-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/ssh: HostKeyCallback fails for servers with multiple keys #11722
Comments
I'm not sure this this a bug. If you only want to accept an RSA key you can set Config.KeyExchanges to ssh.KeyAlgoRSA. Otherwise the default is used which includes all supported key/cert types (common.go +/supportedHostKeys). |
Config.KeyExchanges controls the algorithm for the ephemeral key (ie. what Diffie Hellman flavor is used), and @kankowski is right that this is a bug. I rather like the current callback based approach for checking the hostkey. I think the simplest and most flexible solution is to introduce a ClientConfig.HostKeyAlgorithms field. If you have a .known_hosts file, you could read it and populate the field based on that. |
CL https://golang.org/cl/12907 mentions this issue. |
go.crypto: initial code Manual edits to README. Moved from main Go repository, deleted Makefiles, ran gofix -r go1rename. Tested with: go test code.google.com/p/go.crypto/... R=golang-dev, bradfitz CC=golang-dev https://golang.org/cl/5564059 go.crypto/ssh: add User to ServerConn and pass *ServerConn to callbacks. R=golang-dev, dave, agl CC=golang-dev https://golang.org/cl/5577070 ssh: fix locking in channel.Write Since a lock is retaken before sync.Cond.Wait returns, this could deadlock when the for loop attempts to take the lock again. (Reported by sanjay.m.) theirWindow was used outside of the lock, therefore concurrent writers could overrun the window. theirWindow was never updated to reflect the data written. R=dave, balasanjay CC=golang-dev https://golang.org/cl/5671084 go.crypto/ssh: add Stderr() in Channel interface. Adds support for piping Stderr to the client. R=golang-dev, dave, agl CC=golang-dev https://golang.org/cl/5674081 ssh: use *rsa.PublicKey or *dsa.PublicKey in interfaces. Everywhere else in the code base, when we have an interface{} which is a stand in for a public key, we use *foo.PublicKey rather than foo.PublicKey. This change makes ssh reflect that. R=dave, r CC=golang-dev https://golang.org/cl/5686067 go.crypto/ssh: add client support for OpenSSH certificates Refactor key parsing, marshaling, and serialization to be a bit more flexible R=agl, dave, djm CC=golang-dev https://golang.org/cl/5650067 go.crypto/ssh: improve support for MAC algorithms Also, add support for hmac-sha1. At the suggestion of AGL hmac-md5, and hmac-md5-96 support was not included. Fixes golang/go#3095. R=golang-dev, agl, huin CC=golang-dev https://golang.org/cl/5696065 go.crypto/ssh: Initial checkin of ssh agent support. R=agl, dave, djm CC=golang-dev https://golang.org/cl/5695081 go.crypto/ssh: add benchmarks for marshal and unmarshal R=agl CC=golang-dev https://golang.org/cl/5730045 go.crypto/ssh: improve marshal performance Atom N450, 6g benchmark old ns/op new ns/op delta BenchmarkMarshalKexInitMsg 96446 66675 -30.87% BenchmarkUnmarshalKexInitMsg 155341 142715 -8.13% BenchmarkMarshalKexDHInitMsg 9499 8340 -12.20% BenchmarkUnmarshalKexDHInitMsg 4973 5145 +3.46% Intel E3-1270, 6g benchmark old ns/op new ns/op delta BenchmarkMarshalKexInitMsg 23218 16903 -27.20% BenchmarkUnmarshalKexInitMsg 31384 31640 +0.82% BenchmarkMarshalKexDHInitMsg 1943 1661 -14.51% BenchmarkUnmarshalKexDHInitMsg 915 941 +2.84% R=agl, minux.ma, remyoudompheng CC=golang-dev https://golang.org/cl/5728053 go.crypto/ssh: add support for diffie-hellman-group1-sha1. Fixes golang/go#2903. R=golang-dev CC=agl, golang-dev https://golang.org/cl/5755054 go.crypto/ssh: respect adjust window msg on server. R=golang-dev CC=agl, golang-dev https://golang.org/cl/5908048 go.crypto/ssh: fix example in documentation R=golang-dev, dave CC=golang-dev https://golang.org/cl/5905048 go.crypto: add exp/terminal as code.google.com/p/go.crypto/ssh/terminal. This removes the sole "exp/foo" import in the Go subrepos. A separate CL will remove exp/terminal from the standard Go repository. R=golang-dev, dave, r CC=golang-dev https://golang.org/cl/5966045 go.crypto/ssh: improve error message when no authentication methods remain R=golang-dev CC=golang-dev https://golang.org/cl/5960044 go.crypto/ssh: replace window channel with an atomic variable and condition Fixes golang/go#3479. Using a channel to model window size was a mistake. Unlike stdin and stdout, which are streams of data, window size is an variable and should be modeled as such. R=golang-dev, agl, gustav.paul, kardianos, dvyukov CC=golang-dev https://golang.org/cl/5986053 crypto/ssh: fix several logic errors. These are the obvious mistakes from my read through. I'll save the more cosmetic changes for a later CL. R=dave, kardianos CC=golang-dev https://golang.org/cl/6049050 go.crypt/ssh: Add additional test for server. R=golang-dev, agl CC=golang-dev https://golang.org/cl/6075046 ssh: cosmetic cleanups These are the cosmetic cleanups from the bits of code that I rereviewed. 1) stringLength now takes a int; the length of the string. Too many callers were allocating with stringLength([]byte(s)) and stringLength only needs to call len(). 2) agent.go now has sendAndReceive to remove logic that was duplicated. 3) We now reject negative DH values 4) We now reject empty packets rather than crashing. R=dave, jonathan.mark.pittman CC=golang-dev https://golang.org/cl/6061052 go.crypto/ssh: server_test should bind to localhost only Hopefully fix build error under windows. Binding to the wildcard is poor form for our darwin users as it triggers the firewall popup. Dialing the wildcard looks like it's implementation specific as well. R=agl, kardianos CC=golang-dev https://golang.org/cl/6104046 ssh: handle bad servers better. This change prevents bad servers from crashing a client by sending an invalid channel ID. It also makes the client disconnect in more cases of invalid messages from a server and cleans up the client channels in the event of a disconnect. R=dave CC=golang-dev https://golang.org/cl/6099050 go.crypto/ssh: add support for remote tcpip forwarding Add support for server (remote) forwarded tcpip channels. See RFC4254 Section 7.1 R=gustav.paul, jeff, agl, lieqiewang CC=golang-dev https://golang.org/cl/6038047 ssh: fix deadlock The code was taking locks in the wrong order. Fixes golang/go#3570. R=fullung CC=golang-dev https://golang.org/cl/6123058 go.crypto/ssh: prevent concurrent reads and concurrent writes over the same agent connection minor fix for v01 cert parsing when algo is not supported R=golang-dev, agl, dave CC=golang-dev https://golang.org/cl/6116052 ssh: fix flaky TestInvalidServerMessage When shutting down the test, we sometimes see EOF on the server's side of the connection and sometimes ECONNRESET. In the latter case, based on timing, it was possible that the server loop would hit Errorf during shutdown and cause the test to fail. R=dave CC=golang-dev https://golang.org/cl/6125047 go.crypto/ssh: add support for client side global requests * Add support for RFC4254 section 4 global requests. * Improve clientConn.Listen to process responses properly. R=agl, gustav.paul CC=golang-dev https://golang.org/cl/6130050 go.crypto/ssh: hide private forwardList methods This was my mistake. I should have checked godoc before submitting the previous CL. R=agl CC=golang-dev https://golang.org/cl/6140051 go.crypto/ssh: struct renaming This CL is in preparation for 6128059. * rename channel -> serverChan * rename chanlist -> chanList * normalise theirId/MyId/id/peersId -> localId/remoteId R=agl CC=golang-dev https://golang.org/cl/6174046 go.crypto/ssh: move common channel methods into an embedded struct This CL introduces a new struct, channel to hold common shared functions. * add a new channel struct, which is embeded in {client,server}Chan. * move common methods from {client,server}Chan into channel. * remove unneeded used of serverConn.lock in serverChan (transport.writePacket has its own mutex). * remove filteredConn, introduce conn. R=agl, gustav.paul CC=golang-dev https://golang.org/cl/6128059 go.crypto/ssh: make {client,server}Chan use common window management R=agl, gustav.paul, kardianos CC=golang-dev https://golang.org/cl/6208043 go.crypto/ssh: introduce a circular buffer for chanReader R=agl, gustav.paul, kardianos CC=golang-dev https://golang.org/cl/6207051 go.crypto/ssh: fix panic unmarshalling channelOpenFailureMsg I introduced this problem