Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh: TestClientUnsupportedKex : use of close network connection on FreeBSD. #15198

Open
bradfitz opened this Issue Apr 8, 2016 · 6 comments

Comments

Projects
None yet
3 participants
@bradfitz
Copy link
Member

bradfitz commented Apr 8, 2016

I noticed these failing ssh tests on a freebsd-amd64 trybot:

https://storage.googleapis.com/go-build-log/01360a64/freebsd-amd64-gce101_5e66e373.log

--- FAIL: TestClientAuthPublicKey (0.00s)
    client_auth_test.go:97: unable to dial remote side: ssh: handshake failed: ssh: unexpected message type 21 (expected 6)
--- FAIL: TestClientUnsupportedKex (0.00s)
    client_auth_test.go:256: got ssh: handshake failed: write tcp 127.0.0.1:30006->127.0.0.1:63686: use of closed network connection, expected 'common algorithm'
FAIL
FAIL    golang.org/x/crypto/ssh 1.024s

@bradfitz bradfitz added this to the Unreleased milestone Apr 8, 2016

@hanwen

This comment has been minimized.

Copy link
Contributor

hanwen commented Apr 8, 2016

unexpected message type 21 (expected 6) is the same problem as #15066. The same problem may also cause the other error; let's wait for https://go-review.googlesource.com/#/c/21606/ to land.

@hanwen

This comment has been minimized.

Copy link
Contributor

hanwen commented Apr 25, 2016

the remaining problem (use of closed network connection) is still there. Bummer.

@hanwen hanwen changed the title x/crypto/ssh: failing TestClientUnsupportedKex and TestClientAuthPublicKey x/crypto/ssh: TestClientUnsupportedKex : use of close network connection on FreeBSD. Apr 25, 2016

@hanwen

This comment has been minimized.

Copy link
Contributor

hanwen commented May 12, 2016

ugh. Seems I have broken the initial kex (again). If I add a 100ms right before requestInitalKex() in clientHandShake, all of the tests barf again. Clearly more test coverage is needed here.

@bradfitz

This comment has been minimized.

Copy link
Member Author

bradfitz commented Jul 15, 2016

This is still distracting us when looking for failures on build.golang.org. We need to get things not red. (that is #11811)

Can you disable this test if it's going to be flaky longer?

@bradfitz

This comment has been minimized.

Copy link
Member Author

bradfitz commented Jul 17, 2016

Sent https://go-review.googlesource.com/24986 to neuter the test on the build dashboard for now.

@gopherbot

This comment has been minimized.

Copy link

gopherbot commented Jul 17, 2016

CL https://golang.org/cl/24986 mentions this issue.

gopherbot pushed a commit to golang/crypto that referenced this issue Jul 17, 2016

ssh: disable known-flaky test from the Go build dashboard
This failure is tracked already. Remove it from the dashboard
while it's fixed so it doesn't hide more interesting failures.

Updates golang/go#15198

Change-Id: Ib48d1e37ac97914ac082b2602c812151147393e4
Reviewed-on: https://go-review.googlesource.com/24986
Reviewed-by: Ian Lance Taylor <iant@golang.org>

tg123 pushed a commit to tg123/sshpiper that referenced this issue Sep 28, 2016

ssh: disable known-flaky test from the Go build dashboard
This failure is tracked already. Remove it from the dashboard
while it's fixed so it doesn't hide more interesting failures.

Updates golang/go#15198

Change-Id: Ib48d1e37ac97914ac082b2602c812151147393e4
Reviewed-on: https://go-review.googlesource.com/24986
Reviewed-by: Ian Lance Taylor <iant@golang.org>

tg123 added a commit to tg123/sshpiper that referenced this issue Dec 29, 2018

import from go ssh
go.crypto: initial code

Manual edits to README.
Moved from main Go repository, deleted Makefiles, ran gofix -r go1rename.

Tested with: go test code.google.com/p/go.crypto/...

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5564059

go.crypto/ssh: add User to ServerConn and pass *ServerConn to callbacks.

R=golang-dev, dave, agl
CC=golang-dev
https://golang.org/cl/5577070

ssh: fix locking in channel.Write

Since a lock is retaken before sync.Cond.Wait returns, this could
deadlock when the for loop attempts to take the lock again. (Reported
by sanjay.m.)

theirWindow was used outside of the lock, therefore concurrent writers
could overrun the window.

theirWindow was never updated to reflect the data written.

R=dave, balasanjay
CC=golang-dev
https://golang.org/cl/5671084

go.crypto/ssh: add Stderr() in Channel interface.

Adds support for piping Stderr to the client.

R=golang-dev, dave, agl
CC=golang-dev
https://golang.org/cl/5674081

ssh: use *rsa.PublicKey or *dsa.PublicKey in interfaces.

Everywhere else in the code base, when we have an interface{} which is
a stand in for a public key, we use *foo.PublicKey rather than
foo.PublicKey. This change makes ssh reflect that.

R=dave, r
CC=golang-dev
https://golang.org/cl/5686067

go.crypto/ssh: add client support for OpenSSH certificates
Refactor key parsing, marshaling, and serialization to be a bit more flexible

R=agl, dave, djm
CC=golang-dev
https://golang.org/cl/5650067

go.crypto/ssh: improve support for MAC algorithms

Also, add support for hmac-sha1.

At the suggestion of AGL hmac-md5, and hmac-md5-96
support was not included.

Fixes golang/go#3095.

R=golang-dev, agl, huin
CC=golang-dev
https://golang.org/cl/5696065

go.crypto/ssh: Initial checkin of ssh agent support.

R=agl, dave, djm
CC=golang-dev
https://golang.org/cl/5695081

go.crypto/ssh: add benchmarks for marshal and unmarshal

R=agl
CC=golang-dev
https://golang.org/cl/5730045

go.crypto/ssh: improve marshal performance

Atom N450, 6g

benchmark                         old ns/op    new ns/op    delta
BenchmarkMarshalKexInitMsg            96446        66675  -30.87%
BenchmarkUnmarshalKexInitMsg         155341       142715   -8.13%
BenchmarkMarshalKexDHInitMsg           9499         8340  -12.20%
BenchmarkUnmarshalKexDHInitMsg         4973         5145   +3.46%

Intel E3-1270, 6g

benchmark                         old ns/op    new ns/op    delta
BenchmarkMarshalKexInitMsg            23218        16903  -27.20%
BenchmarkUnmarshalKexInitMsg          31384        31640   +0.82%
BenchmarkMarshalKexDHInitMsg           1943         1661  -14.51%
BenchmarkUnmarshalKexDHInitMsg          915          941   +2.84%

R=agl, minux.ma, remyoudompheng
CC=golang-dev
https://golang.org/cl/5728053

go.crypto/ssh: add support for diffie-hellman-group1-sha1.

Fixes golang/go#2903.

R=golang-dev
CC=agl, golang-dev
https://golang.org/cl/5755054

go.crypto/ssh: respect adjust window msg on server.

R=golang-dev
CC=agl, golang-dev
https://golang.org/cl/5908048

go.crypto/ssh: fix example in documentation

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/5905048

go.crypto: add exp/terminal as code.google.com/p/go.crypto/ssh/terminal.

This removes the sole "exp/foo" import in the Go subrepos.
A separate CL will remove exp/terminal from the standard Go repository.

R=golang-dev, dave, r
CC=golang-dev
https://golang.org/cl/5966045

go.crypto/ssh: improve error message when no authentication methods remain

R=golang-dev
CC=golang-dev
https://golang.org/cl/5960044

go.crypto/ssh: replace window channel with an atomic variable and condition

Fixes golang/go#3479.

Using a channel to model window size was a mistake. Unlike stdin and
stdout, which are streams of data, window size is an variable and
should be modeled as such.

R=golang-dev, agl, gustav.paul, kardianos, dvyukov
CC=golang-dev
https://golang.org/cl/5986053

crypto/ssh: fix several logic errors.

These are the obvious mistakes from my read through. I'll save the
more cosmetic changes for a later CL.

R=dave, kardianos
CC=golang-dev
https://golang.org/cl/6049050

go.crypt/ssh: Add additional test for server.

R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6075046

ssh: cosmetic cleanups

These are the cosmetic cleanups from the bits of code that I
rereviewed.

1) stringLength now takes a int; the length of the string. Too many
   callers were allocating with stringLength([]byte(s)) and
   stringLength only needs to call len().

2) agent.go now has sendAndReceive to remove logic that was
   duplicated.

