Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| aadb1b15 | 2025-04-30 05:26:15 | make writing known_hosts lines more atomic, by writing the entire line in one operation and using unbuffered stdio. Usually writes to this file are serialised on the "Are you sure you want to continue connecting?" prompt, but if host key checking is disabled and connections were being made with high concurrency then interleaved writes might have been possible. feedback/ok deraadt@ millert@ | ||
| 332698a8 | 2025-04-30 05:23:15 | fix a out-of-bounds read if the known_hosts file is truncated after the hostname. Reported by the OpenAI Security Research Team ok deraadt@ | ||
| 35b2ae8d | 2025-04-15 09:22:25 | Cast signalled_keydrop to int when logging to prevent warning on platforms where sig_atomic_t is not the same as int. bz#3811, patch from jlduran at gmail com. | ||
| c52cbb89 | 2025-04-14 05:41:42 | rework the text for -3 to make it clearer what default behaviour is, and adjust the text for -R to make them more consistent; issue raised by mikhail mp39590; behaviour explained by naddy ok djm | ||
| b3131ce4 | 2025-04-09 07:00:21 | openssh-10.0 | ||
| d31ec640 | 2025-04-09 07:00:03 | Fix logic error in DisableForwarding option. This option was documented as disabling X11 and agent forwarding but it failed to do so. Spotted by Tim Rice. | ||
| 3676974c | 2025-04-09 01:24:40 | oops, I accidentally backed out the typo fix | ||
| 9660cd6f | 2025-04-09 01:23:47 | typo | ||
| b621926a | 2025-04-08 23:10:08 | typo | ||
| 2921ca64 | 2025-04-07 08:12:22 | Include time.h for time(). Fixes warning on some platforms when building without openssl. | ||
| 63e4e247 | 2025-04-02 04:28:03 | Wrap #include <openssl/dsa.h> in #ifdef WITH_DSA ok djm | ||
| 351a734b | 2025-04-01 23:23:20 | remove ability to enable DSA support. Actual code will be g/c'd separately. ok deraadt@ | ||
| 225f073a | 2025-03-28 06:04:07 | Pass "ControlMaster no" to ssh when invoked by scp & sftp. If you have ControlMaster auto (or yes) in your config, and the first connection you make is via scp or sftp, then you may get a few unexpected options applied to it (eg ForwardX11 no), since sftp and sftp explicitly disable those for reasons. These effects will persist beyond the initial scp or sftp command. This explicitly disables persistent session *creation* by scp and sftp. It will not prevent them from using an existing session if one has already been created. From Github PR#557, ok djm@ kn@ | ||
| d2098498 | 2025-03-19 06:11:15 | Prevent theoretical NULL deref in throughlocal_sftp. Coverity CID 405019, although at the moment it's not reachable. ok djm@ | ||
| 204931f6 | 2025-03-18 04:53:14 | fix NULL dereference for Match conditions missing arguments, e.g. "Match user". Spotted by Coverity (CID 477813) | ||
| 20413e83 | 2025-03-14 09:49:49 | Fix EVP_CIPHER_CTX_ctrl() return checks While this API tries to translate negative return values (i.e. -1) to 0 in BoringSSL and LibreSSL, it is still possible for it to return negative values in prinicple. We even incorrectly document that -1 can be returned while Boring and OpenSSL plead the Fifth. In OpenSSL 3 there are now code paths that explicitly return -1 and they started shifting their return checks to <= 0 - of course they do this in inconsistent and sometimes incorrect manner. While these paths aren't reachable from ssh right now, who can really tell what happens in the two hundred lines of inscrutable bloated mess this has become. So error check with <= 0 to ensure that we don't accidentally translate an error to success. ok markus schwarze | ||
