From 1122ef871c2439e07614f9d6060f1f56f460907a Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Wed, 22 Jun 2016 14:15:24 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 5f2cd19cda..00a8bceb4a 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,22 @@ notes.xml +
Ssh 4.2.2.1 + +
Fixed Bugs and Malfunctions + + +

+ SSH client does not any longer retry a bad password given + as option to ssh:connect et al.

+

+ Own Id: OTP-13674 Aux Id: TR-HU92273

+ + +
+ +
+
Ssh 4.2.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 9517c37a8c2319be620d304db0d5b11d398057be Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Wed, 29 Jun 2016 17:43:27 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index fd15c334a3..ef6ee79654 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,30 @@ notes.xml +
Ssh 4.3.1 + +
Fixed Bugs and Malfunctions + + +

+ SSH client does not any longer retry a bad password given + as option to ssh:connect et al.

+

+ Own Id: OTP-13674 Aux Id: TR-HU92273

+ + +

+ Removed possible hanging risk for a certain timing + sequence when communicating client and server executes on + the same node.

+

+ Own Id: OTP-13715

+ + +
+ +
+
Ssh 4.3
Improvements and New Features -- cgit v1.2.3 From ad6e765bcd4f35a282ef00e38ed9129f3a5c1d83 Mon Sep 17 00:00:00 2001 From: Hans Bolinder Date: Thu, 1 Sep 2016 14:32:27 +0200 Subject: doc: Correct errors introduced by Editorial changes Fix some older errors as well. --- lib/ssh/doc/src/ssh.xml | 6 +++--- lib/ssh/doc/src/ssh_app.xml | 4 ++-- lib/ssh/doc/src/ssh_channel.xml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index e6c54d27bf..ef9f7cbd9b 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -4,7 +4,7 @@
- 20042015 + 20042016 Ericsson AB. All Rights Reserved. @@ -756,7 +756,7 @@

Utility function that starts the applications crypto, public_key, and ssh. Default type is temporary. For more information, see the application(3) - manual page in kernel.

+ manual page in Kernel.

@@ -769,7 +769,7 @@

Stops the ssh application. For more information, see the application(3) - manual page in kernel.

+ manual page in Kernel.

 diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index f6ce44c015..5cc4c24889 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -4,7 +4,7 @@
- 20122015 + 20122016 Ericsson AB. All Rights Reserved. @@ -203,7 +203,7 @@
Unicode support

Unicode filenames are supported if the emulator and the underlaying OS support it. See section DESCRIPTION in the - file manual page in kernel for information about this subject. + file manual page in Kernel for information about this subject.

The shell and the cli both support unicode.

diff --git a/lib/ssh/doc/src/ssh_channel.xml b/lib/ssh/doc/src/ssh_channel.xml index 907b0b3bec..7b598494f7 100644 --- a/lib/ssh/doc/src/ssh_channel.xml +++ b/lib/ssh/doc/src/ssh_channel.xml @@ -139,7 +139,7 @@ enters the ssh_channel process receive loop and become an ssh_channel process. The process must have been started using one of the start functions in proc_lib, see the proc_lib(3) manual page in stdlib. + marker="stdlib:proc_lib">proc_lib(3) manual page in STDLIB. The user is responsible for any initialization of the process and must call ssh_channel:init/1.

-- cgit v1.2.3 From 37e14c395a0d3621d65552b3954856d1cbeaed9a Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 20 Sep 2016 09:36:54 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 62 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index f9d11b2a60..b990c18e9a 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,68 @@ notes.xml
+
Ssh 4.3.2 + +
Fixed Bugs and Malfunctions + + +

+ Upgrade of an established client connection could crash + because the ssh client supervisors children had wrong + type. This is fixed now.

+

+ Own Id: OTP-13782 Aux Id: seq13158

+ + +

+ Partly checks the public key early in public key + authorization

+

+ Own Id: OTP-13847 Aux Id: + defensics-ssh3.1.0-190243,205277,219318

+ + +

+ Corrected handling of SHA for ECDSA (Elliptic curve + public keys)

+

+ Own Id: OTP-13850 Aux Id: defensics-ssh3.1.0-214168

+ + +

+ Problems found by test suites as well as by + Codenomicon/Defensics fixed: - reduce max random padding + to 15 bytes (Codenomicon/Defensics) - inclomplete pdu + handling (Codenomicon/Defensics) - badmatch in test suite + - non-blocking send fixes deadlock in + ssh_connection_SUITE:interrupted_send

+

+ Own Id: OTP-13854

+ + +

+ Caller is now notified when a tcp close is received.

+

+ Own Id: OTP-13859 Aux Id: seq13177

+ + +
+ + +
Improvements and New Features + + +

+ Use application:ensure_all_started/2 instead of + hard-coding deps

+

+ Own Id: OTP-13843 Aux Id: PR-1147

+ + +
+ +
+
Ssh 4.3.1
Fixed Bugs and Malfunctions -- cgit v1.2.3 From b886c19c55165007d68e26147e756310bac5ae70 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Thu, 6 Oct 2016 11:29:55 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index b990c18e9a..a4897668e4 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,24 @@ notes.xml
+
Ssh 4.3.3 + +
Fixed Bugs and Malfunctions + + +

+ Handle all possible exit values that should be + interpreted as {error, closed}. Failing to do so could + lead to unexpected crashes for users of the ssh + application.

+

+ Own Id: OTP-13932 Aux Id: seq13189

+ + +
+ +
+
Ssh 4.3.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 42a2e7530d3c7eafcf0ed9afb12d2dde7b116bda Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 10 Oct 2016 14:10:04 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index a4897668e4..f6ad8d8dea 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,22 @@ notes.xml +
Ssh 4.3.4 + +
Fixed Bugs and Malfunctions + + +

+ Intermittent ssh ERROR REPORT mentioning + nonblocking_sender

+

+ Own Id: OTP-13953 Aux Id: seq13199

+ + +
+ +
+
Ssh 4.3.3
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 646148180690881b0b8148705a15764a39538924 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Thu, 13 Oct 2016 16:17:10 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index f6ad8d8dea..773a472818 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,23 @@ notes.xml +
Ssh 4.3.5 + +
Fixed Bugs and Malfunctions + + +

+ If a client illegaly sends an info-line and then + immediatly closes the TCP-connection, a badmatch + exception was raised.

+

+ Own Id: OTP-13966

+ + +
+ +
+
Ssh 4.3.4
Fixed Bugs and Malfunctions -- cgit v1.2.3 From ea5e385f9e20e29e34fdc12480e8fd00241d9093 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 17 Oct 2016 14:20:07 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 773a472818..f5a67bc00e 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,21 @@ notes.xml +
Ssh 4.3.6 + +
Fixed Bugs and Malfunctions + + +

+ Re-negotiation problems with OpenSSH client solved.

