Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.238 / (download) - annotate - [select for diffs], Fri May 17 00:30:24 2024 UTC (6 hours, 31 minutes ago) by djm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.237: +30 -19 lines
Diff to previous 1.237 (colored)
Start the process of splitting sshd into separate binaries. This step splits sshd into a listener and a session binary. More splits are planned. After this changes, the listener binary will validate the configuration, load the hostkeys, listen on port 22 and manage MaxStartups only. All session handling will be performed by a new sshd-session binary that the listener fork+execs. This reduces the listener process to the minimum necessary and sets us up for future work on the sshd-session binary. feedback/ok markus@ deraadt@ NB. if you're updating via source, please restart sshd after installing, otherwise you run the risk of locking yourself out.
Revision 1.237 / (download) - annotate - [select for diffs], Wed Aug 16 16:14:11 2023 UTC (9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.236: +6 -1 lines
Diff to previous 1.236 (colored)
defence-in-depth MaxAuthTries check in monitor; ok markus
Revision 1.236 / (download) - annotate - [select for diffs], Wed May 10 10:04:20 2023 UTC (12 months, 1 week ago) by dtucker
Branch: MAIN
Changes since 1.235: +1 -4 lines
Diff to previous 1.235 (colored)
Remove now-unused prototypes for ssh1 RSA functions. From lengyijun via github PR#396.
Revision 1.235 / (download) - annotate - [select for diffs], Fri Feb 17 04:22:50 2023 UTC (14 months, 4 weeks ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.234: +1 -6 lines
Diff to previous 1.234 (colored)
Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code to set this was removed in OpenSSH 7.7 when support for SSH implementations dating back to before RFC standardization were removed. "burn it all" djm@
Revision 1.234 / (download) - annotate - [select for diffs], Wed Jun 15 16:08:25 2022 UTC (23 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.233: +3 -6 lines
Diff to previous 1.233 (colored)
make sure that UseDNS hostname lookup happens in the monitor and not in the pledge(2)'d unprivileged process; fixes regression caused by recent refactoring spotted by henning@
Revision 1.233 / (download) - annotate - [select for diffs], Fri May 27 05:01:25 2022 UTC (23 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.232: +6 -3 lines
Diff to previous 1.232 (colored)
refactor authorized_keys/principals handling remove "struct ssh *" from arguments - this was only used to pass the remote host/address. These can be passed in instead and the resulting code is less tightly coupled to ssh_api.[ch] ok dtucker@
Revision 1.232 / (download) - annotate - [select for diffs], Fri Feb 25 02:09:27 2022 UTC (2 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.231: +4 -7 lines
Diff to previous 1.231 (colored)
save an unneccessary alloc/free, based on patch from Martin Vahlensieck; ok dtucker@
Revision 1.231 / (download) - annotate - [select for diffs], Fri Jan 28 06:18:42 2022 UTC (2 years, 3 months ago) by guenther
Branch: MAIN
Changes since 1.230: +2 -2 lines
Diff to previous 1.230 (colored)
When it's the possessive of 'it', it's spelled "its", without the apostrophe.
Revision 1.230 / (download) - annotate - [select for diffs], Thu Jan 6 22:03:59 2022 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.229: +3 -2 lines
Diff to previous 1.229 (colored)
log signature algorithm during verification by monitor; ok markus
Revision 1.229 / (download) - annotate - [select for diffs], Sun Dec 19 22:12:30 2021 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.228: +21 -5 lines
Diff to previous 1.228 (colored)
sshd side of hostbound public key auth This is identical to the standard "publickey" method, but it also includes the initial server hostkey in the message signed by the client. feedback / ok markus@
Revision 1.228 / (download) - annotate - [select for diffs], Wed Aug 11 05:20:17 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.227: +4 -6 lines
Diff to previous 1.227 (colored)
remove a bunch of %p in format strings; leftovers of debuggings past. prompted by Michael Forney, ok dtucker@
Revision 1.227 / (download) - annotate - [select for diffs], Fri Jul 2 05:11:20 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.226: +2 -2 lines
Diff to previous 1.226 (colored)
Remove references to ChallengeResponseAuthentication in favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but not entirely equivalent. We retain the old name as deprecated alias so config files continue to work and a reference in the man page for people looking for it. Prompted by bz#3303 which pointed out the discrepancy between the two when used with Match. Man page help & ok jmc@, with & ok djm@
Revision 1.226 / (download) - annotate - [select for diffs], Fri Apr 30 04:02:52 2021 UTC (3 years ago) by dtucker
Branch: MAIN
Changes since 1.225: +1 -3 lines
Diff to previous 1.225 (colored)
Remove now-unused skey function prototypes leftover from skey removal.
Revision 1.225 / (download) - annotate - [select for diffs], Thu Apr 15 16:24:31 2021 UTC (3 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.224: +6 -10 lines
Diff to previous 1.224 (colored)
do not pass file/func to monitor; noted by Ilja van Sprundel; ok djm@
Revision 1.224 / (download) - annotate - [select for diffs], Wed Mar 3 22:41:49 2021 UTC (3 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.223: +4 -4 lines
Diff to previous 1.223 (colored)
don't sshbuf_get_u32() into an enum; reported by goetze AT dovetail.com via bz3269
Revision 1.223 / (download) - annotate - [select for diffs], Wed Jan 27 10:05:28 2021 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.222: +28 -21 lines
Diff to previous 1.222 (colored)
make ssh->kex->session_id a sshbuf instead of u_char*/size_t and use that instead of global variables containing copies of it. feedback/ok markus@
Revision 1.222 / (download) - annotate - [select for diffs], Wed Jan 27 09:26:54 2021 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.221: +5 -5 lines
Diff to previous 1.221 (colored)
remove global variable used to stash compat flags and use the purpose-built ssh->compat variable instead; feedback/ok markus@
Revision 1.221 / (download) - annotate - [select for diffs], Tue Jan 26 05:32:21 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.220: +2 -2 lines
Diff to previous 1.220 (colored)
Rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@
Revision 1.220 / (download) - annotate - [select for diffs], Fri Jan 22 02:44:58 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.219: +2 -2 lines
Diff to previous 1.219 (colored)
Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
Revision 1.219 / (download) - annotate - [select for diffs], Tue Dec 29 00:59:15 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.218: +2 -2 lines
Diff to previous 1.218 (colored)
Update/replace the experimental post-quantim hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519). The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761. The sntrup761 implementaion, like sntrup4591761 before it, is public domain code extracted from the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html). Thanks for Daniel J Bernstein for guidance on algorithm selection. Patch from Tobias Heider; feedback & ok markus@ and myself (note this both the updated method and the one that it replaced are disabled by default)
Revision 1.218 / (download) - annotate - [select for diffs], Fri Nov 27 00:37:10 2020 UTC (3 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.217: +16 -6 lines
Diff to previous 1.217 (colored)
clean up passing of struct passwd from monitor to preauth privsep process. No longer copy entire struct w/ pointer addresses, but pass remaining scalar fields explicitly, Prompted by Yuichiro NAITO, feedback Thorsten Glaser; ok dtucker@
Revision 1.217 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:01 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.216: +140 -154 lines
Diff to previous 1.216 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.216 / (download) - annotate - [select for diffs], Sun Oct 18 11:21:59 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.215: +3 -4 lines
Diff to previous 1.215 (colored)
variants of the log methods that append a ssherr.h string from a supplied error code; ok markus@
Revision 1.215 / (download) - annotate - [select for diffs], Fri Oct 16 13:24:45 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.214: +10 -5 lines
Diff to previous 1.214 (colored)
revised log infrastructure for OpenSSH log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists. ok markus@
Revision 1.214 / (download) - annotate - [select for diffs], Thu Aug 27 01:07:09 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.213: +15 -2 lines
Diff to previous 1.213 (colored)
support for requiring user verified FIDO keys in sshd This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it. feedback and ok markus@
Revision 1.213 / (download) - annotate - [select for diffs], Thu Aug 27 01:06:18 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.212: +2 -2 lines
Diff to previous 1.212 (colored)
support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
Revision 1.212 / (download) - annotate - [select for diffs], Tue Jul 7 02:47:21 2020 UTC (3 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.211: +2 -2 lines
Diff to previous 1.211 (colored)
