fixed limit of subsystems. Saves a few kb of memory in the server and makes
it more like the other options.
OpenBSD-Commit-ID: e683dfca6bdcbc3cc339bb6c6517c0c4736a547f
This may change behaviour of exotic configurations, but the most common
subsystem configuration (sftp-server) is unlikely to be affected.
OpenBSD-Commit-ID: 8ffa296aeca981de5b0945242ce75aa6dee479bf
fatal error to being a debug message to match behaviour with just about all
other directives.
OpenBSD-Commit-ID: fc90ed2cc0c18d4eb8e33d2c5e98d25f282588ce
Ed25519 public keys are very convenient due to their small size.
OpenSSH has supported Ed25519 since version 6.5 (January 2014).
OK djm@ markus@ sthen@ deraadt@
OpenBSD-Commit-ID: f498beaad19c8cdcc357381a60df4a9c69858b3f
layer enqueud some data in the last poll() cycle; this avoids triggering the
obfuscatior for non-channels data like ClientAlive probes and also fixes a
related problem were the obfucations would be triggered on fully quiescent
connections.
Based on / tested by naddy@
OpenBSD-Commit-ID: d98f32dc62d7663ff4660e4556e184032a0db123
whether channel data was enqueued. Will be used to improve keystroke timing
obfuscation. Problem spotted by / tested by naddy@
OpenBSD-Commit-ID: f9776c7b0065ba7c3bbe50431fd3b629f44314d0
originally requested a tty; enables keystroke timing obfuscation for most
ControlPersist sessions. Spotted by naddy@
OpenBSD-Commit-ID: 72783a26254202e2f3f41a2818a19956fe49a772
If we don't have LLONG_MAX, configure will figure out that it can get it
by setting -std=gnu99, at which point we won't be testing C89 any more.
To avoid this, feed it in via CFLAGS.
and don't delay at all for the "none" authentication mechanism. Patch by
Dmitry Belyavskiy in bz3602 with polish/ok dtucker@
OpenBSD-Commit-ID: 85b364676dd84cf1de0e98fc2fbdcb1a844ce515
This attempts to hide inter-keystroke timings by sending interactive
traffic at fixed intervals (default: every 20ms) when there is only a
small amount of data being sent. It also sends fake "chaff" keystrokes
for a random interval after the last real keystroke. These are
controlled by a new ssh_config ObscureKeystrokeTiming keyword/
feedback/ok markus@
OpenBSD-Commit-ID: 02231ddd4f442212820976068c34a36e3c1b15be
This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG
to implement a ping capability. These messages use numbers in the "local
extensions" number space and are advertised using a "ping@openssh.com"
ext-info message with a string version number of "0".
ok markus@
OpenBSD-Commit-ID: b6b3c4cb2084c62f85a8dc67cf74954015eb547f
verbose instead of error to reduce preauth log spam. All of those get logged
with a more generic error message by sshpkt_fatal().
feedback from sthen@
ok djm@
OpenBSD-Commit-ID: bd47dab4695b134a44c379f0e9a39eed33047809
multiplexed sessions to ignore SIGINT under some circumstances. Reported by /
feedback naddy@, ok dtucker@
OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a
connections. If the multiplex socket exists but the connection times out,
ssh will fall back to a direct connection the same way it would if the socket
did not exist at all. ok djm@
OpenBSD-Commit-ID: 2fbe1a36d4a24b98531b2d298a6557c8285dc1b4
When sshd is built with an OpenSSL that does not self-seed, it would
fail in the preauth privsep process while handling a new connection.
Sanity checked by djm@
a specific point. e.g. "make LTESTS_FROM=t-sftp" will only run the sftp.sh
test and subsequent ones. ok dtucker@
OpenBSD-Regress-ID: 07f653de731def074b29293db946042706fcead3
AuthorizedKeysCommand accept the %D (routing domain) and a new %C (connection
address/port 4-tuple) as expansion sequences; ok markus
OpenBSD-Commit-ID: ee9a48bf1a74c4ace71b69de69cfdaa2a7388565
djm@openbsd.org
job@openbsd.org
Darren Tucker
jmc@openbsd.org
tobhe@openbsd.org
naddy@openbsd.org
Damien Miller
dtucker@openbsd.org