in change set 33 when I redefined RejectionReason from a uint32 to an int. I have added a test to verify the message can be marshaled correctly. This was a bit hard to track down as the recover in clientConn mainLoop would catch the panic and shutdown the connection. We probably shouldn't be using panic inside marshal/unmarshal, at least not without a way to let the user know why the recover logic tripped. R=agl, kardianos, gustav.paul CC=golang-dev https://golang.org/cl/6210063 go.crypto/ssh: allow zero sized window adjustments The RFC doesn't prohibit zero sized window adjustments and there is evidence of well known clients using them in the wild. R=agl, kardianos, gustav.paul CC=golang-dev https://golang.org/cl/6209082 go.crypto/ssh: allow server to respond to client init key exchange. A windows SSH client, PuTTY, by default re-keys after every 60 minutes or 1G of data transfer. R=dave, agl CC=golang-dev https://golang.org/cl/6301071 ssh: added RequestSubsystem(). RequestSubsystem requests the association of a subsystem with the ssh session on the remote host. A subsystem is a predefined command that runs in the background when the ssh session is initiated (i.e. sftp). R=golang-dev, agl CC=golang-dev, gustav.paul https://golang.org/cl/6295096 go.crypto/ssh: add ClientAuthAgent ClientAuthAgent adapts a *AgentClient to a ClientAuth. R=golang-dev, agl CC=golang-dev https://golang.org/cl/6352056 go.crypto/ssh: avoid recover() when handling invalid channel ids This proposal removes the use of recover() to catch invalid channel ids sent from the remote side. The recover() unfortuntaly makes debugging harder as it obscures other panic causes. Another source of panic()s exists inside marshal.go, which will be handled with in a later CL. R=agl, gustav.paul CC=golang-dev https://golang.org/cl/6404046 go.crypto/ssh: use binary.BigEndian throughout A small cleanup. R=agl, gustav.paul CC=golang-dev https://golang.org/cl/6406043 go.crypto/ssh: improve TestServerWindow robustness Fix a few resource leaks and prevent the test from hanging if an error occurs reading from the remote server. R=agl, gustav.paul, kardianos CC=golang-dev https://golang.org/cl/6423065 go.crypto/ssh: never send more data than maxpacket RFC 4254 s5.2 is clear that a client must never send a data packet larger than the value of maximum packet supplied by the remote side during channel setup. The client was not honoring this value, in fact it wasn't even recording it. Thanks to Albert Strasheim for the bug report. R=agl, fullung CC=golang-dev https://golang.org/cl/6448128 go.crypto/ssh: cosmetic: move remaining channel code into channel.go This CL scratches an itch by moving the remaining channel related code into channel.go. R=agl CC=golang-dev https://golang.org/cl/6454126 go.crypto/ssh: improve channel max packet handling This proposal moves the check for max packet into channel.writePacket. Callers should be aware they cannot pass a buffer larger than max packet. This is only a concern to chanWriter.Write and appropriate guards are already in place. There was some max packet handling in transport.go but it was incorrect. This has been removed. This proposal also cleans up session_test.go. R=gustav.paul, agl, fullung, huin CC=golang-dev https://golang.org/cl/6460075 go.crypto/ssh: fix misplaced defer Fixes golang/go#3972. R=golang-dev, agl, r CC=golang-dev https://golang.org/cl/6448166 go.crypto/ssh: prevent channel writes after Close Fixes golang/go#3810. This change introduces an atomic boolean to guard the close of the clientChan. Previously the client code was quite lax with the ordering of the close messages and could allow window adjustment or EOF messages to leak after Close had been signaled. Consolidating the changes to the serverChan will be handled in a following CL. R=agl, kardianos, gustav.paul CC=golang-dev https://golang.org/cl/6405064 go.crypto/ssh: prevent server from sending more than maxPacket Fixes golang/go#4003. R=agl, dave, agl CC=golang-dev https://golang.org/cl/6483052 go.crypto/ssh: fix test failure on windows Use a handler that does not attempt to send a status message as the failing test closes the connection abruptly. Also, check the err response on all shell.ReadLine operations. R=agl, minux.ma, kardianos CC=golang-dev https://golang.org/cl/6487043 go.crypto/ssh: improve test reliability Fixes golang/go#3989. Tested for several hours on an 8 core ec2 instance with random GOMAXPROC values. Also, rolls server_test.go into session_test using the existing dial() framework. R=fullung, agl, kardianos CC=golang-dev https://golang.org/cl/6475063 go.crypto/ssh: assorted close related fixes Fixes golang/go#3810. Fixes chanWriter Write after close behaviour bug. Fixes serverChan writePacket after close bug. Addresses final comments by agl on 6405064, plus various cleanups. R=agl, kardianos, gustav.paul, fullung CC=golang-dev https://golang.org/cl/6479056 go.crypto/ssh: sanity check incoming packet length The check for a sensible packet length was removed a while ago when the window size and channel packet size checks were moved into channel.go. While the RFC suggests that any packet of size less than uint32 -1 is valid, most implmentations limit the size to a smaller value. OpenSSH chose 256kb, so that sounds like a sensible default. R=agl, huin, kardianos CC=golang-dev https://golang.org/cl/6490098 go.crypto/ssh: Read returns all unread bytes before returning io.EOF. Fixes golang/go#4158. R=dave, agl CC=golang-dev https://golang.org/cl/6586060 go.crypto/ssh: new test subpackage This proposal is an attempt to improve the state of functional testing in the ssh package. The previous functional tests required the user to give away some personal details, like their password and private key to run the tests, and so were probably not run as frequently as they should. R=agl, gustav.paul, kardianos, fullung CC=golang-dev https://golang.org/cl/6601043 go.crypto: various: fix appengine compatibility Fixes golang/go#4102. R=russross, minux.ma, rsc, agl CC=golang-dev https://golang.org/cl/6623053 go.crypto/ssh: add terminal modes to ssh.RequestPty() R=dave, agl CC=golang-dev https://golang.org/cl/6655046 go.crypto/ssh: never negotiate unsupported ciphers Fixes golang/go#4285. Adding a new cipher that is supported by the remote end, but not supported by our client causes that cipher to be considered a valid candidate. This fails later in setupKeys when there is no cipherModes configuration. In summary, unsupported ciphers cannot be willed into existence by adding them to the client config. This change enforces this. R=golang-dev, agl CC=golang-dev https://golang.org/cl/6780047 go.crypto/ssh/test: don't kill process if it was never started This case arises if s.cmd.Start fails when called by server.Dial. R=golang-dev, dave CC=golang-dev https://golang.org/cl/6821097 go.crypto/ssh: make tests work on non-cgo platforms. user.Current() currently requires cgo - if an error is returned attempt to get the username from the environment. R=golang-dev, minux.ma, bradfitz, dave CC=golang-dev https://golang.org/cl/6819113 ssh: add functions for public keys in wire & auth keys format. This allows easy import/export of public keys in the format expected by OpenSSH for authorized_keys files, as well as allowing comparisons with ServerConfig's PublickeyCallback. Fixes golang/go#3908. R=agl, dave, golang-dev, bradfitz CC=agl, golang-dev https://golang.org/cl/6855107 go.crypto/ssh: run gofmt gofmt got better at removing trailing whitespace. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/6929044 go.crypto/ssh: Add support for ECDSA keys and certs. R=agl, dave CC=golang-dev https://golang.org/cl/6873060 go.crypto/ssh/test: move some variables into common os source file to fix windows build R=golang-dev, dave CC=golang-dev https://golang.org/cl/6944048 go.crypto/ssh: Miscellaneous changes up for discussion. Export key and certificate algorithm names. Switch from string literals over to using the constants for any key/cert algorithm references. Make URL references visible in the godoc web display. Standardize url reference names with surrounding []. R=dave, agl, jonathan.mark.pittman CC=golang-dev https://golang.org/cl/6944047 go.crypto: gofmt -w -s R=golang-dev, dave CC=golang-dev https://golang.org/cl/6948057 go.crypto/ssh: some cleanup Simplify MarshalAuthorizedKey by using the algoName func. Make the algoName func be very specific about supported key types in openssh certs. Generalize some of the commentary that previously mentioned specific key types. R=agl, dave CC=golang-dev https://golang.org/cl/6938067 go.crypto/ssh: support OpenSSH keepalives Fixes golang/go#4552. R=minux.ma, agl CC=golang-dev https://golang.org/cl/6948059 ssh/terminal: add GetState and make ReadPassword work in raw mode. GetState is useful for restoring the terminal in a signal handler. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/6990043 ssh/terminal: add darwin support. terminal contains a number of utility functions that are currently only implemented for Linux. Darwin uses different named constants for getting and setting the terminal state so this change splits them off as constants and defines them for each arch. R=golang-dev, minux.ma CC=golang-dev https://golang.org/cl/7286043 ssh/test: deflake session test. The session test previously had a one second timeout for the output of stty and this was leading to flakiness. This change removes the timeout since go test has a generic timeout mechanism. Additionally, the test was looking for "-echo" in the output to test the value of the echo flag. However, there are also typically "echoe", "echok" and "echonl" flags, and "-echo" could be a prefix of any of time. Thus we now also match a trailing space. R=golang-dev, rsc, extraterrestrial.neighbour CC=golang-dev https://golang.org/cl/7579043 go.crypto/ssh: fix tests with -cpu 1,2. When running the ssh tests several times (e.g. with -cpu 1,2), the second run would fail because testing globals had been altered. This change avoids altering the globals since the default worked anyway. Fixes golang/go#4715. R=golang-dev, minux.ma CC=golang-dev https://golang.org/cl/7903045 go.crypto/ssh/test: wait on sshd process in tests R=dave CC=golang-dev https://golang.org/cl/8449043 go.crypto/ssh/test: improve diagnostics for test failing to get username. R=golang-dev, dave CC=golang-dev https://golang.org/cl/8817043 go.crypto/ssh/test: Fix distracting nil pointer dereference in a test. If cgo is disabled (such as it appears to be on a subset of builders), username() panics, and s.cmd is nil; let's not panic while recovering from a different panic. R=golang-dev, dave CC=golang-dev https://golang.org/cl/8820043 go.crypto/ssh/test: Replace FailNow with Fail where it is obvious that the test doesn't want to fail now. Improve a couple of test error messages too. R=golang-dev, bradfitz CC=golang-dev https://golang.org/cl/8661045 go.crypto/ssh: More error reporting improvements. R=golang-dev, kardianos, dave CC=golang-dev https://golang.org/cl/8596047 ssh: add Output and CombinedOutput helpers R=golang-dev, dave CC=golang-dev https://golang.org/cl/9711043 go.crypto/ssh: fix test breakage Followup CL for 9711043. The order that CombinedOutput returns data captured from stdout/stderr is not specified, so we have to test both variants. Thanks to fullung for the bug report. R=fullung, kr CC=golang-dev https://golang.org/cl/9921044 go.crypto/ssh: fix race on mock ssh network connection Fixes golang/go#5138. Fixes golang/go#4703. This appears to pass my stress tests with and without the -race detector, but I'd like to see others hit it with their machines. R=golang-dev, fullung, huin, kardianos, agl CC=golang-dev https://golang.org/cl/9929043 go.crypto/ssh: add a error return to decode(), and avoid casting decode() output. R=dave, kardianos, agl CC=gobot, golang-dev https://golang.org/cl/9738053 go.crypto/ssh: implement keyboard-interactive auth (RFC 4256), both on client and server-side. R=dave, agl CC=gobot, golang-dev https://golang.org/cl/9853050 ssh/terminal: support home, end, up and down keys. R=golang-dev, dave CC=golang-dev https://golang.org/cl/9777043 go.crypto: remove unreachable code. I ran go vet over all of go.crypto and removed lots of panic("unreachable") that are no longer needed. R=golang-dev, r, dgryski CC=golang-dev https://golang.org/cl/10113043 go.crypto: revert 7f5a59ff6b43. This change reverts https://golang.org/cl/10113043/ because some folks are stuck on 1.0 till 1.1.1 comes out. R=golang-dev CC=golang-dev https://golang.org/cl/10151043 go.crypto/ssh: fix and test port forwarding. Set maxPacket in forwarded connection, and use the requested port number as key in forwardList. R=golang-dev, agl, dave CC=golang-dev https://golang.org/cl/9753044 go.crypto/ssh/test: Run sshd with -e, so the debug output goes onto stderr. R=dave, agl CC=golang-dev https://golang.org/cl/10230043 go.crypto/ssh: fix test breakages introduced by 125:40246d2ae2eb * Remove special handling for dynamically allocated ports. This was a bug in OpenSSH 5.x sshd. * Run the test with a preselected port number. * Run TestPortForward only on unix platforms. R=dave, agl CC=golang-dev https://golang.org/cl/10049045 go.crypto/ssh: add hook for host key checking. R=dave, agl CC=gobot, golang-dev https://golang.org/cl/9922043 go.crypto/ssh/terminal: don't save passwords in history. The history buffer would recall previously entered lines: including passwords. With this change, lines entered while echo is disabled are no longer put into the history. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/10853043 go.crypto/ssh/terminal: support Go 1.0. For those still stuck on Go 1.0. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/11297043 go.crypto/ssh: close channel feeding tcpListener. Close both on closing the listener, and on closing the connection. Test the former case. R=dave CC=golang-dev https://golang.org/cl/11349043 go.crypto/ssh: add workaround for broken port forwarding in OpenSSH 5. Tested with OpenSSH_5.9 R=agl, dave CC=golang-dev https://golang.org/cl/11921043 go.crypto/ssh: seed random generator, so auto port allocation is truly random. R=agl, dave CC=golang-dev https://golang.org/cl/12027043 crypto/ssh: Handle msgUserAuthBanner during keyboard-interactive auth. R=agl, golang-dev CC=golang-dev https://golang.org/cl/12983046 crypto/ssh: Allow customization of the client version. R=agl, golang-dev, dave CC=golang-dev https://golang.org/cl/13176044 go.crypto/ssh/terminal: handle ^W, ^K and ^H R=golang-dev, bradfitz CC=golang-dev https://golang.org/cl/13207043 go.crypto/ssh: implement ECDH. Implement elliptic-curve Diffie-Hellman, including host key signature verification. Moves host key cryptographic verification to ClientConn.handshake(), so RSA host keys are also verified. Fixes golang/go#6158. R=dave, agl CC=golang-dev https://golang.org/cl/13021045 go.crypto/ssh: Use net.UnixConn for connecting client and sshd. This obviates custom code to emulate a thread-safe connection. Use this for testing that listeners close if the connection breaks. R=dave, agl, fullung CC=golang-dev https://golang.org/cl/11781043 go.crypto/ssh: Update Dial to perform remote resolution of DNS names. R=agl CC=golang-dev https://golang.org/cl/13010047 go.crypto/ssh: use 127.0.0.1 during TestKexAlgorithms (fixes windows build) R=golang-dev, mikioh.mikioh, remyoudompheng CC=golang-dev https://golang.org/cl/13370043 go.crypto/ssh/test: Only show SSHD debug output if test fails. R=agl, dave, jpsugar CC=golang-dev https://golang.org/cl/13438043 go.crypto/ssh: remove misleading marshalPrivRSA. Properly capitalize publicKey throughout. R=golang-dev CC=agl, dave, golang-dev, jpsugar https://golang.org/cl/13415046 go.crypto/ssh: Begin adding server side support for more than RSA for client key auth R=agl, dave, hanwen CC=ekg, golang-dev https://golang.org/cl/13528044 go.crypto/ssh: introduce PublicKey interface type. Public functions affected: -AgentKey.Key -AgentClient.SignRequest -ClientKeyring.Key -MarshalPublicKey -ParsePublicKey R=agl, jpsugar, jmpittman CC=golang-dev https://golang.org/cl/13642043 go.crypto/ssh/terminal: support Unicode entry. Previously, terminal only supported ASCII characters. This change alters some []byte to []rune so that the full range of Unicode is supported. The only thing that doesn't appear to work correctly are grapheme clusters as the code still assumes one rune per glyph. Still, this change allows many more languages to work than did previously. