Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.90 / (download) - annotate - [select for diffs], Fri May 17 00:30:23 2024 UTC (111 minutes, 5 seconds ago) by djm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.89: +9 -6 lines
Diff to previous 1.89 (colored)
Start the process of splitting sshd into separate binaries. This step splits sshd into a listener and a session binary. More splits are planned. After this changes, the listener binary will validate the configuration, load the hostkeys, listen on port 22 and manage MaxStartups only. All session handling will be performed by a new sshd-session binary that the listener fork+execs. This reduces the listener process to the minimum necessary and sets us up for future work on the sshd-session binary. feedback/ok markus@ deraadt@ NB. if you're updating via source, please restart sshd after installing, otherwise you run the risk of locking yourself out.
Revision 1.89 / (download) - annotate - [select for diffs], Thu Jan 11 01:45:36 2024 UTC (4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.88: +9 -2 lines
Diff to previous 1.88 (colored)
make DSA key support compile-time optional, defaulting to on ok markus@
Revision 1.88 / (download) - annotate - [select for diffs], Sun Jan 15 23:05:32 2023 UTC (16 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.87: +1 -5 lines
Diff to previous 1.87 (colored)
update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@
Revision 1.87 / (download) - annotate - [select for diffs], Sat Jan 9 11:58:50 2021 UTC (3 years, 4 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.86: +2 -1 lines
Diff to previous 1.86 (colored)
Move address handling functions out into their own file in order to reuse them for per-source maxstartups limiting. Supplement with some additional functions from djm's flowtools that we'll also need. ok djm@ (as part of a larger diff).
Revision 1.86 / (download) - annotate - [select for diffs], Tue Dec 29 00:59:15 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.85: +3 -3 lines
Diff to previous 1.85 (colored)
Update/replace the experimental post-quantim hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519). The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761. The sntrup761 implementaion, like sntrup4591761 before it, is public domain code extracted from the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html). Thanks for Daniel J Bernstein for guidance on algorithm selection. Patch from Tobias Heider; feedback & ok markus@ and myself (note this both the updated method and the one that it replaced are disabled by default)
Revision 1.85 / (download) - annotate - [select for diffs], Fri Oct 16 13:24:45 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.84: +3 -4 lines
Diff to previous 1.84 (colored)
revised log infrastructure for OpenSSH log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists. ok markus@
Revision 1.84 / (download) - annotate - [select for diffs], Mon Aug 3 02:42:49 2020 UTC (3 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.83: +1 -2 lines
Diff to previous 1.83 (colored)
clang -Wimplicit-fallthrough does not recognise /* FALLTHROUGH */ comments, which is the style we currently use, and gives too many boring warnings. ok djm
Revision 1.83 / (download) - annotate - [select for diffs], Fri Apr 3 04:32:21 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.82: +3 -2 lines
Diff to previous 1.82 (colored)
chacha20-poly1305 AEAD using libcrypto EVP_chacha20 Based on patch from Yuriy M. Kaminskiy. ok + lots of assistance along the way at a2k20 tb@
Revision 1.82 / (download) - annotate - [select for diffs], Sat Jan 25 23:02:13 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.81: +3 -1 lines
Diff to previous 1.81 (colored)
factor out reading/writing sshbufs to dedicated functions; feedback and ok markus@
Revision 1.81 / (download) - annotate - [select for diffs], Thu Jan 23 10:24:29 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.80: +6 -1 lines
Diff to previous 1.80 (colored)
Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@
Revision 1.80 / (download) - annotate - [select for diffs], Fri Dec 13 19:09:10 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.79: +6 -3 lines
Diff to previous 1.79 (colored)
use ssh-sk-helper for all security key signing operations This extracts and refactors the client interface for ssh-sk-helper from ssh-agent and generalises it for use by the other programs. This means that most OpenSSH tools no longer need to link against libfido2 or directly interact with /dev/uhid* requested by, feedback and ok markus@
Revision 1.79 / (download) - annotate - [select for diffs], Mon Nov 18 16:08:57 2019 UTC (4 years, 5 months ago) by naddy
Branch: MAIN
Changes since 1.78: +3 -3 lines
Diff to previous 1.78 (colored)
add the missing WITH_OPENSSL ifdefs after the ED25519-SK addition; ok djm@
Revision 1.78 / (download) - annotate - [select for diffs], Fri Nov 15 05:25:52 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.77: +4 -2 lines
Diff to previous 1.77 (colored)
only clang understands those new -W options
Revision 1.77 / (download) - annotate - [select for diffs], Thu Nov 14 21:56:52 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.76: +5 -5 lines
Diff to previous 1.76 (colored)
remove debugging goop that snuck in to last commit
Revision 1.76 / (download) - annotate - [select for diffs], Thu Nov 14 21:27:29 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.75: +8 -4 lines
Diff to previous 1.75 (colored)
directly support U2F/FIDO2 security keys in OpenSSH by linking against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging.
