This deprives an attacker of feedback for guesses against the packet
length given by the connection dropping.
Change-Id: I14939a82e5243a86d192bb18be93d45589227147
Reviewed-on: https://go-review.googlesource.com/9908
Reviewed-by: Adam Langley <agl@golang.org>
Attention - BREAKING change for the certificates generated with
the previous versions of crypto/ssh! Need to regenerate
certificates with a version of crypto/ssh library including
this fix.
[PROTOCOL.cerkeys] requires two length fields for non-empty
values of critical options (or extensions - but those are
currently always empty) - see
https://bugzilla.mindrot.org/show_bug.cgi?id=2389.
Add SSH-conform handling of such composite values in marshalTuples
and parseTuples and related test (TestParseCertWithOptions) parsing
a certificate created with ssh-keygen which includes critical options.
Fixes#10569
Change-Id: Iecbfca67a66668880635141c72bc5fc370a9c112
Reviewed-on: https://go-review.googlesource.com/9375
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
The aes128cbc cipher is commented out in cipher.go on purpose, anyone wants to
use the cipher needs to uncomment line 119 in cipher.go
Fixes#4274.
Change-Id: I4bbc88ab884bda821c5f155dcf495bb7235c8605
Reviewed-on: https://go-review.googlesource.com/8396
Reviewed-by: Adam Langley <agl@golang.org>
Fixesgolang/go#9747
Move the example tests to an external test package so that they
must explicitly reference the ssh package. The side effect is the
examples now become easier to copy and paste.
Change-Id: Ibbddea42bc5a41d11ffdef5144d9884ef3ef603f
Reviewed-on: https://go-review.googlesource.com/3710
Reviewed-by: Andrew Gerrand <adg@golang.org>
The slice returned is constructed with both a pre-set length and
append() resulting in a slice twice as long and half-full of nil.
Setting the capacity instead of length gets the desired result.
Change-Id: I758423594e4f4c0506c53f227454f57a9dc8bdf1
Reviewed-on: https://go-review.googlesource.com/2659
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
The SSH server does not allow for setting a version string in the same
manner as the client. This update adds a ServerVersion member to the
ServerConfig structure which when set, causes the server to use that
member instead of the default version string. This allows building
an golang based SSH server which can present any version string
the user wishes.
It also adds an else statement to the client assignment of the
ClientVersion to avoid an allocation when using a user defined
ClientVersion.
Change-Id: I43d97cfd5a174f2c68f53c5b4e267539ef21937b
Reviewed-on: https://go-review.googlesource.com/1860
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
SetSize has a problem may cause the following ReadPassword setting
temporary prompt not working, when changing width the current
SetSize will call clearAndRepaintLinePlusNPrevious which would
print an old prompt whatever the current line has, causing a following
ReadPassword with temporary prompt not printing the different prompt.
When running code like this, the nt.SetSize prints a "> " as
prompt then the temporary "Password: " prompt would never show up.
```go
oldState, err := terminal.MakeRaw(int(os.Stdin.Fd()))
width, height, _ = terminal.GetSize(int(os.Stdin.Fd()))
nt := terminal.NewTerminal(os.Stdin, "> ")
nt.SetSize(width, height)
password, err = nt.ReadPassword("Password: ")
```
the new test cases is to test SetSize with different terminal sizes,
either shrinking or expanding, a following ReadPassword should get the
correct temporary prompt.
Change-Id: I33d13b2c732997c0c88670d53545b8c0048b94b6
Reviewed-on: https://go-review.googlesource.com/1861
Reviewed-by: Adam Langley <agl@golang.org>
Some terminals support a mode where pasted text is bracketed by escape sequences. This is very useful for terminal applications that otherwise have no good way to tell pastes and typed text apart.
This change allows applications to enable this mode and, if the terminal supports it, will suppress autocompletes during pastes and indicate to the caller that a line came entirely from pasted text.
LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/171330043
In my notes I had Home and End down as OH and OF. But that's nonsense, they are [H and ]F.
I never noticed before because I don't have Home and End keys on my keyboard.
LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/172100043
Fixesgolang/go#9040.
(Note: can't compile or test this one prior to committing.)
LGTM=iant, bradfitz
R=bradfitz, mathias.gumz, iant
CC=golang-codereviews
https://golang.org/cl/171000043
Previously, if the current line was "empty", resizes wouldn't trigger
repaints. However, the line can be empty when the prompt is non-empty
and the code would then panic after a resize because the cursor position
was outside of the terminal.
LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/158090043
Test that different extended data streams within a channel are
thread-safe.
benchmark old MB/s new MB/s speedup
BenchmarkEndToEnd 79.26 87.98 1.11x
benchmark old allocs new allocs delta
BenchmarkEndToEnd 110 73 -33.64%
benchmark old bytes new bytes delta
BenchmarkEndToEnd 2605720 1299768 -50.12%
LGTM=dave, jpsugar
R=agl, dave, jpsugar
CC=golang-codereviews
https://golang.org/cl/136420043
This proposal effectively disables all the ssh/test tests when run with the -short flag supplied.
For developers and users of this package, there should be no change unless they are in the habbit of always supplying -short, which I belive is untrue.
For the CI dashboard the effect should be that these tests, which are really not portable enough to run reliably on all our various builders, are disabled.
LGTM=adg
R=adg, agl, hanwen
CC=golang-codereviews
https://golang.org/cl/125860043
There doesn't appear to be perfect behaviour for line editing
code in the face of terminal resizing. But this change works
pretty well on xterm and gnome-terminal and certainly a lot
better than it used to.
LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/105580043
Currently the ssh/terminal package cannot be compiled under gccgo. Even though gccgo may be running on linux, its syscall package is slightly different and does not contain these constants.
This proposal resolves the issue by declaring the two constants locally, as we've done for the *BSDs.
LGTM=hanwen, iant
R=hanwen, iant, gobot
CC=golang-codereviews
https://golang.org/cl/101670043
Validating a public key doesn't return any remaining methods so, if all public keys were rejected, a nil slice would be returned for the remaining methods and authentication would stop.
We could have validateKey return methods, but that wouldn't solve the problem of what to do if the callback returns no keys. In that case we don't have any keys to test.
So this change makes it possible for an AuthMethod to return a nil slice for the remaining methods (meaning "reuse the last list"). It also fixes a scoping bug.
Fixesgolang/go#7787.
LGTM=hanwen
R=hanwen
CC=golang-codereviews
https://golang.org/cl/94350043
set.
Otherwise, the package leaks data about total number of
connections established through its channel IDs.
R=agl, jpsugar
CC=golang-codereviews
https://golang.org/cl/87280043
In c0fc595a2cb5, hg didn't notice the files that had been removed from
the working directory. These, old files are breaking the build.
CC=golang-codereviews
https://golang.org/cl/86240043
Increase window size for channels (session and tcpip) to 64 *
max packet size (32 KB), which is the same value that OpenSSH
uses. Also breaks out the relevant harcoded constants into named
constants in channel.go.
Fixesgolang/go#6675.
R=golang-dev, dave, hanwen, agl
CC=golang-dev
https://golang.org/cl/18120043
Transport should not be a ReadWriter. It can only write packets, i.e. no partial reads or writes. Furthermore, you can currently do ClientConn.Write() while the connection is live, which sends raw bytes over the connection. Doing so will confuse the transports because the data is not encrypted.
As a consequence, ClientConn and ServerConn stop being a net.Conn
Finally, ensure that {Server,Client}Conn implement LocalAddr and RemoteAddr methods that previously were exposed by an embedded net.Conn field.
R=hanwen
CC=golang-dev
https://golang.org/cl/16610043
Han-Wen Nienhuys
Dmitry Savintsev
datianshi
Nathan(yinian) Hu
Dave Cheney
Michael Marineau
Kristopher Watts
Derek Che
David Symonds
Adam Langley
Andrew Gerrand
Mikio Hara
David Calavera
Yan Zou
David du Colombier
Brad Fitzpatrick
Michael Gehring
Jakob Borg
Jonathan Pittman