correct recently broken comments
Revision 1.211 / (download) - annotate - [select for diffs], Sun Jul 5 23:59:45 2020 UTC (3 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.210: +2 -2 lines
Diff to previous 1.210 (colored)
some language improvements; ok markus
Revision 1.210 / (download) - annotate - [select for diffs], Fri Mar 13 03:17:07 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.209: +2 -2 lines
Diff to previous 1.209 (colored)
spelling errors in comments; no code change from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
Revision 1.209 / (download) - annotate - [select for diffs], Wed Feb 26 13:40:09 2020 UTC (4 years, 2 months ago) by jsg
Branch: MAIN
Changes since 1.208: +2 -3 lines
Diff to previous 1.208 (colored)
change explicit_bzero();free() to freezero() While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@
Revision 1.208 / (download) - annotate - [select for diffs], Thu Feb 6 22:30:54 2020 UTC (4 years, 3 months ago) by naddy
Branch: MAIN
Changes since 1.207: +4 -3 lines
Diff to previous 1.207 (colored)
Replace "security key" with "authenticator" in program messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@
Revision 1.207 / (download) - annotate - [select for diffs], Thu Jan 23 07:10:22 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.206: +4 -4 lines
Diff to previous 1.206 (colored)
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
Revision 1.206 / (download) - annotate - [select for diffs], Sun Dec 15 18:57:30 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.205: +2 -2 lines
Diff to previous 1.205 (colored)
allow security keys to act as host keys as well as user keys. Previously we didn't do this because we didn't want to expose the attack surface presented by USB and FIDO protocol handling, but now that this is insulated behind ssh-sk-helper there is less risk. ok markus@
Revision 1.205 / (download) - annotate - [select for diffs], Mon Nov 25 10:23:36 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.204: +2 -2 lines
Diff to previous 1.204 (colored)
redundant test
Revision 1.204 / (download) - annotate - [select for diffs], Mon Nov 25 00:54:23 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.203: +3 -2 lines
Diff to previous 1.203 (colored)
add a "no-touch-required" option for authorized_keys and a similar extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus
Revision 1.203 / (download) - annotate - [select for diffs], Mon Nov 25 00:52:46 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.202: +39 -24 lines
Diff to previous 1.202 (colored)
Add a sshd_config PubkeyAuthOptions directive This directive has a single valid option "no-touch-required" that causes sshd to skip checking whether user presence was tested before a security key signature was made (usually by the user touching the key). ok markus@
Revision 1.202 / (download) - annotate - [select for diffs], Mon Nov 25 00:51:37 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.201: +11 -3 lines
Diff to previous 1.201 (colored)
Add new structure for signature options This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@
Revision 1.201 / (download) - annotate - [select for diffs], Tue Nov 19 22:21:15 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.200: +4 -3 lines
Diff to previous 1.200 (colored)
a little more information from the monitor when signature verification fails.
Revision 1.200 / (download) - annotate - [select for diffs], Thu Oct 31 21:23:19 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.199: +2 -2 lines
Diff to previous 1.199 (colored)
Refactor signing - use sshkey_sign for everything, including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
Revision 1.199 / (download) - annotate - [select for diffs], Mon Oct 7 23:10:38 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.198: +2 -2 lines
Diff to previous 1.198 (colored)
reversed test yielded incorrect debug message
Revision 1.198 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.197: +5 -5 lines
Diff to previous 1.197 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.197 / (download) - annotate - [select for diffs], Mon Jan 21 10:38:54 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.196: +9 -9 lines
Diff to previous 1.196 (colored)
merge kexkem[cs] into kexgen from markus@ ok djm@
Revision 1.196 / (download) - annotate - [select for diffs], Mon Jan 21 10:29:56 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.195: +2 -2 lines
Diff to previous 1.195 (colored)
use KEM API for vanilla ECDH from markus@ ok djm@
Revision 1.195 / (download) - annotate - [select for diffs], Mon Jan 21 10:28:02 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.194: +6 -6 lines
Diff to previous 1.194 (colored)
use KEM API for vanilla DH KEX from markus@ ok djm@
Revision 1.194 / (download) - annotate - [select for diffs], Mon Jan 21 10:24:09 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.193: +2 -2 lines
Diff to previous 1.193 (colored)
use KEM API for vanilla c25519 KEX
Revision 1.193 / (download) - annotate - [select for diffs], Mon Jan 21 10:20:12 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.192: +2 -1 lines
Diff to previous 1.192 (colored)
Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@
Revision 1.192 / (download) - annotate - [select for diffs], Sat Jan 19 21:43:56 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.191: +4 -4 lines
Diff to previous 1.191 (colored)
remove last references to active_state with & ok markus@
Revision 1.191 / (download) - annotate - [select for diffs], Sat Jan 19 21:43:07 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.190: +63 -74 lines
Diff to previous 1.190 (colored)
convert monitor.c to new packet API with & ok markus@
Revision 1.190 / (download) - annotate - [select for diffs], Sat Jan 19 21:41:18 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.189: +4 -4 lines
Diff to previous 1.189 (colored)
convert auth.c to new packet API with & ok markus@
Revision 1.189 / (download) - annotate - [select for diffs], Sat Jan 19 21:31:32 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.188: +4 -1 lines
Diff to previous 1.188 (colored)
begin landing remaining refactoring of packet parsing API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@
Revision 1.188 / (download) - annotate - [select for diffs], Fri Nov 16 02:43:56 2018 UTC (5 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.187: +34 -5 lines
Diff to previous 1.187 (colored)
fix bug in HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were specified, then authentication would always fail for RSA keys as the monitor checks only the base key (not the signature algorithm) type against *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker
Revision 1.187 / (download) - annotate - [select for diffs], Thu Sep 13 02:08:33 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.186: +5 -3 lines
Diff to previous 1.186 (colored)
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
Revision 1.186 / (download) - annotate - [select for diffs], Fri Jul 20 03:46:34 2018 UTC (5 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.185: +2 -2 lines
Diff to previous 1.185 (colored)
remove unused zlib.h
Revision 1.185 / (download) - annotate - [select for diffs], Wed Jul 11 18:53:29 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.184: +8 -7 lines
Diff to previous 1.184 (colored)
remove legacy key emulation layer; ok djm@
Revision 1.184 / (download) - annotate - [select for diffs], Tue Jul 10 09:13:30 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.183: +9 -6 lines
Diff to previous 1.183 (colored)
kerberos/gssapi fixes for buffer removal
Revision 1.183 / (download) - annotate - [select for diffs], Mon Jul 9 21:53:45 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.182: +268 -207 lines
Diff to previous 1.182 (colored)
sshd: switch monitor to sshbuf API; lots of help & ok djm@
Revision 1.182 / (download) - annotate - [select for diffs], Mon Jul 9 21:35:50 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.181: +1 -3 lines
Diff to previous 1.181 (colored)
sshd: switch authentication to sshbuf API; ok djm@
Revision 1.181 / (download) - annotate - [select for diffs], Mon Jul 9 21:26:02 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.180: +4 -4 lines
Diff to previous 1.180 (colored)
sshd: switch loginmsg to sshbuf API; ok djm@
Revision 1.180 / (download) - annotate - [select for diffs], Sat Mar 3 03:15:51 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.179: +45 -25 lines
Diff to previous 1.179 (colored)
switch over to the new authorized_keys options API and remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@
Revision 1.179 / (download) - annotate - [select for diffs], Mon Feb 5 05:37:46 2018 UTC (6 years, 3 months ago) by tb
Branch: MAIN
Changes since 1.178: +9 -5 lines
Diff to previous 1.178 (colored)
Add a couple of non-negativity checks to avoid close(-1). ok djm
Revision 1.178 / (download) - annotate - [select for diffs], Tue Jan 23 05:27:21 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.177: +8 -13 lines
Diff to previous 1.177 (colored)
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
Revision 1.177 / (download) - annotate - [select for diffs], Thu Dec 21 00:00:28 2017 UTC (6 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.176: +8 -1 lines
Diff to previous 1.176 (colored)
revert stricter key type / signature type checking in userauth path; too much software generates inconsistent messages, so we need a better plan.
