Damien Miller [Wed, 4 Dec 2024 13:01:33 +0000 (00:01 +1100)]
Support systemd-style socket activation in agent
Adds support for systemd LISTEN_PID/LISTEN_FDS socket activation to
ssh-agent. Activated when these environment variables are set and
the agent is started with the -d or -D option and no socket path
is set.
Based on GHPR502 by Daniel Kahn Gillmor, ok dtucker
Jeremy Stott [Fri, 18 Oct 2024 23:10:52 +0000 (12:10 +1300)]
Add make target for standalone sk-libfido2
Add a Makefile target for sk-libfido2, the standalone fido2 security
key shared library, suitable for use with the SecurityKeyProvider
option.
Add a new configure option `--with-security-key-standalone` that
optionally sets the shared library target sk-libfido2$(SHLIBEXT), and
adds it to $(TARGETS).
misc.h is required when SK_STANDALONE is defined, because of the use
of `monotime_tv` in `sk_select_by_touch`.
Sets the shared library extension for sk-libfido2 is by setting
`SHLIBEXT` depending on the platform in configure.ac.
Add the shared library to the CI builds in the `sk` target config to
make sure it can compile under the same conditions as
`--with-security-key-builtin`.
Add a libssh-pic.a static library that compiles with `-fPIC` reusing
.c.lo method in sk-dummy.so for use in the shared library sk-libfido2.
Note, a separate static library libssh-pic.a is needed, since defining
-DSK_STANDALONE excludes some symbols needed in sshkey.lo.
djm@openbsd.org [Tue, 26 Nov 2024 22:01:37 +0000 (22:01 +0000)]
upstream: Explicitly specify the signature algorithm when signing
hostkeys-prove requests.
Fixes a corner-case triggered by UpdateHostKeys with one or more unknown
host keys stored in ssh-agent where sshd refuses to accept the signature
coming back from the agent.
Darren Tucker [Fri, 8 Nov 2024 18:14:16 +0000 (05:14 +1100)]
Reshuffle OpenWRT test configs.
Move the the flags used by the OpenWRT distro to mipsel target and
enable OpenSSL on all targets to improve coverage.
Explicitly disable security key and openssl on mips target so that host
end of the bigendian interop tests don't attempt them and fail (since
they're not enabled on the target side).
Darren Tucker [Sat, 2 Nov 2024 07:05:41 +0000 (18:05 +1100)]
Test bigendian interop.
Where our test target is a bigendian system, do an additional build on
the runner host (which is little endian) and test interop between the two.
Should hopefully catch obvious endianness bugs.
djm@openbsd.org [Wed, 6 Nov 2024 22:51:26 +0000 (22:51 +0000)]
upstream: ssh-agent implemented an all-or-nothing allow-list of
FIDO application IDs for security key-backed keys, to prevent web key handles
from being used remotely as this would likely lead to unpleasant surprises.
By default, only application IDs that start with "ssh:*" are allowed.
This adds a -Owebsafe-allow=... argument that can override the default
list with a more or less restrictive one. The default remains unchanged.
jca@openbsd.org [Mon, 4 Nov 2024 21:59:15 +0000 (21:59 +0000)]
upstream: Ignore extra groups that don't fit in the buffer passed
to getgrouplist(3)
Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents
an admin from adding a user to more groups. With that tweak we'll keep
on ignoring them instead of potentially reading past the buffer passed to
getgrouplist(3). That behavior is explicitely described in initgroups(3).
Darren Tucker [Fri, 25 Oct 2024 08:04:30 +0000 (19:04 +1100)]
Retire the minix3 test config.
It got broken by the sshd-auth change, it's not obvious why, and the
platform lacks the debugging tools (eg gdb, strace) to figure it out.
The upstream project seems effectively dead (6 years since the last
commit, 10 since the last release). It was useful while it lasted
(we found a real bug because of it) but its time seems to have passed.
Darren Tucker [Fri, 25 Oct 2024 08:01:02 +0000 (19:01 +1100)]
Simplify pselect shim and remove side effects.
Instead of maintaing state (pipe descriptors, signal handlers) across
pselect-on-select invocations, set up and restore them each call.
This prevents outside factors (eg a closefrom or signal handler
installation) from potentially causing problems. This does result in a
drop in throughput of a couple of percent on geriatric platforms without
a native pselect due to the extra overhead. Tweaks & ok djm@
... and ssh and sshd log wrappers before recreating them. Prevents "can't
create" errors during tests when running tests without SUDO after having
run them with SUDO.
... to run all of the subprograms from the build directory while
developing and debugging. Should help prevent accidentally testing
against unchanged installed sshd-auth and sshd-session binaries. ok djm@
Darren Tucker [Thu, 17 Oct 2024 09:50:29 +0000 (20:50 +1100)]
Seed RNG when starting up sshd-auth.
Makes builds configured --without-openssl work again since otherwise
the first use of the RNG comes after the sandbox init and it can't
open /dev/random.
This splits the user authentication code from the sshd-session
binary into a separate sshd-auth binary. This will be executed by
sshd-session to complete the user authentication phase of the
protocol only.
Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after thhe authentication phase completes.
djm@openbsd.org [Sun, 6 Oct 2024 23:37:17 +0000 (23:37 +0000)]
upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key
exchange in sshd by default. Specifically, this removes the
diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client
is unchanged and continues to support these methods by default.
Finite field Diffie Hellman is slow and computationally expensive for
the same security level as Elliptic Curve DH or PQ key agreement while
offering no redeeming advantages.
ECDH has been specified for the SSH protocol for 15 years and some
form of ECDH has been the default key exchange in OpenSSH for the last
14 years.
upstream: fix regression introduced when I switched the "Match"
criteria tokeniser to a more shell-like one. Apparently the old tokeniser
(accidentally?) allowed "Match criteria=argument" as well as the "Match
criteria argument" syntax that we tested for.
People were using this syntax so this adds back support for
"Match criteria=argument"
upstream: update the Streamlined NTRU Prime code from the "ref"
implementation in SUPERCOP 20201130 to the "compact" implementation in
SUPERCOP 20240808. The new version is substantially faster. Thanks to Daniel
J Bernstein for pointing out the new implementation (and of course for
writing it).