| dd809e4c | 2025-03-12 22:43:44 | remove assumption that the sshd_config and any configs included from it can fit in a (possibly enlarged) socket buffer, by having the sshd listener mainloop actively manage sending the configuration to the sshd-session subprocess. work by markus@ w/ a little feedback from me; ok me and committing on his behalf | ||
| b35ac0e5 | 2025-03-11 07:48:51 | Set highwater when resuming a "put". Prevents bogus "server reordered acks" debug message. ok djm@ | ||
| fc3c799b | 2025-03-03 06:53:09 | Add %-token and environment variable expansion to SetEnv. feedback deraadt@ jmc@, nits and ok djm@ | ||
| 486b5143 | 2025-03-02 22:44:00 | fix PerSourcePenalty incorrectly using "crash" penalty when LoginGraceTime was exceeded. Reported by irwin AT princeton.edu via bz3797 | ||
| f4bed82d | 2025-03-02 11:03:13 | whitespace | ||
| fc0fb6e0 | 2025-03-02 07:02:49 | Make a copy of the user when handling ssh -l, so that later during User token expansion we don't end up freeing a member of argv. Spotted by anton@'s regress tests. | ||
| c5a3c23c | 2025-03-01 06:11:26 | Allow %-token and environment variable expansion in User, with the exception of %r and %C which are self-referential. Requested in bz#3477, ok djm@, man page improvements jmc@ | ||
| ce3b4e4d | 2025-02-25 06:25:30 | ressurect fix for "match invalid-user" that got clobbered by 1.423 | ||
| 3bb389ec | 2025-02-21 18:22:41 | Also prohibit , (comma) in hostnames, proposed by David Leadbeater ok djm millert | ||
| 38e2999e | 2025-02-18 08:02:48 | Fix cases where error codes were not correctly set Reported by the Qualys Security Advisory team. ok markus@ | ||
| ba5306b9 | 2025-02-18 08:02:12 | Don't reply to PING in preauth phase or during KEX Reported by the Qualys Security Advisory team. ok markus@ | ||
| ecbcc43a | 2025-02-15 06:48:56 | - use \& when contructs like "e.g." end a line, to avoid double spacing - macro is Qq not Oq | ||
| 3b0301ee | 2025-02-15 01:52:07 | add "Match version" support to ssh_config. Allows matching on the local version of OpenSSH, e.g. "Match version OpenSSH_10.*" ok markus@ | ||
| ecd65cd4 | 2025-02-15 01:50:47 | Add support for "Match sessiontype" to ssh_config. Allows matching on the type of session requested, either "shell" for interactive sessions, "exec" for command execution sessions, "subsystem" for subsystem requests, such as sftp, or "none" for transport/forwarding-only sessions. ok markus@ | ||
| b568ccc6 | 2025-02-15 01:48:30 | "Match command ..." support for ssh_config to allow matching on the remote command specified on the commandline. Also relaxes matching rules for `Match tagged` to allow `Match tagged ""` to match an empty tag value. This also works for command. ok markus@ | ||
| d288aa1f | 2025-02-10 23:19:26 | include arguments the command was invoked with, and operating system name, version and architecture in startup debugging output; ok dtucker | ||
| c6789490 | 2025-02-10 23:16:51 | include line number in Match debug messages, makes it a little easier to see what's going on | ||
| c7df606a | 2025-02-10 23:00:29 | fix "Match invalid-user" from incorrectly being activated in initial configuration pass when no other predicates were present on the match line | ||
| 275cd30c | 2025-02-09 18:24:08 | In a section 1 manual, use the plain English words "standard output" rather than the overly technical abbreviation "stdout" - we are not talking about a device file or a FILE * object here. Issue reported by <onf at disroot dot org> on the groff mailing list. | ||
| cfdd7e4a | 2025-01-17 00:09:41 | Fix debug logging of user specific delay. Patch from Achim Leitner (fjl5) via github PR#552. | ||
| 874e263e | 2025-01-16 06:37:10 | Call log_init in sshd-auth and sshd-session immediately after parsing the config file so that any log settings set in the config file take effect immediately. Move version banners to immediately after that, and make them distinct per binary. ok djm@ | ||
| 9ce49056 | 2025-01-15 22:23:13 | Use strprefix helper when processing sshd -C test args instead of counting bytes by hand. ok djm@ | ||
| feb3ea43 | 2024-12-12 09:09:09 | Plug leak on error path, spotted by Coverity. ok djm@ | ||
| 84a23681 | 2024-12-07 10:12:19 | replace bespoke logging of MaxSessions enforcement with new ratelimited logging infrastructure. Add ratelimits to logging of connections dropped by PerSourcePenalties ok dtucker | ||
| cc7fda5d | 2024-12-07 10:05:36 | add infrastructure for ratelimited logging; feedback/ok dtucker | ||
| 747ebeda | 2024-12-06 16:24:27 | allow glob(3) patterns for sshd_config AuthorizedKeysFile and AuthorizedPrincipalsFile directives; bz2755 ok dtucker | ||
| 5b6bbb3d | 2024-12-06 16:21:48 | support VersionAddendum in the client, mirroring the option of the same name in the server; bz2745 ok dtucker@ | ||
| 581c1d79 | 2024-12-06 16:02:12 | clarify encoding of options/extensions; bz2389 | ||
| 976a9bf1 | 2024-12-06 15:17:15 | ignore SIGPIPE here; some downstreams have had this for years... | ||
| 31527a04 | 2024-12-06 15:12:56 | sync -o option lists with ssh.1; requested jmc@ | ||
| c05259c4 | 2024-12-06 06:55:28 | Change "login again" to "log in again" in password change message. From ThinLinc-Zeijlon via github PR#532. | ||
| b56918e3 | 2024-12-05 22:45:03 | catch up documentation: AES-GCM is preferred to AES-CTR | ||
| 14d17660 | 2024-12-05 06:49:26 | De-magic the x11 base port number into a define. ok djm@ | ||
| 0a9ac282 | 2024-12-05 06:47:00 | Prevent integer overflow in x11 port handling. These are theoretically possible if the admin misconfigures X11DisplayOffset or the user misconfigures their own $DISPLAY, but don't happen in normal operation. From Suhov Roman via bz#3730, ok djm@ | ||
| 8823bb00 | 2024-12-04 14:37:55 | sync the list of options accepted by -o with ssh_config.5 prompted by bz3455 | ||
| e2c061ec | 2024-12-04 14:24:20 | don't screw up ssh-keygen -l output when the file contains CR characters; GHPR236 bz3385, fix from Dmitry Belyavskiy | ||
| 3bb7d5b0 | 2024-12-03 22:30:03 | spelling; ok djm@ | ||
| 8aa1e807 | 2024-12-03 16:27:53 | Remove fallback to compiled-in gropup for dhgex when the moduli file exists, but does not contain moduli within the client-requested range. The fallback behaviour remains for the case where the moduli file does not exist (typically, running tests prior to installing). From bz#2793, based in part on patch from Joe Testa, ok djm@ | ||
| 773a7280 | 2024-12-03 15:53:51 | Remove redundant field of definition check This will allow us to get rid of EC_GROUP_method_of() in the near future. ok djm | ||
| b67e94d2 | 2024-12-03 14:12:47 | Improve description of KbdInteractiveAuthentication. Based on bz#3658, fixes jmc@ ok markus@ djm@. | ||
| 71e7e711 | 2024-12-03 08:31:49 | support FIDO tokens that return no attestation data, e.g. recent WinHello. From Michael Braun via GHPR542 | ||
| eac0e5c0 | 2024-12-02 14:06:42 | unbreak | ||
| 08d45e79 | 2024-12-02 13:37:18 | prefer AES-GCM to AES-CTR; ok deraadt markus | ||
| f651b06a | 2024-11-29 00:13:36 | Import regenerated moduli. | ||
| 049e6dd2 | 2024-11-27 16:07:08 | fix argument of "Compression" directive in ssh -G config dump, which used to work but broke in 9.8 | ||
| f6e19f51 | 2024-11-27 13:27:34 | new name/link for agent I-D | ||