3) We now reject negative DH values

4) We now reject empty packets rather than crashing.

R=dave, jonathan.mark.pittman
CC=golang-dev
https://golang.org/cl/6061052

go.crypto/ssh: server_test should bind to localhost only

Hopefully fix build error under windows.

Binding to the wildcard is poor form for our darwin users
as it triggers the firewall popup. Dialing the wildcard
looks like it's implementation specific as well.

R=agl, kardianos
CC=golang-dev
https://golang.org/cl/6104046

ssh: handle bad servers better.

This change prevents bad servers from crashing a client by sending an
invalid channel ID. It also makes the client disconnect in more cases
of invalid messages from a server and cleans up the client channels
in the event of a disconnect.

R=dave
CC=golang-dev
https://golang.org/cl/6099050

go.crypto/ssh: add support for remote tcpip forwarding

Add support for server (remote) forwarded tcpip channels.
See RFC4254 Section 7.1

R=gustav.paul, jeff, agl, lieqiewang
CC=golang-dev
https://golang.org/cl/6038047

ssh: fix deadlock

The code was taking locks in the wrong order.

Fixes golang/go#3570.

R=fullung
CC=golang-dev
https://golang.org/cl/6123058

go.crypto/ssh: prevent concurrent reads and concurrent writes over the same agent connection

minor fix for v01 cert parsing when algo is not supported

R=golang-dev, agl, dave
CC=golang-dev
https://golang.org/cl/6116052

ssh: fix flaky TestInvalidServerMessage

When shutting down the test, we sometimes see EOF on the server's side
of the connection and sometimes ECONNRESET. In the latter case, based
on timing, it was possible that the server loop would hit Errorf during
shutdown and cause the test to fail.

R=dave
CC=golang-dev
https://golang.org/cl/6125047

go.crypto/ssh: add support for client side global requests

* Add support for RFC4254 section 4 global requests.
* Improve clientConn.Listen to process responses properly.

R=agl, gustav.paul
CC=golang-dev
https://golang.org/cl/6130050

go.crypto/ssh: hide private forwardList methods

This was my mistake. I should have checked godoc before
submitting the previous CL.

R=agl
CC=golang-dev
https://golang.org/cl/6140051

go.crypto/ssh: struct renaming

This CL is in preparation for 6128059.

* rename channel -> serverChan
* rename chanlist -> chanList
* normalise theirId/MyId/id/peersId -> localId/remoteId

R=agl
CC=golang-dev
https://golang.org/cl/6174046

go.crypto/ssh: move common channel methods into an embedded struct

This CL introduces a new struct, channel to hold common shared
functions.

* add a new channel struct, which is embeded in {client,server}Chan.
* move common methods from {client,server}Chan into channel.
* remove unneeded used of serverConn.lock in serverChan
 (transport.writePacket has its own mutex).
* remove filteredConn, introduce conn.

R=agl, gustav.paul
CC=golang-dev
https://golang.org/cl/6128059

go.crypto/ssh: make {client,server}Chan use common window management

R=agl, gustav.paul, kardianos
CC=golang-dev
https://golang.org/cl/6208043

go.crypto/ssh: introduce a circular buffer for chanReader

R=agl, gustav.paul, kardianos
CC=golang-dev
https://golang.org/cl/6207051

go.crypto/ssh: fix panic unmarshalling channelOpenFailureMsg

I introduced this problem in change set 33 when I redefined
RejectionReason from a uint32 to an int. I have added a test
to verify the message can be marshaled correctly.

This was a bit hard to track down as the recover in clientConn
mainLoop would catch the panic and shutdown the connection. We
probably shouldn't be using panic inside marshal/unmarshal, at
least not without a way to let the user know why the recover
logic tripped.

R=agl, kardianos, gustav.paul
CC=golang-dev
https://golang.org/cl/6210063

go.crypto/ssh: allow zero sized window adjustments

The RFC doesn't prohibit zero sized window adjustments and
there is evidence of well known clients using them in the
wild.

R=agl, kardianos, gustav.paul
CC=golang-dev
https://golang.org/cl/6209082

go.crypto/ssh: allow server to respond to client init key exchange.

A windows SSH client, PuTTY, by default re-keys after every 60 minutes
or 1G of data transfer.

R=dave, agl
CC=golang-dev
https://golang.org/cl/6301071

ssh: added RequestSubsystem().

RequestSubsystem requests the association of a subsystem with the ssh
session on the remote host. A subsystem is a predefined command that
runs in the background when the ssh session is initiated (i.e. sftp).

R=golang-dev, agl
CC=golang-dev, gustav.paul
https://golang.org/cl/6295096

go.crypto/ssh: add ClientAuthAgent

ClientAuthAgent adapts a *AgentClient to a ClientAuth.

R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6352056

go.crypto/ssh: avoid recover() when handling invalid channel ids

This proposal removes the use of recover() to catch
invalid channel ids sent from the remote side. The
recover() unfortuntaly makes debugging harder as it
obscures other panic causes.

Another source of panic()s exists inside marshal.go,
which will be handled with in a later CL.

R=agl, gustav.paul
CC=golang-dev
https://golang.org/cl/6404046

go.crypto/ssh: use binary.BigEndian throughout

A small cleanup.

R=agl, gustav.paul
CC=golang-dev
https://golang.org/cl/6406043

go.crypto/ssh: improve TestServerWindow robustness

Fix a few resource leaks and prevent the test from
hanging if an error occurs reading from the remote
server.

R=agl, gustav.paul, kardianos
CC=golang-dev
https://golang.org/cl/6423065

go.crypto/ssh: never send more data than maxpacket

RFC 4254 s5.2 is clear that a client must never send a data
packet larger than the value of maximum packet supplied by the
remote side during channel setup. The client was not honoring
this value, in fact it wasn't even recording it.

Thanks to Albert Strasheim for the bug report.

R=agl, fullung
CC=golang-dev
https://golang.org/cl/6448128

go.crypto/ssh: cosmetic: move remaining channel code into channel.go

This CL scratches an itch by moving the remaining channel related code
into channel.go.

R=agl
CC=golang-dev
https://golang.org/cl/6454126

go.crypto/ssh: improve channel max packet handling

This proposal moves the check for max packet into
channel.writePacket. Callers should be aware they cannot
pass a buffer larger than max packet. This is only a
concern to chanWriter.Write and appropriate guards are
already in place.

There was some max packet handling in transport.go but it was
incorrect. This has been removed.

This proposal also cleans up session_test.go.

R=gustav.paul, agl, fullung, huin
CC=golang-dev
https://golang.org/cl/6460075

go.crypto/ssh: fix misplaced defer

Fixes golang/go#3972.

R=golang-dev, agl, r
CC=golang-dev
https://golang.org/cl/6448166

go.crypto/ssh: prevent channel writes after Close

Fixes golang/go#3810.

This change introduces an atomic boolean to guard the close
of the clientChan. Previously the client code was quite
lax with the ordering of the close messages and could allow
window adjustment or EOF messages to leak after Close had
been signaled.

Consolidating the changes to the serverChan will be handled
in a following CL.

R=agl, kardianos, gustav.paul
CC=golang-dev
https://golang.org/cl/6405064

go.crypto/ssh: prevent server from sending more than maxPacket

Fixes golang/go#4003.

R=agl, dave, agl
CC=golang-dev
https://golang.org/cl/6483052

go.crypto/ssh: fix test failure on windows

Use a handler that does not attempt to send a status message
as the failing test closes the connection abruptly.

Also, check the err response on all shell.ReadLine operations.

R=agl, minux.ma, kardianos
CC=golang-dev
https://golang.org/cl/6487043

go.crypto/ssh: improve test reliability

Fixes golang/go#3989.

Tested for several hours on an 8 core ec2 instance with
random GOMAXPROC values.

Also, rolls server_test.go into session_test using the
existing dial() framework.

R=fullung, agl, kardianos
CC=golang-dev
https://golang.org/cl/6475063

go.crypto/ssh: assorted close related fixes

Fixes golang/go#3810.

Fixes chanWriter Write after close behaviour bug.

Fixes serverChan writePacket after close bug.

Addresses final comments by agl on 6405064, plus various cleanups.

R=agl, kardianos, gustav.paul, fullung
CC=golang-dev
https://golang.org/cl/6479056

go.crypto/ssh: sanity check incoming packet length

The check for a sensible packet length was removed a while ago
when the window size and channel packet size checks were moved
into channel.go. While the RFC suggests that any packet of size
less than uint32 -1 is valid, most implmentations limit the size
to a smaller value. OpenSSH chose 256kb, so that sounds like a
sensible default.

