aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssh/src
AgeCommit message (Collapse)Author
2015-08-03ssh: added more groups for gexHans Nilsson
2015-08-03ssh: rm ssh_math and use crypto:compute_key insteadHans Nilsson
2015-08-03ssh: filter algs unknown to crypto (except pk)Hans Nilsson
2015-08-03ssh: Add experimental 'diffie-hellman-group-exchange-sha256 supportHans Nilsson
DO NOT USE IN PRODUCTION!!! It is not enabled by default, but may be enabled with the option {preferred_algorithms, [{kex, ['diffie-hellman-group-exchange-sha256']}]}
2015-08-03ssh: Repair/add experimental diffie-hellman-group-exchange-sha1 supportHans Nilsson
DO NOT USE IN PRODUCTION!!! This is a bug fixing of the previously partly impelmented kex algorithm. There are more things to do, for example genrate/select better g,p pair obeying the min||n||max request. It is not enabled by default, but may be enabled with the option {preferred_algorithms, [{kex, ['diffie-hellman-group-exchange-sha1']}]}
2015-07-02ssh: testcases for no common algorithms in key exchangeHans Nilsson
2015-06-30ssh: correct sftp unicode and iolist bugHans Nilsson
Ssh_sftp.erl handled incorrectly unicode data in ssh_ftp:write_file. There was also problems with some deeper iolists.
2015-06-18Change license text to APLv2Bruce Yinhe
2015-06-15ssh: add test case + corr for ssh_info:print/1Hans Nilsson
Conflicts: lib/ssh/test/ssh_basic_SUITE.erl
2015-06-10Merge branch 'hans/ssh/unknown_msgfun/OTP-12813'Hans Nilsson
* hans/ssh/unknown_msgfun/OTP-12813: ssh: Option unexpectedfun for ssh:daemon and ssh:connect
2015-06-10Merge branch 'hans/ssh/no_erlint_func/OTP-11697'Hans Nilsson
* hans/ssh/no_erlint_func/OTP-11697: ssh: Replace erlint/1 in ssh_message.erl and ssh_auth.erl
2015-06-09ssh: Option unexpectedfun for ssh:daemon and ssh:connectHans Nilsson
This option has a fun as value. The fun will be called when an unexpected message arrives. The fun returns either 'skip' or 'report' to guide the connection_handler what to do. One usage is to filter out messages that are not wanted in the error logger as info reports. An example of such a message is the 'etimedout' tcp error message that will be received if a connection has keep_alive and the peer is restarted.
2015-06-09ssh: change pwd->password for keyboard-interactiveHans Nilsson
2015-06-09ssh save keybard-interactive data in #ssh{}Hans Nilsson
2015-06-09ssh: make server check auth_methods when rec requestHans Nilsson
2015-06-09ssh: Replace erlint/1 in ssh_message.erl and ssh_auth.erlHans
In the old times there was no binary notation which handled this particulary case, but now we can write big-signed-integer-unit:8 directly in binaries. The undocumented internal function ssh_bits:erlint/1 is removed.
2015-06-08Merge branch 'ia/ssh/name-spaces/OTP-12675'Ingela Anderton Andin
* ia/ssh/name-spaces/OTP-12675: ssh: Correct Makefile ssh: Add profile option
2015-06-05Merge branch 'hans/ssh/check_dirs/OTP-12788'Hans Nilsson
* hans/ssh/check_dirs/OTP-12788: ssh: Check that user_dir and system_dir exists and are readable
2015-06-05ssh: Check that user_dir and system_dir exists and are readableHans
2015-06-04ssh: make disconnectfun work for both server&clientHans
2015-06-03ssh: Correct MakefileIngela Anderton Andin
The ssh application does not have any external include files
2015-06-03ssh: Add profile optionIngela Anderton Andin
To enable the ssh daemon to run in a virtualized environment, where there can be more that one server that has the same ip-address and port, we add a new option profile. The profile name will be used in concatenation with ip-address and port to identify the ssh daemon instance. The name profile was chosen as there is a similar concept in the HTTP client in inets where profile names can be used to instantiate client configurations. Also the same type of option has been added to the HTTP server in inets.
2015-06-02correct merge conflictHenrik Nord
2015-06-02Merge branch 'maint'Henrik Nord
Conflicts: OTP_VERSION lib/inets/test/httpd_SUITE.erl lib/inets/vsn.mk lib/ssh/src/ssh.erl lib/ssh/vsn.mk lib/ssl/src/ssl.appup.src lib/ssl/vsn.mk
2015-06-01Merge branch 'hans/ssh/codenomicon_degradation/OTP-12784' into maint-17Erlang/OTP
* hans/ssh/codenomicon_degradation/OTP-12784: ssh: update ssh version ssh: Plain text message returned for invalid version exchange ssh: Implement keyboard_interactive on server side ssh: Check e and f parameters in kexdh ssh: Set max num algoritms in msg_kexinit negotiation
2015-05-29ssh: Plain text message returned for invalid version exchangeHans
This is how OpenSSH does. The bytes returned will be put on the user's tty, so it is better with text than a ssh_msg_disconnect
2015-05-29ssh: Implement keyboard_interactive on server sideHans
2015-05-29ssh: Check e and f parameters in kexdhHans Nilsson
rfc 4253 says in section 8 that: "Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be sent or accepted by either side. If this condition is violated, the key exchange fails." This commit implements the reception check.