Revision 1.176 / (download) - annotate - [select for diffs], Mon Dec 18 02:25:15 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.175: +5 -3 lines
Diff to previous 1.175 (colored)
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
Revision 1.175 / (download) - annotate - [select for diffs], Thu Oct 5 15:52:03 2017 UTC (6 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.174: +1 -3 lines
Diff to previous 1.174 (colored)
replace statically-sized arrays in ServerOptions with dynamic ones managed by xrecallocarray, removing some arbitrary (though large) limits and saving a bit of memory; "much nicer" markus@
Revision 1.174 / (download) - annotate - [select for diffs], Mon Oct 2 19:33:20 2017 UTC (6 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.173: +3 -1 lines
Diff to previous 1.173 (colored)
Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@
Revision 1.173 / (download) - annotate - [select for diffs], Tue Sep 12 06:32:07 2017 UTC (6 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.172: +3 -2 lines
Diff to previous 1.172 (colored)
refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
Revision 1.172 / (download) - annotate - [select for diffs], Sat Jun 24 06:34:38 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.171: +23 -18 lines
Diff to previous 1.171 (colored)
refactor authentication logging optionally record successful auth methods and public credentials used in a file accessible to user sessions feedback and ok markus@
Revision 1.171 / (download) - annotate - [select for diffs], Wed May 31 10:04:29 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.170: +10 -1 lines
Diff to previous 1.170 (colored)
use SO_ZEROIZE for privsep communication (if available)
Revision 1.170 / (download) - annotate - [select for diffs], Wed May 31 08:09:45 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.169: +12 -1 lines
Diff to previous 1.169 (colored)
clear session keys from memory; ok djm@
Revision 1.169 / (download) - annotate - [select for diffs], Tue May 30 14:10:53 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.168: +23 -18 lines
Diff to previous 1.168 (colored)
switch auth2-pubkey.c to modern APIs; with & ok djm@
Revision 1.168 / (download) - annotate - [select for diffs], Tue May 30 08:52:19 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.167: +3 -3 lines
Diff to previous 1.167 (colored)
switch from Key typedef with struct sshkey; ok djm@
Revision 1.167 / (download) - annotate - [select for diffs], Fri Feb 3 23:05:57 2017 UTC (7 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.166: +6 -1 lines
Diff to previous 1.166 (colored)
use ssh_packet_set_log_preamble() to include connection username in packet log messages, e.g. Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] ok markus@ bz#113
Revision 1.166 / (download) - annotate - [select for diffs], Wed Sep 28 16:33:06 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.165: +1 -47 lines
Diff to previous 1.165 (colored)
Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
Revision 1.165 / (download) - annotate - [select for diffs], Mon Sep 5 13:57:31 2016 UTC (7 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.164: +4 -4 lines
Diff to previous 1.164 (colored)
enforce expected request flow for GSSAPI calls; thanks to Jakub Jelen for testing; ok markus@
Revision 1.164 / (download) - annotate - [select for diffs], Tue Aug 30 07:50:21 2016 UTC (7 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.163: +19 -1 lines
Diff to previous 1.163 (colored)
restrict monitor auth calls to be allowed only when their respective authentication methods are enabled in the configuration. prompted by Solar Designer; ok markus dtucker
Revision 1.163 / (download) - annotate - [select for diffs], Fri Aug 19 03:18:06 2016 UTC (7 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.162: +1 -4 lines
Diff to previous 1.162 (colored)
remove UseLogin option and support for having /bin/login manage login sessions; ok deraadt markus dtucker
Revision 1.162 / (download) - annotate - [select for diffs], Sat Aug 13 17:47:41 2016 UTC (7 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.161: +17 -266 lines
Diff to previous 1.161 (colored)
remove ssh1 server code; ok djm@
Revision 1.161 / (download) - annotate - [select for diffs], Fri Jul 22 03:39:13 2016 UTC (7 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.160: +5 -4 lines
Diff to previous 1.160 (colored)
move debug("%p", key) to before key is free'd; probable undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581
Revision 1.160 / (download) - annotate - [select for diffs], Mon May 2 10:26:04 2016 UTC (8 years ago) by djm
Branch: MAIN
Changes since 1.159: +4 -1 lines
Diff to previous 1.159 (colored)
add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@
Revision 1.159 / (download) - annotate - [select for diffs], Mon May 2 08:49:03 2016 UTC (8 years ago) by djm
Branch: MAIN
Changes since 1.158: +16 -11 lines
Diff to previous 1.158 (colored)
fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@
Revision 1.158 / (download) - annotate - [select for diffs], Mon Mar 7 19:02:43 2016 UTC (8 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.157: +3 -2 lines
Diff to previous 1.157 (colored)
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@
Revision 1.157 / (download) - annotate - [select for diffs], Mon Feb 15 23:32:37 2016 UTC (8 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.156: +5 -5 lines
Diff to previous 1.156 (colored)
memleak of algorithm name in mm_answer_sign; reported by Jakub Jelen
Revision 1.156 / (download) - annotate - [select for diffs], Thu Jan 14 16:17:39 2016 UTC (8 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.155: +1 -2 lines
Diff to previous 1.155 (colored)
remove roaming support; ok djm@
Revision 1.155 / (download) - annotate - [select for diffs], Fri Dec 4 16:41:28 2015 UTC (8 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.154: +7 -5 lines
Diff to previous 1.154 (colored)
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
Revision 1.154 / (download) - annotate - [select for diffs], Tue Oct 20 23:24:25 2015 UTC (8 years, 6 months ago) by mmcc
Branch: MAIN
Changes since 1.153: +3 -3 lines
Diff to previous 1.153 (colored)
Compare pointers to NULL rather than 0. ok djm@
Revision 1.153 / (download) - annotate - [select for diffs], Fri Sep 4 04:44:08 2015 UTC (8 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.152: +2 -2 lines
Diff to previous 1.152 (colored)
don't record hostbased authentication hostkeys as user keys in test for multiple authentication with the same key
Revision 1.152 / (download) - annotate - [select for diffs], Wed Sep 2 07:51:12 2015 UTC (8 years, 8 months ago) by jsg
Branch: MAIN
Changes since 1.151: +2 -2 lines
Diff to previous 1.151 (colored)
Fix occurrences of "r = func() != 0" which result in the wrong error codes being returned due to != having higher precedence than =. ok deraadt@ markus@
Revision 1.151 / (download) - annotate - [select for diffs], Fri Aug 21 23:29:31 2015 UTC (8 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.150: +3 -8 lines
Diff to previous 1.150 (colored)
Improve size == 0, count == 0 checking in mm_zalloc, which is "array" like. Discussed with tedu, millert, otto.... and ok djm
Revision 1.150 / (download) - annotate - [select for diffs], Mon Jun 22 23:42:16 2015 UTC (8 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.149: +2 -2 lines
Diff to previous 1.149 (colored)
Don't count successful partial authentication as failures in monitor; this may have caused the monitor to refuse multiple authentications that would otherwise have successfully completed; ok markus@
Revision 1.149 / (download) - annotate - [select for diffs], Mon May 4 06:10:48 2015 UTC (9 years ago) by djm
Branch: MAIN
Changes since 1.148: +3 -5 lines
Diff to previous 1.148 (colored)
Remove pattern length argument from match_pattern_list(), we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
Revision 1.148 / (download) - annotate - [select for diffs], Fri May 1 03:23:51 2015 UTC (9 years ago) by djm
