external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/ssh_config.5 b/ssh_config.5
index a782d6f..140d0ba 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.153 2011/08/02 01:22:11 djm Exp $
-.Dd $Mdocdate: August 2 2011 $
+.\" $OpenBSD: ssh_config.5,v 1.205 2015/02/20 22:17:21 djm Exp $
+.Dd $Mdocdate: February 20 2015 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -65,7 +65,10 @@
.Dq Host
specifications, and that section is only applied for hosts that
match one of the patterns given in the specification.
-The matched host name is the one given on the command line.
+The matched host name is usually the one given on the command line
+(see the
+.Cm CanonicalizeHostname
+option for exceptions.)
.Pp
Since the first obtained value for each parameter is used, more
host-specific declarations should be given near the beginning of the
@@ -100,6 +103,8 @@
.It Cm Host
Restricts the following declarations (up to the next
.Cm Host
+or
+.Cm Match
keyword) to be only for those hosts that match one of the patterns
given after the keyword.
If more than one pattern is provided, they should be separated by whitespace.
@@ -107,10 +112,12 @@
.Ql *
as a pattern can be used to provide global
defaults for all hosts.
-The host is the
+The host is usually the
.Ar hostname
-argument given on the command line (i.e. the name is not converted to
-a canonicalized host name before matching).
+argument given on the command line
+(see the
+.Cm CanonicalizeHostname
+option for exceptions.)
.Pp
A pattern entry may be negated by prefixing it with an exclamation mark
.Pq Sq !\& .
@@ -124,6 +131,96 @@
See
.Sx PATTERNS
for more information on patterns.
+.It Cm Match
+Restricts the following declarations (up to the next
+.Cm Host
+or
+.Cm Match
+keyword) to be used only when the conditions following the
+.Cm Match
+keyword are satisfied.
+Match conditions are specified using one or more critera
+or the single token
+.Cm all
+which always matches.
+The available criteria keywords are:
+.Cm canonical ,
+.Cm exec ,
+.Cm host ,
+.Cm originalhost ,
+.Cm user ,
+and
+.Cm localuser .
+The
+.Cm all
+criteria must appear alone or immediately after
+.Cm canonical .
+Other criteria may be combined arbitrarily.
+All criteria but
+.Cm all
+and
+.Cm canonical
+require an argument.
+Criteria may be negated by prepending an exclamation mark
+.Pq Sq !\& .
+.Pp
+The
+.Cm canonical
+keywork matches only when the configuration file is being re-parsed
+after hostname canonicalization (see the
+.Cm CanonicalizeHostname
+option.)
+This may be useful to specify conditions that work with canonical host
+names only.
+The
+.Cm exec
+keyword executes the specified command under the user's shell.
+If the command returns a zero exit status then the condition is considered true.
+Commands containing whitespace characters must be quoted.
+The following character sequences in the command will be expanded prior to
+execution:
+.Ql %L
+will be substituted by the first component of the local host name,
+.Ql %l
+will be substituted by the local host name (including any domain name),
+.Ql %h
+will be substituted by the target host name,
+.Ql %n
+will be substituted by the original target host name
+specified on the command-line,
+.Ql %p
+the destination port,
+.Ql %r
+by the remote login username, and
+.Ql %u
+by the username of the user running
+.Xr ssh 1 .
+.Pp
+The other keywords' criteria must be single entries or comma-separated
+lists and may use the wildcard and negation operators described in the
+.Sx PATTERNS
+section.
+The criteria for the
+.Cm host
+keyword are matched against the target hostname, after any substitution
+by the
+.Cm Hostname
+or
+.Cm CanonicalizeHostname
+options.
+The
+.Cm originalhost
+keyword matches against the hostname as it was specified on the command-line.
+The
+.Cm user
+keyword matches against the target username on the remote host.
+The
+.Cm localuser
+keyword matches against the name of the local user running
+.Xr ssh 1
+(this keyword may be useful in system-wide
+.Nm
+files).
.It Cm AddressFamily
Specifies which address family to use when connecting.
Valid arguments are
@@ -152,6 +249,82 @@
.Cm UsePrivilegedPort
is set to
.Dq yes .
+.It Cm CanonicalDomains
+When
+.Cm CanonicalizeHostname
+is enabled, this option specifies the list of domain suffixes in which to
+search for the specified destination host.
