From a448de907b70e9d6b2532f1e820e5c70b11dcc70 Mon Sep 17 00:00:00 2001 From: Timo Weingärtner Date: Tue, 8 Sep 2015 14:36:07 +0200 Subject: afssh: call ssh without arguments for usage --- afssh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/afssh b/afssh index 3b9d84f..c482aea 100755 --- a/afssh +++ b/afssh @@ -28,7 +28,7 @@ usage () { echo "$SAF" --help echo - ssh --help + ssh exit } -- cgit v1.2.3 From edcfe36b273de11d04cd0e77e31bc5e8c0b1337b Mon Sep 17 00:00:00 2001 From: Timo Weingärtner Date: Mon, 5 Oct 2015 19:13:17 +0200 Subject: s/Invocation:/Usage:/ to make help2man recognize SYNOPSIS --- ssh-agent-filter.C | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C index 4d9b2ba..1dcbb5c 100644 --- a/ssh-agent-filter.C +++ b/ssh-agent-filter.C @@ -211,7 +211,7 @@ void parse_cmdline (int const argc, char const * const * const argv) { notify(config); if (config.count("help")) { - cout << "Invocation: ssh-agent-filter [ OPTIONS ]" << endl; + cout << "Usage: ssh-agent-filter [ OPTIONS ]" << endl; cout << opts << endl; exit(EX_OK); } -- cgit v1.2.3 From af7125b71663fafb61fb2e097a34695bab895b01 Mon Sep 17 00:00:00 2001 From: Timo Weingärtner Date: Wed, 10 Feb 2016 11:18:03 +0100 Subject: fix lintian spelling-error-in-manpage ssh-askpass-noinput.1.gz acutally actually --- ssh-askpass-noinput.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssh-askpass-noinput.1.md b/ssh-askpass-noinput.1.md index 7b103ed..36251a4 100644 --- a/ssh-askpass-noinput.1.md +++ b/ssh-askpass-noinput.1.md @@ -13,7 +13,7 @@ ssh-askpass-noinput - an `ssh-askpass` implementation for asking allow/deny ques # DESCRIPTION *ssh-askpass-noinput* is an implementation of *ssh-askpass*, which does not -acutally ask for a password; instead, it only asks a binary (allow/deny) +actually ask for a password; instead, it only asks a binary (allow/deny) question and exits with 0 for allow and 1 for deny. It is not intended as a general replacement for *ssh-askpass*, but for special -- cgit v1.2.3 From dc582af6e7a1e645402f333e200b8ff718de1b48 Mon Sep 17 00:00:00 2001 From: Timo Weingärtner Date: Tue, 23 Aug 2016 22:03:43 +0200 Subject: clear O_NONBLOCK on client sockets on *BSD client sockets inherit flags from the listening socket --- ssh-agent-filter.C | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C index 1dcbb5c..30aaf9a 100644 --- a/ssh-agent-filter.C +++ b/ssh-agent-filter.C @@ -497,6 +497,9 @@ rfc4251::string handle_request (rfc4251::string const & r) { } void handle_client (int const sock) try { + if (fcntl(sock, F_SETFL, fcntl(sock, F_GETFL) & ~O_NONBLOCK)) + throw system_error(errno, system_category(), "fcntl"); + io::stream client{sock, io::close_handle}; arm(client); -- cgit v1.2.3 From bfa8ac40e032d4d204ab6a9202531198cee9706e Mon Sep 17 00:00:00 2001 From: Timo Weingärtner Date: Sat, 27 Aug 2016 21:44:17 +0200 Subject: exploit more help2man features use an include file for explanatory text add environment, author and bug report information to the program's output --- Makefile | 4 ++-- ssh-agent-filter.C | 14 ++++++++++---- ssh-agent-filter.help2man | 12 ++++++++++++ 3 files changed, 24 insertions(+), 6 deletions(-) create mode 100644 ssh-agent-filter.help2man diff --git a/Makefile b/Makefile index a0dd007..e655ff1 100644 --- a/Makefile +++ b/Makefile @@ -27,8 +27,8 @@ all: ssh-agent-filter.1 afssh.1 ssh-askpass-noinput.1 %.1: %.1.md pandoc -s -w man $< -o $@ -ssh-agent-filter.1: ssh-agent-filter - help2man -n $< -o $@ -N ./$< +%.1: %.help2man % + help2man -i $< -o $@ -N -L C.UTF-8 $(*D)/$(*F) ssh-agent-filter: ssh-agent-filter.o diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C index 30aaf9a..0fb6861 100644 --- a/ssh-agent-filter.C +++ b/ssh-agent-filter.C @@ -192,7 +192,7 @@ int make_listen_sock () { } void parse_cmdline (int const argc, char const * const * const argv) { - po::options_description opts{"OPTIONS"}; + po::options_description opts{"Options"}; opts.add_options() ("all-confirmed,A", po::bool_switch(&all_confirmed),"allow all other keys with confirmation") ("comment,c", po::value(&allowed_comment), "key specified by comment") @@ -211,13 +211,19 @@ void parse_cmdline (int const argc, char const * const * const argv) { notify(config); if (config.count("help")) { - cout << "Usage: ssh-agent-filter [ OPTIONS ]" << endl; - cout << opts << endl; + cout << "Usage: ssh-agent-filter [ OPTIONS ]\n"; + cout << opts; + cout << "Environment:\n"; + cout << " SSH_AUTH_SOCK socket of upstream ssh-agent\n"; + cout << " SSH_ASKPASS command to run for confirmation questions\n"; exit(EX_OK); } if (config.count("version")) { - cout << SSH_AGENT_FILTER_VERSION << endl; + cout << SSH_AGENT_FILTER_VERSION "\n"; + cout << "Written by Timo Weingärtner.