Revision 1.75 / (download) - annotate - [select for diffs], Tue Nov 12 19:29:24 2019 UTC (4 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.74: +2 -1 lines
Diff to previous 1.74 (colored)
implement ssh-ed25519-sk verification; ok djm@
Revision 1.74 / (download) - annotate - [select for diffs], Mon Nov 11 19:53:37 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.73: +3 -1 lines
Diff to previous 1.73 (colored)
skip demanding -fstack-protector-all on hppa. we never wrote a stack protector for reverse-stack architectures, and i don't think anyone else did either. a warning per compiled file is just annoying.
Revision 1.73 / (download) - annotate - [select for diffs], Thu Oct 31 21:37:33 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.72: +3 -3 lines
Diff to previous 1.72 (colored)
undo debugging bits that shouldn't have been committed
Revision 1.72 / (download) - annotate - [select for diffs], Thu Oct 31 21:23:19 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.71: +2 -3 lines
Diff to previous 1.71 (colored)
Refactor signing - use sshkey_sign for everything, including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
Revision 1.71 / (download) - annotate - [select for diffs], Thu Oct 31 21:16:20 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.70: +3 -1 lines
Diff to previous 1.70 (colored)
U2F/FIDO middleware interface Supports enrolling (generating) keys and signatures. feedback & ok markus@
Revision 1.70 / (download) - annotate - [select for diffs], Thu Oct 31 21:15:14 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.69: +4 -3 lines
Diff to previous 1.69 (colored)
Initial infrastructure for U2F/FIDO support Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@
Revision 1.69 / (download) - annotate - [select for diffs], Fri Sep 6 05:59:41 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.68: +6 -2 lines
Diff to previous 1.68 (colored)
avoid compiling certain files that deeply depend on libcrypto when WITH_OPENSSL isn't set
Revision 1.68 / (download) - annotate - [select for diffs], Fri Aug 16 06:35:27 2019 UTC (4 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.67: +2 -2 lines
Diff to previous 1.67 (colored)
include sshbuf-misc.c in SRCS_BASE
Revision 1.67 / (download) - annotate - [select for diffs], Thu Apr 18 07:32:56 2019 UTC (5 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.66: +1 -2 lines
Diff to previous 1.66 (colored)
Remove crc32.{c,h} which were only used by the now-gone SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.