R=agl, huin, kardianos
CC=golang-dev
https://golang.org/cl/6490098

go.crypto/ssh: Read returns all unread bytes before returning io.EOF.

Fixes golang/go#4158.

R=dave, agl
CC=golang-dev
https://golang.org/cl/6586060

go.crypto/ssh: new test subpackage

This proposal is an attempt to improve the state of functional testing in the ssh package. The previous functional tests required the user to give away some personal details, like their password and private key to run the tests, and so were probably not run as frequently as they should.

R=agl, gustav.paul, kardianos, fullung
CC=golang-dev
https://golang.org/cl/6601043

go.crypto: various: fix appengine compatibility

Fixes golang/go#4102.

R=russross, minux.ma, rsc, agl
CC=golang-dev
https://golang.org/cl/6623053

go.crypto/ssh: add terminal modes to ssh.RequestPty()

R=dave, agl
CC=golang-dev
https://golang.org/cl/6655046

go.crypto/ssh: never negotiate unsupported ciphers

Fixes golang/go#4285.

Adding a new cipher that is supported by the remote end, but not supported by our client causes that cipher to be considered a valid candidate. This fails later in setupKeys when there is no cipherModes configuration.

In summary, unsupported ciphers cannot be willed into existence by adding them to the client config. This change enforces this.

R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6780047

go.crypto/ssh/test: don't kill process if it was never started

This case arises if s.cmd.Start fails when called by
server.Dial.

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/6821097

go.crypto/ssh: make tests work on non-cgo platforms.

user.Current() currently requires cgo - if an error is returned
attempt to get the username from the environment.

R=golang-dev, minux.ma, bradfitz, dave
CC=golang-dev
https://golang.org/cl/6819113

ssh: add functions for public keys in wire & auth keys format.

This allows easy import/export of public keys in the format
expected by OpenSSH for authorized_keys files, as well as
allowing comparisons with ServerConfig's PublickeyCallback.
Fixes golang/go#3908.

R=agl, dave, golang-dev, bradfitz
CC=agl, golang-dev
https://golang.org/cl/6855107

go.crypto/ssh: run gofmt

gofmt got better at removing trailing whitespace.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/6929044

go.crypto/ssh: Add support for ECDSA keys and certs.

R=agl, dave
CC=golang-dev
https://golang.org/cl/6873060

go.crypto/ssh/test: move some variables into common os source file to fix windows build

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/6944048

go.crypto/ssh: Miscellaneous changes up for discussion.
Export key and certificate algorithm names.
Switch from string literals over to using the constants for any key/cert algorithm references.
Make URL references visible in the godoc web display.
Standardize url reference names with surrounding [].

R=dave, agl, jonathan.mark.pittman
CC=golang-dev
https://golang.org/cl/6944047

go.crypto: gofmt -w -s

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/6948057

go.crypto/ssh: some cleanup
Simplify MarshalAuthorizedKey by using the algoName func.
Make the algoName func be very specific about supported key types in openssh certs.
Generalize some of the commentary that previously mentioned specific key types.

R=agl, dave
CC=golang-dev
https://golang.org/cl/6938067

go.crypto/ssh: support OpenSSH keepalives
Fixes golang/go#4552.

R=minux.ma, agl
CC=golang-dev
https://golang.org/cl/6948059

ssh/terminal: add GetState and make ReadPassword work in raw mode.

GetState is useful for restoring the terminal in a signal handler.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/6990043

ssh/terminal: add darwin support.

terminal contains a number of utility functions that are currently only
implemented for Linux. Darwin uses different named constants for
getting and setting the terminal state so this change splits them off
as constants and defines them for each arch.

R=golang-dev, minux.ma
CC=golang-dev
https://golang.org/cl/7286043

ssh/test: deflake session test.

The session test previously had a one second timeout for the output of
stty and this was leading to flakiness. This change removes the timeout
since go test has a generic timeout mechanism.

Additionally, the test was looking for "-echo" in the output to test
the value of the echo flag. However, there are also typically "echoe",
"echok" and "echonl" flags, and "-echo" could be a prefix of any of
time. Thus we now also match a trailing space.

R=golang-dev, rsc, extraterrestrial.neighbour
CC=golang-dev
https://golang.org/cl/7579043

go.crypto/ssh: fix tests with -cpu 1,2.

When running the ssh tests several times (e.g. with -cpu 1,2), the
second run would fail because testing globals had been altered. This
change avoids altering the globals since the default worked anyway.

Fixes golang/go#4715.

R=golang-dev, minux.ma
CC=golang-dev
https://golang.org/cl/7903045

go.crypto/ssh/test: wait on sshd process in tests

R=dave
CC=golang-dev
https://golang.org/cl/8449043

go.crypto/ssh/test: improve diagnostics for test failing to get username.

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/8817043

go.crypto/ssh/test: Fix distracting nil pointer dereference in a test.

If cgo is disabled (such as it appears to be on a subset of builders),
username() panics, and s.cmd is nil; let's not panic while recovering
from a different panic.

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/8820043

go.crypto/ssh/test: Replace FailNow with Fail where it is obvious that the test doesn't want to fail now.

Improve a couple of test error messages too.

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/8661045

go.crypto/ssh: More error reporting improvements.

R=golang-dev, kardianos, dave
CC=golang-dev
https://golang.org/cl/8596047

ssh: add Output and CombinedOutput helpers

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/9711043

go.crypto/ssh: fix test breakage

Followup CL for 9711043. The order that CombinedOutput returns data captured from stdout/stderr is not specified, so we have to test both variants.

Thanks to fullung for the bug report.

R=fullung, kr
CC=golang-dev
https://golang.org/cl/9921044

go.crypto/ssh: fix race on mock ssh network connection

Fixes golang/go#5138.
Fixes golang/go#4703.

This appears to pass my stress tests with and without the -race detector, but I'd like to see others hit it with their machines.

R=golang-dev, fullung, huin, kardianos, agl
CC=golang-dev
https://golang.org/cl/9929043

go.crypto/ssh: add a error return to decode(), and avoid casting decode() output.

R=dave, kardianos, agl
CC=gobot, golang-dev
https://golang.org/cl/9738053

go.crypto/ssh: implement keyboard-interactive auth (RFC 4256), both
on client and server-side.

R=dave, agl
CC=gobot, golang-dev
https://golang.org/cl/9853050

ssh/terminal: support home, end, up and down keys.

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/9777043

go.crypto: remove unreachable code.

I ran go vet over all of go.crypto and removed lots of panic("unreachable") that are no longer needed.

R=golang-dev, r, dgryski
CC=golang-dev
https://golang.org/cl/10113043

go.crypto: revert 7f5a59ff6b43.

This change reverts https://golang.org/cl/10113043/ because
some folks are stuck on 1.0 till 1.1.1 comes out.

R=golang-dev
CC=golang-dev
https://golang.org/cl/10151043

go.crypto/ssh: fix and test port forwarding.

Set maxPacket in forwarded connection, and use the requested port
number as key in forwardList.

R=golang-dev, agl, dave
CC=golang-dev
https://golang.org/cl/9753044

go.crypto/ssh/test: Run sshd with -e, so the debug output goes onto stderr.

R=dave, agl
CC=golang-dev
https://golang.org/cl/10230043

go.crypto/ssh: fix test breakages introduced by 125:40246d2ae2eb

* Remove special handling for dynamically allocated
  ports. This was a bug in OpenSSH 5.x sshd.

* Run the test with a preselected port number.

* Run TestPortForward only on unix platforms.

R=dave, agl
CC=golang-dev
https://golang.org/cl/10049045

go.crypto/ssh: add hook for host key checking.

R=dave, agl
CC=gobot, golang-dev
https://golang.org/cl/9922043

go.crypto/ssh/terminal: don't save passwords in history.

The history buffer would recall previously entered lines: including passwords. With this change, lines entered while echo is disabled are no longer put into the history.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/10853043

go.crypto/ssh/terminal: support Go 1.0.

For those still stuck on Go 1.0.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/11297043

go.crypto/ssh: close channel feeding tcpListener.

Close both on closing the listener, and on closing the
connection. Test the former case.

R=dave
CC=golang-dev
https://golang.org/cl/11349043

go.crypto/ssh: add workaround for broken port forwarding in
OpenSSH 5.

