not been tested for interoperability and may be
     subject to change.

     feedback and ok markus@
2010-08-31 22:41:14 +10:00
Damien Miller d96546f5b0 - djm@cvs.openbsd.org 2010/08/16 04:06:06
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     backout previous temporarily; discussed with deraadt@
2010-08-31 22:32:12 +10:00
Damien Miller 9b87e79538 - tedu@cvs.openbsd.org 2010/08/12 23:34:39
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     OpenSSL_add_all_algorithms is the name of the function we have a man page
     for, so use that.  ok djm
2010-08-31 22:31:37 +10:00
Damien Miller 00d9ae26db - djm@cvs.openbsd.org 2010/08/12 21:49:44
[ssh.c]
     close any extra file descriptors inherited from parent at start and
     reopen stdin/stdout to /dev/null when forking for ControlPersist.

     prevents tools that fork and run a captive ssh for communication from
     failing to exit when the ssh completes while they wait for these fds to
     close. The inherited fds may persist arbitrarily long if a background
     mux master has been started by ControlPersist. cvs and scp were effected
     by this.

     "please commit" markus@
2010-08-17 01:59:31 +10:00
Damien Miller c158331f8c - djm@cvs.openbsd.org 2010/08/04 05:42:47
[auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
     [ssh-keysign.c ssh.c]
     enable certificates for hostbased authentication, from Iain Morgan;
     "looks ok" markus@
2010-08-05 13:04:50 +10:00
Damien Miller e11e1ea5d4 - djm@cvs.openbsd.org 2010/07/19 09:15:12
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
     add a "ControlPersist" option that automatically starts a background
     ssh(1) multiplex master when connecting. This connection can stay alive
     indefinitely, or can be set to automatically close after a user-specified
     duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
     further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
     martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
2010-08-03 16:04:46 +10:00
Damien Miller d0244d498b - djm@cvs.openbsd.org 2010/07/12 22:41:13
[ssh.c ssh_config.5]
     expand %h to the hostname in ssh_config Hostname options. While this
     sounds useless, it is actually handy for working with unqualified
     hostnames:

     Host *.*
        Hostname %h
     Host *
        Hostname %h.example.org

     "I like it" markus@
2010-07-16 13:56:43 +10:00
Damien Miller 1f25ab43f4 - djm@cvs.openbsd.org 2010/07/12 22:38:52
[ssh.c]
     Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
     for protocol 2. ok markus@
2010-07-16 13:56:23 +10:00
Damien Miller b96c441ee2 - djm@cvs.openbsd.org 2010/06/26 23:04:04
[ssh.c]
     oops, forgot to #include <canohost.h>; spotted and patch from chl@
2010-07-02 13:34:24 +10:00
Damien Miller 1ab6a51f9b - djm@cvs.openbsd.org 2010/06/25 23:10:30
[ssh.c]
     log the hostname and address that we connected to at LogLevel=verbose
     after authentication is successful to mitigate "phishing" attacks by
     servers with trusted keys that accept authentication silently and
     automatically before presenting fake password/passphrase prompts;
     "nice!" markus@
2010-06-26 10:02:24 +10:00
Damien Miller 383ffe6c5f - djm@cvs.openbsd.org 2010/06/25 23:10:30
[ssh.c]
     log the hostname and address that we connected to at LogLevel=verbose
     after authentication is successful to mitigate "phishing" attacks by
     servers with trusted keys that accept authentication silently and
     automatically before presenting fake password/passphrase prompts;
     "nice!" markus@
2010-06-26 10:02:03 +10:00
Damien Miller 388f6fc485 - markus@cvs.openbsd.org 2010/05/16 12:55:51
[PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
     mux support for remote forwarding with dynamic port allocation,
     use with
        LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
     feedback and ok djm@
2010-05-21 14:57:35 +10:00
Damien Miller d530f5f471 - djm@cvs.openbsd.org 2010/05/14 23:29:23
[channels.c channels.h mux.c ssh.c]
     Pause the mux channel while waiting for reply from aynch callbacks.
     Prevents misordering of replies if new requests arrive while waiting.

     Extend channel open confirm callback to allow signalling failure
     conditions as well as success. Use this to 1) fix a memory leak, 2)
     start using the above pause mechanism and 3) delay sending a success/
     failure message on mux slave session open until we receive a reply from
     the server.

     motivated by and with feedback from markus@
2010-05-21 14:57:10 +10:00
Damien Miller deb5a1423a - djm@cvs.openbsd.org 2010/04/10 00:00:16
[ssh.c]
     bz#1746 - suppress spurious tty warning when using -O and stdin
     is not a tty; ok dtucker@ markus@
2010-04-16 15:52:43 +10:00
Damien Miller 0a80ca190a - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/02/26 20:29:54
     [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
     [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
     [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
     [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
     [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
     [sshconnect2.c sshd.8 sshd.c sshd_config.5]
     Add support for certificate key types for users and hosts.