Branch: MAIN
Changes since 1.147: +7 -4 lines
Diff to previous 1.147 (colored)
prevent authorized_keys options picked up on public key tests without a corresponding private key authentication being applied to other authentication methods. Reported by halex@, ok markus@
Revision 1.147 / (download) - annotate - [select for diffs], Mon Apr 27 01:52:30 2015 UTC (9 years ago) by djm
Branch: MAIN
Changes since 1.146: +3 -1 lines
Diff to previous 1.146 (colored)
fix compilation with OPENSSL=no; ok dtucker@
Revision 1.146 / (download) - annotate - [select for diffs], Fri Apr 17 04:32:31 2015 UTC (9 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.145: +4 -1 lines
Diff to previous 1.145 (colored)
don't call record_login() in monitor when UseLogin is enabled; bz#278 reported by drk AT sgi.com; ok dtucker
Revision 1.145 / (download) - annotate - [select for diffs], Fri Feb 20 22:17:21 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.144: +4 -4 lines
Diff to previous 1.144 (colored)
UpdateHostKeys fixes: I accidentally changed the format of the hostkeys@openssh.com messages last week without changing the extension name, and this has been causing connection failures for people who are running -current. First reported by sthen@ s/hostkeys@openssh.com/hostkeys-00@openssh.com/ Change the name of the proof message too, and reorder it a little. Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY available to read the response) so disable UpdateHostKeys if it is in ask mode and ControlPersist is active (and document this)
Revision 1.144 / (download) - annotate - [select for diffs], Mon Feb 16 22:13:32 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.143: +39 -6 lines
Diff to previous 1.143 (colored)
Revise hostkeys@openssh.com hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
Revision 1.143 / (download) - annotate - [select for diffs], Fri Feb 13 18:57:00 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.142: +1 -6 lines
Diff to previous 1.142 (colored)
make rekey_limit for sshd w/privsep work; ok djm@ dtucker@
Revision 1.142 / (download) - annotate - [select for diffs], Fri Feb 6 23:21:59 2015 UTC (9 years, 3 months ago) by millert
Branch: MAIN
Changes since 1.141: +3 -3 lines
Diff to previous 1.141 (colored)
SIZE_MAX is standard, we should be using it in preference to the obsolete SIZE_T_MAX. OK miod@ beck@
Revision 1.141 / (download) - annotate - [select for diffs], Tue Jan 20 23:14:00 2015 UTC (9 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.140: +2 -2 lines
Diff to previous 1.140 (colored)
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
Revision 1.140 / (download) - annotate - [select for diffs], Mon Jan 19 20:16:15 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.139: +2 -2 lines
Diff to previous 1.139 (colored)
adapt kex to sshbuf and struct ssh; ok djm@
Revision 1.139 / (download) - annotate - [select for diffs], Mon Jan 19 19:52:16 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.138: +62 -229 lines
Diff to previous 1.138 (colored)
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
Revision 1.138 / (download) - annotate - [select for diffs], Wed Jan 14 20:05:27 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.137: +24 -18 lines
Diff to previous 1.137 (colored)
move authfd.c and its tentacles to the new buffer/key API; ok markus@
Revision 1.137 / (download) - annotate - [select for diffs], Tue Jan 13 07:39:19 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.136: +13 -1 lines
Diff to previous 1.136 (colored)
add sshd_config HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options to allow sshd to control what public key types will be accepted. Currently defaults to all. Feedback & ok markus@
Revision 1.136 / (download) - annotate - [select for diffs], Mon Dec 22 07:51:30 2014 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.135: +8 -2 lines
Diff to previous 1.135 (colored)
remember which public keys have been used for authentication and refuse to accept previously-used keys. This allows AuthenticationMethods=publickey,publickey to require that users authenticate using two _different_ pubkeys. ok markus@
Revision 1.135 / (download) - annotate - [select for diffs], Tue Jul 15 15:54:14 2014 UTC (9 years, 10 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.134: +2 -2 lines
Diff to previous 1.134 (colored)
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
Revision 1.134 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.133: +3 -1 lines
Diff to previous 1.133 (colored)
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
Revision 1.133 / (download) - annotate - [select for diffs], Sat May 3 17:20:34 2014 UTC (10 years ago) by markus
Branch: MAIN
Changes since 1.132: +3 -1 lines
Diff to previous 1.132 (colored)
unbreak compression, by re-init-ing the compression code in the post-auth child. the new buffer code is more strict, and requires buffer_init() while the old code was happy after a bzero(); originally from djm@
Revision 1.132 / (download) - annotate - [select for diffs], Tue Apr 29 18:01:49 2014 UTC (10 years ago) by markus
Branch: MAIN
Changes since 1.131: +22 -1 lines
Diff to previous 1.131 (colored)
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Revision 1.131 / (download) - annotate - [select for diffs], Sun Feb 2 03:44:31 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.130: +4 -4 lines
Diff to previous 1.130 (colored)
convert memset of potentially-private data to explicit_bzero()
Revision 1.130 / (download) - annotate - [select for diffs], Fri Jan 31 16:39:19 2014 UTC (10 years, 3 months ago) by tedu
Branch: MAIN
Changes since 1.129: +2 -2 lines
Diff to previous 1.129 (colored)
replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
Revision 1.129 / (download) - annotate - [select for diffs], Wed Jan 29 06:18:35 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.128: +1 -225 lines
Diff to previous 1.128 (colored)
remove experimental, never-enabled JPAKE code; ok markus@
Revision 1.128 / (download) - annotate - [select for diffs], Mon Nov 4 11:51:16 2013 UTC (10 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.127: +2 -1 lines
Diff to previous 1.127 (colored)
fix rekeying for KEX_C25519_SHA256; noted by dtucker@
Revision 1.127 / (download) - annotate - [select for diffs], Fri Jul 19 07:37:48 2013 UTC (10 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.126: +14 -4 lines
Diff to previous 1.126 (colored)
add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974 ok djm@
Revision 1.126 / (download) - annotate - [select for diffs], Fri Jun 21 00:34:49 2013 UTC (10 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.125: +5 -2 lines
Diff to previous 1.125 (colored)
for hostbased authentication, print the client host and user on the auth success/failure line; bz#2064, ok dtucker@
Revision 1.125 / (download) - annotate - [select for diffs], Sun May 19 02:42:42 2013 UTC (11 years ago) by djm
Branch: MAIN
Changes since 1.124: +4 -5 lines
Diff to previous 1.124 (colored)
Standardise logging of supplemental information during userauth. Keys and ruser is now logged in the auth success/failure message alongside the local username, remote host/port and protocol in use. Certificates contents and CA are logged too. Pushing all logging onto a single line simplifies log analysis as it is no longer necessary to relate information scattered across multiple log entries. "I like it" markus@
Revision 1.124 / (download) - annotate - [select for diffs], Fri May 17 00:13:13 2013 UTC (11 years ago) by djm
Branch: MAIN
Changes since 1.123: +60 -65 lines
Diff to previous 1.123 (colored)
bye, bye xfree(); ok markus@
Revision 1.123 / (download) - annotate - [select for diffs], Thu May 16 04:09:13 2013 UTC (11 years ago) by dtucker
Branch: MAIN
Changes since 1.122: +5 -1 lines
Diff to previous 1.122 (colored)
Add RekeyLimit to sshd with the same syntax as the client allowing rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man page.
