![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.130 / (download) - annotate - [select for diffs], Fri May 17 00:30:24 2024 UTC (3 hours, 44 minutes ago) by djm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.129: +139 -39 lines
Diff to previous 1.129 (colored)
Start the process of splitting sshd into separate binaries. This step splits sshd into a listener and a session binary. More splits are planned. After this changes, the listener binary will validate the configuration, load the hostkeys, listen on port 22 and manage MaxStartups only. All session handling will be performed by a new sshd-session binary that the listener fork+execs. This reduces the listener process to the minimum necessary and sets us up for future work on the sshd-session binary. feedback/ok markus@ deraadt@ NB. if you're updating via source, please restart sshd after installing, otherwise you run the risk of locking yourself out.
Revision 1.129 / (download) - annotate - [select for diffs], Mon Dec 18 14:45:49 2023 UTC (4 months, 4 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.128: +2 -2 lines
Diff to previous 1.128 (colored)
add "ext-info-in-auth@openssh.com" extension This adds another transport protocol extension to allow a sshd to send SSH2_MSG_EXT_INFO during user authentication, after the server has learned the username that is being logged in to. This lets sshd to update the acceptable signature algoritms for public key authentication, and allows these to be varied via sshd_config(5) "Match" directives, which are evaluated after the server learns the username being authenticated. Full details in the PROTOCOL file
Revision 1.128 / (download) - annotate - [select for diffs], Fri Mar 31 00:44:29 2023 UTC (13 months, 2 weeks ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.127: +2 -2 lines
Diff to previous 1.127 (colored)
Check fd against >=0 instead of >0 in error path. The dup could in theory return fd 0 although currently it doesn't in practice. From Dmitry Belyavskiy vi github PR#238.
Revision 1.127 / (download) - annotate - [select for diffs], Thu Mar 30 00:49:37 2023 UTC (13 months, 2 weeks ago) by dtucker
Branch: MAIN
Changes since 1.126: +1 -3 lines
Diff to previous 1.126 (colored)
Remove dead code from inside if block. The only way the if statement can be true is if both dup()s fail, and in that case the tmp2 can never be set. Coverity CID 291805, ok djm@
Revision 1.126 / (download) - annotate - [select for diffs], Fri Jan 6 02:47:18 2023 UTC (16 months, 1 week ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.125: +2 -1 lines
Diff to previous 1.125 (colored)
Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker
Revision 1.125 / (download) - annotate - [select for diffs], Wed Jun 15 16:08:25 2022 UTC (23 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.124: +3 -4 lines
Diff to previous 1.124 (colored)
make sure that UseDNS hostname lookup happens in the monitor and not in the pledge(2)'d unprivileged process; fixes regression caused by recent refactoring spotted by henning@
Revision 1.124 / (download) - annotate - [select for diffs], Fri May 27 05:01:25 2022 UTC (23 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.123: +4 -3 lines
Diff to previous 1.123 (colored)
refactor authorized_keys/principals handling remove "struct ssh *" from arguments - this was only used to pass the remote host/address. These can be passed in instead and the resulting code is less tightly coupled to ssh_api.[ch] ok dtucker@
Revision 1.123 / (download) - annotate - [select for diffs], Thu Apr 15 16:24:31 2021 UTC (3 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.122: +3 -6 lines
Diff to previous 1.122 (colored)
do not pass file/func to monitor; noted by Ilja van Sprundel; ok djm@
Revision 1.122 / (download) - annotate - [select for diffs], Fri Nov 27 00:37:10 2020 UTC (3 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.121: +14 -8 lines
Diff to previous 1.121 (colored)
clean up passing of struct passwd from monitor to preauth privsep process. No longer copy entire struct w/ pointer addresses, but pass remaining scalar fields explicitly, Prompted by Yuichiro NAITO, feedback Thorsten Glaser; ok dtucker@
Revision 1.121 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:01 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.120: +107 -116 lines
Diff to previous 1.120 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.120 / (download) - annotate - [select for diffs], Fri Oct 16 13:26:13 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.119: +4 -1 lines
Diff to previous 1.119 (colored)
LogVerbose keyword for ssh and sshd Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@
Revision 1.119 / (download) - annotate - [select for diffs], Fri Oct 16 13:24:45 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.118: +6 -2 lines
Diff to previous 1.118 (colored)
revised log infrastructure for OpenSSH log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists. ok markus@
Revision 1.118 / (download) - annotate - [select for diffs], Thu Aug 27 01:06:18 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.117: +2 -2 lines
Diff to previous 1.117 (colored)
support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
Revision 1.117 / (download) - annotate - [select for diffs], Sun Dec 15 18:57:30 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.116: +1 -3 lines
Diff to previous 1.116 (colored)
allow security keys to act as host keys as well as user keys. Previously we didn't do this because we didn't want to expose the attack surface presented by USB and FIDO protocol handling, but now that this is insulated behind ssh-sk-helper there is less risk. ok markus@
