Commit Graph

248 Commits

Author SHA1 Message Date
Manoj Ampalam 5ad8a2c358 Sources Merged from Win32 Fork 2016-12-19 14:46:28 -08:00
jsg@openbsd.org 79d078e7a4 upstream commit
Fix logic in add_local_forward() that inverted a test
when code was refactored out into bind_permitted().  This broke ssh port
forwarding for non-priv ports as a non root user.

ok dtucker@ 'looks good' deraadt@

Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9
2016-10-26 08:52:46 +11:00
dtucker@openbsd.org 1c4ef0b808 upstream commit
Factor out "can bind to low ports" check into its own function.  This will
make it easier for Portable to support platforms with permissions models
other than uid==0 (eg bz#2625).  ok djm@, "doesn't offend me too much"
deraadt@.

Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
2016-10-24 10:42:57 +11:00
djm@openbsd.org a94c603066 upstream commit
remove superfluous NOTREACHED comment

Upstream-ID: a7485c1f1be618e8c9e38fd9be46c13b2d03b90c
2016-08-29 11:20:28 +10:00
djm@openbsd.org 286f5a77c3 upstream commit
reverse the order in which -J/JumpHost proxies are visited to
be more intuitive and document

reported by and manpage bits naddy@

Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
2016-07-22 13:36:40 +10:00
naddy@openbsd.org 324583e8fb upstream commit
Do not clobber the global jump_host variables when
parsing an inactive configuration.  ok djm@

Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31
2016-07-22 13:36:40 +10:00
djm@openbsd.org ed877ef653 upstream commit
Add a ProxyJump ssh_config(5) option and corresponding -J
ssh(1) command-line flag to allow simplified indirection through a SSH
bastion or "jump host".

These options construct a proxy command that connects to the
specified jump host(s) (more than one may be specified) and uses
port-forwarding to establish a connection to the next destination.

This codifies the safest way of indirecting connections through SSH
servers and makes it easy to use.

ok markus@

Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
2016-07-15 14:20:10 +10:00
dtucker@openbsd.org 0cb2f4c249 upstream commit
Allow ExitOnForwardFailure and ClearAllForwardings to be
 overridden when using ssh -W (but still default to yes in that case).
 bz#2577, ok djm@.

Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
2016-06-08 11:39:31 +10:00
dtucker@openbsd.org 8543ff3f50 upstream commit
Move the host and port used by ssh -W into the Options
 struct. This will make future changes a bit easier.  ok djm@

Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
2016-06-08 11:39:31 +10:00
markus@openbsd.org 1a75d14daf upstream commit
allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@

Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac
2016-05-19 17:48:35 +10:00
markus@openbsd.org b02ad1ce91 upstream commit
IdentityAgent for specifying specific agent sockets; ok
 djm@

Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
2016-05-05 00:01:49 +10:00
djm@openbsd.org dc7990be86 upstream commit
Include directive for ssh_config(5); feedback & ok markus@

Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
2016-04-15 11:16:11 +10:00
Darren Tucker 5f41f030e2 Remove NO_IPPORT_RESERVED_CONCEPT
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
the same effect without causing problems syncing patches with OpenBSD.
Resync the two affected functions with OpenBSD.  ok djm, sanity checked
by Corinna.
2016-04-08 21:21:27 +10:00
djm@openbsd.org 0ccbd5eca0 upstream commit
don't record duplicate LocalForward and RemoteForward
 entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation
 where the same forwards are added on the second pass through the
 configuration file. bz#2562; ok dtucker@

Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
2016-04-08 14:26:06 +10:00
djm@openbsd.org 5a622844ff upstream commit
don't attempt to percent_expand() already-canonicalised
 addresses, avoiding unnecessary failures when attempting to connect to scoped
 IPv6 addresses (that naturally contain '%' characters)

Upstream-ID: f24569cffa1a7cbde5f08dc739a72f4d78aa5c6a
2016-02-09 16:31:33 +11:00
dtucker@openbsd.org 921ff00b0a upstream commit
Allow RekeyLimits in excess of 4G up to 2**63 bits
 (limited by the return type of scan_scaled).  Part of bz#2521, ok djm.

Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
2016-01-30 11:19:13 +11:00
markus@openbsd.org a306863831 upstream commit
remove roaming support; ok djm@

Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
2016-01-27 16:54:10 +11:00
deraadt@openbsd.org 6ef49e83e3 upstream commit
Disable experimental client-side roaming support.  Server
 side was disabled/gutted for years already, but this aspect was surprisingly
 forgotten. Thanks for report from Qualys

Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df
2016-01-27 16:41:49 +11:00
Damien Miller e6c85f8889 forcibly disable roaming support in the client 2016-01-15 01:30:36 +11:00
jcs@openbsd.org f361df474c upstream commit
Add an AddKeysToAgent client option which can be set to
 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'.  When enabled, a
 private key that is used during authentication will be added to ssh-agent if
 it is running (with confirmation enabled if set to 'confirm').

Initial version from Joachim Schipper many years ago.

ok markus@

Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
2015-11-16 11:31:39 +11:00
djm@openbsd.org a4aef3ed29 upstream commit
fix execv arguments in a way less likely to cause grief
 for -portable; ok dtucker@

Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5
2015-10-29 19:07:16 +11:00
djm@openbsd.org 2aaba0cfd5 upstream commit
avoid de-const warning & shrink; ok dtucker@

Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db
2015-10-29 19:07:14 +11:00
dtucker@openbsd.org 97e184e508 upstream commit
Do not prepend "exec" to the shell command run by "Match
 exec" in a config file.  It's an unnecessary optimization from repurposed
 ProxyCommand code and prevents some things working with some shells.
 bz#2471, pointed out by res at qoxp.net.  ok markus@

Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3
2015-10-29 19:07:11 +11:00
djm@openbsd.org 0c46bbe68b upstream commit
include PubkeyAcceptedKeyTypes in ssh -G config dump

Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb
2015-10-08 04:01:05 +11:00
djm@openbsd.org 4e44a79a07 upstream commit
add ssh_config CertificateFile option to explicitly list
 a certificate; patch from Meghana Bhat on bz#2436; ok markus@

Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
2015-10-06 12:21:54 +11:00
djm@openbsd.org 60a92470e2 upstream commit
Fix printing (ssh -G ...) of HostKeyAlgorithms=+...
 Reported by Bryan Drewery

Upstream-ID: 19ad20c41bd5971e006289b6f9af829dd46c1293
2015-08-22 11:17:07 +10:00
djm@openbsd.org f9eca249d4 upstream commit
Allow ssh_config and sshd_config kex parameters options be
 prefixed by a '+' to indicate that the specified items be appended to the
 default rather than replacing it.

approach suggested by dtucker@, feedback dlg@, ok markus@

Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
2015-07-30 12:32:16 +10:00
markus@openbsd.org 3a1638dda1 upstream commit
Turn off DSA by default; add HostKeyAlgorithms to the
 server and PubkeyAcceptedKeyTypes to the client side, so it still can be
 tested or turned back on; feedback and ok djm@

Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
2015-07-15 15:38:02 +10:00
djm@openbsd.org 78c2a4f883 upstream commit
Fix \-escaping bug that caused forward path parsing to skip
 two characters and skip past the end of the string.

Based on patch by Salvador Fandino; ok dtucker@

Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd
2015-06-27 09:24:04 +10:00
djm@openbsd.org 0882332616 upstream commit
Reorder EscapeChar option parsing to avoid a single-byte
 out- of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@

Upstream-ID: 1dc6b5b63d1c8d9a88619da0b27ade461d79b060
2015-05-22 20:02:18 +10:00
djm@openbsd.org e661a86353 upstream commit
Remove pattern length argument from match_pattern_list(), we
 only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.

ok markus@
2015-05-10 11:38:04 +10:00
deraadt@openbsd.org 657a5fbc0d upstream commit
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
2015-04-29 18:15:23 +10:00
djm@openbsd.org 26e0bcf766 upstream commit
fix uninitialised memory read when parsing a config file
 consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok
 dtucker
2015-03-30 11:01:08 +11:00
djm@openbsd.org 523463a3a2 upstream commit
Revise hostkeys@openssh.com hostkey learning extension.

The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.

Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.

ok markus@
2015-02-17 09:32:32 +11:00
djm@openbsd.org 15ad750e5e upstream commit
turn UpdateHostkeys off by default until I figure out
 mlarkin@'s warning message; requested by deraadt@
2015-02-03 11:06:16 +11:00
djm@openbsd.org 46347ed596 upstream commit
Add a ssh_config HostbasedKeyType option to control which
 host public key types are tried during hostbased authentication.

