Damien Miller [Mon, 11 Aug 2025 06:16:25 +0000 (16:16 +1000)]
support sntrup761x25519-sha512 alias
OpenSSH 9.4 supports the sntrup761x25519-sha512@openssh.com
key agreement algorithm. As part of standardisation, this algorithm
has been assigned the name sntrup761x25519-sha512.
This commit enables the existing algorithm under this new name.
Darren Tucker [Sun, 10 Sep 2023 05:45:38 +0000 (15:45 +1000)]
Use zero-call-used-regs=used with Apple compilers.
Apple's versions of clang have version numbers that do not match the
corresponding upstream clang versions. Unfortunately, they do still
have the clang-15 zero-call-used-regs=all bug, so for now use the value
that doesn't result in segfaults. We could allowlist future versions
that are known to work. bz#3584 (and probably also our github CI
failures).
upstream: Apply ConnectTimeout to multiplexing local socket
connections. If the multiplex socket exists but the connection times out,
ssh will fall back to a direct connection the same way it would if the socket
did not exist at all. ok djm@
Darren Tucker [Thu, 3 Aug 2023 09:35:33 +0000 (19:35 +1000)]
Fix RNG seeding for OpenSSL w/out self seeding.
When sshd is built with an OpenSSL that does not self-seed, it would
fail in the preauth privsep process while handling a new connection.
Sanity checked by djm@
Darren Tucker [Wed, 26 Jul 2023 16:25:09 +0000 (02:25 +1000)]
Prefer OpenSSL's SHA256 in sk-dummy.so
Previously sk-dummy.so used libc's (or compat's) SHA256 since it may be
built without OpenSSL. In many cases, however, including both libc's
and OpenSSL's headers together caused conflicting definitions.
We tried working around this (on OpenSSL <1.1 you could define
OPENSSL_NO_SHA, NetBSD had USE_LIBC_SHA2, various #define hacks) with
varying levels of success. Since OpenSSL >=1.1 removed OPENSSL_NO_SHA
and including most OpenSSL headers would bring sha.h in, even if it
wasn't used directly this was a constant hassle.
Admit defeat and use OpenSSL's SHA256 unless we aren't using OpenSSL at
all. ok djm@
upstream: Separate ssh-pkcs11-helpers for each p11 module
Make ssh-pkcs11-client start an independent helper for each provider,
providing better isolation between modules and reliability if a single
module misbehaves.
This also implements reference counting of PKCS#11-hosted keys,
allowing ssh-pkcs11-helper subprocesses to be automatically reaped
when no remaining keys reference them. This fixes some bugs we have
that make PKCS11 keys unusable after they have been deleted, e.g.
https://bugzilla.mindrot.org/show_bug.cgi?id=3125
This checks via nlist(3) that candidate provider libraries contain one
of the symbols that we will require prior to dlopen(), which can cause
a number of side effects, including execution of constructors.
upstream: Disallow remote addition of FIDO/PKCS11 provider
libraries to ssh-agent by default.
The old behaviour of allowing remote clients from loading providers
can be restored using `ssh-agent -O allow-remote-pkcs11`.
Detection of local/remote clients requires a ssh(1) that supports
the `session-bind@openssh.com` extension. Forwarding access to a
ssh-agent socket using non-OpenSSH tools may circumvent this control.
upstream: Add support for configuration tags to ssh(1).
This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.
This allows matching on the addresses of available network interfaces
and may be used to vary the effective client configuration based on
network location (e.g. to use a ProxyJump when not on a particular
network).
upstream: remove vestigal support for KRL signatures
When the KRL format was originally defined, it included support for
signing of KRL objects. However, the code to sign KRLs and verify KRL
signatues was never completed in OpenSSH.
Now, some years later, we have SSHSIG support in ssh-keygen that is
more general, well tested and actually works. So this removes the
semi-finished KRL signing/verification support from OpenSSH and
refactors the remaining code to realise the benefit - primarily, we
no longer need to perform multiple parsing passes over KRL objects.