+

+ Own Id: OTP-13972

+ + +
+ +
+
Ssh 4.3.5
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 8215ea28fa2f699499b64d6f2c712e068b199390 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 11 Nov 2016 16:59:08 +0100 Subject: ssh: Add fun and fingerprint to option 'silently_accept_host' --- lib/ssh/doc/src/ssh.xml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index ef9f7cbd9b..6b49f89449 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -175,11 +175,21 @@ supplied with this option.

- + +
+ boolean()]]> +

When true, hosts are added to the file without asking the user. - Defaults to false. + Defaults to false which will give a user question on stdio of whether to accept or reject a previously + unseen host.

+

If the option value is has an accept_fun(), that fun will called with the arguments + (PeerName, PeerHostKeyFingerPrint). The fingerprint is calculated on the Peer's Host Key with + public_key:ssh_hostkey_fingerprint/1. +

+

If the crypto:digest_type() is present, the fingerprint is calculated with that digest type by the function + public_key:ssh_hostkey_fingerprint/2.

-- cgit v1.2.3 From e4a22216787f652ecf9044f89dfbbfedd3ddb317 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 14 Nov 2016 15:08:35 +0100 Subject: ssh: Removed irrelevant rfc reference in doc The rfc 4255 is about fingerprints, but only in the context of dns. Since this is out-of-scope for the Erlang/OTP ssh, the reference is missleading. --- lib/ssh/doc/src/introduction.xml | 2 -- lib/ssh/doc/src/ssh_protocol.xml | 2 -- 2 files changed, 4 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/introduction.xml b/lib/ssh/doc/src/introduction.xml index ca84528f3d..b7a73e2597 100644 --- a/lib/ssh/doc/src/introduction.xml +++ b/lib/ssh/doc/src/introduction.xml @@ -195,8 +195,6 @@ Transport Layer Protocol RFC 4254 - Connection Protocol - RFC 4255 - - Key Fingerprints RFC 4344 - Transport Layer Encryption Modes RFC 4716 - diff --git a/lib/ssh/doc/src/ssh_protocol.xml b/lib/ssh/doc/src/ssh_protocol.xml index 7288266cf7..013823b4df 100644 --- a/lib/ssh/doc/src/ssh_protocol.xml +++ b/lib/ssh/doc/src/ssh_protocol.xml @@ -138,8 +138,6 @@ Transport Layer Protocol. RFC 4254 - Connection Protocol. - RFC 4255 - - Key Fingerprints. RFC 4344 - Transport Layer Encryption Modes. RFC 4716 - -- cgit v1.2.3 From 3eddb0f762de248d3230b38bc9d478bfbc8e7331 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Wed, 7 Dec 2016 13:15:31 +0100 Subject: Update copyright-year --- lib/ssh/doc/src/ssh_protocol.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh_protocol.xml b/lib/ssh/doc/src/ssh_protocol.xml index 013823b4df..a0032ab449 100644 --- a/lib/ssh/doc/src/ssh_protocol.xml +++ b/lib/ssh/doc/src/ssh_protocol.xml @@ -4,7 +4,7 @@
- 20132013 + 20132016 Ericsson AB. All Rights Reserved. -- cgit v1.2.3 From fc0427be6d482182ec70f3cd87c73027cfb17ea9 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Fri, 9 Dec 2016 11:45:22 +0100 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index f5a67bc00e..1837350284 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,50 @@ notes.xml
+
Ssh 4.4 + +
Fixed Bugs and Malfunctions + + +

+ A file read with an sftp client could loose data if the + packet_size is set to larger than 64k. This is corrected + now in such a way that the packet_size is silently + lowered if there is a risk for data loss.

+

+ Own Id: OTP-13857 Aux Id: ERL-238, OTP-13858

+ + +

+ When user defined SSH shell REPL process exits with + reason normal, the SSH channel callback module should + report successful exit status to the SSH client. This + provides simple way for SSH clients to check for + successful completion of executed commands. (Thanks to + isvilen)

+

+ Own Id: OTP-13905 Aux Id: PR-1173

+ + +
+ + +
Improvements and New Features + + +

+ Extended the option silently_accept_hosts for + ssh:connect to make it possible for the client to + check the SSH host key fingerprint string. Se the + reference manual for SSH.

+

+ Own Id: OTP-13887 Aux Id: OTP-13888

+ + +
+ +
+
Ssh 4.3.6
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 2e25e7890af04d9001fa777d848ebce6d059edf2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 2 Feb 2017 16:52:37 +0100 Subject: ssh: document new and retired algorithms --- lib/ssh/doc/src/ssh_app.xml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 5cc4c24889..5f710decc1 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -146,7 +146,10 @@ diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha1 - diffie-hellman-group1-sha1 + diffie-hellman-group14-sha256 + diffie-hellman-group16-sha512 + diffie-hellman-group18-sha512 + (diffie-hellman-group1-sha1, retired: can be enabled with the preferred_algorithms option) @@ -157,7 +160,7 @@ ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa - ssh-dss + (ssh-dss, retired: can be enabled with the preferred_algorithms option) @@ -306,6 +309,8 @@

Comment: Defines hmac-sha2-256 and hmac-sha2-512

+ + Work in progress: https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-05, Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) -- cgit v1.2.3 From 9f23065062eb724e58f39a65e416e5b0e1e9d95d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 10 Feb 2017 14:37:41 +0100 Subject: ssh: allow a list of fingerprint algos in silently_accept_hosts option --- lib/ssh/doc/src/ssh.xml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 6b49f89449..1a6bac8355 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -175,9 +175,11 @@ supplied with this option.

- +
- boolean()]]> + +
+ boolean()]]>

When true, hosts are added to the @@ -188,8 +190,13 @@ (PeerName, PeerHostKeyFingerPrint). The fingerprint is calculated on the Peer's Host Key with public_key:ssh_hostkey_fingerprint/1.

-

If the crypto:digest_type() is present, the fingerprint is calculated with that digest type by the function +

If the HashAlgoSpec is present and is an crypto:digest_type(), the fingerprint is calculated + with that digest type by the function public_key:ssh_hostkey_fingerprint/2. +

+

If the HashAlgoSpec is present and is a list of crypto:digest_type(), the fingerprint is calulated for + each digest_type and PeerHostKeyFingerPrint is the list of the results in order corresponding to the + HashAlgoSpec.

