in the case where the private key is loaded into ssh-agent but is not present
locally. Based on patch from rafork via github PR#215, ok jmc@
OpenBSD-Commit-ID: 2282e83b0ff78d2efbe705883b67240745fa5bb2
The subsequent call to stat_to_attrib clears the struct as its first step
anyway. From pmeinhardt via github PR#220, ok djm@
OpenBSD-Commit-ID: f5234fc6d7425b607e179acb3383f21716f3029e
Many tests skip tests for various reasons but not in a consistent way and
don't always clean up, so add that and switch the tests that do that over.
OpenBSD-Regress-ID: 72d2ec90a3ee8849486956a808811734281af735
Portable needs this and it makes no difference on OpenBSD, so resync
them. (Id sync only, Portable already had this.)
OpenBSD-Regress-ID: 33f6f66744455886d148527af8368811e4264162
When running PuTTY interop tests and using a PuTTY version older than
0.76, re-enable the ssh-rsa host key algorithm (the 256 and 512 variants
of RSA were added some time between 0.73 and 0.76).
OpenBSD-Regress-ID: e6138d6987aa705fa1e4f216db0bb386e1ff38e1
Specify host key algorithms in sshd's default set for the SSHFP test,
from djm@. Make the reason for when the test is skipped a bit clearer.
OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea
signature algorithm by default. It is feasible to create colliding SHA1
hashes, so we need to deprecate its use.
RSA/SHA-256/512 remains available and will be transparently selected
instead of RSA/SHA1 for most SSH servers released in the last five+
years. There is no need to regenerate RSA keys.
The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the
PubkeyAcceptedAlgorithms directives on the client and server.
ok dtucker deraadt
OpenBSD-Commit-ID: 189bcc4789c7254e09e23734bdd5def8354ff1d5
On the second and subsequent calls to pselect the notify_pipe was not
added to the select readset, opening up a race that om G. Christensen
discovered on multiprocessor Solaris <=9 systems.
Also reinitialize notify_pipe if the pid changes. This will prevent a
parent and child from using the same FD, although this is not an issue
in the current structure it might be in future.
- use a trap to always output any failed regress logs (since the script
sets -e, the existing log output is never invoked).
- pass LTESTS and SKIP_LTESTS when re-running with sshd options (eg.
UsePAM).
handle SIGINT rather than ignoring it, such that the user can use Ctrl-C to
discard the currently edited command line and get a fresh prompt, just like
in ftp(1), bc(1), and in shells.
It is critical to not use ssl_signal() for this particular case
because that function unconditionally sets SA_RESTART, but here we
need the signal to interrupt the read(2) in the el_gets(3) event loop.
OK dtucker@ deraadt@
OpenBSD-Commit-ID: 8025115a773f52e9bb562eaab37ea2e021cc7299
Now that the -3 option is enabled by default, flip the documentation
and error message logic from "requires -3" to "blocked by -R".
ok djm@
OpenBSD-Commit-ID: a872592118444fb3acda5267b2a8c3d4c4252020
remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP
connection is initiated. Instead, introduce a subsystem flag to
do_cmd() and add "-s" when the flag is set.
ok djm@
OpenBSD-Commit-ID: 25df69759f323661d31b2e1e790faa22e27966c1
(-Oprint-pubkey) to dump the full public key to stdout; based on patch from
Fabian Stelzer; ok markus@
OpenBSD-Commit-ID: 0598000e5b9adfb45d42afa76ff80daaa12fc3e2
On platforms where closefrom returns void (eg glibc>=2.34) the prototype
for closefrom in its compat tests would cause compile errors. Remove
this and have the tests pull in the compat headers in the same way as
the main code. bz#3336.
default. Replace recently added -M option to select the protocol with -O
(olde) and -s (SFTP) flags, and label the -s flag with a clear warning that
it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc
provides a much better and more intuitive user experience and doesn't require
exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@
"makes a lot of sense" - deraadt@
"the right thing to do" - dtucker@
OpenBSD-Commit-ID: d0d2af5f0965c5192ba5b2fa461c9f9b130e5dd9
Darren Tucker
dtucker@openbsd.org
deraadt@openbsd.org
Shchelkunov Artem
djm@openbsd.org
Damien Miller
Tim Rice
schwarze@openbsd.org
naddy@openbsd.org