name and hostkey type match instead of only one. While there, simplify the
code somewhat and add some debugging. Based on discussion in bz#3322, ok
djm@.
OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4
requires some external setup to operate so is disabled by default (see
comments in sshfp-connect.sh).
OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9
client and server mainloops.
Previously the rekey timeout could expire but rekeying would not start
until a packet was sent or received. This could cause us to spin in
select() on the rekey timeout if the connection was quiet.
ok markus@
OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987
configuration file to offer equivalent control to the -N (no session) and -s
(subsystem) command-line flags.
Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
feedback and ok dtucker@
OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms
were time_t is a long long. The limit used is for the signed type, so if
some system has a 32bit unsigned time_t then the lower limit will still
be imposed and we would need to add some way to detect this. Anyone using
an unsigned 64bit can let us know when it starts being a problem.
format_absolute_time fix for bz#3329 that allows printing of timestamps past
INT_MAX. This was incorrectly included with the previous commit. Based on
discussion with djm@.
OpenBSD-Commit-ID: 835936f6837c86504b07cabb596b613600cf0f6e
favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the
latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but
not entirely equivalent. We retain the old name as deprecated alias so
config files continue to work and a reference in the man page for people
looking for it.
Prompted by bz#3303 which pointed out the discrepancy between the two
when used with Match. Man page help & ok jmc@, with & ok djm@
OpenBSD-Commit-ID: 2c1bff8e5c9852cfcdab1f3ea94dfef5a22f3b7e
Previously sshd's SIGCHLD handler would wake up select() by writing a
byte to notify_pipe. We can remove this by blocking SIGCHLD, checking
for child terminations then passing the original signal mask through
to pselect. This ensures that the pselect will immediately wake up if
a child terminates between wait()ing on them and the pselect.
In -portable, for platforms that do not have pselect the kludge is still
there but is hidden behind a pselect interface.
Based on other changes for bz#2158, ok djm@
OpenBSD-Commit-ID: 202c85de0b3bdf1744fe53529a05404c5480d813
When built against tcmalloc, tcmalloc allocates a descriptor for its
internal use, so calling closefrom() afterward causes the descriptor
number to be reused resulting in a corrupted connection. Moving the
closefrom a little earlier should resolve this. From kircherlike at
outlook.com via bz#3321, ok djm@
When building --without-openssl the recent port-prngd.c change adds
a dependency on atomicio, but since nothing else in sftp-server uses
it, the linker may not find it. Add a second -lssh similar to other
binaries.
dtucker@openbsd.org
djm@openbsd.org
jmc@openbsd.org
Darren Tucker
John Ericson
Damien Miller