Revision 1.116 / (download) - annotate - [select for diffs], Mon Nov 25 00:51:37 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.115: +19 -4 lines
Diff to previous 1.115 (colored)
Add new structure for signature options This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@
Revision 1.115 / (download) - annotate - [select for diffs], Mon Nov 18 16:10:05 2019 UTC (4 years, 5 months ago) by naddy
Branch: MAIN
Changes since 1.114: +2 -1 lines
Diff to previous 1.114 (colored)
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
Revision 1.114 / (download) - annotate - [select for diffs], Thu Oct 31 21:23:19 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.113: +5 -3 lines
Diff to previous 1.113 (colored)
Refactor signing - use sshkey_sign for everything, including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
Revision 1.113 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.112: +2 -2 lines
Diff to previous 1.112 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.112 / (download) - annotate - [select for diffs], Mon Jan 21 09:54:11 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.111: +3 -7 lines
Diff to previous 1.111 (colored)
Make sshpkt_get_bignum2() allocate the bignum it is parsing rather than make the caller do it. Saves a lot of boilerplate code. from markus@ ok djm@
Revision 1.111 / (download) - annotate - [select for diffs], Sat Jan 19 21:43:56 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.110: +6 -9 lines
Diff to previous 1.110 (colored)
remove last references to active_state with & ok markus@
Revision 1.110 / (download) - annotate - [select for diffs], Sat Jan 19 21:43:07 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.109: +1 -2 lines
Diff to previous 1.109 (colored)
convert monitor.c to new packet API with & ok markus@
Revision 1.109 / (download) - annotate - [select for diffs], Sat Jan 19 21:41:18 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.108: +2 -3 lines
Diff to previous 1.108 (colored)
convert auth.c to new packet API with & ok markus@
Revision 1.108 / (download) - annotate - [select for diffs], Sat Jan 19 21:31:32 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.107: +4 -1 lines
Diff to previous 1.107 (colored)
begin landing remaining refactoring of packet parsing API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@
Revision 1.107 / (download) - annotate - [select for diffs], Fri Jul 20 03:46:34 2018 UTC (5 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.106: +1 -2 lines
Diff to previous 1.106 (colored)
remove unused zlib.h
Revision 1.106 / (download) - annotate - [select for diffs], Wed Jul 11 18:53:29 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.105: +7 -10 lines
Diff to previous 1.105 (colored)
remove legacy key emulation layer; ok djm@
Revision 1.105 / (download) - annotate - [select for diffs], Tue Jul 10 09:36:58 2018 UTC (5 years, 10 months ago) by sf
Branch: MAIN
Changes since 1.104: +1 -3 lines
Diff to previous 1.104 (colored)
re-remove some pre-auth compression bits This time, make sure to not remove things that are necessary for pre-auth compression on the client. Add a comment that pre-auth compression is still supported in the client. ok markus@
Revision 1.104 / (download) - annotate - [select for diffs], Tue Jul 10 09:13:30 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.103: +2 -2 lines
Diff to previous 1.103 (colored)
kerberos/gssapi fixes for buffer removal
Revision 1.103 / (download) - annotate - [select for diffs], Mon Jul 9 21:53:45 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.102: +282 -201 lines
Diff to previous 1.102 (colored)
sshd: switch monitor to sshbuf API; lots of help & ok djm@
Revision 1.102 / (download) - annotate - [select for diffs], Mon Jul 9 21:26:02 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.101: +5 -4 lines
Diff to previous 1.101 (colored)
sshd: switch loginmsg to sshbuf API; ok djm@
Revision 1.101 / (download) - annotate - [select for diffs], Mon Jul 9 13:37:10 2018 UTC (5 years, 10 months ago) by sf
Branch: MAIN
Changes since 1.100: +3 -1 lines
Diff to previous 1.100 (colored)
Revert previous two commits It turns out we still support pre-auth compression on the client. Therefore revert the previous two commits: date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; Rename COMP_DELAYED to COMP_ZLIB Only delayed compression is supported nowadays. ok markus@ date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@
Revision 1.100 / (download) - annotate - [select for diffs], Fri Jul 6 09:05:01 2018 UTC (5 years, 10 months ago) by sf
Branch: MAIN
Changes since 1.99: +1 -3 lines
Diff to previous 1.99 (colored)
Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@
Revision 1.99 / (download) - annotate - [select for diffs], Sat Mar 3 03:15:51 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.98: +27 -17 lines
Diff to previous 1.98 (colored)
switch over to the new authorized_keys options API and remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@
Revision 1.98 / (download) - annotate - [select for diffs], Mon Jan 8 15:14:44 2018 UTC (6 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.97: +1 -2 lines
Diff to previous 1.97 (colored)
uuencode.h is not used
Revision 1.97 / (download) - annotate - [select for diffs], Thu Dec 21 00:00:28 2017 UTC (6 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)
revert stricter key type / signature type checking in userauth path; too much software generates inconsistent messages, so we need a better plan.