Tested with OpenSSH_5.9

R=agl, dave
CC=golang-dev
https://golang.org/cl/11921043

go.crypto/ssh: seed random generator, so auto port allocation is truly random.

R=agl, dave
CC=golang-dev
https://golang.org/cl/12027043

crypto/ssh: Handle msgUserAuthBanner during keyboard-interactive auth.

R=agl, golang-dev
CC=golang-dev
https://golang.org/cl/12983046

crypto/ssh: Allow customization of the client version.

R=agl, golang-dev, dave
CC=golang-dev
https://golang.org/cl/13176044

go.crypto/ssh/terminal: handle ^W, ^K and ^H

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/13207043

go.crypto/ssh: implement ECDH.

Implement elliptic-curve Diffie-Hellman, including host key signature
verification.

Moves host key cryptographic verification to ClientConn.handshake(), so
RSA host keys are also verified.

Fixes golang/go#6158.

R=dave, agl
CC=golang-dev
https://golang.org/cl/13021045

go.crypto/ssh: Use net.UnixConn for connecting client and sshd.

This obviates custom code to emulate a thread-safe connection.

Use this for testing that listeners close if the connection breaks.

R=dave, agl, fullung
CC=golang-dev
https://golang.org/cl/11781043

go.crypto/ssh: Update Dial to perform remote resolution of DNS names.

R=agl
CC=golang-dev
https://golang.org/cl/13010047

go.crypto/ssh: use 127.0.0.1 during TestKexAlgorithms (fixes windows build)

R=golang-dev, mikioh.mikioh, remyoudompheng
CC=golang-dev
https://golang.org/cl/13370043

go.crypto/ssh/test: Only show SSHD debug output if test fails.

R=agl, dave, jpsugar
CC=golang-dev
https://golang.org/cl/13438043

go.crypto/ssh: remove misleading marshalPrivRSA.

Properly capitalize publicKey throughout.

R=golang-dev
CC=agl, dave, golang-dev, jpsugar
https://golang.org/cl/13415046

go.crypto/ssh: Begin adding server side support for more than RSA for client key auth

R=agl, dave, hanwen
CC=ekg, golang-dev
https://golang.org/cl/13528044

go.crypto/ssh: introduce PublicKey interface type.

Public functions affected:
-AgentKey.Key
-AgentClient.SignRequest
-ClientKeyring.Key
-MarshalPublicKey
-ParsePublicKey

R=agl, jpsugar, jmpittman
CC=golang-dev
https://golang.org/cl/13642043

go.crypto/ssh/terminal: support Unicode entry.

Previously, terminal only supported ASCII characters. This change
alters some []byte to []rune so that the full range of Unicode is
supported. The only thing that doesn't appear to work correctly are
grapheme clusters as the code still assumes one rune per glyph. Still,
this change allows many more languages to work than did previously.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/13704043

go.crypto/ssh/terminal: fix non-ASCII history.

The length of history buffer entries (which are stored as strings) was
being used as the number of runes. This was correct until ff9ce887b46b,
which allowed unicode entry, but can now cause a panic when editing
history that contains non-ASCII codepoints.

R=golang-dev, sfrithjof, r
CC=golang-dev
https://golang.org/cl/13255050

go.crypto/ssh: introduce Signer method, an abstraction of
private keys.

R=agl, jpsugar, jonathan.mark.pittman
CC=golang-dev
https://golang.org/cl/13338044

go.crypto/ssh: separate kex algorithms into kexAlgorithm class.

Adds readPacket() to conn, and renames conn to packetConn.
Key exchanges operate on packetConn, so they can be
unittested.

R=agl, jpsugar, dave
CC=golang-dev
https://golang.org/cl/13352055

go.crypto/ssh: parse DSA private keys too.

R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/13966043

go.crypto/ssh/terminal: Allow ^A and ^E as synonyms for Home and End.

I understand that ssh/terminal can't implement everybodys
favorite keyboard shortcuts, but I think these are very
widespread. They exist not only in Emacs or Readline, but also
in Acme and Sam. Also they almost come for free.

R=golang-dev
CC=agl, golang-dev
https://golang.org/cl/13839047

go.crypto/ssh: let client accept DSA and ECDSA host key algorithms.

R=agl, dave, jpsugar, m4dh4tt3r, agl
CC=golang-dev
https://golang.org/cl/14420045

go.crypto/ssh: move interpretation of msgNewKeys into
transport.

Sending the msgNewKeys packet and setting up the key material
now happen under a lock, preventing races with concurrent
writers.

R=kardianos, agl, jpsugar, hanwenn
CC=golang-dev
https://golang.org/cl/14476043

go.crypto/ssh: fix certificate parsing/marshaling.

The change to add the PublicKey interface accidentally caused certificate handling to expect an extra copy of the private key algorithm name in the binary representation. This change adapts a suitable parsing API and adds a test to ensure that cert handling isn't easily broken in the future.

R=agl, hanwen, jmpittman
CC=golang-dev
https://golang.org/cl/13272055

go.crypto/ssh: cosmetic only spelling fixes

R=agl, hanwen
CC=dave, golang-dev, jpsugar
https://golang.org/cl/14430055

go.crypto/ssh: implement memTransport using sync.Cond.

This makes memTransport safe for use with multiple
writers/closers.

R=golang-dev, dave
CC=agl, golang-dev
https://golang.org/cl/14532048

go.crypto/ssh: add String method to RejectionReason.

R=agl, dave
CC=golang-dev
https://golang.org/cl/14494055

go.crypto/ssh: (un)marshal data without type byte prefix.

This helps manipulating data in global and channel request
payloads.

R=agl, dave, jpsugar
CC=golang-dev
https://golang.org/cl/14438068

go.crypto/ssh: move channelForwardMsg declaration.

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/14669046

go.crypto/ssh: put version exchange in function

R=golang-dev, dave, jpsugar, agl
CC=golang-dev
https://golang.org/cl/14641044

go.crypto/ssh: Add certificate verification, step up support for authorized keys

R=agl, hanwen, jpsugar, dave
CC=golang-dev
https://golang.org/cl/14540051

go.crypto/ssh: additional coverage of message unmarshaling

R=golang-dev, hanwen
CC=golang-dev
https://golang.org/cl/14767043

go.crypto/ssh: Implement CertTime to properly handle the "infinite" time
value ^0, which would become negative when expressed as int64.

R=agl, dave, jpsugar, hanwen
CC=golang-dev
https://golang.org/cl/15520047

go.crypto/ssh: only close connection if it was open in TestClientUnsupportedKex.

R=dave
CC=golang-dev
https://golang.org/cl/15450046

go.crypto/ssh: ensure {Server,Client}Conn do not expose io.ReadWriter

Transport should not be a ReadWriter. It can only write packets, i.e. no partial reads or writes. Furthermore, you can currently do ClientConn.Write() while the connection is live, which sends raw bytes over the connection. Doing so will confuse the transports because the data is not encrypted.

As a consequence, ClientConn and ServerConn stop being a net.Conn

Finally, ensure that {Server,Client}Conn implement LocalAddr and RemoteAddr methods that previously were exposed by an embedded net.Conn field.

R=hanwen
CC=golang-dev
https://golang.org/cl/16610043

go.crypto/ssh: in {Server,Client}Conn, read session ID from
transport layer.

R=agl, dave
CC=golang-dev
https://golang.org/cl/15870044

go.crypto/ssh: cosmetic: unnest signing code for public key auth.

R=dave
CC=golang-dev
https://golang.org/cl/15930044

go.crypto/ssh: Increase window size.

Increase window size for channels (session and tcpip) to 64 *
max packet size (32 KB), which is the same value that OpenSSH
uses. Also breaks out the relevant harcoded constants into named
constants in channel.go.

Fixes golang/go#6675.

R=golang-dev, dave, hanwen, agl
CC=golang-dev
https://golang.org/cl/18120043

go.crypto/ssh/terminal: enable freebsd build

syscall.Termios, which was the only thing breaking the build, is
available in go tip now
(https://code.google.com/p/go/source/detail?r=873d664b00ec)

R=golang-codereviews, bradfitz
CC=golang-codereviews
https://golang.org/cl/51690043

undo CL 51690043 / abf8f8812575

Breaks FreeBSD build of subrepo for non-tip users.

