summaryrefslogtreecommitdiffstats
path: root/ssh.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: remove some unused defines; ok djm@jsg@openbsd.org2024-09-271-14/+3
| | | | OpenBSD-Commit-ID: 3a63e4e11d455704f684c28715d61b17f91e0996
* upstream: allow some additional control over the use of ssh-askpassdjm@openbsd.org2020-07-151-1/+6
| | | | | | via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@ OpenBSD-Commit-ID: 3a1e6cbbf6241ddc4405c4246caa2c249f149eb2
* upstream: move client/server SSH-* banners to buffers underdjm@openbsd.org2018-12-271-1/+5
| | | | | | | | | | | | | ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@ OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
* upstream: switch config file parsing to getline(3) as this avoidsmarkus@openbsd.org2018-06-061-8/+1
| | | | | | static limits noted by gerhard@; ok dtucker@, djm@ OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
* upstream commitdjm@openbsd.org2017-05-081-4/+1
| | | | | | | Refuse RSA keys <1024 bits in length. Improve reporting for keys that do not meet this requirement. ok markus@ Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
* upstream commitnaddy@openbsd.org2017-05-081-2/+2
| | | | | | remove miscellaneous SSH1 leftovers; ok markus@ Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c
* upstream commitdjm@openbsd.org2017-05-011-2/+2
| | | | | | | | exterminate the -1 flag from scp ok markus@ Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db
* upstream commitdjm@openbsd.org2017-05-011-2/+2
| | | | | | | | remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
* upstream commitdjm@openbsd.org2015-12-181-2/+2
| | | | | | | | use SSH_MAX_PUBKEY_BYTES consistently as buffer size when reading key files. Increase it to match the size of the buffers already being used. Upstream-ID: 1b60586b484b55a947d99a0b32bd25e0ced56fae
* upstream commitdjm@openbsd.org2015-10-061-1/+7
| | | | | | | add ssh_config CertificateFile option to explicitly list a certificate; patch from Meghana Bhat on bz#2436; ok markus@ Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
* upstream commitdjm@openbsd.org2015-08-051-2/+2
| | | | | | | backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this release; problems spotted by sthen@ ok deraadt@ markus@ Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822
* upstream commitdjm@openbsd.org2015-07-151-2/+2
| | | | | | | refuse to generate or accept RSA keys smaller than 1024 bits; feedback and ok dtucker@ Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
* - djm@cvs.openbsd.org 2010/06/25 07:14:46Damien Miller2010-06-261-4/+1
| | | | | | [channels.c mux.c readconf.c readconf.h ssh.h] bz#1327: remove hardcoded limit of 100 permitopen clauses and port forwards per direction; ok markus@ stevesk@
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-15/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - djm@cvs.openbsd.org 2006/03/25 22:22:43Damien Miller2006-03-261-1/+1
| | | | | | | | | | | | | | [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] [ttymodes.h uidswap.h uuencode.h xmalloc.h] standardise spacing in $OpenBSD$ tags; requested by deraadt@
* - dtucker@cvs.openbsd.org 2004/12/06 11:41:03Darren Tucker2004-12-061-1/+8
| | | | | | [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] Discard over-length authorized_keys entries rather than complaining when they don't decode. bz #884, with & ok djm@
* - markus@cvs.openbsd.org 2003/12/02 17:01:15Darren Tucker2003-12-091-1/+4
| | | | | [channels.c session.c ssh-agent.c ssh.h sshd.c] use SSH_LISTEN_BACKLOG (=128) in listen(2).
* - markus@cvs.openbsd.org 2003/09/01 13:52:18Damien Miller2003-09-021-2/+1
| | | | | [ssh.h] rm whitespace
* - (dtucker) OpenBSD CVS SyncPOST_KRB4_REMOVALDarren Tucker2003-08-021-4/+1
| | | | | | | | | | | | | - markus@cvs.openbsd.org 2003/07/22 13:35:22 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. I hope I got this right....
* - deraadt@cvs.openbsd.org 2003/06/28 16:23:06Darren Tucker2003-07-031-1/+2
| | | | | | | [atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c sshd.c] deal with typing of write vs read in atomicio
* - (djm) Merge all the openbsd/fake-* into fake-rfc2553.[ch]Damien Miller2003-06-051-1/+0
|
* - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.hKevin Steves2002-07-221-4/+0
|
* - OpenBSD CVS SyncBen Lindstrom2002-06-231-3/+3
| | | | | | - stevesk@cvs.openbsd.org 2002/06/22 02:00:29 [ssh.h] correct comment
* - deraadt@cvs.openbsd.org 2002/06/03 12:04:07Ben Lindstrom2002-06-061-2/+2
| | | | | | | | [ssh.h] compatiblity -> compatibility decriptor -> descriptor authentciated -> authenticated transmition -> transmission
* - stevesk@cvs.openbsd.org 2002/05/11 20:24:48Ben Lindstrom2002-05-151-2/+2
| | | | | [ssh.h] typo in comment
* - deraadt@cvs.openbsd.org 2002/05/08 21:06:34Ben Lindstrom2002-05-151-2/+2
| | | | | [ssh.h] move to sshd.sshd instead
* - deraadt@cvs.openbsd.org 2002/05/07 19:54:36Ben Lindstrom2002-05-151-2/+2
| | | | | [ssh.h] use ssh uid
* - (stevesk) --with-privsep-user; default sshdKevin Steves2002-04-071-0/+2
|
* - stevesk@cvs.openbsd.org 2002/03/29 19:18:33Ben Lindstrom2002-04-021-1/+4
| | | | | [auth-rsa.c ssh-rsa.c ssh.h] make RSA modulus minimum #define; ok markus@
* - stevesk@cvs.openbsd.org 2002/03/20 19:12:25Ben Lindstrom2002-03-221-1/+8
| | | | | | [servconf.c servconf.h ssh.h sshd.c] for unprivileged user, group do: pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
* - stevesk@cvs.openbsd.org 2002/03/04 17:27:39Ben Lindstrom2002-03-051-2/+2
| | | | | | | | | | | [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h uuencode.c xmalloc.h] $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
* - stevesk@cvs.openbsd.org 2001/05/24 18:57:53Ben Lindstrom2001-06-051-1/+4
| | | | | [clientloop.c readconf.c ssh.c ssh.h] don't perform escape processing when ``EscapeChar none''; ok markus@
* - (stevesk) set the default PAM service name to __progname insteadKevin Steves2001-04-201-1/+1
| | | | of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
* - (djm) Add replacement glob() from OpenBSD libc if the system glob isDamien Miller2001-03-141-1/+1
| | | | | | missing or lacks the GLOB_ALTDIRFUNC extension - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers relatively. Avoids conflict between glob.h and /usr/include/glob.h
* RCSID; whitespaceKevin Steves2001-02-051-1/+1
|
* 20010124Ben Lindstrom2001-01-231-4/+1
| | | | | | | - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/23 10:45:10 [ssh.h] nuke comment
* Hopefully things did not get mixed around too much. It compiles underBen Lindstrom2001-01-221-460/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.
* Removed one more 'ISSUE' comment in auth1.cBen Lindstrom2001-01-191-7/+1
| | | | | | | | 20010120 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 [ssh-chall.c servconf.c servconf.h ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY
* Please grep through the source and look for 'ISSUE' comments and verifyBen Lindstrom2001-01-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | that I was able to get all the portable bits in the right location. As for the SKEY comment there is an email out to Markus as to how it should be resolved. Until then I just #ifdef SKEY/#endif out the whole block. - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/18 16:20:21 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h sshd.8 sshd.c] log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many systems - markus@cvs.openbsd.org 2001/01/18 16:59:59 [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c session.h sshconnect1.c] 1) removes fake skey from sshd, since this will be much harder with /usr/libexec/auth/login_XXX 2) share/unify code used in ssh-1 and ssh-2 authentication (server side) 3) make addition of BSD_AUTH and other challenge reponse methods easier. - markus@cvs.openbsd.org 2001/01/18 17:12:43 [auth-chall.c auth2-chall.c] rename *-skey.c *-chall.c since the files are not skey specific
* - (djm) Avoid warning in PAM code by making read_passphrase arguments constDamien Miller2001-01-171-1/+1
|
* 20010108Ben Lindstrom2001-01-081-2/+2
| | | | | | | | | | | | | | | | | | | | | - (bal) Fixed another typo in cli.c - (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/07 21:26:55 [cli.c] typo - markus@cvs.openbsd.org 2001/01/07 21:26:55 [cli.c] missing free, stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/07 19:06:25 [auth1.c] missing free, stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/07 11:28:04 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h sshd.8 sshd.c] rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE syslog priority changes: fatal() LOG_ERR -> LOG_CRIT log() LOG_INFO -> LOG_NOTICE
* One way to massive patch. <sigh> It compiles and works under Linux..Ben Lindstrom2000-12-221-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | And I think I have all the bits right from the OpenBSD tree. 20001222 - Updated RCSID for pty.c - (bal) OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/12/21 15:10:16 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - markus@cvs.openbsd.org 2000/12/20 19:26:56 [authfile.c] allow ssh -i userkey for root - markus@cvs.openbsd.org 2000/12/20 19:37:21 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] fix prototypes; from stevesk@pobox.com - markus@cvs.openbsd.org 2000/12/20 19:32:08 [sshd.c] init pointer to NULL; report from Jan.Ivan@cern.ch - markus@cvs.openbsd.org 2000/12/19 23:17:54 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char unsigned' with u_char.
* - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enableDamien Miller2000-12-031-4/+0
| | | | | PAM authentication using KbdInteractive. - (djm) Added another TODO
* - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacilityDamien Miller2000-11-291-0/+4
|
* - (djm) OpenBSD CVS updates:Damien Miller2000-11-291-1/+2
| | | | | | | | | | | | | | | | | - provos@cvs.openbsd.org 2000/11/22 08:38:31 [sshd.8] talk about /etc/primes, okay markus@ - markus@cvs.openbsd.org 2000/11/23 14:03:48 [ssh.c sshconnect1.c sshconnect2.c] complain about invalid ciphers for ssh1/ssh2, fall back to reasonable defaults - markus@cvs.openbsd.org 2000/11/25 09:42:53 [sshconnect1.c] reorder check for illegal ciphers, bugreport from espie@ - markus@cvs.openbsd.org 2000/11/25 10:19:34 [ssh-keygen.c ssh.h] print keytype when generating a key. reasonable defaults for RSA1/RSA/DSA keys.
* - (djm) Big OpenBSD sync:Damien Miller2000-10-141-10/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - markus@cvs.openbsd.org 2000/09/30 10:27:44 [log.c] allow loglevel debug - markus@cvs.openbsd.org 2000/10/03 11:59:57 [packet.c] hmac->mac - markus@cvs.openbsd.org 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - markus@cvs.openbsd.org 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - markus@cvs.openbsd.org 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private ssh.com DSA keys, too. - markus@cvs.openbsd.org 2000/10/09 15:32:34 auth-options.c clear options on every call. - markus@cvs.openbsd.org 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <res@shore.net> - markus@cvs.openbsd.org 2000/10/10 14:20:45 compat.c use rexexp for version string matching - provos@cvs.openbsd.org 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - markus@cvs.openbsd.org 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from mouring@pconline.com - markus@cvs.openbsd.org 2000/10/11 14:11:35 [dh.c] Wall - markus@cvs.openbsd.org 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me - markus@cvs.openbsd.org 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - markus@cvs.openbsd.org 2000/10/11 14:45:21 [cipher.c] remove DES - markus@cvs.openbsd.org 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - markus@cvs.openbsd.org 2000/10/12 08:21:13 [kex.h packet.c] remove unused - markus@cvs.openbsd.org 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se - markus@cvs.openbsd.org 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - markus@cvs.openbsd.org 2000/10/13 13:10:54 [sshd.8] more info about -V - markus@cvs.openbsd.org 2000/10/13 13:12:02 [myproposal.h] prefer no compression
* - (djm) Merge OpenBSD changes:Damien Miller2000-09-161-8/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - markus@cvs.openbsd.org 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - markus@cvs.openbsd.org 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - markus@cvs.openbsd.org 2000/09/05 13:20:49 [sftp-server.c] cleanup - markus@cvs.openbsd.org 2000/09/06 03:46:41 [authfile.h] prototype - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - markus@cvs.openbsd.org 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - markus@cvs.openbsd.org 2000/09/07 14:53:00 [scp.c] typo - markus@cvs.openbsd.org 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - markus@cvs.openbsd.org 2000/09/08 03:02:51 [README.openssh2] bye bye - deraadt@cvs.openbsd.org 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - markus@cvs.openbsd.org 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - markus@cvs.openbsd.org 2000/09/14 14:25:15 [clientloop.c] typo - deraadt@cvs.openbsd.org 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately
* - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headersDamien Miller2000-08-231-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - (djm) OpenBSD CVS updates: - deraadt@cvs.openbsd.org 2000/08/18 20:07:23 [ssh.c] accept remsh as a valid name as well; roman@buildpoint.com - deraadt@cvs.openbsd.org 2000/08/18 20:17:13 [deattack.c crc32.c packet.c] rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to libz crc32 function yet, because it has ugly "long"'s in it; oneill@cs.sfu.ca - deraadt@cvs.openbsd.org 2000/08/18 20:26:08 [scp.1 scp.c] -S prog support; tv@debian.org - deraadt@cvs.openbsd.org 2000/08/18 20:50:07 [scp.c] knf - deraadt@cvs.openbsd.org 2000/08/18 20:57:33 [log-client.c] shorten - markus@cvs.openbsd.org 2000/08/19 12:48:11 [channels.c channels.h clientloop.c ssh.c ssh.h] support for ~. in ssh2 - deraadt@cvs.openbsd.org 2000/08/19 15:29:40 [crc32.h] proper prototype - markus@cvs.openbsd.org 2000/08/19 15:34:44 [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1] [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile] [fingerprint.c fingerprint.h] add SSH2/DSA support to the agent and some other DSA related cleanups. (note that we cannot talk to ssh.com's ssh2 agents) - markus@cvs.openbsd.org 2000/08/19 15:55:52 [channels.c channels.h clientloop.c] more ~ support for ssh2 - markus@cvs.openbsd.org 2000/08/19 16:21:19 [clientloop.c] oops - millert@cvs.openbsd.org 2000/08/20 12:25:53 [session.c] We have to stash the result of get_remote_name_or_ip() before we close our socket or getpeername() will get EBADF and the process will exit. Only a problem for "UseLogin yes". - millert@cvs.openbsd.org 2000/08/20 12:30:59 [session.c] Only check /etc/nologin if "UseLogin no" since login(1) may have its own policy on determining who is allowed to login when /etc/nologin is present. Also use the _PATH_NOLOGIN define. - millert@cvs.openbsd.org 2000/08/20 12:42:43 [auth1.c auth2.c session.c ssh.c] Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class. - millert@cvs.openbsd.org 2000/08/21 10:23:31 [session.c] Fix incorrect PATH setting; noted by Markus.
* - (djm) OpenBSD CVS updatesDamien Miller2000-07-151-1/+4
| | | | | | | | | | | | | | | | | | | - provos@cvs.openbsd.org 2000/07/13 16:53:22 [aux.c readconf.c servconf.c ssh.h] allow multiple whitespace but only one '=' between tokens, bug report from Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@ - provos@cvs.openbsd.org 2000/07/13 17:14:09 [clientloop.c] typo; todd@fries.net - provos@cvs.openbsd.org 2000/07/13 17:19:31 [scp.c] close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu> - markus@cvs.openbsd.org 2000/07/14 16:59:46 [readconf.c servconf.c] allow leading whitespace. ok niels - djm@cvs.openbsd.org 2000/07/14 22:01:38 [ssh-keygen.c ssh.c] Always create ~/.ssh with mode 700; ok Markus
* - OpenBSD CVS Updates:Damien Miller2000-06-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | - markus@cvs.openbsd.org 2000/06/18 18:50:11 [auth2.c compat.c compat.h sshconnect2.c] make userauth+pubkey interop with ssh.com-2.2.0 - markus@cvs.openbsd.org 2000/06/18 20:56:17 [dsa.c] mem leak + be more paranoid in dsa_verify. - markus@cvs.openbsd.org 2000/06/18 21:29:50 [key.c] cleanup fingerprinting, less hardcoded sizes - markus@cvs.openbsd.org 2000/06/19 19:39:45 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] OpenBSD tag - markus@cvs.openbsd.org 2000/06/21 10:46:10 sshconnect2.c missing free; nuke old comment