AgeCommit message (Collapse)Author
2 daysupstream: fix missing -s in SYNOPSYS and usage() as well as
capitalisation mistake; spotted by jmc@ OpenBSD-Commit-ID: 0ed8ee085c7503c60578941d8b45f3a61d4c9710
3 daysupstream: Fix "Allocated port" debug
for unix domain sockets. From peder.stray at via github PR#272, ok deraadt@ OpenBSD-Commit-ID: 8d5ef3fbdcdd29ebb0792b5022a4942db03f017e
3 daysupstream: Switch scp back to use the old protocol by default, ahead
release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@ OpenBSD-Commit-ID: f281f603a705fba317ff076e7b11bcf2df941871
4 daysupstream: better error message for ~user failures when
sftp-server lacks the expand-path extension; ok deraadt@ OpenBSD-Commit-ID: 9c1d965d389411f7e86f0a445158bf09b8f9e4bc
4 daysupstream: make some more scp-in-SFTP mode better match Unix
suggested by deraadt@ OpenBSD-Commit-ID: 0f2439404ed4cf0b0be8bf49a1ee734836e1ac87
4 daysupstream: allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like prompted by and ok deraadt@ OpenBSD-Commit-ID: 0e821dbde423fc2280e47414bdc22aaa5b4e0733
6 daysTest against LibreSSL 3.2.6, 3.3.4, 3.4.0.Darren Tucker
7 daysupstream: missing space character in ssh -G output broke
t-sshcfgparse regression test; spotted by anton@ OpenBSD-Commit-ID: bcc36fae2f233caac4baa8e58482da4aa350eed0
7 daysupstream: allow CanonicalizePermittedCNAMEs=none in ssh_config;
markus@ OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623
8 daysupstream: put back the mux_ctx memleak fix for
OK mfriedl@ OpenBSD-Commit-ID: 1aba1da828956cacaadb81a637338734697d9798
12 daysupstream: Do not ignore SIGINT while waiting for input if editline(3)
is not used. Instead, in non-interactive mode, exit sftp(1), like for other serious errors. As pointed out by dtucker@, when compiled without editline(3) support in portable OpenSSH, the el == NULL branch is also used for interactive mode. In that case, discard the input line and provide a fresh prompt to the user just like in the case where editline(3) is used. OK djm@ OpenBSD-Commit-ID: 7d06f4d3ebba62115527fafacf38370d09dfb393
12 daysupstream: when using SFTP protocol, continue transferring files after
transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@ OpenBSD-Commit-ID: dfe4558d71dd09707e9b5d6e7d2e53b793da69fa
13 daysupstream: Document that non-interactive commands are run via the user'
shell using the -c flag. ok jmc@ OpenBSD-Commit-ID: 4f0d912077732eead10423afd1acf4fc0ceec477
13 daysupstream: Document behaviour of arguments following
commands. Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@ OpenBSD-Commit-ID: fc758d1fe0471dfab4304fcad6cd4ecc3d79162a
13 daysupstream: Clarify which file's attributes -p preserves, and
it's specifically the file mode bits. bz#3340 from calestyo at, ok djm@ jmc@ OpenBSD-Commit-ID: f09e6098ed1c4be00c730873049825f8ee7cb884
13 daysupstream: openssh-7.4 was incorrectly listed twice; spotted
Dmitry Belyavskiy, ok dtucker@ OpenBSD-Commit-ID: 4b823ae448f6e899927ce7b04225ac9e489f58ef
13 daysupstream: - move CAVEATS to its correct order - use the
"legacy" protocol rather than "original", as the latter made the text misleading - uppercase SCP ok djm OpenBSD-Commit-ID: 8479255746d5fa76a358ee59e7340fecf4245ff0
2021-09-09Disable tracing on FreeBSD using procctl.David Carlier
Placed at the start of platform_disable_tracing() to prevent declaration after code errors from strict C89 compilers (in the unlikely event that more than one method is enabled).
2021-09-09upstream: Use the SFTP protocol by default. The original scp/
protocol remains available via the -O flag. Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7. ok deraadt, after baking in snaps for a while without incident OpenBSD-Commit-ID: 23588976e28c281ff5988da0848cb821fec9213c
2021-09-08Really fix test on OpenSSL 1.1.1 stable.Darren Tucker
2021-09-08Correct OpenSSL 1.1.1 stable identifier.Darren Tucker
2021-09-08Increment nfds when coming from startup_pipe.Darren Tucker
If we have to increase nfds because startup_pipe[0] is above any of the descriptors passed in the fd_sets, we also need to add 1 to nfds since select takes highest FD number plus one. bz#3345 from yaroslav.kuzmin at
2021-09-08Tests for OpenSSL 3.0.0 release & 1.1.1 branch.Darren Tucker
2021-09-08upstream: correct my mistake in previous fix; spotted by
OpenBSD-Commit-ID: 3cc62d92e3f70006bf02468fc146bfc36fffa183
2021-09-07upstream: avoid NULL deref in -Y find-principals. Report and
from Carlo Marcelo Arenas Belón MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 6238486f8ecc888d6ccafcd9ad99e621bb41f1e0
2021-09-07upstream: revision 1.381 neglected to
sChallengeResponseAuthentication from the enum. Noticed by OK dtucker@ OpenBSD-Commit-ID: b533283a4dd6d04a867da411a4c7a8fbc90e34ff
2021-09-05Correct version_num for OpenSSL dev branch.Darren Tucker
2021-09-05Test against OpenSSL 3 branch as well as dev.Darren Tucker
Now that OpenSSL development has moved to 3.1, test against the most recent version of the openssl-3.0 branch too.
