tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-31 01:35:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,486 Commits 6 Branches 22 Tags
Commit Graph

11486 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jmc@openbsd.org
20ccd85424 upstream: sort -Y internally in the options list, as is already 
done in synopsis;

OpenBSD-Commit-ID: 86d033c5764404057616690d7be992e445b42274
 2019-12-30 14:31:40 +11:00
jmc@openbsd.org
5b6c954751 upstream: in the options list, sort -Y and -y; 
OpenBSD-Commit-ID: 24c2e6a3aeab6e050a0271ffc73fdff91c10dcaa
 2019-12-30 14:31:40 +11:00
naddy@openbsd.org
141df487ba upstream: Replace the term "security key" with "(FIDO) 
authenticator".

The polysemous use of "key" was too confusing.  Input from markus@.
ok jmc@

OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
 2019-12-30 14:31:40 +11:00
djm@openbsd.org
fbd9729d4e upstream: unit tests for ForwardAgent=/path; from Eric Chiang 
OpenBSD-Regress-ID: 24f693f78290b2c17725dab2c614dffe4a88c8da
 2019-12-21 13:36:53 +11:00
djm@openbsd.org
e5b7cf8edc upstream: test security key host keys in addition to user keys 
OpenBSD-Regress-ID: 9fb45326106669a27e4bf150575c321806e275b1
 2019-12-21 13:35:42 +11:00
djm@openbsd.org
40be78f503 upstream: Allow forwarding a different agent socket to the path 
specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable in addition
to yes/no.

Patch by Eric Chiang, manpage by me; ok markus@

OpenBSD-Commit-ID: 98f2ed80bf34ea54d8b2ddd19ac14ebbf40e9265
 2019-12-21 13:22:07 +11:00
naddy@openbsd.org
416f15372b upstream: SSH U2F keys can now be used as host keys. Fix a garden 
path sentence. ok markus@

OpenBSD-Commit-ID: 67d7971ca1a020acd6c151426c54bd29d784bd6b
 2019-12-21 13:22:07 +11:00
dtucker@openbsd.org
68010acbcf upstream: Move always unsupported keywords to be grouped with the other 
ones. Move oSecurityProvider to match the order in the OpCodes enum. Patch
from openbsd@academicsolutions.ch, ok djm@

OpenBSD-Commit-ID: 061e4505861ec1e02ba3a63e3d1b3be3cad458ec
 2019-12-20 14:47:34 +11:00
dtucker@openbsd.org
8784b02dc4 upstream: Remove obsolete opcodes from the configuation enum. 
Patch from openbsd@academicsolutions.ch, ok djm@

OpenBSD-Commit-ID: 395c202228872ce8d9044cc08552ac969f51e01b
 2019-12-20 14:25:08 +11:00
dtucker@openbsd.org
345be6091b upstream: Remove now-obsolete config options from example in 
comment.  Patch from openbsd@academicsolutions.ch, ok djm@

OpenBSD-Commit-ID: 35862beb0927b1cb0af476ec23cc07f6e3006101
 2019-12-20 14:25:08 +11:00
naddy@openbsd.org
ae024b22c4 upstream: Document that security key-hosted keys can act as host 
keys.

Update the list of default host key algorithms in ssh_config.5 and
sshd_config.5.  Copy the description of the SecurityKeyProvider
option to sshd_config.5.

ok jmc@

OpenBSD-Commit-ID: edadf3566ab5e94582df4377fee3b8b702c7eca0
 2019-12-20 14:25:08 +11:00
dtucker@openbsd.org
bc2dc091e0 upstream: "Forward security" -> "Forward secrecy" since that's the 
correct term. Add "MAC" since we use that acronym in other man pages.  ok
naddy@

OpenBSD-Commit-ID: c35529e511788586725fb63bda3459e10738c5f5
 2019-12-20 14:25:08 +11:00
naddy@openbsd.org
e905f7260d upstream: cut obsolete lists of crypto algorithms from outline of 
how SSH works ok markus@ jmc@

