Portable needs this and it makes no difference on OpenBSD, so resync
them. (Id sync only, Portable already had this.)
OpenBSD-Regress-ID: 33f6f66744455886d148527af8368811e4264162
When running PuTTY interop tests and using a PuTTY version older than
0.76, re-enable the ssh-rsa host key algorithm (the 256 and 512 variants
of RSA were added some time between 0.73 and 0.76).
OpenBSD-Regress-ID: e6138d6987aa705fa1e4f216db0bb386e1ff38e1
Specify host key algorithms in sshd's default set for the SSHFP test,
from djm@. Make the reason for when the test is skipped a bit clearer.
OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea
signature algorithm by default. It is feasible to create colliding SHA1
hashes, so we need to deprecate its use.
RSA/SHA-256/512 remains available and will be transparently selected
instead of RSA/SHA1 for most SSH servers released in the last five+
years. There is no need to regenerate RSA keys.
The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the
PubkeyAcceptedAlgorithms directives on the client and server.
ok dtucker deraadt
OpenBSD-Commit-ID: 189bcc4789c7254e09e23734bdd5def8354ff1d5
On the second and subsequent calls to pselect the notify_pipe was not
added to the select readset, opening up a race that om G. Christensen
discovered on multiprocessor Solaris <=9 systems.
Also reinitialize notify_pipe if the pid changes. This will prevent a
parent and child from using the same FD, although this is not an issue
in the current structure it might be in future.
- use a trap to always output any failed regress logs (since the script
sets -e, the existing log output is never invoked).
- pass LTESTS and SKIP_LTESTS when re-running with sshd options (eg.
UsePAM).
handle SIGINT rather than ignoring it, such that the user can use Ctrl-C to
discard the currently edited command line and get a fresh prompt, just like
in ftp(1), bc(1), and in shells.
It is critical to not use ssl_signal() for this particular case
because that function unconditionally sets SA_RESTART, but here we
need the signal to interrupt the read(2) in the el_gets(3) event loop.
OK dtucker@ deraadt@
OpenBSD-Commit-ID: 8025115a773f52e9bb562eaab37ea2e021cc7299
Now that the -3 option is enabled by default, flip the documentation
and error message logic from "requires -3" to "blocked by -R".
ok djm@
OpenBSD-Commit-ID: a872592118444fb3acda5267b2a8c3d4c4252020
remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP
connection is initiated. Instead, introduce a subsystem flag to
do_cmd() and add "-s" when the flag is set.
ok djm@
OpenBSD-Commit-ID: 25df69759f323661d31b2e1e790faa22e27966c1
(-Oprint-pubkey) to dump the full public key to stdout; based on patch from
Fabian Stelzer; ok markus@
OpenBSD-Commit-ID: 0598000e5b9adfb45d42afa76ff80daaa12fc3e2
On platforms where closefrom returns void (eg glibc>=2.34) the prototype
for closefrom in its compat tests would cause compile errors. Remove
this and have the tests pull in the compat headers in the same way as
the main code. bz#3336.
default. Replace recently added -M option to select the protocol with -O
(olde) and -s (SFTP) flags, and label the -s flag with a clear warning that
it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc
provides a much better and more intuitive user experience and doesn't require
exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@
"makes a lot of sense" - deraadt@
"the right thing to do" - dtucker@
OpenBSD-Commit-ID: d0d2af5f0965c5192ba5b2fa461c9f9b130e5dd9
as possible. Previosuly, it would try to make relative and ~/-rooted paths
absolute before requesting transfers.
prompted by and much discussion deraadt@
ok markus@
OpenBSD-Commit-ID: 46639d382ea99546a4914b545fa7b00fa1be5566
~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept
these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@
ok markus@
OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392
prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted
and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@
ok markus@
OpenBSD-Commit-ID: 263a071f14555c045fd03132a8fb6cbd983df00d
exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
after scp has returned exited and control has returned to the shell; ok
markus@
(this was originally committed as r1.223 along with unrelated stuff that
I rolled back in r1.224)
OpenBSD-Commit-ID: 1261fd667ad918484889ed3d7aec074f3956a74b
more useful with long paths (that may truncate) and better matches
traditional scp behaviour; spotted by naddy@ ok deraadt@
OpenBSD-Commit-ID: 26b544d0074f03ebb8a3ebce42317d8d7ee291a3
exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
after scp has returned exited and control has returned to the shell; ok
markus@
OpenBSD-Commit-ID: ef9dab5ef5ae54a6a4c3b15d380568e94263456c
we have to change this and having it in the same hunk as the CVS Id string
means applying changes fails every. single. time.
OpenBSD-Regress-ID: 87cd603eb6db58c9b430bf90adacb7f90864429b
scp and sftp like to add -q to the command line passed to ssh which
overrides the LogLevel we set in the config files and suppresses output
to the debug logs so drop any "-q" from the invoked ssh. In the one
case where we actually want to use -q in the banner test, call the ssh
binary directly bypassing the logging wrapper.
OpenBSD-Regress-ID: e2c97d3c964bda33a751374c56f65cdb29755b75
dtucker@openbsd.org
Darren Tucker
djm@openbsd.org
Damien Miller
Tim Rice
schwarze@openbsd.org
naddy@openbsd.org