Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.156 / (download) - annotate - [select for diffs], Mon Mar 4 02:16:11 2024 UTC (3 months, 1 week ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.155: +3 -3 lines
Diff to previous 1.155 (colored)
Separate parsing of string array options from applying them to the active configuration. This fixes the config parser from erroneously rejecting cases like: AuthenticationMethods password Match User ivy AuthenticationMethods any bz3657 ok markus@
Revision 1.155 / (download) - annotate - [select for diffs], Thu Jan 11 01:45:36 2024 UTC (4 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.154: +2 -2 lines
Diff to previous 1.154 (colored)
make DSA key support compile-time optional, defaulting to on ok markus@
Revision 1.154 / (download) - annotate - [select for diffs], Thu Oct 12 02:18:18 2023 UTC (7 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.153: +2 -2 lines
Diff to previous 1.153 (colored)
add %j token that expands to the configured ProxyJump hostname (or the empty string if this option is not being used). bz3610, ok dtucker
Revision 1.153 / (download) - annotate - [select for diffs], Wed Oct 11 22:42:26 2023 UTC (7 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.152: +4 -1 lines
Diff to previous 1.152 (colored)
add ChannelTimeout support to the client, mirroring the same option in the server. ok markus@
Revision 1.152 / (download) - annotate - [select for diffs], Mon Aug 28 03:31:16 2023 UTC (9 months, 1 week ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.151: +7 -1 lines
Diff to previous 1.151 (colored)
Add keystroke timing obfuscation to the client. This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword/ feedback/ok markus@
Revision 1.151 / (download) - annotate - [select for diffs], Mon Jul 17 04:08:31 2023 UTC (10 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.150: +2 -1 lines
Diff to previous 1.150 (colored)
Add support for configuration tags to ssh(1). This adds a ssh_config(5) "Tag" directive and corresponding "Match tag" predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. ok markus
Revision 1.150 / (download) - annotate - [select for diffs], Fri Jan 13 02:58:20 2023 UTC (16 months, 3 weeks ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.149: +2 -1 lines
Diff to previous 1.149 (colored)
Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@
Revision 1.149 / (download) - annotate - [select for diffs], Mon Nov 28 01:37:36 2022 UTC (18 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.148: +2 -1 lines
Diff to previous 1.148 (colored)
New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while
Revision 1.148 / (download) - annotate - [select for diffs], Sat Sep 17 10:33:18 2022 UTC (20 months, 3 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.147: +3 -1 lines
Diff to previous 1.147 (colored)
add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@
Revision 1.147 / (download) - annotate - [select for diffs], Fri Jun 3 04:30:47 2022 UTC (2 years ago) by djm
Branch: MAIN
Changes since 1.146: +5 -5 lines
Diff to previous 1.146 (colored)
Make SetEnv directives first-match-wins in both sshd_config and sshd_config; previously if the same name was reused then the last would win (which is the opposite to how the config is supposed to work). While there, make the ssh_config parsing more like sshd_config. bz3438, ok dtucker
Revision 1.146 / (download) - annotate - [select for diffs], Sun Dec 19 22:14:47 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.145: +6 -1 lines
Diff to previous 1.145 (colored)
PubkeyAuthentication=yes|no|unbound|host-bound Allow control over which pubkey methods are used. Added out of concern that some hardware devices may have difficulty signing the longer pubkey authentication challenges. This provides a way for them to disable the extension. It's also handy for testing. feedback / ok markus@
Revision 1.145 / (download) - annotate - [select for diffs], Wed Sep 15 06:56:01 2021 UTC (2 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.144: +2 -1 lines
Diff to previous 1.144 (colored)
allow CanonicalizePermittedCNAMEs=none in ssh_config; ok markus@
Revision 1.144 / (download) - annotate - [select for diffs], Fri Jul 23 04:04:52 2021 UTC (2 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.143: +2 -1 lines
Diff to previous 1.143 (colored)
Add a ForkAfterAuthentication ssh_config(5) counterpart to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok dtucker