Revision 1.66 / (download) - annotate - [select for diffs], Mon Jan 21 10:38:54 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.65: +4 -6 lines
Diff to previous 1.65 (colored)
merge kexkem[cs] into kexgen from markus@ ok djm@
Revision 1.65 / (download) - annotate - [select for diffs], Mon Jan 21 10:29:56 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.64: +1 -3 lines
Diff to previous 1.64 (colored)
use KEM API for vanilla ECDH from markus@ ok djm@
Revision 1.64 / (download) - annotate - [select for diffs], Mon Jan 21 10:28:01 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.63: +1 -3 lines
Diff to previous 1.63 (colored)
use KEM API for vanilla DH KEX from markus@ ok djm@
Revision 1.63 / (download) - annotate - [select for diffs], Mon Jan 21 10:24:09 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.62: +1 -3 lines
Diff to previous 1.62 (colored)
use KEM API for vanilla c25519 KEX
Revision 1.62 / (download) - annotate - [select for diffs], Mon Jan 21 10:20:12 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.61: +6 -1 lines
Diff to previous 1.61 (colored)
Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@
Revision 1.61 / (download) - annotate - [select for diffs], Sat Jan 19 21:45:31 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.60: +1 -2 lines
Diff to previous 1.60 (colored)
remove last traces of old packet API! with & ok markus@
Revision 1.60 / (download) - annotate - [select for diffs], Wed Jul 18 11:34:04 2018 UTC (5 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.59: +1 -2 lines
Diff to previous 1.59 (colored)
Remove support for running ssh(1) setuid and fatal if attempted. Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@
Revision 1.59 / (download) - annotate - [select for diffs], Mon Jul 9 21:56:06 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.58: +1 -5 lines
Diff to previous 1.58 (colored)
remove legacy buffer API emulation layer; ok djm@
Revision 1.58 / (download) - annotate - [select for diffs], Fri Feb 23 15:58:37 2018 UTC (6 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.57: +13 -1 lines
Diff to previous 1.57 (colored)
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
Revision 1.57 / (download) - annotate - [select for diffs], Mon Jan 8 15:37:21 2018 UTC (6 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.56: +86 -1 lines
Diff to previous 1.56 (colored)
group shared source files (e.g. SRCS_KEX) and allow compilation w/o OPENSSL ok djm@
Revision 1.56 / (download) - annotate - [select for diffs], Sun Dec 10 19:37:57 2017 UTC (6 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.55: +1 -11 lines
Diff to previous 1.55 (colored)
ssh/lib hasn't worked towards our code-sharing goals for a quit while, perhaps it is too verbose? Change each */Makefile to specifying exactly what sources that program requires, compiling it seperate. Maybe we'll iterate by sorting those into seperatable chunks, splitting up files which contain common code + server/client specific code, or whatnot. But this isn't one step, or we'd have done it a long time ago.. ok dtucker markus djm
Revision 1.55 / (download) - annotate - [select for diffs], Fri Jun 2 06:06:10 2017 UTC (6 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.54: +4 -17 lines
Diff to previous 1.54 (colored)
rationalise the long list of manual CDIAGFLAGS that we add; most of these were redundant to -Wall -Wextra
Revision 1.54 / (download) - annotate - [select for diffs], Sun Apr 30 23:25:03 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.53: +15 -7 lines
Diff to previous 1.53 (colored)
undo some local debugging stuff that I committed by accident
Revision 1.53 / (download) - annotate - [select for diffs], Sun Apr 30 23:17:37 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.52: +1 -8 lines
Diff to previous 1.52 (colored)
remove SSH1 make flag and associated files ok markus@
Revision 1.52 / (download) - annotate - [select for diffs], Sun Apr 30 23:10:43 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.51: +6 -15 lines
Diff to previous 1.51 (colored)
unifdef WITH_SSH1 ok markus@
Revision 1.51 / (download) - annotate - [select for diffs], Mon Apr 17 11:02:31 2017 UTC (7 years, 1 month ago) by jsg
Branch: MAIN
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)
Change COMPILER_VERSION tests which limited additional warnings to gcc4 to instead skip them on gcc3 as clang can handle -Wpointer-sign and -Wold-style-definition.
