ssh: Update to OpenSSH 9.4p1

Excerpts from the release notes:

* ssh-agent(1): PKCS#11 modules must now be specified by their full
paths. Previously dlopen(3) could search for them in system
library directories.

* ssh(1): allow forwarding Unix Domain sockets via ssh -W.

* ssh(1): add support for configuration tags to ssh(1).
This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.

* ssh(1): add a "match localnetwork" predicate. This allows matching
on the addresses of available network interfaces and may be used to
vary the effective client configuration based on network location.

* ssh-agent(1): improve isolation between loaded PKCS#11 modules
by running separate ssh-pkcs11-helpers for each loaded provider.

* ssh-agent(1), ssh(1): improve defences against invalid PKCS#11
modules being loaded by checking that the requested module
contains the required symbol before loading it.

* ssh(1): don't incorrectly disable hostname canonicalization when
CanonicalizeHostname=yes and ProxyJump was expicitly set to
"none". bz3567

Full release notes at https://www.openssh.com/txt/release-9.4

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

ssh: Update to OpenSSH 9.3p1

This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):

This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.

* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.

The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.

Sponsored by: The FreeBSD Foundation

ssh: update to OpenSSH 9.2p1

Release notes are available at https://www.openssh.com/txt/release-9.2

OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem. The memory safety problem is not believed to be exploitable.
These fixes have already been committed to OpenSSH 9.1 in FreeBSD.

Some other notable items from the release notes:

* ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
controls whether the client-side ~C escape sequence that provides a
command-line is available. Among other things, the ~C command-line
could be used to add additional port-forwards at runtime.

* sshd(8): add support for channel inactivity timeouts via a new
sshd_config(5) ChannelTimeout directive. This allows channels that
have not seen traffic in a configurable interval to be
automatically closed. Different timeouts may be applied to session,
X11, agent and TCP forwarding channels.

* sshd(8): add a sshd_config UnusedConnectionTimeout option to
terminate client connections that have no open channels for a
length of time. This complements the ChannelTimeout option above.

* sshd(8): add a -V (version) option to sshd like the ssh client has.

* scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to
allow control over some SFTP protocol parameters: the copy buffer
length and the number of in-flight requests, both of which are used
during upload/download. Previously these could be controlled in
sftp(1) only. This makes them available in both SFTP protocol
clients using the same option character sequence.

* ssh-keyscan(1): allow scanning of complete CIDR address ranges,
e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then
it will be expanded to all possible addresses in the range
including the all-0s and all-1s addresses. bz#976

* ssh(1): support dynamic remote port forwarding in escape
command-line's -R processing. bz#3499

MFC after: 1 week
Sponsored by: The FreeBSD Foundation

ssh: update to OpenSSH v8.8p1

OpenSSH v8.8p1 was motivated primarily by a security update and
deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes.

The security update was already applied to FreeBSD as an independent
change, and the RSA/SHA1 deprecation is excluded from this commit but
will immediately follow.

MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

openssh: pass ssh context to BLACKLIST_NOTIFY

Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

openssh: cherry-pick OpenSSL 1.1.1 compatibility

Compatibility with existing OpenSSL versions is maintained.

Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Connect libressl-api-compat.c to the build, and regenerate config.h

Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444

Upgrade to OpenSSH 7.8p1.

Approved by: re (kib@)

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Refine and update blacklist support in sshd

Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.

Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.

Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.4p1.

Upgrade to OpenSSH 7.3p1.

Add refactored blacklist support to sshd

Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051

Revert r301551, which added blacklistd(8) to sshd(8).

This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

Add blacklist support to sshd

Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915

Upgrade to OpenSSH 7.2p2.

Upgrade to OpenSSH 6.9p1.

Upgrade to OpenSSH 6.5p1.

Upgrade to 6.3p1.

Approved by: re (gjb)

Remove the svn:keywords property and restore the historical $FreeBSD$ tag.

