![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.44 / (download) - annotate - [select for diffs], Fri Mar 10 04:06:21 2023 UTC (14 months, 1 week ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
HEAD
Changes since 1.43: +2 -1 lines
Diff to previous 1.43 (colored)
Plug mem leak on error path. Coverity CID 405026, ok djm@.
Revision 1.43 / (download) - annotate - [select for diffs], Fri Feb 10 04:56:30 2023 UTC (15 months ago) by djm
Branch: MAIN
Changes since 1.42: +5 -2 lines
Diff to previous 1.42 (colored)
let ssh-keygen and ssh-keyscan accept -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection. bz3493 ok dtucker@
Revision 1.42 / (download) - annotate - [select for diffs], Tue Feb 1 23:32:51 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)
mark const string array contents const too, i.e. static const char *array => static const char * const array from Mike Frysinger
Revision 1.41 / (download) - annotate - [select for diffs], Mon Jul 19 03:13:28 2021 UTC (2 years, 9 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.40: +25 -39 lines
Diff to previous 1.40 (colored)
Ensure that all returned SSHFP records for the specified host name and hostkey type match instead of only one. While there, simplify the code somewhat and add some debugging. Based on discussion in bz#3322, ok djm@.
Revision 1.40 / (download) - annotate - [select for diffs], Mon Jul 5 01:16:46 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
Order includes as per style(9). Portable already has these so this removes a handful of diffs between the two.
Revision 1.39 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:01 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.38: +3 -4 lines
Diff to previous 1.38 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.38 / (download) - annotate - [select for diffs], Fri Feb 23 15:58:37 2018 UTC (6 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.37: +6 -1 lines
Diff to previous 1.37 (colored)
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
Revision 1.37 / (download) - annotate - [select for diffs], Thu Sep 14 04:32:21 2017 UTC (6 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.36: +5 -7 lines
Diff to previous 1.36 (colored)
Revert commitid: gJtIN6rRTS3CHy9b. ------------- identify the case where SSHFP records are missing but other DNS RR types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ ------------- This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results are missing but the user already has the key in known_hosts Spotted by dtucker@
Revision 1.36 / (download) - annotate - [select for diffs], Fri Sep 1 05:53:56 2017 UTC (6 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.35: +8 -6 lines
Diff to previous 1.35 (colored)
identify the case where SSHFP records are missing but other DNS RR types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
Revision 1.35 / (download) - annotate - [select for diffs], Thu Aug 20 22:32:42 2015 UTC (8 years, 8 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
Do not cast result of malloc/calloc/realloc* if stdlib.h is in scope ok krw millert
Revision 1.34 / (download) - annotate - [select for diffs], Wed Jan 28 22:36:00 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.33: +3 -3 lines
Diff to previous 1.33 (colored)
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
Revision 1.33 / (download) - annotate - [select for diffs], Thu Jan 15 09:40:00 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.32: +16 -14 lines
Diff to previous 1.32 (colored)
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
Revision 1.32 / (download) - annotate - [select for diffs], Sun Dec 21 22:27:56 2014 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.31: +6 -5 lines
Diff to previous 1.31 (colored)
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
Revision 1.31 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.30: +3 -1 lines
Diff to previous 1.30 (colored)
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
Revision 1.30 / (download) - annotate - [select for diffs], Sun Apr 20 09:24:26 2014 UTC (10 years ago) by logan
Branch: MAIN
Changes since 1.29: +6 -1 lines
Diff to previous 1.29 (colored)
Add support for SSHFP DNS records for ED25519 key types. OK from djm@
Revision 1.29 / (download) - annotate - [select for diffs], Fri May 17 00:13:13 2013 UTC (11 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.28: +5 -5 lines
Diff to previous 1.28 (colored)
bye, bye xfree(); ok markus@
Revision 1.28 / (download) - annotate - [select for diffs], Wed May 23 03:28:28 2012 UTC (11 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.27: +69 -34 lines
Diff to previous 1.27 (colored)
add support for RFC6594 SSHFP DNS records for ECDSA key types. patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
Revision 1.27 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.26: +2 -1 lines
Diff to previous 1.26 (colored)
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
Revision 1.26 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.25: +4 -4 lines
Diff to previous 1.25 (colored)
Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
Revision 1.25 / (download) - annotate - [select for diffs], Thu Jun 12 00:03:49 2008 UTC (15 years, 11 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.24: +11 -2 lines
Diff to previous 1.24 (colored)
Do not pass "0" strings as ports to getaddrinfo because the lookups can slow things down and we never use the service info anyway. bz #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok deraadt@ djm@ djm belives that the reason for the "0" strings is to ensure that it's not possible to call getaddrinfo with both host and port being NULL. In the case of canohost.c host is a local array. In the case of sshconnect.c, it's checked for null immediately before use. In dns.c it ultimately comes from ssh.c:main() and is guaranteed to be non-null but it's not obvious, so I added a warning message in case it is ever passed a null.