Revision 1.50 / (download) - annotate - [select for diffs], Wed Jul 1 23:10:47 2015 UTC (8 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored)
Compile-time disable SSH v.1 again
Revision 1.49 / (download) - annotate - [select for diffs], Fri May 29 06:47:43 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
put back SSH1 for now - we want to make sure we don't regress it for the 6.9 release; ok deraadt@
Revision 1.48 / (download) - annotate - [select for diffs], Tue Mar 24 01:29:19 2015 UTC (9 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)
Compile-time disable SSH protocol 1. You can turn it back on using the Makefile.inc knob if you need it to talk to ancient devices.
Revision 1.47 / (download) - annotate - [select for diffs], Tue Mar 3 21:21:13 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.46: +11 -2 lines
Diff to previous 1.46 (colored)
add SSH1 Makefile knob to make it easier to build without SSH1 support; ok markus@
Revision 1.46 / (download) - annotate - [select for diffs], Tue Apr 29 18:01:49 2014 UTC (10 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.45: +6 -1 lines
Diff to previous 1.45 (colored)
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Revision 1.45 / (download) - annotate - [select for diffs], Mon Mar 31 15:25:26 2014 UTC (10 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.44: +2 -1 lines
Diff to previous 1.44 (colored)
ssh has a target painted on it's back, so use -fstack-protector-all dtucker mentioned that -portable does this
Revision 1.44 / (download) - annotate - [select for diffs], Fri Feb 28 22:46:54 2014 UTC (10 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.43: +1 -2 lines
Diff to previous 1.43 (colored)
Absolutely do not override base system build features in this file!! Discovered by miod.
Revision 1.43 / (download) - annotate - [select for diffs], Fri Feb 7 21:14:24 2014 UTC (10 years, 3 months ago) by miod
Branch: MAIN
Changes since 1.42: +5 -2 lines
Diff to previous 1.42 (colored)
-Wold-style-declaration is not supported by gcc 3.
Revision 1.42 / (download) - annotate - [select for diffs], Wed Jan 29 06:18:35 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.41: +26 -7 lines
Diff to previous 1.41 (colored)
remove experimental, never-enabled JPAKE code; ok markus@
Revision 1.41 / (download) - annotate - [select for diffs], Sat Jan 18 05:54:51 2014 UTC (10 years, 4 months ago) by martynas
Branch: MAIN
Changes since 1.40: +1 -2 lines
Diff to previous 1.40 (colored)
Remove -Wbounded: it is now the compiler default.
Revision 1.40 / (download) - annotate - [select for diffs], Fri Dec 6 13:34:54 2013 UTC (10 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.39: +3 -1 lines
Diff to previous 1.39 (colored)
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
Revision 1.39 / (download) - annotate - [select for diffs], Fri Oct 1 23:10:48 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)
turn off -g too
Revision 1.38 / (download) - annotate - [select for diffs], Fri Oct 1 23:06:06 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
oops, didn't mean to turn -Werror on for everyone.
Revision 1.37 / (download) - annotate - [select for diffs], Fri Oct 1 23:05:32 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.36: +4 -4 lines
Diff to previous 1.36 (colored)
adapt to API changes in openssl-1.0.0a
Revision 1.36 / (download) - annotate - [select for diffs], Sat Feb 20 20:28:11 2010 UTC (14 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.35: +5 -1 lines
Diff to previous 1.35 (colored)
unbreak build for NOPIC systems; noticed, help and ok deraadt@
Revision 1.35 / (download) - annotate - [select for diffs], Tue Feb 9 08:55:31 2010 UTC (14 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
enable PKCS#11 code; ok djm
Revision 1.34 / (download) - annotate - [select for diffs], Mon Feb 8 10:50:20 2010 UTC (14 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.33: +2 -3 lines
Diff to previous 1.33 (colored)
replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev
Revision 1.33 / (download) - annotate - [select for diffs], Tue Nov 4 08:22:12 2008 UTC (15 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.32: +3 -1 lines
Diff to previous 1.32 (colored)
Add support for an experimental zero-knowledge password authentication method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