Approved by: re (kib)
MFC after: 3 weeks

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

These two files have no local patches except to prevent expansion of the
original $FreeBSD$ keywords. Revert those changes, and simply disable
keyword expansion.

Properly flatten openssh/dist.

Merge conflicts.

MFC after: 1 week

Vendor import of OpenSSH 4.4p1.

Merge conflicts.

Vendor import of OpenSSH 4.3p1.

Resolve conflicts.

Vendor import of OpenSSH 4.2p1.

Resolve conflicts.

Vendor import of OpenSSH 4.1p1.

Vendor import of OpenSSH 4.0p1.

Resolve conflicts

Vendor import of OpenSSH 3.9p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8.1p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8p1.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Vendor import of OpenSSH 3.7.1p2.

Remove RCSID from files which have no other diffs to the vendor branch.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.6.1p1.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.5p1.

Forcibly revert to mainline.

Vendor import of OpenSSH 3.3p1.

Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job.

Sponsored by: DARPA, NAI Labs

Fix conflicts.

Fix some of the handling in the pam module, don't unregister things
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.

Since PAM is broken, let pam_setcred() failure be non-fatal.

Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
(Missing Delta Brigade, tally-ho!)

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

ssh: Update to OpenSSH 9.3p1

This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):

This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.

* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.

The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.

Sponsored by: The FreeBSD Foundation

ssh: update to OpenSSH 9.2p1

Release notes are available at https://www.openssh.com/txt/release-9.2

OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem. The memory safety problem is not believed to be exploitable.
These fixes have already been committed to OpenSSH 9.1 in FreeBSD.

Some other notable items from the release notes:

* ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
controls whether the client-side ~C escape sequence that provides a
command-line is available. Among other things, the ~C command-line
could be used to add additional port-forwards at runtime.

* sshd(8): add support for channel inactivity timeouts via a new
sshd_config(5) ChannelTimeout directive. This allows channels that
have not seen traffic in a configurable interval to be
automatically closed. Different timeouts may be applied to session,
X11, agent and TCP forwarding channels.

* sshd(8): add a sshd_config UnusedConnectionTimeout option to
terminate client connections that have no open channels for a
length of time. This complements the ChannelTimeout option above.

* sshd(8): add a -V (version) option to sshd like the ssh client has.

* scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to
allow control over some SFTP protocol parameters: the copy buffer
length and the number of in-flight requests, both of which are used
during upload/download. Previously these could be controlled in
sftp(1) only. This makes them available in both SFTP protocol
clients using the same option character sequence.

* ssh-keyscan(1): allow scanning of complete CIDR address ranges,
e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then
it will be expanded to all possible addresses in the range
including the all-0s and all-1s addresses. bz#976

* ssh(1): support dynamic remote port forwarding in escape
command-line's -R processing. bz#3499

MFC after: 1 week
Sponsored by: The FreeBSD Foundation

ssh: update to OpenSSH v8.8p1

OpenSSH v8.8p1 was motivated primarily by a security update and
deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes.

The security update was already applied to FreeBSD as an independent
change, and the RSA/SHA1 deprecation is excluded from this commit but
will immediately follow.

MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

openssh: pass ssh context to BLACKLIST_NOTIFY

Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

openssh: cherry-pick OpenSSL 1.1.1 compatibility

Compatibility with existing OpenSSL versions is maintained.

Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Connect libressl-api-compat.c to the build, and regenerate config.h

Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444

Upgrade to OpenSSH 7.8p1.

Approved by: re (kib@)

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Refine and update blacklist support in sshd

Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.

Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.

Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.4p1.

Upgrade to OpenSSH 7.3p1.

Add refactored blacklist support to sshd

Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051

Revert r301551, which added blacklistd(8) to sshd(8).

This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

Add blacklist support to sshd

Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915

Upgrade to OpenSSH 7.2p2.