OpenBSD-Commit-ID: 8e34973f232ab48c4d4f5d07df48d501708b9160
 2019-12-20 14:25:08 +11:00
tobhe@openbsd.org
f65cf1163f upstream: strdup may return NULL if memory allocation fails. Use 
the safer xstrdup which fatals on allocation failures.

ok markus@

OpenBSD-Commit-ID: 8b608d387120630753cbcb8110e0b019c0c9a0d0
 2019-12-20 14:25:08 +11:00
djm@openbsd.org
57634bfc57 upstream: sort sk-* methods behind their plain key methods cousins 
for now

OpenBSD-Commit-ID: c97e22c2b28c0d12ee389b8b4ef5f2ada7908828
 2019-12-20 14:23:54 +11:00
bagajjal
ee11c8e15e update to libressl 2.9.2.1 v8.1.0.0 2019-12-17 23:36:53 -08:00
bagajjal
0bd3eb973b
remove CREATE_NO_WINDOW 
Interactive sftp is broken.
 2019-12-17 17:00:49 -08:00
bagajjal
6f21746aed
Long file name arm64 platform (#422) 2019-12-17 14:14:59 -08:00
Darren Tucker
b8df8fe920 Mac OS X has PAM too. 2019-12-18 09:14:45 +11:00
Darren Tucker
bf8de8b825 Show portable tarball pattern in example. 2019-12-18 09:14:45 +11:00
Darren Tucker
a19ef613e9 OpenSSL is now optional. 2019-12-18 09:14:45 +11:00
bagajjal
ac1b5bed26
remove code to block rdp 2019-12-17 14:12:42 -08:00
bagajjal
ac41232677
Match user force command (pty) (#421) 2019-12-17 14:11:40 -08:00
Bryan Berns
2c2ac97333 Add Long File Name Support (#400) 2019-12-17 12:40:36 -08:00
Oldřich Jedlička
2736cb7b0c Resolve local user name same as machine name to <user_name aka machine_name>\<user_name aka machine_name> 2019-12-16 16:44:07 -08:00
djm@openbsd.org
1a7217ac06 upstream: adapt to ssh-sk-client change 
OpenBSD-Regress-ID: 40481999a5928d635ab2e5b029e8239c112005ea
 2019-12-16 14:20:35 +11:00
djm@openbsd.org
a7fc1df246 upstream: it's no longer possible to disable privilege separation 
in sshd, so don't double the tests' work by trying both off/on

OpenBSD-Regress-ID: d366665466dbd09e9b707305da884be3e7619c68
 2019-12-16 14:20:35 +11:00
djm@openbsd.org
3145d38ea0 upstream: don't treat HostKeyAgent=none as a path either; avoids 
spurious warnings from the cfgparse regress test

OpenBSD-Commit-ID: ba49ea7a5c92b8a16cb9c2e975dbb163853afc54
 2019-12-16 14:19:41 +11:00
djm@openbsd.org
747e25192f upstream: do not attempt to find an absolute path for sshd_config 
SecurityKeyProvider=internal - unbreaks cfgparse regress test

OpenBSD-Commit-ID: d2ddcf525c0dc3c8339522360c10b3c70f1fd641
 2019-12-16 14:19:41 +11:00
djm@openbsd.org
9b6e30b96b upstream: allow ssh-keyscan to find security key hostkeys 
OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
 2019-12-16 14:19:41 +11:00
djm@openbsd.org
56584cce75 upstream: allow security keys to act as host keys as well as user 
keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.

ok markus@

OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
 2019-12-16 14:19:41 +11:00
Darren Tucker
5af6fd5461 Allow clock_nanosleep_time64 in seccomp sandbox. 
Needed on Linux ARM.  bz#3100, patch from jjelen@redhat.com.
 2019-12-16 13:55:56 +11:00
Darren Tucker
fff8ff6dd5 Put SK ECDSA bits inside ifdef OPENSSL_HAS_ECC. 
Fixes build when linking against OpenSSLs built with no-ec.
 2019-12-15 18:27:02 +11:00
Damien Miller
9244990ecd remove a bunch of ENABLE_SK #ifdefs 
The ssh-sk-helper client API gives us a nice place to disable
security key support when it is wasn't enabled at compile time,
so we don't need to check everywere.