+.It Cm CanonicalizeFallbackLocal
+Specifies whether to fail with an error when hostname canonicalization fails.
+The default,
+.Dq yes ,
+will attempt to look up the unqualified hostname using the system resolver's
+search rules.
+A value of
+.Dq no
+will cause
+.Xr ssh 1
+to fail instantly if
+.Cm CanonicalizeHostname
+is enabled and the target hostname cannot be found in any of the domains
+specified by
+.Cm CanonicalDomains .
+.It Cm CanonicalizeHostname
+Controls whether explicit hostname canonicalization is performed.
+The default,
+.Dq no ,
+is not to perform any name rewriting and let the system resolver handle all
+hostname lookups.
+If set to
+.Dq yes
+then, for connections that do not use a
+.Cm ProxyCommand ,
+.Xr ssh 1
+will attempt to canonicalize the hostname specified on the command line
+using the
+.Cm CanonicalDomains
+suffixes and
+.Cm CanonicalizePermittedCNAMEs
+rules.
+If
+.Cm CanonicalizeHostname
+is set to
+.Dq always ,
+then canonicalization is applied to proxied connections too.
+.Pp
+If this option is enabled, then the configuration files are processed
+again using the new target name to pick up any new configuration in matching
+.Cm Host
+and
+.Cm Match
+stanzas.
+.It Cm CanonicalizeMaxDots
+Specifies the maximum number of dot characters in a hostname before
+canonicalization is disabled.
+The default,
+.Dq 1 ,
+allows a single dot (i.e. hostname.subdomain).
+.It Cm CanonicalizePermittedCNAMEs
+Specifies rules to determine whether CNAMEs should be followed when
+canonicalizing hostnames.
+The rules consist of one or more arguments of
+.Ar source_domain_list : Ns Ar target_domain_list ,
+where
+.Ar source_domain_list
+is a pattern-list of domains that may follow CNAMEs in canonicalization,
+and
+.Ar target_domain_list
+is a pattern-list of domains that they may resolve to.
+.Pp
+For example,
+.Dq *.a.example.com:*.b.example.com,*.c.example.com
+will allow hostnames matching
+.Dq *.a.example.com
+to be canonicalized to names in the
+.Dq *.b.example.com
+or
+.Dq *.c.example.com
+domains.
.It Cm ChallengeResponseAuthentication
Specifies whether to use challenge-response authentication.
The argument to this keyword must be
@@ -196,26 +369,57 @@
Specifies the ciphers allowed for protocol version 2
in order of preference.
Multiple ciphers must be comma-separated.
-The supported ciphers are
-.Dq 3des-cbc ,
-.Dq aes128-cbc ,
-.Dq aes192-cbc ,
-.Dq aes256-cbc ,
-.Dq aes128-ctr ,
-.Dq aes192-ctr ,
-.Dq aes256-ctr ,
-.Dq arcfour128 ,
-.Dq arcfour256 ,
-.Dq arcfour ,
-.Dq blowfish-cbc ,
-and
-.Dq cast128-cbc .
+The supported ciphers are:
+.Pp
+.Bl -item -compact -offset indent
+.It
+3des-cbc
+.It
+aes128-cbc
+.It
+aes192-cbc
+.It
+aes256-cbc
+.It
+aes128-ctr
+.It
+aes192-ctr
+.It
+aes256-ctr
+.It
+aes128-gcm@openssh.com
+.It
+aes256-gcm@openssh.com
+.It
+arcfour
+.It
+arcfour128
+.It
+arcfour256
+.It
+blowfish-cbc
+.It
+cast128-cbc
+.It
+chacha20-poly1305@openssh.com
+.El
+.Pp
The default is:
-.Bd -literal -offset 3n
-aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
-aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
-aes256-cbc,arcfour
+.Bd -literal -offset indent
+aes128-ctr,aes192-ctr,aes256-ctr,
+aes128-gcm@openssh.com,aes256-gcm@openssh.com,
+chacha20-poly1305@openssh.com,
+arcfour256,arcfour128,
+aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
+aes192-cbc,aes256-cbc,arcfour
.Ed
+.Pp
+The list of available ciphers may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq cipher .
