Changes since OpenSSH 7.0
========================= This is a bugfix release. Security -------- * sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin= prohibit-password/without-password that could, depending on compile-time configuration, permit password authentication to root while preventing other forms of authentication. This problem was reported by Mantas Mikulenas. Bugfixes -------- * ssh(1), sshd(8): add compatability workarounds for FuTTY * ssh(1), sshd(8): refine compatability workarounds for WinSCP * Fix a number of memory faults (double-free, free of uninitialised memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz Kocielski.
This commit is contained in:
parent
5919da029a
commit
74053b63d0
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: auth.c,v 1.112 2015/08/06 14:53:21 deraadt Exp $ */
|
/* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -263,7 +263,7 @@ auth_root_allowed(const char *method)
|
||||||
case PERMIT_NO_PASSWD:
|
case PERMIT_NO_PASSWD:
|
||||||
if (strcmp(method, "publickey") == 0 ||
|
if (strcmp(method, "publickey") == 0 ||
|
||||||
strcmp(method, "hostbased") == 0 ||
|
strcmp(method, "hostbased") == 0 ||
|
||||||
strcmp(method, "gssapi-with-mic"))
|
strcmp(method, "gssapi-with-mic") == 0)
|
||||||
return 1;
|
return 1;
|
||||||
break;
|
break;
|
||||||
case PERMIT_FORCED_ONLY:
|
case PERMIT_FORCED_ONLY:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: compat.c,v 1.96 2015/07/28 23:20:42 djm Exp $ */
|
/* $OpenBSD: compat.c,v 1.97 2015/08/19 23:21:42 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -174,6 +174,7 @@ compat_datafellows(const char *version)
|
||||||
"PuTTY_Release_0.63*,"
|
"PuTTY_Release_0.63*,"
|
||||||
"PuTTY_Release_0.64*",
|
"PuTTY_Release_0.64*",
|
||||||
SSH_OLD_DHGEX },
|
SSH_OLD_DHGEX },
|
||||||
|
{ "FuTTY*", SSH_OLD_DHGEX }, /* Putty Fork */
|
||||||
{ "Probe-*",
|
{ "Probe-*",
|
||||||
SSH_BUG_PROBE },
|
SSH_BUG_PROBE },
|
||||||
{ "TeraTerm SSH*,"
|
{ "TeraTerm SSH*,"
|
||||||
|
@ -187,7 +188,17 @@ compat_datafellows(const char *version)
|
||||||
"TTSSH/2.70*,"
|
"TTSSH/2.70*,"
|
||||||
"TTSSH/2.71*,"
|
"TTSSH/2.71*,"
|
||||||
"TTSSH/2.72*", SSH_BUG_HOSTKEYS },
|
"TTSSH/2.72*", SSH_BUG_HOSTKEYS },
|
||||||
{ "WinSCP*", SSH_OLD_DHGEX },
|
{ "WinSCP_release_4*,"
|
||||||
|
"WinSCP_release_5.0*,"
|
||||||
|
"WinSCP_release_5.1*,"
|
||||||
|
"WinSCP_release_5.5*,"
|
||||||
|
"WinSCP_release_5.6*,"
|
||||||
|
"WinSCP_release_5.7,"
|
||||||
|
"WinSCP_release_5.7.1,"
|
||||||
|
"WinSCP_release_5.7.2,"
|
||||||
|
"WinSCP_release_5.7.3,"
|
||||||
|
"WinSCP_release_5.7.4",
|
||||||
|
SSH_OLD_DHGEX },
|
||||||
{ NULL, 0 }
|
{ NULL, 0 }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: dns.c,v 1.34 2015/01/28 22:36:00 djm Exp $ */
|
/* $OpenBSD: dns.c,v 1.35 2015/08/20 22:32:42 deraadt Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||||
|
@ -151,7 +151,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
|
||||||
*digest_len = rdata_len - 2;
|
*digest_len = rdata_len - 2;
|
||||||
|
|
||||||
if (*digest_len > 0) {
|
if (*digest_len > 0) {
|
||||||
*digest = (u_char *) xmalloc(*digest_len);
|
*digest = xmalloc(*digest_len);
|
||||||
memcpy(*digest, rdata + 2, *digest_len);
|
memcpy(*digest, rdata + 2, *digest_len);
|
||||||
} else {
|
} else {
|
||||||
*digest = (u_char *)xstrdup("");
|
*digest = (u_char *)xstrdup("");
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: mux.c,v 1.53 2015/05/01 04:03:20 djm Exp $ */
|
/* $OpenBSD: mux.c,v 1.54 2015/08/19 23:18:26 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
|
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
|
||||||
*
|
*
|
||||||
|
@ -652,6 +652,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||||
u_int lport, cport;
|
u_int lport, cport;
|
||||||
int i, ret = 0, freefwd = 1;
|
int i, ret = 0, freefwd = 1;
|
||||||
|
|
||||||
|
memset(&fwd, 0, sizeof(fwd));
|
||||||
|
|
||||||
