ssh: Update to OpenSSH 9.6p1

From the release notes,

> This release contains a number of security fixes, some small features
> and bugfixes.

The most significant change in 9.6p1 is a set of fixes for a newly-
discovered weakness in the SSH transport protocol. The fix was already
merged into FreeBSD and released as FreeBSD-SA-23:19.openssh.

Full release notes at https://www.openssh.com/txt/release-9.6

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

ssh: Update to OpenSSH 9.5p1

Excerpts from the release notes:

Potentially incompatible changes
--------------------------------

* ssh-keygen(1): generate Ed25519 keys by default.
[NOTE: This change was already merged into FreeBSD.]

* sshd(8): the Subsystem directive now accurately preserves quoting of
subsystem commands and arguments.

New features
------------

* ssh(1): add keystroke timing obfuscation to the client.

* ssh(1), sshd(8): Introduce a transport-level ping facility.

* sshd(8): allow override of Sybsystem directives in sshd Match blocks.

Full release notes at https://www.openssh.com/txt/release-9.5

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

ssh: Update to OpenSSH 9.3p1

This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):

This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.

* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.

The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.

Sponsored by: The FreeBSD Foundation

ssh: drop $FreeBSD$ from crypto/openssh

After we moved to git $FreeBSD$ is no longer expanded and serves no
purpose. Remove them from OpenSSH to reduce diffs against upstream.

Sponsored by: The FreeBSD Foundation

ssh: update to OpenSSH v8.9p1

Release notes are available at https://www.openssh.com/txt/release-8.9

Some highlights:

* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)

* ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.

* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

openssh: pass ssh context to BLACKLIST_NOTIFY

Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

openssh: remove login class restrictions leftovers

MFC after: 2 weeks
Fixes: 27ceebbc2402 ("openssh: simplify login class...")
Sponsored by: The FreeBSD Foundation

openssh: diff reduction against upstream 7.9p1

Clean up whitespace and nonfunctional differences, and unused functions.

openssh: simplify login class restrictions

Login class-based restrictions were introduced in 5b400a39b8ad. The
code was adapted for sshd's Capsicum sandbox and received many changes
over time, including at least fc3c19a9fcee, bd393de91cc3, and
e8c56fba2926.

During an attempt to upstream the work a much simpler approach was
suggested. Adopt it now in the in-tree OpenSSH to reduce conflicts with
future updates.

Submitted by: Yuchiro Naito (against OpenSSH-portable on GitHub)
Obtained from: https://github.com/openssh/openssh-portable/pull/262
Reviewed by: allanjude, kevans
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D31760

Don't log normal login_getpwclass(3) result.

The logging was introduced in r314527 but doesn't appear to be useful
for regular operation, and as the result, for users with no class set
(very common) the administrator would see a message like this in their
auth.log:

sshd[44251]: user root login class [preauth]

(note that the class was "" because that's what's typically configured
for most users; we would get 'default' if lc->lc_class is chosen)

Remove this log as it can be annoying as the lookup happen before
authentication and repeats, and our code is not acting upon lc_class
or pw_class directly anyways.

Reviewed by: cem, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24997

sshd: address capsicum issues

* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
timezone file.
* Reverse resolve hostname before entering capability mode.

PR: 231172
Submitted by: naito.yuichiro@gmail.com
Reviewed by: cem, des
Approved by: re (rgrimes)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D17128

openssh: cherry-pick OpenSSL 1.1.1 compatibility

Compatibility with existing OpenSSL versions is maintained.

Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Connect libressl-api-compat.c to the build, and regenerate config.h

Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444

Upgrade to OpenSSH 7.8p1.

Approved by: re (kib@)

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Refine and update blacklist support in sshd

Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.

Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.

Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.3p1.

Add refactored blacklist support to sshd

Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051

Revert r301551, which added blacklistd(8) to sshd(8).

This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

Add blacklist support to sshd

Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915

Upgrade to OpenSSH 6.8p1.

Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after: 1 week

Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").

Upgrade to OpenSSH 6.6p1.

Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.

Add a post-merge script which reapplies these changes.

Run both scripts to normalize the existing code base. As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.

Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.

Upgrade to 6.3p1.

Approved by: re (gjb)

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

Upgrade OpenSSH to 6.1p1.

Polish diff against upstream.