.It Cm ClearAllForwardings
Specifies that all local, remote, and dynamic port forwardings
specified in the configuration files or on the command line be
@@ -324,16 +528,19 @@
will be substituted by the original target host name
specified on the command line,
.Ql %p
-the port,
+the destination port,
.Ql %r
-by the remote login username, and
+by the remote login username,
.Ql %u
by the username of the user running
-.Xr ssh 1 .
+.Xr ssh 1 , and
+.Ql \&%C
+by a hash of the concatenation: %l%h%p%r.
It is recommended that any
.Cm ControlPath
used for opportunistic connection sharing include
-at least %h, %p, and %r.
+at least %h, %p, and %r (or alternatively %C) and be placed in a directory
+that is not writable by other users.
This ensures that shared connections are uniquely identified.
.It Cm ControlPersist
When used in conjunction with
@@ -346,7 +553,9 @@
then the master connection will not be placed into the background,
and will close as soon as the initial client connection is closed.
If set to
-.Dq yes ,
+.Dq yes
+or
+.Dq 0 ,
then the master connection will remain in the background indefinitely
(until killed or closed via a mechanism such as the
.Xr ssh 1
@@ -431,6 +640,14 @@
.Dq no .
The default is
.Dq no .
+.It Cm FingerprintHash
+Specifies the hash algorithm used when displaying key fingerprints.
+Valid options are:
+.Dq md5
+and
+.Dq sha256 .
+The default is
+.Dq sha256 .
.It Cm ForwardAgent
Specifies whether the connection to the authentication agent (if any)
will be forwarded to the remote machine.
@@ -471,8 +688,7 @@
.It Cm ForwardX11Timeout
Specify a timeout for untrusted X11 forwarding
using the format described in the
-.Sx TIME FORMATS
-section of
+TIME FORMATS section of
.Xr sshd_config 5 .
X11 connections received by
.Xr ssh 1
@@ -561,6 +777,17 @@
This option applies to protocol version 2 only and
is similar to
.Cm RhostsRSAAuthentication .
+.It Cm HostbasedKeyTypes
+Specifies the key types that will be used for hostbased authentication
+as a comma-separated pattern list.
+The default
+.Dq *
+will allow all key types.
+The
+.Fl Q
+option of
+.Xr ssh 1
+may be used to list supported key types.
.It Cm HostKeyAlgorithms
Specifies the protocol version 2 host key algorithms
that the client wants to use in order of preference.
@@ -569,14 +796,22 @@
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ssh-ed25519-cert-v01@openssh.com,
ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-rsa,ssh-dss
+ssh-ed25519,ssh-rsa,ssh-dss
.Ed
.Pp
If hostkeys are known for the destination host then this default is modified
to prefer their algorithms.
+.Pp
+The list of available key types may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq key .
.It Cm HostKeyAlias
Specifies an alias that should be used instead of the
real host name when looking up or saving the host key
@@ -590,6 +825,12 @@
.Ql %h ,
then this will be replaced with the host name specified on the command line
(this is useful for manipulating unqualified names).
+The character sequence
+.Ql %%
+will be replaced by a single
+.Ql %
+character, which may be used when specifying IPv6 link-local addresses.
+.Pp
The default is the name given on the command line.
Numeric IP addresses are also permitted (both on the command line and in
.Cm HostName
@@ -602,6 +843,8 @@
files,
even if
.Xr ssh-agent 1
+or a
+.Cm PKCS11Provider
offers more identities.
The argument to this keyword must be
.Dq yes
@@ -612,18 +855,21 @@
The default is
.Dq no .
.It Cm IdentityFile
-Specifies a file from which the user's DSA, ECDSA or DSA authentication
+Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
identity is read.
The default is
.Pa ~/.ssh/identity
for protocol version 1, and
.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa
+.Pa ~/.ssh/id_ecdsa ,
+.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/id_rsa
for protocol version 2.
Additionally, any identities represented by the authentication agent
-will be used for authentication.
+will be used for authentication unless
+.Cm IdentitiesOnly
+is set.
.Xr ssh 1
will try to load certificate information from the filename obtained by
appending
@@ -652,13 +898,29 @@
.Cm IdentityFile
directives will add to the list of identities tried (this behaviour
differs from that of other configuration directives).