Revision 1.122 / (download) - annotate - [select for diffs], Thu Mar 7 19:27:25 2013 UTC (11 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.121: +6 -5 lines
Diff to previous 1.121 (colored)
add submethod support to AuthenticationMethods; ok and freedback djm@
Revision 1.121 / (download) - annotate - [select for diffs], Thu Mar 7 00:19:59 2013 UTC (11 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.120: +19 -11 lines
Diff to previous 1.120 (colored)
reconstruct the original username that was sent by the client, which may have included a style (e.g. "root:skey") when checking public key signatures. Fixes public key and hostbased auth when the client specified a style; ok markus@
Revision 1.120 / (download) - annotate - [select for diffs], Tue Dec 11 22:16:21 2012 UTC (11 years, 5 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.119: +5 -5 lines
Diff to previous 1.119 (colored)
drain the log messages after receiving the keystate from the unpriv child. otherwise it might block while sending. ok djm@
Revision 1.119 / (download) - annotate - [select for diffs], Sun Dec 2 20:34:10 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.118: +11 -5 lines
Diff to previous 1.118 (colored)
Fixes logging of partial authentication when privsep is enabled Previously, we recorded "Failed xxx" since we reset authenticated before calling auth_log() in auth2.c. This adds an explcit "Partial" state. Add a "submethod" to auth_log() to report which submethod is used for keyboard-interactive. Fix multiple authentication when one of the methods is keyboard-interactive. ok markus@
Revision 1.118 / (download) - annotate - [select for diffs], Sun Nov 4 11:09:15 2012 UTC (11 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.117: +31 -4 lines
Diff to previous 1.117 (colored)
Support multiple required authentication via an AuthenticationMethods option. This option lists one or more comma-separated lists of authentication method names. Successful completion of all the methods in any list is required for authentication to complete; feedback and ok markus@
Revision 1.117 / (download) - annotate - [select for diffs], Fri Jun 22 12:30:26 2012 UTC (11 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.116: +1 -4 lines
Diff to previous 1.116 (colored)
remove dead code following 'for (;;)' loops. From Steve.McClellan at radisys com, ok markus@
Revision 1.116 / (download) - annotate - [select for diffs], Thu Jan 5 00:16:56 2012 UTC (12 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.115: +2 -1 lines
Diff to previous 1.115 (colored)
memleak on error path
Revision 1.115 / (download) - annotate - [select for diffs], Thu Jun 23 23:35:42 2011 UTC (12 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.114: +5 -2 lines
Diff to previous 1.114 (colored)
ignore EINTR errors from poll()
Revision 1.114 / (download) - annotate - [select for diffs], Fri Jun 17 21:44:30 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.113: +108 -15 lines
Diff to previous 1.113 (colored)
make the pre-auth privsep slave log via a socketpair shared with the monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
Revision 1.113 / (download) - annotate - [select for diffs], Mon May 23 03:30:07 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.112: +7 -2 lines
Diff to previous 1.112 (colored)
allow AuthorizedKeysFile to specify multiple files, separated by spaces. Bring back authorized_keys2 as a default search path (to avoid breaking existing users of this file), but override this in sshd_config so it will be no longer used on fresh installs. Maybe in 2015 we can remove it entierly :) feedback and ok markus@ dtucker@
Revision 1.112 / (download) - annotate - [select for diffs], Fri May 20 03:25:45 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.111: +10 -3 lines
Diff to previous 1.111 (colored)
use a macro to define which string options to copy between configs for Match. This avoids problems caused by forgetting to keep three code locations in perfect sync and ordering "this is at once beautiful and horrible" + ok dtucker@
Revision 1.111 / (download) - annotate - [select for diffs], Sun May 15 08:09:01 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.110: +2 -2 lines
Diff to previous 1.110 (colored)
use FD_CLOEXEC consistently; patch from zion AT x96.org
Revision 1.110 / (download) - annotate - [select for diffs], Thu Sep 9 10:45:45 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.109: +4 -4 lines
Diff to previous 1.109 (colored)
ECDH/ECDSA compliance fix: these methods vary the hash function they use (SHA256/384/512) depending on the length of the curve in use. The previous code incorrectly used SHA256 in all cases. This fix will cause authentication failure when using 384 or 521-bit curve keys if one peer hasn't been upgraded and the other has. (256-bit curve keys work ok). In particular you may need to specify HostkeyAlgorithms when connecting to a server that has not been upgraded from an upgraded client. ok naddy@
Revision 1.109 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.108: +2 -1 lines
Diff to previous 1.108 (colored)
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
Revision 1.108 / (download) - annotate - [select for diffs], Tue Jul 13 23:13:16 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.107: +6 -6 lines
Diff to previous 1.107 (colored)
s/timing_safe_cmp/timingsafe_bcmp/g
Revision 1.107 / (download) - annotate - [select for diffs], Tue Jul 13 11:52:06 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.106: +8 -8 lines
Diff to previous 1.106 (colored)
implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
Revision 1.106 / (download) - annotate - [select for diffs], Sun Mar 7 11:57:13 2010 UTC (14 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.105: +1 -17 lines
Diff to previous 1.105 (colored)
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
Revision 1.105 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.104: +3 -2 lines
Diff to previous 1.104 (colored)
Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
Revision 1.104 / (download) - annotate - [select for diffs], Fri Jun 12 20:43:22 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.103: +2 -1 lines
Diff to previous 1.103 (colored)
Fix warnings found by chl@ and djm@ and change roaming_atomicio's return type to match atomicio's Diff from djm@, ok markus@
Revision 1.103 / (download) - annotate - [select for diffs], Thu May 28 16:50:16 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
Changes since 1.102: +13 -1 lines
Diff to previous 1.102 (colored)
Keep track of number of bytes read and written. Needed for upcoming changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@
Revision 1.102 / (download) - annotate - [select for diffs], Mon May 25 06:48:01 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
Changes since 1.101: +6 -6 lines
Diff to previous 1.101 (colored)
Put the globals in packet.c into a struct and don't access it directly from other files. No functional changes. ok markus@ djm@
Revision 1.101 / (download) - annotate - [select for diffs], Thu Feb 12 03:26:22 2009 UTC (15 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.100: +4 -2 lines
Diff to previous 1.100 (colored)
some paranoia: check that the serialised key is really KEY_RSA before diddling its internals
Revision 1.100 / (download) - annotate - [select for diffs], Tue Nov 4 08:22:13 2008 UTC (15 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.99: +226 -1 lines
Diff to previous 1.99 (colored)
Add support for an experimental zero-knowledge password authentication method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
Revision 1.99 / (download) - annotate - [select for diffs], Thu Jul 10 18:08:11 2008 UTC (15 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.98: +6 -4 lines
Diff to previous 1.98 (colored)
sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@
Revision 1.98 / (download) - annotate - [select for diffs], Fri Jul 4 03:47:02 2008 UTC (15 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.97: +2 -2 lines
Diff to previous 1.97 (colored)
Make debug a little clearer. ok djm@
Revision 1.97 / (download) - annotate - [select for diffs], Fri Jun 13 13:56:59 2008 UTC (15 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.96: +5 -1 lines
Diff to previous 1.96 (colored)
Clear key options in the monitor on failed authentication, prevents applying additional restrictions to non-pubkey authentications in the case where pubkey fails but another method subsequently succeeds. bz #1472, found by Colin Watson, ok markus@ djm@
Revision 1.96 / (download) - annotate - [select for diffs], Thu May 8 12:21:16 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.95: +2 -2 lines
Diff to previous 1.95 (colored)
Make the maximum number of sessions run-time controllable via a sshd_config MaxSessions knob. This is useful for disabling login/shell/subsystem access while leaving port-forwarding working (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or simply increasing the number of allows multiplexed sessions. Because some bozos are sure to configure MaxSessions in excess of the number of available file descriptors in sshd (which, at peak, might be as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds on error paths, and make it fail gracefully on out-of-fd conditions - sending channel errors instead of than exiting with fatal(). bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com ok markus@
Revision 1.95 / (download) - annotate - [select for diffs], Thu May 8 12:02:23 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.94: +2 -1 lines
Diff to previous 1.94 (colored)
Implement a channel success/failure status confirmation callback mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
Revision 1.94 / (download) - annotate - [select for diffs], Mon Oct 29 04:08:08 2007 UTC (16 years, 6 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.93: +3 -3 lines
Diff to previous 1.93 (colored)
Send config block back to slave for invalid users too so options set by a Match block (eg Banner) behave the same for non-existent users. Found by and ok djm@
Revision 1.93 / (download) - annotate - [select for diffs], Fri Sep 21 08:15:29 2007 UTC (16 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.92: +1 -65 lines
Diff to previous 1.92 (colored)
unifdef -DBSD_AUTH unifdef -USKEY These options have been in use for some years; ok markus@ "no objection" millert@
Revision 1.92 / (download) - annotate - [select for diffs], Tue Sep 4 03:21:03 2007 UTC (16 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.91: +4 -3 lines
Diff to previous 1.91 (colored)
make file descriptor passing code return an error rather than call fatal() when it encounters problems, and use this to make session multiplexing masters survive slaves failing to pass all stdio FDs; ok markus@
Revision 1.91 / (download) - annotate - [select for diffs], Thu May 17 20:52:13 2007 UTC (17 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.90: +2 -1 lines
Diff to previous 1.90 (colored)
pass received SIGINT from monitor to postauth child so it can clean up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com; ok markus@
Revision 1.90 / (download) - annotate - [select for diffs], Mon Feb 19 10:45:58 2007 UTC (17 years, 3 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.89: +4 -1 lines
Diff to previous 1.89 (colored)
Teach Match how handle config directives that are used before authentication. This allows configurations such as permitting password authentication from the local net only while requiring pubkey from offsite. ok djm@, man page bits ok jmc@
Revision 1.63.4.3 / (download) - annotate - [select for diffs], Wed Nov 8 00:44:05 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.63.4.2: +4 -4 lines
Diff to previous 1.63.4.2 (colored) to branchpoint 1.63 (colored) next main 1.64 (colored)
upgrade to OpenSSH 4.5
Revision 1.88.4.1 / (download) - annotate - [select for diffs], Wed Nov 8 00:42:10 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_4_0