««« original CL description
go.crypto/ssh/terminal: enable freebsd build

syscall.Termios, which was the only thing breaking the build, is
available in go tip now
(https://code.google.com/p/go/source/detail?r=873d664b00ec)

R=golang-codereviews, bradfitz
CC=golang-codereviews
https://golang.org/cl/51690043

»»»

R=golang-codereviews, dave
CC=golang-codereviews
https://golang.org/cl/51100044

go.crypto/ssh: build tests on Plan 9

LGTM=minux.ma
R=golang-codereviews, minux.ma
CC=golang-codereviews
https://golang.org/cl/64390044

go.crypto/ssh: import gosshnew.

See https://groups.google.com/d/msg/Golang-nuts/AoVxQ4bB5XQ/i8kpMxdbVlEJ

R=hanwen
CC=golang-codereviews
https://golang.org/cl/86190043

go.crypto/ssh: remove old files.

In c0fc595a2cb5, hg didn't notice the files that had been removed from
the working directory. These, old files are breaking the build.

CC=golang-codereviews
https://golang.org/cl/86240043

go.crypto/ssh: build test_unix_test on Plan 9

LGTM=minux.ma
R=golang-codereviews, minux.ma
CC=golang-codereviews
https://golang.org/cl/86630043

go.crypto/ssh: only offset channel IDs when debugMux is
set.

Otherwise, the package leaks data about total number of
connections established through its channel IDs.

R=agl, jpsugar
CC=golang-codereviews
https://golang.org/cl/87280043

go.crypto/ssh: Add support for the pre-2006 RC4 cipher mode.

LGTM=hanwen
R=agl, hanwen
CC=golang-codereviews
https://golang.org/cl/86600044

go.crypto/ssh: fix messages_test.go on 32-bit platforms.

LGTM=dave
R=agl, dave
CC=golang-codereviews
https://golang.org/cl/88060043

go.crypto/ssh/agent: prefix errors with "agent".

R=agl, dave, jpsugar
CC=golang-codereviews
https://golang.org/cl/87810047

go.crypto/ssh/agent: add key type to testAgentInterface failure messages.

R=agl, dave, jpsugar
CC=golang-codereviews
https://golang.org/cl/88260043

ssh/forward: Fix reference to the functions to call to route authentication requests.

R=agl
CC=golang-codereviews, hanwen
https://golang.org/cl/95910043

go.crypto/ssh/terminal: add support for BSD variants

LGTM=agl
R=golang-codereviews, agl
CC=golang-codereviews
https://golang.org/cl/97850043

go.crypto/ssh/test: enable test cases on dragonfly

LGTM=agl
R=golang-codereviews, agl
CC=golang-codereviews
https://golang.org/cl/98840043

go.crypto/ssh: try authentication methods in ClientConfig order.

LGTM=jpsugar, agl
R=agl, jpsugar
CC=golang-codereviews
https://golang.org/cl/92240045

go.crypto/ssh: use permissions from public key cache when accepting a key.

Fixes golang/go#7913.

LGTM=hanwen
R=hanwen
CC=golang-codereviews
https://golang.org/cl/96220043

go.crypto/ssh: fix authentication after all public keys are rejected by a server.

Validating a public key doesn't return any remaining methods so, if all public keys were rejected, a nil slice would be returned for the remaining methods and authentication would stop.

We could have validateKey return methods, but that wouldn't solve the problem of what to do if the callback returns no keys. In that case we don't have any keys to test.

So this change makes it possible for an AuthMethod to return a nil slice for the remaining methods (meaning "reuse the last list"). It also fixes a scoping bug.

Fixes golang/go#7787.

LGTM=hanwen
R=hanwen
CC=golang-codereviews
https://golang.org/cl/94350043

go.crypto/ssh/terminal: support ^U, ^D and ^L.

LGTM=bradfitz
R=bradfitz, marios.nikolaou
CC=golang-codereviews
https://golang.org/cl/92220043

go.crypt/ssh/terminal: declare TCGETS, TCSETS constants locally.

Currently the ssh/terminal package cannot be compiled under gccgo. Even though gccgo may be running on linux, its syscall package is slightly different and does not contain these constants.

This proposal resolves the issue by declaring the two constants locally, as we've done for the *BSDs.

LGTM=hanwen, iant
R=hanwen, iant, gobot
CC=golang-codereviews
https://golang.org/cl/101670043

go.crypto/ssh/terminal: better handling of window resizing.

There doesn't appear to be perfect behaviour for line editing
code in the face of terminal resizing. But this change works
pretty well on xterm and gnome-terminal and certainly a lot
better than it used to.

LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/105580043

go.crypto/ssh/test: skip tests during -short mode

This proposal effectively disables all the ssh/test tests when run with the -short flag supplied.

For developers and users of this package, there should be no change unless they are in the habbit of always supplying -short, which I belive is untrue.

For the CI dashboard the effect should be that these tests, which are really not portable enough to run reliably on all our various builders, are disabled.

LGTM=adg
R=adg, agl, hanwen
CC=golang-codereviews
https://golang.org/cl/125860043

go.crypto/ssh: skip tests that start ssh-agent.

Also stops leaking /tmp/ directories.

Fixes golang/go#8489.

LGTM=dave, minux
R=dave, minux, agl
CC=golang-codereviews
https://golang.org/cl/124010043

go.crypto/ssh: reuse packet buffer for channel writes.

Test that different extended data streams within a channel are
thread-safe.

benchmark             old MB/s     new MB/s     speedup
BenchmarkEndToEnd     79.26        87.98        1.11x

benchmark                          old allocs     new allocs     delta
BenchmarkEndToEnd                  110            73             -33.64%

benchmark                          old bytes     new bytes     delta
BenchmarkEndToEnd                  2605720       1299768       -50.12%

LGTM=dave, jpsugar
R=agl, dave, jpsugar
CC=golang-codereviews
https://golang.org/cl/136420043

go.crypto/ssh: clean up address parsing in forward code.

LGTM=agl
R=agl, dave, jpsugar
CC=golang-codereviews
https://golang.org/cl/134700043

go.crypto/ssh/terminal: fix crash when terminal narrower than prompt.

Previously, if the current line was "empty", resizes wouldn't trigger
repaints. However, the line can be empty when the prompt is non-empty
and the code would then panic after a resize because the cursor position
was outside of the terminal.

LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/158090043

go.crypto/ssh/terminal: remove \r from passwords on Windows.

Fixes golang/go#9040.

(Note: can't compile or test this one prior to committing.)

LGTM=iant, bradfitz
R=bradfitz, mathias.gumz, iant
CC=golang-codereviews
https://golang.org/cl/171000043

go.crypto/ssh/terminal: fix Home and End.

In my notes I had Home and End down as OH and OF. But that's nonsense, they are [H and ]F.
I never noticed before because I don't have Home and End keys on my keyboard.

LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/172100043

go.crypto: use golang.org/x/... import paths

LGTM=bradfitz
R=rsc, bradfitz
CC=golang-codereviews
https://golang.org/cl/167190043

go.crypto/ssh/terminal: support bracketed paste mode.

Some terminals support a mode where pasted text is bracketed by escape sequences. This is very useful for terminal applications that otherwise have no good way to tell pastes and typed text apart.

This change allows applications to enable this mode and, if the terminal supports it, will suppress autocompletes during pastes and indicate to the caller that a line came entirely from pasted text.

LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/171330043

crypto: add import comments.

Change-Id: I33240faf1b8620d0cd600de661928d8e422ebdbc
Reviewed-on: https://go-review.googlesource.com/1235
Reviewed-by: Andrew Gerrand <adg@golang.org>

ssh/terminal: fix SetSize when nothing on current line

SetSize has a problem may cause the following ReadPassword setting
temporary prompt not working, when changing width the current
SetSize will call clearAndRepaintLinePlusNPrevious which would
print an old prompt whatever the current line has, causing a following
ReadPassword with temporary prompt not printing the different prompt.

When running code like this, the nt.SetSize prints a "> " as
prompt then the temporary "Password: " prompt would never show up.

```go
        oldState, err := terminal.MakeRaw(int(os.Stdin.Fd()))
        width, height, _ = terminal.GetSize(int(os.Stdin.Fd()))
        nt := terminal.NewTerminal(os.Stdin, "> ")
        nt.SetSize(width, height)
        password, err = nt.ReadPassword("Password: ")
```

the new test cases is to test SetSize with different terminal sizes,
either shrinking or expanding, a following ReadPassword should get the
correct temporary prompt.

