![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.134 / (download) - annotate - [select for diffs], Mon Dec 18 14:46:56 2023 UTC (4 months, 4 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.133: +32 -8 lines
Diff to previous 1.133 (colored)
Make it possible to load certs from PKCS#11 tokens Adds a protocol extension to allow grafting certificates supplied by ssh-add to keys loaded from PKCS#11 tokens in the agent. feedback/ok markus@
Revision 1.133 / (download) - annotate - [select for diffs], Thu Mar 9 21:06:24 2023 UTC (14 months, 1 week ago) by jcs
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.132: +3 -3 lines
Diff to previous 1.132 (colored)
modify parentheses in conditionals to make it clearer what is being assigned and what is being checked ok djm dtucker
Revision 1.132 / (download) - annotate - [select for diffs], Thu Mar 9 06:58:26 2023 UTC (14 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.131: +2 -2 lines
Diff to previous 1.131 (colored)
include destination constraints for smartcard keys too. Spotted by Luci Stanescu; ok deraadt@ markus@
Revision 1.131 / (download) - annotate - [select for diffs], Sun Mar 5 05:34:09 2023 UTC (14 months, 1 week ago) by dtucker
Branch: MAIN
Changes since 1.130: +1 -2 lines
Diff to previous 1.130 (colored)
Remove unused compat.h includes. We've previously removed a lot of the really old compatibility code, and with it went the need to include compat.h in most of the files that have it.
Revision 1.130 / (download) - annotate - [select for diffs], Wed Apr 27 11:08:55 2022 UTC (2 years ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.129: +2 -1 lines
Diff to previous 1.129 (colored)
Add authfd path to debug output. ok markus@
Revision 1.129 / (download) - annotate - [select for diffs], Sun Dec 19 22:10:24 2021 UTC (2 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.128: +80 -7 lines
Diff to previous 1.128 (colored)
ssh-add side of destination constraints Have ssh-add accept a list of "destination constraints" that allow restricting where keys may be used in conjunction with a ssh-agent/ssh that supports session ID/hostkey binding. Constraints are specified as either "[user@]host-pattern" or "host-pattern>[user@]host-pattern". The first form permits a key to be used to authenticate as the specified user to the specified host. The second form permits a key that has previously been permitted for use at a host to be available via a forwarded agent to an additional host. For example, constraining a key with "user1@host_a" and "host_a>host_b". Would permit authentication as "user1" at "host_a", and allow the key to be available on an agent forwarded to "host_a" only for authentication to "host_b". The key would not be visible on agent forwarded to other hosts or usable for authentication there. Internally, destination constraints use host keys to identify hosts. The host patterns are used to obtain lists of host keys for that destination that are communicated to the agent. The user/hostkeys are encoded using a new restrict-destination-v00@openssh.com key constraint. host keys are looked up in the default client user/system known_hosts files. It is possible to override this set on the command-line. feedback Jann Horn & markus@ ok markus@
Revision 1.128 / (download) - annotate - [select for diffs], Sun Dec 19 22:08:48 2021 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.127: +30 -1 lines
Diff to previous 1.127 (colored)
ssh client side of binding send session ID, hostkey, signature and a flag indicating whether the agent connection is being forwarded to ssh agent each time a connection is opened via a new "session-bind@openssh.com" agent extension. ok markus@
Revision 1.127 / (download) - annotate - [select for diffs], Tue Jan 26 00:46:17 2021 UTC (3 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.126: +39 -24 lines
Diff to previous 1.126 (colored)
factor out common code in the agent client Add a ssh_request_reply_decode() function that sends a message to the agent, reads and parses a success/failure reply. Use it for all requests that only expect success/failure ok markus@
Revision 1.126 / (download) - annotate - [select for diffs], Thu Oct 29 02:52:43 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.125: +2 -2 lines
Diff to previous 1.125 (colored)
whitespace; no code change
Revision 1.125 / (download) - annotate - [select for diffs], Mon Oct 19 22:49:23 2020 UTC (3 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.124: +2 -2 lines
Diff to previous 1.124 (colored)
Adapt XMSS to new logging infrastructure. With markus@, ok djm@.