\n"; + cout << "Report bugs to the Debian BTS at https://bugs.debian.org/\n"; + cout << "or by mail to timo@tiwe.de.\n"; exit(EX_OK); } diff --git a/ssh-agent-filter.help2man b/ssh-agent-filter.help2man new file mode 100644 index 0000000..e546c9e --- /dev/null +++ b/ssh-agent-filter.help2man @@ -0,0 +1,12 @@ +[NAME] +ssh\-agent\-filter \- filtering proxy for ssh\-agent meant to be forwarded to untrusted servers +[DESCRIPTION] +ssh\-agent\-filter provides the unix domain socket interface of an ssh\-agent. +By default it forks and outputs shell code setting SSH_AUTH_SOCK and SSH_AGENT_PID, just like ssh\-agent does. + +It filters each request according to its command line options. +No crypto operations are done by ssh\-agent\-filter; they are delegated to the upstream ssh\-agent. + +ssh\-agent\-filter is not meant to be used directly, but through afssh. +[SEE ALSO] +afssh(1), ssh(1), ssh\-agent(1) -- cgit v1.2.3 From 7152b927e22ef602011f8acf865c3cafc113c502 Mon Sep 17 00:00:00 2001 From: Timo Weingärtner Date: Sat, 27 Aug 2016 22:47:48 +0200 Subject: update copyright --- Makefile | 2 +- ssh-agent-filter.C | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index e655ff1..b2e05ec 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -# Copyright (C) 2013,2015 Timo Weingärtner +# Copyright (C) 2013-2016 Timo Weingärtner # # This file is part of ssh-agent-filter. # diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C index 0fb6861..2878678 100644 --- a/ssh-agent-filter.C +++ b/ssh-agent-filter.C @@ -1,7 +1,7 @@ /* * ssh-agent-filter.C -- filtering proxy for ssh-agent meant to be forwarded to untrusted servers * - * Copyright (C) 2013-2015 Timo Weingärtner + * Copyright (C) 2013-2016 Timo Weingärtner * * This file is part of ssh-agent-filter. * -- cgit v1.2.3 From d765ef1acb318e1b97481805b66f7b45f8f08f41 Mon Sep 17 00:00:00 2001 From: Timo Weingärtner Date: Sat, 27 Aug 2016 22:51:46 +0200 Subject: release 0.4.2 --- changelog | 43 ++++++++++++++++++++++++++++++++++++++++++- version.h | 2 +- 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/changelog b/changelog index 39261c0..8a06f55 100644 --- a/changelog +++ b/changelog @@ -1,4 +1,45 @@ -commit 6bf9113ea96a99a5eb1b8f832497dd9e24857468 +commit 7152b927e22ef602011f8acf865c3cafc113c502 +Author: Timo Weingärtner +Date: 2016-08-27 22:47:48 +0200 + + update copyright + +commit bfa8ac40e032d4d204ab6a9202531198cee9706e +Author: Timo Weingärtner +Date: 2016-08-27 21:44:17 +0200 + + exploit more help2man features + + use an include file for explanatory text + add environment, author and bug report information to the program's output + +commit dc582af6e7a1e645402f333e200b8ff718de1b48 +Author: Timo Weingärtner +Date: 2016-08-23 22:03:43 +0200 + + clear O_NONBLOCK on client sockets + + on *BSD client sockets inherit flags from the listening socket + +commit af7125b71663fafb61fb2e097a34695bab895b01 +Author: Timo Weingärtner +Date: 2016-02-10 11:18:03 +0100 + + fix lintian spelling-error-in-manpage ssh-askpass-noinput.1.gz acutally actually + +commit edcfe36b273de11d04cd0e77e31bc5e8c0b1337b +Author: Timo Weingärtner +Date: 2015-10-05 19:13:17 +0200 + + s/Invocation:/Usage:/ to make help2man recognize SYNOPSIS + +commit a448de907b70e9d6b2532f1e820e5c70b11dcc70 +Author: Timo Weingärtner +Date: 2015-09-08 14:36:07 +0200 + + afssh: call ssh without arguments for usage + +commit c9dfa57b7a06c5b0770e11d210e02ace54518644 (tag: 0.4.1) Author: Timo Weingärtner Date: 2015-09-06 16:41:22 +0200 diff --git a/version.h b/version.h index d36b567..6d8ba97 100644 --- a/version.h +++ b/version.h @@ -1 +1 @@ -#define SSH_AGENT_FILTER_VERSION "ssh-agent-filter 0.4.1" +#define SSH_AGENT_FILTER_VERSION "ssh-agent-filter 0.4.2" -- cgit v1.2.3