diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2021-09-08 01:05:51 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2021-09-08 01:05:51 +0000 |
| commit | 19261079b74319502c6ffa1249920079f0f69a72 (patch) | |
| tree | a07fb2205e0cea7dee1ffbcc945d9d5b97124714 /crypto/openssh/sshconnect.h | |
| parent | c5128c48df3c2f3828432aff2ea536bb9c887e14 (diff) | |
| parent | 66719ee573ac2290622db642f6e89ab35b179f3d (diff) | |
| download | src-19261079b74319502c6ffa1249920079f0f69a72.tar.gz src-19261079b74319502c6ffa1249920079f0f69a72.zip | |
openssh: update to OpenSSH v8.7p1
Some notable changes, from upstream's release notes:
- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.
Additional integration work is needed to support FIDO/U2F in the base
system.
Deprecation Notice
------------------
OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.
Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985
Diffstat (limited to 'crypto/openssh/sshconnect.h')
| -rw-r--r-- | crypto/openssh/sshconnect.h | 63 |
1 files changed, 49 insertions, 14 deletions
diff --git a/crypto/openssh/sshconnect.h b/crypto/openssh/sshconnect.h index 890d857330cd..f518a9a1302f 100644 --- a/crypto/openssh/sshconnect.h +++ b/crypto/openssh/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.35 2018/07/19 10:28:47 dtucker Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.46 2020/12/22 00:15:23 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -30,30 +30,65 @@ struct Sensitive { int nkeys; }; +struct ssh_conn_info { + char *conn_hash_hex; + char *shorthost; + char *uidstr; + char *keyalias; + char *thishost; + char *host_arg; + char *portstr; + char *remhost; + char *remuser; + char *homedir; + char *locuser; +}; + struct addrinfo; struct ssh; +struct hostkeys; +struct ssh_conn_info; -int ssh_connect(struct ssh *, const char *, struct addrinfo *, - struct sockaddr_storage *, u_short, int, int, int *, int); -void ssh_kill_proxy_command(void); +/* default argument for client percent expansions */ +#define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(conn_info) \ + "C", conn_info->conn_hash_hex, \ + "L", conn_info->shorthost, \ + "i", conn_info->uidstr, \ + "k", conn_info->keyalias, \ + "l", conn_info->thishost, \ + "n", conn_info->host_arg, \ + "p", conn_info->portstr, \ + "d", conn_info->homedir, \ + "h", conn_info->remhost, \ + "r", conn_info->remuser, \ + "u", conn_info->locuser -void ssh_login(Sensitive *, const char *, struct sockaddr *, u_short, - struct passwd *, int); +int ssh_connect(struct ssh *, const char *, const char *, + struct addrinfo *, struct sockaddr_storage *, u_short, + int, int *, int); +void ssh_kill_proxy_command(void); -void ssh_exchange_identification(int); +void ssh_login(struct ssh *, Sensitive *, const char *, + struct sockaddr *, u_short, struct passwd *, int, + const struct ssh_conn_info *); -int verify_host_key(char *, struct sockaddr *, struct sshkey *); +int verify_host_key(char *, struct sockaddr *, struct sshkey *, + const struct ssh_conn_info *); void get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short, char **, char **); -void ssh_kex(char *, struct sockaddr *); -void ssh_kex2(char *, struct sockaddr *, u_short); +void ssh_kex2(struct ssh *ssh, char *, struct sockaddr *, u_short, + const struct ssh_conn_info *); -void ssh_userauth1(const char *, const char *, char *, Sensitive *); -void ssh_userauth2(const char *, const char *, char *, Sensitive *); +void ssh_userauth2(struct ssh *ssh, const char *, const char *, + char *, Sensitive *); -void ssh_put_password(char *); int ssh_local_cmd(const char *); -void maybe_add_key_to_agent(char *, const struct sshkey *, char *, char *); +void maybe_add_key_to_agent(const char *, struct sshkey *, + const char *, const char *); + +void load_hostkeys_command(struct hostkeys *, const char *, + const char *, const struct ssh_conn_info *, + const struct sshkey *, const char *); |