Revision 1.124 / (download) - annotate - [select for diffs], Fri Jun 26 05:03:36 2020 UTC (3 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.123: +3 -3 lines
Diff to previous 1.123 (colored)
constify a few things; ok dtucker (as part of another diff)
Revision 1.123 / (download) - annotate - [select for diffs], Fri Mar 6 18:24:39 2020 UTC (4 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.122: +2 -2 lines
Diff to previous 1.122 (colored)
ssh_fetch_identitylist() returns the return value from ssh_request_reply() so we should also check against != 0 ok djm
Revision 1.122 / (download) - annotate - [select for diffs], Wed Feb 26 13:40:09 2020 UTC (4 years, 2 months ago) by jsg
Branch: MAIN
Changes since 1.121: +3 -5 lines
Diff to previous 1.121 (colored)
change explicit_bzero();free() to freezero() While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@
Revision 1.121 / (download) - annotate - [select for diffs], Sat Dec 21 02:19:13 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.120: +25 -11 lines
Diff to previous 1.120 (colored)
Allow forwarding a different agent socket to the path specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. Patch by Eric Chiang, manpage by me; ok markus@
Revision 1.120 / (download) - annotate - [select for diffs], Wed Nov 13 04:47:52 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.119: +2 -1 lines
Diff to previous 1.119 (colored)
stdarg.h required more broadly; ok djm
Revision 1.119 / (download) - annotate - [select for diffs], Tue Nov 12 19:33:08 2019 UTC (4 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.118: +3 -1 lines
Diff to previous 1.118 (colored)
enable ed25519 support; ok djm
Revision 1.118 / (download) - annotate - [select for diffs], Thu Oct 31 21:19:14 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.117: +19 -6 lines
Diff to previous 1.117 (colored)
add new agent key constraint for U2F/FIDO provider feedback & ok markus@
Revision 1.117 / (download) - annotate - [select for diffs], Tue Sep 3 08:29:15 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.116: +27 -1 lines
Diff to previous 1.116 (colored)
authfd: add function to check if key is in agent This commit adds a helper function which allows the caller to check if a given public key is present in ssh-agent. work by Sebastian Kinne; ok markus@
Revision 1.116 / (download) - annotate - [select for diffs], Tue Sep 3 08:28:30 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.115: +3 -1 lines
Diff to previous 1.115 (colored)
fix memleak in ssh_free_identitylist(); ok markus@
Revision 1.115 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.114: +3 -3 lines
Diff to previous 1.114 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.114 / (download) - annotate - [select for diffs], Fri Jun 21 04:21:04 2019 UTC (4 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.113: +2 -2 lines
Diff to previous 1.113 (colored)
Add protection for private keys at rest in RAM against speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@
Revision 1.113 / (download) - annotate - [select for diffs], Thu Dec 27 23:02:11 2018 UTC (5 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.112: +6 -4 lines
Diff to previous 1.112 (colored)
Request RSA-SHA2 signatures for rsa-sha2-{256|512}-cert-v01@openssh.com
cert algorithms; ok markus@
Revision 1.112 / (download) - annotate - [select for diffs], Fri Nov 30 02:24:52 2018 UTC (5 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.111: +2 -2 lines
Diff to previous 1.111 (colored)
don't attempt to connect to empty SSH_AUTH_SOCK; bz#293
Revision 1.111 / (download) - annotate - [select for diffs], Mon Jul 9 21:59:10 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.110: +2 -2 lines
Diff to previous 1.110 (colored)
replace cast with call to sshbuf_mutable_ptr(); ok djm@
Revision 1.110 / (download) - annotate - [select for diffs], Tue Jul 3 11:39:54 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.109: +13 -11 lines
Diff to previous 1.109 (colored)
Improve strictness and control over RSA-SHA2 signature types: In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@
Revision 1.109 / (download) - annotate - [select for diffs], Tue Apr 10 00:10:49 2018 UTC (6 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.108: +2 -2 lines
Diff to previous 1.108 (colored)
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
Revision 1.108 / (download) - annotate - [select for diffs], Fri Feb 23 15:58:37 2018 UTC (6 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.107: +18 -21 lines
Diff to previous 1.107 (colored)
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
Revision 1.107 / (download) - annotate - [select for diffs], Sat Feb 10 09:25:34 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.106: +4 -4 lines
Diff to previous 1.106 (colored)
constify some private key-related functions; based on https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault
Revision 1.106 / (download) - annotate - [select for diffs], Tue Jan 23 05:27:21 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.105: +1 -3 lines
Diff to previous 1.105 (colored)
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
Revision 1.105 / (download) - annotate - [select for diffs], Sat Jul 1 13:50:45 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.104: +1 -2 lines
Diff to previous 1.104 (colored)
remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus
Revision 1.104 / (download) - annotate - [select for diffs], Wed Jun 28 01:09:22 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.103: +3 -3 lines
Diff to previous 1.103 (colored)
Allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 ok markus
Revision 1.103 / (download) - annotate - [select for diffs], Fri May 5 10:42:49 2017 UTC (7 years ago) by naddy
Branch: MAIN
Changes since 1.102: +13 -33 lines
Diff to previous 1.102 (colored)
more simplification and removal of SSHv1-related code; ok djm@
Revision 1.102 / (download) - annotate - [select for diffs], Thu May 4 06:10:57 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.101: +5 -1 lines
Diff to previous 1.101 (colored)
since a couple of people have asked, leave a comment explaining why we retain SSH v.1 support in the "delete all keys from agent" path.