2015-05-29ssh: Set max num algoritms in msg_kexinit negotiationHans
This is to prevent some dos-attac scenarios. The limit is hard-coded.
2015-05-29ssh: handle that inet:getopts(Socket, [recbuf]) may return {ok, []}Ingela Anderton Andin
If something bad happens and the socket is closed the call inet:getopts(Socket, [recbuf]) may return {ok, []}. We want to treat this as a fatal error and terminate gracefully. The same goes for the case that inet:getopts returns {error, Reason} that was not handled either.
2015-05-26ssh: Undocumented option 'compression' replaced by 'preferred_algorithms'Hans Nilsson
The 'compression' option was used in the test cases. The new option 'preferred_algorithms' is much more powerful and can be used as a replacement.
2015-05-26ssh: New option 'preferred_algorithms'Hans Nilsson
This option enables the user to define which algorithms that are to be used as well as their precedences in the negotiation between server and client.
2015-05-26ssh: Remove erroneous option 'role'Hans Nilsson
This option is set internaly but there is no reason to set it when calling a function.
2015-05-21Fix protocol violations during rekeyingSimon Cornish
In RFC 4253, sections 7.1 & 9 describe rekeying with special attention to the protocol messages that may be received and may not be sent during rekeying. This patch fixes a number of problems during rekeying caused by data & requests received from the network, and/or data & requests sent by the user.
2015-05-21Fix rekeying according to RFC 4253Simon Cornish
When in the connected state, an received KEXINIT message MUST be responded to with KEXINIT. After that, the client may continue with KEXDH_INIT (or similar). See the first paragraph on RFC 4253 sec. 9.
2015-05-18Merge branch 'maint'Zandra Hird
Conflicts: OTP_VERSION lib/ssh/doc/src/ssh.xml lib/ssh/vsn.mk
2015-05-13ssh: option for handling the SSH_MSG_DEBUG message's printoutsHans Nilsson
A fun could be given in the options that will be called whenever the SSH_MSG_DEBUG message arrives. This enables the user to format the printout or just discard it. The default is changed to not print the message. In RFC4253 printing is a SHOULD, but our new default is to protect logs from dos attacs.
2015-05-12ssh: Fix typoIngela Anderton Andin
Option height was misspelled in the code. Fix code but recognize the mispellt option for backwards compatible reasons.
2015-05-08ssh: Check e and f parameters in kexdhHans Nilsson
rfc 4253 says in section 8 that: "Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be sent or accepted by either side. If this condition is violated, the key exchange fails." This commit implements the reception check.
2015-05-05Merge branch 'dotsimon/ssh_sftp_version_negotiation_timeout'Zandra Hird
OTP-12708
2015-04-30ssh: Fix bug causing rekeying once per minute after 1st Gbyte Thanks SimonHans Nilsson
The port stats are not accumulated so that once rekey_limit bytes (by default, 1GB) have been transmitted the connection will be rekeyed every minute, not after the next 1GB.
2015-04-23Fix ssh_sftp wait_for_version_negotiation timeoutSimon Cornish
This patch fixes a bug that causes an SFTP connection to always fail when {timeout, Timeout} option is used with ssh_sftp:start_channel. The bug is that the version negotiation timer is not cancelled upon reception of SSH_FXP_VERSION.
2015-04-23Merge branch 'maint'Zandra Hird
Conflicts: OTP_VERSION
2015-04-21ssh: added id_string option for server and clientHans Nilsson
For limiting Banner Grabbing attempts.
2015-04-15Merge branch 'ia/ssh/channel-gracefull-shutdown/OTP-12648'Ingela Anderton Andin
* ia/ssh/channel-gracefull-shutdown/OTP-12648: ssh: Shutdown sftp channel gracefully
2015-04-14ssh: Shutdown sftp channel gracefullyIngela Anderton Andin
If ssh_connection:subsystem/4 fails we do not want to crash but rather terminate gracefully.
2015-04-10Merge branch 'maint-17'Zandra Hird
Conflicts: OTP_VERSION
2015-04-07ssh: Reset upgrade instructions to defaultIngela Anderton Andin
2015-04-07ssh: Option minimal_remote_max_packet_size and test casesHans Nilsson
2015-04-07ssh: fix loop bug for zero maximum_packet_size.Hans Nilsson
A channel could be opened with the 'max packet size' set to 0. The behaviour is not defined in the ssh rfc:s, and openssh does not handle that case in some special way besides looping. The introduced solution just "keep quiet" but removes the eternal loop that caused Erlang to core dump.