Revision 1.96 / (download) - annotate - [select for diffs], Mon Dec 18 02:25:15 2017 UTC (6 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.95: +3 -2 lines
Diff to previous 1.95 (colored)
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
Revision 1.95 / (download) - annotate - [select for diffs], Thu Oct 5 15:52:03 2017 UTC (6 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.94: +3 -7 lines
Diff to previous 1.94 (colored)
replace statically-sized arrays in ServerOptions with dynamic ones managed by xrecallocarray, removing some arbitrary (though large) limits and saving a bit of memory; "much nicer" markus@
Revision 1.94 / (download) - annotate - [select for diffs], Mon Oct 2 19:33:20 2017 UTC (6 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.93: +7 -1 lines
Diff to previous 1.93 (colored)
Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@
Revision 1.93 / (download) - annotate - [select for diffs], Tue Sep 12 06:32:07 2017 UTC (6 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.92: +3 -1 lines
Diff to previous 1.92 (colored)
refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
Revision 1.92 / (download) - annotate - [select for diffs], Tue May 30 14:10:53 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.91: +8 -6 lines
Diff to previous 1.91 (colored)
switch auth2-pubkey.c to modern APIs; with & ok djm@
Revision 1.91 / (download) - annotate - [select for diffs], Tue May 30 08:52:19 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.90: +8 -6 lines
Diff to previous 1.90 (colored)
switch from Key typedef with struct sshkey; ok djm@
Revision 1.90 / (download) - annotate - [select for diffs], Wed May 17 01:24:17 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.89: +2 -1 lines
Diff to previous 1.89 (colored)
allow LogLevel in sshd_config Match blocks; ok dtucker bz#2717
Revision 1.89 / (download) - annotate - [select for diffs], Sat Aug 13 17:47:41 2016 UTC (7 years, 9 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.88: +1 -151 lines
Diff to previous 1.88 (colored)
remove ssh1 server code; ok djm@
Revision 1.88 / (download) - annotate - [select for diffs], Mon Mar 7 19:02:43 2016 UTC (8 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.87: +6 -6 lines
Diff to previous 1.87 (colored)
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@
Revision 1.87 / (download) - annotate - [select for diffs], Thu Jan 14 16:17:40 2016 UTC (8 years, 4 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.86: +1 -2 lines
Diff to previous 1.86 (colored)
remove roaming support; ok djm@
Revision 1.86 / (download) - annotate - [select for diffs], Fri Dec 4 16:41:28 2015 UTC (8 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.85: +3 -2 lines
Diff to previous 1.85 (colored)
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@
Revision 1.85 / (download) - annotate - [select for diffs], Fri May 1 03:23:51 2015 UTC (9 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.84: +9 -6 lines
Diff to previous 1.84 (colored)
prevent authorized_keys options picked up on public key tests without a corresponding private key authentication being applied to other authentication methods. Reported by halex@, ok markus@
Revision 1.84 / (download) - annotate - [select for diffs], Mon Feb 16 22:13:32 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.83: +4 -3 lines
Diff to previous 1.83 (colored)
Revise hostkeys@openssh.com hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
Revision 1.83 / (download) - annotate - [select for diffs], Mon Jan 19 20:16:15 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.82: +3 -3 lines
Diff to previous 1.82 (colored)
adapt kex to sshbuf and struct ssh; ok djm@
Revision 1.82 / (download) - annotate - [select for diffs], Mon Jan 19 19:52:16 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.81: +14 -230 lines
Diff to previous 1.81 (colored)
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
Revision 1.81 / (download) - annotate - [select for diffs], Tue Jan 13 19:31:40 2015 UTC (9 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.80: +2 -2 lines
Diff to previous 1.80 (colored)
adapt mac.c to ssherr.h return codes (de-fatal) and simplify dependencies ok djm@
Revision 1.80 / (download) - annotate - [select for diffs], Tue Apr 29 18:01:49 2014 UTC (10 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.79: +11 -2 lines
Diff to previous 1.79 (colored)
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Revision 1.79 / (download) - annotate - [select for diffs], Sun Feb 2 03:44:31 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.78: +3 -3 lines
Diff to previous 1.78 (colored)
convert memset of potentially-private data to explicit_bzero()
Revision 1.78 / (download) - annotate - [select for diffs], Wed Jan 29 06:18:35 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.77: +1 -164 lines
Diff to previous 1.77 (colored)
remove experimental, never-enabled JPAKE code; ok markus@
Revision 1.75.2.1 / (download) - annotate - [select for diffs], Fri Nov 8 05:52:21 2013 UTC (10 years, 6 months ago) by djm
Branch: OPENBSD_5_3
Changes since 1.75: +2 -2 lines