Revision 1.24 / (download) - annotate - [select for diffs], Wed Jan 3 03:01:40 2007 UTC (17 years, 4 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)
spaces
Revision 1.12.2.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:32 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.12.2.1: +6 -4 lines
Diff to previous 1.12.2.1 (colored) to branchpoint 1.12 (colored) next main 1.13 (colored)
upgrade to OpenSSH 4.4
Revision 1.16.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:50 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.16: +6 -4 lines
Diff to previous 1.16 (colored) next main 1.17 (colored)
upgrade to OpenSSH 4.4
Revision 1.23 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.22: +1 -3 lines
Diff to previous 1.22 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.22 / (download) - annotate - [select for diffs], Tue Aug 1 23:22:47 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.21: +2 -1 lines
Diff to previous 1.21 (colored)
move #include <stdio.h> out of includes.h
Revision 1.21 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.20: +2 -1 lines
Diff to previous 1.20 (colored)
move #include <string.h> out of includes.h
Revision 1.20 / (download) - annotate - [select for diffs], Sat Jul 8 21:47:12 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.19: +4 -1 lines
Diff to previous 1.19 (colored)
move #include <sys/socket.h> out of includes.h
Revision 1.19 / (download) - annotate - [select for diffs], Sat Mar 25 22:22:43 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.18: +1 -1 lines
Diff to previous 1.18 (colored)
standardise spacing in $OpenBSD$ tags; requested by deraadt@
Revision 1.18 / (download) - annotate - [select for diffs], Mon Mar 20 18:41:43 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
cast xstrdup to propert u_char *
Revision 1.17 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:18 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.16: +1 -2 lines
Diff to previous 1.16 (colored)
RCSID() can die
Revision 1.12.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:56 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.12: +13 -22 lines
Diff to previous 1.12 (colored)
upgrade to OpenSSH 4.3
Revision 1.10.4.2 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:44 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.10.4.1: +13 -22 lines
Diff to previous 1.10.4.1 (colored) to branchpoint 1.10 (colored) next main 1.11 (colored)
upgrade to OpenSSH 4.3
Revision 1.16 / (download) - annotate - [select for diffs], Mon Oct 17 14:13:35 2005 UTC (18 years, 7 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.15: +5 -9 lines
Diff to previous 1.15 (colored)
more cleanups; ok jakob@
Revision 1.15 / (download) - annotate - [select for diffs], Mon Oct 17 14:01:28 2005 UTC (18 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.14: +2 -10 lines
Diff to previous 1.14 (colored)
remove #ifdef LWRES; ok jakob@
Revision 1.14 / (download) - annotate - [select for diffs], Mon Oct 17 13:45:05 2005 UTC (18 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.13: +9 -4 lines
Diff to previous 1.13 (colored)
fix memory leaks from 2 sources:
1) key_fingerprint_raw()
2) malloc in dns_read_rdata()
ok jakob@
Revision 1.13 / (download) - annotate - [select for diffs], Thu Oct 13 19:13:41 2005 UTC (18 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.12: +3 -5 lines
Diff to previous 1.12 (colored)
unneeded #include, unused declaration, little knf; ok deraadt@
Revision 1.10.4.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:02 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.10: +29 -4 lines
Diff to previous 1.10 (colored)
upgrade to OpenSSH 4.2
Revision 1.10.2.1 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:00 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.10: +29 -4 lines
Diff to previous 1.10 (colored) next main 1.11 (colored)
upgrade to OpenSSH 4.2
Revision 1.12 / (download) - annotate - [select for diffs], Fri Jun 17 02:44:32 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_8