Revision 1.143 / (download) - annotate - [select for diffs], Fri Jul 23 04:00:59 2021 UTC (2 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.142: +2 -1 lines
Diff to previous 1.142 (colored)
Add a StdinNull directive to ssh_config(5) that allows the config file to do the same thing as -n does on the ssh(1) commandline. Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
Revision 1.142 / (download) - annotate - [select for diffs], Tue Jul 13 23:48:36 2021 UTC (2 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.141: +6 -1 lines
Diff to previous 1.141 (colored)
add a SessionType directive to ssh_config, allowing the configuration file to offer equivalent control to the -N (no session) and -s (subsystem) command-line flags. Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; feedback and ok dtucker@
Revision 1.141 / (download) - annotate - [select for diffs], Fri Jul 2 05:11:21 2021 UTC (2 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.140: +1 -3 lines
Diff to previous 1.140 (colored)
Remove references to ChallengeResponseAuthentication in favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but not entirely equivalent. We retain the old name as deprecated alias so config files continue to work and a reference in the man page for people looking for it. Prompted by bz#3303 which pointed out the discrepancy between the two when used with Match. Man page help & ok jmc@, with & ok djm@
Revision 1.140 / (download) - annotate - [select for diffs], Mon Feb 15 20:43:15 2021 UTC (3 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.139: +5 -1 lines
Diff to previous 1.139 (colored)
ssh: add PermitRemoteOpen for remote dynamic forwarding with SOCKS ok djm@, dtucker@
Revision 1.139 / (download) - annotate - [select for diffs], Tue Jan 26 05:32:21 2021 UTC (3 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.138: +2 -2 lines
Diff to previous 1.138 (colored)
Rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@
Revision 1.138 / (download) - annotate - [select for diffs], Fri Jan 22 02:44:58 2021 UTC (3 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.137: +2 -2 lines
Diff to previous 1.137 (colored)
Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
Revision 1.137 / (download) - annotate - [select for diffs], Tue Dec 22 00:15:23 2020 UTC (3 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.136: +3 -1 lines
Diff to previous 1.136 (colored)
add a ssh_config KnownHostsCommand that allows the client to obtain known_hosts data from a command in addition to the usual files. The command accepts bunch of %-expansions, including details of the connection and the offered server host key. Note that the command may be invoked up to three times per connection (see the manpage for details). ok markus@
Revision 1.136 / (download) - annotate - [select for diffs], Thu Dec 17 23:10:27 2020 UTC (3 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.135: +3 -2 lines
Diff to previous 1.135 (colored)
prepare readconf.c for fuzzing; remove fatal calls and fix some (one-off) memory leaks; ok markus@
Revision 1.135 / (download) - annotate - [select for diffs], Fri Oct 16 13:26:13 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.134: +3 -2 lines
Diff to previous 1.134 (colored)
LogVerbose keyword for ssh and sshd Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@
Revision 1.134 / (download) - annotate - [select for diffs], Tue Aug 11 09:49:57 2020 UTC (3 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.133: +2 -1 lines
Diff to previous 1.133 (colored)
let ssh_config(5)'s AddKeysToAgent keyword accept a time limit for keys in addition to its current flag options. Time-limited keys will automatically be removed from ssh-agent after their expiry time has passed; ok markus@
Revision 1.133 / (download) - annotate - [select for diffs], Fri Apr 3 02:27:12 2020 UTC (4 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.132: +3 -1 lines
Diff to previous 1.132 (colored)
Make with config keywords support which percent_expansions more consistent. - %C is moved into its own function and added to Match Exec. - move the common (global) options into a macro. This is ugly but it's the least-ugly way I could come up with. - move IdentityAgent and ForwardAgent percent expansion to before the config dump to make it regression-testable. - document all of the above ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest.
