testing the same key exchange algorithm repeatedly instead of testing all of
them. Spotted by nreilly AT blackberry.com in bz3692
Who broke the test? me.
OpenBSD-Regress-ID: 48f4f5946276f975667141957d25441b3c9a50e2
binaries. This step splits sshd into a listener and a session binary. More
splits are planned.
After this changes, the listener binary will validate the configuration,
load the hostkeys, listen on port 22 and manage MaxStartups only. All
session handling will be performed by a new sshd-session binary that the
listener fork+execs.
This reduces the listener process to the minimum necessary and sets us
up for future work on the sshd-session binary.
feedback/ok markus@ deraadt@
NB. if you're updating via source, please restart sshd after installing,
otherwise you run the risk of locking yourself out.
OpenBSD-Commit-ID: 43c04a1ab96cdbdeb53d2df0125a6d42c5f19934
The sanitise_stdfd call makes sure that standard file descriptors are
open (if they were closed, they are connected with /dev/null).
Do not close stdin in any case to prevent error messages when stdin is
read multiple times and to prevent later usage of fd 0 for connections,
e.g.
echo localhost | ssh-keyscan -f - -f -
While at it, make stdin-related error messages nicer.
Authored with Max Kunzelmann <maxdev at posteo dot de>
ok djm
OpenBSD-Commit-ID: 48e9b7938e2fa2f9bd47e6de6df66a31e0b375d3
returned the current user's home directory contrary to the spec.
Patch from Jakub Jelen via GHPR477
OpenBSD-Commit-ID: 5afd775eab7f9cbe222d7fbae4c793de6c3b3d28
HostkeyAlgorithms. Allows HostkeyAlgorithms to disable implicit fallback from
certificate keys to plain keys. ok markus@
OpenBSD-Commit-ID: 364087e4a395ff9b2f42bf3aefdb2090bb23643a
While here try to improve how it reads a bit better. Surprising the
regression tests didn't spot this error, maybe it fails to roundtrip the
values.
OpenBSD-Commit-ID: 866cfcc1955aef8f3fc32da0b70c353a1b859f2e
strtonum() instead of strange strtoul can might be fooled by garage
characters. passes regress/usr.bin/ssh/unittests/misc ok djm
OpenBSD-Commit-ID: 4b1ef826bb16047aea3f3bdcb385b72ffd450abc
of 2-character hex sequences with a low-level replacement designed just for
the task. ok djm
OpenBSD-Commit-ID: 67bab8b8a4329a19a0add5085eacd6f4cc215e85
long-running setgid program carrying keys with some (not very powerful)
communication channels. solution for testing the binary from dtucker.
agreement from djm. Will add it into /etc/rc in a few days.
OpenBSD-Commit-ID: 2fe8d707ae35ba23c7916adcb818bb5b66837ba0
a Makefile by concatenating two Makefiles and was incredibly fragile. In the
new way a narrow-purposed install.sh script is created and shipped with the
objects. A recently commited /etc/rc script understands these files.
OpenBSD-Commit-ID: ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3
OpenSSL has moved to 3.4 which we don't currently accept. Based on
the OpenSSL versioning policy[0] it looks like all of the 3.x versions
should work with OpenSSH, so remove the distinction in configure and
accept all of them.
[0] https://openssl.org/policies/general/versioning-policy.html
Damien Miller
djm@openbsd.org
naddy@openbsd.org
jsg@openbsd.org
miod@openbsd.org
anton@openbsd.org
deraadt@openbsd.org
tobias@openbsd.org
semarie@openbsd.org
claudio@openbsd.org
renmingshuai
Darren Tucker