- Revert unneeded whitespace changes.
- Revert modifications to loginrec.c, as the upstream version already
does the right thing.
- Fix indentation and whitespace of local changes.

Approved by: des
MFC after: 1 month

Upgrade to OpenSSH 5.9p1.

MFC after: 3 months

Upgrade to OpenSSH 5.8p2.

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

Properly flatten openssh/dist.

Merge conflicts.

MFC after: 1 week

Vendor import of OpenSSH 4.4p1.

Merge conflicts.

Vendor import of OpenSSH 4.3p1.

Resolve conflicts.

Vendor import of OpenSSH 4.2p1.

Resolve conflicts.

Vendor import of OpenSSH 4.0p1.

Resolve conflicts

Vendor import of OpenSSH 3.9p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8.1p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8p1.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Vendor import of OpenSSH 3.7.1p2.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.6.1p1.

Add a missing #include "canohost.h".

Resolve conflicts.

Vendor import of OpenSSH-portable 3.5p1.

Apply class-imposed login restrictions.

Sponsored by: DARPA, NAI Labs

Forcibly revert to mainline.

Vendor import of OpenSSH 3.3p1.

Resolve conflicts. Known issues:

- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by: DARPA, NAI Labs

Vendor import of OpenSSH 3.3.

Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation. Reduces diffs to OpenSSH.)

Reviewed by: bde

Fix conflicts.

Vendor import of OpenSSH 3.1

Diff reduction.

Sponsored by: DARPA, NAI Labs

Fix conflicts for OpenSSH 2.9.

Say "hi" to the latest in the OpenSSH series, version 2.9!

Happy birthday to: rwatson

Don't dump core when an attempt is made to login using protocol 2 with
an invalid user name.

Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR: misc/20504

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

Import of OpenSSH 2.3.0 (virgin OpenBSD source release).

Add login_cap and login_access support. Previously, these FreeBSD-local
checks were only made when using the 1.x protocol.

Resolve conflicts and update for OpenSSH 2.2.0

Reviewed by: gshapiro, peter, green

Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09

So /this/ is what has made OpenSSH's SSHv2 support never work right!
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.

Resolve conflicts and update for FreeBSD.

Initial import of OpenSSH v2.1.

ssh: Update to OpenSSH 9.5p1

Excerpts from the release notes:

Potentially incompatible changes
--------------------------------

* ssh-keygen(1): generate Ed25519 keys by default.
[NOTE: This change was already merged into FreeBSD.]

* sshd(8): the Subsystem directive now accurately preserves quoting of
subsystem commands and arguments.

New features
------------

* ssh(1): add keystroke timing obfuscation to the client.

* ssh(1), sshd(8): Introduce a transport-level ping facility.

* sshd(8): allow override of Sybsystem directives in sshd Match blocks.

Full release notes at https://www.openssh.com/txt/release-9.5

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

ssh: Update to OpenSSH 9.3p1

This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):

This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.

* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.

The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.

Sponsored by: The FreeBSD Foundation

ssh: drop $FreeBSD$ from crypto/openssh

After we moved to git $FreeBSD$ is no longer expanded and serves no
purpose. Remove them from OpenSSH to reduce diffs against upstream.

Sponsored by: The FreeBSD Foundation

ssh: update to OpenSSH v8.9p1

Release notes are available at https://www.openssh.com/txt/release-8.9

Some highlights:

* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)

* ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.

* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

openssh: pass ssh context to BLACKLIST_NOTIFY

Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

openssh: remove login class restrictions leftovers

MFC after: 2 weeks
Fixes: 27ceebbc2402 ("openssh: simplify login class...")
Sponsored by: The FreeBSD Foundation

openssh: diff reduction against upstream 7.9p1

Clean up whitespace and nonfunctional differences, and unused functions.

openssh: simplify login class restrictions

Login class-based restrictions were introduced in 5b400a39b8ad. The
code was adapted for sshd's Capsicum sandbox and received many changes
over time, including at least fc3c19a9fcee, bd393de91cc3, and
e8c56fba2926.

During an attempt to upstream the work a much simpler approach was
suggested. Adopt it now in the in-tree OpenSSH to reduce conflicts with
future updates.

