![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.24 / (download) - annotate - [select for diffs], Fri May 17 00:30:24 2024 UTC (5 hours, 15 minutes ago) by djm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.23: +5 -1 lines
Diff to previous 1.23 (colored)
Start the process of splitting sshd into separate binaries. This step splits sshd into a listener and a session binary. More splits are planned. After this changes, the listener binary will validate the configuration, load the hostkeys, listen on port 22 and manage MaxStartups only. All session handling will be performed by a new sshd-session binary that the listener fork+execs. This reduces the listener process to the minimum necessary and sets us up for future work on the sshd-session binary. feedback/ok markus@ deraadt@ NB. if you're updating via source, please restart sshd after installing, otherwise you run the risk of locking yourself out.
Revision 1.23 / (download) - annotate - [select for diffs], Sat Jan 19 21:43:56 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.22: +2 -1 lines
Diff to previous 1.22 (colored)
remove last references to active_state with & ok markus@
Revision 1.22 / (download) - annotate - [select for diffs], Sat Jan 19 21:43:07 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.21: +7 -5 lines
Diff to previous 1.21 (colored)
convert monitor.c to new packet API with & ok markus@
Revision 1.21 / (download) - annotate - [select for diffs], Mon Jul 9 21:53:45 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.20: +4 -4 lines
Diff to previous 1.20 (colored)
sshd: switch monitor to sshbuf API; lots of help & ok djm@
Revision 1.20 / (download) - annotate - [select for diffs], Wed Sep 28 16:33:07 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.19: +1 -5 lines
Diff to previous 1.19 (colored)
Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
Revision 1.19 / (download) - annotate - [select for diffs], Mon Jan 19 19:52:16 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jan 29 06:18:35 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.17: +1 -6 lines
Diff to previous 1.17 (colored)
remove experimental, never-enabled JPAKE code; ok markus@
Revision 1.17 / (download) - annotate - [select for diffs], Sun Dec 2 20:34:10 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.16: +33 -31 lines
Diff to previous 1.16 (colored)
Fixes logging of partial authentication when privsep is enabled Previously, we recorded "Failed xxx" since we reset authenticated before calling auth_log() in auth2.c. This adds an explcit "Partial" state. Add a "submethod" to auth_log() to report which submethod is used for keyboard-interactive. Fix multiple authentication when one of the methods is keyboard-interactive. ok markus@
Revision 1.16 / (download) - annotate - [select for diffs], Fri Jun 17 21:44:31 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.15: +3 -1 lines
Diff to previous 1.15 (colored)
make the pre-auth privsep slave log via a socketpair shared with the monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
Revision 1.15 / (download) - annotate - [select for diffs], Tue Nov 4 08:22:13 2008 UTC (15 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.14: +7 -2 lines
Diff to previous 1.14 (colored)
Add support for an experimental zero-knowledge password authentication method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
Revision 1.13.8.1 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:32 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.13: +1 -1 lines
Diff to previous 1.13 (colored) next main 1.14 (colored)
upgrade to OpenSSH 4.4
Revision 1.13.10.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:50 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.13: +1 -1 lines
Diff to previous 1.13 (colored) next main 1.14 (colored)
upgrade to OpenSSH 4.4
Revision 1.14 / (download) - annotate - [select for diffs], Sat Mar 25 22:22:43 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.13: +1 -1 lines
Diff to previous 1.13 (colored)
standardise spacing in $OpenBSD$ tags; requested by deraadt@
Revision 1.11.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:31 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.11.2.1: +0 -0 lines
Diff to previous 1.11.2.1 (colored) to branchpoint 1.11 (colored) next main 1.12 (colored)
upgrade to OpenSSH 3.9
Revision 1.8.4.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:16 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.8.4.1: +3 -2 lines
Diff to previous 1.8.4.1 (colored) to branchpoint 1.8 (colored) next main 1.9 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.11.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:33 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.11: +3 -2 lines
Diff to previous 1.11 (colored)
upgrade to OpenSSH 3.8
Revision 1.13 / (download) - annotate - [select for diffs], Mon Nov 17 11:06:07 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_8_BASE,
OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6,
OPENBSD_3_5_BASE,
OPENBSD_3_5
Branch point for: OPENBSD_3_9,
OPENBSD_3_8
Changes since 1.12: +2 -1 lines
Diff to previous 1.12 (colored)
replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.
