Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/OPENSSH]: src/crypto/external/bsd/openssh/dist Import 8.0:
details: https://anonhg.NetBSD.org/src/rev/0784089e00fd
branches: OPENSSH
changeset: 450622:0784089e00fd
user: christos <christos%NetBSD.org@localhost>
date: Sat Apr 20 17:13:53 2019 +0000
description:
Import 8.0:
Security
========
This release contains mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.
This release adds client-side checking that the filenames sent from
the server match the command-line request,
The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* scp(1): Relating to the above changes to scp(1); the scp protocol
relies on the remote shell for wildcard expansion, so there is no
infallible way for the client's wildcard matching to perfectly
reflect the server's. If there is a difference between client and
server wildcard expansion, the client may refuse files from the
server. For this reason, we have provided a new "-T" flag to scp
that disables these client-side checks at the risk of
reintroducing the attack described above.
* sshd(8): Remove support for obsolete "host/port" syntax. Slash-
separated host/port was added in 2001 as an alternative to
host:port syntax for the benefit of IPv6 users. These days there
are establised standards for this like [::1]:22 and the slash
syntax is easily mistaken for CIDR notation, which OpenSSH
supports for some things. Remove the slash notation from
ListenAddress and PermitOpen; bz#2335
Changes since OpenSSH 7.9
=========================
This release is focused on new features and internal refactoring.
New Features
------------
* ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in
PKCS#11 tokens.
* ssh(1), sshd(8): Add experimental quantum-computing resistant
key exchange method, based on a combination of Streamlined NTRU
Prime 4591^761 and X25519.
* ssh-keygen(1): Increase the default RSA key size to 3072 bits,
following NIST Special Publication 800-57's guidance for a
128-bit equivalent symmetric security level.
* ssh(1): Allow "PKCS11Provider=none" to override later instances of
the PKCS11Provider directive in ssh_config; bz#2974
* sshd(8): Add a log message for situations where a connection is
dropped for attempting to run a command but a sshd_config
ForceCommand=internal-sftp restriction is in effect; bz#2960
* ssh(1): When prompting whether to record a new host key, accept
the key fingerprint as a synonym for "yes". This allows the user
to paste a fingerprint obtained out of band at the prompt and
have the client do the comparison for you.
* ssh-keygen(1): When signing multiple certificates on a single
command-line invocation, allow automatically incrementing the
certificate serial number.
* scp(1), sftp(1): Accept -J option as an alias to ProxyJump on
the scp and sftp command-lines.
* ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v"
command-line flags to increase the verbosity of output; pass
verbose flags though to subprocesses, such as ssh-pkcs11-helper
started from ssh-agent.
* ssh-add(1): Add a "-T" option to allowing testing whether keys in
an agent are usable by performing a signature and a verification.
* sftp-server(8): Add a "lsetstat%openssh.com@localhost" protocol extension
that replicates the functionality of the existing SSH2_FXP_SETSTAT
operation but does not follow symlinks. bz#2067
* sftp(1): Add "-h" flag to chown/chgrp/chmod commands to request
they do not follow symlinks.
* sshd(8): Expose $SSH_CONNECTION in the PAM environment. This makes
the connection 4-tuple available to PAM modules that wish to use
it in decision-making. bz#2741
* sshd(8): Add a ssh_config "Match final" predicate Matches in same
pass as "Match canonical" but doesn't require hostname
canonicalisation be enabled. bz#2906
* sftp(1): Support a prefix of '@' to suppress echo of sftp batch
commands; bz#2926
* ssh-keygen(1): When printing certificate contents using
"ssh-keygen -Lf /path/certificate", include the algorithm that
the CA used to sign the cert.
Bugfixes
--------
* sshd(8): Fix authentication failures when sshd_config contains
"AuthenticationMethods any" inside a Match block that overrides
a more restrictive default.
* sshd(8): Avoid sending duplicate keepalives when ClientAliveCount
is enabled.
* sshd(8): Fix two race conditions related to SIGHUP daemon restart.
Remnant file descriptors in recently-forked child processes could
block the parent sshd's attempt to listen(2) to the configured
addresses. Also, the restarting parent sshd could exit before any
child processes that were awaiting their re-execution state had
completed reading it, leaving them in a fallback path.
* ssh(1): Fix stdout potentially being redirected to /dev/null when
ProxyCommand=- was in use.