     OpenSSH certificate key types are not X.509 certificates, but a much
     simpler format that encodes a public key, identity information and
     some validity constraints and signs it with a CA key. CA keys are
     regular SSH keys. This certificate style avoids the attack surface
     of X.509 certificates and is very easy to deploy.

     Certified host keys allow automatic acceptance of new host keys
     when a CA certificate is marked as sh/known_hosts.
     see VERIFYING HOST KEYS in ssh(1) for details.

     Certified user keys allow authentication of users when the signing
     CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
     FILE FORMAT" in sshd(8) for details.

     Certificates are minted using ssh-keygen(1), documentation is in
     the "CERTIFICATES" section of that manpage.

     Documentation on the format of certificates is in the file
     PROTOCOL.certkeys

     feedback and ok markus@
2010-02-27 07:55:05 +11:00
Damien Miller 048dc93617 - jmc@cvs.openbsd.org 2010/02/08 22:03:05
[ssh-add.1 ssh-keygen.1 ssh.1 ssh.c]
     tweak previous; ok markus
2010-02-12 09:22:04 +11:00
Damien Miller 7ea845e48d - markus@cvs.openbsd.org 2010/02/08 10:50:20
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
     replace our obsolete smartcard code with PKCS#11.
        ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
     ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
     provider (shared library) while ssh-agent(1) delegates PKCS#11 to
     a forked a ssh-pkcs11-helper process.
     PKCS#11 is currently a compile time option.
     feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
2010-02-12 09:21:02 +11:00
Damien Miller e1537f951f - djm@cvs.openbsd.org 2010/01/26 01:28:35
[channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c]
     rewrite ssh(1) multiplexing code to a more sensible protocol.

     The new multiplexing code uses channels for the listener and
     accepted control sockets to make the mux master non-blocking, so
     no stalls when processing messages from a slave.

     avoid use of fatal() in mux master protocol parsing so an errant slave
     process cannot take down a running master.

     implement requesting of port-forwards over multiplexed sessions. Any
     port forwards requested by the slave are added to those the master has
     established.

     add support for stdio forwarding ("ssh -W host:port ...") in mux slaves.

     document master/slave mux protocol so that other tools can use it to
     control a running ssh(1). Note: there are no guarantees that this
     protocol won't be incompatibly changed (though it is versioned).