Submitted by: Yuchiro Naito (against OpenSSH-portable on GitHub)
Obtained from: https://github.com/openssh/openssh-portable/pull/262
Reviewed by: allanjude, kevans
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D31760

Don't log normal login_getpwclass(3) result.

The logging was introduced in r314527 but doesn't appear to be useful
for regular operation, and as the result, for users with no class set
(very common) the administrator would see a message like this in their
auth.log:

sshd[44251]: user root login class [preauth]

(note that the class was "" because that's what's typically configured
for most users; we would get 'default' if lc->lc_class is chosen)

Remove this log as it can be annoying as the lookup happen before
authentication and repeats, and our code is not acting upon lc_class
or pw_class directly anyways.

Reviewed by: cem, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24997

sshd: address capsicum issues

* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
timezone file.
* Reverse resolve hostname before entering capability mode.

PR: 231172
Submitted by: naito.yuichiro@gmail.com
Reviewed by: cem, des
Approved by: re (rgrimes)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D17128

openssh: cherry-pick OpenSSL 1.1.1 compatibility

Compatibility with existing OpenSSL versions is maintained.

Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Connect libressl-api-compat.c to the build, and regenerate config.h

Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444

Upgrade to OpenSSH 7.8p1.

Approved by: re (kib@)

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Refine and update blacklist support in sshd

Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.

Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.

Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.3p1.

Add refactored blacklist support to sshd

Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051

Revert r301551, which added blacklistd(8) to sshd(8).

This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

Add blacklist support to sshd

Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915

Upgrade to OpenSSH 6.8p1.

Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after: 1 week

Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").

Upgrade to OpenSSH 6.6p1.

Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.

Add a post-merge script which reapplies these changes.

Run both scripts to normalize the existing code base. As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.

Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.

Upgrade to 6.3p1.

Approved by: re (gjb)

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

Upgrade OpenSSH to 6.1p1.

Polish diff against upstream.

- Revert unneeded whitespace changes.
- Revert modifications to loginrec.c, as the upstream version already
does the right thing.
- Fix indentation and whitespace of local changes.

Approved by: des
MFC after: 1 month

Upgrade to OpenSSH 5.9p1.

MFC after: 3 months

Upgrade to OpenSSH 5.8p2.

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

Properly flatten openssh/dist.

Merge conflicts.

MFC after: 1 week

Vendor import of OpenSSH 4.4p1.

Merge conflicts.

Vendor import of OpenSSH 4.3p1.

Resolve conflicts.

Vendor import of OpenSSH 4.2p1.

Resolve conflicts.

Vendor import of OpenSSH 4.0p1.

Resolve conflicts

Vendor import of OpenSSH 3.9p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8.1p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8p1.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Vendor import of OpenSSH 3.7.1p2.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.6.1p1.

Add a missing #include "canohost.h".

Resolve conflicts.

Vendor import of OpenSSH-portable 3.5p1.

Apply class-imposed login restrictions.

Sponsored by: DARPA, NAI Labs

Forcibly revert to mainline.

Vendor import of OpenSSH 3.3p1.

Resolve conflicts. Known issues:

- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by: DARPA, NAI Labs

Vendor import of OpenSSH 3.3.

Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation. Reduces diffs to OpenSSH.)

Reviewed by: bde

Fix conflicts.

Vendor import of OpenSSH 3.1

Diff reduction.

Sponsored by: DARPA, NAI Labs

Fix conflicts for OpenSSH 2.9.

Say "hi" to the latest in the OpenSSH series, version 2.9!

Happy birthday to: rwatson

Don't dump core when an attempt is made to login using protocol 2 with
an invalid user name.

Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR: misc/20504

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

Import of OpenSSH 2.3.0 (virgin OpenBSD source release).

Add login_cap and login_access support. Previously, these FreeBSD-local
checks were only made when using the 1.x protocol.

Resolve conflicts and update for OpenSSH 2.2.0

Reviewed by: gshapiro, peter, green

Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09

So /this/ is what has made OpenSSH's SSHv2 support never work right!
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.

Resolve conflicts and update for FreeBSD.

Initial import of OpenSSH v2.1.

ssh: Update to OpenSSH 9.3p1

This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):

This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.

* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.

The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.

