Add 'reverse' dynamic forwarding which combines dynamic
forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
expects SOCKS-requests.
The SSH server code is unchanged and the parsing happens at the SSH
clients side. Thus the full SOCKS-request is sent over the forwarded
channel and the client parses c->output. Parsing happens in
channel_before_prepare_select(), _before_ the select bitmask is
computed in the pre[] handlers, but after network input processing
in the post[] handlers.
help and ok djm@
Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
Expand ssh_config's StrictModes option with two new
settings:
StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connections for changed or invalid hostkeys.
StrictModes=off is the same as StrictModes=no
Motivation:
StrictModes=no combines two behaviours for host key processing:
automatically learning new hostkeys and continuing to connect to hosts
with invalid/changed hostkeys. The latter behaviour is quite dangerous
since it removes most of the protections the SSH protocol is supposed to
provide.
Quite a few users want to automatically learn hostkeys however, so
this makes that feature available with less danger.
At some point in the future, StrictModes=no will change to be a synonym
for accept-new, with its current behaviour remaining available via
StrictModes=off.
bz#2400, suggested by Michael Samuel; ok markus
Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line. This
command will be executed on the remote host. The feature allows to automate
tasks using ssh config. OK markus@
Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
there's no reason to artificially limit the key path
here, just check that it fits PATH_MAX; spotted by Matthew Patton
Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58
Add SyslogFacility option to ssh(1) matching the
equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok
djm@
Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed
better match sshd config parser behaviour: fatal() if
line is overlong, increase line buffer to match sshd's; bz#2651 reported by
Don Fong; ok dtucker@
Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18
support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@
Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
small cleanup post SSHv1 removal:
remove SSHv1-isms in commented examples
reorder token table to group deprecated and compile-time conditional tokens
better
fix config dumping code for some compile-time conditional options that
weren't being correctly skipped (SSHv1 and PKCS#11)
Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
Fix logic in add_local_forward() that inverted a test
when code was refactored out into bind_permitted(). This broke ssh port
forwarding for non-priv ports as a non root user.
ok dtucker@ 'looks good' deraadt@
Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9
Factor out "can bind to low ports" check into its own function. This will
make it easier for Portable to support platforms with permissions models
other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much"
deraadt@.
Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
reverse the order in which -J/JumpHost proxies are visited to
be more intuitive and document
reported by and manpage bits naddy@
Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
Add a ProxyJump ssh_config(5) option and corresponding -J
ssh(1) command-line flag to allow simplified indirection through a SSH
bastion or "jump host".
These options construct a proxy command that connects to the
specified jump host(s) (more than one may be specified) and uses
port-forwarding to establish a connection to the next destination.
This codifies the safest way of indirecting connections through SSH
servers and makes it easy to use.
ok markus@
Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
Allow ExitOnForwardFailure and ClearAllForwardings to be
overridden when using ssh -W (but still default to yes in that case).
bz#2577, ok djm@.
Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
Move the host and port used by ssh -W into the Options
struct. This will make future changes a bit easier. ok djm@
Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
the same effect without causing problems syncing patches with OpenBSD.
Resync the two affected functions with OpenBSD. ok djm, sanity checked
by Corinna.
don't record duplicate LocalForward and RemoteForward
entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation
where the same forwards are added on the second pass through the
configuration file. bz#2562; ok dtucker@
Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
Allow RekeyLimits in excess of 4G up to 2**63 bits
(limited by the return type of scan_scaled). Part of bz#2521, ok djm.
Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
Disable experimental client-side roaming support. Server
side was disabled/gutted for years already, but this aspect was surprisingly
forgotten. Thanks for report from Qualys
Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df
Add an AddKeysToAgent client option which can be set to
'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
private key that is used during authentication will be added to ssh-agent if
it is running (with confirmation enabled if set to 'confirm').
Initial version from Joachim Schipper many years ago.
ok markus@
Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
Do not prepend "exec" to the shell command run by "Match
exec" in a config file. It's an unnecessary optimization from repurposed
ProxyCommand code and prevents some things working with some shells.
bz#2471, pointed out by res at qoxp.net. ok markus@
Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3
add ssh_config CertificateFile option to explicitly list
a certificate; patch from Meghana Bhat on bz#2436; ok markus@
Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
Allow ssh_config and sshd_config kex parameters options be
prefixed by a '+' to indicate that the specified items be appended to the
default rather than replacing it.
approach suggested by dtucker@, feedback dlg@, ok markus@
Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@
Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
Fix \-escaping bug that caused forward path parsing to skip
two characters and skip past the end of the string.
Based on patch by Salvador Fandino; ok dtucker@
Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd
Reorder EscapeChar option parsing to avoid a single-byte
out- of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@
Upstream-ID: 1dc6b5b63d1c8d9a88619da0b27ade461d79b060
Remove pattern length argument from match_pattern_list(), we
only ever use it for strlen(pattern).
Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.
ok markus@
Revise hostkeys@openssh.com hostkey learning extension.
The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.
Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.
ok markus@
markus@openbsd.org
djm@openbsd.org
bluhm@openbsd.org
dtucker@openbsd.org
jsg@openbsd.org
naddy@openbsd.org
Darren Tucker
deraadt@openbsd.org
Damien Miller
jcs@openbsd.org