| Age | Commit message (Collapse) | Author |
|---|
|
* hans/ssh/codenomicon_degradation/OTP-12784:
ssh: update ssh version
ssh: Plain text message returned for invalid version exchange
ssh: Implement keyboard_interactive on server side
ssh: Check e and f parameters in kexdh
ssh: Set max num algoritms in msg_kexinit negotiation
|
|
This is how OpenSSH does. The bytes returned will be put on the
user's tty, so it is better with text than a ssh_msg_disconnect
|
|
|
|
rfc 4253 says in section 8 that:
"Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
sent or accepted by either side. If this condition is violated, the
key exchange fails."
This commit implements the reception check.
|
|
This is to prevent some dos-attac scenarios. The limit is hard-coded.
|
|
If something bad happens and the socket is closed the
call inet:getopts(Socket, [recbuf]) may return {ok, []}. We
want to treat this as a fatal error and terminate gracefully.
The same goes for the case that inet:getopts returns {error, Reason}
that was not handled either.
|
|
A fun could be given in the options that will be called whenever
the SSH_MSG_DEBUG message arrives. This enables the user to
format the printout or just discard it.
The default is changed to not print the message. In RFC4253
printing is a SHOULD, but our new default is to protect logs
from dos attacs.
|
|
For limiting Banner Grabbing attempts.
|
|
|
|
|
|
A channel could be opened with the 'max packet size' set to 0. The behaviour is not defined in the ssh rfc:s, and openssh does not handle that case in some special way besides looping.
The introduced solution just "keep quiet" but removes the eternal loop that caused Erlang to core dump.
|
|
|
|
The ssh acceptor process listens for connections and
spawns a process to handle each new connection that it accepts.
The ownership of the accepted socket will be transfered to the new process
that will handle the incomming messages. Before the ownership is
transfered the socket should be in {active, false} or the acceptor
process may receive data aimed for the connection. As the accept socket
inherits the listen options we set {active, false} there.
|
|
A queue is the behaviour that we want, so this makes the code
easier to understand and more effective.
|
|
The error report was assumed to only happen if our code was wrongly
implemented "internal error". However it would also occur when
bad input was recived from the peer, and could hence cause extensive
logging on DoS attacks.
|
|
This reverts commit af972aaf14a5f53510e692f48f672f7e6805ee6d.
Conflicts:
lib/ssh/test/ssh_basic_SUITE.erl
|
|
otp_SUITE: Ignore undefined functions in ssh
|
|
|
|
|
|
Function name was somewhat confusing and when trying to find a better
name for it we realised it did not work as intended.
|
|
|
|
If a channel is closed by the peer while using a function with call semantics
in ssh_connection.erl return {error, closed}. Document that the functions
can return {error, timeout | closed} and not only ssh_request_status()
|
|
|
|
|
|
This reverts commit d086394ebd3595d431835af80709977a6c1c7c89.
|
|
|
|
|
|
|
|
|
|
* ia/ssh/gracefull-termination/OTP-12185:
ssh: Gracefully handle bad input
|
|
|
|
a channel.
Depends on erl_tar.erl having the function erl_tar:init/3 defined.
|
|
* dotsimon/ssh_connect_timeout/OTP-12306:
Fix ssh_sftp:start_channel timeout
|
|
* ia/ssh/rekeying-typo/OTP-12277:
ssh: Correct typo of renegotiate that could cause rekeying to fail
|
|
* ia/ssh/pty-request/OTP-11542:
ssh: Add basic ptty_alloc tests
ssh: Add pty_alloc request to ssh:shell/[1,2,3]
ssh: Add ptty_alloc/[2,3]
|
|
|
|
The {timeout, Timeout} option passed to ssh_sftp:start_channel is not
applied to the early phases of the SSH protocol. For example, if the
remote server fails to respond after the "hello" then the call will hang
for as long as the server keeps the TCP connection alive.
This patch passes the Timeout through to ssh:connect. In case the
timeout occurs during these phases, {error, timeout} is returned.
|
|
Conflicts:
OTP_VERSION
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