-- cgit v1.2.3 From 82a5b5f3b8824ab7c1da403c3a40bcf0fc98c690 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 15 Feb 2017 13:26:18 +0100 Subject: ssh: reword documentation --- lib/ssh/doc/src/ssh.xml | 61 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 21 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 1a6bac8355..e42f16ebd0 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -153,7 +153,7 @@

IP version to use.

 - +

Sets the user directory, that is, the directory containing ssh configuration files for the user, such as @@ -175,29 +175,48 @@ supplied with this option.

- -
- -
- boolean()]]> + +
+
+
+
+
+ boolean()]]>
+
+ -

When true, hosts are added to the - file without asking the user. - Defaults to false which will give a user question on stdio of whether to accept or reject a previously - unseen host.

-

If the option value is has an accept_fun(), that fun will called with the arguments - (PeerName, PeerHostKeyFingerPrint). The fingerprint is calculated on the Peer's Host Key with - public_key:ssh_hostkey_fingerprint/1. -

-

If the HashAlgoSpec is present and is an crypto:digest_type(), the fingerprint is calculated - with that digest type by the function - public_key:ssh_hostkey_fingerprint/2. +

This option guides the connect function how to act when the connected server presents a Host + Key that the client has not seen before. The default is to ask the user with a question on stdio of whether to + accept or reject the new Host Key. + See also the option user_dir + for the path to the file known_hosts where previously accepted Host Keys are recorded.

-

If the HashAlgoSpec is present and is a list of crypto:digest_type(), the fingerprint is calulated for - each digest_type and PeerHostKeyFingerPrint is the list of the results in order corresponding to the - HashAlgoSpec. -

+

The option can be given in three different forms as seen above:

+ + The value is a boolean(). The value true will make the client accept any unknown + Host Key without any user interaction. The value false keeps the default behaviour of asking the + the user on stdio. + + A CallbackFun will be called and the boolean return value true will make the client + accept the Host Key. A reurn value of false will make the client to reject the Host Key and therefore + also the connection will be closed. The arguments to the fun are: + + PeerName - a string with the name or address of the remote host. + FingerPrint - the fingerprint of the Host Key as + public_key:ssh_hostkey_fingerprint/1 + calculates it. + + + + A tuple {HashAlgoSpec, CallbackFun}. The HashAlgoSpec specifies which hash algorithm + shall be used to calculate the fingerprint used in the call of the CallbackFun. The HashALgoSpec + is either an atom or a list of atoms as the first argument in + public_key:ssh_hostkey_fingerprint/2. + If it is a list of hash algorithm names, the FingerPrint argument in the CallbackFun will be + a list of fingerprints in the same order as the corresponding name in the HashAlgoSpec list. + + -- cgit v1.2.3 From 2869472d38814d8ab5f034e383c7aa063aab4618 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 15 Feb 2017 13:29:32 +0100 Subject: ssh: speling error --- lib/ssh/doc/src/ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index e42f16ebd0..20508a73a6 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -226,7 +226,7 @@ supplying a password. Defaults to true. Even if user interaction is allowed it can be suppressed by other options, such as silently_accept_hosts - and password. However, those optins are not always desirable + and password. However, those options are not always desirable to use from a security point of view.

 -- cgit v1.2.3 From 5fa9ae3f7cce55047061b94f35940d6eaf94d9ee Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 15 Feb 2017 13:34:16 +0100 Subject: ssh: speling error --- lib/ssh/doc/src/ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 20508a73a6..f6e26f5ee8 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -199,7 +199,7 @@ the user on stdio. A CallbackFun will be called and the boolean return value true will make the client - accept the Host Key. A reurn value of false will make the client to reject the Host Key and therefore + accept the Host Key. A return value of false will make the client to reject the Host Key and therefore also the connection will be closed. The arguments to the fun are: PeerName - a string with the name or address of the remote host. -- cgit v1.2.3 From 73e380177532af093edf3b27926967fefc9dcb0b Mon Sep 17 00:00:00 2001 From: Malcolm Date: Sun, 26 Feb 2017 20:37:18 +0000 Subject: Documentation: use behaviour(ssh_daemon_channel) In the SSH User's Guide, section 2.8 'Creating a Subsystem' uses behaviour(ssh_subsystem) but should use behaviour(ssh_daemon_channel). The renaming was updated in the Reference Manual but never reflected in the User's Guide. --- lib/ssh/doc/src/using_ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 0861c641c7..864378b640 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -305,7 +305,7 @@ ok = erl_tar:close(HandleRead), -module(ssh_echo_server). --behaviour(ssh_subsystem). +-behaviour(ssh_daemon_channel). -record(state, { n, id, -- cgit v1.2.3 From 5d560441709eb1faa6a223b237da65f1d70da6d2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 8 Mar 2017 18:34:43 +0100 Subject: ssh: documents ssh:daemon_info/1 --- lib/ssh/doc/src/ssh.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index f6e26f5ee8..1f07e826ce 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -726,9 +726,10 @@ - daemon_info(Daemon) -> {ok, [{port,Port}]} | {error,Error} + daemon_info(Daemon) -> {ok, [DaemonInfo]} | {error,Error} Get info about a daemon + DaemonInfo = {port,Port::pos_integer()} | {listen_address, any|ip_address()} | {profile,atom()} Port = integer() Error = bad_daemon_ref -- cgit v1.2.3 From 26c3cd82529836cb5b6eefbf7f92f318fd91f847 Mon Sep 17 00:00:00 2001 From: Rickard Green Date: Fri, 10 Mar 2017 15:00:46 +0100 Subject: Update copyright year --- lib/ssh/doc/src/ssh.xml | 2 +- lib/ssh/doc/src/using_ssh.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index f6e26f5ee8..604b9f5bbb 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -4,7 +4,7 @@
- 20042016 + 20042017 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 864378b640..ab307624e6 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -5,7 +5,7 @@
2012 - 2016 + 2017 Ericsson AB. All Rights Reserved. -- cgit v1.2.3 From 4d658008be5a08ddadbe75ebadb9ef124436b76e Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 14 Mar 2017 15:59:23 +0100 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 80 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 1837350284..02a39f030c 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,86 @@ notes.xml
+
Ssh 4.4.1 + +
Fixed Bugs and Malfunctions + + +

+ Fix bug when opening connections. If the tcp setup + failed, that would in some cases not result in an error + return value.

+

+ Own Id: OTP-14108

+ + +

+ Reduce information leakage in case of decryption errors.

+

+ Own Id: OTP-14109

+ + +

+ The key exchange algorithm + diffie-hellman-group-exchange-sha* has a server-option + {dh_gex_limits,{Min,Max}}. There was a hostkey + signature validation error on the client side if the + option was used and the Min or the Max + differed from the corresponding values obtained from the + client.