/* XXX - lport/cport check redundant */
|
/* XXX - lport/cport check redundant */
|
||||||
if (buffer_get_int_ret(&ftype, m) != 0 ||
|
if (buffer_get_int_ret(&ftype, m) != 0 ||
|
||||||
(listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
|
(listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||||
|
@ -819,6 +821,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||||
int i, ret = 0;
|
int i, ret = 0;
|
||||||
u_int lport, cport;
|
u_int lport, cport;
|
||||||
|
|
||||||
|
memset(&fwd, 0, sizeof(fwd));
|
||||||
|
|
||||||
if (buffer_get_int_ret(&ftype, m) != 0 ||
|
if (buffer_get_int_ret(&ftype, m) != 0 ||
|
||||||
(listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
|
(listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||||
buffer_get_int_ret(&lport, m) != 0 ||
|
buffer_get_int_ret(&lport, m) != 0 ||
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: packet.c,v 1.213 2015/07/29 04:43:06 djm Exp $ */
|
/* $OpenBSD: packet.c,v 1.214 2015/08/20 22:32:42 deraadt Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -1261,7 +1261,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
|
||||||
|
|
||||||
DBG(debug("packet_read()"));
|
DBG(debug("packet_read()"));
|
||||||
|
|
||||||
setp = (fd_set *)calloc(howmany(state->connection_in + 1,
|
setp = calloc(howmany(state->connection_in + 1,
|
||||||
NFDBITS), sizeof(fd_mask));
|
NFDBITS), sizeof(fd_mask));
|
||||||
if (setp == NULL)
|
if (setp == NULL)
|
||||||
return SSH_ERR_ALLOC_FAIL;
|
return SSH_ERR_ALLOC_FAIL;
|
||||||
|
@ -2023,7 +2023,7 @@ ssh_packet_write_wait(struct ssh *ssh)
|
||||||
struct timeval start, timeout, *timeoutp = NULL;
|
struct timeval start, timeout, *timeoutp = NULL;
|
||||||
struct session_state *state = ssh->state;
|
struct session_state *state = ssh->state;
|
||||||
|
|
||||||
setp = (fd_set *)calloc(howmany(state->connection_out + 1,
|
setp = calloc(howmany(state->connection_out + 1,
|
||||||
NFDBITS), sizeof(fd_mask));
|
NFDBITS), sizeof(fd_mask));
|
||||||
if (setp == NULL)
|
if (setp == NULL)
|
||||||
return SSH_ERR_ALLOC_FAIL;
|
return SSH_ERR_ALLOC_FAIL;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sftp-server.c,v 1.106 2015/04/24 01:36:01 deraadt Exp $ */
|
/* $OpenBSD: sftp-server.c,v 1.107 2015/08/20 22:32:42 deraadt Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -1585,8 +1585,8 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
|
||||||
fatal("%s: sshbuf_new failed", __func__);
|
fatal("%s: sshbuf_new failed", __func__);
|
||||||
|
|
||||||
set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
|
set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
|
||||||
rset = (fd_set *)xmalloc(set_size);
|
rset = xmalloc(set_size);
|
||||||
wset = (fd_set *)xmalloc(set_size);
|
wset = xmalloc(set_size);
|
||||||
|
|
||||||
if (homedir != NULL) {
|
if (homedir != NULL) {
|
||||||
if (chdir(homedir) != 0) {
|
if (chdir(homedir) != 0) {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sftp.c,v 1.170 2015/01/20 23:14:00 deraadt Exp $ */
|
/* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||||
*
|
*
|
||||||
|
@ -1935,7 +1935,7 @@ complete(EditLine *el, int ch)
|
||||||
|
|
||||||
/* Figure out which argument the cursor points to */
|
/* Figure out which argument the cursor points to */
|
||||||
cursor = lf->cursor - lf->buffer;
|
cursor = lf->cursor - lf->buffer;
|
||||||
line = (char *)xmalloc(cursor + 1);
|
line = xmalloc(cursor + 1);
|
||||||
memcpy(line, lf->buffer, cursor);
|
memcpy(line, lf->buffer, cursor);
|
||||||
line[cursor] = '\0';
|
line[cursor] = '\0';
|
||||||
argv = makeargv(line, &carg, 1, "e, &terminated);
|
argv = makeargv(line, &carg, 1, "e, &terminated);
|
||||||
|
@ -1943,7 +1943,7 @@ complete(EditLine *el, int ch)
|
||||||
|
|
||||||
/* Get all the arguments on the line */
|
/* Get all the arguments on the line */
|
||||||
len = lf->lastchar - lf->buffer;
|
len = lf->lastchar - lf->buffer;
|
||||||