Changes since 1.88: +4 -4 lines
Diff to previous 1.88 (colored) next main 1.89 (colored)
upgrade to OpenSSH 4.5
Revision 1.68.2.2 / (download) - annotate - [select for diffs], Wed Nov 8 00:17:14 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.68.2.1: +4 -4 lines
Diff to previous 1.68.2.1 (colored) to branchpoint 1.68 (colored) next main 1.69 (colored)
upgrade to OpenSSH 4.5
Revision 1.89 / (download) - annotate - [select for diffs], Tue Nov 7 10:31:31 2006 UTC (17 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.88: +4 -4 lines
Diff to previous 1.88 (colored)
correctly check for bad signatures in the monitor, otherwise the monitor and the unpriv process can get out of sync. with dtucker@, ok djm@, dtucker@
Revision 1.63.4.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:32 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.63.4.1: +53 -20 lines
Diff to previous 1.63.4.1 (colored) to branchpoint 1.63 (colored)
upgrade to OpenSSH 4.4
Revision 1.68.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:50 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.68: +48 -21 lines
Diff to previous 1.68 (colored)
upgrade to OpenSSH 4.4
Revision 1.88 / (download) - annotate - [select for diffs], Sat Aug 12 20:46:46 2006 UTC (17 years, 9 months ago) by miod
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE
Branch point for: OPENBSD_4_0
Changes since 1.87: +2 -2 lines
Diff to previous 1.87 (colored)
Revert previous include file ordering change, for ssh to compile under gcc2 (or until openssl include files are cleaned of parameter names in function prototypes)
Revision 1.87 / (download) - annotate - [select for diffs], Sun Aug 6 01:13:32 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.86: +2 -2 lines
Diff to previous 1.86 (colored)
"zlib.h" can be <zlib.h>; ok djm@ markus@
Revision 1.86 / (download) - annotate - [select for diffs], Fri Aug 4 20:46:05 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.85: +3 -3 lines
Diff to previous 1.85 (colored)
spaces
Revision 1.85 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.84: +10 -7 lines
Diff to previous 1.84 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.84 / (download) - annotate - [select for diffs], Wed Jul 26 13:57:17 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.83: +2 -1 lines
Diff to previous 1.83 (colored)
move #include <stdlib.h> out of includes.h
Revision 1.83 / (download) - annotate - [select for diffs], Wed Jul 26 02:35:17 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.82: +2 -1 lines
Diff to previous 1.82 (colored)
move #include <sys/param.h> out of includes.h
Revision 1.82 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.81: +2 -1 lines
Diff to previous 1.81 (colored)
move #include <string.h> out of includes.h
Revision 1.81 / (download) - annotate - [select for diffs], Tue Jul 11 20:07:25 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.80: +2 -1 lines
Diff to previous 1.80 (colored)
move #include <errno.h> out of includes.h; ok markus@
Revision 1.80 / (download) - annotate - [select for diffs], Sun Jul 9 15:15:10 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.79: +2 -1 lines
Diff to previous 1.79 (colored)
move #include <fcntl.h> out of includes.h
Revision 1.79 / (download) - annotate - [select for diffs], Sat Jul 8 21:48:53 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.78: +2 -1 lines
Diff to previous 1.78 (colored)
missed these from last commit: move #include <sys/socket.h> out of includes.h
Revision 1.78 / (download) - annotate - [select for diffs], Thu Jul 6 16:03:53 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.77: +4 -3 lines
Diff to previous 1.77 (colored)
move #include <pwd.h> out of includes.h; ok markus@
Revision 1.77 / (download) - annotate - [select for diffs], Thu Mar 30 11:40:21 2006 UTC (18 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.76: +14 -4 lines
Diff to previous 1.76 (colored)
Prevent duplicate log messages when privsep=yes; ok djm@
Revision 1.76 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.75: +1 -0 lines
Diff to previous 1.75 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.75 / (download) - annotate - [select for diffs], Sat Mar 25 00:05:41 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.74: +2 -4 lines
Diff to previous 1.74 (colored)
introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
Revision 1.74 / (download) - annotate - [select for diffs], Mon Mar 20 18:27:50 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.73: +1 -1 lines
Diff to previous 1.73 (colored)
spacing
Revision 1.73 / (download) - annotate - [select for diffs], Mon Mar 20 18:26:55 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.72: +1 -1 lines
Diff to previous 1.72 (colored)
annoying spacing fixes getting in the way of real diffs
Revision 1.72 / (download) - annotate - [select for diffs], Mon Mar 20 04:09:44 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.71: +4 -0 lines
Diff to previous 1.71 (colored)
memory leaks detected by Coverity via elad AT netbsd.org; deraadt@ ok that should be all of them now
Revision 1.71 / (download) - annotate - [select for diffs], Sun Mar 19 18:53:12 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.70: +1 -1 lines
Diff to previous 1.70 (colored)
spacing
Revision 1.70 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:18 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.69: +0 -1 lines
Diff to previous 1.69 (colored)
RCSID() can die
Revision 1.69 / (download) - annotate - [select for diffs], Tue Mar 7 09:07:40 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.68: +7 -2 lines
Diff to previous 1.68 (colored)
Implement the diffie-hellman-group-exchange-sha256 key exchange method using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY
Revision 1.68 / (download) - annotate - [select for diffs], Mon Feb 20 17:02:44 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.67: +2 -1 lines
Diff to previous 1.67 (colored)
move #include <signal.h> out of includes.h; ok markus@
Revision 1.67 / (download) - annotate - [select for diffs], Fri Feb 10 01:44:26 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.66: +4 -1 lines
Diff to previous 1.66 (colored)
move #include <sys/wait.h> out of includes.h; ok markus@
Revision 1.66 / (download) - annotate - [select for diffs], Wed Feb 8 13:15:44 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.65: +3 -3 lines
Diff to previous 1.65 (colored)
small KNF
Revision 1.65 / (download) - annotate - [select for diffs], Wed Feb 8 12:15:27 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.64: +4 -2 lines
Diff to previous 1.64 (colored)
move #include <paths.h> out of includes.h; ok markus@
Revision 1.63.4.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:56 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.63: +5 -5 lines
Diff to previous 1.63 (colored)
upgrade to OpenSSH 4.3
Revision 1.63.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:44 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.63: +5 -5 lines
Diff to previous 1.63 (colored) next main 1.64 (colored)
upgrade to OpenSSH 4.3
Revision 1.64 / (download) - annotate - [select for diffs], Thu Oct 13 22:24:31 2005 UTC (18 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.63: +5 -5 lines
Diff to previous 1.63 (colored)
KNF; ok djm@
Revision 1.61.2.2 / (download) - annotate - [select for diffs], Sun Jun 5 02:22:39 2005 UTC (18 years, 11 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.61.2.1: +2 -2 lines
Diff to previous 1.61.2.1 (colored) to branchpoint 1.61 (colored) next main 1.62 (colored)
upgrade to OpenSSH 4.1
Revision 1.63 / (download) - annotate - [select for diffs], Thu Mar 10 22:01:05 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_7_BASE
Branch point for: OPENBSD_3_8,
OPENBSD_3_7
Changes since 1.62: +2 -2 lines
Diff to previous 1.62 (colored)
spacing
Revision 1.55.2.2 / (download) - annotate - [select for diffs], Thu Mar 10 17:15:04 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.55.2.1: +2 -2 lines
Diff to previous 1.55.2.1 (colored) to branchpoint 1.55 (colored) next main 1.56 (colored)
upgrade to OpenSSH 4.0
Revision 1.61.2.1 / (download) - annotate - [select for diffs], Thu Mar 10 16:28:27 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.61: +2 -2 lines
Diff to previous 1.61 (colored)
upgrade to OpenSSH 4.0
Revision 1.62 / (download) - annotate - [select for diffs], Sun Jan 30 11:18:08 2005 UTC (19 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.61: +2 -2 lines
Diff to previous 1.61 (colored)
Make code match intent; ok djm@
Revision 1.49.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:31 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.49.2.1: +70 -64 lines
Diff to previous 1.49.2.1 (colored) to branchpoint 1.49 (colored) next main 1.50 (colored)
upgrade to OpenSSH 3.9
Revision 1.55.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:26 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.55: +70 -64 lines
Diff to previous 1.55 (colored)
upgrade to OpenSSH 3.9
Revision 1.61 / (download) - annotate - [select for diffs], Sat Jul 17 05:31:41 2004 UTC (19 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.60: +11 -5 lines
Diff to previous 1.60 (colored)
Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@
Revision 1.60 / (download) - annotate - [select for diffs], Tue Jun 22 05:05:45 2004 UTC (19 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.59: +7 -7 lines
Diff to previous 1.59 (colored)
Change login->username, will prevent -Wshadow errors in Portable; ok markus@
Revision 1.59 / (download) - annotate - [select for diffs], Mon Jun 21 17:36:31 2004 UTC (19 years, 10 months ago) by avsm
Branch: MAIN
Changes since 1.58: +55 -55 lines
Diff to previous 1.58 (colored)
make ssh -Wshadow clean, no functional changes markus@ ok
Revision 1.58 / (download) - annotate - [select for diffs], Sun Jun 13 12:53:24 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.57: +2 -1 lines
Diff to previous 1.57 (colored)
implement diffie-hellman-group14-sha1 kex method (trivial extension to existing diffie-hellman-group1-sha1); ok markus@
Revision 1.57 / (download) - annotate - [select for diffs], Tue May 11 19:01:43 2004 UTC (20 years ago) by deraadt
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)
improve some code lint did not like; djm millert ok
Revision 1.56 / (download) - annotate - [select for diffs], Sun May 9 01:19:27 2004 UTC (20 years ago) by djm
Branch: MAIN
Changes since 1.55: +1 -2 lines
Diff to previous 1.55 (colored)
kill some more tiny files; ok deraadt@
Revision 1.34.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:15 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.34.2.1: +42 -13 lines
Diff to previous 1.34.2.1 (colored) to branchpoint 1.34 (colored) next main 1.35 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.49.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:33 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.49: +42 -13 lines
Diff to previous 1.49 (colored)
upgrade to OpenSSH 3.8
Revision 1.55 / (download) - annotate - [select for diffs], Thu Feb 5 05:37:17 2004 UTC (20 years, 3 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.54: +2 -1 lines
Diff to previous 1.54 (colored)
Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
Revision 1.54 / (download) - annotate - [select for diffs], Fri Nov 21 11:57:03 2003 UTC (20 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.53: +8 -8 lines
Diff to previous 1.53 (colored)
unexpand and delete whitespace at EOL; ok markus@
Revision 1.53 / (download) - annotate - [select for diffs], Tue Nov 18 10:53:07 2003 UTC (20 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.52: +2 -1 lines
Diff to previous 1.52 (colored)
unbreak fake authloop for non-existent users (my screwup). Spotted and tested by dtucker@; ok markus@
Revision 1.52 / (download) - annotate - [select for diffs], Mon Nov 17 11:06:07 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.51: +33 -3 lines
Diff to previous 1.51 (colored)
replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.
