* Try to resolve a port specification with getservbyname(3) if a
numeric conversion fails.
* Make the "Port" option in ssh_config handle its argument as a
port rather than a plain integer.
ok dtucker@ deraadt@
OpenBSD-Commit-ID: e7f03633133205ab3dfbc67f9df7475fabae660d
close the local extended read fd (stderr) along with the regular read fd
(stdout). Avoids weird stuck processed in multiplexing mode.
Report and analysis by Nelson Elhage and Geoffrey Thomas in bz#2863
ok dtucker@ markus@
OpenBSD-Commit-ID: a48a2467fe938de4de69d2e7193d5fa701f12ae9
disposition of channel's extended (stderr) fd; makes debugging some things a
bit easier. No behaviour change.
OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce
channel/ session protocol. Signalling is only supported to sesssions that are
not subsystems and were not started with a forced command.
Long requested in bz#1424
Based on a patch from markus@ and reworked by dtucker@;
ok markus@ dtucker@
OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3
the mentioned tasks are obsolete and, of the remainder, most are already
captured in PROTOCOL.mux where they better belong
OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407
function names,
Gives better symmetry with the existing mux_client_*() names and makes
it more obvious when a message comes from the master vs client (they
are interleved in ControlMaster=auto mode).
no functional change beyond prefixing a could of log messages with
__func__ where they were previously lacking.
OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75
OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether
GSSAPI authentication is enabled in the main config.
This avoids sandbox violations for configurations that enable GSSAPI
auth later, e.g.
Match user djm
GSSAPIAuthentication yes
bz#2107; ok dtucker@
OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d
being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered
to be "in the file". This allows key revocation lists to contain short keys
without the entire revocation list being considered invalid.
bz#2897; ok dtucker
OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't
try to canonicalise the hostname unless CanonicalizeHostname is set to
'always').
Patch from Sven Wegener via bz#2896
OpenBSD-Commit-ID: 527ff501cf98bf65fb4b29ed0cb847dda10f4d37
it to specify which signature algorithms may be used by CAs when signing
certificates. Useful if you want to ban RSA/SHA1; ok markus@
OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f
control over which signature algorithms a CA may use when signing
certificates. In particular, this allows a sshd to ban certificates signed
with RSA/SHA1.
ok markus@
OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac
output from successful operations.
Based on patch from Thijs van Dijk; ok dtucker@ deraadt@
OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1
re-using the linenum variable for something that is not a line number to
avoid the confusion that resulted in the bug in rev. 1.64. This also lets us
pass the actual linenum to parse_prime() so the error messages include the
correct line number. OK markus@ some time ago.
OpenBSD-Commit-ID: 4d8e5d3e924d6e8eb70053e3defa23c151a00084
Use consistent format in debug log for keys readied, offered and
received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains (where available) the key filename, its type and fingerprint,
and whether the key is hosted in an agent or a token.
OpenBSD-Commit-ID: f1c6a8e9cfc4e108c359db77f24f9a40e1e25ea7
revision 1.285
date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK;
Use consistent format in debug log for keys readied, offered and
received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains the key filename, its type and fingerprint, and whether
the key is hosted in an agent or a token.
OpenBSD-Commit-ID: e496bd004e452d4b051f33ed9ae6a54ab918f56d
offered and received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains the key filename, its type and fingerprint, and whether
the key is hosted in an agent or a token.
OpenBSD-Commit-ID: 2a01d59285a8a7e01185bb0a43316084b4f06a1f
signature algorithms that are allowed for CA signatures. Notably excludes
ssh-dsa.
ok markus@
OpenBSD-Commit-ID: 1628e4181dc8ab71909378eafe5d06159a22deb4
naddy@openbsd.org
djm@openbsd.org
Damien Miller
Darren Tucker
dtucker@openbsd.org
jmc@openbsd.org
millert@openbsd.org