Revision 1.32 / (download) - annotate - [select for diffs], Sat Jun 28 14:04:30 2008 UTC (15 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)
revert accidental commit (nearly 2 months ago!) that unconditionally enabled -Werror and -g
Revision 1.31 / (download) - annotate - [select for diffs], Thu May 8 12:21:16 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored)
Make the maximum number of sessions run-time controllable via a sshd_config MaxSessions knob. This is useful for disabling login/shell/subsystem access while leaving port-forwarding working (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or simply increasing the number of allows multiplexed sessions. Because some bozos are sure to configure MaxSessions in excess of the number of available file descriptors in sshd (which, at peak, might be as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds on error paths, and make it fail gracefully on out-of-fd conditions - sending channel errors instead of than exiting with fatal(). bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com ok markus@
Revision 1.29.4.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:39:52 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.29: +4 -4 lines
Diff to previous 1.29 (colored) next main 1.30 (colored)
upgrade to OpenSSH 4.2
Revision 1.29.2.1 / (download) - annotate - [select for diffs], Fri Sep 2 03:44:59 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.29: +4 -4 lines
Diff to previous 1.29 (colored) next main 1.30 (colored)
upgrade to OpenSSH 4.2
Revision 1.30 / (download) - annotate - [select for diffs], Fri Jun 17 02:45:19 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0,
OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.29: +4 -4 lines
Diff to previous 1.29 (colored)
turn on -Wstrict-prototypes -Wsign-compare -Wshadow now that we are clean
Revision 1.24.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:30 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.24.2.1: +2 -1 lines
Diff to previous 1.24.2.1 (colored) to branchpoint 1.24 (colored) next main 1.25 (colored)
upgrade to OpenSSH 3.9
Revision 1.27.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:25 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.27: +2 -1 lines
Diff to previous 1.27 (colored) next main 1.28 (colored)
upgrade to OpenSSH 3.9
Revision 1.29 / (download) - annotate - [select for diffs], Mon Jun 21 18:34:51 2004 UTC (19 years, 10 months ago) by avsm
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_7,
OPENBSD_3_6
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)
comment out -Wshadow for now, gcc2 sucks. noticed by markus
Revision 1.28 / (download) - annotate - [select for diffs], Mon Jun 21 17:36:31 2004 UTC (19 years, 10 months ago) by avsm
Branch: MAIN
Changes since 1.27: +2 -1 lines
Diff to previous 1.27 (colored)
make ssh -Wshadow clean, no functional changes markus@ ok
Revision 1.23.6.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:14 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.23.6.1: +3 -3 lines
Diff to previous 1.23.6.1 (colored) to branchpoint 1.23 (colored) next main 1.24 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.24.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:32 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.24: +3 -3 lines
Diff to previous 1.24 (colored)
upgrade to OpenSSH 3.8
Revision 1.27 / (download) - annotate - [select for diffs], Tue Oct 14 19:42:10 2003 UTC (20 years, 7 months ago) by jakob
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.26: +1 -3 lines
Diff to previous 1.26 (colored)
include SSHFP lookup code (not enabled by default). ok markus@
Revision 1.26 / (download) - annotate - [select for diffs], Tue Sep 23 20:17:11 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
Revision 1.25 / (download) - annotate - [select for diffs], Thu Sep 18 08:49:45 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.24: +3 -1 lines
Diff to previous 1.24 (colored)
more buffer allocation fixes; from Solar Designer; CAN-2003-0682; ok millert@
Revision 1.23.4.1 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:23 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.23: +3 -1 lines
Diff to previous 1.23 (colored) next main 1.24 (colored)
upgrade to OpenSSH 3.7
Revision 1.23.6.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:42 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.23: +3 -1 lines
Diff to previous 1.23 (colored)
upgrade to OpenSSH 3.7