Revision 1.51 / (download) - annotate - [select for diffs], Tue Nov 4 08:54:09 2003 UTC (20 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)
standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
Revision 1.50 / (download) - annotate - [select for diffs], Tue Sep 23 20:17:11 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.49: +7 -10 lines
Diff to previous 1.49 (colored)
replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
Revision 1.29.2.3 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:26 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.29.2.2: +125 -105 lines
Diff to previous 1.29.2.2 (colored) to branchpoint 1.29 (colored) next main 1.30 (colored)
upgrade to OpenSSH 3.7
Revision 1.34.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:43 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.34: +125 -105 lines
Diff to previous 1.34 (colored)
upgrade to OpenSSH 3.7
Revision 1.49 / (download) - annotate - [select for diffs], Thu Aug 28 12:54:34 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.48: +1 -49 lines
Diff to previous 1.48 (colored)
remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
Revision 1.48 / (download) - annotate - [select for diffs], Tue Aug 26 09:58:43 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)
fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
Revision 1.47 / (download) - annotate - [select for diffs], Sun Aug 24 17:36:52 2003 UTC (20 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.46: +4 -2 lines
Diff to previous 1.46 (colored)
64 bit cleanups; markus ok
Revision 1.46 / (download) - annotate - [select for diffs], Fri Aug 22 10:56:09 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.45: +90 -2 lines
Diff to previous 1.45 (colored)
support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
Revision 1.45 / (download) - annotate - [select for diffs], Tue Jul 22 13:35:22 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.44: +1 -53 lines
Diff to previous 1.44 (colored)
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@
Revision 1.44 / (download) - annotate - [select for diffs], Tue Jun 24 08:23:46 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)
int -> u_int; ok djm@, deraadt@, mouring@
Revision 1.43 / (download) - annotate - [select for diffs], Thu Jun 12 07:57:38 2003 UTC (20 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)
typos; dtucker at zip.com.au
Revision 1.42 / (download) - annotate - [select for diffs], Mon Jun 2 09:17:34 2003 UTC (20 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)
deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
Revision 1.41 / (download) - annotate - [select for diffs], Sat May 24 09:30:40 2003 UTC (20 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)
cast some types for printing; ok markus@
Revision 1.40 / (download) - annotate - [select for diffs], Wed May 14 08:57:49 2003 UTC (21 years ago) by markus
Branch: MAIN
Changes since 1.39: +18 -1 lines
Diff to previous 1.39 (colored)
http://bugzilla.mindrot.org/show_bug.cgi?id=560 Privsep child continues to run after monitor killed. Pass monitor signals through to child; Darren Tucker
Revision 1.39 / (download) - annotate - [select for diffs], Wed May 14 02:15:47 2003 UTC (21 years ago) by markus
Branch: MAIN
Changes since 1.38: +6 -1 lines
Diff to previous 1.38 (colored)
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@ server interops with commercial client; ok jakob@ djm@
Revision 1.38 / (download) - annotate - [select for diffs], Tue Apr 8 20:21:28 2003 UTC (21 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.37: +3 -3 lines
Diff to previous 1.37 (colored)
rename log() into logit() to avoid name conflict. markus ok, from netbsd
Revision 1.29.2.2 / (download) - annotate - [select for diffs], Thu Apr 3 23:27:12 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.29.2.1: +3 -1 lines
Diff to previous 1.29.2.1 (colored) to branchpoint 1.29 (colored)
Update to OpenSSH 3.6.1
Revision 1.9.2.5 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:17 2003 UTC (21 years, 1 month ago) by miod
Branch: OPENBSD_3_1
Changes since 1.9.2.4: +26 -16 lines
Diff to previous 1.9.2.4 (colored) to branchpoint 1.9 (colored) next main 1.10 (colored)
Merge OpenSSH 3.6.1
Revision 1.37 / (download) - annotate - [select for diffs], Wed Apr 2 09:48:07 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.36: +11 -3 lines
Diff to previous 1.36 (colored)
reapply rekeying chage, tested by henning@, ok djm@
Revision 1.36 / (download) - annotate - [select for diffs], Tue Apr 1 10:22:21 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.35: +3 -11 lines
Diff to previous 1.35 (colored)
backout rekeying changes (for 3.6.1)
Revision 1.35 / (download) - annotate - [select for diffs], Tue Apr 1 10:10:23 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.34: +11 -3 lines
Diff to previous 1.34 (colored)
rekeying bugfixes and automatic rekeying: * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying
Revision 1.29.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:13 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.29: +24 -16 lines
Diff to previous 1.29 (colored)
Update to OpenSSH 3.6
Revision 1.34 / (download) - annotate - [select for diffs], Sun Mar 23 19:02:00 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.33: +3 -1 lines
Diff to previous 1.33 (colored)
unbreak rekeying for privsep; ok millert@
Revision 1.33 / (download) - annotate - [select for diffs], Wed Mar 5 22:33:43 2003 UTC (21 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.32: +9 -3 lines
Diff to previous 1.32 (colored)
fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
Revision 1.32 / (download) - annotate - [select for diffs], Sun Feb 16 17:30:33 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.31: +3 -1 lines
Diff to previous 1.31 (colored)
fix permitrootlogin forced-commands-only for privsep; bux #387; ok provos@
Revision 1.31 / (download) - annotate - [select for diffs], Tue Feb 4 09:33:22 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.30: +13 -13 lines
Diff to previous 1.30 (colored)
skey/bsdauth: use 0 to indicate failure instead of -1, because the buffer API only supports unsigned ints.