Diff to previous 1.75 (colored) next main 1.76 (colored)
openssh-6.4 for the 5.3 branch; reminded by deraadt@
Revision 1.76.2.1 / (download) - annotate - [select for diffs], Fri Nov 8 00:25:26 2013 UTC (10 years, 6 months ago) by djm
Branch: OPENBSD_5_4
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored) next main 1.77 (colored)
cherrypick commit:
Revision 1.77 / (download) - annotate - [select for diffs], Wed Nov 6 16:52:11 2013 UTC (10 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)
fix rekeying for AES-GCM modes; ok deraadt fix rekeying for AES-GCM modes; ok deraadt
Revision 1.77 / (download) - annotate - [select for diffs], Wed Nov 6 16:52:11 2013 UTC (10 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)
fix rekeying for AES-GCM modes; ok deraadt fix rekeying for AES-GCM modes; ok deraadt
Revision 1.76 / (download) - annotate - [select for diffs], Fri May 17 00:13:13 2013 UTC (11 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE
Branch point for: OPENBSD_5_4
Changes since 1.75: +15 -15 lines
Diff to previous 1.75 (colored)
bye, bye xfree(); ok markus@
Revision 1.75 / (download) - annotate - [select for diffs], Tue Jan 8 18:49:04 2013 UTC (11 years, 4 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE
Branch point for: OPENBSD_5_3
Changes since 1.74: +20 -19 lines
Diff to previous 1.74 (colored)
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
Revision 1.74 / (download) - annotate - [select for diffs], Mon Oct 1 13:59:51 2012 UTC (11 years, 7 months ago) by naddy
Branch: MAIN
Changes since 1.73: +2 -2 lines
Diff to previous 1.73 (colored)
pasto; ok djm@
Revision 1.73 / (download) - annotate - [select for diffs], Fri Jun 17 21:44:31 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.72: +27 -1 lines
Diff to previous 1.72 (colored)
make the pre-auth privsep slave log via a socketpair shared with the monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
Revision 1.72 / (download) - annotate - [select for diffs], Mon May 23 03:30:07 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.71: +7 -2 lines
Diff to previous 1.71 (colored)
allow AuthorizedKeysFile to specify multiple files, separated by spaces. Bring back authorized_keys2 as a default search path (to avoid breaking existing users of this file), but override this in sshd_config so it will be no longer used on fresh installs. Maybe in 2015 we can remove it entierly :) feedback and ok markus@ dtucker@
Revision 1.71 / (download) - annotate - [select for diffs], Fri May 20 03:25:45 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.70: +10 -3 lines
Diff to previous 1.70 (colored)
use a macro to define which string options to copy between configs for Match. This avoids problems caused by forgetting to keep three code locations in perfect sync and ordering "this is at once beautiful and horrible" + ok dtucker@
Revision 1.70 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.69: +2 -1 lines
Diff to previous 1.69 (colored)
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
Revision 1.69 / (download) - annotate - [select for diffs], Sun Mar 7 11:57:13 2010 UTC (14 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.68: +1 -18 lines
Diff to previous 1.68 (colored)
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
Revision 1.68 / (download) - annotate - [select for diffs], Mon Jun 22 05:39:28 2009 UTC (14 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.67: +5 -5 lines
Diff to previous 1.67 (colored)
alphabetize includes; reduces diff vs portable and style(9). ok stevesk djm
Revision 1.67 / (download) - annotate - [select for diffs], Thu May 28 16:50:16 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
Changes since 1.66: +8 -1 lines
Diff to previous 1.66 (colored)
Keep track of number of bytes read and written. Needed for upcoming changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@
Revision 1.66 / (download) - annotate - [select for diffs], Mon May 25 06:48:01 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
Changes since 1.65: +9 -8 lines
Diff to previous 1.65 (colored)
Put the globals in packet.c into a struct and don't access it directly from other files. No functional changes. ok markus@ djm@
Revision 1.65 / (download) - annotate - [select for diffs], Thu Mar 5 07:18:19 2009 UTC (15 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.64: +5 -4 lines
Diff to previous 1.64 (colored)
refactor the (disabled) Schnorr proof code to make it a little more generally useful
Revision 1.64 / (download) - annotate - [select for diffs], Tue Nov 4 08:22:13 2008 UTC (15 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.63: +165 -1 lines
Diff to previous 1.63 (colored)
Add support for an experimental zero-knowledge password authentication method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
Revision 1.63 / (download) - annotate - [select for diffs], Thu Jul 10 18:08:11 2008 UTC (15 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.62: +6 -4 lines
Diff to previous 1.62 (colored)
sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@
