Age | Commit message (Collapse) | Author |
|
* ia/ssh/name-spaces/OTP-12675:
ssh: Correct Makefile
ssh: Add profile option
|
|
* hans/ssh/cuddle_tests:
ssh: Change to ct:sleep in ssh_basic_SUITE
ssh: add empty password to the probing ssh_test_lib:openssh_sanity_check/1
ssh: Replace ct:sleep with timer:sleep for long sleeps
ssh: timeout fixes in ssh_basic_SUITE
|
|
* hans/ssh/check_dirs/OTP-12788:
ssh: Check that user_dir and system_dir exists and are readable
|
|
|
|
|
|
This is to give a quick end if the test is run a maskin where it can't log in to the OpenSSH server.
|
|
On two of our test machines, ct:sleep was scaled to a ridicously long time (10 x). This made the key renegotiation to trigger wich the test case was designed not to tolerate.
By reducing the sleep time to the intended order of magnitude, hopfully the test cases will work.
|
|
The testcases
ssh_connect_negtimeout_parallel
ssh_connect_negtimeout_sequential
max_sessions_sftp_start_channel_sequential
max_sessions_sftp_start_channel_parallel
max_sessions_ssh_connect_sequential
max_sessions_ssh_connect_parallel
sometimes failed on certain machines. Tried to increase timeouts and added a sleep. (Not exactly the best way of doing real time programming....)
|
|
|
|
The ssh application does not have any external include files
|
|
To enable the ssh daemon to run in a virtualized environment, where
there can be more that one server that has the same ip-address
and port, we add a new option profile. The profile name will be
used in concatenation with ip-address and port to identify the
ssh daemon instance.
The name profile was chosen as there is a similar concept in the HTTP client
in inets where profile names can be used to instantiate client configurations.
Also the same type of option has been added to the HTTP server in inets.
|
|
|
|
Conflicts:
OTP_VERSION
lib/inets/test/httpd_SUITE.erl
lib/inets/vsn.mk
lib/ssh/src/ssh.erl
lib/ssh/vsn.mk
lib/ssl/src/ssl.appup.src
lib/ssl/vsn.mk
|
|
|
|
* hans/ssh/codenomicon_degradation/OTP-12784:
ssh: update ssh version
ssh: Plain text message returned for invalid version exchange
ssh: Implement keyboard_interactive on server side
ssh: Check e and f parameters in kexdh
ssh: Set max num algoritms in msg_kexinit negotiation
|
|
|
|
This is how OpenSSH does. The bytes returned will be put on the
user's tty, so it is better with text than a ssh_msg_disconnect
|
|
|
|
rfc 4253 says in section 8 that:
"Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
sent or accepted by either side. If this condition is violated, the
key exchange fails."
This commit implements the reception check.
|
|
This is to prevent some dos-attac scenarios. The limit is hard-coded.
|
|
If something bad happens and the socket is closed the
call inet:getopts(Socket, [recbuf]) may return {ok, []}. We
want to treat this as a fatal error and terminate gracefully.
The same goes for the case that inet:getopts returns {error, Reason}
that was not handled either.
|
|
|
|
The 'compression' option was used in the test cases. The new option 'preferred_algorithms' is
much more powerful and can be used as a replacement.
|
|
This option enables the user to define which algorithms that
are to be used as well as their precedences in the negotiation
between server and client.
|
|
This option is set internaly but there is no reason to set it when calling a function.
|
|
|
|
In RFC 4253, sections 7.1 & 9 describe rekeying with
special attention to the protocol messages that may be
received and may not be sent during rekeying.
This patch fixes a number of problems during rekeying
caused by data & requests received from the network, and/or data & requests sent by the user.
|
|
When in the connected state, an received KEXINIT
message MUST be responded to with KEXINIT. After that,
the client may continue with KEXDH_INIT (or similar).
See the first paragraph on RFC 4253 sec. 9.
|
|
* ia/ssh/doc/types:
ssh: Align "=" sign in type declarations to decided policy
|
|
Conflicts:
OTP_VERSION
lib/ssh/doc/src/ssh.xml
lib/ssh/vsn.mk
|
|
|
|
A fun could be given in the options that will be called whenever
the SSH_MSG_DEBUG message arrives. This enables the user to
format the printout or just discard it.
The default is changed to not print the message. In RFC4253
printing is a SHOULD, but our new default is to protect logs
from dos attacs.
|
|
This reverts commit e09dd66dc4d89c62ddfd8c19791f9678d5d787c6.
|
|
|
|
|
|
The test cases
id_string_no_opt_client
id_string_own_string_client
id_string_random_client
didn't work on MS Windows. This commit adds {packet,line} to get the
whole version exchange line in one packet on all architectures. It
also adds timeouts to speed up failures in those test cases.
|
|
Option height was misspelled in the code. Fix code but recognize
the mispellt option for backwards compatible reasons.
|
|
rfc 4253 says in section 8 that:
"Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
sent or accepted by either side. If this condition is violated, the
key exchange fails."
This commit implements the reception check.
|
|
* ia/ssh/extra-logout:
ssh: Hadle shell that sends two logout messages
|
|
|
|
|
|
OTP-12708
|
|
|
|
|
|
|
|
|
|
* ia/ssh/test-openssh-cuddle:
ssh: Add openSSH interop check
|
|
The port stats are not accumulated so that once rekey_limit bytes
(by default, 1GB) have been transmitted the connection will be
rekeyed every minute, not after the next 1GB.
|
|
|
|
* hans/ssh/improve_docs:
ssh: broken doc links to file functions fixed
|