2021-09-05OpenSSL development is now 3.1.*Darren Tucker
2021-09-03upstream: Use .Cm instead of .Dq in StrictHostKeyChecking list
consistency. Patch from scop via github PR#257, ok jmc@ OpenBSD-Commit-ID: 3652a91564570779431802c31224fb4a9cf39872
2021-09-03upstream: Mention using ssh -i for specifying the public key
in the case where the private key is loaded into ssh-agent but is not present locally. Based on patch from rafork via github PR#215, ok jmc@ OpenBSD-Commit-ID: 2282e83b0ff78d2efbe705883b67240745fa5bb2
2021-09-03upstream: Refer to KEX "algorithms" instead of "methods" to
other references and improve consistency. Patch from scop via github PR#241, ok djm@ OpenBSD-Commit-ID: 840bc94ff6861b28d8603c8e8c16499bfb65e32c
2021-09-03upstream: Remove redundant attrib_clear in
The subsequent call to stat_to_attrib clears the struct as its first step anyway. From pmeinhardt via github PR#220, ok djm@ OpenBSD-Commit-ID: f5234fc6d7425b607e179acb3383f21716f3029e
2021-09-03upstream: Add test for client termination status on
Based on patch from Alexxz via github PR#235 with some tweaks, to match patch in bz#3281. OpenBSD-Regress-ID: d87c7446fb8b5f8b45894fbbd6875df326e729e2
2021-09-03upstream: sys/param.h is not needed for any visible
OpenBSD-Commit-ID: 8bdea2d0c75692e4c5777670ac039d4b01c1f368
2021-09-03Fix memory leak in error path.Shchelkunov Artem
*info is allocated via xstrdup but was leaked in the PAM_AUTH_ERR path. From github PR#266.
2021-09-01upstream: Fix ssh-rsa fallback for old PuTTY interop
OpenBSD-Regress-ID: a19ac929da604843a5b5f0f48d2c0eb6e0773d37
2021-09-01upstream: Add a function to skip remaining
Many tests skip tests for various reasons but not in a consistent way and don't always clean up, so add that and switch the tests that do that over. OpenBSD-Regress-ID: 72d2ec90a3ee8849486956a808811734281af735
2021-09-01upstream: Specify path to PuTTY
Portable needs this and it makes no difference on OpenBSD, so resync them. (Id sync only, Portable already had this.) OpenBSD-Regress-ID: 33f6f66744455886d148527af8368811e4264162
2021-08-31upstream: Better compat tests with old
When running PuTTY interop tests and using a PuTTY version older than 0.76, re-enable the ssh-rsa host key algorithm (the 256 and 512 variants of RSA were added some time between 0.73 and 0.76). OpenBSD-Regress-ID: e6138d6987aa705fa1e4f216db0bb386e1ff38e1
2021-08-31Resync PuTTY interop tests.Darren Tucker
Resync behaviour when REGRESS_INTEROP_PUTTY is not set with OpenBSD.
2021-08-31upstream: Specify hostkeyalgorithms in SSHFP
Specify host key algorithms in sshd's default set for the SSHFP test, from djm@. Make the reason for when the test is skipped a bit clearer. OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea
2021-08-30upstream: adapt to RSA/SHA1
OpenBSD-Regress-ID: 952397c39a22722880e4de9d1c50bb1a14f907bb
2021-08-30upstream: After years of forewarning, disable the RSA/
signature algorithm by default. It is feasible to create colliding SHA1 hashes, so we need to deprecate its use. RSA/SHA-256/512 remains available and will be transparently selected instead of RSA/SHA1 for most SSH servers released in the last five+ years. There is no need to regenerate RSA keys. The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the PubkeyAcceptedAlgorithms directives on the client and server. ok dtucker deraadt OpenBSD-Commit-ID: 189bcc4789c7254e09e23734bdd5def8354ff1d5
2021-08-30upstream: wrap at 80
OpenBSD-Commit-ID: 47ca2286d6b52a9747f34da16d742879e1a37bf0
2021-08-20Replace shell function with ssh-keygen -A.Darren Tucker
Prevents the init script in the SysV package from trying (and failing) to generate unsupported key types. Remove now-unused COMMENT_OUT_ECC. ok tim@
2021-08-20Remove obsolete Redhat PAM config and init script.Darren Tucker
2021-08-20dependV_8_7_P1Damien Miller
2021-08-20update version numbersDamien Miller
OpenBSD-Commit-ID: 8769dff0fd76ae3193d77bf83b439adee0f300cd