| Age | Commit message (Collapse) | Author |
|---|
|
This should fix the "Log in goroutine" panic seen in
https://build.golang.org/log/e42bf69fc002113dbccfe602a6c67fd52e8f31df,
as well as a few other related leaks. It also helps to verify that
none of the functions under test deadlock unexpectedly.
See https://go.dev/wiki/CodeReviewComments#goroutine-lifetimes.
Updates golang/go#58901.
Change-Id: Ica943444db381ae1accb80b101ea646e28ebf4f9
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/541095
Auto-Submit: Bryan Mills <bcmills@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
|
|
MultiAlgorithmSigner allows to restrict client-side, server-side and
certificate signing algorithms.
Fixes golang/go#52132
Fixes golang/go#36261
Change-Id: I295092f1bba647327aaaf294f110e9157d294159
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/508398
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
|
|
For golang/go#45557
Change-Id: I447530cc66896aef7a8d528ccb8d095b80e3cf47
GitHub-Last-Rev: 5f385ff46487ac318bd1147cdbbd26bb0ffd0426
GitHub-Pull-Request: golang/crypto#230
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/430797
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Meng Zhuo <mzh@golangcn.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
|
|
Fixes golang/go#41906
Change-Id: I2eee82160a4450f531f11d5ba7bd6ed19c019992
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/261417
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Trust: Roland Shoemaker <roland@golang.org>
|
|
Change-Id: I6d0f3396f06871286e3d48ec5af38770663dbed2
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/171678
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
The Permissions struct should be used to pass information from
authentication callback to server application.
Fixes golang/go#20094.
Change-Id: I5542b657d053452327260707a24925286546bfdd
Reviewed-on: https://go-review.googlesource.com/45311
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
This change breaks existing behavior.
Before, a missing ClientConfig.HostKeyCallback would cause host key
checking to be disabled. In this configuration, establishing a
connection to any host just works, so today, most SSH client code in
the wild does not perform any host key checks.
This makes it easy to perform a MITM attack:
* SSH installations that use keyboard-interactive or password
authentication can be attacked with MITM, thereby stealing
passwords.
* Clients that use public-key authentication with agent forwarding are
also vulnerable: the MITM server could allow the login to succeed, and
then immediately ask the agent to authenticate the login to the real
server.
* Clients that use public-key authentication without agent forwarding
are harder to attack unnoticedly: an attacker cannot authenticate the
login to the real server, so it cannot in general present a convincing
server to the victim.
Now, a missing HostKeyCallback will cause the handshake to fail. This
change also provides InsecureIgnoreHostKey() and FixedHostKey(key) as
ready made host checkers.
A simplistic parser for OpenSSH's known_hosts file is given as an
example. This change does not provide a full-fledged parser, as it
has complexity (wildcards, revocation, hashed addresses) that will
need further consideration.
When introduced, the host checking feature maintained backward
compatibility at the expense of security. We have decided this is not
the right tradeoff for the SSH library.
Fixes golang/go#19767
Change-Id: I45fc7ba9bd1ea29c31ec23f115cdbab99913e814
Reviewed-on: https://go-review.googlesource.com/38701
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
The RequestPty function takes the size arguments in the order height,
then width, instead of the more common width, then height. 80 is a very
common width for a terminal, so when the example reads RequestPty(...,
80, 40, ...), it's easy to assume that the order is width-height.
Switching the order should make it more obvious what is going on.
Change-Id: I1d6266b1c0dcde5ee6e31a6d26d2dcaf14fec58a
Reviewed-on: https://go-review.googlesource.com/18290
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
|
|
Fixes golang/go#13902.
Adds public key authentication to the
password authentication example.
Change-Id: I4af0ca627fb15b617cc1ba1c6e0954b013f4d94f
Reviewed-on: https://go-review.googlesource.com/29374
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
After discussion around an example SFTP implementation:
https://github.com/pkg/sftp/pull/54
it has been suggested that errors should be handled using
log.Fatal rather than panic, and that the actual underlying error
should also be logged. In the existing SSH examples there
are several different styles of error handling using both panic
and log.Fatalf.
This patch uses log.Fatal consistently for all of these cases.
Change-Id: I2cebfae1821530dc3c5bbc46d451fe026bed582f
Reviewed-on: https://go-review.googlesource.com/16736
Reviewed-by: Russ Cox <rsc@golang.org>
|
|
Add an example for using the PublicKeys AuthMethod.
Change-Id: I3fe02bb3c9b8ccf313d72858328c8576cbf3eb06
Reviewed-on: https://go-review.googlesource.com/22250
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
|
|
Fixes golang/go#9747
Move the example tests to an external test package so that they
must explicitly reference the ssh package. The side effect is the
examples now become easier to copy and paste.
Change-Id: Ibbddea42bc5a41d11ffdef5144d9884ef3ef603f
Reviewed-on: https://go-review.googlesource.com/3710
Reviewed-by: Andrew Gerrand <adg@golang.org>
|
|
LGTM=bradfitz
R=rsc, bradfitz
CC=golang-codereviews
https://golang.org/cl/167190043
|
|
See https://groups.google.com/d/msg/Golang-nuts/AoVxQ4bB5XQ/i8kpMxdbVlEJ
R=hanwen
CC=golang-codereviews
https://golang.org/cl/86190043
|
|
private keys.
R=agl, jpsugar, jonathan.mark.pittman
CC=golang-dev
https://golang.org/cl/13338044
|
|
gofmt got better at removing trailing whitespace.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/6929044
|
|
R=dave, agl
CC=golang-dev
https://golang.org/cl/6655046
|
|
Add support for server (remote) forwarded tcpip channels.
See RFC4254 Section 7.1
R=gustav.paul, jeff, agl, lieqiewang
CC=golang-dev
https://golang.org/cl/6038047
|
|
This removes the sole "exp/foo" import in the Go subrepos.
A separate CL will remove exp/terminal from the standard Go repository.
R=golang-dev, dave, r
CC=golang-dev
https://golang.org/cl/5966045
|
|
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/5905048
|
