addresses by AddressFamily if one was specified. Fixes the case where, if
CanonicalizeHostname is enabled, ssh may ignore AddressFamily. bz5326; ok
dtucker
OpenBSD-Commit-ID: 6c7d7751f6cd055126b2b268a7b64dcafa447439
obfuscation, only consider enabling it when a channel with a tty is open.
Avoids turning on the obfucation when X11 forwarding only is in use,
which slows it right down. Reported by Roger Marsh
OpenBSD-Commit-ID: c292f738db410f729190f92de100c39ec931a4f1
was initialized. This fixes a potential uninitialized use of 'limits' in
sftp_init() if sftp_get_limits() returned early because of an unexpected
message type.
ok djm@
OpenBSD-Commit-ID: 1c177d7c3becc1d71bc8763eecf61873a1d3884c
... instead of relying on installed one. Fixes test failures in -portable
when running tests prior to installation.
OpenBSD-Regress-ID: b6d6ba71c23209c616efc805a60d9a445d53a685
Some of the selfhosted test targets take a long time to run for various
reasons, so label them for "libvirt-hipri" runners so that they can
start immediately. This should reduce the time to complete all tests.
We still need to check if we're using sudo since we don't want to chown
unecessarily, as on some platforms this causes an error which pollutes
stderr. We also don't want to unnecessarily invoke sudo, since it's
running in the context of the proxycommand, on *other* platforms it
may not be able to authenticate, and if we're using SUDO then it should
already be privileged.
OpenBSD-Regress-ID: 70d58df7503db699de579a9479300e5f3735f4ee
Replace the use of a perl script to delete the controlling TTY with a
SSH_ASKPASS script to directly load the PIN.
Move PKCS#11 setup code to functions in anticipation of it being used
elsewhere in additional tests.
Reduce stdout spam
OpenBSD-Regress-ID: 07705c31de30bab9601a95daf1ee6bef821dd262
Right now this is only dbclient not the Dropbear server since it won't
currently run as a ProxyCommand.
OpenBSD-Regress-ID: 8cb898c414fcdb252ca6328896b0687acdaee496
Since openssh 9.4p1, openssl >= 1.1.1 is required, so
build with --without-openssl elsewhere.
According to https://repology.org/project/openssl/versions
openssl 1.1.1 is available on fedora >= 29 and rhel >= 8.
Successfully build tested, installed and run on rhel 6
This exposes the t-extra regress tests (including agent-pkcs11.sh) as
a new extra-tests target in the top level Makefile and runs them by
default. ok dtucker@
While we have 2 cores available on github runners, not using it means
that the most recent log message is the actual failure, rather than
having to search back through the log for it.
and use ppoll() to unmask them in the mainloop. Avoids race condition between
signaling ssh to exit and polling. bz3531; ok dtucker
OpenBSD-Commit-ID: 5c14e1aabcddedb95cdf972283d9c0d5083229e7
server as not matching the glob that the client sent, log (at debug level)
the received pathname as well as the list of possible expected paths expanded
from the glob. bz2966
OpenBSD-Commit-ID: 0bd8db8a595334ca86bca8f36e23fc0395315765
reason to limit its size: the version string bring included is a compile time
constant going into an allocated banner string.
OpenBSD-Commit-ID: 0ef73304b9bf3e534c60900cd84ab699f859ebcd
djm@openbsd.org
tobhe@openbsd.org
Darren Tucker
dtucker@openbsd.org
anton@openbsd.org
Fabio Pedretti
Damien Miller
tb@openbsd.org