Upgrade to OpenSSH 6.9p1.

Upgrade to OpenSSH 6.5p1.

Upgrade to 6.3p1.

Approved by: re (gjb)

Remove the svn:keywords property and restore the historical $FreeBSD$ tag.

Approved by: re (kib)
MFC after: 3 weeks

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

These two files have no local patches except to prevent expansion of the
original $FreeBSD$ keywords. Revert those changes, and simply disable
keyword expansion.

Properly flatten openssh/dist.

Merge conflicts.

MFC after: 1 week

Vendor import of OpenSSH 4.4p1.

Merge conflicts.

Vendor import of OpenSSH 4.3p1.

Resolve conflicts.

Vendor import of OpenSSH 4.2p1.

Resolve conflicts.

Vendor import of OpenSSH 4.1p1.

Vendor import of OpenSSH 4.0p1.

Resolve conflicts

Vendor import of OpenSSH 3.9p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8.1p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8p1.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Vendor import of OpenSSH 3.7.1p2.

Remove RCSID from files which have no other diffs to the vendor branch.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.6.1p1.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.5p1.

Forcibly revert to mainline.

Vendor import of OpenSSH 3.3p1.

Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job.

Sponsored by: DARPA, NAI Labs

Fix conflicts.

Fix some of the handling in the pam module, don't unregister things
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.

Since PAM is broken, let pam_setcred() failure be non-fatal.

Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
(Missing Delta Brigade, tally-ho!)

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

ssh: update to OpenSSH 9.2p1

Release notes are available at https://www.openssh.com/txt/release-9.2

OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem. The memory safety problem is not believed to be exploitable.
These fixes have already been committed to OpenSSH 9.1 in FreeBSD.

Some other notable items from the release notes:

* ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
controls whether the client-side ~C escape sequence that provides a
command-line is available. Among other things, the ~C command-line
could be used to add additional port-forwards at runtime.

* sshd(8): add support for channel inactivity timeouts via a new
sshd_config(5) ChannelTimeout directive. This allows channels that
have not seen traffic in a configurable interval to be
automatically closed. Different timeouts may be applied to session,
X11, agent and TCP forwarding channels.

* sshd(8): add a sshd_config UnusedConnectionTimeout option to
terminate client connections that have no open channels for a
length of time. This complements the ChannelTimeout option above.

* sshd(8): add a -V (version) option to sshd like the ssh client has.

* scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to
allow control over some SFTP protocol parameters: the copy buffer
length and the number of in-flight requests, both of which are used
during upload/download. Previously these could be controlled in
sftp(1) only. This makes them available in both SFTP protocol
clients using the same option character sequence.

* ssh-keyscan(1): allow scanning of complete CIDR address ranges,
e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then
it will be expanded to all possible addresses in the range
including the all-0s and all-1s addresses. bz#976

* ssh(1): support dynamic remote port forwarding in escape
command-line's -R processing. bz#3499

MFC after: 1 week
Sponsored by: The FreeBSD Foundation

ssh: update to OpenSSH v8.8p1

OpenSSH v8.8p1 was motivated primarily by a security update and
deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes.

The security update was already applied to FreeBSD as an independent
change, and the RSA/SHA1 deprecation is excluded from this commit but
will immediately follow.

MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

openssh: pass ssh context to BLACKLIST_NOTIFY

Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

openssh: cherry-pick OpenSSL 1.1.1 compatibility

Compatibility with existing OpenSSL versions is maintained.

Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Connect libressl-api-compat.c to the build, and regenerate config.h

Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444

Upgrade to OpenSSH 7.8p1.

Approved by: re (kib@)

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Refine and update blacklist support in sshd

Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.

Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.

Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.4p1.

Upgrade to OpenSSH 7.3p1.

Add refactored blacklist support to sshd

Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051

Revert r301551, which added blacklistd(8) to sshd(8).

This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

Add blacklist support to sshd

Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915

Upgrade to OpenSSH 7.2p2.