Revision 1.62 / (download) - annotate - [select for diffs], Thu May 8 12:21:16 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.61: +18 -4 lines
Diff to previous 1.61 (colored)
Make the maximum number of sessions run-time controllable via a sshd_config MaxSessions knob. This is useful for disabling login/shell/subsystem access while leaving port-forwarding working (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or simply increasing the number of allows multiplexed sessions. Because some bozos are sure to configure MaxSessions in excess of the number of available file descriptors in sshd (which, at peak, might be as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds on error paths, and make it fail gracefully on out-of-fd conditions - sending channel errors instead of than exiting with fatal(). bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com ok markus@
Revision 1.61 / (download) - annotate - [select for diffs], Thu May 8 12:02:23 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.60: +2 -1 lines
Diff to previous 1.60 (colored)
Implement a channel success/failure status confirmation callback mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
Revision 1.60 / (download) - annotate - [select for diffs], Mon Oct 29 04:08:08 2007 UTC (16 years, 6 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.59: +4 -3 lines
Diff to previous 1.59 (colored)
Send config block back to slave for invalid users too so options set by a Match block (eg Banner) behave the same for non-existent users. Found by and ok djm@
Revision 1.59 / (download) - annotate - [select for diffs], Fri Sep 21 08:15:29 2007 UTC (16 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.58: +1 -61 lines
Diff to previous 1.58 (colored)
unifdef -DBSD_AUTH unifdef -USKEY These options have been in use for some years; ok markus@ "no objection" millert@
Revision 1.58 / (download) - annotate - [select for diffs], Tue Sep 4 03:21:03 2007 UTC (16 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.57: +4 -3 lines
Diff to previous 1.57 (colored)
make file descriptor passing code return an error rather than call fatal() when it encounters problems, and use this to make session multiplexing masters survive slaves failing to pass all stdio FDs; ok markus@
Revision 1.57 / (download) - annotate - [select for diffs], Thu Jun 7 19:37:34 2007 UTC (16 years, 11 months ago) by pvalchev
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)
Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
Revision 1.56 / (download) - annotate - [select for diffs], Tue Jun 5 06:52:37 2007 UTC (16 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored)
Preserve MAC ctx between packets, saving 2xhash calls per-packet. Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm committing at his request)
Revision 1.55 / (download) - annotate - [select for diffs], Mon Feb 19 10:45:58 2007 UTC (17 years, 3 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.54: +17 -4 lines
Diff to previous 1.54 (colored)
Teach Match how handle config directives that are used before authentication. This allows configurations such as permitting password authentication from the local net only while requiring pubkey from offsite. ok djm@, man page bits ok jmc@
Revision 1.40.2.1 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:32 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.40: +27 -24 lines
Diff to previous 1.40 (colored) next main 1.41 (colored)
upgrade to OpenSSH 4.4
Revision 1.40.4.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:50 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.40: +27 -24 lines
Diff to previous 1.40 (colored) next main 1.41 (colored)
upgrade to OpenSSH 4.4
Revision 1.54 / (download) - annotate - [select for diffs], Sat Aug 12 20:46:46 2006 UTC (17 years, 9 months ago) by miod
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)
Revert previous include file ordering change, for ssh to compile under gcc2 (or until openssl include files are cleaned of parameter names in function prototypes)
Revision 1.53 / (download) - annotate - [select for diffs], Sun Aug 6 01:13:32 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.52: +2 -2 lines
Diff to previous 1.52 (colored)
"zlib.h" can be <zlib.h>; ok djm@ markus@
Revision 1.52 / (download) - annotate - [select for diffs], Sat Aug 5 08:28:24 2006 UTC (17 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.51: +2 -3 lines
Diff to previous 1.51 (colored)
Zap unused variables in -DSKEY code. ok djm@
Revision 1.51 / (download) - annotate - [select for diffs], Sat Aug 5 07:52:52 2006 UTC (17 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.50: +3 -1 lines
Diff to previous 1.50 (colored)
Add headers required to build with KERBEROS5=no. ok djm@
Revision 1.50 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.49: +10 -11 lines
Diff to previous 1.49 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.49 / (download) - annotate - [select for diffs], Tue Aug 1 23:22:47 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.48: +2 -1 lines
Diff to previous 1.48 (colored)
move #include <stdio.h> out of includes.h