Sponsored by: The FreeBSD Foundation

ssh: drop $FreeBSD$ from crypto/openssh

After we moved to git $FreeBSD$ is no longer expanded and serves no
purpose. Remove them from OpenSSH to reduce diffs against upstream.

Sponsored by: The FreeBSD Foundation

ssh: update to OpenSSH v8.9p1

Release notes are available at https://www.openssh.com/txt/release-8.9

Some highlights:

* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)

* ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.

* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

openssh: pass ssh context to BLACKLIST_NOTIFY

Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

openssh: remove login class restrictions leftovers

MFC after: 2 weeks
Fixes: 27ceebbc2402 ("openssh: simplify login class...")
Sponsored by: The FreeBSD Foundation

openssh: diff reduction against upstream 7.9p1

Clean up whitespace and nonfunctional differences, and unused functions.

openssh: simplify login class restrictions

Login class-based restrictions were introduced in 5b400a39b8ad. The
code was adapted for sshd's Capsicum sandbox and received many changes
over time, including at least fc3c19a9fcee, bd393de91cc3, and
e8c56fba2926.

During an attempt to upstream the work a much simpler approach was
suggested. Adopt it now in the in-tree OpenSSH to reduce conflicts with
future updates.

Submitted by: Yuchiro Naito (against OpenSSH-portable on GitHub)
Obtained from: https://github.com/openssh/openssh-portable/pull/262
Reviewed by: allanjude, kevans
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D31760

Don't log normal login_getpwclass(3) result.

The logging was introduced in r314527 but doesn't appear to be useful
for regular operation, and as the result, for users with no class set
(very common) the administrator would see a message like this in their
auth.log:

sshd[44251]: user root login class [preauth]

(note that the class was "" because that's what's typically configured
for most users; we would get 'default' if lc->lc_class is chosen)

Remove this log as it can be annoying as the lookup happen before
authentication and repeats, and our code is not acting upon lc_class
or pw_class directly anyways.

Reviewed by: cem, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24997

sshd: address capsicum issues

* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
timezone file.
* Reverse resolve hostname before entering capability mode.

PR: 231172
Submitted by: naito.yuichiro@gmail.com
Reviewed by: cem, des
Approved by: re (rgrimes)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D17128

openssh: cherry-pick OpenSSL 1.1.1 compatibility

Compatibility with existing OpenSSL versions is maintained.

Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Connect libressl-api-compat.c to the build, and regenerate config.h

Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444

Upgrade to OpenSSH 7.8p1.

Approved by: re (kib@)

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Refine and update blacklist support in sshd

Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.

Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.

Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.3p1.

Add refactored blacklist support to sshd

Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051

Revert r301551, which added blacklistd(8) to sshd(8).

This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

Add blacklist support to sshd

Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915

Upgrade to OpenSSH 6.8p1.

Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after: 1 week

Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").

Upgrade to OpenSSH 6.6p1.

Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.

Add a post-merge script which reapplies these changes.

Run both scripts to normalize the existing code base. As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.

Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.

Upgrade to 6.3p1.

Approved by: re (gjb)

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

Upgrade OpenSSH to 6.1p1.

Polish diff against upstream.

- Revert unneeded whitespace changes.
- Revert modifications to loginrec.c, as the upstream version already
does the right thing.
- Fix indentation and whitespace of local changes.

Approved by: des
MFC after: 1 month

Upgrade to OpenSSH 5.9p1.

MFC after: 3 months

Upgrade to OpenSSH 5.8p2.

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

Properly flatten openssh/dist.

Merge conflicts.

MFC after: 1 week

Vendor import of OpenSSH 4.4p1.

Merge conflicts.

Vendor import of OpenSSH 4.3p1.

Resolve conflicts.

Vendor import of OpenSSH 4.2p1.

Resolve conflicts.

Vendor import of OpenSSH 4.0p1.

Resolve conflicts

Vendor import of OpenSSH 3.9p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8.1p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8p1.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Vendor import of OpenSSH 3.7.1p2.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.6.1p1.

Add a missing #include "canohost.h".

Resolve conflicts.

Vendor import of OpenSSH-portable 3.5p1.

Apply class-imposed login restrictions.

Sponsored by: DARPA, NAI Labs

Forcibly revert to mainline.

Vendor import of OpenSSH 3.3p1.

Resolve conflicts. Known issues:

- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by: DARPA, NAI Labs

Vendor import of OpenSSH 3.3.

Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation. Reduces diffs to OpenSSH.)

Reviewed by: bde

Fix conflicts.

Vendor import of OpenSSH 3.1

Diff reduction.

Sponsored by: DARPA, NAI Labs

Fix conflicts for OpenSSH 2.9.

Say "hi" to the latest in the OpenSSH series, version 2.9!

Happy birthday to: rwatson

Don't dump core when an attempt is made to login using protocol 2 with
an invalid user name.

Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR: misc/20504

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

Import of OpenSSH 2.3.0 (virgin OpenBSD source release).

Add login_cap and login_access support. Previously, these FreeBSD-local
checks were only made when using the 1.x protocol.

Resolve conflicts and update for OpenSSH 2.2.0

Reviewed by: gshapiro, peter, green

Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09

So /this/ is what has made OpenSSH's SSHv2 support never work right!
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.

Resolve conflicts and update for FreeBSD.

Initial import of OpenSSH v2.1.

ssh: drop $FreeBSD$ from crypto/openssh

After we moved to git $FreeBSD$ is no longer expanded and serves no
purpose. Remove them from OpenSSH to reduce diffs against upstream.

Sponsored by: The FreeBSD Foundation

ssh: update to OpenSSH v8.9p1

Release notes are available at https://www.openssh.com/txt/release-8.9

Some highlights:

* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)

* ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.

* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

openssh: pass ssh context to BLACKLIST_NOTIFY

Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

openssh: remove login class restrictions leftovers

MFC after: 2 weeks
Fixes: 27ceebbc2402 ("openssh: simplify login class...")
Sponsored by: The FreeBSD Foundation

openssh: diff reduction against upstream 7.9p1

Clean up whitespace and nonfunctional differences, and unused functions.

openssh: simplify login class restrictions

Login class-based restrictions were introduced in 5b400a39b8ad. The
code was adapted for sshd's Capsicum sandbox and received many changes
over time, including at least fc3c19a9fcee, bd393de91cc3, and
e8c56fba2926.

During an attempt to upstream the work a much simpler approach was
suggested. Adopt it now in the in-tree OpenSSH to reduce conflicts with
future updates.

Submitted by: Yuchiro Naito (against OpenSSH-portable on GitHub)
Obtained from: https://github.com/openssh/openssh-portable/pull/262
Reviewed by: allanjude, kevans
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D31760

Don't log normal login_getpwclass(3) result.

The logging was introduced in r314527 but doesn't appear to be useful
for regular operation, and as the result, for users with no class set
(very common) the administrator would see a message like this in their
auth.log:

sshd[44251]: user root login class [preauth]

(note that the class was "" because that's what's typically configured
for most users; we would get 'default' if lc->lc_class is chosen)

Remove this log as it can be annoying as the lookup happen before
authentication and repeats, and our code is not acting upon lc_class
or pw_class directly anyways.

Reviewed by: cem, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24997

sshd: address capsicum issues

* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
timezone file.
* Reverse resolve hostname before entering capability mode.

PR: 231172
Submitted by: naito.yuichiro@gmail.com
Reviewed by: cem, des
Approved by: re (rgrimes)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D17128

openssh: cherry-pick OpenSSL 1.1.1 compatibility

Compatibility with existing OpenSSL versions is maintained.

Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Connect libressl-api-compat.c to the build, and regenerate config.h

Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444

Upgrade to OpenSSH 7.8p1.

Approved by: re (kib@)

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Refine and update blacklist support in sshd

Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.

Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.

Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.3p1.

Add refactored blacklist support to sshd

Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051

Revert r301551, which added blacklistd(8) to sshd(8).

This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

Add blacklist support to sshd

Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915

Upgrade to OpenSSH 6.8p1.

Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after: 1 week

Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").

Upgrade to OpenSSH 6.6p1.

Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.

Add a post-merge script which reapplies these changes.

Run both scripts to normalize the existing code base. As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.

Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.

Upgrade to 6.3p1.

Approved by: re (gjb)

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

Upgrade OpenSSH to 6.1p1.

Polish diff against upstream.

- Revert unneeded whitespace changes.
- Revert modifications to loginrec.c, as the upstream version already
does the right thing.
- Fix indentation and whitespace of local changes.