+

+ This bug is now corrected.

+

+ Own Id: OTP-14166

+ + +

+ The sftpd server now correctly uses root_dir and + cwd when resolving file paths if both are + provided. The cwd handling is also corrected.

+

+ Thanks to kape1395!

+

+ Own Id: OTP-14225 Aux Id: PR-1331, PR-1335

+ + +

+ Ssh_cli used a function that does not handle non-utf8 + unicode correctly.

+

+ Own Id: OTP-14230 Aux Id: ERL-364

+ + +
+ + +
Improvements and New Features + + +

+ The implementation of the key exchange algorithms + diffie-hellman-group-exchange-sha* are optimized, up to a + factor of 11 for the slowest ( = biggest and safest) + group size.

+

+ Own Id: OTP-14169 Aux Id: seq-13261

+ + +

+ The ssh host key fingerprint generation now also takes a + list of algorithms and returns a list of corresponding + fingerprints. See + public_key:ssh_hostkey_fingerprint/2 and the + option silently_accept_hosts in + ssh:connect.

+

+ Own Id: OTP-14223

+ + +
+ +
+
Ssh 4.4
Fixed Bugs and Malfunctions -- cgit v1.2.3 From eeac5af66b94596ba9a6c765c5f30383f7ed117a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 17 Mar 2017 13:23:59 +0100 Subject: ssh: remove from doc --- lib/ssh/doc/src/ssh.xml | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 1f07e826ce..968983c862 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -243,21 +243,6 @@

Peer is in the format of {Host,Port}.

- - - -

This option will be removed in OTP 20, but is kept for compatibility. It is ignored if - the preferred pref_public_key_algs option is used.

- -

Sets the preferred public key algorithm to use for user - authentication. If the preferred algorithm fails, - the other algorithm is tried. If {public_key_alg, 'ssh-rsa'} is set, it is translated - to {pref_public_key_algs, ['ssh-rsa','ssh-dss']}. If it is - {public_key_alg, 'ssh-dss'}, it is translated - to {pref_public_key_algs, ['ssh-dss','ssh-rsa']}. -

- -

List of user (client) public key algorithms to try to use.

-- cgit v1.2.3 From 19427107ca9305a931dcaea8c2134017aa385fbd Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Fri, 31 Mar 2017 12:59:07 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 02a39f030c..c8c6e61cc8 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,22 @@ notes.xml
+
Ssh 4.4.2 + +
Fixed Bugs and Malfunctions + + +

+ ssh:daemon_info/1 crashed if the listening IP was not + 'any'

+

+ Own Id: OTP-14298 Aux Id: seq13294

+ + +
+ +
+
Ssh 4.4.1
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 31e9b9c4d3ace33b03eec13d2d0ed22de7a865ab Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 30 Mar 2017 17:17:16 +0200 Subject: ssh: idle_timer on daemon - documentation --- lib/ssh/doc/src/ssh.xml | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 968983c862..88d402cf38 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -699,6 +699,12 @@

Peer is in the format of {Host,Port}.

+ + +

Sets a time-out on a connection when no channels are active. + Defaults to infinity.

+ + _}]]>

Provide a fun to implement your own logging of the SSH message SSH_MSG_DEBUG. The last three parameters are from the message, see RFC4253, section 11.3. The ConnectionRef is the reference to the connection on which the message arrived. The return value from the fun is not checked.

-- cgit v1.2.3 From 57c1794af74ce0155d8282c4e9d0e47a5b0fb5e3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 4 Apr 2017 19:30:18 +0200 Subject: ssh: DSA was not retired It was erroneously stated in 2e25e7890af04d9001fa777d848ebce6d059edf2 that it was retired --- lib/ssh/doc/src/ssh_app.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 5f710decc1..f07c335d3f 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -160,7 +160,7 @@ ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa - (ssh-dss, retired: can be enabled with the preferred_algorithms option) + ssh-dss -- cgit v1.2.3 From 5bc3907ae599d57af0d6b58278c8708b620f3108 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 4 Apr 2017 19:31:11 +0200 Subject: ssh: ECDSA host keys *are* supported --- lib/ssh/doc/src/ssh_app.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index f07c335d3f..515b0639d5 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -109,7 +109,7 @@
Host Keys -

RSA and DSA host keys are supported and are +

RSA, DSA and ECDSA host keys are supported and are expected to be found in files named ssh_host_rsa_key, ssh_host_dsa_key and ssh_host_ecdsa_key.

-- cgit v1.2.3 From 7ad21ca66f5a46be231fffe884ac2c3b5d97c7ae Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 4 Apr 2017 19:53:05 +0200 Subject: ssh: document what happens when ssh:daemon sets both HostAddr and ip option The idea is that the HostAddress argument takes precedence over an ip-option. However, an ip-option overrides the 'any' HostAddr. This fixes the case of dameon(Port, [{ip,IP}..] in a non-surprising way. --- lib/ssh/doc/src/ssh.xml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 88d402cf38..48c9aa18e9 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -379,7 +379,7 @@ on the given port. Port = integer() - HostAddress = ip_address() | any + HostAddress = ip_address() | any | loopback Options = [{Option, Value}] Option = atom() Value = term() @@ -390,6 +390,26 @@

Starts a server listening for SSH connections on the given port. If the Port is 0, a random free port is selected. See daemon_info/1 about how to find the selected port number.

+ +

Please note that by historical reasons both the HostAddress argument and the inet socket option + ip set the listening address. This is a source of possible inconsistent settings.

+ +

The rules for handling the two address passing options are:

+ + if HostAddress is an ip-address, that ip-address is the listening address. + An ip-option will be discarded if present. + + if HostAddress is loopback, the listening address + is loopback and an loopback address will be choosen by the underlying layers. + An ip-option will be discarded if present. + + if HostAddress is any and no ip-option is present, the listening address is + any and the socket will listen to all addresses + + if HostAddress is any and an ip-option is present, the listening address is + set to the value of the ip-option + +

Options:

-- cgit v1.2.3 From b89f06569ee24011a8535c57d6a82e336afeb5bf Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 5 Apr 2017 15:45:18 +0200 Subject: ssh: Doc-changes to make clearer IP-address and 'ip'-option --- lib/ssh/doc/src/ssh.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 48c9aa18e9..368261968d 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -396,18 +396,18 @@

The rules for handling the two address passing options are:

