x/crypto/ssh: HostKeyCallback fails for servers with multiple keys #11722
Labels
Milestone
Comments
|
I'm not sure this this a bug. If you only want to accept an RSA key you can set Config.KeyExchanges to ssh.KeyAlgoRSA. Otherwise the default is used which includes all supported key/cert types (common.go +/supportedHostKeys). |
rsc
changed the title
|
Config.KeyExchanges controls the algorithm for the ephemeral key (ie. what Diffie Hellman flavor is used), and @kankowski is right that this is a bug. I rather like the current callback based approach for checking the hostkey. I think the simplest and most flexible solution is to introduce a ClientConfig.HostKeyAlgorithms field. If you have a .known_hosts file, you could read it and populate the field based on that. |
|
CL https://golang.org/cl/12907 mentions this issue. |
tg123
added a commit
to tg123/sshpiper
that referenced
this issue
Dec 29, 2018
go.crypto: initial code
Manual edits to README.
Moved from main Go repository, deleted Makefiles, ran gofix -r go1rename.
Tested with: go test code.google.com/p/go.crypto/...
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5564059
go.crypto/ssh: add User to ServerConn and pass *ServerConn to callbacks.
R=golang-dev, dave, agl
CC=golang-dev
https://golang.org/cl/5577070
ssh: fix locking in channel.Write
Since a lock is retaken before sync.Cond.Wait returns, this could
deadlock when the for loop attempts to take the lock again. (Reported
by sanjay.m.)
theirWindow was used outside of the lock, therefore concurrent writers
could overrun the window.
theirWindow was never updated to reflect the data written.
R=dave, balasanjay
CC=golang-dev
https://golang.org/cl/5671084
go.crypto/ssh: add Stderr() in Channel interface.
Adds support for piping Stderr to the client.
R=golang-dev, dave, agl
CC=golang-dev
https://golang.org/cl/5674081
ssh: use *rsa.PublicKey or *dsa.PublicKey in interfaces.
Everywhere else in the code base, when we have an interface{} which is
a stand in for a public key, we use *foo.PublicKey rather than
foo.PublicKey. This change makes ssh reflect that.
R=dave, r
CC=golang-dev
https://golang.org/cl/5686067
go.crypto/ssh: add client support for OpenSSH certificates
Refactor key parsing, marshaling, and serialization to be a bit more flexible
R=agl, dave, djm
CC=golang-dev
https://golang.org/cl/5650067
go.crypto/ssh: improve support for MAC algorithms
Also, add support for hmac-sha1.
At the suggestion of AGL hmac-md5, and hmac-md5-96
support was not included.
Fixes golang/go#3095.
R=golang-dev, agl, huin
CC=golang-dev
https://golang.org/cl/5696065
go.crypto/ssh: Initial checkin of ssh agent support.
R=agl, dave, djm
CC=golang-dev
https://golang.org/cl/5695081
go.crypto/ssh: add benchmarks for marshal and unmarshal
R=agl
CC=golang-dev
https://golang.org/cl/5730045
go.crypto/ssh: improve marshal performance
Atom N450, 6g
benchmark old ns/op new ns/op delta
BenchmarkMarshalKexInitMsg 96446 66675 -30.87%
BenchmarkUnmarshalKexInitMsg 155341 142715 -8.13%
BenchmarkMarshalKexDHInitMsg 9499 8340 -12.20%
BenchmarkUnmarshalKexDHInitMsg 4973 5145 +3.46%
Intel E3-1270, 6g
benchmark old ns/op new ns/op delta
BenchmarkMarshalKexInitMsg 23218 16903 -27.20%
BenchmarkUnmarshalKexInitMsg 31384 31640 +0.82%
BenchmarkMarshalKexDHInitMsg 1943 1661 -14.51%
BenchmarkUnmarshalKexDHInitMsg 915 941 +2.84%
R=agl, minux.ma, remyoudompheng
CC=golang-dev
https://golang.org/cl/5728053
go.crypto/ssh: add support for diffie-hellman-group1-sha1.
Fixes golang/go#2903.
R=golang-dev
CC=agl, golang-dev
https://golang.org/cl/5755054
go.crypto/ssh: respect adjust window msg on server.
R=golang-dev
CC=agl, golang-dev
https://golang.org/cl/5908048
go.crypto/ssh: fix example in documentation
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/5905048
go.crypto: add exp/terminal as code.google.com/p/go.crypto/ssh/terminal.
This removes the sole "exp/foo" import in the Go subrepos.
A separate CL will remove exp/terminal from the standard Go repository.
R=golang-dev, dave, r
CC=golang-dev
https://golang.org/cl/5966045
go.crypto/ssh: improve error message when no authentication methods remain
R=golang-dev
CC=golang-dev
https://golang.org/cl/5960044
go.crypto/ssh: replace window channel with an atomic variable and condition
Fixes golang/go#3479.
Using a channel to model window size was a mistake. Unlike stdin and
stdout, which are streams of data, window size is an variable and
should be modeled as such.
R=golang-dev, agl, gustav.paul, kardianos, dvyukov
CC=golang-dev
https://golang.org/cl/5986053
crypto/ssh: fix several logic errors.
These are the obvious mistakes from my read through. I'll save the
more cosmetic changes for a later CL.
R=dave, kardianos
CC=golang-dev
https://golang.org/cl/6049050
go.crypt/ssh: Add additional test for server.
R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6075046
ssh: cosmetic cleanups
These are the cosmetic cleanups from the bits of code that I
rereviewed.
1) stringLength now takes a int; the length of the string. Too many
callers were allocating with stringLength([]byte(s)) and
stringLength only needs to call len().
2) agent.go now has sendAndReceive to remove logic that was
duplicated.
3) We now reject negative DH values
4) We now reject empty packets rather than crashing.
R=dave, jonathan.mark.pittman
CC=golang-dev
https://golang.org/cl/6061052
go.crypto/ssh: server_test should bind to localhost only
Hopefully fix build error under windows.
Binding to the wildcard is poor form for our darwin users
as it triggers the firewall popup. Dialing the wildcard
looks like it's implementation specific as well.
R=agl, kardianos
CC=golang-dev
https://golang.org/cl/6104046
ssh: handle bad servers better.
This change prevents bad servers from crashing a client by sending an
invalid channel ID. It also makes the client disconnect in more cases
of invalid messages from a server and cleans up the client channels
in the event of a disconnect.
R=dave
CC=golang-dev
https://golang.org/cl/6099050
go.crypto/ssh: add support for remote tcpip forwarding
Add support for server (remote) forwarded tcpip channels.
See RFC4254 Section 7.1
R=gustav.paul, jeff, agl, lieqiewang
CC=golang-dev
https://golang.org/cl/6038047
ssh: fix deadlock
The code was taking locks in the wrong order.
Fixes golang/go#3570.
R=fullung
CC=golang-dev
https://golang.org/cl/6123058
go.crypto/ssh: prevent concurrent reads and concurrent writes over the same agent connection
minor fix for v01 cert parsing when algo is not supported
R=golang-dev, agl, dave
CC=golang-dev
https://golang.org/cl/6116052
ssh: fix flaky TestInvalidServerMessage
When shutting down the test, we sometimes see EOF on the server's side
of the connection and sometimes ECONNRESET. In the latter case, based
on timing, it was possible that the server loop would hit Errorf during
shutdown and cause the test to fail.
R=dave
CC=golang-dev
https://golang.org/cl/6125047
go.crypto/ssh: add support for client side global requests
* Add support for RFC4254 section 4 global requests.
* Improve clientConn.Listen to process responses properly.
R=agl, gustav.paul
CC=golang-dev
https://golang.org/cl/6130050
go.crypto/ssh: hide private forwardList methods
This was my mistake. I should have checked godoc before
submitting the previous CL.
R=agl
CC=golang-dev
https://golang.org/cl/6140051
go.crypto/ssh: struct renaming
This CL is in preparation for 6128059.
* rename channel -> serverChan
* rename chanlist -> chanList
* normalise theirId/MyId/id/peersId -> localId/remoteId
R=agl
CC=golang-dev
https://golang.org/cl/6174046
go.crypto/ssh: move common channel methods into an embedded struct
This CL introduces a new struct, channel to hold common shared
functions.
* add a new channel struct, which is embeded in {client,server}Chan.
* move common methods from {client,server}Chan into channel.
* remove unneeded used of serverConn.lock in serverChan
(transport.writePacket has its own mutex).