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/13704043 go.crypto/ssh/terminal: fix non-ASCII history. The length of history buffer entries (which are stored as strings) was being used as the number of runes. This was correct until ff9ce887b46b, which allowed unicode entry, but can now cause a panic when editing history that contains non-ASCII codepoints. R=golang-dev, sfrithjof, r CC=golang-dev https://golang.org/cl/13255050 go.crypto/ssh: introduce Signer method, an abstraction of private keys. R=agl, jpsugar, jonathan.mark.pittman CC=golang-dev https://golang.org/cl/13338044 go.crypto/ssh: separate kex algorithms into kexAlgorithm class. Adds readPacket() to conn, and renames conn to packetConn. Key exchanges operate on packetConn, so they can be unittested. R=agl, jpsugar, dave CC=golang-dev https://golang.org/cl/13352055 go.crypto/ssh: parse DSA private keys too. R=golang-dev, agl CC=golang-dev https://golang.org/cl/13966043 go.crypto/ssh/terminal: Allow ^A and ^E as synonyms for Home and End. I understand that ssh/terminal can't implement everybodys favorite keyboard shortcuts, but I think these are very widespread. They exist not only in Emacs or Readline, but also in Acme and Sam. Also they almost come for free. R=golang-dev CC=agl, golang-dev https://golang.org/cl/13839047 go.crypto/ssh: let client accept DSA and ECDSA host key algorithms. R=agl, dave, jpsugar, m4dh4tt3r, agl CC=golang-dev https://golang.org/cl/14420045 go.crypto/ssh: move interpretation of msgNewKeys into transport. Sending the msgNewKeys packet and setting up the key material now happen under a lock, preventing races with concurrent writers. R=kardianos, agl, jpsugar, hanwenn CC=golang-dev https://golang.org/cl/14476043 go.crypto/ssh: fix certificate parsing/marshaling. The change to add the PublicKey interface accidentally caused certificate handling to expect an extra copy of the private key algorithm name in the binary representation. This change adapts a suitable parsing API and adds a test to ensure that cert handling isn't easily broken in the future. R=agl, hanwen, jmpittman CC=golang-dev https://golang.org/cl/13272055 go.crypto/ssh: cosmetic only spelling fixes R=agl, hanwen CC=dave, golang-dev, jpsugar https://golang.org/cl/14430055 go.crypto/ssh: implement memTransport using sync.Cond. This makes memTransport safe for use with multiple writers/closers. R=golang-dev, dave CC=agl, golang-dev https://golang.org/cl/14532048 go.crypto/ssh: add String method to RejectionReason. R=agl, dave CC=golang-dev https://golang.org/cl/14494055 go.crypto/ssh: (un)marshal data without type byte prefix. This helps manipulating data in global and channel request payloads. R=agl, dave, jpsugar CC=golang-dev https://golang.org/cl/14438068 go.crypto/ssh: move channelForwardMsg declaration. R=golang-dev, dave CC=golang-dev https://golang.org/cl/14669046 go.crypto/ssh: put version exchange in function R=golang-dev, dave, jpsugar, agl CC=golang-dev https://golang.org/cl/14641044 go.crypto/ssh: Add certificate verification, step up support for authorized keys R=agl, hanwen, jpsugar, dave CC=golang-dev https://golang.org/cl/14540051 go.crypto/ssh: additional coverage of message unmarshaling R=golang-dev, hanwen CC=golang-dev https://golang.org/cl/14767043 go.crypto/ssh: Implement CertTime to properly handle the "infinite" time value ^0, which would become negative when expressed as int64. R=agl, dave, jpsugar, hanwen CC=golang-dev https://golang.org/cl/15520047 go.crypto/ssh: only close connection if it was open in TestClientUnsupportedKex. R=dave CC=golang-dev https://golang.org/cl/15450046 go.crypto/ssh: ensure {Server,Client}Conn do not expose io.ReadWriter Transport should not be a ReadWriter. It can only write packets, i.e. no partial reads or writes. Furthermore, you can currently do ClientConn.Write() while the connection is live, which sends raw bytes over the connection. Doing so will confuse the transports because the data is not encrypted. As a consequence, ClientConn and ServerConn stop being a net.Conn Finally, ensure that {Server,Client}Conn implement LocalAddr and RemoteAddr methods that previously were exposed by an embedded net.Conn field. R=hanwen CC=golang-dev https://golang.org/cl/16610043 go.crypto/ssh: in {Server,Client}Conn, read session ID from transport layer. R=agl, dave CC=golang-dev https://golang.org/cl/15870044 go.crypto/ssh: cosmetic: unnest signing code for public key auth. R=dave CC=golang-dev https://golang.org/cl/15930044 go.crypto/ssh: Increase window size. Increase window size for channels (session and tcpip) to 64 * max packet size (32 KB), which is the same value that OpenSSH uses. Also breaks out the relevant harcoded constants into named constants in channel.go. Fixes golang/go#6675. R=golang-dev, dave, hanwen, agl CC=golang-dev https://golang.org/cl/18120043 go.crypto/ssh/terminal: enable freebsd build syscall.Termios, which was the only thing breaking the build, is available in go tip now (https://code.google.com/p/go/source/detail?r=873d664b00ec) R=golang-codereviews, bradfitz CC=golang-codereviews https://golang.org/cl/51690043 undo CL 51690043 / abf8f8812575 Breaks FreeBSD build of subrepo for non-tip users. ««« original CL description go.crypto/ssh/terminal: enable freebsd build syscall.Termios, which was the only thing breaking the build, is available in go tip now (https://code.google.com/p/go/source/detail?r=873d664b00ec) R=golang-codereviews, bradfitz CC=golang-codereviews https://golang.org/cl/51690043 »»» R=golang-codereviews, dave CC=golang-codereviews https://golang.org/cl/51100044 go.crypto/ssh: build tests on Plan 9 LGTM=minux.ma R=golang-codereviews, minux.ma CC=golang-codereviews https://golang.org/cl/64390044 go.crypto/ssh: import gosshnew. See https://groups.google.com/d/msg/Golang-nuts/AoVxQ4bB5XQ/i8kpMxdbVlEJ R=hanwen CC=golang-codereviews https://golang.org/cl/86190043 go.crypto/ssh: remove old files. In c0fc595a2cb5, hg didn't notice the files that had been removed from the working directory. These, old files are breaking the build. CC=golang-codereviews https://golang.org/cl/86240043 go.crypto/ssh: build test_unix_test on Plan 9 LGTM=minux.ma R=golang-codereviews, minux.ma CC=golang-codereviews https://golang.org/cl/86630043 go.crypto/ssh: only offset channel IDs when debugMux is set. Otherwise, the package leaks data about total number of connections established through its channel IDs. R=agl, jpsugar CC=golang-codereviews https://golang.org/cl/87280043 go.crypto/ssh: Add support for the pre-2006 RC4 cipher mode. LGTM=hanwen R=agl, hanwen CC=golang-codereviews https://golang.org/cl/86600044 go.crypto/ssh: fix messages_test.go on 32-bit platforms. LGTM=dave R=agl, dave CC=golang-codereviews https://golang.org/cl/88060043 go.crypto/ssh/agent: prefix errors with "agent". R=agl, dave, jpsugar CC=golang-codereviews https://golang.org/cl/87810047 go.crypto/ssh/agent: add key type to testAgentInterface failure messages. R=agl, dave, jpsugar CC=golang-codereviews https://golang.org/cl/88260043 ssh/forward: Fix reference to the functions to call to route authentication requests. R=agl CC=golang-codereviews, hanwen https://golang.org/cl/95910043 go.crypto/ssh/terminal: add support for BSD variants LGTM=agl R=golang-codereviews, agl CC=golang-codereviews https://golang.org/cl/97850043 go.crypto/ssh/test: enable test cases on dragonfly LGTM=agl R=golang-codereviews, agl CC=golang-codereviews https://golang.org/cl/98840043 go.crypto/ssh: try authentication methods in ClientConfig order. LGTM=jpsugar, agl R=agl, jpsugar CC=golang-codereviews https://golang.org/cl/92240045 go.crypto/ssh: use permissions from public key cache when accepting a key. Fixes golang/go#7913. LGTM=hanwen R=hanwen CC=golang-codereviews https://golang.org/cl/96220043 go.crypto/ssh: fix authentication after all public keys are rejected by a server. Validating a public key doesn't return any remaining methods so, if all public keys were rejected, a nil slice would be returned for the remaining methods and authentication would stop. We could have validateKey return methods, but that wouldn't solve the problem of what to do if the callback returns no keys. In that case we don't have any keys to test. So this change makes it possible for an AuthMethod to return a nil slice for the remaining methods (meaning "reuse the last list"). It also fixes a