Change-Id: I33d13b2c732997c0c88670d53545b8c0048b94b6
Reviewed-on: https://go-review.googlesource.com/1861
Reviewed-by: Adam Langley <agl@golang.org>

ssh: add ServerConfig.ServerVersion option

The SSH server does not allow for setting a version string in the same
manner as the client.  This update adds a ServerVersion member to the
ServerConfig structure which when set, causes the server to use that
member instead of the default version string.  This allows building
an golang based SSH server which can present any version string
the user wishes.

It also adds an else statement to the client assignment of the
ClientVersion to avoid an allocation when using a user defined
ClientVersion.

Change-Id: I43d97cfd5a174f2c68f53c5b4e267539ef21937b
Reviewed-on: https://go-review.googlesource.com/1860
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

ssh/agent: do not return nil entries from keyring.Signers()

The slice returned is constructed with both a pre-set length and
append() resulting in a slice twice as long and half-full of nil.
Setting the capacity instead of length gets the desired result.

Change-Id: I758423594e4f4c0506c53f227454f57a9dc8bdf1
Reviewed-on: https://go-review.googlesource.com/2659
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

ssh: make godoc examples easier to reuse

Fixes golang/go#9747

Move the example tests to an external test package so that they
must explicitly reference the ssh package. The side effect is the
examples now become easier to copy and paste.

Change-Id: Ibbddea42bc5a41d11ffdef5144d9884ef3ef603f
Reviewed-on: https://go-review.googlesource.com/3710
Reviewed-by: Andrew Gerrand <adg@golang.org>

ssh: return session ID in ConnMeta.SessionID.

SessionID() returned nil previously.

Fixes #9761.

Change-Id: I53d2b347571d21eab2d913c2228e85997a84f757
Reviewed-on: https://go-review.googlesource.com/3872
Reviewed-by: Adam Langley <agl@golang.org>

crypto/ssh: add support for aes128-cbc cipher.

The aes128cbc cipher is commented out in cipher.go on purpose, anyone wants to
use the cipher needs to uncomment line 119 in cipher.go

Fixes #4274.

Change-Id: I4bbc88ab884bda821c5f155dcf495bb7235c8605
Reviewed-on: https://go-review.googlesource.com/8396
Reviewed-by: Adam Langley <agl@golang.org>

crypto/ssh: fix the links to the SSH protocol documents

Minor change - updated the links to the ssh PROTOCOL.* docs.
Currently the [PROTOCOL...] links in References on top of
https://godoc.org/golang.org/x/crypto/ssh and
https://godoc.org/golang.org/x/crypto/ssh/agent
take you to the top-level directory list on
http://cvsweb.openbsd.org/cgi-bin/cvsweb/
instead of directly to the respective document pages.

Change-Id: Ifd3f0bc2ef393ab02f023c13b93340fdb0a05af3
Reviewed-on: https://go-review.googlesource.com/8963
Reviewed-by: Adam Langley <agl@golang.org>

crypto/ssh: update references to the old code.google.com repo

Changed code.google.com repository links to the current
golang.org/x/crypto/ssh (except Gerrit homepage).

Change-Id: I7301d21401b163ceef8cfc1cf535dee998f9cb0d
Reviewed-on: https://go-review.googlesource.com/9250
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

crypto/ssh: fix encoding of ssh certs with critical options

Attention - BREAKING change for the certificates generated with
the previous versions of crypto/ssh!  Need to regenerate
certificates with a version of crypto/ssh library including
this fix.

[PROTOCOL.cerkeys] requires two length fields for non-empty
values of critical options (or extensions - but those are
currently always empty)  - see
https://bugzilla.mindrot.org/show_bug.cgi?id=2389.
Add SSH-conform handling of such composite values in marshalTuples
and parseTuples and related test (TestParseCertWithOptions) parsing
a certificate created with ssh-keygen which includes critical options.

Fixes #10569

Change-Id: Iecbfca67a66668880635141c72bc5fc370a9c112
Reviewed-on: https://go-review.googlesource.com/9375
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>

x/crypto/ssh: bail early if a server has no auth methods configured.

Change-Id: I58fdfbe00fcc4ca09da9699edcc181cc512feef7
Reviewed-on: https://go-review.googlesource.com/9807
Reviewed-by: JP Sugarbroad <jpsugar@google.com>
Reviewed-by: Adam Langley <agl@golang.org>

ssh: add hmac-sha2-256.

Fixes golang/go#10274

Change-Id: Id8386828ee92ccc6cba5197831cdb8b2ce0cd648
Reviewed-on: https://go-review.googlesource.com/8353
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>

x/crypto/ssh: add padding oracle countermeasures for AES-CBC.

This deprives an attacker of feedback for guesses against the packet
length given by the connection dropping.

Change-Id: I14939a82e5243a86d192bb18be93d45589227147
Reviewed-on: https://go-review.googlesource.com/9908
Reviewed-by: Adam Langley <agl@golang.org>

crypto/ssh: trivial spacing change for gofmt compliance

Extra space added by 'gofmt -w' to align key/value columns
in the new test (TestParseCertWithOptions).

Follow-up on https://go-review.googlesource.com/#/c/9375/.

Change-Id: Id7dd0bc420888f12ce0af4178096bdc9f5c57161
Reviewed-on: https://go-review.googlesource.com/9627
Reviewed-by: Adam Langley <agl@golang.org>

crypto/ssh: fix format string error in test.

Change-Id: I0c84f11fb74ee478617deb1b743a759c9f789101
Reviewed-on: https://go-review.googlesource.com/10822
Reviewed-by: Adam Langley <agl@golang.org>

ssh: Add explicit type in comparison with constant to make go-fuzz happy

Currently using go-fuzz with code using golang.org/x/crypto/ssh fails
because it passes CertTimeInfinity to an interface{} and automatically
tries to use an int, which overflows and results in a compile error.

This change adds a no-op type conversion inside the function which
makes things compile with go-fuzz.

Change-Id: Iade0c0df7e20cbac4928480fad3e44c831e1e00a
Reviewed-on: https://go-review.googlesource.com/11285
Reviewed-by: Adam Langley <agl@golang.org>

x/crypto/ssh: fix bounds check in parseString

Fixes #11348

Change-Id: If083744343256a2a53eb813411ba0c9a359d6dbd
Reviewed-on: https://go-review.googlesource.com/11332
Reviewed-by: Adam Langley <agl@golang.org>

x/crypto/ssh: fix comment

Fixes golang/go#11603

Change-Id: I019af73f5e036b47b8bd6c4a5541c06b97b44f11
Reviewed-on: https://go-review.googlesource.com/11866
Reviewed-by: Andrew Gerrand <adg@golang.org>

crypto/ssh: fix a comment (trivial)

Comment in Agent made to conform the godoc style.

Change-Id: I4e1e8ce1a15ca346715fae257ae2178f5093d40d
Reviewed-on: https://go-review.googlesource.com/12183
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

ssh: fix spelling of test so that it runs

Change-Id: I65ebae299f272d5f1367ca4c2e47e51f9c392b6a
Reviewed-on: https://go-review.googlesource.com/12229
Reviewed-by: Dave Cheney <dave@cheney.net>

crypto/ssh: allow identities to be constrained.

The ssh-agent protocol allows the usage of keys and certs added to a
given agent to be constrained in certain ways. The only constraints
currently supported are lifetime (keys expire after some number of
seconds) and confirmation (the agent requires user confirmation before
performing any operations with the private key).

Change-Id: Idba5760db929805bf3da43fdcaca53ae6c479ca4
Reviewed-on: https://go-review.googlesource.com/12260
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
Reviewed-by: Peter Moody <pmoody@uber.com>

ssh: skip TestHandshakeBasic on Plan 9

Updates golang/go#7797.

Change-Id: I7aa57f3fb812ecf644c8f8c065848938868e473b
Reviewed-on: https://go-review.googlesource.com/12767
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

ssh: fix deadlock during error path

Fixes golang/go#11882

If an error occurs during handshakeTransport.writePacket the lock may not be
released. Fix this by using defer rather than manually unlocking in all paths.

Change-Id: I0010284b4f7d99907c86b4c0e140ab6cf37b0441
Reviewed-on: https://go-review.googlesource.com/12888
Reviewed-by: Adam Langley <agl@golang.org>

ssh: fix flake in TestHostKeyCert

Update golang/go#11811

The increased default concurrency in Go 1.5 showed up a test flake in
the TestHostKeyCert test. Under load, when the client provided incorrect
data, both sides would race to tear down the connection, which would often
lead to the server side, running in its own goroutine to see an unexpected
EOF or connection reset.