Approved by: des
MFC after: 1 month

Upgrade to OpenSSH 5.9p1.

MFC after: 3 months

Upgrade to OpenSSH 5.8p2.

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

Properly flatten openssh/dist.

Merge conflicts.

MFC after: 1 week

Vendor import of OpenSSH 4.4p1.

Merge conflicts.

Vendor import of OpenSSH 4.3p1.

Resolve conflicts.

Vendor import of OpenSSH 4.2p1.

Resolve conflicts.

Vendor import of OpenSSH 4.0p1.

Resolve conflicts

Vendor import of OpenSSH 3.9p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8.1p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8p1.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Vendor import of OpenSSH 3.7.1p2.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.6.1p1.

Add a missing #include "canohost.h".

Resolve conflicts.

Vendor import of OpenSSH-portable 3.5p1.

Apply class-imposed login restrictions.

Sponsored by: DARPA, NAI Labs

Forcibly revert to mainline.

Vendor import of OpenSSH 3.3p1.

Resolve conflicts. Known issues:

- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by: DARPA, NAI Labs

Vendor import of OpenSSH 3.3.

Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation. Reduces diffs to OpenSSH.)

Reviewed by: bde

Fix conflicts.

Vendor import of OpenSSH 3.1

Diff reduction.

Sponsored by: DARPA, NAI Labs

Fix conflicts for OpenSSH 2.9.

Say "hi" to the latest in the OpenSSH series, version 2.9!

Happy birthday to: rwatson

Don't dump core when an attempt is made to login using protocol 2 with
an invalid user name.

Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR: misc/20504

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

Import of OpenSSH 2.3.0 (virgin OpenBSD source release).

Add login_cap and login_access support. Previously, these FreeBSD-local
checks were only made when using the 1.x protocol.

Resolve conflicts and update for OpenSSH 2.2.0

Reviewed by: gshapiro, peter, green

Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09

So /this/ is what has made OpenSSH's SSHv2 support never work right!
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.

Resolve conflicts and update for FreeBSD.

Initial import of OpenSSH v2.1.

openssh: pass ssh context to BLACKLIST_NOTIFY

Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

openssh: remove login class restrictions leftovers

MFC after: 2 weeks
Fixes: 27ceebbc2402 ("openssh: simplify login class...")
Sponsored by: The FreeBSD Foundation

openssh: diff reduction against upstream 7.9p1

Clean up whitespace and nonfunctional differences, and unused functions.

openssh: simplify login class restrictions

Login class-based restrictions were introduced in 5b400a39b8ad. The
code was adapted for sshd's Capsicum sandbox and received many changes
over time, including at least fc3c19a9fcee, bd393de91cc3, and
e8c56fba2926.

During an attempt to upstream the work a much simpler approach was
suggested. Adopt it now in the in-tree OpenSSH to reduce conflicts with
future updates.

Submitted by: Yuchiro Naito (against OpenSSH-portable on GitHub)
Obtained from: https://github.com/openssh/openssh-portable/pull/262
Reviewed by: allanjude, kevans
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D31760

Don't log normal login_getpwclass(3) result.

The logging was introduced in r314527 but doesn't appear to be useful
for regular operation, and as the result, for users with no class set
(very common) the administrator would see a message like this in their
auth.log:

sshd[44251]: user root login class [preauth]

(note that the class was "" because that's what's typically configured
for most users; we would get 'default' if lc->lc_class is chosen)

Remove this log as it can be annoying as the lookup happen before
authentication and repeats, and our code is not acting upon lc_class
or pw_class directly anyways.

Reviewed by: cem, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24997

sshd: address capsicum issues

* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
timezone file.
* Reverse resolve hostname before entering capability mode.

PR: 231172
Submitted by: naito.yuichiro@gmail.com
Reviewed by: cem, des
Approved by: re (rgrimes)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D17128

openssh: cherry-pick OpenSSL 1.1.1 compatibility

Compatibility with existing OpenSSL versions is maintained.

Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Connect libressl-api-compat.c to the build, and regenerate config.h

Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444

Upgrade to OpenSSH 7.8p1.

Approved by: re (kib@)

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Refine and update blacklist support in sshd

Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.

Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.

Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.3p1.

Add refactored blacklist support to sshd

Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051

Revert r301551, which added blacklistd(8) to sshd(8).