scoping bug. Fixes golang/go#7787. LGTM=hanwen R=hanwen CC=golang-codereviews https://golang.org/cl/94350043 go.crypto/ssh/terminal: support ^U, ^D and ^L. LGTM=bradfitz R=bradfitz, marios.nikolaou CC=golang-codereviews https://golang.org/cl/92220043 go.crypt/ssh/terminal: declare TCGETS, TCSETS constants locally. Currently the ssh/terminal package cannot be compiled under gccgo. Even though gccgo may be running on linux, its syscall package is slightly different and does not contain these constants. This proposal resolves the issue by declaring the two constants locally, as we've done for the *BSDs. LGTM=hanwen, iant R=hanwen, iant, gobot CC=golang-codereviews https://golang.org/cl/101670043 go.crypto/ssh/terminal: better handling of window resizing. There doesn't appear to be perfect behaviour for line editing code in the face of terminal resizing. But this change works pretty well on xterm and gnome-terminal and certainly a lot better than it used to. LGTM=bradfitz R=bradfitz CC=golang-codereviews https://golang.org/cl/105580043 go.crypto/ssh/test: skip tests during -short mode This proposal effectively disables all the ssh/test tests when run with the -short flag supplied. For developers and users of this package, there should be no change unless they are in the habbit of always supplying -short, which I belive is untrue. For the CI dashboard the effect should be that these tests, which are really not portable enough to run reliably on all our various builders, are disabled. LGTM=adg R=adg, agl, hanwen CC=golang-codereviews https://golang.org/cl/125860043 go.crypto/ssh: skip tests that start ssh-agent. Also stops leaking /tmp/ directories. Fixes golang/go#8489. LGTM=dave, minux R=dave, minux, agl CC=golang-codereviews https://golang.org/cl/124010043 go.crypto/ssh: reuse packet buffer for channel writes. Test that different extended data streams within a channel are thread-safe. benchmark old MB/s new MB/s speedup BenchmarkEndToEnd 79.26 87.98 1.11x benchmark old allocs new allocs delta BenchmarkEndToEnd 110 73 -33.64% benchmark old bytes new bytes delta BenchmarkEndToEnd 2605720 1299768 -50.12% LGTM=dave, jpsugar R=agl, dave, jpsugar CC=golang-codereviews https://golang.org/cl/136420043 go.crypto/ssh: clean up address parsing in forward code. LGTM=agl R=agl, dave, jpsugar CC=golang-codereviews https://golang.org/cl/134700043 go.crypto/ssh/terminal: fix crash when terminal narrower than prompt. Previously, if the current line was "empty", resizes wouldn't trigger repaints. However, the line can be empty when the prompt is non-empty and the code would then panic after a resize because the cursor position was outside of the terminal. LGTM=bradfitz R=bradfitz CC=golang-codereviews https://golang.org/cl/158090043 go.crypto/ssh/terminal: remove \r from passwords on Windows. Fixes golang/go#9040. (Note: can't compile or test this one prior to committing.) LGTM=iant, bradfitz R=bradfitz, mathias.gumz, iant CC=golang-codereviews https://golang.org/cl/171000043 go.crypto/ssh/terminal: fix Home and End. In my notes I had Home and End down as OH and OF. But that's nonsense, they are [H and ]F. I never noticed before because I don't have Home and End keys on my keyboard. LGTM=bradfitz R=bradfitz CC=golang-codereviews https://golang.org/cl/172100043 go.crypto: use golang.org/x/... import paths LGTM=bradfitz R=rsc, bradfitz CC=golang-codereviews https://golang.org/cl/167190043 go.crypto/ssh/terminal: support bracketed paste mode. Some terminals support a mode where pasted text is bracketed by escape sequences. This is very useful for terminal applications that otherwise have no good way to tell pastes and typed text apart. This change allows applications to enable this mode and, if the terminal supports it, will suppress autocompletes during pastes and indicate to the caller that a line came entirely from pasted text. LGTM=bradfitz R=bradfitz CC=golang-codereviews https://golang.org/cl/171330043 crypto: add import comments. Change-Id: I33240faf1b8620d0cd600de661928d8e422ebdbc Reviewed-on: https://go-review.googlesource.com/1235 Reviewed-by: Andrew Gerrand <[email protected]> ssh/terminal: fix SetSize when nothing on current line SetSize has a problem may cause the following ReadPassword setting temporary prompt not working, when changing width the current SetSize will call clearAndRepaintLinePlusNPrevious which would print an old prompt whatever the current line has, causing a following ReadPassword with temporary prompt not printing the different prompt. When running code like this, the nt.SetSize prints a "> " as prompt then the temporary "Password: " prompt would never show up. ```go oldState, err := terminal.MakeRaw(int(os.Stdin.Fd())) width, height, _ = terminal.GetSize(int(os.Stdin.Fd())) nt := terminal.NewTerminal(os.Stdin, "> ") nt.SetSize(width, height) password, err = nt.ReadPassword("Password: ") ``` the new test cases is to test SetSize with different terminal sizes, either shrinking or expanding, a following ReadPassword should get the correct temporary prompt. Change-Id: I33d13b2c732997c0c88670d53545b8c0048b94b6 Reviewed-on: https://go-review.googlesource.com/1861 Reviewed-by: Adam Langley <[email protected]> ssh: add ServerConfig.ServerVersion option The SSH server does not allow for setting a version string in the same manner as the client. This update adds a ServerVersion member to the ServerConfig structure which when set, causes the server to use that member instead of the default version string. This allows building an golang based SSH server which can present any version string the user wishes. It also adds an else statement to the client assignment of the ClientVersion to avoid an allocation when using a user defined ClientVersion. Change-Id: I43d97cfd5a174f2c68f53c5b4e267539ef21937b Reviewed-on: https://go-review.googlesource.com/1860 Reviewed-by: Brad Fitzpatrick <[email protected]> ssh/agent: do not return nil entries from keyring.Signers() The slice returned is constructed with both a pre-set length and append() resulting in a slice twice as long and half-full of nil. Setting the capacity instead of length gets the desired result. Change-Id: I758423594e4f4c0506c53f227454f57a9dc8bdf1 Reviewed-on: https://go-review.googlesource.com/2659 Reviewed-by: Brad Fitzpatrick <[email protected]> ssh: make godoc examples easier to reuse Fixes golang/go#9747 Move the example tests to an external test package so that they must explicitly reference the ssh package. The side effect is the examples now become easier to copy and paste. Change-Id: Ibbddea42bc5a41d11ffdef5144d9884ef3ef603f Reviewed-on: https://go-review.googlesource.com/3710 Reviewed-by: Andrew Gerrand <[email protected]> ssh: return session ID in ConnMeta.SessionID. SessionID() returned nil previously. Fixes #9761. Change-Id: I53d2b347571d21eab2d913c2228e85997a84f757 Reviewed-on: https://go-review.googlesource.com/3872 Reviewed-by: Adam Langley <[email protected]> crypto/ssh: add support for aes128-cbc cipher. The aes128cbc cipher is commented out in cipher.go on purpose, anyone wants to use the cipher needs to uncomment line 119 in cipher.go Fixes #4274. Change-Id: I4bbc88ab884bda821c5f155dcf495bb7235c8605 Reviewed-on: https://go-review.googlesource.com/8396 Reviewed-by: Adam Langley <[email protected]> crypto/ssh: fix the links to the SSH protocol documents Minor change - updated the links to the ssh PROTOCOL.