Revision 1.101 / (download) - annotate - [select for diffs], Sun Apr 30 23:10:43 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.100: +1 -122 lines
Diff to previous 1.100 (colored)
unifdef WITH_SSH1 ok markus@
Revision 1.100 / (download) - annotate - [select for diffs], Fri Dec 4 16:41:28 2015 UTC (8 years, 5 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.99: +16 -2 lines
Diff to previous 1.99 (colored)
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@
Revision 1.99 / (download) - annotate - [select for diffs], Wed Sep 2 07:51:12 2015 UTC (8 years, 8 months ago) by jsg
Branch: MAIN
Changes since 1.98: +2 -2 lines
Diff to previous 1.98 (colored)
Fix occurrences of "r = func() != 0" which result in the wrong error codes being returned due to != having higher precedence than =. ok deraadt@ markus@
Revision 1.98 / (download) - annotate - [select for diffs], Fri Jul 3 03:43:18 2015 UTC (8 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.97: +1 -3 lines
Diff to previous 1.97 (colored)
delete support for legacy v00 certificates; "sure" markus@ dtucker@
Revision 1.97 / (download) - annotate - [select for diffs], Thu Mar 26 19:32:19 2015 UTC (9 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.96: +4 -7 lines
Diff to previous 1.96 (colored)
sigp and lenp are not optional in ssh_agent_sign(); ok djm@
Revision 1.96 / (download) - annotate - [select for diffs], Wed Mar 25 19:21:48 2015 UTC (9 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.95: +2 -2 lines
Diff to previous 1.95 (colored)
unbreak ssh_agent_sign (lenp vs *lenp)
Revision 1.95 / (download) - annotate - [select for diffs], Tue Mar 24 20:09:11 2015 UTC (9 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.94: +3 -2 lines
Diff to previous 1.94 (colored)
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
Revision 1.94 / (download) - annotate - [select for diffs], Wed Jan 14 20:05:27 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.93: +444 -402 lines
Diff to previous 1.93 (colored)
move authfd.c and its tentacles to the new buffer/key API; ok markus@
Revision 1.93 / (download) - annotate - [select for diffs], Tue Apr 29 18:01:49 2014 UTC (10 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.92: +17 -5 lines
Diff to previous 1.92 (colored)
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Revision 1.92 / (download) - annotate - [select for diffs], Fri Jan 31 16:39:19 2014 UTC (10 years, 3 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.91: +2 -2 lines
Diff to previous 1.91 (colored)
replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
Revision 1.91 / (download) - annotate - [select for diffs], Sun Dec 29 04:29:25 2013 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.90: +2 -4 lines
Diff to previous 1.90 (colored)
allow deletion of ed25519 keys from the agent
Revision 1.90 / (download) - annotate - [select for diffs], Fri Dec 6 13:39:49 2013 UTC (10 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.89: +3 -1 lines
Diff to previous 1.89 (colored)
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
Revision 1.89 / (download) - annotate - [select for diffs], Fri Dec 6 13:30:08 2013 UTC (10 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.88: +3 -52 lines
Diff to previous 1.88 (colored)
move private key (de)serialization to key.c; ok djm
Revision 1.86.8.1 / (download) - annotate - [select for diffs], Fri Nov 8 05:52:21 2013 UTC (10 years, 6 months ago) by djm
Branch: OPENBSD_5_3
Changes since 1.86: +2 -2 lines
Diff to previous 1.86 (colored) next main 1.87 (colored)
openssh-6.4 for the 5.3 branch; reminded by deraadt@
Revision 1.87.2.1 / (download) - annotate - [select for diffs], Fri Nov 8 01:33:56 2013 UTC (10 years, 6 months ago) by djm
Branch: OPENBSD_5_4
Changes since 1.87: +2 -2 lines
Diff to previous 1.87 (colored) next main 1.88 (colored)
cherrypick commit: date: 2013/11/08 00:39:15; author: djm; state: Exp; lines: +2 -2; use calloc for all structure allocations; from markus@
Revision 1.88 / (download) - annotate - [select for diffs], Fri Nov 8 00:39:14 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.87: +2 -2 lines
Diff to previous 1.87 (colored)
use calloc for all structure allocations; from markus@
Revision 1.87 / (download) - annotate - [select for diffs], Fri May 17 00:13:13 2013 UTC (11 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE
Branch point for: OPENBSD_5_4
Changes since 1.86: +5 -5 lines
Diff to previous 1.86 (colored)
bye, bye xfree(); ok markus@
Revision 1.86 / (download) - annotate - [select for diffs], Wed Jul 6 18:09:21 2011 UTC (12 years, 10 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Branch point for: OPENBSD_5_3
Changes since 1.85: +2 -1 lines
Diff to previous 1.85 (colored)
bzero the agent address. the kernel was for a while very cranky about these things. evne though that's fixed, always good to initialize memory. ok deraadt djm
Revision 1.85 / (download) - annotate - [select for diffs], Sun May 15 08:09:01 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.84: +2 -2 lines
Diff to previous 1.84 (colored)
use FD_CLOEXEC consistently; patch from zion AT x96.org
Revision 1.84 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.83: +18 -2 lines
Diff to previous 1.83 (colored)
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
Revision 1.83 / (download) - annotate - [select for diffs], Fri Apr 16 01:47:26 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.82: +5 -1 lines
Diff to previous 1.82 (colored)
revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
following changes:
move the nonce field to the beginning of the certificate where it can
better protect against chosen-prefix attacks on the signature hash