Revision 1.132 / (download) - annotate - [select for diffs], Thu Jan 23 02:46:49 2020 UTC (4 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.131: +2 -1 lines
Diff to previous 1.131 (colored)
Remove unsupported algorithms from list of defaults at run time and remove ifdef and distinct settings for OPENSSL=no case. This will make things much simpler for -portable where the exact set of algos depends on the configuration of both OpenSSH and the libcrypto it's linked against (if any). ok djm@
Revision 1.131 / (download) - annotate - [select for diffs], Sat Dec 21 02:19:13 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.130: +2 -1 lines
Diff to previous 1.130 (colored)
Allow forwarding a different agent socket to the path specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. Patch by Eric Chiang, manpage by me; ok markus@
Revision 1.130 / (download) - annotate - [select for diffs], Thu Oct 31 21:18:28 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.129: +2 -1 lines
Diff to previous 1.129 (colored)
ssh client support for U2F/FIDO keys
Revision 1.129 / (download) - annotate - [select for diffs], Fri Nov 23 05:08:07 2018 UTC (5 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.128: +3 -3 lines
Diff to previous 1.128 (colored)
add a ssh_config "Match final" predicate Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
Revision 1.128 / (download) - annotate - [select for diffs], Thu Sep 20 03:30:44 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.127: +2 -1 lines
Diff to previous 1.127 (colored)
add CASignatureAlgorithms option for the client, allowing it to specify which signature algorithms may be used by CAs when signing certificates. Useful if you want to ban RSA/SHA1; ok markus@
Revision 1.127 / (download) - annotate - [select for diffs], Thu Jul 19 10:28:47 2018 UTC (5 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.126: +1 -2 lines
Diff to previous 1.126 (colored)
Deprecate UsePrivilegedPort now that support for running ssh(1) setuid has been removed, remove supporting code and clean up references to it in the man pages We have not shipped ssh(1) the setuid bit since 2002. If ayone really needs to make connections from a low port number this can be implemented via a small setuid ProxyCommand. ok markus@ jmc@ djm@
Revision 1.126 / (download) - annotate - [select for diffs], Sat Jun 9 03:01:12 2018 UTC (6 years ago) by djm
Branch: MAIN
Changes since 1.125: +4 -3 lines
Diff to previous 1.125 (colored)
add a SetEnv directive to ssh_config that allows setting environment variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@
Revision 1.125 / (download) - annotate - [select for diffs], Fri Feb 23 02:34:33 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.124: +2 -1 lines
Diff to previous 1.124 (colored)
Add BindInterface ssh_config directive and -B command-line argument to ssh(1) that directs it to bind its outgoing connection to the address of the specified network interface. BindInterface prefers to use addresses that aren't loopback or link- local, but will fall back to those if no other addresses of the required family are available on that interface. Based on patch by Mike Manning in bz#2820, ok dtucker@
Revision 1.124 / (download) - annotate - [select for diffs], Sat Oct 21 23:06:24 2017 UTC (6 years, 7 months ago) by millert
Branch: MAIN
Changes since 1.123: +2 -1 lines
Diff to previous 1.123 (colored)
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
Revision 1.123 / (download) - annotate - [select for diffs], Sun Sep 3 23:33:13 2017 UTC (6 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.122: +6 -1 lines
Diff to previous 1.122 (colored)
Expand ssh_config's StrictModes option with two new settings: StrictModes=accept-new will automatically accept hitherto-unseen keys but will refuse connections for changed or invalid hostkeys. StrictModes=off is the same as StrictModes=no Motivation: StrictModes=no combines two behaviours for host key processing: automatically learning new hostkeys and continuing to connect to hosts with invalid/changed hostkeys. The latter behaviour is quite dangerous since it removes most of the protections the SSH protocol is supposed to provide. Quite a few users want to automatically learn hostkeys however, so this makes that feature available with less danger. At some point in the future, StrictModes=no will change to be a synonym for accept-new, with its current behaviour remaining available via StrictModes=off. bz#2400, suggested by Michael Samuel; ok markus
Revision 1.122 / (download) - annotate - [select for diffs], Tue May 30 18:58:37 2017 UTC (7 years ago) by bluhm
Branch: MAIN
Changes since 1.121: +2 -1 lines
Diff to previous 1.121 (colored)
Add RemoteCommand option to specify a command in the ssh config file instead of giving it on the client's command line. This command will be executed on the remote host. The feature allows to automate tasks using ssh config. OK markus@
Revision 1.121 / (download) - annotate - [select for diffs], Sun Apr 30 23:18:22 2017 UTC (7 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.120: +1 -6 lines
Diff to previous 1.120 (colored)