* docs. Currently the [PROTOCOL...] links in References on top of https://godoc.org/golang.org/x/crypto/ssh and https://godoc.org/golang.org/x/crypto/ssh/agent take you to the top-level directory list on http://cvsweb.openbsd.org/cgi-bin/cvsweb/ instead of directly to the respective document pages. Change-Id: Ifd3f0bc2ef393ab02f023c13b93340fdb0a05af3 Reviewed-on: https://go-review.googlesource.com/8963 Reviewed-by: Adam Langley <[email protected]> crypto/ssh: update references to the old code.google.com repo Changed code.google.com repository links to the current golang.org/x/crypto/ssh (except Gerrit homepage). Change-Id: I7301d21401b163ceef8cfc1cf535dee998f9cb0d Reviewed-on: https://go-review.googlesource.com/9250 Reviewed-by: Brad Fitzpatrick <[email protected]> crypto/ssh: fix encoding of ssh certs with critical options Attention - BREAKING change for the certificates generated with the previous versions of crypto/ssh! Need to regenerate certificates with a version of crypto/ssh library including this fix. [PROTOCOL.cerkeys] requires two length fields for non-empty values of critical options (or extensions - but those are currently always empty) - see https://bugzilla.mindrot.org/show_bug.cgi?id=2389. Add SSH-conform handling of such composite values in marshalTuples and parseTuples and related test (TestParseCertWithOptions) parsing a certificate created with ssh-keygen which includes critical options. Fixes #10569 Change-Id: Iecbfca67a66668880635141c72bc5fc370a9c112 Reviewed-on: https://go-review.googlesource.com/9375 Reviewed-by: Adam Langley <[email protected]> Run-TryBot: Adam Langley <[email protected]> x/crypto/ssh: bail early if a server has no auth methods configured. Change-Id: I58fdfbe00fcc4ca09da9699edcc181cc512feef7 Reviewed-on: https://go-review.googlesource.com/9807 Reviewed-by: JP Sugarbroad <[email protected]> Reviewed-by: Adam Langley <[email protected]> ssh: add hmac-sha2-256. Fixes golang/go#10274 Change-Id: Id8386828ee92ccc6cba5197831cdb8b2ce0cd648 Reviewed-on: https://go-review.googlesource.com/8353 Reviewed-by: Adam Langley <[email protected]> Run-TryBot: Adam Langley <[email protected]> x/crypto/ssh: add padding oracle countermeasures for AES-CBC. This deprives an attacker of feedback for guesses against the packet length given by the connection dropping. Change-Id: I14939a82e5243a86d192bb18be93d45589227147 Reviewed-on: https://go-review.googlesource.com/9908 Reviewed-by: Adam Langley <[email protected]> crypto/ssh: trivial spacing change for gofmt compliance Extra space added by 'gofmt -w' to align key/value columns in the new test (TestParseCertWithOptions). Follow-up on https://go-review.googlesource.com/#/c/9375/. Change-Id: Id7dd0bc420888f12ce0af4178096bdc9f5c57161 Reviewed-on: https://go-review.googlesource.com/9627 Reviewed-by: Adam Langley <[email protected]> crypto/ssh: fix format string error in test. Change-Id: I0c84f11fb74ee478617deb1b743a759c9f789101 Reviewed-on: https://go-review.googlesource.com/10822 Reviewed-by: Adam Langley <[email protected]> ssh: Add explicit type in comparison with constant to make go-fuzz happy Currently using go-fuzz with code using golang.org/x/crypto/ssh fails because it passes CertTimeInfinity to an interface{} and automatically tries to use an int, which overflows and results in a compile error. This change adds a no-op type conversion inside the function which makes things compile with go-fuzz. Change-Id: Iade0c0df7e20cbac4928480fad3e44c831e1e00a Reviewed-on: https://go-review.googlesource.com/11285 Reviewed-by: Adam Langley <[email protected]> x/crypto/ssh: fix bounds check in parseString Fixes #11348 Change-Id: If083744343256a2a53eb813411ba0c9a359d6dbd Reviewed-on: https://go-review.googlesource.com/11332 Reviewed-by: Adam Langley <[email protected]> x/crypto/ssh: fix comment Fixes golang/go#11603 Change-Id: I019af73f5e036b47b8bd6c4a5541c06b97b44f11 Reviewed-on: https://go-review.googlesource.com/11866 Reviewed-by: Andrew Gerrand <[email protected]> crypto/ssh: fix a comment (trivial) Comment in Agent made to conform the godoc style. Change-Id: I4e1e8ce1a15ca346715fae257ae2178f5093d40d Reviewed-on: https://go-review.googlesource.com/12183 Reviewed-by: Brad Fitzpatrick <[email protected]> ssh: fix spelling of test so that it runs Change-Id: I65ebae299f272d5f1367ca4c2e47e51f9c392b6a Reviewed-on: https://go-review.googlesource.com/12229 Reviewed-by: Dave Cheney <[email protected]> crypto/ssh: allow identities to be constrained. The ssh-agent protocol allows the usage of keys and certs added to a given agent to be constrained in certain ways. The only constraints currently supported are lifetime (keys expire after some number of seconds) and confirmation (the agent requires user confirmation before performing any operations with the private key). Change-Id: Idba5760db929805bf3da43fdcaca53ae6c479ca4 Reviewed-on: https://go-review.googlesource.com/12260 Reviewed-by: Adam Langley <[email protected]> Run-TryBot: Adam Langley <[email protected]> Reviewed-by: Peter Moody <[email protected]> ssh: skip TestHandshakeBasic on Plan 9 Updates golang/go#7797. Change-Id: I7aa57f3fb812ecf644c8f8c065848938868e473b Reviewed-on: https://go-review.googlesource.com/12767 Reviewed-by: Brad Fitzpatrick <[email protected]> ssh: fix deadlock during error path Fixes golang/go#11882 If an error occurs during handshakeTransport.writePacket the lock may not be released. Fix this by using defer rather than manually unlocking in all paths. Change-Id: I0010284b4f7d99907c86b4c0e140ab6cf37b0441 Reviewed-on: https://go-review.googlesource.com/12888 Reviewed-by: Adam Langley <[email protected]> ssh: fix flake in TestHostKeyCert Update golang/go#11811 The increased default concurrency in Go 1.5 showed up a test flake in the TestHostKeyCert test. Under load, when the client provided incorrect data, both sides would race to tear down the connection, which would often lead to the server side, running in its own goroutine to see an unexpected EOF or connection reset. Fix this flake (and the incorrect use of t.Fatalf) by passing the error back to the main goroutine for inspection. This also lets us ignore the expected error in the unsuccessful path Change-Id: I5a95c6d240479e9d537f34177e5ca8023b1b08e9 Reviewed-on: https://go-review.googlesource.com/12916 Reviewed-by: Brad Fitzpatrick <[email protected]> crypto/ssh: allow client to specify host key algorithms. Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <[email protected]> crypto/ssh: Handle error in dial to avoid a goroutine leak If the channel open request failed, a nil channel would be provided to DiscardRequests, which would never return. We return the error early to avoid this goroutine leak. Change-Id: I4c0e0a7698f7623c042f2a04941b8c50e8031d33 Reviewed-on: https://go-review.googlesource.com/13390 Reviewed-by: Dave Cheney <[email protected]> x/crypto/ssh/test: test all key exchanges against sshd. Change-Id: I9d775d6e9c39bee1f2bf914ba3659acb6b0029dd Reviewed-on: https://go-review.googlesource.com/13591 Reviewed-by: Adam Langley <[email protected]> x/crypto/ssh: implement [email protected] key agreement. Fixes golang/go#11004. Change-Id: Ic37cf9d620e3397b7ad769ae16abdaee63a7733b Reviewed-on: https://go-review.googlesource.com/13592 Reviewed-by: Adam Langley <[email protected]> x/crypto/ssh: close memPipe after running kex test. Change-Id: I6022d669946a7cb3403757a7c0dbf21a474e1c95 Reviewed-on: https://go-review.googlesource.com/13590 Reviewed-by: Adam Langley <[email protected]> crypto/ssh: fix deadlock during error condition. Unblock writers if a read error occurs while writers are blocked on a pending key change. Add test to check for deadlocks in error paths in handshake.go Fixes golang/go#11992. Change-Id: Id098bd9fec3d4fe83daeb2b7f935e5647c19afd3 Reviewed-on: https://go-review.googlesource.com/13594 Reviewed-by: Adam Langley <[email protected]> crypto/ssh: clearer error messages when "no ciphers in common" The error message reported by the ssh client when it can't find a "cipher" in common between the client and server was overly vague. This adds more detailed error messages to findAgreedAlgorithms so that the user can more easily identify which of the components can't reach agreement. Change-Id: I4d985e92fea964793213e5600b52b3141e712000 Reviewed-on: https://go-review.googlesource.com/13817 Reviewed-by: Adam Langley <[email protected]> crypto/ssh: Parse ECDSA key using struct Change parseECDSA() to unmarshal the key's contents into a struct representing the wire format, consistent with the parseRSA() and parseDSA(), to make the code more readable and its intent clearer. Change-Id: Iea85630107ac0b3e681807d2278390c8c50ce141 Reviewed-on: https://go-review.googlesource.com/13663 Reviewed-by: Han-Wen Nienhuys <[email protected]> Reviewed-by: Adam Langley <[email protected]> crypto/ssh: Support turning a crypto.Signer into an ssh.Signer This adds a NewSignerFromSigner to crypto/ssh which takes a crypto.Signer and turns it into an ssh.Signer, helpful if, e.g., your crypto.Signer is backed by some sort of hardware device. The interfaces are very similar - the biggest differences are that a crypto.Signer accepts hashed data, while an ssh.Signer does not, and some differences in