Rename "constraints" field to "critical options"
Add a new non-critical "extensions" field
Add a serial number
The older format is still support for authentication and cert generation
(use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
ok markus@
Revision 1.82 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.81: +22 -2 lines
Diff to previous 1.81 (colored)
Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
Revision 1.81 / (download) - annotate - [select for diffs], Thu Aug 27 17:44:52 2009 UTC (14 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.80: +1 -7 lines
Diff to previous 1.80 (colored)
Do not fall back to adding keys without contraints (ssh-add -c / -t ...) when the agent refuses the constrained add request. This was a useful migration measure back in 2002 when constraints were new, but just adds risk now. bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@
Revision 1.66.2.1 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:32 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.66: +18 -11 lines
Diff to previous 1.66 (colored) next main 1.67 (colored)
upgrade to OpenSSH 4.4
Revision 1.67.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:50 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.67: +15 -11 lines
Diff to previous 1.67 (colored) next main 1.68 (colored)
upgrade to OpenSSH 4.4
Revision 1.80 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:41 2006 UTC (17 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.79: +4 -4 lines
Diff to previous 1.79 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.79 / (download) - annotate - [select for diffs], Wed Jul 26 13:57:17 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.78: +2 -1 lines
Diff to previous 1.78 (colored)
move #include <stdlib.h> out of includes.h
Revision 1.78 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:22 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.77: +2 -1 lines
Diff to previous 1.77 (colored)
move #include <string.h> out of includes.h
Revision 1.77 / (download) - annotate - [select for diffs], Mon Jul 17 01:31:09 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.76: +2 -1 lines
Diff to previous 1.76 (colored)
move #include <unistd.h> out of includes.h
Revision 1.76 / (download) - annotate - [select for diffs], Sun Jul 9 15:15:10 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.75: +3 -1 lines
Diff to previous 1.75 (colored)
move #include <fcntl.h> out of includes.h
Revision 1.75 / (download) - annotate - [select for diffs], Sat Jul 8 21:47:12 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.74: +2 -1 lines
Diff to previous 1.74 (colored)
move #include <sys/socket.h> out of includes.h
Revision 1.74 / (download) - annotate - [select for diffs], Thu Mar 30 09:58:15 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.73: +4 -4 lines
Diff to previous 1.73 (colored)
replace {GET,PUT}_XXBIT macros with functionally similar functions,
silencing a heap of lint warnings. also allows them to use
__bounded__ checking which can't be applied to macros; requested
by and feedback from deraadt@
Revision 1.73 / (download) - annotate - [select for diffs], Sat Mar 25 18:29:35 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.72: +2 -2 lines
Diff to previous 1.72 (colored)
needed casts (always will be needed)
Revision 1.72 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:01 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.71: +1 -0 lines
Diff to previous 1.71 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.71 / (download) - annotate - [select for diffs], Sun Mar 19 18:52:11 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.70: +1 -1 lines
Diff to previous 1.70 (colored)
spacing
Revision 1.70 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:18 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.69: +0 -1 lines
Diff to previous 1.69 (colored)
RCSID() can die
Revision 1.69 / (download) - annotate - [select for diffs], Fri Mar 17 22:31:50 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.68: +1 -2 lines
Diff to previous 1.68 (colored)
another unreachable found by lint
Revision 1.68 / (download) - annotate - [select for diffs], Fri Mar 17 22:31:11 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.67: +1 -2 lines
Diff to previous 1.67 (colored)
unreachanble statement, found by lint
Revision 1.67 / (download) - annotate - [select for diffs], Mon Feb 20 16:36:14 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.66: +4 -1 lines
Diff to previous 1.66 (colored)
move #include <sys/un.h> out of includes.h; ok djm@
Revision 1.64.4.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:39:59 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.64: +6 -6 lines
Diff to previous 1.64 (colored) next main 1.65 (colored)
upgrade to OpenSSH 4.2
Revision 1.64.2.1 / (download) - annotate - [select for diffs], Fri Sep 2 03:44:59 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.64: +6 -6 lines
Diff to previous 1.64 (colored) next main 1.65 (colored)
upgrade to OpenSSH 4.2
Revision 1.66 / (download) - annotate - [select for diffs], Fri Jun 17 02:44:32 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_8
Changes since 1.65: +5 -4 lines
Diff to previous 1.65 (colored)
make this -Wsign-compare clean; ok avsm@ markus@
Revision 1.65 / (download) - annotate - [select for diffs], Tue May 24 17:32:43 2005 UTC (18 years, 11 months ago) by avsm
Branch: MAIN
Changes since 1.64: +2 -3 lines
Diff to previous 1.64 (colored)
Switch atomicio to use a simpler interface; it now returns a size_t
(containing number of bytes read/written), and indicates error by
returning 0. EOF is signalled by errno==EPIPE.