Revision 1.30 / (download) - annotate - [select for diffs], Tue Nov 5 19:45:20 2002 UTC (21 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)
handle overflows for size_t larger than u_int; siw@goneko.de, bug #425
Revision 1.11.2.4 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:06 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.11.2.3: +114 -16 lines
Diff to previous 1.11.2.3 (colored) next main 1.12 (colored)
Update to OpenSSH 3.5
Revision 1.9.2.4 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:52 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.9.2.3: +114 -16 lines
Diff to previous 1.9.2.3 (colored) to branchpoint 1.9 (colored)
Update to OpenSSH 3.5
Revision 1.29 / (download) - annotate - [select for diffs], Thu Sep 26 11:38:43 2002 UTC (21 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.28: +52 -1 lines
Diff to previous 1.28 (colored)
krb4 + privsep; ok dugsong@, deraadt@
Revision 1.28 / (download) - annotate - [select for diffs], Tue Sep 24 08:46:04 2002 UTC (21 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.27: +3 -2 lines
Diff to previous 1.27 (colored)
only call kerberos code for authctxt->valid
Revision 1.27 / (download) - annotate - [select for diffs], Mon Sep 23 22:11:05 2002 UTC (21 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.26: +3 -2 lines
Diff to previous 1.26 (colored)
only call auth_krb5 if kerberos is enabled; ok deraadt@
Revision 1.26 / (download) - annotate - [select for diffs], Mon Sep 9 14:54:15 2002 UTC (21 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.25: +9 -8 lines
Diff to previous 1.25 (colored)
signed vs unsigned from -pedantic; ok henning@
Revision 1.25 / (download) - annotate - [select for diffs], Mon Sep 9 06:48:06 2002 UTC (21 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.24: +44 -1 lines
Diff to previous 1.24 (colored)
kerberos support for privsep. confirmed to work by lha@stacken.kth.se patch from markus
Revision 1.24 / (download) - annotate - [select for diffs], Thu Aug 29 15:57:25 2002 UTC (21 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored)
pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org> NOTE: there are also p-specific parts to this patch. ok markus@
Revision 1.23 / (download) - annotate - [select for diffs], Fri Aug 2 14:43:15 2002 UTC (21 years, 9 months ago) by millert
Branch: MAIN
Changes since 1.22: +3 -3 lines
Diff to previous 1.22 (colored)
Change mm_zalloc() sanity checks to be more in line with what we do in calloc() and add a check to monitor_mm.c. OK provos@ and markus@
Revision 1.22 / (download) - annotate - [select for diffs], Mon Jul 22 17:32:56 2002 UTC (21 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.21: +3 -2 lines
Diff to previous 1.21 (colored)
u_int here; ok provos@
Revision 1.21 / (download) - annotate - [select for diffs], Thu Jun 27 10:35:47 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
use xfree()
Revision 1.20 / (download) - annotate - [select for diffs], Thu Jun 27 09:08:00 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
improve mm_zalloc check; markus ok
Revision 1.11.2.3 / (download) - annotate - [select for diffs], Wed Jun 26 18:22:35 2002 UTC (21 years, 10 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.11.2.2: +8 -4 lines
Diff to previous 1.11.2.2 (colored)
There was an update to OpenSSH 3.4, and people rejoiced.
Revision 1.9.2.3 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:38 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.9.2.2: +141 -99 lines
Diff to previous 1.9.2.2 (colored) to branchpoint 1.9 (colored)
Pull in OpenSSH-3.4
Revision 1.19 / (download) - annotate - [select for diffs], Wed Jun 26 14:49:36 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 (colored)
correct %u
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jun 26 13:20:57 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.17: +6 -2 lines
Diff to previous 1.17 (colored)
be careful in mm_zalloc
Revision 1.17 / (download) - annotate - [select for diffs], Sat Jun 22 23:09:51 2002 UTC (21 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.16: +3 -3 lines
Diff to previous 1.16 (colored)
save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@
Revision 1.11.2.2 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:17 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.11.2.1: +135 -97 lines
Diff to previous 1.11.2.1 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.16 / (download) - annotate - [select for diffs], Fri Jun 21 05:50:51 2002 UTC (21 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.15: +13 -8 lines
Diff to previous 1.15 (colored)
Don't initialise compression buffers when compression=no in sshd_config; ok Niels@
Revision 1.15 / (download) - annotate - [select for diffs], Wed Jun 19 18:01:00 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.14: +9 -6 lines
Diff to previous 1.14 (colored)
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
Revision 1.14 / (download) - annotate - [select for diffs], Tue Jun 4 23:05:49 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.13: +71 -71 lines
Diff to previous 1.13 (colored)
__FUNCTION__ -> __func__
Revision 1.13 / (download) - annotate - [select for diffs], Tue Jun 4 19:53:40 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.12: +31 -7 lines
Diff to previous 1.12 (colored)
save the session id (hash) for ssh2 (it will be passed with the initial sign request) and verify that this value is used during authentication; ok provos@
Revision 1.12 / (download) - annotate - [select for diffs], Tue Jun 4 19:42:35 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.11: +15 -9 lines
Diff to previous 1.11 (colored)
only allow enabled authentication methods; ok provos@
Revision 1.11.4.1 / (download) - annotate - [select for diffs], Sun Jun 2 22:56:10 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.11: +1 -1 lines
Diff to previous 1.11 (colored) next main 1.12 (colored)
Upgrade to OpenSSH 3.2.3. Except for improbable compilation error fixes, this should be the last commit made to the 2.9-STABLE branche. Have fun upgrading.
Revision 1.9.2.2 / (download) - annotate - [select for diffs], Sat May 18 04:50:38 2002 UTC (22 years ago) by jason
Branch: OPENBSD_3_1
Changes since 1.9.2.1: +0 -0 lines
Diff to previous 1.9.2.1 (colored) to branchpoint 1.9 (colored)
Update to OpenSSH-3.2.3
Revision 1.9.2.1 / (download) - annotate - [select for diffs], Sat May 18 04:12:10 2002 UTC (22 years ago) by jason
Branch: OPENBSD_3_1
Changes since 1.9: +40 -21 lines
Diff to previous 1.9 (colored)
Update to OpenSSH-3.2.2
Revision 1.11.2.1 / (download) - annotate - [select for diffs], Fri May 17 00:03:23 2002 UTC (22 years ago) by miod
Branch: OPENBSD_3_0
Changes since 1.11: +1 -1 lines
Diff to previous 1.11 (colored)
Update OpenSSH to version 3.2.2.
Revision 1.11 / (download) - annotate - [select for diffs], Wed May 15 15:47:49 2002 UTC (22 years ago) by mouring
Branch: MAIN
Branch point for: OPENBSD_3_0,
OPENBSD_2_9
Changes since 1.10: +20 -20 lines
Diff to previous 1.10 (colored)
'monitor' variable clashes with at least one lame platform (NeXT). Renamed to 'pmonitor'. provos@
Revision 1.10 / (download) - annotate - [select for diffs], Sun May 12 23:53:45 2002 UTC (22 years ago) by djm
Branch: MAIN
Changes since 1.9: +21 -2 lines
Diff to previous 1.9 (colored)
Fix sshd Banner option for privsep; ok markus@ provos@
Revision 1.9 / (download) - annotate - [select for diffs], Sat Mar 30 18:51:15 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.8: +4 -3 lines
Diff to previous 1.8 (colored)
check waitpid for EINTR; based on patch from peter@ifm.liu.se
Revision 1.8 / (download) - annotate - [select for diffs], Wed Mar 27 17:45:42 2002 UTC (22 years, 1 month ago) by mouring
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
monitor_allowed_key() returns int instead of pointer. ok markus@
Revision 1.7 / (download) - annotate - [select for diffs], Sun Mar 24 23:20:00 2002 UTC (22 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
remove "\n" from fatal()
Revision 1.6 / (download) - annotate - [select for diffs], Thu Mar 21 18:38:33 2002 UTC (22 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.5: +4 -4 lines
Diff to previous 1.5 (colored)
fix NULL %s on debug3(); ok markus@
Revision 1.5 / (download) - annotate - [select for diffs], Tue Mar 19 21:12:48 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.4: +4 -3 lines
Diff to previous 1.4 (colored)
use SSH_SESSION_KEY_LENGTH for key length
Revision 1.4 / (download) - annotate - [select for diffs], Tue Mar 19 14:27:39 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
make getpwnamallow() allways call pwcopy()
Revision 1.3 / (download) - annotate - [select for diffs], Tue Mar 19 10:41:32 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.2: +22 -22 lines
Diff to previous 1.2 (colored)
whitespace KNF
Revision 1.2 / (download) - annotate - [select for diffs], Tue Mar 19 10:35:39 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.1: +5 -30 lines
Diff to previous 1.1 (colored)
clean up prototypes
Revision 1.1 / (download) - annotate - [select for diffs], Mon Mar 18 17:28:37 2002 UTC (22 years, 2 months ago) by provos
Branch: MAIN
implementation of the interface between privileged and unprivileged process for ssh-privsep