encoding for DSA and ECDSA signatures. This also adjusts NewSignerFromKey to use NewSignerFromSigner where possible, dropping the rsaPrivateKey and ecdsaPrivateKey types in favor of wrappedSigner. (However, because *dsa.PrivateKey is not a crypto.Signer, we still have to keep dsaPrivateKey) Change-Id: Ia2e20ece9c9d3844b4e5a64c1a7d997178ec8781 Reviewed-on: https://go-review.googlesource.com/10953 Reviewed-by: Adam Langley <[email protected]> x/crypto/ssh: Add protocol version to ServerVersion 280be00 introduced custom server versions; however, at least OpenSSH clients do not accept a server version that doesn't start with a protocol version like "SSH-2.0-"; this is not documented in this library, and automatically adding it in case that the user did not does no harm. Change-Id: Iafc23b23160a8277b10cbf29778dc64a96351bd7 Reviewed-on: https://go-review.googlesource.com/14018 Reviewed-by: Adam Langley <[email protected]> crypto/ssh: fix typo in error string. cound -> could Also change fmt.Errorf -> errors.New for consistency. Change-Id: I0b6900a76b70cd37ab2e8d61327868b46366ec64 Reviewed-on: https://go-review.googlesource.com/11235 Reviewed-by: Adam Langley <[email protected]> x/crypto/ssh: run go fmt Change-Id: Ibb071aa550ca7392543c2d1eba8f8a69ba1d86fa Reviewed-on: https://go-review.googlesource.com/17270 Reviewed-by: Dave Cheney <[email protected]> x/crypto/ssh/agent: Fix keyring removing the wrong key(s) The Remove method for the keyring sliced the internal keys list incorrectly when removing a key. This caused the wrong key to be removed or sometimes multiple keys were removed. Additionally, if the key to be removed was the last key, the method never returned. Fixes golang/go#13628 Change-Id: I0facbcb8f8b65709222067ce37ea26e3fb5ba8e8 Reviewed-on: https://go-review.googlesource.com/17870 Reviewed-by: Brad Fitzpatrick <[email protected]> x/crypto/ssh: allow a custom Config to specify CBC mode. Cryptographic flaws are so hard to kill it can only be a matter of time before they start crying “brains!” and holding their arms out straight. Fixes golang/go#13776. Change-Id: Iee1c19dbe823eb8728e283dd11083638e41f7189 Reviewed-on: https://go-review.googlesource.com/18482 Reviewed-by: Brad Fitzpatrick <[email protected]> Run-TryBot: Adam Langley <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> x/crypto/ssh: add function to parse known_hosts files. Change-Id: I9258ecf2b38258e31bcb6e73ac042ad8125fd2d1 Reviewed-on: https://go-review.googlesource.com/18106 Reviewed-by: Peter Moody <[email protected]> Reviewed-by: Adam Langley <[email protected]> x/crypto/ssh/agent: add a client example and tweak package doc. Change-Id: I373fdbb6351d71b12fcfed31cf4b08975a443294 Reviewed-on: https://go-review.googlesource.com/19894 Reviewed-by: Brad Fitzpatrick <[email protected]> Reviewed-by: Adam Langley <[email protected]> Run-TryBot: Adam Langley <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> x/crypto/ssh: Add timeout for dialing Fixes golang/go#14941 Change-Id: I2b3a976d451d311519fab6cdabdc98a4a4752e31 Reviewed-on: https://go-review.googlesource.com/21136 Reviewed-by: Brad Fitzpatrick <[email protected]> x/crypto/ssh: interpret disconnect message as error in the transport layer. This ensures that higher level parts (e.g. the client authentication loop) never have to deal with disconnect messages. Fixes https://github.com/coreos/fleet/issues/565. Change-Id: Ie164b6c4b0982c7ed9af6d3bf91697a78a911a20 Reviewed-on: https://go-review.googlesource.com/20801 Reviewed-by: Anton Khramov <[email protected]> Reviewed-by: Adam Langley <[email protected]> x/crypto/ssh/terminal: create stubs for plan9 methods To facilitate testing of methods in other GOOSs we need plan9 to be able to build and run the test without a errors due to undefined methods. Fixes golang/go#15195 Change-Id: Ida334676f92db6fb4652af3e3a9f6bc13a96052c Reviewed-on: https://go-review.googlesource.com/21711 Reviewed-by: Brad Fitzpatrick <[email protected]> Run-TryBot: Brad Fitzpatrick <[email protected]> x/crypto/ssh/terminal: ensure windows MakeRaw returns previous state The MakeRaw method should be returning the original state so that it can be restored. However, the current implementation is returning the new, "raw" state. Fixes golang/go#15155 Change-Id: I8e0b87229b7577544e1118fa4b95664d3a9cf5da Reviewed-on: https://go-review.googlesource.com/21612 Run-TryBot: Brad Fitzpatrick <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]> x/crypto/ssh: make sure the initial key exchange happens once. This is done by running the key exchange and setting the session ID under mutex. If the first exchange encounters an already set session ID, then do nothing. This fixes a race condition: On setting up the connection, both sides sent a kexInit to initiate the first (mandatory) key exchange. If one side was faster, the faster side might have completed the key exchange, before the slow side had a chance to send a kexInit. The slow side would send a kexInit which would trigger a second key exchange. The resulting confirmation message (msgNewKeys) would confuse the authentication loop. This fix removes sessionID from the transport struct. This fix also deletes the unused interface rekeyingTransport. Fixes #15066 Change-Id: I7f303bce5d3214c9bdd58f52d21178a185871d90 Reviewed-on: https://go-review.googlesource.com/21606 Reviewed-by: Adam Langley <[email protected]> Reviewed-by: Han-Wen Nienhuys <[email protected]> x/crypto/ssh: debug support for msgUserAuthSuccess and msgChannelData Change-Id: I14d59509f22edf01827610a4ef4c50b53cbc8059 Reviewed-on: https://go-review.googlesource.com/21605 Reviewed-by: Brad Fitzpatrick <[email protected]> x/crypto/ssh: omit empty fields in error message Although the signal and msg fields are assigned together, their values originate from the remote server and may be empty. Fixes golang/go#14251 Change-Id: I9d9094cc69f3c14bf1648af59951f6b6c7a71e0a Reviewed-on: https://go-review.googlesource.com/22196 Reviewed-by: Han-Wen Nienhuys <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]> x/crypto/ssh/agent: Support v1 remove all message Some ssh-agent clients expect the server to support remove all messages for protocols 1 & 2 and error if protocol 1 support is missing. This adds a null-op implementation of the remove all message in similar fashion to the existing list all message support. Fixes golang/go#15159 Change-Id: I9389885d89c9147f3e10850893bba6ed7d0a4e82 Reviewed-on: https://go-review.googlesource.com/21468 Reviewed-by: Han-Wen Nienhuys <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> x/crypto/ssh: remove misleading comment, add example Add an example for using the PublicKeys AuthMethod. Change-Id: I3fe02bb3c9b8ccf313d72858328c8576cbf3eb06 Reviewed-on: https://go-review.googlesource.com/22250 Reviewed-by: Han-Wen Nienhuys <[email protected]> x/crypto/ssh: if debugMux is set, also log global messages. Change-Id: I685ba7f30f1d2e2bc3c078c7bddb6d383a179113 Reviewed-on: https://go-review.googlesource.com/22416 Reviewed-by: Brad Fitzpatrick <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> x/crypto/ssh: support more keytypes in the agent. This allows the golang ssh-agent to support the full suite of keys the library accepts. Currently constraints are ignored. Change-Id: I7d48c78e9a355582eb54788571a483a736c3d3ef Reviewed-on: https://go-review.googlesource.com/21536 Reviewed-by: Han-Wen Nienhuys <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> x/crypto/ssh: fix subsequent key exchanges. In https://go-review.googlesource.com/#/c/21606/ , kexResult.SessionID was erroneously not set for all but the first key exchange. The unittests did not catch this, as server and client make the same mistake, but OpenSSH notices corrupted data and kills the connection. Fixes #15445. Change-Id: If98249b37d81efaa2ebefc836df0b150feba1256 Reviewed-on: https://go-review.googlesource.com/22418 Reviewed-by: Adam Langley <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> x/crypto/ssh: also log data packets when debugHandshake is set Change-Id: Ibb26269608e506e8a676c276f847d77fe7014ceb Reviewed-on: https://go-review.googlesource.com/22514 Reviewed-by: Brad Fitzpatrick <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> ssh: fix compatibility with recent OpenSSH Make x/crypto/ssh tests compatible with recent OpenSSH