Revision 1.24 / (download) - annotate - [select for diffs], Wed May 14 18:16:20 2003 UTC (21 years ago) by jakob
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.23: +3 -1 lines
Diff to previous 1.23 (colored)
add experimental support for verifying hos keys using DNS as described in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
Revision 1.13.2.2 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:43 2002 UTC (22 years, 2 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.13.2.1: +1 -1 lines
Diff to previous 1.13.2.1 (colored) to branchpoint 1.13 (colored) next main 1.14 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.19.2.2 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:45 2002 UTC (22 years, 2 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.19.2.1: +1 -1 lines
Diff to previous 1.19.2.1 (colored) to branchpoint 1.19 (colored) next main 1.20 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.23 / (download) - annotate - [select for diffs], Wed Mar 6 00:23:27 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_2_BASE,
OPENBSD_3_1_BASE,
OPENBSD_3_1
Branch point for: OPENBSD_3_3,
OPENBSD_3_2
Changes since 1.22: +1 -1 lines
Diff to previous 1.22 (colored)
undo
Revision 1.22 / (download) - annotate - [select for diffs], Wed Mar 6 00:20:54 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
compat.c
Revision 1.19.2.1 / (download) - annotate - [select for diffs], Wed Nov 14 03:24:38 2001 UTC (22 years, 6 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.19: +1 -1 lines
Diff to previous 1.19 (colored)
Pull in patches from current (Errata 002): Update to OpenSSH-3.0.1 via errata patch (Instead of using release tarball)
Revision 1.21 / (download) - annotate - [select for diffs], Tue Oct 30 20:32:31 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.20: +1 -1 lines
Diff to previous 1.20 (colored)
undo (disable debug again)
Revision 1.20 / (download) - annotate - [select for diffs], Tue Oct 30 20:29:09 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
ssh.1
Revision 1.13.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:54 2001 UTC (22 years, 7 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.13: +13 -2 lines
Diff to previous 1.13 (colored)
Pull in OpenSSH-2.9.9
Revision 1.12.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:41 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.12.2.4: +13 -2 lines
Diff to previous 1.12.2.4 (colored) to branchpoint 1.12 (colored) next main 1.13 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.19 / (download) - annotate - [select for diffs], Sun Jul 29 14:00:07 2001 UTC (22 years, 9 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.18: +3 -2 lines
Diff to previous 1.18 (colored)
typo, add -Wunused
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jul 26 13:40:56 2001 UTC (22 years, 9 months ago) by espie
Branch: MAIN
Changes since 1.17: +7 -7 lines
Diff to previous 1.17 (colored)
CDIAGFLAGS. Okay markus@
Revision 1.17 / (download) - annotate - [select for diffs], Wed Jun 27 19:29:13 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.16: +3 -1 lines
Diff to previous 1.16 (colored)
move -lsectok to Makefile.inc for now
Revision 1.16 / (download) - annotate - [select for diffs], Tue Jun 26 17:40:42 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored)
add smartcard support to the makefiles (commented out); the smartcard support is based on work by itoi@eecs.umich.edu
Revision 1.15 / (download) - annotate - [select for diffs], Sat Jun 23 17:11:01 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.14: +8 -2 lines
Diff to previous 1.14 (colored)
turn off -Wstrict-prototypes (for atomicio.h)
Revision 1.14 / (download) - annotate - [select for diffs], Sat Jun 23 15:12:17 2001 UTC (22 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.13: +2 -1 lines
Diff to previous 1.13 (colored)
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
Revision 1.12.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:25 2001 UTC (23 years ago) by jason
Branch: OPENBSD_2_8
Changes since 1.12.2.3: +0 -0 lines
Diff to previous 1.12.2.3 (colored) to branchpoint 1.12 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.12.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:21 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.12.2.2: +0 -0 lines
Diff to previous 1.12.2.2 (colored) to branchpoint 1.12 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.11.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 18:52:30 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.11.2.2: +0 -0 lines