- if HostAddress is an ip-address, that ip-address is the listening address. - An ip-option will be discarded if present. + if HostAddress is an IP-address, that IP-address is the listening address. + An 'ip'-option will be discarded if present. if HostAddress is loopback, the listening address is loopback and an loopback address will be choosen by the underlying layers. - An ip-option will be discarded if present. + An 'ip'-option will be discarded if present. - if HostAddress is any and no ip-option is present, the listening address is + if HostAddress is any and no 'ip'-option is present, the listening address is any and the socket will listen to all addresses - if HostAddress is any and an ip-option is present, the listening address is - set to the value of the ip-option + if HostAddress is any and an 'ip'-option is present, the listening address is + set to the value of the 'ip'-option

Options:

-- cgit v1.2.3 From 83e20c62057ebc1d8064bf57b01be560cd244e1d Mon Sep 17 00:00:00 2001 From: Raimo Niskanen Date: Thu, 4 May 2017 15:42:21 +0200 Subject: Update copyright year --- lib/ssh/doc/src/notes.xml | 2 +- lib/ssh/doc/src/ssh.xml | 2 +- lib/ssh/doc/src/ssh_app.xml | 2 +- lib/ssh/doc/src/using_ssh.xml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index c8c6e61cc8..bddae00dd2 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -4,7 +4,7 @@
- 20042016 + 20042017 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 368261968d..84b7cdd7a1 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -4,7 +4,7 @@
- 20042016 + 20042017 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 515b0639d5..74c4111338 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -4,7 +4,7 @@
- 20122016 + 20122017 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 864378b640..ab307624e6 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -5,7 +5,7 @@
2012 - 2016 + 2017 Ericsson AB. All Rights Reserved. -- cgit v1.2.3 From dc57404252c47520f352834ad9be45ad684f96c9 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Thu, 4 May 2017 17:05:25 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 117 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index bddae00dd2..ac31ab14a6 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,123 @@ notes.xml
+
Ssh 4.5 + +
Improvements and New Features + + +

+ The internal handling of SSH options is re-written.

+

+ Previously there were no checks if a client option was + given to a daemon or vice versa. This is corrected now. + If your code has e.g. a client-only option in a call to + start a daemon, the call will fail.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-12872

+ + +

+ Modernization of diffie-hellman algorithms. Removed an + outdated weak algorithm and added stronger replacements + to keep interoperability with other ssh clients and + servers. The default ordering is also adjusted.

+

+ Retired: key-exchange diffie-hellman-group1-sha1. + It is not enabled by default, but can be enabled with the + option preferred-algorithms.

+

+ Added: key-exchange diffie-hellman-group16-sha512, + diffie-hellman-group18-sha512 and + diffie-hellman-group14-sha256.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14110

+ + +

+ Modernized internal representation of sftp by use of + maps.

+

+ Own Id: OTP-14117

+ + +

+ The draft-ietf-curdle-ssh-ext-info-05 and + draft-ietf-curdle-rsa-sha2-05 are (partially) + implemented.

+

+ The extension server-sig-algs and the signature + algorithms rsa-sha2-256 and rsa-sha2-512 + are implemented. The rsa-sha2-* are not enabled by + default yet since they has a bug. Use option + preferred_algorithms with key public key to try them.

+

+ Own Id: OTP-14193

+ + +

+ Ssh:connect, ssh:shell and ssh:start_channel now accept + an IP-tuple as Host destination argument.

+

+ Own Id: OTP-14243

+ + +

+ The function ssh:daemon_info/1 now returns Host + and Profile as well as the Port info.

+

+ Own Id: OTP-14259

+ + +

+ Removed the option public_key_alg which was + deprecated in 18.2. Use pref_public_key_algs + instead.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14263

+ + +

+ The ssh application is refactored regarding daemon + starting. The resolution of contradicting Host + argument and ip option were not described. There + were also strange corner cases when the 'any' + value was used in Host argument or ip + option. This is (hopefully) resolved now, but it may + cause incompatibilities for code using both Host + and the ip option. The value 'loopback' has been + added for a correct way of naming those addresses.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14264

+ + +

+ The supervisor code is refactored. The naming of + listening IP-Port-Profile tripples are slightly changed + to improve consistency in strange corner cases as + resolved by OTP-14264

+

+ Own Id: OTP-14267 Aux Id: OTP-14266

+ + +

+ The idle_time option can now be used in daemons.

+

+ Own Id: OTP-14312

+ + +
+ +
+
Ssh 4.4.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From eace29905be436d77245656b2511c9a9c2c67c90 Mon Sep 17 00:00:00 2001 From: Raimo Niskanen Date: Fri, 5 May 2017 13:15:42 +0200 Subject: Revert "Prepare release" This reverts commit dc57404252c47520f352834ad9be45ad684f96c9. --- lib/ssh/doc/src/notes.xml | 117 ---------------------------------------------- 1 file changed, 117 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index ac31ab14a6..bddae00dd2 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,123 +30,6 @@ notes.xml
-
Ssh 4.5 - -
Improvements and New Features - - -

- The internal handling of SSH options is re-written.

-

- Previously there were no checks if a client option was - given to a daemon or vice versa. This is corrected now. - If your code has e.g. a client-only option in a call to - start a daemon, the call will fail.

-

- *** POTENTIAL INCOMPATIBILITY ***

-

- Own Id: OTP-12872

- - -

- Modernization of diffie-hellman algorithms. Removed an - outdated weak algorithm and added stronger replacements - to keep interoperability with other ssh clients and - servers. The default ordering is also adjusted.

-

- Retired: key-exchange diffie-hellman-group1-sha1. - It is not enabled by default, but can be enabled with the - option preferred-algorithms.

-

- Added: key-exchange diffie-hellman-group16-sha512, - diffie-hellman-group18-sha512 and - diffie-hellman-group14-sha256.

-

- *** POTENTIAL INCOMPATIBILITY ***

-

- Own Id: OTP-14110

- - -

- Modernized internal representation of sftp by use of - maps.

-

- Own Id: OTP-14117

- - -

- The draft-ietf-curdle-ssh-ext-info-05 and - draft-ietf-curdle-rsa-sha2-05 are (partially) - implemented.

-

- The extension server-sig-algs and the signature - algorithms rsa-sha2-256 and rsa-sha2-512 - are implemented. The rsa-sha2-* are not enabled by - default yet since they has a bug. Use option - preferred_algorithms with key public key to try them.

-

- Own Id: OTP-14193

- - -

- Ssh:connect, ssh:shell and ssh:start_channel now accept - an IP-tuple as Host destination argument.

-

- Own Id: OTP-14243

- - -

- The function ssh:daemon_info/1 now returns Host - and Profile as well as the Port info.

-

- Own Id: OTP-14259

- - -

- Removed the option public_key_alg which was - deprecated in 18.2. Use pref_public_key_algs - instead.

-

- *** POTENTIAL INCOMPATIBILITY ***

-

- Own Id: OTP-14263

- - -

- The ssh application is refactored regarding daemon - starting. The resolution of contradicting Host - argument and ip option were not described. There - were also strange corner cases when the 'any' - value was used in Host argument or ip - option. This is (hopefully) resolved now, but it may - cause incompatibilities for code using both Host - and the ip option. The value 'loopback' has been - added for a correct way of naming those addresses.

-

- *** POTENTIAL INCOMPATIBILITY ***

-

- Own Id: OTP-14264

- - -

- The supervisor code is refactored. The naming of - listening IP-Port-Profile tripples are slightly changed - to improve consistency in strange corner cases as - resolved by OTP-14264

-

- Own Id: OTP-14267 Aux Id: OTP-14266

- - -

- The idle_time option can now be used in daemons.

-

- Own Id: OTP-14312

- - -
- -
-
Ssh 4.4.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 6e9f9cbfc1f69735788651369bf6e288e23fbced Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 10 May 2017 12:39:02 +0200 Subject: ssh: Doc option 'auth_methods' for client --- lib/ssh/doc/src/ssh.xml | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 84b7cdd7a1..c659e093b9 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -293,6 +293,15 @@ connection. For gen_tcp the time is in milli-seconds and the default value is infinity.

+ + + +

Comma-separated string that determines which + authentication methods that the client shall support and + in which order they are tried. Defaults to +

+ +

Provides a username. If this option is not given, ssh @@ -300,6 +309,7 @@ on UNIX, on Windows).

 +

Provides a password for password authentication. @@ -307,6 +317,7 @@ password, if the password authentication method is attempted.

 +

Module implementing the behaviour +

If true, the client does not print anything on authorization.

@@ -466,6 +478,7 @@ authentication methods that the server is to support and in what order they are tried. Defaults to

+

Note that the client is free to use any order and to exclude methods.

 -- cgit v1.2.3 From f4cf6605e8ddf4accb553c155a77878031850128 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 5 May 2017 16:18:00 +0200 Subject: ssh: fix broken preferred_algorithms and pref_public_key_algs options --- lib/ssh/doc/src/ssh.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index c659e093b9..5c9ce3d5fb 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -246,10 +246,12 @@

List of user (client) public key algorithms to try to use.

-

The default value is - +

The default value is the public_key entry in + ssh:default_algorithms/0. +

+

If there is no public key of a specified type available, the corresponding entry is ignored. + Note that the available set is dependent on the underlying cryptolib and current user's public keys.

-

If there is no public key of a specified type available, the corresponding entry is ignored.

 -- cgit v1.2.3 From eaf8ca41dfa4850437ad270d3897399c9358ced0 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 30 May 2017 16:15:30 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 163 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 163 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index bddae00dd2..f6b6f53d33 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,169 @@ notes.xml
+
Ssh 4.5 + +
Improvements and New Features + + +

+ The internal handling of SSH options is re-written.

+

+ Previously there were no checks if a client option was + given to a daemon or vice versa. This is corrected now. + If your code has e.g. a client-only option in a call to + start a daemon, the call will fail.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-12872

+ + +

+ Modernization of key exchange algorithms. See + draft-ietf-curdle-ssh-kex-sha2 for a discussion.

+

+ Removed an outdated weak algorithm and added stronger + replacements to keep interoperability with other modern + ssh clients and servers. The default ordering of the + algorithms is also adjusted.

+

+ Retired: The nowadays unsecure key-exchange + diffie-hellman-group1-sha1 is not enabled by + default, but can be enabled with the option + preferred-algorithms.

+

+ Added: The new stronger key-exchange + diffie-hellman-group16-sha512, + diffie-hellman-group18-sha512 and + diffie-hellman-group14-sha256 are added and + enabled by default.

+

+ The questionable [RFC 6194] sha1-based algorithms + diffie-hellman-group-exchange-sha1 and + diffie-hellman-group14-sha1 are however still kept + enabled by default for compatibility with ancient clients + and servers that lack modern key-exchange alternatives. + When the draft-ietf-curdle-ssh-kex-sha2 becomes an rfc, + those sha1-based algorithms and + diffie-hellman-group1-sha1 will be deprecated by + IETF. They might then be removed from the default list in + Erlang/OTP.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14110

+ + +

+ Modernized internal representation of sftp by use of + maps.

+

+ Own Id: OTP-14117

+ + +

+ The Extension Negotiation Mechanism and the extension + server-sig-algs in + draft-ietf-curdle-ssh-ext-info-05 are implemented.

+

+ The related draft-ietf-curdle-rsa-sha2-05 is implemented + and introduces the signature algorithms + rsa-sha2-256 and rsa-sha2-512.

+

+ Own Id: OTP-14193

+ + +

+ The functions ssh:connect, ssh:shell and + ssh:start_channel now accept an IP-tuple as Host + destination argument.

+

+ Own Id: OTP-14243

+ + +

+ The function ssh:daemon_info/1 now returns Host + and Profile as well as the Port info in the property + list.

+

+ Own Id: OTP-14259

+ + +

+ Removed the option public_key_alg which was + deprecated in 18.2. Use pref_public_key_algs + instead.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14263

+ + +

+ The SSH application is refactored regarding daemon + starting. The resolution of contradicting Host + argument and ip option were not described. There + were also strange corner cases when the 'any' + value was used in Host argument or ip + option. This is (hopefully) resolved now, but it may + cause incompatibilities for code using both Host + and the ip option. The value 'loopback' has been + added for a correct way of naming those addresses.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14264

+ + +

+ The supervisor code is refactored. The naming of + listening IP-Port-Profile triples are slightly changed to + improve consistency in strange corner cases as resolved + by OTP-14264

+

+ Own Id: OTP-14267 Aux Id: OTP-14266

+ + +

+ The idle_time option can now be used in daemons.

+

+ Own Id: OTP-14312

+ + +

+ Added test cases for IETF-CURDLE Extension Negotiation + (ext-info)

+

+ Own Id: OTP-14361

+ + +

+ Testcases for IETF-CURDLE extension + server-sig-algs including rsa-sha2-*

+

+ Own Id: OTP-14362 Aux Id: OTP-14361

+ + +

+ The option auth_methods can now also be used in + clients to select which authentication options that are + used and in which order.

+

+ Own Id: OTP-14399

+ + +

+ Checks that a ECDSA public key (ecdsa-sha2-nistp*) + stored in a file has the correct size.