versions. This means not using rsa keys shorter than 1024 bits any more, and explicitly enabling all key types in the OpenSSH config, since some are now disabled by default. Tested against OpenSSH_7.2p2 and now passes. Change-Id: I607bf15f063d4833b0876393d6845a4f507f48af Reviewed-on: https://go-review.googlesource.com/22840 Reviewed-by: Brad Fitzpatrick <[email protected]> x/crypto/ssh: hide msgNewKeys in the transport layer. This ensures that extraneous key exchanges cannot confuse application level code. Change-Id: I1a333e2b7b46f1e484406a79db7a949294e79c6d Reviewed-on: https://go-review.googlesource.com/22417 Reviewed-by: Han-Wen Nienhuys <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> Reviewed-by: Adam Langley <[email protected]> x/crypto/ssh: add support for ed25519 keys Added support for parsing the "new" openssh private key format. (ed25519 keys only in this format for now) Signing and verifying functions now work with ed25519 keys. ed25519 can now be accepted by the server to authenticate a client. ed25519 can now be accepted by a client as a server host key. Related documentation used: https://www.ietf.org/archive/id/draft-bjh21-ssh-ed25519-02.txt Change-Id: I84385f24d666fea08de21f980f78623f7bff8007 Reviewed-on: https://go-review.googlesource.com/22512 Reviewed-by: Han-Wen Nienhuys <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> x/crypto/ssh: add 3des-cbc as a non-default cipher 3des-cbc is an insecure cipher. As such, you must explictly add it to Config in order to use it. Change-Id: Ifd15cde46a9908eefef1c75bae7e97b05767361d Reviewed-on: https://go-review.googlesource.com/22770 Reviewed-by: Han-Wen Nienhuys <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> x/crypto/ssh: return msgNewKeys for a short-circuited first kex. If one of both sides is slow, the first kex completes implicitly. The first kex also produces msgNewKeys, and this must be read to ensure that the authentication code is not confused by it. Before this fix, the problem could be reproduced by inserting a sleep just before the requestInitialKeyChange call. Fixes #15198 Change-Id: I602db5dd37b2d8556c88ab4cdb693ccf90147a3d Reviewed-on: https://go-review.googlesource.com/23137 Run-TryBot: Han-Wen Nienhuys <[email protected]> Reviewed-by: Adam Langley <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> ssh: allow adding ed25519 keys to the agent Fixes golang/go#15701 Change-Id: I561701e38b9d434ef44448bdbcfab203f3c31d99 Reviewed-on: https://go-review.googlesource.com/23141 Reviewed-by: Han-Wen Nienhuys <[email protected]> Run-TryBot: Brad Fitzpatrick <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> x/crypto/ssh: set constraints when adding certs to the agent Fixes golang/go#15953 Change-Id: Ia36b5422bef14609d512c3f5055a3bffad18ce0f Reviewed-on: https://go-review.googlesource.com/23752 Reviewed-by: Han-Wen Nienhuys <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> crypto/ssh: minor comment change (trivial) Fixed a function comment. Change-Id: I1185c0c849abbb8244c6282fa6036fa6939c3309 Reviewed-on: https://go-review.googlesource.com/23971 Reviewed-by: Han-Wen Nienhuys <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> agent: add agent server support for ed25519 keys. the client library already supports them. Fixes golang/go#16096 Change-Id: Iaa117ee31f706301e8b24c2775f5a604ef005440 Reviewed-on: https://go-review.googlesource.com/24285 Reviewed-by: Adam Langley <[email protected]> x/crypto/ssh: Add support for retryable authentication Adds a new AuthMethod called "RetryableAuthMethod" which decorates any other authmethod, allowing it to be retried up to maxTries before aborting. Fixes #16077 Change-Id: Ie310c24643e53dca4fa452750a69936674906484 Reviewed-on: https://go-review.googlesource.com/24156 Reviewed-by: Han-Wen Nienhuys <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> x/crypto/ssh: use BigEndian.Uint32 for decoding exit status. Change-Id: Iab40fe42454088a00abea61dfb6f368da9323eb3 Reviewed-on: https://go-review.googlesource.com/24726 Reviewed-by: Ian Lance Taylor <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> x/crypto: fix typos The typos were found by misspell tool. Change-Id: I120740f12f7ba48330749ebf84050a7b98e01016 Reviewed-on: https://go-review.googlesource.com/24725 Reviewed-by: Ian Lance Taylor <[email protected]> Run-TryBot: Ian Lance Taylor <[email protected]> x/crypto/ssh: handle missing exit status more gracefully. According to RFC 4254 section 6.10, SSH server implementations may omit the exit-status and exit-signal messages. If this happens, we now return &ExitMissingError{}, so clients can handle this case specifically. This came up in the discussion of issue #16194. Change-Id: Iae5e916b18aa5bd8e95618e9fcfcab8b19e147d9 Reviewed-on: https://go-review.googlesource.com/24727 Reviewed-by: Ian Lance Taylor <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> x/crypto/ssh/agent: ecdsa key/cert typo Introduced by me in 21536 Change-Id: I4a5f3507270a3d6eea9779508642ea5789d1efca Reviewed-on: https://go-review.googlesource.com/24811 Reviewed-by: Han-Wen Nienhuys <[email protected]> Run-TryBot: Han-Wen Nienhuys <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> x/crypto/ssh: add ed25519 certs to supportedHostKeyAlgos Change-Id: I46bb7721c081b8a9b0395a4f7c49b7f3e27bbc49 Reviewed-on: https://go-review.googlesource.com/24831 Reviewed-by: Adam Langley <[email protected]> ssh: disable known-flaky test from the Go build dashboard This failure is tracked already. Remove it from the dashboard while it's fixed so it doesn't hide more interesting failures. Updates golang/go#15198 Change-Id: Ib48d1e37ac97914ac082b2602c812151147393e4 Reviewed-on: https://go-review.googlesource.com/24986 Reviewed-by: Ian Lance Taylor <[email protected]> x/crypto/ssh/terminal: have MakeRaw mirror cfmakeraw. Rather than guessing at which terminal flags should be set or cleared by MakeRaw, this change tries to make it mirror the behaviour documented for cfmakeraw() in the termios(3) manpage. Fixes golang/go#15625 Change-Id: Icd6b18ffb57ea332147c8c9b25eac5e41eb0863a Reviewed-on: https://go-review.googlesource.com/22964 Run-TryBot: Adam Langley <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Fa…
Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <[email protected]>
Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <[email protected]>
Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <[email protected]>
Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <[email protected]>
Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <[email protected]>
Fixes golang/go#11722. Change-Id: I4fa2a1db14050151f9269427ca35cf7ebd21440a Reviewed-on: https://go-review.googlesource.com/12907 Reviewed-by: Adam Langley <[email protected]>
I'm implementing an ssh client using the ssh package; my program checks the server's public key using ClientConfig.HostKeyCallback ( https://godoc.org/golang.org/x/crypto/ssh#ClientConfig ).
Unfortunately, it fails login to some servers if the server has multiple keys (e.g., ssh_host_ecdsa_key, ssh_host_rsa_key, and ssh_host_dsa_key) and the client has a public key other than ECDSA.
SSH client in Google Go always lists the host key algorithms in the SSH_MSG_KEXINIT message in this order:
See the source code:
https://github.com/golang/crypto/blob/c10c31b5e94b6f7a0283272dc2bb27163dcea24b/ssh/common.go#L42
https://github.com/golang/crypto/blob/c10c31b5e94b6f7a0283272dc2bb27163dcea24b/ssh/handshake.go#L237
If the server has both ECDSA and RSA keys, and the client knows only the RSA public key, the implementation in Google Go will always use ECDSA, so the SSH handshake will fail. Only the ECDSA public key will be passed to ClientConfig.HostKeyCallback, then the SSH handshake will fail.
I studied the source code of the original ssh tool (http://www.openssh.com/).
In order_hostkeyalgs function (file sshconnect2.c), they find all public keys in known_hosts for this host and place the corresponding algorithms at the beginning of the list of host key algorithms in SSH_MSG_KEXINIT. For example, if the client has an RSA key for this host, the list of algorithms passed to the server will be:
RFC 4253, chapter 7.1 says:
So, the implementation in Google Go seems to be incorrect.
The text was updated successfully, but these errors were encountered: