Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.14, Sat Jan 19 21:45:31 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.13: +1 -1 lines
FILE REMOVED
remove last traces of old packet API! with & ok markus@
Revision 1.13 / (download) - annotate - [select for diffs], Fri Jul 6 09:03:02 2018 UTC (5 years, 10 months ago) by sf
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.12: +1 -3 lines
Diff to previous 1.12 (colored)
Remove unused ssh_packet_start_compression() ok markus@
Revision 1.12 / (download) - annotate - [select for diffs], Fri Oct 20 01:56:39 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.11: +1 -0 lines
Diff to previous 1.11 (colored)
add RCSIDs to these; they make syncing portable a bit easier
Revision 1.11 / (download) - annotate - [select for diffs], Wed May 31 08:09:45 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.10: +2 -0 lines
Diff to previous 1.10 (colored)
clear session keys from memory; ok djm@
Revision 1.10 / (download) - annotate - [select for diffs], Wed May 3 21:08:09 2017 UTC (7 years ago) by naddy
Branch: MAIN
Changes since 1.9: +0 -8 lines
Diff to previous 1.9 (colored)
remove miscellaneous SSH1 leftovers; ok markus@
Revision 1.9 / (download) - annotate - [select for diffs], Fri Sep 30 09:19:13 2016 UTC (7 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.8: +4 -0 lines
Diff to previous 1.8 (colored)
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux client speaks the ssh-packet protocol directly over unix-domain socket. - mux server acts as a proxy, translates channel IDs and relays to the server. - no filedescriptor passing necessary. - combined with unix-domain forwarding it's even possible to run mux client and server on different machines. feedback & ok djm@
Revision 1.8 / (download) - annotate - [select for diffs], Wed Sep 28 16:33:07 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.7: +0 -3 lines
Diff to previous 1.7 (colored)
Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
Revision 1.7 / (download) - annotate - [select for diffs], Mon Mar 7 19:02:43 2016 UTC (8 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.6: +0 -4 lines
Diff to previous 1.6 (colored)
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@
Revision 1.6 / (download) - annotate - [select for diffs], Mon Feb 8 10:57:07 2016 UTC (8 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.5: +0 -2 lines
Diff to previous 1.5 (colored)
refactor activation of rekeying This makes automatic rekeying internal to the packet code (previously the server and client loops needed to assist). In doing to it makes application of rekey limits more accurate by accounting for packets about to be sent as well as packets queued during rekeying events themselves. Based on a patch from dtucker@ which was in turn based on a patch Aleksander Adamowski in bz#2521; ok markus@
Revision 1.5 / (download) - annotate - [select for diffs], Thu Jan 14 16:17:40 2016 UTC (8 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.4: +0 -2 lines
Diff to previous 1.4 (colored)
remove roaming support; ok djm@
Revision 1.4 / (download) - annotate - [select for diffs], Fri Feb 13 18:57:00 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.3: +0 -2 lines
Diff to previous 1.3 (colored)
make rekey_limit for sshd w/privsep work; ok djm@ dtucker@
Revision 1.3 / (download) - annotate - [select for diffs], Fri Jan 30 01:13:33 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.2: +3 -6 lines
Diff to previous 1.2 (colored)
avoid more fatal/exit in the packet.c paths that ssh-keyscan uses; feedback and "looks good" markus@
Revision 1.2 / (download) - annotate - [select for diffs], Wed Jan 28 21:15:47 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.1: +1 -2 lines
Diff to previous 1.1 (colored)
avoid fatal() calls in packet code makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jan 19 19:52:16 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@