+

+ Own Id: OTP-14410

+ + +
+ +
+
Ssh 4.4.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 32275a2fc0b86d1f1b124706afc80f3ff92216eb Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 31 May 2017 16:21:00 +0200 Subject: Revert "Prepare release" This reverts commit eaf8ca41dfa4850437ad270d3897399c9358ced0. --- lib/ssh/doc/src/notes.xml | 163 ---------------------------------------------- 1 file changed, 163 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index f6b6f53d33..bddae00dd2 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,169 +30,6 @@ notes.xml
-
Ssh 4.5 - -
Improvements and New Features - - -

- The internal handling of SSH options is re-written.

-

- Previously there were no checks if a client option was - given to a daemon or vice versa. This is corrected now. - If your code has e.g. a client-only option in a call to - start a daemon, the call will fail.

-

- *** POTENTIAL INCOMPATIBILITY ***

-

- Own Id: OTP-12872

- - -

- Modernization of key exchange algorithms. See - draft-ietf-curdle-ssh-kex-sha2 for a discussion.

-

- Removed an outdated weak algorithm and added stronger - replacements to keep interoperability with other modern - ssh clients and servers. The default ordering of the - algorithms is also adjusted.

-

- Retired: The nowadays unsecure key-exchange - diffie-hellman-group1-sha1 is not enabled by - default, but can be enabled with the option - preferred-algorithms.

-

- Added: The new stronger key-exchange - diffie-hellman-group16-sha512, - diffie-hellman-group18-sha512 and - diffie-hellman-group14-sha256 are added and - enabled by default.

-

- The questionable [RFC 6194] sha1-based algorithms - diffie-hellman-group-exchange-sha1 and - diffie-hellman-group14-sha1 are however still kept - enabled by default for compatibility with ancient clients - and servers that lack modern key-exchange alternatives. - When the draft-ietf-curdle-ssh-kex-sha2 becomes an rfc, - those sha1-based algorithms and - diffie-hellman-group1-sha1 will be deprecated by - IETF. They might then be removed from the default list in - Erlang/OTP.

-

- *** POTENTIAL INCOMPATIBILITY ***

-

- Own Id: OTP-14110

- - -

- Modernized internal representation of sftp by use of - maps.

-

- Own Id: OTP-14117

- - -

- The Extension Negotiation Mechanism and the extension - server-sig-algs in - draft-ietf-curdle-ssh-ext-info-05 are implemented.

-

- The related draft-ietf-curdle-rsa-sha2-05 is implemented - and introduces the signature algorithms - rsa-sha2-256 and rsa-sha2-512.

-

- Own Id: OTP-14193

- - -

- The functions ssh:connect, ssh:shell and - ssh:start_channel now accept an IP-tuple as Host - destination argument.

-

- Own Id: OTP-14243

- - -

- The function ssh:daemon_info/1 now returns Host - and Profile as well as the Port info in the property - list.

-

- Own Id: OTP-14259

- - -

- Removed the option public_key_alg which was - deprecated in 18.2. Use pref_public_key_algs - instead.

-

- *** POTENTIAL INCOMPATIBILITY ***

-

- Own Id: OTP-14263

- - -

- The SSH application is refactored regarding daemon - starting. The resolution of contradicting Host - argument and ip option were not described. There - were also strange corner cases when the 'any' - value was used in Host argument or ip - option. This is (hopefully) resolved now, but it may - cause incompatibilities for code using both Host - and the ip option. The value 'loopback' has been - added for a correct way of naming those addresses.

-

- *** POTENTIAL INCOMPATIBILITY ***

-

- Own Id: OTP-14264

- - -

- The supervisor code is refactored. The naming of - listening IP-Port-Profile triples are slightly changed to - improve consistency in strange corner cases as resolved - by OTP-14264

-

- Own Id: OTP-14267 Aux Id: OTP-14266

- - -

- The idle_time option can now be used in daemons.

-

- Own Id: OTP-14312

- - -

- Added test cases for IETF-CURDLE Extension Negotiation - (ext-info)

-

- Own Id: OTP-14361

- - -

- Testcases for IETF-CURDLE extension - server-sig-algs including rsa-sha2-*

-

- Own Id: OTP-14362 Aux Id: OTP-14361

- - -

- The option auth_methods can now also be used in - clients to select which authentication options that are - used and in which order.

-

- Own Id: OTP-14399

- - -

- Checks that a ECDSA public key (ecdsa-sha2-nistp*) - stored in a file has the correct size.

-

- Own Id: OTP-14410

- - -
- -
-
Ssh 4.4.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 0145539b3cb6a72f62d39a6d401d409eb1de0474 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 1 Jun 2017 10:51:05 +0200 Subject: ssh: Doc for SSH application updated --- lib/ssh/doc/src/ssh_app.xml | 44 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 37 insertions(+), 7 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 74c4111338..33ec7aaee0 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -161,6 +161,8 @@ ecdsa-sha2-nistp521 ssh-rsa ssh-dss + rsa-sha2-256 + rsa-sha2-512 @@ -176,21 +178,23 @@ Encryption algorithms (ciphers) - aes128-gcm@openssh.com (AEAD_AES_128_GCM) - aes256-gcm@openssh.com (AEAD_AES_256_GCM) + aes128-gcm@openssh.com + aes256-gcm@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-cbc 3des-cbc + (AEAD_AES_128_GCM, not enabled per default) + (AEAD_AES_256_GCM, not enabled per default) +

See the text at the description of the rfc 5647 further down + for more information regarding AEAD_AES_*_GCM. +

Following the internet de-facto standard, the cipher and mac algorithm AEAD_AES_128_GCM is selected when the cipher aes128-gcm@openssh.com is negotiated. The cipher and mac algorithm AEAD_AES_256_GCM is selected when the cipher aes256-gcm@openssh.com is negotiated.

-

See the text at the description of the rfc 5647 further down - for more information. -

Compression algorithms @@ -235,7 +239,11 @@ RFC 4253, The Secure Shell (SSH) Transport Layer Protocol. -

+

Except

+ + 8.1. diffie-hellman-group1-sha1. Disabled by default, can be enabled with the preferred_algorithms option. + +

RFC 4254, The Secure Shell (SSH) Connection Protocol. @@ -310,7 +318,29 @@

- Work in progress: https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-05, Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) + Draft-ietf-curdle-ssh-kex-sha2 (work in progress), Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH). +

Deviations:

+ + The diffie-hellman-group1-sha1 is not enabled by default, but is still supported and can be enabled + with the option preferred-algorithms + The questionable sha1-based algorithms diffie-hellman-group-exchange-sha1 and + diffie-hellman-group14-sha1 are still enabled by default for compatibility with ancient clients and servers. + They can be disabled with the option preferred-algorithms + +

+ + + Draft-ietf-curdle-rsa-sha2 (work in progress), Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH). + + + Draft-ietf-curdle-ssh-ext-info (work in progress), Extension Negotiation in Secure Shell (SSH). +

Implemented are:

+ + The Extension Negotiation Mechanism + The extension server-sig-algs + +

+ -- cgit v1.2.3 From 6dae98d627d16ce67b5ac75f7fc69cfa1caa6dc9 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 1 Jun 2017 13:19:12 +0200 Subject: ssh: Document send_ext_info and recv_ext_info options --- lib/ssh/doc/src/ssh.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 5c9ce3d5fb..ea7e975ef5 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -320,6 +320,29 @@ attempted.