* remove filteredConn, introduce conn.
R=agl, gustav.paul
CC=golang-dev
https://golang.org/cl/6128059
go.crypto/ssh: make {client,server}Chan use common window management
R=agl, gustav.paul, kardianos
CC=golang-dev
https://golang.org/cl/6208043
go.crypto/ssh: introduce a circular buffer for chanReader
R=agl, gustav.paul, kardianos
CC=golang-dev
https://golang.org/cl/6207051
go.crypto/ssh: fix panic unmarshalling channelOpenFailureMsg
I introduced this problem in change set 33 when I redefined
RejectionReason from a uint32 to an int. I have added a test
to verify the message can be marshaled correctly.
This was a bit hard to track down as the recover in clientConn
mainLoop would catch the panic and shutdown the connection. We
probably shouldn't be using panic inside marshal/unmarshal, at
least not without a way to let the user know why the recover
logic tripped.
R=agl, kardianos, gustav.paul
CC=golang-dev
https://golang.org/cl/6210063
go.crypto/ssh: allow zero sized window adjustments
The RFC doesn't prohibit zero sized window adjustments and
there is evidence of well known clients using them in the
wild.
R=agl, kardianos, gustav.paul
CC=golang-dev
https://golang.org/cl/6209082
go.crypto/ssh: allow server to respond to client init key exchange.
A windows SSH client, PuTTY, by default re-keys after every 60 minutes
or 1G of data transfer.
R=dave, agl
CC=golang-dev
https://golang.org/cl/6301071
ssh: added RequestSubsystem().
RequestSubsystem requests the association of a subsystem with the ssh
session on the remote host. A subsystem is a predefined command that
runs in the background when the ssh session is initiated (i.e. sftp).
R=golang-dev, agl
CC=golang-dev, gustav.paul
https://golang.org/cl/6295096
go.crypto/ssh: add ClientAuthAgent
ClientAuthAgent adapts a *AgentClient to a ClientAuth.
R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6352056
go.crypto/ssh: avoid recover() when handling invalid channel ids
This proposal removes the use of recover() to catch
invalid channel ids sent from the remote side. The
recover() unfortuntaly makes debugging harder as it
obscures other panic causes.
Another source of panic()s exists inside marshal.go,
which will be handled with in a later CL.
R=agl, gustav.paul
CC=golang-dev
https://golang.org/cl/6404046
go.crypto/ssh: use binary.BigEndian throughout
A small cleanup.
R=agl, gustav.paul
CC=golang-dev
https://golang.org/cl/6406043
go.crypto/ssh: improve TestServerWindow robustness
Fix a few resource leaks and prevent the test from
hanging if an error occurs reading from the remote
server.
R=agl, gustav.paul, kardianos
CC=golang-dev
https://golang.org/cl/6423065
go.crypto/ssh: never send more data than maxpacket
RFC 4254 s5.2 is clear that a client must never send a data
packet larger than the value of maximum packet supplied by the
remote side during channel setup. The client was not honoring
this value, in fact it wasn't even recording it.
Thanks to Albert Strasheim for the bug report.
R=agl, fullung
CC=golang-dev
https://golang.org/cl/6448128
go.crypto/ssh: cosmetic: move remaining channel code into channel.go
This CL scratches an itch by moving the remaining channel related code
into channel.go.
R=agl
CC=golang-dev
https://golang.org/cl/6454126
go.crypto/ssh: improve channel max packet handling
This proposal moves the check for max packet into
channel.writePacket. Callers should be aware they cannot
pass a buffer larger than max packet. This is only a
concern to chanWriter.Write and appropriate guards are
already in place.
There was some max packet handling in transport.go but it was
incorrect. This has been removed.
This proposal also cleans up session_test.go.
R=gustav.paul, agl, fullung, huin
CC=golang-dev
https://golang.org/cl/6460075
go.crypto/ssh: fix misplaced defer
Fixes golang/go#3972.
R=golang-dev, agl, r
CC=golang-dev
https://golang.org/cl/6448166
go.crypto/ssh: prevent channel writes after Close
Fixes golang/go#3810.
This change introduces an atomic boolean to guard the close
of the clientChan. Previously the client code was quite
lax with the ordering of the close messages and could allow
window adjustment or EOF messages to leak after Close had
been signaled.
Consolidating the changes to the serverChan will be handled
in a following CL.
R=agl, kardianos, gustav.paul
CC=golang-dev
https://golang.org/cl/6405064
go.crypto/ssh: prevent server from sending more than maxPacket
Fixes golang/go#4003.
R=agl, dave, agl
CC=golang-dev
https://golang.org/cl/6483052
go.crypto/ssh: fix test failure on windows
Use a handler that does not attempt to send a status message
as the failing test closes the connection abruptly.
Also, check the err response on all shell.ReadLine operations.
R=agl, minux.ma, kardianos
CC=golang-dev
https://golang.org/cl/6487043
go.crypto/ssh: improve test reliability
Fixes golang/go#3989.
Tested for several hours on an 8 core ec2 instance with
random GOMAXPROC values.
Also, rolls server_test.go into session_test using the
existing dial() framework.
R=fullung, agl, kardianos
CC=golang-dev
https://golang.org/cl/6475063
go.crypto/ssh: assorted close related fixes
Fixes golang/go#3810.
Fixes chanWriter Write after close behaviour bug.
Fixes serverChan writePacket after close bug.
Addresses final comments by agl on 6405064, plus various cleanups.
R=agl, kardianos, gustav.paul, fullung
CC=golang-dev
https://golang.org/cl/6479056
go.crypto/ssh: sanity check incoming packet length
The check for a sensible packet length was removed a while ago
when the window size and channel packet size checks were moved
into channel.go. While the RFC suggests that any packet of size
less than uint32 -1 is valid, most implmentations limit the size
to a smaller value. OpenSSH chose 256kb, so that sounds like a
sensible default.
R=agl, huin, kardianos
CC=golang-dev
https://golang.org/cl/6490098
go.crypto/ssh: Read returns all unread bytes before returning io.EOF.
Fixes golang/go#4158.
R=dave, agl
CC=golang-dev
https://golang.org/cl/6586060
go.crypto/ssh: new test subpackage
This proposal is an attempt to improve the state of functional testing in the ssh package. The previous functional tests required the user to give away some personal details, like their password and private key to run the tests, and so were probably not run as frequently as they should.
R=agl, gustav.paul, kardianos, fullung
CC=golang-dev
https://golang.org/cl/6601043
go.crypto: various: fix appengine compatibility
Fixes golang/go#4102.
R=russross, minux.ma, rsc, agl
CC=golang-dev
https://golang.org/cl/6623053
go.crypto/ssh: add terminal modes to ssh.RequestPty()
R=dave, agl
CC=golang-dev
https://golang.org/cl/6655046
go.crypto/ssh: never negotiate unsupported ciphers
Fixes golang/go#4285.
Adding a new cipher that is supported by the remote end, but not supported by our client causes that cipher to be considered a valid candidate. This fails later in setupKeys when there is no cipherModes configuration.
In summary, unsupported ciphers cannot be willed into existence by adding them to the client config. This change enforces this.
R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6780047
go.crypto/ssh/test: don't kill process if it was never started
This case arises if s.cmd.Start fails when called by
server.Dial.
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/6821097
go.crypto/ssh: make tests work on non-cgo platforms.
user.Current() currently requires cgo - if an error is returned
attempt to get the username from the environment.
R=golang-dev, minux.ma, bradfitz, dave
CC=golang-dev
https://golang.org/cl/6819113
ssh: add functions for public keys in wire & auth keys format.
This allows easy import/export of public keys in the format
expected by OpenSSH for authorized_keys files, as well as
allowing comparisons with ServerConfig's PublickeyCallback.
Fixes golang/go#3908.
R=agl, dave, golang-dev, bradfitz
CC=agl, golang-dev
https://golang.org/cl/6855107
go.crypto/ssh: run gofmt
gofmt got better at removing trailing whitespace.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/6929044
go.crypto/ssh: Add support for ECDSA keys and certs.
R=agl, dave
CC=golang-dev
https://golang.org/cl/6873060
go.crypto/ssh/test: move some variables into common os source file to fix windows build
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/6944048
go.crypto/ssh: Miscellaneous changes up for discussion.
Export key and certificate algorithm names.
Switch from string literals over to using the constants for any key/cert algorithm references.