+.Pp
+.Cm IdentityFile
+may be used in conjunction with
+.Cm IdentitiesOnly
+to select which identities in an agent are offered during authentication.
+.It Cm IgnoreUnknown
+Specifies a pattern-list of unknown options to be ignored if they are
+encountered in configuration parsing.
+This may be used to suppress errors if
+.Nm
+contains options that are unrecognised by
+.Xr ssh 1 .
+It is recommended that
+.Cm IgnoreUnknown
+be listed early in the configuration file as it will not be applied
+to unknown options that appear before it.
.It Cm IPQoS
Specifies the IPv4 type-of-service or DSCP class for connections.
Accepted values are
.Dq af11 ,
.Dq af12 ,
.Dq af13 ,
-.Dq af14 ,
+.Dq af21 ,
.Dq af22 ,
.Dq af23 ,
.Dq af31 ,
@@ -713,12 +975,20 @@
Multiple algorithms must be comma-separated.
The default is:
.Bd -literal -offset indent
+curve25519-sha256@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
-diffie-hellman-group-exchange-sha1,
diffie-hellman-group14-sha1,
+diffie-hellman-group-exchange-sha1,
diffie-hellman-group1-sha1
.Ed
+.Pp
+The list of available key exchange algorithms may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq kex .
.It Cm LocalCommand
Specifies a command to execute on the local machine after successfully
connecting to the server.
@@ -738,7 +1008,9 @@
.Ql %r
(remote user name) or
.Ql %u
-(local user name).
+(local user name) or
+.Ql \&%C
+by a hash of the concatenation: %l%h%p%r.
.Pp
The command is run synchronously and does not have access to the
session of the
@@ -790,13 +1062,29 @@
The MAC algorithm is used in protocol version 2
for data integrity protection.
Multiple algorithms must be comma-separated.
+The algorithms that contain
+.Dq -etm
+calculate the MAC after encryption (encrypt-then-mac).
+These are considered safer and their use recommended.
The default is:
.Bd -literal -offset indent
-hmac-md5,hmac-sha1,umac-64@openssh.com,
-hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
-hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,
-hmac-sha2-512-96
+umac-64-etm@openssh.com,umac-128-etm@openssh.com,
+hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
+umac-64@openssh.com,umac-128@openssh.com,
+hmac-sha2-256,hmac-sha2-512,
+hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
+hmac-ripemd160-etm@openssh.com,
+hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,
+hmac-md5,hmac-sha1,hmac-ripemd160,
+hmac-sha1-96,hmac-md5-96
.Ed
+.Pp
+The list of available MAC algorithms may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq mac .
.It Cm NoHostAuthenticationForLocalhost
This option can be used if the home directory is shared across machines.
In this case localhost will refer to a different machine on each of
@@ -872,8 +1160,11 @@
.It Cm ProxyCommand
Specifies the command to use to connect to the server.
The command
-string extends to the end of the line, and is executed with
-the user's shell.
+string extends to the end of the line, and is executed
+using the user's shell
+.Ql exec
+directive to avoid a lingering shell process.
+.Pp
In the command string, any occurrence of
.Ql %h
will be substituted by the host name to
@@ -907,6 +1198,14 @@
.Bd -literal -offset 3n
ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
.Ed
+.It Cm ProxyUseFdpass
+Specifies that
+.Cm ProxyCommand
+will pass a connected file descriptor back to
+.Xr ssh 1
+instead of continuing to execute and pass data.
+The default is
+.Dq no .
.It Cm PubkeyAuthentication
Specifies whether to try public key authentication.
The argument to this keyword must be
@@ -918,8 +1217,9 @@
This option applies to protocol version 2 only.
.It Cm RekeyLimit
Specifies the maximum amount of data that may be transmitted before the
-session key is renegotiated.
-The argument is the number of bytes, with an optional suffix of
+session key is renegotiated, optionally followed a maximum amount of
+time that may pass before the session key is renegotiated.
+The first argument is specified in bytes and may have a suffix of
.Sq K ,
.Sq M ,
or
@@ -930,6 +1230,16 @@
and
.Sq 4G ,
depending on the cipher.
+The optional second value is specified in seconds and may use any of the
+units documented in the
+TIME FORMATS section of
+.Xr sshd_config 5 .