Damien Miller [Wed, 12 Jul 2023 01:41:19 +0000 (11:41 +1000)]
replace deprecate selinux matchpathcon function
This function is apparently deprecated. Documentation on what is the
supposed replacement is is non-existent, so this follows the approach
glibc used https://sourceware.org/git/?p=glibc.git;a=patch;h=f278835f59
djm@openbsd.org [Wed, 21 Jun 2023 05:08:32 +0000 (05:08 +0000)]
upstream: make `ssh -Q CASignatureAlgorithms` only list signature
algorithms that are valid for CA signing. Previous behaviour was to list all
signing algorithms, including certificate algorithms (OpenSSH certificates do
not support CA chains). part of bz3577; ok dtucker@
djm@openbsd.org [Tue, 20 Jun 2023 23:59:33 +0000 (23:59 +0000)]
upstream: prepare for support for connecting to unix domain sockets
using ssh -W by explicitly decoding PORT_STREAMLOCAL (a negative number) from
the u32 that's passed over the multiplexing socket; previously code would
just cast, which is UB.
djm@openbsd.org [Tue, 20 Jun 2023 00:05:09 +0000 (00:05 +0000)]
upstream: reset comment=NULL for each key in do_fingerprint();
fixes "no comment" not showing on when running `ssh-keygen -l` on multiple
keys where one has a comment and other following keys do not. Patch from
Markus Kuhn via GHPR407, bz3580
Darren Tucker [Tue, 3 Aug 2021 11:25:48 +0000 (21:25 +1000)]
Make ssh-copy-id(1) consistent with OpenSSH.
This makes the ssh-copy-id man page more consistent with the rest of the
OpenSSH man pages:
- new sentence, new line
- no sentences >80
- N.B. -> NB
- zap unused .Pp
- zap trailing whitespace
Report from Debian via mindrot bz#3331, diff from jmc at openbsd.org.
Philip Hands [Wed, 24 May 2023 09:45:43 +0000 (11:45 +0200)]
if -s & -p specified, mention 'sftp -P' on success
This was inspired by this:
https://github.com/openssh/openssh-portable/pull/321
but I thought that it was better to not do the sed patching.
BTW the reason one can get away with using $SSH_OPTS throughout, despite
the lowercase -p in there, even if sftp is in use, is that the sftp call
is using the already-established ssh master connection, so the port was
passed to the earlier ssh.
Fix test error for /bin/sh on Solaris 10 and older
On Solaris 10 and older targets /bin/sh is not POSIX-compliant.
Test -z `...` fails with error 'sh: test: argument expected'.
Using quotes around backticks fixes this and doesn't break
POSIX compatibility.
Darren Tucker [Wed, 10 May 2023 08:50:46 +0000 (18:50 +1000)]
Special case OpenWrt instead of Dropbear.
OpenWrt overrides the location of authorized_keys for root. Currently we
assume that all Dropbear installations behave this way, which is not the
case. Check for OpenWrt and root user before using that location instead
of assuming that for all Dropbear servers. Prompted by Github PR#250.
Darren Tucker [Mon, 8 May 2023 10:12:59 +0000 (20:12 +1000)]
Handle OpenSSL >=3 ABI compatibility.
Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only
major must match instead of major and minor in earlier versions).
bz#3548, ok djm@
upstream: adjust ftruncate() logic to handle servers that reorder
requests.
sftp/scp will ftruncate the destination file after a transfer completes,
to deal with the case where a longer destination file already existed.
We tracked the highest contiguous block transferred to deal with this
case, but our naive tracking doesn't deal with servers that reorder
requests - a misfeature strictly permitted by the protocol but seldom
implemented.
Adjust the logic to ftruncate() at the highest absolute block received
when the transfer is successful. feedback deraadt@ ok markus@
prompted by https://github.com/openssh/openssh-portable/commit/9b733#commitcomment-110679778
projects / thirdparty / openssh-portable.git / log