Make URL references visible in the godoc web display.
Standardize url reference names with surrounding [].
R=dave, agl, jonathan.mark.pittman
CC=golang-dev
https://golang.org/cl/6944047
go.crypto: gofmt -w -s
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/6948057
go.crypto/ssh: some cleanup
Simplify MarshalAuthorizedKey by using the algoName func.
Make the algoName func be very specific about supported key types in openssh certs.
Generalize some of the commentary that previously mentioned specific key types.
R=agl, dave
CC=golang-dev
https://golang.org/cl/6938067
go.crypto/ssh: support OpenSSH keepalives
Fixes golang/go#4552.
R=minux.ma, agl
CC=golang-dev
https://golang.org/cl/6948059
ssh/terminal: add GetState and make ReadPassword work in raw mode.
GetState is useful for restoring the terminal in a signal handler.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/6990043
ssh/terminal: add darwin support.
terminal contains a number of utility functions that are currently only
implemented for Linux. Darwin uses different named constants for
getting and setting the terminal state so this change splits them off
as constants and defines them for each arch.
R=golang-dev, minux.ma
CC=golang-dev
https://golang.org/cl/7286043
ssh/test: deflake session test.
The session test previously had a one second timeout for the output of
stty and this was leading to flakiness. This change removes the timeout
since go test has a generic timeout mechanism.
Additionally, the test was looking for "-echo" in the output to test
the value of the echo flag. However, there are also typically "echoe",
"echok" and "echonl" flags, and "-echo" could be a prefix of any of
time. Thus we now also match a trailing space.
R=golang-dev, rsc, extraterrestrial.neighbour
CC=golang-dev
https://golang.org/cl/7579043
go.crypto/ssh: fix tests with -cpu 1,2.
When running the ssh tests several times (e.g. with -cpu 1,2), the
second run would fail because testing globals had been altered. This
change avoids altering the globals since the default worked anyway.
Fixes golang/go#4715.
R=golang-dev, minux.ma
CC=golang-dev
https://golang.org/cl/7903045
go.crypto/ssh/test: wait on sshd process in tests
R=dave
CC=golang-dev
https://golang.org/cl/8449043
go.crypto/ssh/test: improve diagnostics for test failing to get username.
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/8817043
go.crypto/ssh/test: Fix distracting nil pointer dereference in a test.
If cgo is disabled (such as it appears to be on a subset of builders),
username() panics, and s.cmd is nil; let's not panic while recovering
from a different panic.
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/8820043
go.crypto/ssh/test: Replace FailNow with Fail where it is obvious that the test doesn't want to fail now.
Improve a couple of test error messages too.
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/8661045
go.crypto/ssh: More error reporting improvements.
R=golang-dev, kardianos, dave
CC=golang-dev
https://golang.org/cl/8596047
ssh: add Output and CombinedOutput helpers
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/9711043
go.crypto/ssh: fix test breakage
Followup CL for 9711043. The order that CombinedOutput returns data captured from stdout/stderr is not specified, so we have to test both variants.
Thanks to fullung for the bug report.
R=fullung, kr
CC=golang-dev
https://golang.org/cl/9921044
go.crypto/ssh: fix race on mock ssh network connection
Fixes golang/go#5138.
Fixes golang/go#4703.
This appears to pass my stress tests with and without the -race detector, but I'd like to see others hit it with their machines.
R=golang-dev, fullung, huin, kardianos, agl
CC=golang-dev
https://golang.org/cl/9929043
go.crypto/ssh: add a error return to decode(), and avoid casting decode() output.
R=dave, kardianos, agl
CC=gobot, golang-dev
https://golang.org/cl/9738053
go.crypto/ssh: implement keyboard-interactive auth (RFC 4256), both
on client and server-side.
R=dave, agl
CC=gobot, golang-dev
https://golang.org/cl/9853050
ssh/terminal: support home, end, up and down keys.
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/9777043
go.crypto: remove unreachable code.
I ran go vet over all of go.crypto and removed lots of panic("unreachable") that are no longer needed.
R=golang-dev, r, dgryski
CC=golang-dev
https://golang.org/cl/10113043
go.crypto: revert 7f5a59ff6b43.
This change reverts https://golang.org/cl/10113043/ because
some folks are stuck on 1.0 till 1.1.1 comes out.
R=golang-dev
CC=golang-dev
https://golang.org/cl/10151043
go.crypto/ssh: fix and test port forwarding.
Set maxPacket in forwarded connection, and use the requested port
number as key in forwardList.
R=golang-dev, agl, dave
CC=golang-dev
https://golang.org/cl/9753044
go.crypto/ssh/test: Run sshd with -e, so the debug output goes onto stderr.
R=dave, agl
CC=golang-dev
https://golang.org/cl/10230043
go.crypto/ssh: fix test breakages introduced by 125:40246d2ae2eb
* Remove special handling for dynamically allocated
ports. This was a bug in OpenSSH 5.x sshd.
* Run the test with a preselected port number.
* Run TestPortForward only on unix platforms.
R=dave, agl
CC=golang-dev
https://golang.org/cl/10049045
go.crypto/ssh: add hook for host key checking.
R=dave, agl
CC=gobot, golang-dev
https://golang.org/cl/9922043
go.crypto/ssh/terminal: don't save passwords in history.
The history buffer would recall previously entered lines: including passwords. With this change, lines entered while echo is disabled are no longer put into the history.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/10853043
go.crypto/ssh/terminal: support Go 1.0.
For those still stuck on Go 1.0.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/11297043
go.crypto/ssh: close channel feeding tcpListener.
Close both on closing the listener, and on closing the
connection. Test the former case.
R=dave
CC=golang-dev
https://golang.org/cl/11349043
go.crypto/ssh: add workaround for broken port forwarding in
OpenSSH 5.
Tested with OpenSSH_5.9
R=agl, dave
CC=golang-dev
https://golang.org/cl/11921043
go.crypto/ssh: seed random generator, so auto port allocation is truly random.
R=agl, dave
CC=golang-dev
https://golang.org/cl/12027043
crypto/ssh: Handle msgUserAuthBanner during keyboard-interactive auth.
R=agl, golang-dev
CC=golang-dev
https://golang.org/cl/12983046
crypto/ssh: Allow customization of the client version.
R=agl, golang-dev, dave
CC=golang-dev
https://golang.org/cl/13176044
go.crypto/ssh/terminal: handle ^W, ^K and ^H
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/13207043
go.crypto/ssh: implement ECDH.
Implement elliptic-curve Diffie-Hellman, including host key signature
verification.
Moves host key cryptographic verification to ClientConn.handshake(), so
RSA host keys are also verified.
Fixes golang/go#6158.
R=dave, agl
CC=golang-dev
https://golang.org/cl/13021045
go.crypto/ssh: Use net.UnixConn for connecting client and sshd.
This obviates custom code to emulate a thread-safe connection.
Use this for testing that listeners close if the connection breaks.
R=dave, agl, fullung
CC=golang-dev
https://golang.org/cl/11781043
go.crypto/ssh: Update Dial to perform remote resolution of DNS names.
R=agl
CC=golang-dev
https://golang.org/cl/13010047
go.crypto/ssh: use 127.0.0.1 during TestKexAlgorithms (fixes windows build)
R=golang-dev, mikioh.mikioh, remyoudompheng
CC=golang-dev
https://golang.org/cl/13370043
go.crypto/ssh/test: Only show SSHD debug output if test fails.
R=agl, dave, jpsugar
CC=golang-dev
https://golang.org/cl/13438043
go.crypto/ssh: remove misleading marshalPrivRSA.
Properly capitalize publicKey throughout.
R=golang-dev
CC=agl, dave, golang-dev, jpsugar
https://golang.org/cl/13415046
go.crypto/ssh: Begin adding server side support for more than RSA for client key auth
R=agl, dave, hanwen
CC=ekg, golang-dev
https://golang.org/cl/13528044
go.crypto/ssh: introduce PublicKey interface type.
Public functions affected:
-AgentKey.Key
-AgentClient.SignRequest
-ClientKeyring.Key
-MarshalPublicKey
-ParsePublicKey
R=agl, jpsugar, jmpittman
CC=golang-dev
https://golang.org/cl/13642043
go.crypto/ssh/terminal: support Unicode entry.