Revision 1.48 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.47: +2 -1 lines
Diff to previous 1.47 (colored)
move #include <string.h> out of includes.h
Revision 1.47 / (download) - annotate - [select for diffs], Tue Jul 11 20:07:25 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.46: +2 -1 lines
Diff to previous 1.46 (colored)
move #include <errno.h> out of includes.h; ok markus@
Revision 1.46 / (download) - annotate - [select for diffs], Thu Jul 6 16:03:53 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.45: +5 -1 lines
Diff to previous 1.45 (colored)
move #include <pwd.h> out of includes.h; ok markus@
Revision 1.45 / (download) - annotate - [select for diffs], Thu Mar 30 09:58:15 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.44: +4 -4 lines
Diff to previous 1.44 (colored)
replace {GET,PUT}_XXBIT macros with functionally similar functions,
silencing a heap of lint warnings. also allows them to use
__bounded__ checking which can't be applied to macros; requested
by and feedback from deraadt@
Revision 1.44 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.43: +1 -0 lines
Diff to previous 1.43 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.43 / (download) - annotate - [select for diffs], Sat Mar 25 00:05:41 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.42: +3 -7 lines
Diff to previous 1.42 (colored)
introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
Revision 1.42 / (download) - annotate - [select for diffs], Mon Mar 20 18:14:02 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.41: +1 -1 lines
Diff to previous 1.41 (colored)
sprinkle u_int throughout pty subsystem, ok markus
Revision 1.41 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:18 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.40: +0 -1 lines
Diff to previous 1.40 (colored)
RCSID() can die
Revision 1.39.4.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:02 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.39: +8 -11 lines
Diff to previous 1.39 (colored) next main 1.40 (colored)
upgrade to OpenSSH 4.2
Revision 1.39.2.1 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:00 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.39: +8 -11 lines
Diff to previous 1.39 (colored) next main 1.40 (colored)
upgrade to OpenSSH 4.2
Revision 1.40 / (download) - annotate - [select for diffs], Tue May 24 17:32:43 2005 UTC (18 years, 11 months ago) by avsm
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_9,
OPENBSD_3_8
Changes since 1.39: +8 -11 lines
Diff to previous 1.39 (colored)
Switch atomicio to use a simpler interface; it now returns a size_t
(containing number of bytes read/written), and indicates error by
returning 0. EOF is signalled by errno==EPIPE.
Typical use now becomes:
if (atomicio(read, ..., len) != len)
err(1,"read");
ok deraadt@, cloder@, djm@
Revision 1.31.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:31 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.31.2.1: +24 -17 lines
Diff to previous 1.31.2.1 (colored) to branchpoint 1.31 (colored) next main 1.32 (colored)
upgrade to OpenSSH 3.9
Revision 1.35.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:26 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.35: +24 -17 lines
Diff to previous 1.35 (colored) next main 1.36 (colored)
upgrade to OpenSSH 3.9
Revision 1.39 / (download) - annotate - [select for diffs], Sat Jul 17 05:31:41 2004 UTC (19 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_7,
OPENBSD_3_6
Changes since 1.38: +7 -2 lines
Diff to previous 1.38 (colored)
Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@
Revision 1.38 / (download) - annotate - [select for diffs], Sat Jul 3 11:02:25 2004 UTC (19 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.37: +3 -1 lines
Diff to previous 1.37 (colored)
Put s/key functions inside #ifdef SKEY same as monitor.c, from des@freebsd via bz #330, ok markus@
Revision 1.37 / (download) - annotate - [select for diffs], Tue Jun 22 05:05:45 2004 UTC (19 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.36: +3 -3 lines
Diff to previous 1.36 (colored)
Change login->username, will prevent -Wshadow errors in Portable; ok markus@
Revision 1.36 / (download) - annotate - [select for diffs], Mon Jun 21 17:36:31 2004 UTC (19 years, 10 months ago) by avsm
Branch: MAIN
Changes since 1.35: +14 -14 lines
Diff to previous 1.35 (colored)
make ssh -Wshadow clean, no functional changes markus@ ok
Revision 1.22.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:16 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.22.2.1: +41 -6 lines
Diff to previous 1.22.2.1 (colored) to branchpoint 1.22 (colored) next main 1.23 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.31.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:33 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.31: +41 -6 lines
Diff to previous 1.31 (colored)
upgrade to OpenSSH 3.8
Revision 1.35 / (download) - annotate - [select for diffs], Mon Nov 17 11:06:07 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.34: +20 -1 lines
Diff to previous 1.34 (colored)
replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.