Revision 1.12 / (download) - annotate - [select for diffs], Tue Sep 23 20:17:11 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
Revision 1.8.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:26 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.8: +4 -3 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
upgrade to OpenSSH 3.7
Revision 1.8.4.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:43 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.8: +4 -3 lines
Diff to previous 1.8 (colored)
upgrade to OpenSSH 3.7
Revision 1.11 / (download) - annotate - [select for diffs], Thu Aug 28 12:54:34 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.10: +1 -2 lines
Diff to previous 1.10 (colored)
remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
Revision 1.10 / (download) - annotate - [select for diffs], Fri Aug 22 10:56:09 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.9: +4 -1 lines
Diff to previous 1.9 (colored)
support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
Revision 1.9 / (download) - annotate - [select for diffs], Tue Jul 22 13:35:22 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.8: +1 -2 lines
Diff to previous 1.8 (colored)
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@
Revision 1.4.2.3 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:06 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.4.2.2: +3 -1 lines
Diff to previous 1.4.2.2 (colored) next main 1.5 (colored)
Update to OpenSSH 3.5
Revision 1.3.2.4 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:52 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.3.2.3: +3 -1 lines
Diff to previous 1.3.2.3 (colored) to branchpoint 1.3 (colored) next main 1.4 (colored)
Update to OpenSSH 3.5
Revision 1.8 / (download) - annotate - [select for diffs], Thu Sep 26 11:38:43 2002 UTC (21 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_3,
OPENBSD_3_2
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)
krb4 + privsep; ok dugsong@, deraadt@
Revision 1.7 / (download) - annotate - [select for diffs], Mon Sep 9 06:48:06 2002 UTC (21 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored)
kerberos support for privsep. confirmed to work by lha@stacken.kth.se patch from markus
Revision 1.3.2.3 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:38 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.3.2.2: +3 -3 lines
Diff to previous 1.3.2.2 (colored) to branchpoint 1.3 (colored)
Pull in OpenSSH-3.4
Revision 1.4.2.2 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:17 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.4.2.1: +3 -3 lines
Diff to previous 1.4.2.1 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jun 11 05:46:20 2002 UTC (21 years, 11 months ago) by mpech
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
pid_t cleanup. Markus need this now to keep hacking. markus@, millert@ ok Note: big usr.bin/ cleanup is comming. Now I'm waiting Ok from espie@ for make/.
Revision 1.5 / (download) - annotate - [select for diffs], Thu Jun 6 01:09:41 2002 UTC (21 years, 11 months ago) by stevesk
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
no trailing comma in enum; china@thewrittenword.com
Revision 1.4.4.1 / (download) - annotate - [select for diffs], Sun Jun 2 22:56:10 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.4: +1 -1 lines
Diff to previous 1.4 (colored) next main 1.5 (colored)
Upgrade to OpenSSH 3.2.3. Except for improbable compilation error fixes, this should be the last commit made to the 2.9-STABLE branche. Have fun upgrading.
Revision 1.3.2.2 / (download) - annotate - [select for diffs], Sat May 18 04:50:38 2002 UTC (22 years ago) by jason
Branch: OPENBSD_3_1
Changes since 1.3.2.1: +0 -0 lines
Diff to previous 1.3.2.1 (colored) to branchpoint 1.3 (colored)
Update to OpenSSH-3.2.3
Revision 1.3.2.1 / (download) - annotate - [select for diffs], Sat May 18 04:12:10 2002 UTC (22 years ago) by jason
Branch: OPENBSD_3_1
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored)
Update to OpenSSH-3.2.2
Revision 1.4.2.1 / (download) - annotate - [select for diffs], Fri May 17 00:03:23 2002 UTC (22 years ago) by miod
Branch: OPENBSD_3_0
Changes since 1.4: +1 -1 lines
Diff to previous 1.4 (colored)
Update OpenSSH to version 3.2.2.
Revision 1.4 / (download) - annotate - [select for diffs], Sun May 12 23:53:45 2002 UTC (22 years ago) by djm
Branch: MAIN
Branch point for: OPENBSD_3_0,
OPENBSD_2_9
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored)
Fix sshd Banner option for privsep; ok markus@ provos@
Revision 1.3 / (download) - annotate - [select for diffs], Tue Mar 26 03:24:01 2002 UTC (22 years, 1 month ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.2: +2 -0 lines
Diff to previous 1.2 (colored)
$OpenBSD$
Revision 1.2 / (download) - annotate - [select for diffs], Tue Mar 19 10:35:39 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.1: +5 -0 lines
Diff to previous 1.1 (colored)
clean up prototypes
Revision 1.1 / (download) - annotate - [select for diffs], Mon Mar 18 17:28:37 2002 UTC (22 years, 2 months ago) by provos
Branch: MAIN
implementation of the interface between privileged and unprivileged process for ssh-privsep