This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

Add blacklist support to sshd

Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915

Upgrade to OpenSSH 6.8p1.

Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after: 1 week

Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").

Upgrade to OpenSSH 6.6p1.

Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.

Add a post-merge script which reapplies these changes.

Run both scripts to normalize the existing code base. As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.

Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.

Upgrade to 6.3p1.

Approved by: re (gjb)

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

Upgrade OpenSSH to 6.1p1.

Polish diff against upstream.

- Revert unneeded whitespace changes.
- Revert modifications to loginrec.c, as the upstream version already
does the right thing.
- Fix indentation and whitespace of local changes.

Approved by: des
MFC after: 1 month

Upgrade to OpenSSH 5.9p1.

MFC after: 3 months

Upgrade to OpenSSH 5.8p2.

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

Properly flatten openssh/dist.

Merge conflicts.

MFC after: 1 week

Vendor import of OpenSSH 4.4p1.

Merge conflicts.

Vendor import of OpenSSH 4.3p1.

Resolve conflicts.

Vendor import of OpenSSH 4.2p1.

Resolve conflicts.

Vendor import of OpenSSH 4.0p1.

Resolve conflicts

Vendor import of OpenSSH 3.9p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8.1p1.

Resolve conflicts.

Vendor import of OpenSSH 3.8p1.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Vendor import of OpenSSH 3.7.1p2.

Resolve conflicts.

Vendor import of OpenSSH-portable 3.6.1p1.

Add a missing #include "canohost.h".

Resolve conflicts.

Vendor import of OpenSSH-portable 3.5p1.

Apply class-imposed login restrictions.

Sponsored by: DARPA, NAI Labs

Forcibly revert to mainline.

Vendor import of OpenSSH 3.3p1.

Resolve conflicts. Known issues:

- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by: DARPA, NAI Labs

Vendor import of OpenSSH 3.3.

Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation. Reduces diffs to OpenSSH.)

Reviewed by: bde

Fix conflicts.

Vendor import of OpenSSH 3.1

Diff reduction.

Sponsored by: DARPA, NAI Labs

Fix conflicts for OpenSSH 2.9.

Say "hi" to the latest in the OpenSSH series, version 2.9!

Happy birthday to: rwatson

Don't dump core when an attempt is made to login using protocol 2 with
an invalid user name.

Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR: misc/20504

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

Import of OpenSSH 2.3.0 (virgin OpenBSD source release).

Add login_cap and login_access support. Previously, these FreeBSD-local
checks were only made when using the 1.x protocol.

Resolve conflicts and update for OpenSSH 2.2.0

Reviewed by: gshapiro, peter, green

Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09

So /this/ is what has made OpenSSH's SSHv2 support never work right!
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.

Resolve conflicts and update for FreeBSD.

Initial import of OpenSSH v2.1.

openssh: remove login class restrictions leftovers

MFC after: 2 weeks
Fixes: 27ceebbc2402 ("openssh: simplify login class...")
Sponsored by: The FreeBSD Foundation

openssh: diff reduction against upstream 7.9p1

Clean up whitespace and nonfunctional differences, and unused functions.

openssh: simplify login class restrictions

Login class-based restrictions were introduced in 5b400a39b8ad. The
code was adapted for sshd's Capsicum sandbox and received many changes
over time, including at least fc3c19a9fcee, bd393de91cc3, and
e8c56fba2926.

During an attempt to upstream the work a much simpler approach was
suggested. Adopt it now in the in-tree OpenSSH to reduce conflicts with
future updates.

Submitted by: Yuchiro Naito (against OpenSSH-portable on GitHub)
Obtained from: https://github.com/openssh/openssh-portable/pull/262
Reviewed by: allanjude, kevans
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D31760

Don't log normal login_getpwclass(3) result.

The logging was introduced in r314527 but doesn't appear to be useful
for regular operation, and as the result, for users with no class set
(very common) the administrator would see a message like this in their
auth.log:

sshd[44251]: user root login class [preauth]

(note that the class was "" because that's what's typically configured
for most users; we would get 'default' if lc->lc_class is chosen)

Remove this log as it can be annoying as the lookup happen before
authentication and repeats, and our code is not acting upon lc_class
or pw_class directly anyways.

Reviewed by: cem, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24997