Previously, terminal only supported ASCII characters. This change
alters some []byte to []rune so that the full range of Unicode is
supported. The only thing that doesn't appear to work correctly are
grapheme clusters as the code still assumes one rune per glyph. Still,
this change allows many more languages to work than did previously.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/13704043
go.crypto/ssh/terminal: fix non-ASCII history.
The length of history buffer entries (which are stored as strings) was
being used as the number of runes. This was correct until ff9ce887b46b,
which allowed unicode entry, but can now cause a panic when editing
history that contains non-ASCII codepoints.
R=golang-dev, sfrithjof, r
CC=golang-dev
https://golang.org/cl/13255050
go.crypto/ssh: introduce Signer method, an abstraction of
private keys.
R=agl, jpsugar, jonathan.mark.pittman
CC=golang-dev
https://golang.org/cl/13338044
go.crypto/ssh: separate kex algorithms into kexAlgorithm class.
Adds readPacket() to conn, and renames conn to packetConn.
Key exchanges operate on packetConn, so they can be
unittested.
R=agl, jpsugar, dave
CC=golang-dev
https://golang.org/cl/13352055
go.crypto/ssh: parse DSA private keys too.
R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/13966043
go.crypto/ssh/terminal: Allow ^A and ^E as synonyms for Home and End.
I understand that ssh/terminal can't implement everybodys
favorite keyboard shortcuts, but I think these are very
widespread. They exist not only in Emacs or Readline, but also
in Acme and Sam. Also they almost come for free.
R=golang-dev
CC=agl, golang-dev
https://golang.org/cl/13839047
go.crypto/ssh: let client accept DSA and ECDSA host key algorithms.
R=agl, dave, jpsugar, m4dh4tt3r, agl
CC=golang-dev
https://golang.org/cl/14420045
go.crypto/ssh: move interpretation of msgNewKeys into
transport.
Sending the msgNewKeys packet and setting up the key material
now happen under a lock, preventing races with concurrent
writers.
R=kardianos, agl, jpsugar, hanwenn
CC=golang-dev
https://golang.org/cl/14476043
go.crypto/ssh: fix certificate parsing/marshaling.
The change to add the PublicKey interface accidentally caused certificate handling to expect an extra copy of the private key algorithm name in the binary representation. This change adapts a suitable parsing API and adds a test to ensure that cert handling isn't easily broken in the future.
R=agl, hanwen, jmpittman
CC=golang-dev
https://golang.org/cl/13272055
go.crypto/ssh: cosmetic only spelling fixes
R=agl, hanwen
CC=dave, golang-dev, jpsugar
https://golang.org/cl/14430055
go.crypto/ssh: implement memTransport using sync.Cond.
This makes memTransport safe for use with multiple
writers/closers.
R=golang-dev, dave
CC=agl, golang-dev
https://golang.org/cl/14532048
go.crypto/ssh: add String method to RejectionReason.
R=agl, dave
CC=golang-dev
https://golang.org/cl/14494055
go.crypto/ssh: (un)marshal data without type byte prefix.
This helps manipulating data in global and channel request
payloads.
R=agl, dave, jpsugar
CC=golang-dev
https://golang.org/cl/14438068
go.crypto/ssh: move channelForwardMsg declaration.
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/14669046
go.crypto/ssh: put version exchange in function
R=golang-dev, dave, jpsugar, agl
CC=golang-dev
https://golang.org/cl/14641044
go.crypto/ssh: Add certificate verification, step up support for authorized keys
R=agl, hanwen, jpsugar, dave
CC=golang-dev
https://golang.org/cl/14540051
go.crypto/ssh: additional coverage of message unmarshaling
R=golang-dev, hanwen
CC=golang-dev
https://golang.org/cl/14767043
go.crypto/ssh: Implement CertTime to properly handle the "infinite" time
value ^0, which would become negative when expressed as int64.
R=agl, dave, jpsugar, hanwen
CC=golang-dev
https://golang.org/cl/15520047
go.crypto/ssh: only close connection if it was open in TestClientUnsupportedKex.
R=dave
CC=golang-dev
https://golang.org/cl/15450046
go.crypto/ssh: ensure {Server,Client}Conn do not expose io.ReadWriter
Transport should not be a ReadWriter. It can only write packets, i.e. no partial reads or writes. Furthermore, you can currently do ClientConn.Write() while the connection is live, which sends raw bytes over the connection. Doing so will confuse the transports because the data is not encrypted.
As a consequence, ClientConn and ServerConn stop being a net.Conn
Finally, ensure that {Server,Client}Conn implement LocalAddr and RemoteAddr methods that previously were exposed by an embedded net.Conn field.
R=hanwen
CC=golang-dev
https://golang.org/cl/16610043
go.crypto/ssh: in {Server,Client}Conn, read session ID from
transport layer.
R=agl, dave
CC=golang-dev
https://golang.org/cl/15870044
go.crypto/ssh: cosmetic: unnest signing code for public key auth.
R=dave
CC=golang-dev
https://golang.org/cl/15930044
go.crypto/ssh: Increase window size.
Increase window size for channels (session and tcpip) to 64 *
max packet size (32 KB), which is the same value that OpenSSH
uses. Also breaks out the relevant harcoded constants into named
constants in channel.go.
Fixes golang/go#6675.
R=golang-dev, dave, hanwen, agl
CC=golang-dev
https://golang.org/cl/18120043
go.crypto/ssh/terminal: enable freebsd build
syscall.Termios, which was the only thing breaking the build, is
available in go tip now
(https://code.google.com/p/go/source/detail?r=873d664b00ec)
R=golang-codereviews, bradfitz
CC=golang-codereviews
https://golang.org/cl/51690043
undo CL 51690043 / abf8f8812575
Breaks FreeBSD build of subrepo for non-tip users.
««« original CL description
go.crypto/ssh/terminal: enable freebsd build
syscall.Termios, which was the only thing breaking the build, is
available in go tip now
(https://code.google.com/p/go/source/detail?r=873d664b00ec)
R=golang-codereviews, bradfitz
CC=golang-codereviews
https://golang.org/cl/51690043
»»»
R=golang-codereviews, dave
CC=golang-codereviews
https://golang.org/cl/51100044
go.crypto/ssh: build tests on Plan 9
LGTM=minux.ma
R=golang-codereviews, minux.ma
CC=golang-codereviews
https://golang.org/cl/64390044
go.crypto/ssh: import gosshnew.
See https://groups.google.com/d/msg/Golang-nuts/AoVxQ4bB5XQ/i8kpMxdbVlEJ
R=hanwen
CC=golang-codereviews
https://golang.org/cl/86190043
go.crypto/ssh: remove old files.
In c0fc595a2cb5, hg didn't notice the files that had been removed from
the working directory. These, old files are breaking the build.
CC=golang-codereviews
https://golang.org/cl/86240043
go.crypto/ssh: build test_unix_test on Plan 9
LGTM=minux.ma
R=golang-codereviews, minux.ma
CC=golang-codereviews
https://golang.org/cl/86630043
go.crypto/ssh: only offset channel IDs when debugMux is
set.
Otherwise, the package leaks data about total number of
connections established through its channel IDs.
R=agl, jpsugar
CC=golang-codereviews
https://golang.org/cl/87280043
go.crypto/ssh: Add support for the pre-2006 RC4 cipher mode.
LGTM=hanwen
R=agl, hanwen
CC=golang-codereviews
https://golang.org/cl/86600044
go.crypto/ssh: fix messages_test.go on 32-bit platforms.
LGTM=dave
R=agl, dave
CC=golang-codereviews
https://golang.org/cl/88060043
go.crypto/ssh/agent: prefix errors with "agent".
R=agl, dave, jpsugar
CC=golang-codereviews
https://golang.org/cl/87810047
go.crypto/ssh/agent: add key type to testAgentInterface failure messages.
R=agl, dave, jpsugar
CC=golang-codereviews
https://golang.org/cl/88260043
ssh/forward: Fix reference to the functions to call to route authentication requests.
R=agl
CC=golang-codereviews, hanwen
https://golang.org/cl/95910043
go.crypto/ssh/terminal: add support for BSD variants
LGTM=agl
R=golang-codereviews, agl
CC=golang-codereviews
https://golang.org/cl/97850043
go.crypto/ssh/test: enable test cases on dragonfly
LGTM=agl
R=golang-codereviews, agl
CC=golang-codereviews
https://golang.org/cl/98840043
go.crypto/ssh: try authentication methods in ClientConfig order.