+The default value for
+.Cm RekeyLimit
+is
+.Dq default none ,
+which means that rekeying is performed after the cipher's default amount
+of data has been sent or received and no time based rekeying is done.
This option applies to protocol version 2 only.
.It Cm RemoteForward
Specifies that a TCP port on the remote machine be forwarded over
@@ -985,6 +1295,16 @@
.Fl T
flags for
.Xr ssh 1 .
+.It Cm RevokedHostKeys
+Specifies revoked host public keys.
+Keys listed in this file will be refused for host authentication.
+Note that if this file does not exist or is not readable,
+then host authentication will be refused for all hosts.
+Keys may be specified as a text file, listing one public key per line, or as
+an OpenSSH Key Revocation List (KRL) as generated by
+.Xr ssh-keygen 1 .
+For more information on KRLs, see the KEY REVOCATION LISTS section in
+.Xr ssh-keygen 1 .
.It Cm RhostsRSAAuthentication
Specifies whether to try rhosts based authentication with RSA host
authentication.
@@ -1067,6 +1387,33 @@
The default
is 0, indicating that these messages will not be sent to the server.
This option applies to protocol version 2 only.
+.It Cm StreamLocalBindMask
+Sets the octal file creation mode mask
+.Pq umask
+used when creating a Unix-domain socket file for local or remote
+port forwarding.
+This option is only used for port forwarding to a Unix-domain socket file.
+.Pp
+The default value is 0177, which creates a Unix-domain socket file that is
+readable and writable only by the owner.
+Note that not all operating systems honor the file mode on Unix-domain
+socket files.
+.It Cm StreamLocalBindUnlink
+Specifies whether to remove an existing Unix-domain socket file for local
+or remote port forwarding before creating a new one.
+If the socket file already exists and
+.Cm StreamLocalBindUnlink
+is not enabled,
+.Nm ssh
+will be unable to forward the port to the Unix-domain socket file.
+This option is only used for port forwarding to a Unix-domain socket file.
+.Pp
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
.It Cm StrictHostKeyChecking
If this flag is set to
.Dq yes ,
@@ -1156,6 +1503,36 @@
.Dq any .
The default is
.Dq any:any .
+.It Cm UpdateHostKeys
+Specifies whether
+.Xr ssh 1
+should accept notifications of additional hostkeys from the server sent
+after authentication has completed and add them to
+.Cm UserKnownHostsFile .
+The argument must be
+.Dq yes ,
+.Dq no
+(the default) or
+.Dq ask .
+Enabling this option allows learning alternate hostkeys for a server
+and supports graceful key rotation by allowing a server to send replacement
+public keys before old ones are removed.
+Additional hostkeys are only accepted if the key used to authenticate the
+host was already trusted or explicity accepted by the user.
+If
+.Cm UpdateHostKeys
+is set to
+.Dq ask ,
+then the user is asked to confirm the modifications to the known_hosts file.
+Confirmation is currently incompatible with
+.Cm ControlPersist ,
+and will be disabled if it is enabled.
+.Pp
+Presently, only
+.Xr sshd 8
+from OpenSSH 6.8 and greater support the
+.Dq hostkeys@openssh.com
+protocol extension used to inform the client of all the server's hostkeys.
.It Cm UsePrivilegedPort
Specifies whether to use a privileged port for outgoing connections.
The argument must be
@@ -1208,20 +1585,18 @@
.Dq no .
Note that this option applies to protocol version 2 only.
.Pp
-See also
-.Sx VERIFYING HOST KEYS
-in
+See also VERIFYING HOST KEYS in
.Xr ssh 1 .
.It Cm VisualHostKey
If this flag is set to
.Dq yes ,
an ASCII art representation of the remote host key fingerprint is
-printed in addition to the hex fingerprint string at login and
+printed in addition to the fingerprint string at login and
for unknown host keys.
If this flag is set to
.Dq no ,
no fingerprint strings are printed at login and
-only the hex fingerprint string will be printed for unknown host keys.
+only the fingerprint string will be printed for unknown host keys.
The default is
.Dq no .
.It Cm XAuthLocation
@@ -1259,7 +1634,7 @@
by preceding them with an exclamation mark
.Pq Sq !\& .
For example,
-to allow a key to be used from anywhere within an organisation
+to allow a key to be used from anywhere within an organization
except from the
.Dq dialup
pool,