History log of /openssh-portable/sshd.c (Results 1 - 25 of 1138)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 5becbec0 13-Mar-2020 djm@openbsd.org

upstream: use sshpkt_fatal() for kex_exchange_identification()

errors. This ensures that the logged errors are consistent with other
transport- layer errors and that the relevant IP addr

upstream: use sshpkt_fatal() for kex_exchange_identification()

errors. This ensures that the logged errors are consistent with other
transport- layer errors and that the relevant IP addresses are logged. bz3129
ok dtucker@

OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab

show more ...


# eef88418 12-Mar-2020 dtucker@openbsd.org

upstream: Don't clear alarm timers in listening sshd. Previously

these timers were used for regenerating the SSH1 ephemeral host keys but
those are now gone so there's no need to clear t

upstream: Don't clear alarm timers in listening sshd. Previously

these timers were used for regenerating the SSH1 ephemeral host keys but
those are now gone so there's no need to clear the timers either. ok
deraadt@

OpenBSD-Commit-ID: 280d2b885e4a1ce404632e8cc38fcb17be7dafc0

show more ...


# d081f017 12-Mar-2020 djm@openbsd.org

upstream: spelling errors in comments; no code change from

OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924


Revision tags: V_8_2_P1
# d4f4cdd6 31-Jan-2020 djm@openbsd.org

upstream: whitespace

OpenBSD-Commit-ID: 564cf7a5407ecf5da2d94ec15474e07427986772


# 245399df 31-Jan-2020 djm@openbsd.org

upstream: force early logging to stderr if debug_flag (-d) is set;

avoids missing messages from re-exec config passing

OpenBSD-Commit-ID: 02484b8241c1f49010e7a543a7098e6910a8c9ff


# 7365f28a 31-Jan-2020 djm@openbsd.org

upstream: mistake in previous: filling the incorrect buffer

OpenBSD-Commit-ID: 862ee84bd4b97b529f64aec5d800c3dcde952e3a


# c2bd7f74 31-Jan-2020 djm@openbsd.org

upstream: Add a sshd_config "Include" directive to allow inclusion

of files. This has sensible semantics wrt Match blocks and accepts glob(3)
patterns to specify the included files. Base

upstream: Add a sshd_config "Include" directive to allow inclusion

of files. This has sensible semantics wrt Match blocks and accepts glob(3)
patterns to specify the included files. Based on patch by Jakub Jelen in
bz2468; feedback and ok markus@

OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff

show more ...


# a8c05c64 24-Jan-2020 djm@openbsd.org

upstream: tweak proctitle to include sshd arguments, as these are

frequently used to distinguish between multiple independent instances of the
server. New proctitle looks like this:

upstream: tweak proctitle to include sshd arguments, as these are

frequently used to distinguish between multiple independent instances of the
server. New proctitle looks like this:

$ pgrep -lf sshd
12844 sshd: /usr/sbin/sshd -f /etc/ssh/sshd_config [listener] 0 of 10-100 startups

requested by sthen@ and aja@; ok aja@

OpenBSD-Commit-ID: cf235a561c655a3524a82003cf7244ecb48ccc1e

show more ...


# 3bf2a6ac 23-Jan-2020 dtucker@openbsd.org

upstream: Replace all calls to signal(2) with a wrapper around

sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTA

upstream: Replace all calls to signal(2) with a wrapper around

sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.

OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519

show more ...


# 70d38c3c 21-Jan-2020 djm@openbsd.org

upstream: expose the number of currently-authenticating connections

along with the MaxStartups limit in the proctitle; suggestion from Philipp
Marek, w/ feedback from Craig Miskell ok dt

upstream: expose the number of currently-authenticating connections

along with the MaxStartups limit in the proctitle; suggestion from Philipp
Marek, w/ feedback from Craig Miskell ok dtucker@

OpenBSD-Commit-ID: a4a6db2dc1641a5df8eddf7d6652176e359dffb3

show more ...


# b46a6325 21-Jan-2020 Damien Miller

remove accidental change in f8c11461


# f8c11461 21-Jan-2020 djm@openbsd.org

upstream: pass SSH_SK_HELPER explicitly past $SUDO to avoid it getting

cleared; with dtucker@

OpenBSD-Regress-ID: 03178a0580324bf0dff28f7eac6c3edbc5407f8e


# 56584cce 15-Dec-2019 djm@openbsd.org

upstream: allow security keys to act as host keys as well as user

keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FID

upstream: allow security keys to act as host keys as well as user

keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.

ok markus@

OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c

show more ...


