Extend PubkeyAuthentication to support the OpenSSH-compatible modes no, yes/all, unbound, and host-bound.
Preserve the existing enable/disable flag behavior for callers using the legacy API, while also storing the selected mode and keeping the previous integer normalization in ssh_options_set().
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Keep the unknown host handling under StrictHostKeyChecking off, including writing accepted keys through to known_hosts.
For changed host keys and different stored key types, do not treat the host as fully trusted. In that path, disable password and keyboard interactive authentication before returning OK.
Apply the same handling in both ssh_is_server_known() and ssh_session_get_known_hosts_entry().
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Extend StrictHostKeyChecking from a boolean-style option to the full OpenSSH-compatible mode set: off, yes, ask and accept-new.
Preserve the legacy integer normalization used by ssh_options_set(), document the supported values in the public API, and switch the default to SSH_STRICT_HOSTKEY_ASK.
Known-host handling now recognizes SSH_STRICT_HOSTKEY_ACCEPT_NEW and stores unknown host keys automatically while still rejecting changes.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Add %n support to path expansion.
Defer HostName handling so the expanded value is computed even when the final host cannot be applied yet. HostName specific expansion lowercases literal hostname text and %h expansions, while unsupported HostName %X tokens are preserved literally and normal host validation still applies when the result is passed to SSH_OPTIONS_HOST.
This keeps the expansion logic correct now and leaves room for future HostName token support without changing the deferred path again.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/811>
Move RSA signature extraction and zero-padding from pki_signature_to_blob() into pki_do_sign_hash() so the correctly sized blob is built once at signing time, and store it in raw_sig across all paths. This removes rsa_sig (gcry_sexp_t) from the RSA flow and avoids the old leading-zero stripping that could produce undersized blobs rejected by strict implementations like Dropbear.
Signed-off-by: Yağmur Çiçekdağı <ygmcicekdagi@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/714>
Add include/libssh/getopt.h that transparently includes the system
<getopt.h> when available, or declares the bundled fallback interface
otherwise.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge ssh_key_type_from_signature_name() and ssh_key_hash_from_name()
into a single function ssh_key_type_and_hash_from_signature_name() to:
- Avoid double string comparisons on the same algorithm name
- Return SSH_ERROR on unknown/NULL input instead of silently returning SSH_DIGEST_AUTO
- Use strlen() before strcmp() to short-circuit string comparisons.
Handle GSSAPI "null" hostkey case in wrapper.c.
Add unit tests for the new function.
Fixes: https://gitlab.com/libssh/libssh-mirror/-/issues/355
Signed-off-by: Haythem666 <haythem.farhat@epfl.ch>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
- Add missing @brief, @param, and @return docs across src/ and include/
- Fix blank lines between doc comments and function definitions
- Move function docs from headers to corresponding .c files
- Use named constants (SSH_OK, SSH_ERROR, SSH_TIMEOUT_INFINITE) in docs
- Fix parameter ordering in error.c, buffer.c, log.c docs
- Place #ifdef-guarded docs inside their respective #ifdef blocks
Signed-off-by: Sudharshan Hegde <sudharshanhegde68@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Implement support for the SSH2_AGENTC_REMOVE_IDENTITY
agent protocol message.
The implementation mirrors ssh_agent_sign_data()
and reuses agent_talk(). A single cleanup path is
used to ensure proper resource handling.
Signed-off-by: Madhav Vasisth <mv2363@srmist.edu.in>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Doxygen interprets comments placed beside struct fields to belong
to the next field instead of the current field.
This could be fixed by moving the comments atop the fields,
or by using the `/**< COMMENT */` format.
Stay consistent with the comment format used for other structs
and move the comments atop the fields.
Signed-off-by: Shiva Kiran Koninty <shiva_kr@riseup.net>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
- Add a warning to ssh_bind_listen() clarifying that it implicitly
calls ssh_bind_options_parse_config(), which may override options
previously set via ssh_bind_options_set().
- Add a warning to ssh_bind_options_set() and ssh_bind_config_parse_string()
explaining that options may be overridden if configuration files are parsed
afterwards, either implicitly via ssh_bind_listen() or by an explicit call to
ssh_bind_options_parse_config().
Signed-off-by: Francesco <eferollo@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Allow passing server configuration options via the -o flag and expose
ssh_bind_config_parse_string() as a public API.
Signed-off-by: Francesco <eferollo@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Clarify the session-coupled nature of the ssh-agent interface,
document lifecycle and ownership expectations of agent-related
objects, and describe common error cases and limitations.
No functional changes.
Signed-off-by: Madhav Vasisth <mv2363@srmist.edu.in>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Changes also the reading of known_hosts to use the new helper function
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This linking worked only in CI and local builds, but not during
the build in RPM as it fails on missing symbols that were defined
only in the main library. This is solved as with the other digest
dependencies in external crypto by removing the intermediate
function. We are already linking the md_*.o objects.
The error was like this
sh: symbol lookup error: /path/libssh/libssh-0.12.0-build/libssh-0.12.0/redhat-linux-build/lib/libsntrup761_override.so: undefined symbol: crypto_hash_sha512
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
In particular, gss-nistp256-sha256-* and
gss-curve25519-sha256-*.
Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Both gcry_mpi_copy and gcry_mpi_set take a pointer to
const gcry_mpi, which const_bignum is not.
Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This is necessary to reuse the function
in gss-curve25519-sha256-* KEX.
Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Which can be used for non-cryptographic purposes
even in FIPS mode.
Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