* sshd(8): Avoid sending SIGPIPE to child processes if they attempt
to write to stderr after their parent processes have exited;
bz#2071
* ssh(1): Fix bad interaction between the ssh_config ConnectTimeout
and ConnectionAttempts directives - connection attempts after the
first were ignoring the requested timeout; bz#2918
* ssh-keyscan(1): Return a non-zero exit status if no keys were
found; bz#2903
* scp(1): Sanitize scp filenames to allow UTF-8 characters without
terminal control sequences; bz#2434
* sshd(8): Fix confusion between ClientAliveInterval and time-based
RekeyLimit that could cause connections to be incorrectly closed.
bz#2757
* ssh(1), ssh-add(1): Correct some bugs in PKCS#11 token PIN
handling at initial token login. The attempt to read the PIN
could be skipped in some cases, particularly on devices with
integrated PIN readers. This would lead to an inability to
retrieve keys from these tokens. bz#2652
* ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set the
CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login after the
C_SignInit operation. bz#2638
* ssh(1): Improve documentation for ProxyJump/-J, clarifying that
local configuration does not apply to jump hosts.
* ssh-keygen(1): Clarify manual - ssh-keygen -e only writes
public keys, not private.
* ssh(1), sshd(8): be more strict in processing protocol banners,
allowing \r characters only immediately before \n.
* Various: fix a number of memory leaks, including bz#2942 and
bz#2938
* scp(1), sftp(1): fix calculation of initial bandwidth limits.
Account for bytes written before the timer starts and adjust the
schedule on which recalculations are performed. Avoids an initial
burst of traffic and yields more accurate bandwidth limits;
bz#2927
* sshd(8): Only consider the ext-info-c extension during the initial
key eschange. It shouldn't be sent in subsequent ones, but if it
is present we should ignore it. This prevents sshd from sending a
SSH_MSG_EXT_INFO for REKEX for buggy these clients. bz#2929
* ssh-keygen(1): Clarify manual that ssh-keygen -F (find host in
authorized_keys) and -R (remove host from authorized_keys) options
may accept either a bare hostname or a [hostname]:port combo.
bz#2935
* ssh(1): Don't attempt to connect to empty SSH_AUTH_SOCK; bz#2936
* sshd(8): Silence error messages when sshd fails to load some of
the default host keys. Failure to load an explicitly-configured
hostkey is still an error, and failure to load any host key is
still fatal. pr/103
* ssh(1): Redirect stderr of ProxyCommands to /dev/null when ssh is
started with ControlPersist; prevents random ProxyCommand output
from interfering with session output.
* ssh(1): The ssh client was keeping a redundant ssh-agent socket
(leftover from authentication) around for the life of the
connection; bz#2912
* sshd(8): Fix bug in HostbasedAcceptedKeyTypes and
PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types
were specified, then authentication would always fail for RSA keys
as the monitor checks only the base key (not the signature
algorithm) type against *AcceptedKeyTypes. bz#2746
* ssh(1): Request correct signature types from ssh-agent when
certificate keys and RSA-SHA2 signatures are in use.
Portability
-----------
* sshd(8): On Cygwin, run as SYSTEM where possible, using S4U for
token creation if it supports MsV1_0 S4U Logon.
* sshd(8): On Cygwin, use custom user/group matching code that
respects the OS' behaviour of case-insensitive matching.
* sshd(8): Don't set $MAIL if UsePAM=yes as PAM typically specifies
the user environment if it's enabled; bz#2937
* sshd(8) Cygwin: Change service name to cygsshd to avoid collision
with Microsoft's OpenSSH port.
* Allow building against OpenSSL -dev (3.x)
* Fix a number of build problems against version configurations and
versions of OpenSSL. Including bz#2931 and bz#2921
* Improve warnings in cygwin service setup. bz#2922
* Remove hardcoded service name in cygwin setup. bz#2922
diffstat:
crypto/external/bsd/openssh/dist/OVERVIEW | 7 +-
crypto/external/bsd/openssh/dist/PROTOCOL | 9 +-
crypto/external/bsd/openssh/dist/PROTOCOL.certkeys | 3 +-
crypto/external/bsd/openssh/dist/PROTOCOL.krl | 16 +-
crypto/external/bsd/openssh/dist/PROTOCOL.mux | 144 +-
crypto/external/bsd/openssh/dist/atomicio.c | 20 +-
crypto/external/bsd/openssh/dist/atomicio.h | 4 +-
crypto/external/bsd/openssh/dist/auth-options.c | 17 +-
crypto/external/bsd/openssh/dist/auth.c | 51 +-
crypto/external/bsd/openssh/dist/auth.h | 22 +-
crypto/external/bsd/openssh/dist/auth2-hostbased.c | 19 +-
crypto/external/bsd/openssh/dist/auth2-pubkey.c | 28 +-
crypto/external/bsd/openssh/dist/auth2.c | 113 +-
crypto/external/bsd/openssh/dist/authfd.c | 12 +-
crypto/external/bsd/openssh/dist/authfile.c | 14 +-
crypto/external/bsd/openssh/dist/channels.c | 125 +-
crypto/external/bsd/openssh/dist/channels.h | 3 +-
crypto/external/bsd/openssh/dist/cipher.c | 18 +-
crypto/external/bsd/openssh/dist/cipher.h | 6 +-
crypto/external/bsd/openssh/dist/clientloop.c | 388 +-
crypto/external/bsd/openssh/dist/crypto_api.h | 18 +-
crypto/external/bsd/openssh/dist/dh.c | 78 +-
crypto/external/bsd/openssh/dist/dh.h | 6 +-
crypto/external/bsd/openssh/dist/digest-openssl.c | 28 +-
crypto/external/bsd/openssh/dist/dispatch.c | 6 +-
crypto/external/bsd/openssh/dist/dispatch.h | 9 +-
crypto/external/bsd/openssh/dist/groupaccess.c | 5 +-
crypto/external/bsd/openssh/dist/kex.c | 349 ++-
crypto/external/bsd/openssh/dist/kex.h | 81 +-
crypto/external/bsd/openssh/dist/kexc25519.c | 186 +-
crypto/external/bsd/openssh/dist/kexdh.c | 202 +-
crypto/external/bsd/openssh/dist/kexecdh.c | 211 +-
crypto/external/bsd/openssh/dist/kexgen.c | 331 ++
crypto/external/bsd/openssh/dist/kexgex.c | 30 +-
crypto/external/bsd/openssh/dist/kexgexc.c | 127 +-
crypto/external/bsd/openssh/dist/kexgexs.c | 134 +-
crypto/external/bsd/openssh/dist/kexsntrup4591761x25519.c | 217 +
crypto/external/bsd/openssh/dist/krl.c | 126 +-
crypto/external/bsd/openssh/dist/krl.h | 6 +-
crypto/external/bsd/openssh/dist/match.c | 10 +-
crypto/external/bsd/openssh/dist/match.h | 3 +-
crypto/external/bsd/openssh/dist/misc.c | 122 +-
crypto/external/bsd/openssh/dist/misc.h | 12 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 | 179 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 | 155 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 | 138 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 | 134 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 | 142 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 | 138 +-
crypto/external/bsd/openssh/dist/moduli.c | 21 +-
crypto/external/bsd/openssh/dist/monitor.c | 204 +-
crypto/external/bsd/openssh/dist/monitor.h | 13 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 24 +-
crypto/external/bsd/openssh/dist/monitor_wrap.h | 16 +-
crypto/external/bsd/openssh/dist/mux.c | 101 +-
crypto/external/bsd/openssh/dist/myproposal.h | 25 +-
crypto/external/bsd/openssh/dist/nchan.c | 71 +-
crypto/external/bsd/openssh/dist/packet.c | 94 +-
crypto/external/bsd/openssh/dist/packet.h | 12 +-
crypto/external/bsd/openssh/dist/progressmeter.c | 60 +-
crypto/external/bsd/openssh/dist/progressmeter.h | 3 +-
crypto/external/bsd/openssh/dist/readconf.c | 101 +-
crypto/external/bsd/openssh/dist/readconf.h | 7 +-
crypto/external/bsd/openssh/dist/readpass.c | 15 +-
crypto/external/bsd/openssh/dist/scp.1 | 31 +-
crypto/external/bsd/openssh/dist/scp.c | 311 ++-
crypto/external/bsd/openssh/dist/servconf.c | 95 +-
crypto/external/bsd/openssh/dist/servconf.h | 9 +-
crypto/external/bsd/openssh/dist/serverloop.c | 375 +-
crypto/external/bsd/openssh/dist/session.c | 239 +-
crypto/external/bsd/openssh/dist/session.h | 3 +-
crypto/external/bsd/openssh/dist/sftp-client.c | 58 +-
crypto/external/bsd/openssh/dist/sftp-client.h | 5 +-
crypto/external/bsd/openssh/dist/sftp-common.c | 4 +-
crypto/external/bsd/openssh/dist/sftp-server.c | 79 +-
crypto/external/bsd/openssh/dist/sftp.1 | 55 +-
crypto/external/bsd/openssh/dist/sftp.c | 117 +-
crypto/external/bsd/openssh/dist/sntrup4591761.c | 1081 ++++++++
crypto/external/bsd/openssh/dist/sntrup4591761.sh | 57 +
crypto/external/bsd/openssh/dist/ssh-add.1 | 23 +-
crypto/external/bsd/openssh/dist/ssh-add.c | 124 +-
crypto/external/bsd/openssh/dist/ssh-agent.c | 24 +-
crypto/external/bsd/openssh/dist/ssh-dss.c | 28 +-
crypto/external/bsd/openssh/dist/ssh-ecdsa.c | 23 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 69 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 347 +-
crypto/external/bsd/openssh/dist/ssh-keyscan.c | 23 +-
crypto/external/bsd/openssh/dist/ssh-keysign.c | 5 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c | 167 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 | 27 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c | 101 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.c | 1615 ++++++++++--
crypto/external/bsd/openssh/dist/ssh-pkcs11.h | 18 +-
crypto/external/bsd/openssh/dist/ssh-rsa.c | 49 +-
crypto/external/bsd/openssh/dist/ssh.1 | 75 +-
crypto/external/bsd/openssh/dist/ssh.c | 134 +-
crypto/external/bsd/openssh/dist/ssh.h | 6 +-
crypto/external/bsd/openssh/dist/ssh_api.c | 168 +-
crypto/external/bsd/openssh/dist/ssh_config | 3 +-
crypto/external/bsd/openssh/dist/ssh_config.5 | 73 +-
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c | 63 +-
crypto/external/bsd/openssh/dist/sshbuf.c | 17 +-
crypto/external/bsd/openssh/dist/sshbuf.h | 6 +-
crypto/external/bsd/openssh/dist/sshconnect.c | 294 +-
crypto/external/bsd/openssh/dist/sshconnect.h | 16 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 411 +-
crypto/external/bsd/openssh/dist/sshd.c | 432 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 19 +-
crypto/external/bsd/openssh/dist/sshkey.c | 738 +++--
crypto/external/bsd/openssh/dist/sshkey.h | 11 +-
crypto/external/bsd/openssh/dist/version.h | 4 +-
111 files changed, 8834 insertions(+), 3767 deletions(-)
diffs (truncated from 21115 to 300 lines):
diff -r 02ddd40e9ebf -r 0784089e00fd crypto/external/bsd/openssh/dist/OVERVIEW
--- a/crypto/external/bsd/openssh/dist/OVERVIEW Sun Aug 26 07:39:56 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/OVERVIEW Sat Apr 20 17:13:53 2019 +0000
@@ -34,11 +34,12 @@
- Ssh contains several encryption algorithms. These are all
accessed through the cipher.h interface. The interface code is
- in cipher.c, and the implementations are in libc.
+ in cipher.c, and the implementations are either in libc or
+ LibreSSL.
Multiple Precision Integer Library
- - Uses the SSLeay BIGNUM sublibrary.
+ - Uses the LibreSSL BIGNUM sublibrary.
Random Numbers
@@ -158,4 +159,4 @@
uidswap.c uid-swapping
xmalloc.c "safe" malloc routines
-$OpenBSD: OVERVIEW,v 1.14 2018/07/27 03:55:22 dtucker Exp $
+$OpenBSD: OVERVIEW,v 1.15 2018/10/23 05:56:35 djm Exp $
diff -r 02ddd40e9ebf -r 0784089e00fd crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Sun Aug 26 07:39:56 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Sat Apr 20 17:13:53 2019 +0000
@@ -334,6 +334,13 @@
give clients an opportunity to learn them using this extension) before
removing the deprecated key from those offered.
+2.6. connection: SIGINFO support for "signal" channel request
+
+The SSH channels protocol (RFC4254 section 6.9) supports sending a
+signal to a session attached to a channel. OpenSSH supports one
+extension signal "INFO%openssh.com@localhost" that allows sending SIGINFO on
+BSD-derived systems.
+
3. SFTP protocol changes
3.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK
@@ -489,4 +496,4 @@
PROTOCOL.mux over a Unix domain socket for communications between a
master instance and later clients.
-$OpenBSD: PROTOCOL,v 1.35 2018/08/10 00:44:01 djm Exp $
+$OpenBSD: PROTOCOL,v 1.36 2018/10/02 12:51:58 djm Exp $
diff -r 02ddd40e9ebf -r 0784089e00fd crypto/external/bsd/openssh/dist/PROTOCOL.certkeys
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys Sun Aug 26 07:39:56 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys Sat Apr 20 17:13:53 2019 +0000
@@ -36,6 +36,7 @@
ecdsa-sha2-nistp256-cert-v01%openssh.com@localhost
ecdsa-sha2-nistp384-cert-v01%openssh.com@localhost
ecdsa-sha2-nistp521-cert-v01%openssh.com@localhost
+ ssh-ed25519-cert-v01%openssh.com@localhost
Two additional types exist for RSA certificates to force use of
SHA-2 signatures (SHA-256 and SHA-512 respectively):
@@ -303,4 +304,4 @@
of this script will not be permitted if
this option is not present.
-$OpenBSD: PROTOCOL.certkeys,v 1.15 2018/07/03 11:39:54 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.16 2018/10/26 01:23:03 djm Exp $
diff -r 02ddd40e9ebf -r 0784089e00fd crypto/external/bsd/openssh/dist/PROTOCOL.krl
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.krl Sun Aug 26 07:39:56 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.krl Sat Apr 20 17:13:53 2019 +0000
@@ -36,6 +36,7 @@
#define KRL_SECTION_EXPLICIT_KEY 2
#define KRL_SECTION_FINGERPRINT_SHA1 3
#define KRL_SECTION_SIGNATURE 4
+#define KRL_SECTION_FINGERPRINT_SHA256 5
2. Certificate section
@@ -127,18 +128,19 @@
This section may appear multiple times.
-4. SHA1 fingerprint sections
+4. SHA1/SHA256 fingerprint sections
-These sections, identified as KRL_SECTION_FINGERPRINT_SHA1, revoke
-plain keys (i.e. not certificates) by listing their SHA1 hashes:
+These sections, identified as KRL_SECTION_FINGERPRINT_SHA1 and
+KRL_SECTION_FINGERPRINT_SHA256, revoke plain keys (i.e. not
+certificates) by listing their hashes:
string public_key_hash[0]
....
This section must contain at least one "public_key_hash". The hash blob
-is obtained by taking the SHA1 hash of the public key blob. Hashes in
-this section must appear in numeric order, treating each hash as a big-
-endian integer.
+is obtained by taking the SHA1 or SHA256 hash of the public key blob.
+Hashes in this section must appear in numeric order, treating each hash
+as a big-endian integer.
This section may appear multiple times.
@@ -166,4 +168,4 @@
signatures. Signature sections are optional for KRLs distributed by
trusted means.
-$OpenBSD: PROTOCOL.krl,v 1.4 2018/04/10 00:10:49 djm Exp $
+$OpenBSD: PROTOCOL.krl,v 1.5 2018/09/12 01:21:34 djm Exp $
diff -r 02ddd40e9ebf -r 0784089e00fd crypto/external/bsd/openssh/dist/PROTOCOL.mux
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.mux Sun Aug 26 07:39:56 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.mux Sat Apr 20 17:13:53 2019 +0000
@@ -1,15 +1,52 @@
This document describes the multiplexing protocol used by ssh(1)'s
ControlMaster connection-sharing.
-Most messages from the client to the server contain a "request id" field.
-This field is returned in replies as "client request id" to facilitate
-matching of responses to requests.
+Multiplexing starts with a ssh(1) configured to act as a multiplexing
+master. This will cause ssh(1) to listen on a Unix domain socket for
+requests from clients. Clients communicate over this socket using a
+simple packetised protocol, where each message is proceeded with
+a length and message type in SSH uint32 wire format:
+
+ uint32 packet length
+ uint32 packet type
+ ... packet body
+
+Most messages from the client to the server contain a "request id"
+field. This field is returned in replies as "client request id" to
+facilitate matching of responses to requests.
+
+Many muliplexing (mux) client requests yield immediate responses from
+the mux process; requesting a forwarding, performing an alive check or
+requesting the master terminate itself fall in to this category.
+
+The most common use of multiplexing however is to maintain multiple
+concurrent sessions. These are supported via two separate modes:
+
+"Passenger" clients start by requesting a new session with a
+MUX_C_NEW_SESSION message and passing stdio file descriptors over the
+Unix domain control socket. The passenger client then waits until it is
+signaled or the mux server closes the session. This mode is so named as
+the client waits around while the mux server does all the driving.
+
+Stdio forwarding (requested using MUX_C_NEW_STDIO_FWD) is another
+example of passenger mode; the client passes the stdio file descriptors
+and passively waits for something to happen.
