On Solaris 10 and older targets /bin/sh is not POSIX-compliant.
Test -z `...` fails with error 'sh: test: argument expected'.
Using quotes around backticks fixes this and doesn't break
POSIX compatibility.
SSH-Copy-ID-Upstream: 98394072a3f985b2650c1e8eab2fef84e38cc065
The commit b068122 removed the code dropping the trailing colon, but the comment stayed leaving the code confusing for future readers
SSH-Copy-ID-Upstream: 930d39f238117cd53810240ec989d0356aa1c1f6
OpenWrt overrides the location of authorized_keys for root. Currently we
assume that all Dropbear installations behave this way, which is not the
case. Check for OpenWrt and root user before using that location instead
of assuming that for all Dropbear servers. Prompted by Github PR#250.
SSH-Copy-ID-Upstream: 0e1f5d443a9967483c33945793107ae3f3e4af2d
Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only
major must match instead of major and minor in earlier versions).
bz#3548, ok djm@
requests.
sftp/scp will ftruncate the destination file after a transfer completes,
to deal with the case where a longer destination file already existed.
We tracked the highest contiguous block transferred to deal with this
case, but our naive tracking doesn't deal with servers that reorder
requests - a misfeature strictly permitted by the protocol but seldom
implemented.
Adjust the logic to ftruncate() at the highest absolute block received
when the transfer is successful. feedback deraadt@ ok markus@
prompted by https://github.com/openssh/openssh-portable/commit/9b733#commitcomment-110679778
OpenBSD-Commit-ID: 4af7fac75958ad8507b4fea58706f3ff0cfddb1b
Previously ssh would incorrectly refuse to canonicalise the hostname
if ProxyJump was explicitly set to "none" when CanonicalizeHostname=yes
bz3567; ok dtucker
OpenBSD-Commit-ID: 80a58e43c3a32f97361282f756ec8d3f37989efd
* Complete pending write operations before canceling io.
* Removed comment, question has been addressed in mr.
* include useful comment from vthiebaut10
---------
Co-authored-by: Christopher Greene <christopher.greene@thetradedesk.com>
* support SSH2_AGENTC_ADD_ID_CONSTRAINED by treating it as SSH2_AGENTC_ADD_IDENTITY
This ignores the requested constraints:
- SSH_AGENT_CONSTRAIN_LIFETIME
- SSH_AGENT_CONSTRAIN_CONFIRM
- SSH_AGENT_CONSTRAIN_MAXSIGN
- SSH_AGENT_CONSTRAIN_EXTENSION
SSH2_AGENTC_ADD_ID_CONSTRAINED is needed to support add U2F/Fido2 ssh keys to the agent from WSL ssh-add and KeePassXC
ref PowerShell/Win32-OpenSSH#1961
* update buffer pointer to after comment string
sshbuf_peek_string_direct doesn't update request offset pointer
* parse agent constraint messages
returns SSH_AGENT_FAILURE on unsupported constraint types, such as:
* SSH_AGENT_CONSTRAIN_LIFETIME
* SSH_AGENT_CONSTRAIN_CONFIRM
* SSH_AGENT_CONSTRAIN_MAXSIGN
returns SSH_AGENT_FAILURE on unsupported constrain extensions, such as:
"restrict-destination-v00@openssh.com"
accepts and ignores constrain extension "sk-provider@openssh.com"
* reject non-internal skproviders & log
Based on Coverity CID 291863 which points out we check the channel
pointer for NULLness after dereferencing it. Move this to the start
of the function, and while there simplify initialization of efc a bit.
ok djm@
OpenBSD-Commit-ID: de36e5ad6fde0fe263ca134e986b9095dc59380a
Carlos Rodríguez Gili
Jakub Jelen
Darren Tucker
Philip Hands
djm@openbsd.org
Tess Gauthier
dtucker@openbsd.org
Dmitry Igrishin
jsg@openbsd.org
Chris Greene
Damien Miller
Dan Drown