ssh: update comment text to match upstream

Reported by: bz
Obtained from: OpenSSH dffa64480163

sshd: sync tracing disable with upstream

Old versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly.

Although this is not required in cur

sshd: sync tracing disable with upstream

Old versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly.

Although this is not required in current FreeBSD branches I am merging
it to reduce differences with upstream.

Obtained from: OpenSSH commit 0f7e1eba5525

show more ...

ssh: update to OpenSSH v8.9p1

Release notes are available at https://www.openssh.com/txt/release-8.9

Some highlights:

* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting

ssh: update to OpenSSH v8.9p1

Release notes are available at https://www.openssh.com/txt/release-8.9

Some highlights:

* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)

* ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.

* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

show more ...

ssh: remove unused header

Fixes: 0746301c4995 ("ssh: pass 0 to procctl(2) to operate...")
Sponsored by: The FreeBSD Foundation

ssh: pass 0 to procctl(2) to operate on self

As of f833ab9dd187 procctl(2) allows idtype P_PID with id = 0 as a
shortcut for the calling process ID. The shortcut also bypasses the
p_cansee / p_cand

ssh: pass 0 to procctl(2) to operate on self

As of f833ab9dd187 procctl(2) allows idtype P_PID with id = 0 as a
shortcut for the calling process ID. The shortcut also bypasses the
p_cansee / p_candebug test (since the process is able to act on itself.)

At present if the security.bsd.unprivileged_proc_debug sysctl is 0 then
procctl(P_PID, getpid(), ... for a process to act on itself will fail,
but procctl(P_PID, 0, ... will succeed. This should likely be addressed
with a kernel change.

In any case the id = 0 shortcut is a tiny optimization for a process to
act on itself and allows the self-procctl to succeed, so use it in ssh.

Reported by: Shawn Webb
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33970

show more ...

ssh: update to OpenSSH v8.8p1

OpenSSH v8.8p1 was motivated primarily by a security update and
deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes.

The security update was already

ssh: update to OpenSSH v8.8p1

OpenSSH v8.8p1 was motivated primarily by a security update and
deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes.

The security update was already applied to FreeBSD as an independent
change, and the RSA/SHA1 deprecation is excluded from this commit but
will immediately follow.

MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

show more ...

Upgrade to OpenSSH 7.4p1.

Upgrade to OpenSSH 7.3p1.