Changes since 1.11: +4 -4 lines
Diff to previous 1.11 (colored)
make this -Wsign-compare clean; ok avsm@ markus@
Revision 1.11 / (download) - annotate - [select for diffs], Wed Apr 20 10:05:45 2005 UTC (19 years, 1 month ago) by jakob
Branch: MAIN
Changes since 1.10: +27 -2 lines
Diff to previous 1.10 (colored)
do not try to look up SSHFP for numerical hostname. ok djm@
Revision 1.6.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:31 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.6.2.1: +4 -4 lines
Diff to previous 1.6.2.1 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored)
upgrade to OpenSSH 3.9
Revision 1.9.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:26 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.9: +4 -4 lines
Diff to previous 1.9 (colored) next main 1.10 (colored)
upgrade to OpenSSH 3.9
Revision 1.10 / (download) - annotate - [select for diffs], Mon Jun 21 17:36:31 2004 UTC (19 years, 10 months ago) by avsm
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_7,
OPENBSD_3_6
Changes since 1.9: +4 -4 lines
Diff to previous 1.9 (colored)
make ssh -Wshadow clean, no functional changes markus@ ok
Revision 1.6.4.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:15 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.6.4.1: +28 -43 lines
Diff to previous 1.6.4.1 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.6.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:33 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.6: +28 -43 lines
Diff to previous 1.6 (colored)
upgrade to OpenSSH 3.8
Revision 1.9 / (download) - annotate - [select for diffs], Fri Nov 21 11:57:03 2003 UTC (20 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored)
unexpand and delete whitespace at EOL; ok markus@
Revision 1.8 / (download) - annotate - [select for diffs], Wed Nov 12 16:39:58 2003 UTC (20 years, 6 months ago) by jakob
Branch: MAIN
Changes since 1.7: +28 -40 lines
Diff to previous 1.7 (colored)
update SSHFP validation. ok markus@
Revision 1.7 / (download) - annotate - [select for diffs], Tue Oct 14 19:42:10 2003 UTC (20 years, 7 months ago) by jakob
Branch: MAIN
Changes since 1.6: +2 -5 lines
Diff to previous 1.6 (colored)
include SSHFP lookup code (not enabled by default). ok markus@
Revision 1.6.6.1 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:25 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored) next main 1.7 (colored)
upgrade to OpenSSH 3.7
Revision 1.6.4.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:43 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
upgrade to OpenSSH 3.7
Revision 1.6 / (download) - annotate - [select for diffs], Wed Jun 11 10:18:47 2003 UTC (20 years, 11 months ago) by jakob
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4,
OPENBSD_3_3,
OPENBSD_3_2
Changes since 1.5: +2 -7 lines
Diff to previous 1.5 (colored)
sync with check_host_key() change
Revision 1.5 / (download) - annotate - [select for diffs], Thu May 15 02:27:15 2003 UTC (21 years ago) by jakob
Branch: MAIN
Changes since 1.4: +4 -2 lines
Diff to previous 1.4 (colored)
add missing freerrset
Revision 1.4 / (download) - annotate - [select for diffs], Wed May 14 23:29:22 2003 UTC (21 years ago) by jakob
Branch: MAIN
Changes since 1.3: +12 -12 lines
Diff to previous 1.3 (colored)
sshfp contains fingerprints, not keys
Revision 1.3 / (download) - annotate - [select for diffs], Wed May 14 22:56:51 2003 UTC (21 years ago) by jakob
Branch: MAIN
Changes since 1.2: +10 -10 lines
Diff to previous 1.2 (colored)
rename enum
Revision 1.2 / (download) - annotate - [select for diffs], Wed May 14 22:51:56 2003 UTC (21 years ago) by jakob
Branch: MAIN
Changes since 1.1: +2 -4 lines
Diff to previous 1.1 (colored)
update license, remove 3rd clause. ok author (me)
Revision 1.1 / (download) - annotate - [select for diffs], Wed May 14 18:16:20 2003 UTC (21 years ago) by jakob
Branch: MAIN
add experimental support for verifying hos keys using DNS as described in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@