The typos were found by misspell tool.
Change-Id: I120740f12f7ba48330749ebf84050a7b98e01016
Reviewed-on: https://go-review.googlesource.com/24725
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
3des-cbc is an insecure cipher. As such, you must explictly add it to
Config in order to use it.
Change-Id: Ifd15cde46a9908eefef1c75bae7e97b05767361d
Reviewed-on: https://go-review.googlesource.com/22770
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
Added support for parsing the "new" openssh private key format.
(ed25519 keys only in this format for now)
Signing and verifying functions now work with ed25519 keys.
ed25519 can now be accepted by the server to authenticate a client.
ed25519 can now be accepted by a client as a server host key.
Related documentation used:
https://www.ietf.org/archive/id/draft-bjh21-ssh-ed25519-02.txt
Change-Id: I84385f24d666fea08de21f980f78623f7bff8007
Reviewed-on: https://go-review.googlesource.com/22512
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
Make x/crypto/ssh tests compatible with recent OpenSSH versions.
This means not using rsa keys shorter than 1024 bits any more, and
explicitly enabling all key types in the OpenSSH config, since some
are now disabled by default.
Tested against OpenSSH_7.2p2 and now passes.
Change-Id: I607bf15f063d4833b0876393d6845a4f507f48af
Reviewed-on: https://go-review.googlesource.com/22840
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
The ssh-agent protocol allows the usage of keys and certs added to a
given agent to be constrained in certain ways. The only constraints
currently supported are lifetime (keys expire after some number of
seconds) and confirmation (the agent requires user confirmation before
performing any operations with the private key).
Change-Id: Idba5760db929805bf3da43fdcaca53ae6c479ca4
Reviewed-on: https://go-review.googlesource.com/12260
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
Reviewed-by: Peter Moody <pmoody@uber.com>
The aes128cbc cipher is commented out in cipher.go on purpose, anyone wants to
use the cipher needs to uncomment line 119 in cipher.go
Fixes#4274.
Change-Id: I4bbc88ab884bda821c5f155dcf495bb7235c8605
Reviewed-on: https://go-review.googlesource.com/8396
Reviewed-by: Adam Langley <agl@golang.org>
Fixesgolang/go#9747
Move the example tests to an external test package so that they
must explicitly reference the ssh package. The side effect is the
examples now become easier to copy and paste.
Change-Id: Ibbddea42bc5a41d11ffdef5144d9884ef3ef603f
Reviewed-on: https://go-review.googlesource.com/3710
Reviewed-by: Andrew Gerrand <adg@golang.org>
This proposal effectively disables all the ssh/test tests when run with the -short flag supplied.
For developers and users of this package, there should be no change unless they are in the habbit of always supplying -short, which I belive is untrue.
For the CI dashboard the effect should be that these tests, which are really not portable enough to run reliably on all our various builders, are disabled.
LGTM=adg
R=adg, agl, hanwen
CC=golang-codereviews
https://golang.org/cl/125860043
In c0fc595a2cb5, hg didn't notice the files that had been removed from
the working directory. These, old files are breaking the build.
CC=golang-codereviews
https://golang.org/cl/86240043
This obviates custom code to emulate a thread-safe connection.
Use this for testing that listeners close if the connection breaks.
R=dave, agl, fullung
CC=golang-dev
https://golang.org/cl/11781043
* Remove special handling for dynamically allocated
ports. This was a bug in OpenSSH 5.x sshd.
* Run the test with a preselected port number.
* Run TestPortForward only on unix platforms.
R=dave, agl
CC=golang-dev
https://golang.org/cl/10049045
Set maxPacket in forwarded connection, and use the requested port
number as key in forwardList.
R=golang-dev, agl, dave
CC=golang-dev
https://golang.org/cl/9753044
Fixesgolang/go#5138.
Fixesgolang/go#4703.
This appears to pass my stress tests with and without the -race detector, but I'd like to see others hit it with their machines.
R=golang-dev, fullung, huin, kardianos, agl
CC=golang-dev
https://golang.org/cl/9929043
If cgo is disabled (such as it appears to be on a subset of builders),
username() panics, and s.cmd is nil; let's not panic while recovering
from a different panic.
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/8820043
The session test previously had a one second timeout for the output of
stty and this was leading to flakiness. This change removes the timeout
since go test has a generic timeout mechanism.
Additionally, the test was looking for "-echo" in the output to test
the value of the echo flag. However, there are also typically "echoe",
"echok" and "echonl" flags, and "-echo" could be a prefix of any of
time. Thus we now also match a trailing space.
R=golang-dev, rsc, extraterrestrial.neighbour
CC=golang-dev
https://golang.org/cl/7579043
This allows easy import/export of public keys in the format
expected by OpenSSH for authorized_keys files, as well as
allowing comparisons with ServerConfig's PublickeyCallback.
Fixesgolang/go#3908.
R=agl, dave, golang-dev, bradfitz
CC=agl, golang-dev
https://golang.org/cl/6855107
user.Current() currently requires cgo - if an error is returned
attempt to get the username from the environment.
R=golang-dev, minux.ma, bradfitz, dave
CC=golang-dev
https://golang.org/cl/6819113
Fixesgolang/go#4285.
Adding a new cipher that is supported by the remote end, but not supported by our client causes that cipher to be considered a valid candidate. This fails later in setupKeys when there is no cipherModes configuration.
In summary, unsupported ciphers cannot be willed into existence by adding them to the client config. This change enforces this.
R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6780047
This proposal is an attempt to improve the state of functional testing in the ssh package. The previous functional tests required the user to give away some personal details, like their password and private key to run the tests, and so were probably not run as frequently as they should.
R=agl, gustav.paul, kardianos, fullung
CC=golang-dev
https://golang.org/cl/6601043
Martin Hamrle
Sam Hug
Martin Garton
Han-Wen Nienhuys
Peter Moody
Dmitry Savintsev
Nathan(yinian) Hu
Dave Cheney
David Symonds
Andrew Gerrand
Mikio Hara
David du Colombier
Adam Langley
Albert Strasheim
Alex Brainman
Shawn Ledbetter
Joel Sing
Ian Lance Taylor
Willem van der Schyff