Typical use now becomes:
if (atomicio(read, ..., len) != len)
err(1,"read");
ok deraadt@, cloder@, djm@
Revision 1.61.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:30 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.61.2.1: +5 -14 lines
Diff to previous 1.61.2.1 (colored) to branchpoint 1.61 (colored) next main 1.62 (colored)
upgrade to OpenSSH 3.9
Revision 1.63.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:26 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.63: +5 -14 lines
Diff to previous 1.63 (colored) next main 1.64 (colored)
upgrade to OpenSSH 3.9
Revision 1.64 / (download) - annotate - [select for diffs], Wed Aug 11 21:44:31 2004 UTC (19 years, 9 months ago) by avsm
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_7,
OPENBSD_3_6
Changes since 1.63: +5 -14 lines
Diff to previous 1.63 (colored)
use atomicio instead of homegrown equivalents or read/write. markus@ ok
Revision 1.58.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:15 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.58.2.1: +7 -6 lines
Diff to previous 1.58.2.1 (colored) to branchpoint 1.58 (colored) next main 1.59 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.61.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:32 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.61: +7 -6 lines
Diff to previous 1.61 (colored)
upgrade to OpenSSH 3.8
Revision 1.63 / (download) - annotate - [select for diffs], Fri Nov 21 11:57:03 2003 UTC (20 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.62: +3 -3 lines
Diff to previous 1.62 (colored)
unexpand and delete whitespace at EOL; ok markus@
Revision 1.62 / (download) - annotate - [select for diffs], Thu Sep 18 13:02:21 2003 UTC (20 years, 8 months ago) by miod
Branch: MAIN
Changes since 1.61: +5 -4 lines
Diff to previous 1.61 (colored)
A few signedness fixes for harmless situations; markus@ ok
Revision 1.57.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:24 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.57.2.1: +29 -12 lines
Diff to previous 1.57.2.1 (colored) to branchpoint 1.57 (colored) next main 1.58 (colored)
upgrade to OpenSSH 3.7
Revision 1.58.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:42 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.58: +29 -12 lines
Diff to previous 1.58 (colored)
upgrade to OpenSSH 3.7
Revision 1.61 / (download) - annotate - [select for diffs], Sat Jun 28 16:23:06 2003 UTC (20 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.60: +3 -3 lines
Diff to previous 1.60 (colored)
deal with typing of write vs read in atomicio
Revision 1.60 / (download) - annotate - [select for diffs], Wed Jun 11 11:18:38 2003 UTC (20 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.59: +22 -5 lines
Diff to previous 1.59 (colored)
make agent constraints (lifetime, confirm) work with smartcard keys; ok markus@
Revision 1.59 / (download) - annotate - [select for diffs], Tue Apr 8 20:21:28 2003 UTC (21 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.58: +6 -6 lines
Diff to previous 1.58 (colored)
rename log() into logit() to avoid name conflict. markus ok, from netbsd
Revision 1.49.2.3 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:16 2003 UTC (21 years, 1 month ago) by miod
Branch: OPENBSD_3_1
Changes since 1.49.2.2: +6 -4 lines
Diff to previous 1.49.2.2 (colored) to branchpoint 1.49 (colored) next main 1.50 (colored)
Merge OpenSSH 3.6.1
Revision 1.57.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:13 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.57: +6 -4 lines
Diff to previous 1.57 (colored)
Update to OpenSSH 3.6
Revision 1.58 / (download) - annotate - [select for diffs], Thu Jan 23 13:50:27 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.57: +6 -4 lines
Diff to previous 1.57 (colored)
ssh-add -c, prompt user for confirmation (using ssh-askpass) when private agent key is used; with djm@; test by dugsong@, djm@; ok deraadt@
Revision 1.45.2.5 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:06 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.45.2.4: +19 -1 lines
Diff to previous 1.45.2.4 (colored) to branchpoint 1.45 (colored) next main 1.46 (colored)
Update to OpenSSH 3.5
Revision 1.49.2.2 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:52 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.49.2.1: +19 -1 lines
Diff to previous 1.49.2.1 (colored) to branchpoint 1.49 (colored)
Update to OpenSSH 3.5
Revision 1.57 / (download) - annotate - [select for diffs], Wed Sep 11 18:27:26 2002 UTC (21 years, 8 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.56: +19 -1 lines
Diff to previous 1.56 (colored)
don't connect to agent to test for presence if we've previously connected; ok markus@
Revision 1.45.2.4 / (download) - annotate - [select for diffs], Wed Jun 26 18:22:34 2002 UTC (21 years, 10 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.45.2.3: +2 -2 lines
Diff to previous 1.45.2.3 (colored) to branchpoint 1.45 (colored)
There was an update to OpenSSH 3.4, and people rejoiced.
Revision 1.49.2.1 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:37 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.49: +46 -9 lines
Diff to previous 1.49 (colored)
Pull in OpenSSH-3.4
Revision 1.56 / (download) - annotate - [select for diffs], Tue Jun 25 16:22:42 2002 UTC (21 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored)
unnecessary cast
Revision 1.45.2.3 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:17 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.45.2.2: +45 -8 lines
Diff to previous 1.45.2.2 (colored) to branchpoint 1.45 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.55 / (download) - annotate - [select for diffs], Wed Jun 19 00:27:55 2002 UTC (21 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored)
KNF done automatically while reading....