LGTM=jpsugar, agl
R=agl, jpsugar
CC=golang-codereviews
https://golang.org/cl/92240045
go.crypto/ssh: use permissions from public key cache when accepting a key.
Fixes golang/go#7913.
LGTM=hanwen
R=hanwen
CC=golang-codereviews
https://golang.org/cl/96220043
go.crypto/ssh: fix authentication after all public keys are rejected by a server.
Validating a public key doesn't return any remaining methods so, if all public keys were rejected, a nil slice would be returned for the remaining methods and authentication would stop.
We could have validateKey return methods, but that wouldn't solve the problem of what to do if the callback returns no keys. In that case we don't have any keys to test.
So this change makes it possible for an AuthMethod to return a nil slice for the remaining methods (meaning "reuse the last list"). It also fixes a scoping bug.
Fixes golang/go#7787.
LGTM=hanwen
R=hanwen
CC=golang-codereviews
https://golang.org/cl/94350043
go.crypto/ssh/terminal: support ^U, ^D and ^L.
LGTM=bradfitz
R=bradfitz, marios.nikolaou
CC=golang-codereviews
https://golang.org/cl/92220043
go.crypt/ssh/terminal: declare TCGETS, TCSETS constants locally.
Currently the ssh/terminal package cannot be compiled under gccgo. Even though gccgo may be running on linux, its syscall package is slightly different and does not contain these constants.
This proposal resolves the issue by declaring the two constants locally, as we've done for the *BSDs.
LGTM=hanwen, iant
R=hanwen, iant, gobot
CC=golang-codereviews
https://golang.org/cl/101670043
go.crypto/ssh/terminal: better handling of window resizing.
There doesn't appear to be perfect behaviour for line editing
code in the face of terminal resizing. But this change works
pretty well on xterm and gnome-terminal and certainly a lot
better than it used to.
LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/105580043
go.crypto/ssh/test: skip tests during -short mode
This proposal effectively disables all the ssh/test tests when run with the -short flag supplied.
For developers and users of this package, there should be no change unless they are in the habbit of always supplying -short, which I belive is untrue.
For the CI dashboard the effect should be that these tests, which are really not portable enough to run reliably on all our various builders, are disabled.
LGTM=adg
R=adg, agl, hanwen
CC=golang-codereviews
https://golang.org/cl/125860043
go.crypto/ssh: skip tests that start ssh-agent.
Also stops leaking /tmp/ directories.
Fixes golang/go#8489.
LGTM=dave, minux
R=dave, minux, agl
CC=golang-codereviews
https://golang.org/cl/124010043
go.crypto/ssh: reuse packet buffer for channel writes.
Test that different extended data streams within a channel are
thread-safe.
benchmark old MB/s new MB/s speedup
BenchmarkEndToEnd 79.26 87.98 1.11x
benchmark old allocs new allocs delta
BenchmarkEndToEnd 110 73 -33.64%
benchmark old bytes new bytes delta
BenchmarkEndToEnd 2605720 1299768 -50.12%
LGTM=dave, jpsugar
R=agl, dave, jpsugar
CC=golang-codereviews
https://golang.org/cl/136420043
go.crypto/ssh: clean up address parsing in forward code.
LGTM=agl
R=agl, dave, jpsugar
CC=golang-codereviews
https://golang.org/cl/134700043
go.crypto/ssh/terminal: fix crash when terminal narrower than prompt.
Previously, if the current line was "empty", resizes wouldn't trigger
repaints. However, the line can be empty when the prompt is non-empty
and the code would then panic after a resize because the cursor position
was outside of the terminal.
LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/158090043
go.crypto/ssh/terminal: remove \r from passwords on Windows.
Fixes golang/go#9040.
(Note: can't compile or test this one prior to committing.)
LGTM=iant, bradfitz
R=bradfitz, mathias.gumz, iant
CC=golang-codereviews
https://golang.org/cl/171000043
go.crypto/ssh/terminal: fix Home and End.
In my notes I had Home and End down as OH and OF. But that's nonsense, they are [H and ]F.
I never noticed before because I don't have Home and End keys on my keyboard.
LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/172100043
go.crypto: use golang.org/x/... import paths
LGTM=bradfitz
R=rsc, bradfitz
CC=golang-codereviews
https://golang.org/cl/167190043
go.crypto/ssh/terminal: support bracketed paste mode.
Some terminals support a mode where pasted text is bracketed by escape sequences. This is very useful for terminal applications that otherwise have no good way to tell pastes and typed text apart.
This change allows applications to enable this mode and, if the terminal supports it, will suppress autocompletes during pastes and indicate to the caller that a line came entirely from pasted text.
LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/171330043
crypto: add import comments.
Change-Id: I33240faf1b8620d0cd600de661928d8e422ebdbc
Reviewed-on: https://go-review.googlesource.com/1235
Reviewed-by: Andrew Gerrand <adg@golang.org>
ssh/terminal: fix SetSize when nothing on current line
SetSize has a problem may cause the following ReadPassword setting
temporary prompt not working, when changing width the current
SetSize will call clearAndRepaintLinePlusNPrevious which would
print an old prompt whatever the current line has, causing a following
ReadPassword with temporary prompt not printing the different prompt.
When running code like this, the nt.SetSize prints a "> " as
prompt then the temporary "Password: " prompt would never show up.
```go
oldState, err := terminal.MakeRaw(int(os.Stdin.Fd()))
width, height, _ = terminal.GetSize(int(os.Stdin.Fd()))
nt := terminal.NewTerminal(os.Stdin, "> ")
nt.SetSize(width, height)
password, err = nt.ReadPassword("Password: ")
```
the new test cases is to test SetSize with different terminal sizes,
either shrinking or expanding, a following ReadPassword should get the
correct temporary prompt.
Change-Id: I33d13b2c732997c0c88670d53545b8c0048b94b6
Reviewed-on: https://go-review.googlesource.com/1861
Reviewed-by: Adam Langley <agl@golang.org>
ssh: add ServerConfig.ServerVersion option
The SSH server does not allow for setting a version string in the same
manner as the client. This update adds a ServerVersion member to the
ServerConfig structure which when set, causes the server to use that
member instead of the default version string. This allows building
an golang based SSH server which can present any version string
the user wishes.
It also adds an else statement to the client assignment of the
ClientVersion to avoid an allocation when using a user defined
ClientVersion.
Change-Id: I43d97cfd5a174f2c68f53c5b4e267539ef21937b
Reviewed-on: https://go-review.googlesource.com/1860
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
ssh/agent: do not return nil entries from keyring.Signers()
The slice returned is constructed with both a pre-set length and
append() resulting in a slice twice as long and half-full of nil.
Setting the capacity instead of length gets the desired result.
Change-Id: I758423594e4f4c0506c53f227454f57a9dc8bdf1
Reviewed-on: https://go-review.googlesource.com/2659
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
ssh: make godoc examples easier to reuse
Fixes golang/go#9747
Move the example tests to an external test package so that they
must explicitly reference the ssh package. The side effect is the
examples now become easier to copy and paste.
Change-Id: Ibbddea42bc5a41d11ffdef5144d9884ef3ef603f
Reviewed-on: https://go-review.googlesource.com/3710
Reviewed-by: Andrew Gerrand <adg@golang.org>
ssh: return session ID in ConnMeta.SessionID.
SessionID() returned nil previously.
Fixes #9761.
Change-Id: I53d2b347571d21eab2d913c2228e85997a84f757
Reviewed-on: https://go-review.googlesource.com/3872
Reviewed-by: Adam Langley <agl@golang.org>
crypto/ssh: add support for aes128-cbc cipher.
The aes128cbc cipher is commented out in cipher.go on purpose, anyone wants to
use the cipher needs to uncomment line 119 in cipher.go
Fixes #4274.
Change-Id: I4bbc88ab884bda821c5f155dcf495bb7235c8605
Reviewed-on: https://go-review.googlesource.com/8396
Reviewed-by: Adam Langley <agl@golang.org>
crypto/ssh: fix the links to the SSH protocol documents
Minor change - updated the links to the ssh PROTOCOL.* docs.
Currently the [PROTOCOL...] links in References on top of
https://godoc.org/golang.org/x/crypto/ssh and
https://godoc.org/golang.org/x/crypto/ssh/agent
take you to the top-level directory list on
http://cvsweb.openbsd.org/cgi-bin/cvsweb/
instead of directly to the respective document pages.
