scp in RCP mode.
> revision 1.106
> date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl;
> openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP
> protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
OpenBSD-Commit-ID: 0c725481a78210aceecff1537322c0b2df03e768
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP
protocol for copying. Let's get back to testing the SFTP protocol.
OpenBSD-Commit-ID: 9eaa35d95fd547b78b0a043b3f518e135f151f30
release. We'll wait a little longer for people to pick up sftp-server(8) that
supports the extension that scp needs for ~user paths to continue working in
SFTP protocol mode. Discussed with deraadt@
OpenBSD-Commit-ID: f281f603a705fba317ff076e7b11bcf2df941871
"legacy" protocol rather than "original", as the latter made the text
misleading - uppercase SCP
ok djm
OpenBSD-Commit-ID: 8479255746d5fa76a358ee59e7340fecf4245ff0
protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension
that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
OpenBSD-Commit-ID: 23588976e28c281ff5988da0848cb821fec9213c
Now that the -3 option is enabled by default, flip the documentation
and error message logic from "requires -3" to "blocked by -R".
ok djm@
OpenBSD-Commit-ID: a872592118444fb3acda5267b2a8c3d4c4252020
default. Replace recently added -M option to select the protocol with -O
(olde) and -s (SFTP) flags, and label the -s flag with a clear warning that
it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc
provides a much better and more intuitive user experience and doesn't require
exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@
"makes a lot of sense" - deraadt@
"the right thing to do" - dtucker@
OpenBSD-Commit-ID: d0d2af5f0965c5192ba5b2fa461c9f9b130e5dd9
scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to
provide bug-compatibility with scp's weird "double shell" quoting
rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@
Thanks jmc@ for improving the scp.1 bits.
OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok
djm@
OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
PubkeyAcceptedAlgorithms. While the two were originally equivalent, this
actually specifies the signature algorithms that are accepted. Some key
types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512)
so the old name is becoming increasingly misleading. The old name is
retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
the glob issue, which cannot be fully fixed and really requires completely
replacing scp with a completely different subsystem. team effort to find the
right words..
OpenBSD-Commit-ID: 58e1f72d292687f63eb357183036ee242513691c
sftp. The default remains to not forward an agent, even when ssh_config
enables it. ok jmc dtucker markus
OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen
fix approach suggested by markus@;
has been in snaps for ~1wk courtesy deraadt@
OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
ssh(1) setuid has been removed, remove supporting code and clean up
references to it in the man pages
We have not shipped ssh(1) the setuid bit since 2002. If ayone
really needs to make connections from a low port number this can
be implemented via a small setuid ProxyCommand.
ok markus@ jmc@ djm@
OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
environment variables for the remote session (subject to the server accepting
them)
refactor SendEnv to remove the arbitrary limit of variable names.
ok markus@
OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
tweak the uri text, specifically removing some markup to
make it a bit more readable;
issue reported by - and diff ok - millert
OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f
Add URI support to ssh, sftp and scp. For example
ssh://user@host or sftp://user@host/path. The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type. OK djm@
Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@
Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
Add a ssh_config HostbasedKeyType option to control which
host public key types are tried during hostbased authentication.
This may be used to prevent too many keys being sent to the server,
and blowing past its MaxAuthTries limit.
bz#2211 based on patch by Iain Morgan; ok markus@
tj@openbsd.org
djm@openbsd.org
deraadt@openbsd.org
dtucker@openbsd.org
jmc@openbsd.org
naddy@openbsd.org
Darren Tucker
markus@openbsd.org
tb@openbsd.org
jmc@openbsd.org@openbsd.org
millert@openbsd.org
schwarze@openbsd.org
Damien Miller