6543c1a02b
- update to 8.4p1: Security ======== * ssh-agent(1): restrict ssh-agent from signing web challenges for FIDO/U2F keys. * ssh-keygen(1): Enable FIDO 2.1 credProtect extension when generating a FIDO resident key. * ssh(1), ssh-keygen(1): support for FIDO keys that require a PIN for each use. These keys may be generated using ssh-keygen using a new "verify-required" option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. New Features ------------ * sshd(8): authorized_keys now supports a new "verify-required" option to require FIDO signatures assert that the token verified that the user was present before making the signature. The FIDO protocol supports multiple methods for user-verification, but currently OpenSSH only supports PIN verification. * sshd(8), ssh-keygen(1): add support for verifying FIDO webauthn signatures. Webauthn is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and thus require explicit support. * ssh(1): allow some keywords to expand shell-style ${ENV} environment variables. The supported keywords are CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus LocalForward and RemoteForward when used for Unix domain socket paths. bz#3140 * ssh(1), ssh-agent(1): allow some additional control over the use of ssh-askpass via a new $SSH_ASKPASS_REQUIRE environment variable, including forcibly enabling and disabling its use. bz#69 * ssh(1): allow ssh_config(5)'s AddKeysToAgent keyword accept a time OBS-URL: https://build.opensuse.org/request/show/863944 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=222
61 lines
1.7 KiB
Diff
61 lines
1.7 KiB
Diff
# HG changeset patch
|
|
# Parent 60bdbe6dd8d6bc011883472363d56e1d97f68835
|
|
Put back sftp client diagnostic messages in batch mode
|
|
|
|
Index: openssh-8.4p1/sftp.1
|
|
===================================================================
|
|
--- openssh-8.4p1.orig/sftp.1
|
|
+++ openssh-8.4p1/sftp.1
|
|
@@ -287,6 +287,9 @@ Specifies the port to connect to on the
|
|
.It Fl p
|
|
Preserves modification times, access times, and modes from the
|
|
original files transferred.
|
|
+.It Fl Q
|
|
+Not-so-quiet batch mode: forces printing of diagnostic messages
|
|
+in batch mode.
|
|
.It Fl q
|
|
Quiet mode: disables the progress meter as well as warning and
|
|
diagnostic messages from
|
|
Index: openssh-8.4p1/sftp.c
|
|
===================================================================
|
|
--- openssh-8.4p1.orig/sftp.c
|
|
+++ openssh-8.4p1/sftp.c
|
|
@@ -85,6 +85,9 @@ static volatile pid_t sshpid = -1;
|
|
/* Suppress diagnositic messages */
|
|
int quiet = 0;
|
|
|
|
+/* Force diagnositic messages in batch mode */
|
|
+int loud = 0;
|
|
+
|
|
/* This is set to 0 if the progressmeter is not desired. */
|
|
int showprogress = 1;
|
|
|
|
@@ -2408,7 +2411,7 @@ main(int argc, char **argv)
|
|
infile = stdin;
|
|
|
|
while ((ch = getopt(argc, argv,
|
|
- "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) {
|
|
+ "1246AafhNpQqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) {
|
|
switch (ch) {
|
|
/* Passed through to ssh(1) */
|
|
case 'A':
|
|
@@ -2426,6 +2429,9 @@ main(int argc, char **argv)
|
|
addargs(&args, "-%c", ch);
|
|
addargs(&args, "%s", optarg);
|
|
break;
|
|
+ case 'Q':
|
|
+ loud = 1;
|
|
+ break;
|
|
case 'q':
|
|
ll = SYSLOG_LEVEL_ERROR;
|
|
quiet = 1;
|
|
@@ -2510,6 +2516,8 @@ main(int argc, char **argv)
|
|
usage();
|
|
}
|
|
}
|
|
+ if (batchmode && loud)
|
|
+ quiet = 0;
|
|
|
|
/* Do this last because we want the user to be able to override it */
|
|
addargs(&args, "-oForwardAgent no");
|