Change-Id: Ifd3f0bc2ef393ab02f023c13b93340fdb0a05af3
Reviewed-on: https://go-review.googlesource.com/8963
Reviewed-by: Adam Langley <agl@golang.org>
crypto/ssh: update references to the old code.google.com repo
Changed code.google.com repository links to the current
golang.org/x/crypto/ssh (except Gerrit homepage).
Change-Id: I7301d21401b163ceef8cfc1cf535dee998f9cb0d
Reviewed-on: https://go-review.googlesource.com/9250
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
crypto/ssh: fix encoding of ssh certs with critical options
Attention - BREAKING change for the certificates generated with
the previous versions of crypto/ssh! Need to regenerate
certificates with a version of crypto/ssh library including
this fix.
[PROTOCOL.cerkeys] requires two length fields for non-empty
values of critical options (or extensions - but those are
currently always empty) - see
https://bugzilla.mindrot.org/show_bug.cgi?id=2389.
Add SSH-conform handling of such composite values in marshalTuples
and parseTuples and related test (TestParseCertWithOptions) parsing
a certificate created with ssh-keygen which includes critical options.
Fixes #10569
Change-Id: Iecbfca67a66668880635141c72bc5fc370a9c112
Reviewed-on: https://go-review.googlesource.com/9375
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
x/crypto/ssh: bail early if a server has no auth methods configured.
Change-Id: I58fdfbe00fcc4ca09da9699edcc181cc512feef7
Reviewed-on: https://go-review.googlesource.com/9807
Reviewed-by: JP Sugarbroad <jpsugar@google.com>
Reviewed-by: Adam Langley <agl@golang.org>
ssh: add hmac-sha2-256.
Fixes golang/go#10274
Change-Id: Id8386828ee92ccc6cba5197831cdb8b2ce0cd648
Reviewed-on: https://go-review.googlesource.com/8353
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
x/crypto/ssh: add padding oracle countermeasures for AES-CBC.
This deprives an attacker of feedback for guesses against the packet
length given by the connection dropping.
Change-Id: I14939a82e5243a86d192bb18be93d45589227147
Reviewed-on: https://go-review.googlesource.com/9908
Reviewed-by: Adam Langley <agl@golang.org>
crypto/ssh: trivial spacing change for gofmt compliance
Extra space added by 'gofmt -w' to align key/value columns
in the new test (TestParseCertWithOptions).
Follow-up on https://go-review.googlesource.com/#/c/9375/.
Change-Id: Id7dd0bc420888f12ce0af4178096bdc9f5c57161
Reviewed-on: https://go-review.googlesource.com/9627
Reviewed-by: Adam Langley <agl@golang.org>
crypto/ssh: fix format string error in test.
Change-Id: I0c84f11fb74ee478617deb1b743a759c9f789101
Reviewed-on: https://go-review.googlesource.com/10822
Reviewed-by: Adam Langley <agl@golang.org>
ssh: Add explicit type in comparison with constant to make go-fuzz happy
Currently using go-fuzz with code using golang.org/x/crypto/ssh fails
because it passes CertTimeInfinity to an interface{} and automatically
tries to use an int, which overflows and results in a compile error.
This change adds a no-op type conversion inside the function which
makes things compile with go-fuzz.
Change-Id: Iade0c0df7e20cbac4928480fad3e44c831e1e00a
Reviewed-on: https://go-review.googlesource.com/11285
Reviewed-by: Adam Langley <agl@golang.org>
x/crypto/ssh: fix bounds check in parseString
Fixes #11348
Change-Id: If083744343256a2a53eb813411ba0c9a359d6dbd
Reviewed-on: https://go-review.googlesource.com/11332
Reviewed-by: Adam Langley <agl@golang.org>
x/crypto/ssh: fix comment
Fixes golang/go#11603
Change-Id: I019af73f5e036b47b8bd6c4a5541c06b97b44f11
Reviewed-on: https://go-review.googlesource.com/11866
Reviewed-by: Andrew Gerrand <adg@golang.org>
crypto/ssh: fix a comment (trivial)
Comment in Agent made to conform the godoc style.
Change-Id: I4e1e8ce1a15ca346715fae257ae2178f5093d40d
Reviewed-on: https://go-review.googlesource.com/12183
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
ssh: fix spelling of test so that it runs
Change-Id: I65ebae299f272d5f1367ca4c2e47e51f9c392b6a
Reviewed-on: https://go-review.googlesource.com/12229
Reviewed-by: Dave Cheney <dave@cheney.net>
crypto/ssh: allow identities to be constrained.
The ssh-agent protocol allows the usage of keys and certs added to a
given agent to be constrained in certain ways. The only constraints
currently supported are lifetime (keys expire after some number of
seconds) and confirmation (the agent requires user confirmation before
performing any operations with the private key).
Change-Id: Idba5760db929805bf3da43fdcaca53ae6c479ca4
Reviewed-on: https://go-review.googlesource.com/12260
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
Reviewed-by: Peter Moody <pmoody@uber.com>
ssh: skip TestHandshakeBasic on Plan 9
Updates golang/go#7797.
Change-Id: I7aa57f3fb812ecf644c8f8c065848938868e473b
Reviewed-on: https://go-review.googlesource.com/12767
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
ssh: fix deadlock during error path
Fixes golang/go#11882
If an error occurs during handshakeTransport.writePacket the lock may not be
released. Fix this by using defer rather than manually unlocking in all paths.
Change-Id: I0010284b4f7d99907c86b4c0e140ab6cf37b0441
Reviewed-on: https://go-review.googlesource.com/12888
Reviewed-by: Adam Langley <agl@golang.org>
ssh: fix flake in TestHostKeyCert
Update golang/go#11811
The increased default concurrency in Go 1.5 showed up a test flake in
the TestHostKeyCert test. Under load, when the client provided incorrect
data, both sides would race to tear down the connection, which would often
lead to the server side, running in its own goroutine to see an unexpected
EOF or connection reset.
Fix this flake (and the incorrect use of t.Fatalf) by passing the error back
to the main goroutine for inspection. This also lets us ignore the expected
error in the unsuccessful path
Change-Id: I5a95c6d240479e9d537f34177e5ca8023b1b08e9
Reviewed-on: https://go-review.googlesource.com/12916
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
crypto/ssh: allow client to specify host key algorithms.
Fixes golang/go#11722.
Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a
Reviewed-on: https://go-review.googlesource.com/12907
Reviewed-by: Adam Langley <agl@golang.org>
crypto/ssh: Handle error in dial to avoid a goroutine leak
If the channel open request failed, a nil channel would be provided to
DiscardRequests, which would never return.
We return the error early to avoid this goroutine leak.
Change-Id: I4c0e0a7698f7623c042f2a04941b8c50e8031d33
Reviewed-on: https://go-review.googlesource.com/13390
Reviewed-by: Dave Cheney <dave@cheney.net>
x/crypto/ssh/test: test all key exchanges against sshd.
Change-Id: I9d775d6e9c39bee1f2bf914ba3659acb6b0029dd
Reviewed-on: https://go-review.googlesource.com/13591
Reviewed-by: Adam Langley <agl@golang.org>
x/crypto/ssh: implement curve25519-sha256@libssh.org key agreement.
Fixes golang/go#11004.
Change-Id: Ic37cf9d620e3397b7ad769ae16abdaee63a7733b
Reviewed-on: https://go-review.googlesource.com/13592
Reviewed-by: Adam Langley <agl@golang.org>
x/crypto/ssh: close memPipe after running kex test.
Change-Id: I6022d669946a7cb3403757a7c0dbf21a474e1c95
Reviewed-on: https://go-review.googlesource.com/13590
Reviewed-by: Adam Langley <agl@golang.org>
crypto/ssh: fix deadlock during error condition.
Unblock writers if a read error occurs while writers are blocked on a
pending key change.
Add test to check for deadlocks in error paths in handshake.go
Fixes golang/go#11992.
Change-Id: Id098bd9fec3d4fe83daeb2b7f935e5647c19afd3
Reviewed-on: https://go-review.googlesource.com/13594
Reviewed-by: Adam Langley <agl@golang.org>
crypto/ssh: clearer error messages when "no ciphers in common"
The error message reported by the ssh client when it can't find a
"cipher" in common between the client and server was overly vague. This
adds more detailed error messages to findAgreedAlgorithms so that the
user can more easily identify which of the components can't reach
agreement.