Revision 1.54 / (download) - annotate - [select for diffs], Sat Jun 15 01:27:48 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.53: +24 -43 lines
Diff to previous 1.53 (colored)
remove the CONSTRAIN_IDENTITY messages and introduce a new ADD_ID message with contraints instead. contraints can be only added together with the private key.
Revision 1.53 / (download) - annotate - [select for diffs], Sat Jun 15 00:07:38 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.52: +5 -5 lines
Diff to previous 1.52 (colored)
fix stupid typo
Revision 1.52 / (download) - annotate - [select for diffs], Sat Jun 15 00:01:36 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.51: +7 -6 lines
Diff to previous 1.51 (colored)
break agent key lifetime protocol and allow other contraints for key usage.
Revision 1.51 / (download) - annotate - [select for diffs], Wed Jun 5 21:55:44 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.50: +36 -1 lines
Diff to previous 1.50 (colored)
ssh-add -t life, Set lifetime (in seconds) when adding identities; ok provos@
Revision 1.50 / (download) - annotate - [select for diffs], Wed Jun 5 19:57:12 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.49: +21 -1 lines
Diff to previous 1.49 (colored)
ssh-add -x for lock and -X for unlocking the agent. todo: encrypt private keys with locked...
Revision 1.39.2.3 / (download) - annotate - [select for diffs], Sun Jun 2 22:56:09 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.39.2.2: +3 -2 lines
Diff to previous 1.39.2.2 (colored) to branchpoint 1.39 (colored) next main 1.40 (colored)
Upgrade to OpenSSH 3.2.3. Except for improbable compilation error fixes, this should be the last commit made to the 2.9-STABLE branche. Have fun upgrading.
Revision 1.45.2.2 / (download) - annotate - [select for diffs], Fri May 17 00:03:23 2002 UTC (22 years ago) by miod
Branch: OPENBSD_3_0
Changes since 1.45.2.1: +3 -2 lines
Diff to previous 1.45.2.1 (colored) to branchpoint 1.45 (colored)
Update OpenSSH to version 3.2.2.
Revision 1.49 / (download) - annotate - [select for diffs], Thu Mar 21 22:44:05 2002 UTC (22 years, 2 months ago) by rees
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.48: +3 -2 lines
Diff to previous 1.48 (colored)
Add PIN-protection for secret key.
Revision 1.39.2.2 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:44 2002 UTC (22 years, 2 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.39.2.1: +7 -7 lines
Diff to previous 1.39.2.1 (colored) to branchpoint 1.39 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.29.2.6 / (download) - annotate - [select for diffs], Fri Mar 8 17:04:42 2002 UTC (22 years, 2 months ago) by brad
Branch: OPENBSD_2_8
Changes since 1.29.2.5: +7 -7 lines
Diff to previous 1.29.2.5 (colored) to branchpoint 1.29 (colored) next main 1.30 (colored)
Merge OpenSSH 3.1.
Revision 1.45.2.1 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:46 2002 UTC (22 years, 2 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.45: +7 -7 lines
Diff to previous 1.45 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.48 / (download) - annotate - [select for diffs], Sun Feb 24 19:14:59 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.47: +3 -3 lines
Diff to previous 1.47 (colored)
signed vs. unsigned: make size arguments u_int, ok stevesk@
Revision 1.47 / (download) - annotate - [select for diffs], Fri Jan 18 18:14:17 2002 UTC (22 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)
unneeded cast cleanup; ok markus@
Revision 1.46 / (download) - annotate - [select for diffs], Wed Dec 5 10:06:12 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.45: +4 -4 lines
Diff to previous 1.45 (colored)
minor KNF
Revision 1.39.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:54 2001 UTC (22 years, 7 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.39: +29 -10 lines
Diff to previous 1.39 (colored)
Pull in OpenSSH-2.9.9
Revision 1.29.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:41 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.29.2.4: +29 -10 lines
Diff to previous 1.29.2.4 (colored) to branchpoint 1.29 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.45 / (download) - annotate - [select for diffs], Wed Sep 19 19:35:30 2001 UTC (22 years, 8 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.44: +3 -5 lines
Diff to previous 1.44 (colored)
use sizeof addr vs. SUN_LEN(addr) for sockaddr_un. Stevens blesses this and we do it this way elsewhere. this helps in portable because not all systems have SUN_LEN() and sockaddr_un.sun_len. ok markus@
Revision 1.44 / (download) - annotate - [select for diffs], Tue Aug 7 10:37:46 2001 UTC (22 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.43: +4 -2 lines
Diff to previous 1.43 (colored)
extended failure messages from galb@vandyke.com
Revision 1.43 / (download) - annotate - [select for diffs], Wed Aug 1 22:03:33 2001 UTC (22 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.42: +3 -3 lines
Diff to previous 1.42 (colored)
use strings instead of ints for smartcard reader ids
Revision 1.42 / (download) - annotate - [select for diffs], Tue Jun 26 04:59:59 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.41: +20 -1 lines
Diff to previous 1.41 (colored)
initial support for smartcards in the agent
Revision 1.41 / (download) - annotate - [select for diffs], Sat Jun 23 15:12:17 2001 UTC (22 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.40: +4 -4 lines
Diff to previous 1.40 (colored)
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
Revision 1.40 / (download) - annotate - [select for diffs], Thu Jun 7 20:23:03 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
use xxx_put_cstring()
Revision 1.29.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:26 2001 UTC (23 years ago) by jason
Branch: OPENBSD_2_8
Changes since 1.29.2.3: +3 -3 lines
Diff to previous 1.29.2.3 (colored) to branchpoint 1.29 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.39 / (download) - annotate - [select for diffs], Thu Apr 5 10:42:48 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.38: +3 -3 lines
Diff to previous 1.38 (colored)
fix whitespace: unexpand + trailing spaces.