This may be used to prevent too many keys being sent to the server,
and blowing past its MaxAuthTries limit.

bz#2211 based on patch by Iain Morgan; ok markus@
2015-01-30 22:47:01 +11:00
djm@openbsd.org 8d4f87258f upstream commit
Host key rotation support.

Add a hostkeys@openssh.com protocol extension (global request) for
a server to inform a client of all its available host key after
authentication has completed. The client may record the keys in
known_hosts, allowing it to upgrade to better host key algorithms
and a server to gracefully rotate its keys.

The client side of this is controlled by a UpdateHostkeys config
option (default on).

ok markus@
2015-01-27 00:00:57 +11:00
deraadt@openbsd.org 2ae4f337b2 upstream commit
Replace <sys/param.h> with <limits.h> and other less
 dirty headers where possible.  Annotate <sys/param.h> lines with their
 current reasons.  Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
 LOGIN_NAME_MAX, etc.  Change MIN() and MAX() to local definitions of
 MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
 These are the files confirmed through binary verification. ok guenther,
 millert, doug (helped with the verification protocol)
2015-01-16 18:24:48 +11:00
djm@openbsd.org 1129dcfc5a upstream commit
sync ssh-keysign, ssh-keygen and some dependencies to the
 new buffer/key API; mostly mechanical, ok markus@
2015-01-15 21:39:14 +11:00
djm@openbsd.org 1f729f0614 upstream commit
add sshd_config HostbasedAcceptedKeyTypes and
 PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
 will be accepted. Currently defaults to all. Feedback & ok markus@
2015-01-13 19:27:18 +11:00
djm@openbsd.org e752c6d547 upstream commit
fix ssh_config FingerprintHash evaluation order; from Petr
 Lautrbach
2015-01-09 00:45:50 +11:00
djm@openbsd.org 56d1c83cdd upstream commit
Add FingerprintHash option to control algorithm used for
 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
 base64.

Feedback and ok naddy@ markus@
2014-12-22 09:32:29 +11:00
djm@openbsd.org 5e39a49930 upstream commit
add RevokedHostKeys option for the client

Allow textfile or KRL-based revocation of hostkeys.
2014-12-05 09:29:47 +11:00
lteo@openbsd.org 3bcb92e04d upstream commit
Remove unnecessary include: netinet/in_systm.h is not needed
 by these programs.

NB. skipped for portable

ok deraadt@ millert@
2014-10-27 16:34:52 +11:00
djm@openbsd.org 957fbceb0f upstream commit
Tweak config reparsing with host canonicalisation

Make the second pass through the config files always run when
hostname canonicalisation is enabled.

Add a "Match canonical" criteria that allows ssh_config Match
blocks to trigger only in the second config pass.

Add a -G option to ssh that causes it to parse its configuration
and dump the result to stdout, similar to "sshd -T"

Allow ssh_config Port options set in the second config parse
phase to be applied (they were being ignored).

bz#2267 bz#2286; ok markus
2014-10-13 11:41:48 +11:00
Damien Miller 7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
2014-07-18 14:11:24 +10:00
Damien Miller 1527190784 - djm@cvs.openbsd.org 2014/04/23 12:42:34
[readconf.c]
     don't record duplicate IdentityFiles
2014-05-15 13:47:56 +10:00
Damien Miller 13f97b2286 - djm@cvs.openbsd.org 2014/02/23 20:11:36
[readconf.c readconf.h ssh.c ssh_config.5]
     reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
     the hostname. This allows users to write configurations that always
     refer to canonical hostnames, e.g.

     CanonicalizeHostname yes
     CanonicalDomains int.example.org example.org
     CanonicalizeFallbackLocal no

     Host *.int.example.org
         Compression off
     Host *.example.org
         User djm

     ok markus@
2014-02-24 15:57:55 +11:00
Damien Miller 0628780abe - djm@cvs.openbsd.org 2014/02/22 01:32:19
[readconf.c]
     when processing Match blocks, skip 'exec' clauses if previous predicates
     failed to match; ok markus@
2014-02-24 15:56:45 +11:00
Damien Miller 7cc194f70d - djm@cvs.openbsd.org 2014/01/29 06:18:35
[Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
     [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
     [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
     remove experimental, never-enabled JPAKE code; ok markus@
2014-02-04 11:12:56 +11:00