Change-Id: I4d985e92fea964793213e5600b52b3141e712000
Reviewed-on: https://go-review.googlesource.com/13817
Reviewed-by: Adam Langley <agl@golang.org>
crypto/ssh: Parse ECDSA key using struct
Change parseECDSA() to unmarshal the key's contents into a struct
representing the wire format, consistent with the parseRSA() and
parseDSA(), to make the code more readable and its intent clearer.
Change-Id: Iea85630107ac0b3e681807d2278390c8c50ce141
Reviewed-on: https://go-review.googlesource.com/13663
Reviewed-by: Han-Wen Nienhuys <hanwenn@gmail.com>
Reviewed-by: Adam Langley <agl@golang.org>
crypto/ssh: Support turning a crypto.Signer into an ssh.Signer
This adds a NewSignerFromSigner to crypto/ssh which takes a
crypto.Signer and turns it into an ssh.Signer, helpful if, e.g., your
crypto.Signer is backed by some sort of hardware device.
The interfaces are very similar - the biggest differences are that a
crypto.Signer accepts hashed data, while an ssh.Signer does not, and
some differences in encoding for DSA and ECDSA signatures.
This also adjusts NewSignerFromKey to use NewSignerFromSigner where
possible, dropping the rsaPrivateKey and ecdsaPrivateKey types in
favor of wrappedSigner. (However, because *dsa.PrivateKey is not a
crypto.Signer, we still have to keep dsaPrivateKey)
Change-Id: Ia2e20ece9c9d3844b4e5a64c1a7d997178ec8781
Reviewed-on: https://go-review.googlesource.com/10953
Reviewed-by: Adam Langley <agl@golang.org>
x/crypto/ssh: Add protocol version to ServerVersion
280be00 introduced custom server versions; however, at least OpenSSH
clients do not accept a server version that doesn't start with a
protocol version like "SSH-2.0-"; this is not documented in this
library, and automatically adding it in case that the user did not does
no harm.
Change-Id: Iafc23b23160a8277b10cbf29778dc64a96351bd7
Reviewed-on: https://go-review.googlesource.com/14018
Reviewed-by: Adam Langley <agl@golang.org>
crypto/ssh: fix typo in error string.
cound -> could
Also change fmt.Errorf -> errors.New for consistency.
Change-Id: I0b6900a76b70cd37ab2e8d61327868b46366ec64
Reviewed-on: https://go-review.googlesource.com/11235
Reviewed-by: Adam Langley <agl@golang.org>
x/crypto/ssh: run go fmt
Change-Id: Ibb071aa550ca7392543c2d1eba8f8a69ba1d86fa
Reviewed-on: https://go-review.googlesource.com/17270
Reviewed-by: Dave Cheney <dave@cheney.net>
x/crypto/ssh/agent: Fix keyring removing the wrong key(s)
The Remove method for the keyring sliced the internal keys list
incorrectly when removing a key. This caused the wrong key to be removed
or sometimes multiple keys were removed. Additionally, if the key to be
removed was the last key, the method never returned.
Fixes golang/go#13628
Change-Id: I0facbcb8f8b65709222067ce37ea26e3fb5ba8e8
Reviewed-on: https://go-review.googlesource.com/17870
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
x/crypto/ssh: allow a custom Config to specify CBC mode.
Cryptographic flaws are so hard to kill it can only be a matter of time
before they start crying “brains!” and holding their arms out straight.
Fixes golang/go#13776.
Change-Id: Iee1c19dbe823eb8728e283dd11083638e41f7189
Reviewed-on: https://go-review.googlesource.com/18482
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
x/crypto/ssh: add function to parse known_hosts files.
Change-Id: I9258ecf2b38258e31bcb6e73ac042ad8125fd2d1
Reviewed-on: https://go-review.googlesource.com/18106
Reviewed-by: Peter Moody <peter.moody@gmail.com>
Reviewed-by: Adam Langley <agl@golang.org>
x/crypto/ssh/agent: add a client example and tweak package doc.
Change-Id: I373fdbb6351d71b12fcfed31cf4b08975a443294
Reviewed-on: https://go-review.googlesource.com/19894
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
x/crypto/ssh: Add timeout for dialing
Fixes golang/go#14941
Change-Id: I2b3a976d451d311519fab6cdabdc98a4a4752e31
Reviewed-on: https://go-review.googlesource.com/21136
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
x/crypto/ssh: interpret disconnect message as error in the transport layer.
This ensures that higher level parts (e.g. the client authentication
loop) never have to deal with disconnect messages.
Fixes https://github.com/coreos/fleet/issues/565.
Change-Id: Ie164b6c4b0982c7ed9af6d3bf91697a78a911a20
Reviewed-on: https://go-review.googlesource.com/20801
Reviewed-by: Anton Khramov <anton@endocode.com>
Reviewed-by: Adam Langley <agl@golang.org>
x/crypto/ssh/terminal: create stubs for plan9 methods
To facilitate testing of methods in other GOOSs we need plan9 to
be able to build and run the test without a errors due to
undefined methods.
Fixes golang/go#15195
Change-Id: Ida334676f92db6fb4652af3e3a9f6bc13a96052c
Reviewed-on: https://go-review.googlesource.com/21711
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
x/crypto/ssh/terminal: ensure windows MakeRaw returns previous state
The MakeRaw method should be returning the original state so that
it can be restored. However, the current implementation is returning
the new, "raw" state.
Fixes golang/go#15155
Change-Id: I8e0b87229b7577544e1118fa4b95664d3a9cf5da
Reviewed-on: https://go-review.googlesource.com/21612
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
x/crypto/ssh: make sure the initial key exchange happens once.
This is done by running the key exchange and setting the session ID
under mutex. If the first exchange encounters an already set session
ID, then do nothing.
This fixes a race condition:
On setting up the connection, both sides sent a kexInit to initiate
the first (mandatory) key exchange. If one side was faster, the
faster side might have completed the key exchange, before the slow
side had a chance to send a kexInit. The slow side would send a
kexInit which would trigger a second key exchange. The resulting
confirmation message (msgNewKeys) would confuse the authentication
loop.
This fix removes sessionID from the transport struct.
This fix also deletes the unused interface rekeyingTransport.
Fixes #15066
Change-Id: I7f303bce5d3214c9bdd58f52d21178a185871d90
Reviewed-on: https://go-review.googlesource.com/21606
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
x/crypto/ssh: debug support for msgUserAuthSuccess and msgChannelData
Change-Id: I14d59509f22edf01827610a4ef4c50b53cbc8059
Reviewed-on: https://go-review.googlesource.com/21605
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
x/crypto/ssh: omit empty fields in error message
Although the signal and msg fields are assigned together, their
values originate from the remote server and may be empty.
Fixes golang/go#14251
Change-Id: I9d9094cc69f3c14bf1648af59951f6b6c7a71e0a
Reviewed-on: https://go-review.googlesource.com/22196
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
x/crypto/ssh/agent: Support v1 remove all message
Some ssh-agent clients expect the server to support remove all messages
for protocols 1 & 2 and error if protocol 1 support is missing.
This adds a null-op implementation of the remove all message in similar
fashion to the existing list all message support.
Fixes golang/go#15159
Change-Id: I9389885d89c9147f3e10850893bba6ed7d0a4e82
Reviewed-on: https://go-review.googlesource.com/21468
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
x/crypto/ssh: remove misleading comment, add example
Add an example for using the PublicKeys AuthMethod.
Change-Id: I3fe02bb3c9b8ccf313d72858328c8576cbf3eb06
Reviewed-on: https://go-review.googlesource.com/22250
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
x/crypto/ssh: if debugMux is set, also log global messages.
Change-Id: I685ba7f30f1d2e2bc3c078c7bddb6d383a179113
Reviewed-on: https://go-review.googlesource.com/22416
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
x/crypto/ssh: support more keytypes in the agent.
This allows the golang ssh-agent to support the full suite of keys
the library accepts.
Currently constraints are ignored.
Change-Id: I7d48c78e9a355582eb54788571a483a736c3d3ef
Reviewed-on: https://go-review.googlesource.com/21536
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
x/crypto/ssh: fix subsequent key exchanges.
In https://go-review.googlesource.com/#/c/21606/ , kexResult.SessionID
was erroneously not set for all but the first key exchange. The
unittests did not catch this, as server and client make the same
mistake, but OpenSSH notices corrupted data and kills the connection.
Fixes #15445.