Upgrade to OpenSSH 6.9p1.

Upgrade to OpenSSH 6.5p1.

Upgrade to 6.3p1.

Approved by: re (gjb)

Remove the svn:keywords property and restore the historical $FreeBSD$ tag.

Approved by: re (kib)
MFC after: 3 weeks

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

These two files have no local patches except to prevent expansion of the
original $FreeBSD$ keywords. Revert those changes, and simply disable
keyword expansion.

Properly flatten openssh/dist.

Merge conflicts.

MFC after: 1 week

Vendor import of OpenSSH 4.4p1.

Merge conflicts.

Vendor import of OpenSSH 4.3p1.

Resolve conflicts.

Vendor import of OpenSSH 4.2p1.

Resolve conflicts.

Vendor import of OpenSSH 4.1p1.

Vendor import of OpenSSH 4.0p1.

Resolve conflicts

Vendor import of OpenSSH 3.9p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8.1p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8p1.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Vendor import of OpenSSH 3.7.1p2.

Remove RCSID from files which have no other diffs to the vendor branch.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.6.1p1.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.5p1.

Forcibly revert to mainline.

Vendor import of OpenSSH 3.3p1.

Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job.

Sponsored by: DARPA, NAI Labs

Fix conflicts.

Fix some of the handling in the pam module, don't unregister things
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.

Since PAM is broken, let pam_setcred() failure be non-fatal.

Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
(Missing Delta Brigade, tally-ho!)

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

ssh: update to OpenSSH v8.8p1

OpenSSH v8.8p1 was motivated primarily by a security update and
deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes.

The security update was already applied to FreeBSD as an independent
change, and the RSA/SHA1 deprecation is excluded from this commit but
will immediately follow.

MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

openssh: pass ssh context to BLACKLIST_NOTIFY

Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

openssh: cherry-pick OpenSSL 1.1.1 compatibility

Compatibility with existing OpenSSL versions is maintained.

Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Connect libressl-api-compat.c to the build, and regenerate config.h

Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444

Upgrade to OpenSSH 7.8p1.

Approved by: re (kib@)

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Refine and update blacklist support in sshd

Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.

Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.

Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.4p1.

Upgrade to OpenSSH 7.3p1.

Add refactored blacklist support to sshd

Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051

Revert r301551, which added blacklistd(8) to sshd(8).

This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

Add blacklist support to sshd

Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915

Upgrade to OpenSSH 7.2p2.

Upgrade to OpenSSH 6.9p1.

Upgrade to OpenSSH 6.5p1.

Upgrade to 6.3p1.

Approved by: re (gjb)

Remove the svn:keywords property and restore the historical $FreeBSD$ tag.

Approved by: re (kib)
MFC after: 3 weeks

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

These two files have no local patches except to prevent expansion of the
original $FreeBSD$ keywords. Revert those changes, and simply disable
keyword expansion.

Properly flatten openssh/dist.

Merge conflicts.

MFC after: 1 week

Vendor import of OpenSSH 4.4p1.

Merge conflicts.

Vendor import of OpenSSH 4.3p1.

Resolve conflicts.

Vendor import of OpenSSH 4.2p1.

Resolve conflicts.

Vendor import of OpenSSH 4.1p1.

Vendor import of OpenSSH 4.0p1.

Resolve conflicts

Vendor import of OpenSSH 3.9p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8.1p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8p1.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Vendor import of OpenSSH 3.7.1p2.

Remove RCSID from files which have no other diffs to the vendor branch.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.6.1p1.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.5p1.

Forcibly revert to mainline.

Vendor import of OpenSSH 3.3p1.

Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job.

Sponsored by: DARPA, NAI Labs

Fix conflicts.

Fix some of the handling in the pam module, don't unregister things
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.

Since PAM is broken, let pam_setcred() failure be non-fatal.

Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
(Missing Delta Brigade, tally-ho!)

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

openssh: pass ssh context to BLACKLIST_NOTIFY

Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

openssh: cherry-pick OpenSSL 1.1.1 compatibility

Compatibility with existing OpenSSL versions is maintained.

Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Connect libressl-api-compat.c to the build, and regenerate config.h

Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444

Upgrade to OpenSSH 7.8p1.

Approved by: re (kib@)

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Refine and update blacklist support in sshd

Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.

Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.

Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.4p1.

Upgrade to OpenSSH 7.3p1.

Add refactored blacklist support to sshd

Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051

Revert r301551, which added blacklistd(8) to sshd(8).

This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

Add blacklist support to sshd

Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915

Upgrade to OpenSSH 7.2p2.

Upgrade to OpenSSH 6.9p1.

Upgrade to OpenSSH 6.5p1.

Upgrade to 6.3p1.

Approved by: re (gjb)

Remove the svn:keywords property and restore the historical $FreeBSD$ tag.

Approved by: re (kib)
MFC after: 3 weeks

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

These two files have no local patches except to prevent expansion of the
original $FreeBSD$ keywords. Revert those changes, and simply disable
keyword expansion.

Properly flatten openssh/dist.

Merge conflicts.

MFC after: 1 week

Vendor import of OpenSSH 4.4p1.

Merge conflicts.

Vendor import of OpenSSH 4.3p1.

Resolve conflicts.

Vendor import of OpenSSH 4.2p1.

Resolve conflicts.

Vendor import of OpenSSH 4.1p1.

Vendor import of OpenSSH 4.0p1.

Resolve conflicts

Vendor import of OpenSSH 3.9p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8.1p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8p1.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Vendor import of OpenSSH 3.7.1p2.

Remove RCSID from files which have no other diffs to the vendor branch.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.6.1p1.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.5p1.

Forcibly revert to mainline.

Vendor import of OpenSSH 3.3p1.

Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job.

Sponsored by: DARPA, NAI Labs

Fix conflicts.

Fix some of the handling in the pam module, don't unregister things
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.

Since PAM is broken, let pam_setcred() failure be non-fatal.

Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
(Missing Delta Brigade, tally-ho!)

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

openssh: cherry-pick OpenSSL 1.1.1 compatibility

Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Sponsored by: The FreeBSD Foundation

Refine and update blacklist support in sshd

Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.

Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.

Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation

Add refactored blacklist support to sshd

Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051

Revert r301551, which added blacklistd(8) to sshd(8).

This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

Add blacklist support to sshd

Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915

Remove the svn:keywords property and restore the historical $FreeBSD$ tag.

Approved by: re (kib)
MFC after: 3 weeks

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

MFH OpenSSH 5.4p1

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

- Import the HEAD csup code which is the basis for the cvsmode work.

These two files have no local patches except to prevent expansion of the
original $FreeBSD$ keywords. Revert those changes, and simply disable
keyword expansion.

Merge conflicts.

MFC after: 1 week

Vendor import of OpenSSH 4.4p1.

Merge conflicts.

Vendor import of OpenSSH 4.3p1.

Resolve conflicts.

Vendor import of OpenSSH 4.2p1.

Resolve conflicts.

Vendor import of OpenSSH 4.1p1.

Vendor import of OpenSSH 4.0p1.

Resolve conflicts

Vendor import of OpenSSH 3.9p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8.1p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8p1.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Vendor import of OpenSSH 3.7.1p2.

Remove RCSID from files which have no other diffs to the vendor branch.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.6.1p1.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.5p1.

Forcibly revert to mainline.

Vendor import of OpenSSH 3.3p1.

Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job.

Sponsored by: DARPA, NAI Labs

Fix conflicts.

Fix some of the handling in the pam module, don't unregister things
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.

Since PAM is broken, let pam_setcred() failure be non-fatal.

Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
(Missing Delta Brigade, tally-ho!)

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>