remove SSHv1 configuration options and man pages bits ok markus@
Revision 1.120 / (download) - annotate - [select for diffs], Sun Apr 30 23:15:04 2017 UTC (7 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.119: +1 -2 lines
Diff to previous 1.119 (colored)
remove SSHv1 ciphers; ok markus@
Revision 1.119 / (download) - annotate - [select for diffs], Sun Apr 30 23:11:45 2017 UTC (7 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.118: +1 -2 lines
Diff to previous 1.118 (colored)
remove options.protocol and client Protocol configuration knob ok markus@
Revision 1.118 / (download) - annotate - [select for diffs], Fri Apr 28 03:20:27 2017 UTC (7 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.117: +2 -1 lines
Diff to previous 1.117 (colored)
Add SyslogFacility option to ssh(1) matching the equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok djm@
Revision 1.117 / (download) - annotate - [select for diffs], Fri Jul 15 00:24:30 2016 UTC (7 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.116: +7 -1 lines
Diff to previous 1.116 (colored)
Add a ProxyJump ssh_config(5) option and corresponding -J ssh(1) command-line flag to allow simplified indirection through a SSH bastion or "jump host". These options construct a proxy command that connects to the specified jump host(s) (more than one may be specified) and uses port-forwarding to establish a connection to the next destination. This codifies the safest way of indirecting connections through SSH servers and makes it easy to use. ok markus@
Revision 1.116 / (download) - annotate - [select for diffs], Fri Jun 3 03:14:41 2016 UTC (8 years ago) by dtucker
Branch: MAIN
Changes since 1.115: +5 -1 lines
Diff to previous 1.115 (colored)
Move the host and port used by ssh -W into the Options struct. This will make future changes a bit easier. ok djm@
Revision 1.115 / (download) - annotate - [select for diffs], Wed May 4 12:21:53 2016 UTC (8 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.114: +2 -1 lines
Diff to previous 1.114 (colored)
IdentityAgent for specifying specific agent sockets; ok djm@
Revision 1.114 / (download) - annotate - [select for diffs], Fri Apr 15 00:30:19 2016 UTC (8 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.113: +2 -1 lines
Diff to previous 1.113 (colored)
Include directive for ssh_config(5); feedback & ok markus@
Revision 1.113 / (download) - annotate - [select for diffs], Thu Jan 14 16:17:40 2016 UTC (8 years, 4 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.112: +1 -3 lines
Diff to previous 1.112 (colored)
remove roaming support; ok djm@
Revision 1.112 / (download) - annotate - [select for diffs], Sun Nov 15 22:26:49 2015 UTC (8 years, 6 months ago) by jcs
Branch: MAIN
Changes since 1.111: +3 -1 lines
Diff to previous 1.111 (colored)
Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@
Revision 1.111 / (download) - annotate - [select for diffs], Thu Sep 24 06:15:11 2015 UTC (8 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.110: +7 -1 lines
Diff to previous 1.110 (colored)
add ssh_config CertificateFile option to explicitly list a certificate; patch from Meghana Bhat on bz#2436; ok markus@
Revision 1.110 / (download) - annotate - [select for diffs], Fri Jul 10 06:21:53 2015 UTC (8 years, 11 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.109: +3 -2 lines
Diff to previous 1.109 (colored)
Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@
Revision 1.109 / (download) - annotate - [select for diffs], Mon Feb 16 22:13:32 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.108: +6 -2 lines
Diff to previous 1.108 (colored)
Revise hostkeys@openssh.com hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
Revision 1.108 / (download) - annotate - [select for diffs], Fri Jan 30 11:43:14 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.107: +3 -1 lines
Diff to previous 1.107 (colored)
Add a ssh_config HostbasedKeyType option to control which host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
Revision 1.107 / (download) - annotate - [select for diffs], Mon Jan 26 03:04:45 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.106: +4 -2 lines
Diff to previous 1.106 (colored)
Host key rotation support. Add a hostkeys@openssh.com protocol extension (global request) for a server to inform a client of all its available host key after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default on). ok markus@
Revision 1.106 / (download) - annotate - [select for diffs], Thu Jan 15 09:40:00 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.105: +2 -2 lines
Diff to previous 1.105 (colored)
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
Revision 1.105 / (download) - annotate - [select for diffs], Sun Dec 21 22:27:56 2014 UTC (9 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.104: +3 -1 lines
Diff to previous 1.104 (colored)
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
Revision 1.104 / (download) - annotate - [select for diffs], Thu Dec 4 02:24:32 2014 UTC (9 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.103: +3 -1 lines
Diff to previous 1.103 (colored)
add RevokedHostKeys option for the client Allow textfile or KRL-based revocation of hostkeys.
Revision 1.103 / (download) - annotate - [select for diffs], Wed Oct 8 22:20:25 2014 UTC (9 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.102: +6 -4 lines
Diff to previous 1.102 (colored)
Tweak config reparsing with host canonicalisation Make the second pass through the config files always run when hostname canonicalisation is enabled. Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T" Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored). bz#2267 bz#2286; ok markus
Revision 1.102 / (download) - annotate - [select for diffs], Tue Jul 15 15:54:14 2014 UTC (9 years, 10 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.101: +8 -17 lines
Diff to previous 1.101 (colored)
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
Revision 1.101 / (download) - annotate - [select for diffs], Sun Feb 23 20:11:36 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.100: +3 -1 lines
Diff to previous 1.100 (colored)
reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes the hostname. This allows users to write configurations that always refer to canonical hostnames, e.g. CanonicalizeHostname yes CanonicalDomains int.example.org example.org CanonicalizeFallbackLocal no Host *.int.example.org Compression off Host *.example.org User djm ok markus@
Revision 1.100 / (download) - annotate - [select for diffs], Wed Jan 29 06:18:35 2014 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.99: +1 -2 lines
Diff to previous 1.99 (colored)
remove experimental, never-enabled JPAKE code; ok markus@
Revision 1.99 / (download) - annotate - [select for diffs], Wed Oct 16 22:49:38 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.98: +4 -4 lines
Diff to previous 1.98 (colored)
s/canonicalise/canonicalize/ for consistency with existing spelling, e.g. authorized_keys; pointed out by naddy@
Revision 1.98 / (download) - annotate - [select for diffs], Wed Oct 16 02:31:46 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.97: +20 -2 lines
Diff to previous 1.97 (colored)
Implement client-side hostname canonicalisation to allow an explicit search path of domain suffixes to use to convert unqualified host names to fully-qualified ones for host key matching. This is particularly useful for host certificates, which would otherwise need to list unqualified names alongside fully-qualified ones (and this causes a number of problems). "looks fine" markus@
Revision 1.97 / (download) - annotate - [select for diffs], Mon Oct 14 22:22:03 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.96: +6 -6 lines
Diff to previous 1.96 (colored)
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
Revision 1.96 / (download) - annotate - [select for diffs], Tue Aug 20 00:11:38 2013 UTC (10 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.95: +3 -1 lines
Diff to previous 1.95 (colored)
Add a ssh_config ProxyUseFDPass option that supports the use of ProxyCommands that establish a connection and then pass a connected file descriptor back to ssh(1). This allows the ProxyCommand to exit rather than have to shuffle data back and forth and enables ssh to use getpeername, etc. to obtain address information just like it does with regular directly-connected sockets. ok markus@
Revision 1.95 / (download) - annotate - [select for diffs], Thu May 16 04:27:50 2013 UTC (11 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.94: +3 -1 lines
Diff to previous 1.94 (colored)
add the ability to ignore specific unrecognised ssh_config options; bz#866; ok markus@
Revision 1.94 / (download) - annotate - [select for diffs], Thu May 16 02:00:34 2013 UTC (11 years ago) by dtucker
Branch: MAIN
Changes since 1.93: +2 -1 lines
Diff to previous 1.93 (colored)
Add an optional second argument to RekeyLimit in the client to allow rekeying based on elapsed time in addition to amount of traffic. with djm@ jmc@, ok djm
Revision 1.93 / (download) - annotate - [select for diffs], Fri Feb 22 04:45:09 2013 UTC (11 years, 3 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.92: +6 -2 lines
Diff to previous 1.92 (colored)
Don't complain if IdentityFiles specified in system-wide configs are missing. ok djm, deraadt.