Revision 1.29.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:22 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.29.2.2: +8 -3 lines
Diff to previous 1.29.2.2 (colored) to branchpoint 1.29 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.19.2.4 / (download) - annotate - [select for diffs], Wed Mar 21 18:52:35 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.19.2.3: +8 -3 lines
Diff to previous 1.19.2.3 (colored) to branchpoint 1.19 (colored) next main 1.20 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.19.2.3 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:08 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.19.2.2: +68 -47 lines
Diff to previous 1.19.2.2 (colored) to branchpoint 1.19 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.38 / (download) - annotate - [select for diffs], Tue Mar 6 00:33:03 2001 UTC (23 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.37: +5 -1 lines
Diff to previous 1.37 (colored)
EINTR/EAGAIN handling is required in more cases
Revision 1.37 / (download) - annotate - [select for diffs], Sun Mar 4 17:42:27 2001 UTC (23 years, 2 months ago) by millert
Branch: MAIN
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored)
log functions should not be passed strings that end in newline as they get passed on to syslog() and when logging to stderr, do_log() appends its own newline.
Revision 1.36 / (download) - annotate - [select for diffs], Thu Mar 1 02:11:25 2001 UTC (23 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.35: +3 -2 lines
Diff to previous 1.35 (colored)
split line so that p will have an easier time next time around
Revision 1.29.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:18:39 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.29.2.1: +0 -0 lines
Diff to previous 1.29.2.1 (colored) to branchpoint 1.29 (colored)
Pull in OpenSSH-2.5.1
Revision 1.29.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:12:54 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.29: +68 -47 lines
Diff to previous 1.29 (colored)
Pull in OpenSSH 2.5.0
Revision 1.35 / (download) - annotate - [select for diffs], Sun Feb 4 15:32:22 2001 UTC (23 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
unexpand and remove end-of-line whitespace; ok markus@
Revision 1.34 / (download) - annotate - [select for diffs], Sun Feb 4 13:30:11 2001 UTC (23 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.33: +1 -2 lines
Diff to previous 1.33 (colored)
remove duplicate #include's; ok markus@
Revision 1.33 / (download) - annotate - [select for diffs], Sun Jan 21 19:05:44 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.32: +7 -5 lines
Diff to previous 1.32 (colored)
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
Revision 1.32 / (download) - annotate - [select for diffs], Wed Dec 20 19:37:21 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.31: +3 -3 lines
Diff to previous 1.31 (colored)
fix prototypes; from stevesk@pobox.com
Revision 1.31 / (download) - annotate - [select for diffs], Tue Dec 19 23:17:55 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.30: +13 -13 lines
Diff to previous 1.30 (colored)
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
Revision 1.30 / (download) - annotate - [select for diffs], Sun Nov 12 19:50:37 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.29: +48 -28 lines
Diff to previous 1.29 (colored)
add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
Revision 1.19.2.2 / (download) - annotate - [select for diffs], Wed Nov 8 21:30:25 2000 UTC (23 years, 6 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.19.2.1: +42 -13 lines
Diff to previous 1.19.2.1 (colored) to branchpoint 1.19 (colored)
openssh-2.3.0 (again) for 2.7 branch
Revision 1.29 / (download) - annotate - [select for diffs], Mon Oct 9 21:51:00 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.28: +9 -4 lines
Diff to previous 1.28 (colored)
interop with ssh-agent2, from <res@shore.net>
Revision 1.28 / (download) - annotate - [select for diffs], Thu Sep 21 11:07:50 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.27: +8 -3 lines
Diff to previous 1.27 (colored)
bug compat for old ssh.com software
Revision 1.27 / (download) - annotate - [select for diffs], Thu Sep 7 20:27:49 2000 UTC (23 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.26: +27 -9 lines
Diff to previous 1.26 (colored)
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
Revision 1.19.2.1 / (download) - annotate - [select for diffs], Fri Sep 1 18:23:17 2000 UTC (23 years, 8 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.19: +293 -350 lines
Diff to previous 1.19 (colored)
Pull in the rest of openssh-2.2.0 to 2.7 branch (luvin' cvs...)
Revision 1.26 / (download) - annotate - [select for diffs], Thu Aug 31 22:09:34 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored)
add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
Revision 1.25 / (download) - annotate - [select for diffs], Sat Aug 19 21:34:42 2000 UTC (23 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.24: +153 -78 lines
Diff to previous 1.24 (colored)
add SSH2/DSA support to the agent and some other DSA related cleanups. (note that we cannot talk to ssh.com's ssh2 agents)
Revision 1.24 / (download) - annotate - [select for diffs], Tue Aug 15 19:20:46 2000 UTC (23 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.23: +114 -202 lines
Diff to previous 1.23 (colored)
cleanup; ok niels@
Revision 1.23 / (download) - annotate - [select for diffs], Wed Aug 2 06:23:30 2000 UTC (23 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.22: +4 -3 lines
Diff to previous 1.22 (colored)
correct sun_len; Alexander@Leidinger.net
Revision 1.22 / (download) - annotate - [select for diffs], Sun Jul 16 08:27:20 2000 UTC (23 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.21: +53 -18 lines
Diff to previous 1.21 (colored)
make ssh-add accept dsa keys (the agent does not)
Revision 1.21 / (download) - annotate - [select for diffs], Mon Jun 26 09:22:29 2000 UTC (23 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.20: +31 -111 lines
Diff to previous 1.20 (colored)
cleanup, less cut&paste
Revision 1.20 / (download) - annotate - [select for diffs], Tue Jun 20 01:39:38 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.19: +1 -1 lines
Diff to previous 1.19 (colored)
OpenBSD tag
Revision 1.19 / (download) - annotate - [select for diffs], Sat Apr 29 18:11:52 2000 UTC (24 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE
Branch point for: OPENBSD_2_7
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 (colored)
keysize warnings error() -> log()
Revision 1.18 / (download) - annotate - [select for diffs], Fri Apr 14 10:30:29 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.17: +12 -12 lines
Diff to previous 1.17 (colored)
whitespace cleanup
Revision 1.17 / (download) - annotate - [select for diffs], Wed Apr 12 09:39:09 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
#include <ssl/foo.h> -> <openssh/foo.h>
Revision 1.16 / (download) - annotate - [select for diffs], Wed Dec 15 19:43:10 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
keysize warnings talk about identity files
Revision 1.15 / (download) - annotate - [select for diffs], Mon Dec 6 20:15:26 1999 UTC (24 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.14: +12 -12 lines
Diff to previous 1.14 (colored)
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
Revision 1.14 / (download) - annotate - [select for diffs], Wed Nov 24 19:53:44 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.13: +80 -47 lines
Diff to previous 1.13 (colored)
KNF, final part 3
Revision 1.13 / (download) - annotate - [select for diffs], Wed Nov 24 00:26:00 1999 UTC (24 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.12: +14 -14 lines
Diff to previous 1.12 (colored)
much more KNF
Revision 1.12 / (download) - annotate - [select for diffs], Tue Nov 23 22:25:52 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.11: +437 -470 lines
Diff to previous 1.11 (colored)
KNF part 1
Revision 1.11 / (download) - annotate - [select for diffs], Thu Nov 18 11:09:39 1999 UTC (24 years, 6 months ago) by ho
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
Integers should not be printed with %s
Revision 1.10 / (download) - annotate - [select for diffs], Tue Nov 16 22:52:55 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.9: +8 -1 lines
Diff to previous 1.9 (colored)
close-on-exec for auth-socket, ok deraadt
Revision 1.9 / (download) - annotate - [select for diffs], Mon Nov 15 20:53:24 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.8: +13 -7 lines
Diff to previous 1.8 (colored)
the keysize of rsa-parameter 'n' is passed implizit, a few more checks and warnings about 'pretended' keysizes.
Revision 1.8 / (download) - annotate - [select for diffs], Thu Oct 14 18:17:41 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.7: +6 -110 lines
Diff to previous 1.7 (colored)
fix old connect() race security-bug for ssh-agent and agent-forwarding by removing the connect() junk, with the following restrictions: 1) change the version to "OpenSSH-1.1": agent-forwarding will work only between OpenSSH-1.1 client and OpenSSH-1.1 server 2) renamed the environment variable of OpenSSH-1.1 to "SSH_AUTH_SOCKET", since useing OpenSSH-1.0 ssh-add against the new ssh-agent does not work
Revision 1.7 / (download) - annotate - [select for diffs], Tue Oct 5 22:18:52 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
move auth-sockets to private dir delete minfd residua
Revision 1.6 / (download) - annotate - [select for diffs], Mon Oct 4 20:45:01 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.5: +1 -8 lines
Diff to previous 1.5 (colored)
nuke genminfd/AUTH_FD
Revision 1.5 / (download) - annotate - [select for diffs], Sun Oct 3 19:22:38 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.4: +4 -4 lines
Diff to previous 1.4 (colored)
use SHUT_* symbols
Revision 1.4 / (download) - annotate - [select for diffs], Thu Sep 30 08:34:24 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +4 -4 lines
Diff to previous 1.3 (colored)
even smaller
Revision 1.3 / (download) - annotate - [select for diffs], Wed Sep 29 21:14:15 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
numerous sprintf, strncpy, strcpy cleanups
Revision 1.2 / (download) - annotate - [select for diffs], Tue Sep 28 04:45:35 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.1: +34 -27 lines
Diff to previous 1.1 (colored)
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Sep 26 20:53:33 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.