| 0d94c36d | 2024-11-27 13:00:23 | mention that biometrics may be used for FIDO key user verification as well as PIN. Prompted by Zack Newman, ok jmc@ | ||
| bae7b9e3 | 2024-11-26 22:05:51 | g/c outdated XXX comments | ||
| 0b696230 | 2024-11-26 22:01:37 | Explicitly specify the signature algorithm when signing hostkeys-prove requests. Fixes a corner-case triggered by UpdateHostKeys with one or more unknown host keys stored in ssh-agent where sshd refuses to accept the signature coming back from the agent. Report/fix from Maxime Rey | ||
| 72de6406 | 2024-11-26 21:23:35 | when using RSA keys to sign messages, select the signature algorithm based on the requested hash algorithm ("-Ohashalg=xxx"). This allows using something other than rsa-sha2-512, which may not be supported on all signing backends, e.g. some smartcards only support SHA256. Patch from Morten Linderud; ok markus@ | ||
| 74d99a43 | 2024-11-24 23:47:50 | turn off CDIAGFLAGS and turn back on INSTALL_STRIP accidentally changed in last commit | ||
| 91f7c846 | 2024-11-06 22:51:26 | ssh-agent implemented an all-or-nothing allow-list of FIDO application IDs for security key-backed keys, to prevent web key handles from being used remotely as this would likely lead to unpleasant surprises. By default, only application IDs that start with "ssh:*" are allowed. This adds a -Owebsafe-allow=... argument that can override the default list with a more or less restrictive one. The default remains unchanged. ok markus@ | ||
| 2119819d | 2024-11-04 21:59:15 | Ignore extra groups that don't fit in the buffer passed to getgrouplist(3) Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents an admin from adding a user to more groups. With that tweak we'll keep on ignoring them instead of potentially reading past the buffer passed to getgrouplist(3). That behavior is explicitely described in initgroups(3). ok millert@ gilles@ | ||
| c42fee07 | 2024-10-27 02:06:59 | explicitly include endian.h | ||
| 66207d7b | 2024-10-27 02:06:01 | fix ML-KEM768x25519 KEX on big-endian systems; spotted by jsg@ feedback/ok deraadt@ | ||
| 92f9af84 | 2024-10-25 21:53:24 | mlkem768x25519-sha256 has been promoted to default key exchange | ||
| e683af90 | 2024-10-25 01:34:18 | promote mlkem768x25519-sha256 to be the default key exchange; ok markus@ | ||
| 52e3983c | 2024-10-24 03:15:47 | amake ssh-agent drop all keys when it receives SIGUSR1; let's users zap keys without access to $SSH_AUTH_SOCK ok deraadt@ | ||
| 0df51ef7 | 2024-10-24 03:14:37 | relax valid_domain() checks to allow an underscore as the first character. ok deraadt@ | ||
| c3e5d14c | 2024-10-22 06:16:26 | Add a sshd debug wrapper to run all of the subprograms from the build directory while developing and debugging. Should help prevent accidentally testing against unchanged installed sshd-auth and sshd-session binaries. ok djm@ | ||
| 9732f479 | 2024-10-22 06:13:00 | Make debug call printf("%s", NULL) safe. Prevents problems on platforms where this isn't safe (which it's not required to be). ok djm@ | ||
| 52c025e2 | 2024-10-18 05:53:26 | mention that LocalForward and RemoteForward can accept Unix domain socket paths; GHPR115 | ||
| 6e669df1 | 2024-10-18 05:45:40 | remove duplicate check; GHPR392 from Pedro Martelletto | ||
| 6bcd49f7 | 2024-10-18 05:37:24 | allow "-" as output file for moduli screening based on GHPR393 | ||
| 28a658e2 | 2024-10-18 05:32:51 | ssh-keyscan doesn't need it's own sshfatal() definition, it can use the shared one from fatal.c based on GHPR401 from lengyijun | ||