Revision 1.34 / (download) - annotate - [select for diffs], Wed Oct 15 09:48:45 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
check pmonitor != NULL
Revision 1.33 / (download) - annotate - [select for diffs], Sat Oct 11 11:36:23 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.32: +10 -3 lines
Diff to previous 1.32 (colored)
return NULL for missing banner; ok djm@
Revision 1.32 / (download) - annotate - [select for diffs], Tue Sep 23 20:17:11 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.31: +13 -4 lines
Diff to previous 1.31 (colored)
replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
Revision 1.19.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:26 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.19.2.1: +64 -56 lines
Diff to previous 1.19.2.1 (colored) to branchpoint 1.19 (colored) next main 1.20 (colored)
upgrade to OpenSSH 3.7
Revision 1.22.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:43 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.22: +64 -56 lines
Diff to previous 1.22 (colored)
upgrade to OpenSSH 3.7
Revision 1.31 / (download) - annotate - [select for diffs], Thu Aug 28 12:54:34 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.30: +1 -36 lines
Diff to previous 1.30 (colored)
remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
Revision 1.30 / (download) - annotate - [select for diffs], Sun Aug 24 17:36:52 2003 UTC (20 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.29: +4 -2 lines
Diff to previous 1.29 (colored)
64 bit cleanups; markus ok
Revision 1.29 / (download) - annotate - [select for diffs], Fri Aug 22 10:56:09 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.28: +71 -2 lines
Diff to previous 1.28 (colored)
support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
Revision 1.28 / (download) - annotate - [select for diffs], Tue Jul 22 13:35:22 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.27: +1 -37 lines
Diff to previous 1.27 (colored)
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@
Revision 1.27 / (download) - annotate - [select for diffs], Sat Jun 28 16:23:06 2003 UTC (20 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.26: +3 -3 lines
Diff to previous 1.26 (colored)
deal with typing of write vs read in atomicio
Revision 1.26 / (download) - annotate - [select for diffs], Mon Apr 7 08:29:57 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
typo: get correct counters; introduced during rekeying change.
Revision 1.5.2.5 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:17 2003 UTC (21 years, 1 month ago) by miod
Branch: OPENBSD_3_1
Changes since 1.5.2.4: +22 -10 lines
Diff to previous 1.5.2.4 (colored) to branchpoint 1.5 (colored) next main 1.6 (colored)
Merge OpenSSH 3.6.1
Revision 1.25 / (download) - annotate - [select for diffs], Wed Apr 2 09:48:07 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.24: +11 -3 lines
Diff to previous 1.24 (colored)
reapply rekeying chage, tested by henning@, ok djm@
Revision 1.24 / (download) - annotate - [select for diffs], Tue Apr 1 10:22:21 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.23: +3 -11 lines
Diff to previous 1.23 (colored)
backout rekeying changes (for 3.6.1)
Revision 1.23 / (download) - annotate - [select for diffs], Tue Apr 1 10:10:23 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.22: +11 -3 lines
Diff to previous 1.22 (colored)
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
Revision 1.19.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:13 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.19: +22 -10 lines
Diff to previous 1.19 (colored)
Update to OpenSSH 3.6
Revision 1.22 / (download) - annotate - [select for diffs], Sun Feb 16 17:30:33 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.21: +14 -3 lines
Diff to previous 1.21 (colored)
fix permitrootlogin forced-commands-only for privsep; bux #387; ok provos@
Revision 1.21 / (download) - annotate - [select for diffs], Tue Feb 4 09:33:22 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.20: +8 -7 lines
Diff to previous 1.20 (colored)
skey/bsdauth: use 0 to indicate failure instead of -1, because the buffer API only supports unsigned ints.
Revision 1.20 / (download) - annotate - [select for diffs], Thu Nov 21 23:03:51 2002 UTC (21 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
KNF
Revision 1.7.2.3 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:06 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.7.2.2: +86 -16 lines
Diff to previous 1.7.2.2 (colored) next main 1.8 (colored)
Update to OpenSSH 3.5
Revision 1.5.2.4 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:52 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.5.2.3: +86 -16 lines
Diff to previous 1.5.2.3 (colored) to branchpoint 1.5 (colored)
Update to OpenSSH 3.5
Revision 1.19 / (download) - annotate - [select for diffs], Thu Sep 26 11:38:43 2002 UTC (21 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.18: +37 -1 lines
Diff to previous 1.18 (colored)
krb4 + privsep; ok dugsong@, deraadt@
Revision 1.18 / (download) - annotate - [select for diffs], Mon Sep 9 14:54:15 2002 UTC (21 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
signed vs unsigned from -pedantic; ok henning@
Revision 1.17 / (download) - annotate - [select for diffs], Mon Sep 9 06:48:06 2002 UTC (21 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.16: +36 -1 lines
Diff to previous 1.16 (colored)
kerberos support for privsep. confirmed to work by lha@stacken.kth.se patch from markus
Revision 1.16 / (download) - annotate - [select for diffs], Thu Jul 4 10:41:47 2002 UTC (21 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.15: +7 -10 lines
Diff to previous 1.15 (colored)
don't allocate, copy, and discard if there is not interested in the data; ok deraadt@
Revision 1.15 / (download) - annotate - [select for diffs], Thu Jul 4 04:15:33 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.14: +3 -1 lines
Diff to previous 1.14 (colored)
patch memory leaks; grendel@zeitbombe.org
Revision 1.14 / (download) - annotate - [select for diffs], Sun Jun 30 21:59:45 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.13: +3 -3 lines
Diff to previous 1.13 (colored)
minor KNF
Revision 1.13 / (download) - annotate - [select for diffs], Fri Jun 28 01:50:37 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)
use ssize_t
Revision 1.5.2.3 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:38 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.5.2.2: +75 -67 lines
Diff to previous 1.5.2.2 (colored) to branchpoint 1.5 (colored)
Pull in OpenSSH-3.4
Revision 1.12 / (download) - annotate - [select for diffs], Wed Jun 26 15:00:32 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.11: +4 -4 lines
Diff to previous 1.11 (colored)
more %u
Revision 1.7.2.2 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:17 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.7.2.1: +75 -67 lines
Diff to previous 1.7.2.1 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.11 / (download) - annotate - [select for diffs], Wed Jun 19 18:01:00 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.10: +11 -3 lines
Diff to previous 1.10 (colored)
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
Revision 1.10 / (download) - annotate - [select for diffs], Wed Jun 19 00:27:55 2002 UTC (21 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.9: +5 -5 lines
Diff to previous 1.9 (colored)
KNF done automatically while reading....