Diff to previous 1.11.2.2 (colored) to branchpoint 1.11 (colored) next main 1.12 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.11.2.2 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:06 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.11.2.1: +2 -0 lines
Diff to previous 1.11.2.1 (colored) to branchpoint 1.11 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.12.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:18:31 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.12.2.1: +0 -0 lines
Diff to previous 1.12.2.1 (colored) to branchpoint 1.12 (colored)
Pull in OpenSSH-2.5.1
Revision 1.12.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:12:50 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.12: +2 -0 lines
Diff to previous 1.12 (colored)
Pull in OpenSSH 2.5.0
Revision 1.13 / (download) - annotate - [select for diffs], Mon Jan 29 01:58:14 2001 UTC (23 years, 3 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.12: +2 -0 lines
Diff to previous 1.12 (colored)
$OpenBSD$
Revision 1.11.2.1 / (download) - annotate - [select for diffs], Wed Nov 8 21:30:14 2000 UTC (23 years, 6 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.11: +2 -0 lines
Diff to previous 1.11 (colored)
openssh-2.3.0 (again) for 2.7 branch
Revision 1.12 / (download) - annotate - [select for diffs], Sun Oct 15 14:15:34 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.11: +2 -0 lines
Diff to previous 1.11 (colored)
CFLAGS+= -Wall
Revision 1.11 / (download) - annotate - [select for diffs], Mon Oct 25 20:27:26 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE
Branch point for: OPENBSD_2_7
Changes since 1.10: +10 -0 lines
Diff to previous 1.10 (colored)
move common files to ./lib and link libssh.a, tested with and w/o obj
Revision 1.10 / (download) - annotate - [select for diffs], Thu Oct 7 21:45:02 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.9: +1 -1 lines
Diff to previous 1.9 (colored)
add skey to sshd: 1) pass *pw to auth_password() not user_name, do_authentication already keeps private copy of struct passwd for current user. 2) limit authentication attemps to 5, otherwise ssh -o 'NumberOfPasswordPrompts 100000' host lets you enter 100000 passwds 3) make s/key a run-time option in /etc/sshd_config 4) generate fake skeys, for s/key for nonexisting users, too limit auth-tries for nonexisting users, too. Note that % ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host has NO limits in ssh-1.2.27
Revision 1.9 / (download) - annotate - [select for diffs], Wed Oct 6 22:24:55 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.8: +0 -13 lines
Diff to previous 1.8 (colored)
scp should not link against kerberos stuff
Revision 1.8 / (download) - annotate - [select for diffs], Mon Oct 4 20:45:01 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.7: +0 -4 lines
Diff to previous 1.7 (colored)
nuke genminfd/AUTH_FD
Revision 1.7 / (download) - annotate - [select for diffs], Sun Oct 3 17:58:16 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +2 -0 lines
Diff to previous 1.6 (colored)
clean the minfd junk
Revision 1.6 / (download) - annotate - [select for diffs], Sun Oct 3 17:56:46 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.5: +4 -5 lines
Diff to previous 1.5 (colored)
AFS depends on kerberos, fixes KERBEROS=no
Revision 1.5 / (download) - annotate - [select for diffs], Wed Sep 29 18:16:18 1999 UTC (24 years, 7 months ago) by dugsong
Branch: MAIN
Changes since 1.4: +15 -1 lines
Diff to previous 1.4 (colored)
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
Revision 1.4 / (download) - annotate - [select for diffs], Wed Sep 29 00:09:50 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +1 -1 lines
Diff to previous 1.3 (colored)
krb4 support; evanc@concer.to
Revision 1.3 / (download) - annotate - [select for diffs], Tue Sep 28 22:48:58 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +1 -1 lines
Diff to previous 1.2 (colored)
+=
Revision 1.2 / (download) - annotate - [select for diffs], Sun Sep 26 22:29:50 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.1: +0 -4 lines
Diff to previous 1.1 (colored)
distribution target
Revision 1.1 / (download) - annotate - [select for diffs], Sun Sep 26 21:47:52 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
build ssh components using our build model