Also, verification of security key signatures can remain enabled
all the time - it has no additional dependencies. So sshd can
accept security key pubkeys in authorized_keys, etc regardless of
the host's support for dlopen, etc.
 2019-12-14 09:21:46 +11:00
Damien Miller
a33ab1688b ssh-sk-client.c needs includes.h 2019-12-14 09:15:06 +11:00
Damien Miller
633778d567 only link ssh-sk-helper against libfido2 2019-12-14 08:40:58 +11:00
Damien Miller
7b47b40b17 adapt Makefile to ssh-sk-client everywhere 2019-12-14 08:40:58 +11:00
Damien Miller
f45f3a8a12 fixup 2019-12-14 07:53:11 +11:00
djm@openbsd.org
d214347667 upstream: actually commit the ssh-sk-helper client code; ok markus 
OpenBSD-Commit-ID: fd2ea776a5bbbf4d452989d3c3054cf25a5e0589
 2019-12-14 07:21:27 +11:00
djm@openbsd.org
611073fb40 upstream: perform security key enrollment via ssh-sk-helper too. 
This means that ssh-keygen no longer needs to link against ssh-sk-helper, and
only ssh-sk-helper needs libfido2 and /dev/uhid* access;

feedback & ok markus@

OpenBSD-Commit-ID: 9464233fab95708d2ff059f8bee29c0d1f270800
 2019-12-14 07:20:28 +11:00
djm@openbsd.org
612b1dd1ec upstream: allow sshbuf_put_stringb(buf, NULL); ok markus@ 
OpenBSD-Commit-ID: 91482c1ada9adb283165d48dafbb88ae91c657bd
 2019-12-14 07:17:44 +11:00
djm@openbsd.org
b52ec0ba39 upstream: use ssh-sk-helper for all security key signing operations 
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*

requested by, feedback and ok markus@

OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f
 2019-12-14 07:17:44 +11:00
djm@openbsd.org
c33d46868c upstream: add a note about the 'extensions' field in the signed 
object

OpenBSD-Commit-ID: 67c01e0565b258e0818c1ccfe1f1aeaf9a0d4c7b
 2019-12-14 07:09:23 +11:00
Josh Soref
3b28c64936 Tell Windows (CreateProcessW) which part of the command is the program to run (#383) 2019-12-12 14:34:15 -08:00
Bryan Berns
7dd58ed31f Allow Use Of Non-ASCII Character In SSH Client Passwords (#322) 
* Allow Use Of Non-ASCII Character In SSH Client Passwords
 2019-12-12 14:33:05 -08:00
bugale
17c9c6dbb3 Using the Y viewport for setting cursor correctly (#368) 
[shellhost] - fix cursor position, Y viewport.
 2019-12-12 14:32:17 -08:00
sasdf
1b9b599f60 Change /dev/null to NUL (#403) 
1) Change /dev/null to NUL.
2) Add logic to check for NULL_DEVICE_WIN in fileio.c and misc.c
 2019-12-12 14:30:11 -08:00
bagajjal
9fcbc0c1a5
Code cleanup & minor fixes (#415) 
* remove AddPasswordSetting(), override the build output zip file if exists
 2019-12-12 14:24:35 -08:00
djm@openbsd.org
a62f4e1960 upstream: some more corrections for documentation problems spotted 
by Ron Frederick

document certifiate private key format
correct flags type for sk-ssh-ed25519@openssh.com keys

OpenBSD-Commit-ID: fc4e9a1ed7f9f7f9dd83e2e2c59327912e933e74
 2019-12-11 19:11:07 +11:00
djm@openbsd.org
22d4beb796 upstream: loading security keys into ssh-agent used the extension 
constraint "sk-provider@openssh.com", not "sk@openssh.com"; spotted by Ron
Frederick

OpenBSD-Commit-ID: dbfba09edbe023abadd5f59c1492df9073b0e51d
 2019-12-11 19:11:07 +11:00