Age | Commit message (Collapse) | Author |
|
* hans/ssh/check_dirs/OTP-12788:
ssh: Check that user_dir and system_dir exists and are readable
|
|
|
|
|
|
|
|
Conflicts:
OTP_VERSION
lib/inets/test/httpd_SUITE.erl
lib/inets/vsn.mk
lib/ssh/src/ssh.erl
lib/ssh/vsn.mk
lib/ssl/src/ssl.appup.src
lib/ssl/vsn.mk
|
|
|
|
* hans/ssh/codenomicon_degradation/OTP-12784:
ssh: update ssh version
ssh: Plain text message returned for invalid version exchange
ssh: Implement keyboard_interactive on server side
ssh: Check e and f parameters in kexdh
ssh: Set max num algoritms in msg_kexinit negotiation
|
|
|
|
This is how OpenSSH does. The bytes returned will be put on the
user's tty, so it is better with text than a ssh_msg_disconnect
|
|
|
|
rfc 4253 says in section 8 that:
"Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
sent or accepted by either side. If this condition is violated, the
key exchange fails."
This commit implements the reception check.
|
|
This is to prevent some dos-attac scenarios. The limit is hard-coded.
|
|
If something bad happens and the socket is closed the
call inet:getopts(Socket, [recbuf]) may return {ok, []}. We
want to treat this as a fatal error and terminate gracefully.
The same goes for the case that inet:getopts returns {error, Reason}
that was not handled either.
|
|
|
|
The 'compression' option was used in the test cases. The new option 'preferred_algorithms' is
much more powerful and can be used as a replacement.
|
|
This option enables the user to define which algorithms that
are to be used as well as their precedences in the negotiation
between server and client.
|
|
This option is set internaly but there is no reason to set it when calling a function.
|
|
|
|
In RFC 4253, sections 7.1 & 9 describe rekeying with
special attention to the protocol messages that may be
received and may not be sent during rekeying.
This patch fixes a number of problems during rekeying
caused by data & requests received from the network, and/or data & requests sent by the user.
|
|
When in the connected state, an received KEXINIT
message MUST be responded to with KEXINIT. After that,
the client may continue with KEXDH_INIT (or similar).
See the first paragraph on RFC 4253 sec. 9.
|
|
* ia/ssh/doc/types:
ssh: Align "=" sign in type declarations to decided policy
|
|
Conflicts:
OTP_VERSION
lib/ssh/doc/src/ssh.xml
lib/ssh/vsn.mk
|
|
|
|
A fun could be given in the options that will be called whenever
the SSH_MSG_DEBUG message arrives. This enables the user to
format the printout or just discard it.
The default is changed to not print the message. In RFC4253
printing is a SHOULD, but our new default is to protect logs
from dos attacs.
|
|
This reverts commit e09dd66dc4d89c62ddfd8c19791f9678d5d787c6.
|
|
|
|
|
|
The test cases
id_string_no_opt_client
id_string_own_string_client
id_string_random_client
didn't work on MS Windows. This commit adds {packet,line} to get the
whole version exchange line in one packet on all architectures. It
also adds timeouts to speed up failures in those test cases.
|
|
Option height was misspelled in the code. Fix code but recognize
the mispellt option for backwards compatible reasons.
|
|
rfc 4253 says in section 8 that:
"Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
sent or accepted by either side. If this condition is violated, the
key exchange fails."
This commit implements the reception check.
|
|
* ia/ssh/extra-logout:
ssh: Hadle shell that sends two logout messages
|
|
|
|
|
|
OTP-12708
|
|
|
|
|
|
|
|
|
|
* ia/ssh/test-openssh-cuddle:
ssh: Add openSSH interop check
|
|
The port stats are not accumulated so that once rekey_limit bytes
(by default, 1GB) have been transmitted the connection will be
rekeyed every minute, not after the next 1GB.
|
|
|
|
* hans/ssh/improve_docs:
ssh: broken doc links to file functions fixed
|
|
|
|
|
|
* ia/ssh/improve_docs:
ssh: Move code example to Users Guide
ssh: Keep dependency info in only one place
ssh: Add links
ssh: Align to alphabetic order
ssh: Change wording to become accurate
ssh: Remove extra whitespace
ssh: Corrected information about error and event logging
ssh: Remove legacy statement
ssh: Technically correct description
Editorial updates
|
|
This patch fixes a bug that causes an SFTP connection to always fail
when {timeout, Timeout} option is used with
ssh_sftp:start_channel. The bug is that the version negotiation timer
is not cancelled upon reception of SSH_FXP_VERSION.
|
|
|
|
Some examples had encountered the space eater.
|
|
|
|
|