# 189550f5 18-Nov-2019 naddy@openbsd.org

upstream: additional missing stdarg.h includes when built without

WITH_OPENSSL; ok djm@

OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b


# fc173aeb 13-Nov-2019 dtucker@openbsd.org

upstream: When clients get denied by MaxStartups, send a

noification prior to the SSH2 protocol banner according to RFC4253 section
4.2. ok djm@ deraadt@ markus@

OpenBSD-Commit

upstream: When clients get denied by MaxStartups, send a

noification prior to the SSH2 protocol banner according to RFC4253 section
4.2. ok djm@ deraadt@ markus@

OpenBSD-Commit-ID: e5dabcb722d54dea18eafb336d50b733af4f9c63

show more ...


# 9a14c64c 31-Oct-2019 djm@openbsd.org

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign()

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c

show more ...


# 2046ed16 29-Oct-2019 dtucker@openbsd.org

upstream: Signal handler cleanup: remove leftover support for

unreliable signals and now-unneeded save and restore of errno. ok deraadt@
markus@

OpenBSD-Commit-ID: 01dd8a1ebdd9

upstream: Signal handler cleanup: remove leftover support for

unreliable signals and now-unneeded save and restore of errno. ok deraadt@
markus@

OpenBSD-Commit-ID: 01dd8a1ebdd991c8629ba1f5237283341a93cd88

show more ...


Revision tags: V_8_1_P1
# 4d28fa78 28-Jun-2019 deraadt@openbsd.org

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this be

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075

show more ...


# 4f7a56d5 21-Jun-2019 djm@openbsd.org

upstream: Add protection for private keys at rest in RAM against

speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
and Rambleed. This change encrypts private k

upstream: Add protection for private keys at rest in RAM against

speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
and Rambleed. This change encrypts private keys when they are not in use with
a symmetic key that is derived from a relatively large "prekey" consisting of
random data (currently 16KB).

Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.

Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.

Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.

been in snaps for a bit already; thanks deraadt@

ok dtucker@ deraadt@

OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4

show more ...


# 0323d9b6 06-Jun-2019 otto@openbsd.org

upstream: Replace calls to ssh_malloc_init() by a static init of

malloc_options. Prepares for changes in the way malloc is initialized. ok
guenther@ dtucker@

OpenBSD-Commit-ID:

upstream: Replace calls to ssh_malloc_init() by a static init of

malloc_options. Prepares for changes in the way malloc is initialized. ok
guenther@ dtucker@

OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b

show more ...


# e826bbca 18-Apr-2019 dtucker@openbsd.org

upstream: When running sshd -T, assume any attibute not provided by

-C does not match, which allows it to work when sshd_config contains a Match
directive with or without -C. bz#2858, o

upstream: When running sshd -T, assume any attibute not provided by

-C does not match, which allows it to work when sshd_config contains a Match
directive with or without -C. bz#2858, ok djm@

OpenBSD-Commit-ID: 1a701f0a33e3bc96753cfda2fe0b0378520b82eb

show more ...


Revision tags: V_8_0_P1
# 76a24b3f 28-Feb-2019 djm@openbsd.org

upstream: Fix two race conditions in sshd relating to SIGHUP:

1. Recently-forked child processes will briefly remain listening to
listen_socks. If the main server sshd process complete

upstream: Fix two race conditions in sshd relating to SIGHUP:

1. Recently-forked child processes will briefly remain listening to
listen_socks. If the main server sshd process completes its restart
via execv() before these sockets are closed by the child processes
then it can fail to listen at the desired addresses/ports and/or
fail to restart.

2. When a SIGHUP is received, there may be forked child processes that
are awaiting their reexecution state. If the main server sshd
process restarts before passing this state, these child processes
will yield errors and use a fallback path of reading the current
sshd_config from the filesystem rather than use the one that sshd
was started with.

To fix both of these cases, we reuse the startup_pipes that are shared
between the main server sshd and forked children. Previously this was
used solely to implement tracking of pre-auth child processes for
MaxStartups, but this extends the messaging over these pipes to include
a child->parent message that the parent process is safe to restart. This
message is sent from the child after it has completed its preliminaries:
closing listen_socks and receiving its reexec state.

bz#2953, reported by Michal Koutný; ok markus@ dtucker@

OpenBSD-Commit-ID: 7df09eacfa3ce13e9a7b1e9f17276ecc924d65ab

show more ...


# aaca72d6 21-Jan-2019 djm@openbsd.org

upstream: rename kex->kem_client_pub -> kex->client_pub now that

KEM has been renamed to kexgen

from markus@ ok djm@

OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8

upstream: rename kex->kem_client_pub -> kex->client_pub now that

KEM has been renamed to kexgen

from markus@ ok djm@

OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8

show more ...


# 92dda34e 21-Jan-2019 djm@openbsd.org

upstream: use KEM API for vanilla ECDH

from markus@ ok djm@

OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c


# 9c9c97e1 21-Jan-2019 djm@openbsd.org

upstream: use KEM API for vanilla DH KEX

from markus@ ok djm@

OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9


12345678910>>...46