Age | Commit message (Collapse) | Author |
|
A new experimental option 'max_random_length_padding', not documented so it might change...
|
|
DO NOT USE IN PRODUCTION!!!
This is a bug fixing of the previously partly impelmented kex algorithm.
There are more things to do, for example genrate/select better g,p pair obeying the min||n||max request.
It is not enabled by default, but may be enabled with the option
{preferred_algorithms, [{kex, ['diffie-hellman-group-exchange-sha1']}]}
|
|
|
|
* hans/ssh/unknown_msgfun/OTP-12813:
ssh: Option unexpectedfun for ssh:daemon and ssh:connect
|
|
This option has a fun as value. The fun will be called when an
unexpected message arrives. The fun returns either 'skip' or 'report'
to guide the connection_handler what to do.
One usage is to filter out messages that are not wanted in the error
logger as info reports. An example of such a message is the 'etimedout'
tcp error message that will be received if a connection has keep_alive
and the peer is restarted.
|
|
|
|
|
|
|
|
Conflicts:
OTP_VERSION
lib/inets/test/httpd_SUITE.erl
lib/inets/vsn.mk
lib/ssh/src/ssh.erl
lib/ssh/vsn.mk
lib/ssl/src/ssl.appup.src
lib/ssl/vsn.mk
|
|
* hans/ssh/codenomicon_degradation/OTP-12784:
ssh: update ssh version
ssh: Plain text message returned for invalid version exchange
ssh: Implement keyboard_interactive on server side
ssh: Check e and f parameters in kexdh
ssh: Set max num algoritms in msg_kexinit negotiation
|
|
This is how OpenSSH does. The bytes returned will be put on the
user's tty, so it is better with text than a ssh_msg_disconnect
|
|
|
|
If something bad happens and the socket is closed the
call inet:getopts(Socket, [recbuf]) may return {ok, []}. We
want to treat this as a fatal error and terminate gracefully.
The same goes for the case that inet:getopts returns {error, Reason}
that was not handled either.
|
|
This option enables the user to define which algorithms that
are to be used as well as their precedences in the negotiation
between server and client.
|
|
In RFC 4253, sections 7.1 & 9 describe rekeying with
special attention to the protocol messages that may be
received and may not be sent during rekeying.
This patch fixes a number of problems during rekeying
caused by data & requests received from the network, and/or data & requests sent by the user.
|
|
When in the connected state, an received KEXINIT
message MUST be responded to with KEXINIT. After that,
the client may continue with KEXDH_INIT (or similar).
See the first paragraph on RFC 4253 sec. 9.
|
|
Conflicts:
OTP_VERSION
lib/ssh/doc/src/ssh.xml
lib/ssh/vsn.mk
|
|
A fun could be given in the options that will be called whenever
the SSH_MSG_DEBUG message arrives. This enables the user to
format the printout or just discard it.
The default is changed to not print the message. In RFC4253
printing is a SHOULD, but our new default is to protect logs
from dos attacs.
|
|
The port stats are not accumulated so that once rekey_limit bytes
(by default, 1GB) have been transmitted the connection will be
rekeyed every minute, not after the next 1GB.
|
|
A queue is the behaviour that we want, so this makes the code
easier to understand and more effective.
|
|
The error report was assumed to only happen if our code was wrongly
implemented "internal error". However it would also occur when
bad input was recived from the peer, and could hence cause extensive
logging on DoS attacks.
|
|
|
|
If a channel is closed by the peer while using a function with call semantics
in ssh_connection.erl return {error, closed}. Document that the functions
can return {error, timeout | closed} and not only ssh_request_status()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* ia/ssh/version-handling-gracefull/OTP-12157:
ssh: Add format_status/2 so sensitive data will not be present in logs
ssh: Gracefully handle incorrect versions
|
|
|
|
|
|
Conflicts:
lib/ssh/test/ssh_connection_SUITE.erl
|
|
|
|
|
|
|
|
|
|
Similar to d9ebfb8. The wrong specs were leading to dialyzer warnings
like this in our application since R16B03:
The pattern 'ok' can never match the type {'error',_}.
The pattern {'error', {'already_started', 'ssh'}} can never match the type 'ok'.
The pattern {'error', _} can never match the type {'open_error',_,string(),string()}.
|
|
Commit 68263a48bfbdac4dc219a91f06af3d535d881850 got close handling
slightly wrong, channels did not get their close message.
Commit 32102f1e8225dada7526c9bfee6622f9026ba4cd did not work as expected
|
|
|
|
OTP-11296
|
|
Also start adding dialyzer specs and removing dead code
|
|
This is step one in in making ssh process structure less complicated.
As an effect I also found other simplifications/clean ups of the code
that could be done.
|
|
OTP-11345, sto575, tsk374
|
|
* lpg/openssh_zlib/OTP-11256:
ssh: added basic connection testcase for openssh zlib
Add openssh_zlib compression type to ssh_transport
|
|
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/inets_app/inets.appup.src
lib/inets/vsn.mk
lib/ssh/doc/src/notes.xml
lib/ssh/src/ssh.appup.src
lib/ssh/src/ssh_connection_handler.erl
lib/ssh/vsn.mk
|
|
|
|
http://www.openssh.org/txt/draft-miller-secsh-compression-delayed-00.txt
|
|
|