Fix this flake (and the incorrect use of t.Fatalf) by passing the error back
to the main goroutine for inspection. This also lets us ignore the expected
error in the unsuccessful path

Change-Id: I5a95c6d240479e9d537f34177e5ca8023b1b08e9
Reviewed-on: https://go-review.googlesource.com/12916
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

crypto/ssh: allow client to specify host key algorithms.

Fixes golang/go#11722.

Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a
Reviewed-on: https://go-review.googlesource.com/12907
Reviewed-by: Adam Langley <agl@golang.org>

crypto/ssh: Handle error in dial to avoid a goroutine leak

If the channel open request failed, a nil channel would be provided to
DiscardRequests, which would never return.

We return the error early to avoid this goroutine leak.

Change-Id: I4c0e0a7698f7623c042f2a04941b8c50e8031d33
Reviewed-on: https://go-review.googlesource.com/13390
Reviewed-by: Dave Cheney <dave@cheney.net>

x/crypto/ssh/test: test all key exchanges against sshd.

Change-Id: I9d775d6e9c39bee1f2bf914ba3659acb6b0029dd
Reviewed-on: https://go-review.googlesource.com/13591
Reviewed-by: Adam Langley <agl@golang.org>

x/crypto/ssh: implement curve25519-sha256@libssh.org key agreement.

Fixes golang/go#11004.

Change-Id: Ic37cf9d620e3397b7ad769ae16abdaee63a7733b
Reviewed-on: https://go-review.googlesource.com/13592
Reviewed-by: Adam Langley <agl@golang.org>

x/crypto/ssh: close memPipe after running kex test.

Change-Id: I6022d669946a7cb3403757a7c0dbf21a474e1c95
Reviewed-on: https://go-review.googlesource.com/13590
Reviewed-by: Adam Langley <agl@golang.org>

crypto/ssh: fix deadlock during error condition.

Unblock writers if a read error occurs while writers are blocked on a
pending key change.

Add test to check for deadlocks in error paths in handshake.go

Fixes golang/go#11992.

Change-Id: Id098bd9fec3d4fe83daeb2b7f935e5647c19afd3
Reviewed-on: https://go-review.googlesource.com/13594
Reviewed-by: Adam Langley <agl@golang.org>

crypto/ssh: clearer error messages when "no ciphers in common"

The error message reported by the ssh client when it can't find a
"cipher" in common between the client and server was overly vague.  This
adds more detailed error messages to findAgreedAlgorithms so that the
user can more easily identify which of the components can't reach
agreement.

Change-Id: I4d985e92fea964793213e5600b52b3141e712000
Reviewed-on: https://go-review.googlesource.com/13817
Reviewed-by: Adam Langley <agl@golang.org>

crypto/ssh: Parse ECDSA key using struct

Change parseECDSA() to unmarshal the key's contents into a struct
representing the wire format, consistent with the parseRSA() and
parseDSA(), to make the code more readable and its intent clearer.

Change-Id: Iea85630107ac0b3e681807d2278390c8c50ce141
Reviewed-on: https://go-review.googlesource.com/13663
Reviewed-by: Han-Wen Nienhuys <hanwenn@gmail.com>
Reviewed-by: Adam Langley <agl@golang.org>

crypto/ssh: Support turning a crypto.Signer into an ssh.Signer

This adds a NewSignerFromSigner to crypto/ssh which takes a
crypto.Signer and turns it into an ssh.Signer, helpful if, e.g., your
crypto.Signer is backed by some sort of hardware device.

The interfaces are very similar - the biggest differences are that a
crypto.Signer accepts hashed data, while an ssh.Signer does not, and
some differences in encoding for DSA and ECDSA signatures.

This also adjusts NewSignerFromKey to use NewSignerFromSigner where
possible, dropping the rsaPrivateKey and ecdsaPrivateKey types in
favor of wrappedSigner. (However, because *dsa.PrivateKey is not a
crypto.Signer, we still have to keep dsaPrivateKey)

Change-Id: Ia2e20ece9c9d3844b4e5a64c1a7d997178ec8781
Reviewed-on: https://go-review.googlesource.com/10953
Reviewed-by: Adam Langley <agl@golang.org>

x/crypto/ssh: Add protocol version to ServerVersion

280be00 introduced custom server versions; however, at least OpenSSH
clients do not accept a server version that doesn't start with a
protocol version like "SSH-2.0-"; this is not documented in this
library, and automatically adding it in case that the user did not does
no harm.

Change-Id: Iafc23b23160a8277b10cbf29778dc64a96351bd7
Reviewed-on: https://go-review.googlesource.com/14018
Reviewed-by: Adam Langley <agl@golang.org>

crypto/ssh: fix typo in error string.

cound -> could
Also change fmt.Errorf -> errors.New for consistency.

Change-Id: I0b6900a76b70cd37ab2e8d61327868b46366ec64
Reviewed-on: https://go-review.googlesource.com/11235
Reviewed-by: Adam Langley <agl@golang.org>

x/crypto/ssh: run go fmt

Change-Id: Ibb071aa550ca7392543c2d1eba8f8a69ba1d86fa
Reviewed-on: https://go-review.googlesource.com/17270
Reviewed-by: Dave Cheney <dave@cheney.net>

x/crypto/ssh/agent: Fix keyring removing the wrong key(s)

The Remove method for the keyring sliced the internal keys list
incorrectly when removing a key. This caused the wrong key to be removed
or sometimes multiple keys were removed. Additionally, if the key to be
removed was the last key, the method never returned.

Fixes golang/go#13628

Change-Id: I0facbcb8f8b65709222067ce37ea26e3fb5ba8e8
Reviewed-on: https://go-review.googlesource.com/17870
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

x/crypto/ssh: allow a custom Config to specify CBC mode.

Cryptographic flaws are so hard to kill it can only be a matter of time
before they start crying “brains!” and holding their arms out straight.

Fixes golang/go#13776.

Change-Id: Iee1c19dbe823eb8728e283dd11083638e41f7189
Reviewed-on: https://go-review.googlesource.com/18482
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

x/crypto/ssh: add function to parse known_hosts files.

Change-Id: I9258ecf2b38258e31bcb6e73ac042ad8125fd2d1
Reviewed-on: https://go-review.googlesource.com/18106
Reviewed-by: Peter Moody <peter.moody@gmail.com>
Reviewed-by: Adam Langley <agl@golang.org>

x/crypto/ssh/agent: add a client example and tweak package doc.

Change-Id: I373fdbb6351d71b12fcfed31cf4b08975a443294
Reviewed-on: https://go-review.googlesource.com/19894
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

x/crypto/ssh: Add timeout for dialing

Fixes golang/go#14941

Change-Id: I2b3a976d451d311519fab6cdabdc98a4a4752e31
Reviewed-on: https://go-review.googlesource.com/21136
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

x/crypto/ssh: interpret disconnect message as error in the transport layer.

This ensures that higher level parts (e.g. the client authentication
loop) never have to deal with disconnect messages.

Fixes https://github.com/coreos/fleet/issues/565.

Change-Id: Ie164b6c4b0982c7ed9af6d3bf91697a78a911a20
Reviewed-on: https://go-review.googlesource.com/20801
Reviewed-by: Anton Khramov <anton@endocode.com>
Reviewed-by: Adam Langley <agl@golang.org>

x/crypto/ssh/terminal: create stubs for plan9 methods

To facilitate testing of methods in other GOOSs we need plan9 to
be able to build and run the test without a errors due to
undefined methods.

Fixes golang/go#15195

Change-Id: Ida334676f92db6fb4652af3e3a9f6bc13a96052c
Reviewed-on: https://go-review.googlesource.com/21711
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>

x/crypto/ssh/terminal: ensure windows MakeRaw returns previous state

The MakeRaw method should be returning the original state so that
it can be restored.  However, the current implementation is returning
the new, "raw" state.

Fixes golang/go#15155

Change-Id: I8e0b87229b7577544e1118fa4b95664d3a9cf5da
Reviewed-on: https://go-review.googlesource.com/21612
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

x/crypto/ssh: make sure the initial key exchange happens once.

This is done by running the key exchange and setting the session ID
under mutex. If the first exchange encounters an already set session
ID, then do nothing.

This fixes a race condition:

On setting up the connection, both sides sent a kexInit to initiate
the first (mandatory) key exchange.  If one side was faster, the
faster side might have completed the key exchange, before the slow
side had a chance to send a kexInit.  The slow side would send a
kexInit which would trigger a second key exchange. The resulting
confirmation message (msgNewKeys) would confuse the authentication
loop.

This fix removes sessionID from the transport struct.

This fix also deletes the unused interface rekeyingTransport.

Fixes #15066

Change-Id: I7f303bce5d3214c9bdd58f52d21178a185871d90
Reviewed-on: https://go-review.googlesource.com/21606
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>

x/crypto/ssh: debug support for msgUserAuthSuccess and msgChannelData

Change-Id: I14d59509f22edf01827610a4ef4c50b53cbc8059
Reviewed-on: https://go-review.googlesource.com/21605
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

x/crypto/ssh: omit empty fields in error message

Although the signal and msg fields are assigned together, their
values originate from the remote server and may be empty.

Fixes golang/go#14251

Change-Id: I9d9094cc69f3c14bf1648af59951f6b6c7a71e0a
Reviewed-on: https://go-review.googlesource.com/22196
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

x/crypto/ssh/agent: Support v1 remove all message

Some ssh-agent clients expect the server to support remove all messages
for protocols 1 & 2 and error if protocol 1 support is missing.

This adds a null-op implementation of the remove all message in similar
fashion to the existing list all message support.

Fixes golang/go#15159

Change-Id: I9389885d89c9147f3e10850893bba6ed7d0a4e82
Reviewed-on: https://go-review.googlesource.com/21468
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>

x/crypto/ssh: remove misleading comment, add example

Add an example for using the PublicKeys AuthMethod.

Change-Id: I3fe02bb3c9b8ccf313d72858328c8576cbf3eb06
Reviewed-on: https://go-review.googlesource.com/22250
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>

x/crypto/ssh: if debugMux is set, also log global messages.

Change-Id: I685ba7f30f1d2e2bc3c078c7bddb6d383a179113
Reviewed-on: https://go-review.googlesource.com/22416
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>

x/crypto/ssh: support more keytypes in the agent.

This allows the golang ssh-agent to support the full suite of keys
the library accepts.

Currently constraints are ignored.

Change-Id: I7d48c78e9a355582eb54788571a483a736c3d3ef
Reviewed-on: https://go-review.googlesource.com/21536
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

x/crypto/ssh: fix subsequent key exchanges.

In https://go-review.googlesource.com/#/c/21606/ , kexResult.SessionID
was erroneously not set for all but the first key exchange. The
unittests did not catch this, as server and client make the same
mistake, but OpenSSH notices corrupted data and kills the connection.

Fixes #15445.

Change-Id: If98249b37d81efaa2ebefc836df0b150feba1256
Reviewed-on: https://go-review.googlesource.com/22418
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

x/crypto/ssh: also log data packets when debugHandshake is set

Change-Id: Ibb26269608e506e8a676c276f847d77fe7014ceb
Reviewed-on: https://go-review.googlesource.com/22514
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

ssh: fix compatibility with recent OpenSSH

Make x/crypto/ssh tests compatible with recent OpenSSH versions.
This means not using rsa keys shorter than 1024 bits any more, and
explicitly enabling all key types in the OpenSSH config, since some
are now disabled by default.

Tested against OpenSSH_7.2p2 and now passes.

Change-Id: I607bf15f063d4833b0876393d6845a4f507f48af
Reviewed-on: https://go-review.googlesource.com/22840
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

x/crypto/ssh: hide msgNewKeys in the transport layer.

This ensures that extraneous key exchanges cannot confuse application
level code.

Change-Id: I1a333e2b7b46f1e484406a79db7a949294e79c6d
Reviewed-on: https://go-review.googlesource.com/22417
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
Reviewed-by: Adam Langley <agl@golang.org>

x/crypto/ssh: add support for ed25519 keys

Added support for parsing the "new" openssh private key format.
(ed25519 keys only in this format for now)

Signing and verifying functions now work with ed25519 keys.

ed25519 can now be accepted by the server to authenticate a client.

ed25519 can now be accepted by a client as a server host key.

Related documentation used:
https://www.ietf.org/archive/id/draft-bjh21-ssh-ed25519-02.txt

Change-Id: I84385f24d666fea08de21f980f78623f7bff8007
Reviewed-on: https://go-review.googlesource.com/22512
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>

x/crypto/ssh: add 3des-cbc as a non-default cipher

3des-cbc is an insecure cipher. As such, you must explictly add it to
Config in order to use it.

Change-Id: Ifd15cde46a9908eefef1c75bae7e97b05767361d
Reviewed-on: https://go-review.googlesource.com/22770
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>

x/crypto/ssh: return msgNewKeys for a short-circuited first kex.

If one of both sides is slow, the first kex completes implicitly. The
first kex also produces msgNewKeys, and this must be read to ensure
that the authentication code is not confused by it.

Before this fix, the problem could be reproduced by inserting a sleep
just before the requestInitialKeyChange call.

Fixes #15198

Change-Id: I602db5dd37b2d8556c88ab4cdb693ccf90147a3d
Reviewed-on: https://go-review.googlesource.com/23137
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
Reviewed-by: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

ssh: allow adding ed25519 keys to the agent

Fixes golang/go#15701

Change-Id: I561701e38b9d434ef44448bdbcfab203f3c31d99
Reviewed-on: https://go-review.googlesource.com/23141
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

x/crypto/ssh: set constraints when adding certs to the agent

Fixes golang/go#15953

Change-Id: Ia36b5422bef14609d512c3f5055a3bffad18ce0f
Reviewed-on: https://go-review.googlesource.com/23752
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

crypto/ssh: minor comment change (trivial)

Fixed a function comment.

Change-Id: I1185c0c849abbb8244c6282fa6036fa6939c3309
Reviewed-on: https://go-review.googlesource.com/23971
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

agent: add agent server support for ed25519 keys.

the client library already supports them.

Fixes golang/go#16096

Change-Id: Iaa117ee31f706301e8b24c2775f5a604ef005440
Reviewed-on: https://go-review.googlesource.com/24285
Reviewed-by: Adam Langley <agl@golang.org>

x/crypto/ssh: Add support for retryable authentication

Adds a new AuthMethod called "RetryableAuthMethod" which decorates any
other authmethod, allowing it to be retried up to maxTries before
aborting.

Fixes #16077

Change-Id: Ie310c24643e53dca4fa452750a69936674906484
Reviewed-on: https://go-review.googlesource.com/24156
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

x/crypto/ssh: use BigEndian.Uint32 for decoding exit status.

Change-Id: Iab40fe42454088a00abea61dfb6f368da9323eb3
Reviewed-on: https://go-review.googlesource.com/24726
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

x/crypto: fix typos

The typos were found by misspell tool.

Change-Id: I120740f12f7ba48330749ebf84050a7b98e01016
Reviewed-on: https://go-review.googlesource.com/24725
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>

x/crypto/ssh: handle missing exit status more gracefully.

According to RFC 4254 section 6.10, SSH server implementations may
omit the exit-status and exit-signal messages.  If this happens, we
now return &ExitMissingError{}, so clients can handle this case
specifically.

This came up in the discussion of issue #16194.

Change-Id: Iae5e916b18aa5bd8e95618e9fcfcab8b19e147d9
Reviewed-on: https://go-review.googlesource.com/24727
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

x/crypto/ssh/agent: ecdsa key/cert typo

Introduced by me in 21536

Change-Id: I4a5f3507270a3d6eea9779508642ea5789d1efca
Reviewed-on: https://go-review.googlesource.com/24811
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

x/crypto/ssh: add ed25519 certs to supportedHostKeyAlgos

Change-Id: I46bb7721c081b8a9b0395a4f7c49b7f3e27bbc49
Reviewed-on: https://go-review.googlesource.com/24831
Reviewed-by: Adam Langley <agl@golang.org>

ssh: disable known-flaky test from the Go build dashboard

This failure is tracked already. Remove it from the dashboard
while it's fixed so it doesn't hide more interesting failures.

Updates golang/go#15198

Change-Id: Ib48d1e37ac97914ac082b2602c812151147393e4
Reviewed-on: https://go-review.googlesource.com/24986
Reviewed-by: Ian Lance Taylor <iant@golang.org>

x/crypto/ssh/terminal: have MakeRaw mirror cfmakeraw.

Rather than guessing at which terminal flags should be set or cleared by
MakeRaw, this change tries to make it mirror the behaviour documented
for cfmakeraw() in the termios(3) manpage.

Fixes golang/go#15625

Change-Id: Icd6b18ffb57ea332147c8c9b25eac5e41eb0863a
Reviewed-on: https://go-review.googlesource.com/22964
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Fa…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.