line = (char *)xmalloc(len + 1);
|
line = xmalloc(len + 1);
|
||||||
memcpy(line, lf->buffer, len);
|
memcpy(line, lf->buffer, len);
|
||||||
line[len] = '\0';
|
line[len] = '\0';
|
||||||
argv = makeargv(line, &argc, 1, NULL, NULL);
|
argv = makeargv(line, &argc, 1, NULL, NULL);
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.\" $OpenBSD: ssh-keygen.1,v 1.126 2015/07/03 03:49:45 djm Exp $
|
.\" $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: July 3 2015 $
|
.Dd $Mdocdate: August 20 2015 $
|
||||||
.Dt SSH-KEYGEN 1
|
.Dt SSH-KEYGEN 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -680,7 +680,7 @@ and identifying the CA key by providing its public half as an argument
|
||||||
to
|
to
|
||||||
.Fl s :
|
.Fl s :
|
||||||
.Pp
|
.Pp
|
||||||
.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub
|
.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
|
||||||
.Pp
|
.Pp
|
||||||
In all cases,
|
In all cases,
|
||||||
.Ar key_id
|
.Ar key_id
|
||||||
|
@ -693,7 +693,7 @@ By default, generated certificates are valid for all users or hosts.
|
||||||
To generate a certificate for a specified set of principals:
|
To generate a certificate for a specified set of principals:
|
||||||
.Pp
|
.Pp
|
||||||
.Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
|
.Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
|
||||||
.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub"
|
.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub"
|
||||||
.Pp
|
.Pp
|
||||||
Additional limitations on the validity and use of user certificates may
|
Additional limitations on the validity and use of user certificates may
|
||||||
be specified through certificate options.
|
be specified through certificate options.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-keygen.c,v 1.276 2015/07/03 03:49:45 djm Exp $ */
|
/* $OpenBSD: ssh-keygen.c,v 1.277 2015/08/19 23:17:51 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -1186,6 +1186,7 @@ do_known_hosts(struct passwd *pw, const char *name)
|
||||||
exit(1);
|
exit(1);
|
||||||
} else if (delete_host && !ctx.found_key) {
|
} else if (delete_host && !ctx.found_key) {
|
||||||
logit("Host %s not found in %s", name, identity_file);
|
logit("Host %s not found in %s", name, identity_file);
|
||||||
|
if (inplace)
|
||||||
unlink(tmp);
|
unlink(tmp);
|
||||||
} else if (inplace) {
|
} else if (inplace) {
|
||||||
/* Backup existing file */
|
/* Backup existing file */
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-pkcs11-helper.c,v 1.10 2015/01/20 23:14:00 deraadt Exp $ */
|
/* $OpenBSD: ssh-pkcs11-helper.c,v 1.11 2015/08/20 22:32:42 deraadt Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2010 Markus Friedl. All rights reserved.
|
* Copyright (c) 2010 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -290,8 +290,8 @@ main(int argc, char **argv)
|
||||||
buffer_init(&oqueue);
|
buffer_init(&oqueue);
|
||||||
|
|
||||||
set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
|
set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
|
||||||
rset = (fd_set *)xmalloc(set_size);
|
rset = xmalloc(set_size);
|
||||||
wset = (fd_set *)xmalloc(set_size);
|
wset = xmalloc(set_size);
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
memset(rset, 0, set_size);
|
memset(rset, 0, set_size);
|
||||||
|
|
|
@ -33,8 +33,8 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: ssh_config.5,v 1.214 2015/07/30 00:01:34 djm Exp $
|
.\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $
|
||||||
.Dd $Mdocdate: July 30 2015 $
|
.Dd $Mdocdate: August 14 2015 $
|
||||||
.Dt SSH_CONFIG 5
|
.Dt SSH_CONFIG 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -415,9 +415,9 @@ chacha20-poly1305@openssh.com
|
||||||
.Pp
|
.Pp
|
||||||
The default is:
|
The default is:
|
||||||
.Bd -literal -offset indent
|
.Bd -literal -offset indent
|
||||||
|
chacha20-poly1305@openssh.com,
|
||||||
aes128-ctr,aes192-ctr,aes256-ctr,