+
+"Proxy" clients, requested using MUX_C_PROXY, work quite differently. In
+this mode, the mux client/server connection socket will stop speaking
+the multiplexing protocol and start proxying SSH connection protocol
+messages between the client and server. The client therefore must
+speak a significant subset of the SSH protocol, but in return is able
+to access basically the full suite of connection protocol features.
+Moreover, as no file descriptor passing is required, the connection
+supporting a proxy client may iteself be forwarded or relayed to another
+host if necessary.
1. Connection setup
When a multiplexing connection is made to a ssh(1) operating as a
-ControlMaster from a ssh(1) in multiplex slave mode, the first
-action of each is to exchange hello messages:
+ControlMaster from a client ssh(1), the first action of each is send
+a hello messages to its peer:
uint32 MUX_MSG_HELLO
uint32 protocol version
@@ -17,16 +54,16 @@
string extension value [optional]
...
-The current version of the mux protocol is 4. A slave should refuse
+The current version of the mux protocol is 4. A client should refuse
to connect to a master that speaks an unsupported protocol version.
-Following the version identifier are zero or more extensions
-represented as a name/value pair. No extensions are currently
-defined.
+
+Following the version identifier are zero or more extensions represented
+as a name/value pair. No extensions are currently defined.
-2. Opening sessions
+2. Opening a passenger mode session
-To open a new multiplexed session, a client may send the following
-request:
+To open a new multiplexed session in passenger mode, a client sends the
+following request:
uint32 MUX_C_NEW_SESSION
uint32 request id
@@ -80,7 +117,25 @@
uint32 MUX_S_TTY_ALLOC_FAIL
uint32 session id
-3. Health checks
+3. Requesting passenger-mode stdio forwarding
+
+A client may request the master to establish a stdio forwarding:
+
+ uint32 MUX_C_NEW_STDIO_FWD
+ uint32 request id
+ string reserved
+ string connect host
+ string connect port
+
+The client then sends its standard input and output file descriptors
+(in that order) using Unix domain socket control messages.
+
+The contents of "reserved" are currently ignored.
+
+A server may reply with a MUX_S_SESSION_OPENED, a MUX_S_PERMISSION_DENIED
+or a MUX_S_FAILURE.
+
+4. Health checks
The client may request a health check/PID report from a server:
@@ -93,7 +148,7 @@
uint32 client request id
uint32 server pid
-4. Remotely terminating a master
+5. Remotely terminating a master
A client may request that a master terminate immediately:
@@ -102,7 +157,7 @@
The server will reply with one of MUX_S_OK or MUX_S_PERMISSION_DENIED.
-5. Requesting establishment of port forwards
+6. Requesting establishment of port forwards
A client may request the master to establish a port forward:
@@ -131,7 +186,7 @@
uint32 client request id
uint32 allocated remote listen port
-6. Requesting closure of port forwards
+7. Requesting closure of port forwards
Note: currently unimplemented (server will always reply with MUX_S_FAILURE).
@@ -148,24 +203,6 @@
A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
MUX_S_FAILURE.
-7. Requesting stdio forwarding
-
-A client may request the master to establish a stdio forwarding:
-
- uint32 MUX_C_NEW_STDIO_FWD
- uint32 request id
- string reserved
- string connect host
- string connect port
-
-The client then sends its standard input and output file descriptors
-(in that order) using Unix domain socket control messages.
-
-The contents of "reserved" are currently ignored.
-
-A server may reply with a MUX_S_SESSION_OPENED, a MUX_S_PERMISSION_DENIED
-or a MUX_S_FAILURE.
-
8. Requesting shutdown of mux listener
A client may request the master to stop accepting new multiplexing requests
@@ -177,7 +214,34 @@
A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
MUX_S_FAILURE.
-9. Status messages
+9. Requesting proxy mode
+
+A client may request that the the control connection be placed in proxy
+mode:
+
+ uint32 MUX_C_PROXY
+ uint32 request id
+
+When a mux master receives this message, it will reply with a
+confirmation:
+
+ uint32 MUX_S_PROXY
+ uint32 request id
+
+And go into proxy mode. All subsequent data over the connection will
+be formatted as unencrypted, unpadded, SSH transport messages:
+
+ uint32 packet length
+ byte 0 (padding length)
+ byte packet type
+ byte[packet length - 2] ...
+
+The mux master will accept most connection messages and global requests,
+and will translate channel identifiers to ensure that the proxy client has
Home |
Main Index |
Thread Index |
Old Index