Change-Id: If98249b37d81efaa2ebefc836df0b150feba1256
Reviewed-on: https://go-review.googlesource.com/22418
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
x/crypto/ssh: also log data packets when debugHandshake is set
Change-Id: Ibb26269608e506e8a676c276f847d77fe7014ceb
Reviewed-on: https://go-review.googlesource.com/22514
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
ssh: fix compatibility with recent OpenSSH
Make x/crypto/ssh tests compatible with recent OpenSSH versions.
This means not using rsa keys shorter than 1024 bits any more, and
explicitly enabling all key types in the OpenSSH config, since some
are now disabled by default.
Tested against OpenSSH_7.2p2 and now passes.
Change-Id: I607bf15f063d4833b0876393d6845a4f507f48af
Reviewed-on: https://go-review.googlesource.com/22840
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
x/crypto/ssh: hide msgNewKeys in the transport layer.
This ensures that extraneous key exchanges cannot confuse application
level code.
Change-Id: I1a333e2b7b46f1e484406a79db7a949294e79c6d
Reviewed-on: https://go-review.googlesource.com/22417
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
Reviewed-by: Adam Langley <agl@golang.org>
x/crypto/ssh: add support for ed25519 keys
Added support for parsing the "new" openssh private key format.
(ed25519 keys only in this format for now)
Signing and verifying functions now work with ed25519 keys.
ed25519 can now be accepted by the server to authenticate a client.
ed25519 can now be accepted by a client as a server host key.
Related documentation used:
https://www.ietf.org/archive/id/draft-bjh21-ssh-ed25519-02.txt
Change-Id: I84385f24d666fea08de21f980f78623f7bff8007
Reviewed-on: https://go-review.googlesource.com/22512
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
x/crypto/ssh: add 3des-cbc as a non-default cipher
3des-cbc is an insecure cipher. As such, you must explictly add it to
Config in order to use it.
Change-Id: Ifd15cde46a9908eefef1c75bae7e97b05767361d
Reviewed-on: https://go-review.googlesource.com/22770
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
x/crypto/ssh: return msgNewKeys for a short-circuited first kex.
If one of both sides is slow, the first kex completes implicitly. The
first kex also produces msgNewKeys, and this must be read to ensure
that the authentication code is not confused by it.
Before this fix, the problem could be reproduced by inserting a sleep
just before the requestInitialKeyChange call.
Fixes #15198
Change-Id: I602db5dd37b2d8556c88ab4cdb693ccf90147a3d
Reviewed-on: https://go-review.googlesource.com/23137
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
Reviewed-by: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
ssh: allow adding ed25519 keys to the agent
Fixes golang/go#15701
Change-Id: I561701e38b9d434ef44448bdbcfab203f3c31d99
Reviewed-on: https://go-review.googlesource.com/23141
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
x/crypto/ssh: set constraints when adding certs to the agent
Fixes golang/go#15953
Change-Id: Ia36b5422bef14609d512c3f5055a3bffad18ce0f
Reviewed-on: https://go-review.googlesource.com/23752
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
crypto/ssh: minor comment change (trivial)
Fixed a function comment.
Change-Id: I1185c0c849abbb8244c6282fa6036fa6939c3309
Reviewed-on: https://go-review.googlesource.com/23971
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
agent: add agent server support for ed25519 keys.
the client library already supports them.
Fixes golang/go#16096
Change-Id: Iaa117ee31f706301e8b24c2775f5a604ef005440
Reviewed-on: https://go-review.googlesource.com/24285
Reviewed-by: Adam Langley <agl@golang.org>
x/crypto/ssh: Add support for retryable authentication
Adds a new AuthMethod called "RetryableAuthMethod" which decorates any
other authmethod, allowing it to be retried up to maxTries before
aborting.
Fixes #16077
Change-Id: Ie310c24643e53dca4fa452750a69936674906484
Reviewed-on: https://go-review.googlesource.com/24156
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
x/crypto/ssh: use BigEndian.Uint32 for decoding exit status.
Change-Id: Iab40fe42454088a00abea61dfb6f368da9323eb3
Reviewed-on: https://go-review.googlesource.com/24726
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
x/crypto: fix typos
The typos were found by misspell tool.
Change-Id: I120740f12f7ba48330749ebf84050a7b98e01016
Reviewed-on: https://go-review.googlesource.com/24725
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
x/crypto/ssh: handle missing exit status more gracefully.
According to RFC 4254 section 6.10, SSH server implementations may
omit the exit-status and exit-signal messages. If this happens, we
now return &ExitMissingError{}, so clients can handle this case
specifically.
This came up in the discussion of issue #16194.
Change-Id: Iae5e916b18aa5bd8e95618e9fcfcab8b19e147d9
Reviewed-on: https://go-review.googlesource.com/24727
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
x/crypto/ssh/agent: ecdsa key/cert typo
Introduced by me in 21536
Change-Id: I4a5f3507270a3d6eea9779508642ea5789d1efca
Reviewed-on: https://go-review.googlesource.com/24811
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
x/crypto/ssh: add ed25519 certs to supportedHostKeyAlgos
Change-Id: I46bb7721c081b8a9b0395a4f7c49b7f3e27bbc49
Reviewed-on: https://go-review.googlesource.com/24831
Reviewed-by: Adam Langley <agl@golang.org>
ssh: disable known-flaky test from the Go build dashboard
This failure is tracked already. Remove it from the dashboard
while it's fixed so it doesn't hide more interesting failures.
Updates golang/go#15198
Change-Id: Ib48d1e37ac97914ac082b2602c812151147393e4
Reviewed-on: https://go-review.googlesource.com/24986
Reviewed-by: Ian Lance Taylor <iant@golang.org>
x/crypto/ssh/terminal: have MakeRaw mirror cfmakeraw.
Rather than guessing at which terminal flags should be set or cleared by
MakeRaw, this change tries to make it mirror the behaviour documented
for cfmakeraw() in the termios(3) manpage.
Fixes golang/go#15625
Change-Id: Icd6b18ffb57ea332147c8c9b25eac5e41eb0863a
Reviewed-on: https://go-review.googlesource.com/22964
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Fa…
bored-engineer
pushed a commit
to bored-engineer/ssh
that referenced
this issue
Oct 13, 2019
Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <agl@golang.org>
bored-engineer
pushed a commit
to bored-engineer/ssh
that referenced
this issue
Oct 13, 2019
Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <agl@golang.org>
c-expert-zigbee
pushed a commit
to c-expert-zigbee/crypto_go
that referenced
this issue
Mar 28, 2022
Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <agl@golang.org>
c-expert-zigbee
pushed a commit
to c-expert-zigbee/crypto_go
that referenced
this issue
Mar 29, 2022
Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <agl@golang.org>
BiiChris
pushed a commit
to BiiChris/crypto
that referenced
this issue
Sep 15, 2023
Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <agl@golang.org>
desdeel2d0m
added a commit
to desdeel2d0m/crypto
that referenced
this issue
Jul 1, 2024
Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <agl@golang.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm implementing an ssh client using the ssh package; my program checks the server's public key using ClientConfig.HostKeyCallback ( https://godoc.org/golang.org/x/crypto/ssh#ClientConfig ).
Unfortunately, it fails login to some servers if the server has multiple keys (e.g., ssh_host_ecdsa_key, ssh_host_rsa_key, and ssh_host_dsa_key) and the client has a public key other than ECDSA.
SSH client in Google Go always lists the host key algorithms in the SSH_MSG_KEXINIT message in this order:
See the source code:
https://github.com/golang/crypto/blob/c10c31b5e94b6f7a0283272dc2bb27163dcea24b/ssh/common.go#L42
https://github.com/golang/crypto/blob/c10c31b5e94b6f7a0283272dc2bb27163dcea24b/ssh/handshake.go#L237
If the server has both ECDSA and RSA keys, and the client knows only the RSA public key, the implementation in Google Go will always use ECDSA, so the SSH handshake will fail. Only the ECDSA public key will be passed to ClientConfig.HostKeyCallback, then the SSH handshake will fail.
I studied the source code of the original ssh tool (http://www.openssh.com/).
In order_hostkeyalgs function (file sshconnect2.c), they find all public keys in known_hosts for this host and place the corresponding algorithms at the beginning of the list of host key algorithms in SSH_MSG_KEXINIT. For example, if the client has an RSA key for this host, the list of algorithms passed to the server will be:
RFC 4253, chapter 7.1 says:
So, the implementation in Google Go seems to be incorrect.
The text was updated successfully, but these errors were encountered: