#
deba42a9 |
| 19-Jan-2019 |
djm <djm@openbsd.org> |
convert auth.c to new packet API
with & ok markus@
|
#
8904d296 |
| 19-Jan-2019 |
djm <djm@openbsd.org> |
begin landing remaining refactoring of packet parsing API, started almost exactly six years ago.
This change stops including the old packet_* API by default and makes each file that requires the old
begin landing remaining refactoring of packet parsing API, started almost exactly six years ago.
This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps.
with & ok markus@
show more ...
|
#
860bbf32 |
| 16-Nov-2018 |
djm <djm@openbsd.org> |
fix bug in HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were specified, then authentication would always fail for RSA keys as the monitor checks only
fix bug in HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were specified, then authentication would always fail for RSA keys as the monitor checks only the base key (not the signature algorithm) type against *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker
show more ...
|
#
7c94020a |
| 13-Sep-2018 |
djm <djm@openbsd.org> |
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
|
#
f2eba2bd |
| 20-Jul-2018 |
djm <djm@openbsd.org> |
remove unused zlib.h
|
#
7f8ae3c2 |
| 11-Jul-2018 |
markus <markus@openbsd.org> |
remove legacy key emulation layer; ok djm@
|
#
f54171df |
| 10-Jul-2018 |
djm <djm@openbsd.org> |
kerberos/gssapi fixes for buffer removal
|
#
cfa09ddd |
| 09-Jul-2018 |
markus <markus@openbsd.org> |
sshd: switch monitor to sshbuf API; lots of help & ok djm@
|
#
25ae3b00 |
| 09-Jul-2018 |
markus <markus@openbsd.org> |
sshd: switch authentication to sshbuf API; ok djm@
|
#
43866410 |
| 09-Jul-2018 |
markus <markus@openbsd.org> |
sshd: switch loginmsg to sshbuf API; ok djm@
|
#
40d17fe2 |
| 03-Mar-2018 |
djm <djm@openbsd.org> |
switch over to the new authorized_keys options API and remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines.
feedback and ok markus@
|
#
56e58ef7 |
| 05-Feb-2018 |
tb <tb@openbsd.org> |
Add a couple of non-negativity checks to avoid close(-1).
ok djm
|
#
672fe979 |
| 23-Jan-2018 |
djm <djm@openbsd.org> |
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the final SSH RFCs. The hack
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations.
ok markus@
show more ...
|
#
704c36ef |
| 21-Dec-2017 |
djm <djm@openbsd.org> |
revert stricter key type / signature type checking in userauth path; too much software generates inconsistent messages, so we need a better plan.
|
#
28eeb9e1 |
| 18-Dec-2017 |
djm <djm@openbsd.org> |
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
|
#
187fb343 |
| 05-Oct-2017 |
djm <djm@openbsd.org> |
replace statically-sized arrays in ServerOptions with dynamic ones managed by xrecallocarray, removing some arbitrary (though large) limits and saving a bit of memory; "much nicer" markus@
|
#
c85daadd |
| 02-Oct-2017 |
djm <djm@openbsd.org> |
Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@
|
#
7b28dfb0 |
| 12-Sep-2017 |
djm <djm@openbsd.org> |
refactor channels.c
Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh.
Explicitly pass "struct ssh" to all channels functions.
Replace
refactor channels.c
Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh.
Explicitly pass "struct ssh" to all channels functions.
Replace use of the legacy packet APIs in channels.c.
Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later.
ok markus@
show more ...
|
#
0fafb8f1 |
| 24-Jun-2017 |
djm <djm@openbsd.org> |
refactor authentication logging
optionally record successful auth methods and public credentials used in a file accessible to user sessions
feedback and ok markus@
|
#
1a40e3d8 |
| 31-May-2017 |
markus <markus@openbsd.org> |
use SO_ZEROIZE for privsep communication (if available)
|
#
22085753 |
| 31-May-2017 |
markus <markus@openbsd.org> |
clear session keys from memory; ok djm@
|
#
50d00e96 |
| 30-May-2017 |
markus <markus@openbsd.org> |
switch auth2-pubkey.c to modern APIs; with & ok djm@
|
#
40a7db51 |
| 30-May-2017 |
markus <markus@openbsd.org> |
switch from Key typedef with struct sshkey; ok djm@
|
#
01811643 |
| 03-Feb-2017 |
djm <djm@openbsd.org> |
use ssh_packet_set_log_preamble() to include connection username in packet log messages, e.g.
Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth]
ok markus@ bz#113
|
#
3095060f |
| 28-Sep-2016 |
djm <djm@openbsd.org> |
Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf
Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd for >10 years.
show more ...
|