| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Including misc fixes in surronding code as well as in test cases.
|
|
|
|
|
|
|
|
|
|
* maint-18:
Updated OTP version
Update release notes
ssh: vsn.mk updated
ssh: New test cases for SSH_MSG_KEX_DH_GEX_REQUEST_OLD
ssh: update existing testcases
ssh: Improve group selection
ssh: implemented server side SSH_MSG_KEX_DH_GEX_REQUEST_OLD for putty client
Conflicts:
lib/ssh/src/ssh_transport.erl
lib/ssh/test/ssh_protocol_SUITE.erl
lib/ssh/vsn.mk
|
|
|
|
|
|
There was an assymetric relationship between receiving a ssh-packet (decrypting-mac-decompress) and sending one. When sending, most of the work was defined in the ssh_transport module, while at reception the ssh_connection_handler was the one knowing what to do.
This commit moves the reception down to the ssh_transport module where it belongs.
|
|
* kanatohodets/ssh-subsystem-typo:
Fix spelling of ssh 'subsystem'
OTP-13108
|
|
This commit does not change any behaviour, since the spelling was internally
consistent.
|
|
* Newlines should be added after Name and Instructions field according to rfc4256.
* There was an error in the argument list of the last clause of ssh_auth:keyboard_interact_get_responses/9
* Correct client kb-interactive behaviour at auth failure
|
|
|
|
|
|
|
|
|
|
Adds ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp512
and OTP-12938
hmac-sha2-512
|
|
A new experimental option 'max_random_length_padding', not documented so it might change...
|
|
DO NOT USE IN PRODUCTION!!!
This is a bug fixing of the previously partly impelmented kex algorithm.
There are more things to do, for example genrate/select better g,p pair obeying the min||n||max request.
It is not enabled by default, but may be enabled with the option
{preferred_algorithms, [{kex, ['diffie-hellman-group-exchange-sha1']}]}
|
|
|
|
* hans/ssh/unknown_msgfun/OTP-12813:
ssh: Option unexpectedfun for ssh:daemon and ssh:connect
|
|
This option has a fun as value. The fun will be called when an
unexpected message arrives. The fun returns either 'skip' or 'report'
to guide the connection_handler what to do.
One usage is to filter out messages that are not wanted in the error
logger as info reports. An example of such a message is the 'etimedout'
tcp error message that will be received if a connection has keep_alive
and the peer is restarted.
|
|
|
|
|
|
|
|
Conflicts:
OTP_VERSION
lib/inets/test/httpd_SUITE.erl
lib/inets/vsn.mk
lib/ssh/src/ssh.erl
lib/ssh/vsn.mk
lib/ssl/src/ssl.appup.src
lib/ssl/vsn.mk
|
|
* hans/ssh/codenomicon_degradation/OTP-12784:
ssh: update ssh version
ssh: Plain text message returned for invalid version exchange
ssh: Implement keyboard_interactive on server side
ssh: Check e and f parameters in kexdh
ssh: Set max num algoritms in msg_kexinit negotiation
|
|
This is how OpenSSH does. The bytes returned will be put on the
user's tty, so it is better with text than a ssh_msg_disconnect
|
|
|
|
If something bad happens and the socket is closed the
call inet:getopts(Socket, [recbuf]) may return {ok, []}. We
want to treat this as a fatal error and terminate gracefully.
The same goes for the case that inet:getopts returns {error, Reason}
that was not handled either.
|
|
This option enables the user to define which algorithms that
are to be used as well as their precedences in the negotiation
between server and client.
|
|
In RFC 4253, sections 7.1 & 9 describe rekeying with
special attention to the protocol messages that may be
received and may not be sent during rekeying.
This patch fixes a number of problems during rekeying
caused by data & requests received from the network, and/or data & requests sent by the user.
|
|
When in the connected state, an received KEXINIT
message MUST be responded to with KEXINIT. After that,
the client may continue with KEXDH_INIT (or similar).
See the first paragraph on RFC 4253 sec. 9.
|
|
Conflicts:
OTP_VERSION
lib/ssh/doc/src/ssh.xml
lib/ssh/vsn.mk
|
|
A fun could be given in the options that will be called whenever
the SSH_MSG_DEBUG message arrives. This enables the user to
format the printout or just discard it.
The default is changed to not print the message. In RFC4253
printing is a SHOULD, but our new default is to protect logs
from dos attacs.
|
|
The port stats are not accumulated so that once rekey_limit bytes
(by default, 1GB) have been transmitted the connection will be
rekeyed every minute, not after the next 1GB.
|
|
A queue is the behaviour that we want, so this makes the code
easier to understand and more effective.
|
|
The error report was assumed to only happen if our code was wrongly
implemented "internal error". However it would also occur when
bad input was recived from the peer, and could hence cause extensive
logging on DoS attacks.
|
|
|
|
If a channel is closed by the peer while using a function with call semantics
in ssh_connection.erl return {error, closed}. Document that the functions
can return {error, timeout | closed} and not only ssh_request_status()
|
|
|