| 559366d6 | 2024-10-18 05:14:51 | in _ssh_order_hostkeyalgs() consider ECDSA curve type when arranging the hostkey algorithms. AFAIK this code is unused in OpenSSH, but I guess others are using it based on GHPR387 from Pawel Jakub Dawidek | ||
| d47e98a9 | 2024-10-18 05:03:34 | require control-escape character sequences passed via the '-e ^x' commandline to be exactly two characters long. Avoids one by OOB read if ssh is invoked as "ssh -e^ ..." Spotted by Maciej Domanski in GHPR368 | ||
| 632d59bf | 2024-10-18 04:30:09 | remove addr.[ch] functions that are unused and visbility-restrict ones that are unused outside the implementation itself; based on GHPR#282 by tobias@ | ||
| e34b69e8 | 2024-10-18 04:14:59 | unreachable POLLERR case; from ya0guang via GHPR485 | ||
| cd684251 | 2024-10-18 04:11:54 | s/Sx/Cm/ for external references; from Domen Puncer Kugler via GHPR501 | ||
| 47f6b40a | 2024-10-14 23:53:34 | mention SshdAuthPath option; ok djm@ | ||
| 856b6ee8 | 2024-10-14 01:57:50 | Split per-connection sshd-session binary This splits the user authentication code from the sshd-session binary into a separate sshd-auth binary. This will be executed by sshd-session to complete the user authentication phase of the protocol only. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after thhe authentication phase completes. Joint work with markus@ feedback deraadt@ Tested in snaps since last week | ||
| 030ab344 | 2024-10-13 22:20:06 | don't start the ObscureKeystrokeTiming mitigations if there has been traffic on a X11 forwarding channel recently. Should fix X11 forwarding performance problems when this setting is enabled. Patch from Antonio Larrosa via bz3655 | ||
| 7579df68 | 2024-10-12 10:50:37 | remove duplicate misc.h include ok dtucker@ | ||
| b5f73b3b | 2024-10-06 23:37:17 | Turn off finite field (a.k.a modp) Diffie-Hellman key exchange in sshd by default. Specifically, this removes the diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client is unchanged and continues to support these methods by default. Finite field Diffie Hellman is slow and computationally expensive for the same security level as Elliptic Curve DH or PQ key agreement while offering no redeeming advantages. ECDH has been specified for the SSH protocol for 15 years and some form of ECDH has been the default key exchange in OpenSSH for the last 14 years. ok markus@ | ||
| e0447839 | 2024-09-26 23:55:08 | fix previous change to ssh_config Match, which broken on negated Matches; spotted by phessler@ ok deraadt@ | ||
| e5757882 | 2024-09-25 23:01:39 | remove some unused defines; ok djm@ | ||
| e9d1bb1d | 2024-09-25 06:13:01 | remove some unneeded Xo/Xc calls; from evan silberman the original diff had a couple of errors, which i've fixed | ||
| c2ff6de8 | 2024-09-25 01:24:04 | fix regression introduced when I switched the "Match" criteria tokeniser to a more shell-like one. Apparently the old tokeniser (accidentally?) allowed "Match criteria=argument" as well as the "Match criteria argument" syntax that we tested for. People were using this syntax so this adds back support for "Match criteria=argument" bz3739 ok dtucker | ||
| 5a7e332e | 2024-09-24 02:28:17 | some extra paranoia, reminded by jsg@ | ||
| 3a06db87 | 2024-09-22 12:56:21 | remove some unused defines; ok djm@ | ||
| 479c151d | 2024-09-20 02:00:46 | remove unneeded semicolons; checked by millert@ | ||
| 179e43bc | 2024-09-19 22:17:44 | openssh-9.9 | ||
| 91055178 | 2024-09-16 05:37:05 | use 64 bit math to avoid signed underflow. upstream code relies on using -fwrapv to provide defined over/underflow behaviour, but we use -ftrapv to catch integer errors and abort the program. ok dtucker@ |