|
aes128-ctr,aes192-ctr,aes256-ctr,
|
||||||
aes128-gcm@openssh.com,aes256-gcm@openssh.com,
|
aes128-gcm@openssh.com,aes256-gcm@openssh.com,
|
||||||
chacha20-poly1305@openssh.com,
|
|
||||||
arcfour256,arcfour128,
|
arcfour256,arcfour128,
|
||||||
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
|
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
|
||||||
aes192-cbc,aes256-cbc,arcfour
|
aes192-cbc,aes256-cbc,arcfour
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshconnect.c,v 1.262 2015/05/28 05:41:29 dtucker Exp $ */
|
/* $OpenBSD: sshconnect.c,v 1.263 2015/08/20 22:32:42 deraadt Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -346,7 +346,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS),
|
fdset = xcalloc(howmany(sockfd + 1, NFDBITS),
|
||||||
sizeof(fd_mask));
|
sizeof(fd_mask));
|
||||||
FD_SET(sockfd, fdset);
|
FD_SET(sockfd, fdset);
|
||||||
ms_to_timeval(&tv, *timeoutp);
|
ms_to_timeval(&tv, *timeoutp);
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshd.c,v 1.457 2015/07/30 00:01:34 djm Exp $ */
|
/* $OpenBSD: sshd.c,v 1.458 2015/08/20 22:32:42 deraadt Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -1201,7 +1201,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
|
||||||
sighup_restart();
|
sighup_restart();
|
||||||
if (fdset != NULL)
|
if (fdset != NULL)
|
||||||
free(fdset);
|
free(fdset);
|
||||||
fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS),
|
fdset = xcalloc(howmany(maxfd + 1, NFDBITS),
|
||||||
sizeof(fd_mask));
|
sizeof(fd_mask));
|
||||||
|
|
||||||
for (i = 0; i < num_listen_socks; i++)
|
for (i = 0; i < num_listen_socks; i++)
|
||||||
|
|
|
@ -33,8 +33,8 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: sshd_config.5,v 1.210 2015/08/06 14:53:21 deraadt Exp $
|
.\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $
|
||||||
.Dd $Mdocdate: August 6 2015 $
|
.Dd $Mdocdate: August 14 2015 $
|
||||||
.Dt SSHD_CONFIG 5
|
.Dt SSHD_CONFIG 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -477,9 +477,9 @@ chacha20-poly1305@openssh.com
|
||||||
.Pp
|
.Pp
|
||||||
The default is:
|
The default is:
|
||||||
.Bd -literal -offset indent
|
.Bd -literal -offset indent
|
||||||
|
chacha20-poly1305@openssh.com,
|
||||||
aes128-ctr,aes192-ctr,aes256-ctr,
|
aes128-ctr,aes192-ctr,aes256-ctr,
|
||||||
aes128-gcm@openssh.com,aes256-gcm@openssh.com,
|
aes128-gcm@openssh.com,aes256-gcm@openssh.com
|
||||||
chacha20-poly1305@openssh.com
|
|
||||||
.Ed
|
.Ed
|
||||||
.Pp
|
.Pp
|
||||||
The list of available ciphers may also be obtained using the
|
The list of available ciphers may also be obtained using the
|
||||||
|
@ -1529,7 +1529,7 @@ If this option is set to
|
||||||
.Pa ~/.ssh/known_hosts
|
.Pa ~/.ssh/known_hosts
|
||||||
.Cm from
|
.Cm from
|
||||||
and
|
and
|
||||||
.Xr sshd_config 5
|
.Nm
|
||||||
.Cm Match
|
.Cm Match
|
||||||
.Cm Host
|
.Cm Host
|
||||||
directives.
|
directives.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshkey.c,v 1.20 2015/07/03 03:43:18 djm Exp $ */
|
/* $OpenBSD: sshkey.c,v 1.21 2015/08/19 23:19:01 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
|
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
|
||||||
|
@ -1528,7 +1528,6 @@ dsa_generate_private_key(u_int bits, DSA **dsap)
|
||||||
*dsap = NULL;
|
*dsap = NULL;
|
||||||
if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,
|
if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,
|
||||||
NULL, NULL) || !DSA_generate_key(private)) {
|
NULL, NULL) || !DSA_generate_key(private)) {
|
||||||
DSA_free(private);
|
|
||||||
ret = SSH_ERR_LIBCRYPTO_ERROR;
|
ret = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
/* $OpenBSD: version.h,v 1.74 2015/08/02 09:56:42 djm Exp $ */
|
/* $OpenBSD: version.h,v 1.75 2015/08/21 03:45:26 djm Exp $ */
|
||||||
|
|
||||||
#define SSH_VERSION "OpenSSH_7.0"
|
#define SSH_VERSION "OpenSSH_7.1"
|
||||||
|
|
Loading…
Reference in New Issue