     feedback Salvador Fandino, dtucker@
     channel changes ok markus@
2010-01-26 13:26:22 +11:00
Darren Tucker 7ad8dd21da - dtucker@cvs.openbsd.org 2010/01/11 01:39:46
[ssh_config channels.c ssh.1 channels.h ssh.c]
     Add a 'netcat mode' (ssh -W).  This connects stdio on the client to a
     single port forward on the server.  This allows, for example, using ssh as
     a ProxyCommand to route connections via intermediate servers.
     bz #1618, man page help from jmc@, ok markus@
2010-01-12 19:40:27 +11:00
Darren Tucker 7bd98e7f74 - dtucker@cvs.openbsd.org 2010/01/09 23:04:13
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
     ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
     readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
     Remove RoutingDomain from ssh since it's now not needed.  It can be
     replaced with "route exec" or "nc -V" as a proxycommand.  "route exec"
     also ensures that trafic such as DNS lookups stays withing the specified
     routingdomain.  For example (from reyk):
     # route -T 2 exec /usr/sbin/sshd
     or inherited from the parent process
     $ route -T 2 exec sh
     $ ssh 10.1.2.3
     ok deraadt@ markus@ stevesk@ reyk@
2010-01-10 10:31:12 +11:00
Darren Tucker b8c884a0ba - guenther@cvs.openbsd.org 2009/12/20 07:28:36
[ssh.c sftp.c scp.c]
     When passing user-controlled options with arguments to other programs,
     pass the option and option argument as separate argv entries and
     not smashed into one (e.g., as -l foo and not -lfoo).  Also, always
     pass a "--" argument to stop option parsing, so that a positional
     argument that starts with a '-' isn't treated as an option.  This
     fixes some error cases as well as the handling of hostnames and
     filenames that start with a '-'.
     Based on a diff by halex@
     ok halex@ djm@ deraadt@
2010-01-08 18:53:43 +11:00
Darren Tucker 34e314da1b - reyk@cvs.openbsd.org 2009/10/28 16:38:18
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
     channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
     sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
     Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
     ok markus@
2010-01-08 17:03:46 +11:00
Darren Tucker f1de4e5228 - andreas@cvs.openbsd.org 2009/10/24 11:23:42
[ssh.c]
     Request roaming to be enabled if UseRoaming is true and the server
     supports it.
     ok markus@
2010-01-08 16:54:59 +11:00
Darren Tucker 199b1340a8 - dtucker@cvs.openbsd.org 2009/07/02 02:11:47
[ssh.c]
     allow for long home dir paths (bz #1615).  ok deraadt
     (based in part on a patch from jchadima at redhat)
2009-07-06 07:16:56 +10:00
Darren Tucker 72efd74d2f - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2009/03/17 21:37:00
     [ssh.c]
     pass correct argv[0] to openlog(); ok djm@
2009-06-21 17:48:00 +10:00
Damien Miller 4bf648f776 - djm@cvs.openbsd.org 2009/02/12 03:00:56
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
     [readconf.h serverloop.c ssh.c]
     support remote port forwarding with a zero listen port (-R0:...) to
     dyamically allocate a listen port at runtime (this is actually
     specified in rfc4254); bz#1003 ok markus@
2009-02-14 16:28:21 +11:00
Damien Miller 3dc71ad865 - djm@cvs.openbsd.org 2009/01/22 10:02:34
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
     [serverloop.c ssh-keyscan.c ssh.c sshd.c]
     make a2port() return -1 when it encounters an invalid port number
     rather than 0, which it will now treat as valid (needed for future work)
     adjust current consumers of a2port() to check its return value is <= 0,
     which in turn required some things to be converted from u_short => int
     make use of int vs. u_short consistent in some other places too
     feedback & ok markus@
2009-01-28 16:31:22 +11:00
Damien Miller a699d952e5 - stevesk@cvs.openbsd.org 2008/11/01 17:40:33
[clientloop.c readconf.c readconf.h ssh.c]
     merge dynamic forward parsing into parse_forward(); 'i think this is OK' djm@
2008-11-03 19:27:34 +11:00
Damien Miller c13c3ee44a - jmc@cvs.openbsd.org 2008/10/09 06:54:22
[ssh.c]
     add -y to usage();
2008-11-03 19:23:28 +11:00
Damien Miller e272a5bb29 - djm@cvs.openbsd.org 2008/10/08 23:34:03
[ssh.1 ssh.c]
     Add -y option to force logging via syslog rather than stderr.
     Useful for daemonised ssh connection (ssh -f). Patch originally from
     and ok'd by markus@
2008-11-03 19:22:37 +11:00
Damien Miller 456e6f0ebb - markus@cvs.openbsd.org 2008/09/11 14:22:37
[compat.c compat.h nchan.c ssh.c]
     only send eow and no-more-sessions requests to openssh 5 and newer;
     fixes interop problems with broken ssh v2 implementations; ok djm@
2008-11-03 19:20:10 +11:00
Darren Tucker 9a2a60986b - djm@cvs.openbsd.org 2008/07/02 13:47:39
[ssh.1 ssh.c]
     When forking after authentication ("ssh -f") with ExitOnForwardFailure
     enabled, delay the fork until after replies for any -R forwards have
     been seen. Allows for robust detection of -R forward failure when
     using -f (similar to bz#92); ok dtucker@
2008-07-04 12:53:50 +10:00
Darren Tucker f6b01b758f - dtucker@cvs.openbsd.org 2008/06/12 16:35:31
[ssh_config.5 ssh.c]
     keyword expansion for localcommand.  ok djm@
2008-06-13 04:56:37 +10:00
Darren Tucker d6173c0bd7 - djm@cvs.openbsd.org 2008/06/12 04:24:06
[ssh.c]
     thal shalt not code past the eightieth column
2008-06-13 04:52:53 +10:00
Darren Tucker 9f407c4422 - djm@cvs.openbsd.org 2008/06/12 04:06:00
[clientloop.h ssh.c clientloop.c]
     maintain an ordered queue of outstanding global requests that we
     expect replies to, similar to the per-channel confirmation queue.
     Use this queue to verify success or failure for remote forward
     establishment in a race free way.
     ok dtucker@
2008-06-13 04:50:27 +10:00
Darren Tucker 8901fa9c88 - djm@cvs.openbsd.org 2008/06/10 22:15:23
[PROTOCOL ssh.c serverloop.c]
     Add a no-more-sessions@openssh.com global request extension that the
     client sends when it knows that it will never request another session
     (i.e. when session multiplexing is disabled). This allows a server to
     disallow further session requests and terminate the session.
     Why would a non-multiplexing client ever issue additional session
     requests? It could have been attacked with something like SSH'jack:
     http://www.storm.net.nz/projects/7
     feedback & ok markus
2008-06-11 09:34:01 +10:00
Damien Miller b3da593962 - djm@cvs.openbsd.org 2008/05/09 14:26:08
[ssh.c]
     dingo stole my diff hunk
2008-05-19 16:02:37 +10:00
Damien Miller b1cbfa25f1 - djm@cvs.openbsd.org 2008/05/09 14:18:44
[clientloop.c clientloop.h ssh.c mux.c]
     tidy up session multiplexing code, moving it into its own file and
     making the function names more consistent - making ssh.c and
     clientloop.c a fair bit more readable.
     ok markus@
2008-05-19 16:00:08 +10:00