Revision 1.9 / (download) - annotate - [select for diffs], Fri Jun 14 21:35:00 2002 UTC (21 years, 11 months ago) by todd
Branch: MAIN
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)
spelling; from Brian Poole <raj@cerias.purdue.edu>
Revision 1.8 / (download) - annotate - [select for diffs], Tue Jun 4 23:05:49 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.7: +62 -62 lines
Diff to previous 1.7 (colored)
__FUNCTION__ -> __func__
Revision 1.7.4.1 / (download) - annotate - [select for diffs], Sun Jun 2 22:56:10 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.7: +1 -1 lines
Diff to previous 1.7 (colored) next main 1.8 (colored)
Upgrade to OpenSSH 3.2.3. Except for improbable compilation error fixes, this should be the last commit made to the 2.9-STABLE branche. Have fun upgrading.
Revision 1.5.2.2 / (download) - annotate - [select for diffs], Sat May 18 04:50:38 2002 UTC (22 years ago) by jason
Branch: OPENBSD_3_1
Changes since 1.5.2.1: +0 -0 lines
Diff to previous 1.5.2.1 (colored) to branchpoint 1.5 (colored)
Update to OpenSSH-3.2.3
Revision 1.5.2.1 / (download) - annotate - [select for diffs], Sat May 18 04:12:11 2002 UTC (22 years ago) by jason
Branch: OPENBSD_3_1
Changes since 1.5: +60 -42 lines
Diff to previous 1.5 (colored)
Update to OpenSSH-3.2.2
Revision 1.7.2.1 / (download) - annotate - [select for diffs], Fri May 17 00:03:23 2002 UTC (22 years ago) by miod
Branch: OPENBSD_3_0
Changes since 1.7: +1 -1 lines
Diff to previous 1.7 (colored)
Update OpenSSH to version 3.2.2.
Revision 1.7 / (download) - annotate - [select for diffs], Wed May 15 15:47:49 2002 UTC (22 years ago) by mouring
Branch: MAIN
Branch point for: OPENBSD_3_0,
OPENBSD_2_9
Changes since 1.6: +44 -44 lines
Diff to previous 1.6 (colored)
'monitor' variable clashes with at least one lame platform (NeXT). Renamed to 'pmonitor'. provos@
Revision 1.6 / (download) - annotate - [select for diffs], Sun May 12 23:53:45 2002 UTC (22 years ago) by djm
Branch: MAIN
Changes since 1.5: +19 -1 lines
Diff to previous 1.5 (colored)
Fix sshd Banner option for privsep; ok markus@ provos@
Revision 1.5 / (download) - annotate - [select for diffs], Mon Mar 25 20:12:10 2002 UTC (22 years, 1 month ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.4: +3 -3 lines
Diff to previous 1.4 (colored)
ssize_t args use "%ld" and cast to (long) size_t args use "%lu" and cast to (u_long) ok markus@ and thanks millert@
Revision 1.4 / (download) - annotate - [select for diffs], Tue Mar 19 14:27:39 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.3: +1 -13 lines
Diff to previous 1.3 (colored)
make getpwnamallow() allways call pwcopy()
Revision 1.3 / (download) - annotate - [select for diffs], Tue Mar 19 10:41:32 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.2: +6 -6 lines
Diff to previous 1.2 (colored)
whitespace KNF
Revision 1.2 / (download) - annotate - [select for diffs], Tue Mar 19 10:35:39 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.1: +4 -4 lines
Diff to previous 1.1 (colored)
clean up prototypes
Revision 1.1 / (download) - annotate - [select for diffs], Mon Mar 18 17:28:37 2002 UTC (22 years, 2 months ago) by provos
Branch: MAIN
implementation of the interface between privileged and unprivileged process for ssh-privsep