 + + + + +

Tell the server that the client accepts extension negotiation. See + Draft-ietf-curdle-ssh-ext-info (work in progress) for details. +

+

Currently implemented extension is server-sig-algs which is the list of the server's preferred + user's public key algorithms. +

+

Default value is true. +

+ +

Module implementing the behaviour + + +

Send a list of extensions to the client if the client has asked for it. See + Draft-ietf-curdle-ssh-ext-info (work in progress) for details. +

+

Currently implemented extension is sending server-sig-algs which is the list of the server's preferred + user's public key algorithms. +

+

Default value is true. +

+ + + +

Module implementing the behaviour Date: Thu, 1 Jun 2017 19:23:57 +0200 Subject: ssh: re-formulate timeouts in ssh_sftp:start_channel --- lib/ssh/doc/src/ssh_sftp.xml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index eb6f43d417..2822bf808f 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -558,8 +558,14 @@ -

The time-out is passed to the ssh_channel start function, - and defaults to infinity.

+

There are two ways to set a timeout for the underlying ssh connection:

+ + If the connection timeout option connect_timeout is set, that value + is used also for the negotiation timeout and this option (timeout) is ignored. + Otherwise, this option (timeout) is used as the negotiation timeout + only and there is no connection timeout set + +

The value defaults to infinity.

 -- cgit v1.2.3 From 43718d3b81d7f3d08e25047e22d579801bbe5044 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 14 Jun 2017 15:36:21 +0200 Subject: Update copyright year --- lib/ssh/doc/src/ssh_sftp.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 2822bf808f..ed7fbf9cf3 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -4,7 +4,7 @@
- 20052016 + 20052017 Ericsson AB. All Rights Reserved. -- cgit v1.2.3 From c18b13d4c8aa31b145703bbbf228fb07d6b2a0a5 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Wed, 21 Jun 2017 10:53:19 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 170 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 170 insertions(+) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index bddae00dd2..f93753f1d2 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,176 @@ notes.xml
+
Ssh 4.5 + +
Improvements and New Features + + +

+ The internal handling of SSH options is re-written.

+

+ Previously there were no checks if a client option was + given to a daemon or vice versa. This is corrected now. + If your code has e.g. a client-only option in a call to + start a daemon, the call will fail.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-12872

+ + +

+ Modernization of key exchange algorithms. See + draft-ietf-curdle-ssh-kex-sha2 for a discussion.

+

+ Removed an outdated weak algorithm and added stronger + replacements to keep interoperability with other modern + ssh clients and servers. The default ordering of the + algorithms is also adjusted.

+

+ Retired: The nowadays unsecure key-exchange + diffie-hellman-group1-sha1 is not enabled by + default, but can be enabled with the option + preferred-algorithms.

+

+ Added: The new stronger key-exchange + diffie-hellman-group16-sha512, + diffie-hellman-group18-sha512 and + diffie-hellman-group14-sha256 are added and + enabled by default.

+

+ The questionable [RFC 6194] sha1-based algorithms + diffie-hellman-group-exchange-sha1 and + diffie-hellman-group14-sha1 are however still kept + enabled by default for compatibility with ancient clients + and servers that lack modern key-exchange alternatives. + When the draft-ietf-curdle-ssh-kex-sha2 becomes an rfc, + those sha1-based algorithms and + diffie-hellman-group1-sha1 will be deprecated by + IETF. They might then be removed from the default list in + Erlang/OTP.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14110

+ + +

+ Modernized internal representation of sftp by use of + maps.

+

+ Own Id: OTP-14117

+ + +

+ The Extension Negotiation Mechanism and the extension + server-sig-algs in + draft-ietf-curdle-ssh-ext-info-05 are implemented.

+

+ The related draft-ietf-curdle-rsa-sha2-05 is implemented + and introduces the signature algorithms + rsa-sha2-256 and rsa-sha2-512.

+

+ Own Id: OTP-14193

+ + +

+ The 'timeout' and 'connect_timeout' handling in + ssh_sftp:start_channel documentation is clarified.

+

+ Own Id: OTP-14216

+ + +

+ The functions ssh:connect, ssh:shell and + ssh:start_channel now accept an IP-tuple as Host + destination argument.

+

+ Own Id: OTP-14243

+ + +

+ The function ssh:daemon_info/1 now returns Host + and Profile as well as the Port info in the property + list.

+

+ Own Id: OTP-14259

+ + +

+ Removed the option public_key_alg which was + deprecated in 18.2. Use pref_public_key_algs + instead.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14263

+ + +

+ The SSH application is refactored regarding daemon + starting. The resolution of contradicting Host + argument and ip option were not described. There + were also strange corner cases when the 'any' + value was used in Host argument or ip + option. This is (hopefully) resolved now, but it may + cause incompatibilities for code using both Host + and the ip option. The value 'loopback' has been + added for a correct way of naming those addresses.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14264

+ + +

+ The supervisor code is refactored. The naming of + listening IP-Port-Profile triples are slightly changed to + improve consistency in strange corner cases as resolved + by OTP-14264

+

+ Own Id: OTP-14267 Aux Id: OTP-14266

+ + +

+ The idle_time option can now be used in daemons.

+

+ Own Id: OTP-14312

+ + +

+ Added test cases for IETF-CURDLE Extension Negotiation + (ext-info)

+

+ Own Id: OTP-14361

+ + +

+ Testcases for IETF-CURDLE extension + server-sig-algs including rsa-sha2-*

+

+ Own Id: OTP-14362 Aux Id: OTP-14361

+ + +

+ The option auth_methods can now also be used in + clients to select which authentication options that are + used and in which order.

+

+ Own Id: OTP-14399

+ + +

+ Checks that a ECDSA public key (ecdsa-sha2-nistp*) + stored in a file has the correct size.

+

+ Own Id: OTP-14410

+ + +
+ +
+
Ssh 4.4.2
Fixed Bugs and Malfunctions -- cgit v1.2.3