Use consistent format in debug log for keys readied, offered and
received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains (where available) the key filename, its type and fingerprint,
and whether the key is hosted in an agent or a token.
OpenBSD-Commit-ID: f1c6a8e9cfc4e108c359db77f24f9a40e1e25ea7
revision 1.285
date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK;
Use consistent format in debug log for keys readied, offered and
received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains the key filename, its type and fingerprint, and whether
the key is hosted in an agent or a token.
OpenBSD-Commit-ID: e496bd004e452d4b051f33ed9ae6a54ab918f56d
offered and received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains the key filename, its type and fingerprint, and whether
the key is hosted in an agent or a token.
OpenBSD-Commit-ID: 2a01d59285a8a7e01185bb0a43316084b4f06a1f
causes double-free under some circumstances.
--
date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@
OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
attempted. Do not link uidwap.c into ssh any more. Neuters
UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@
djm@
OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
directly in ssh(1) and always use ssh-keysign. This removes one of the few
remaining reasons why ssh(1) might be setuid. ok markus@
OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d
It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:
date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
Rename COMP_DELAYED to COMP_ZLIB
Only delayed compression is supported nowadays.
ok markus@
date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
Remove leftovers from pre-authentication compression
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58
signature work - returns ability to add/remove/specify algorithms by
wildcard.
Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.
Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.
(lots of) feedback, ok markus@
OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
different to what was requested. This might happen when an old/non-OpenSSH
agent is asked to make a rsa-sha2-256/512 signature but only supports
ssh-rsa. bz#2799 feedback and ok markus@
OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce
ssh_free checks for and handles NULL args, remove NULL
checks from remaining callers. ok djm@
OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
Increase the buffer sizes for user prompts to ensure that
they won't be truncated by snprintf. Based on patch from cjwatson at
debian.org via bz#2768, ok djm@
Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e
Add user@host prefix to client's "Permisison denied"
messages, useful in particular when using "stacked" connections where it's
not clear which host is denying. bz#2720, ok djm@ markus@
Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be
allow ssh to use certificates accompanied by a private
key file but no corresponding plain *.pub public key. bz#2617 based on patch
from Adam Eijdenberg; ok dtucker@ markus@
Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9
Make ssh_packet_set_rekey_limits take u32 for the number of
seconds until rekeying (negative values are rejected at config parse time).
This allows the removal of some casts and a signed vs unsigned comparison
warning.
rekey_time is cast to int64 for the comparison which is a no-op
on OpenBSD, but should also do the right thing in -portable on
anything still using 32bit time_t (until the system time actually
wraps, anyway).
some early guidance deraadt@, ok djm@
Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
don't dereference authctxt before testing != NULL, it
causes compilers to make assumptions; from Karsten Weiss
Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
Fix public key authentication when multiple
authentication is in use. Instead of deleting and re-preparing the entire
keys list, just reset the 'used' flags; the keys list is already in a good
order (with already- tried keys at the back)
Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176
restore pre-auth compression support in the client -- the
previous commit was intended to remove it from the server only.
remove a few server-side pre-auth compression bits that escaped
adjust wording of Compression directive in sshd_config(5)
pointed out by naddy@ ok markus@
Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
If ssh receives a PACKET_DISCONNECT during userauth it
will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the
session being authenticated. Check for this and exit if necessary. ok djm@
Upstream-ID: b3afe126c0839d2eae6cddd41ff2ba317eda0903
Lower loglevel for "Authenticated with partial success"
message similar to other similar level. bz#2599, patch from cgallek at
gmail.com, ok markus@
Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd
support UTF-8 characters in ssh(1) banners using
schwarze@'s safe fmprintf printer; bz#2058
feedback schwarze@ ok dtucker@
Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7
add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
better safety checking; feedback and ok markus@
Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
unbreak authentication using lone certificate keys in
ssh-agent: when attempting pubkey auth with a certificate, if no separate
private key is found among the keys then try with the certificate key itself.
bz#2550 reported by Peter Moody
Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
fix spurious error message when incorrect passphrase
entered for keys; reported by espie@ ok deraadt@
Upstream-ID: 58b2e46e63ed6912ed1ee780bd3bd8560f9a5899
djm@openbsd.org
dtucker@openbsd.org
markus@openbsd.org
sf@openbsd.org
naddy@openbsd.org