Revision 1.92 / (download) - annotate - [select for diffs], Sun Feb 17 23:16:57 2013 UTC (11 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.91: +3 -1 lines
Diff to previous 1.91 (colored)
Keep track of which IndentityFile options were manually supplied and which were default options, and don't warn if the latter are missing. ok markus@
Revision 1.91 / (download) - annotate - [select for diffs], Fri Sep 23 07:45:05 2011 UTC (12 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.90: +2 -1 lines
Diff to previous 1.90 (colored)
unbreak remote portforwarding with dynamic allocated listen ports: 1) send the actual listen port in the open message (instead of 0). this allows multiple forwardings with a dynamic listen port 2) update the matching permit-open entry, so we can identify where to connect to report: den at skbkontur.ru and P. Szczygielski feedback and ok djm@
Revision 1.90 / (download) - annotate - [select for diffs], Tue May 24 07:15:47 2011 UTC (13 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.89: +7 -6 lines
Diff to previous 1.89 (colored)
Remove undocumented legacy options UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile accept multiple paths per line and making their defaults include known_hosts2; ok markus
Revision 1.89 / (download) - annotate - [select for diffs], Fri May 6 21:34:32 2011 UTC (13 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.88: +7 -1 lines
Diff to previous 1.88 (colored)
Add a RequestTTY ssh_config option to allow configuration-based control over tty allocation (like -t/-T); ok markus@
Revision 1.88 / (download) - annotate - [select for diffs], Sat Nov 13 23:27:50 2010 UTC (13 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.87: +3 -1 lines
Diff to previous 1.87 (colored)
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Revision 1.87 / (download) - annotate - [select for diffs], Wed Sep 22 05:01:29 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.86: +2 -1 lines
Diff to previous 1.86 (colored)
add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@
Revision 1.86 / (download) - annotate - [select for diffs], Mon Jul 19 09:15:12 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.85: +3 -1 lines
Diff to previous 1.85 (colored)
add a "ControlPersist" option that automatically starts a background ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but further hacked on by wmertens AT cisco.com, apb AT cequrux.com, martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
Revision 1.85 / (download) - annotate - [select for diffs], Fri Jun 25 23:15:36 2010 UTC (13 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.84: +2 -1 lines
Diff to previous 1.84 (colored)
Add X11ForwardTimeout option to specify timeout for untrusted X11 authentication cookies to avoid fallback in X11 code to fully-trusted implicit authentication using SO_PEERCRED described at: http://lists.x.org/archives/xorg-devel/2010-May/008636.html After the X11ForwardTimeout has expired the client will now refuse incoming X11 channel opens. based on patch from Tavis Ormandy; "nice" markus@
Revision 1.84 / (download) - annotate - [select for diffs], Fri Jun 25 07:14:46 2010 UTC (13 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.83: +3 -3 lines
Diff to previous 1.83 (colored)
bz#1327: remove hardcoded limit of 100 permitopen clauses and port forwards per direction; ok markus@ stevesk@
Revision 1.83 / (download) - annotate - [select for diffs], Sun May 16 12:55:51 2010 UTC (14 years ago) by markus
Branch: MAIN
Changes since 1.82: +2 -1 lines
Diff to previous 1.82 (colored)
mux support for remote forwarding with dynamic port allocation, use with LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` feedback and ok djm@
Revision 1.82 / (download) - annotate - [select for diffs], Mon Feb 8 10:50:20 2010 UTC (14 years, 4 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.81: +2 -2 lines
Diff to previous 1.81 (colored)
replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev
Revision 1.81 / (download) - annotate - [select for diffs], Sat Jan 9 23:04:13 2010 UTC (14 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.80: +0 -2 lines
Diff to previous 1.80 (colored)
Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
Revision 1.80 / (download) - annotate - [select for diffs], Wed Oct 28 16:38:18 2009 UTC (14 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.79: +3 -1 lines
Diff to previous 1.79 (colored)
Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
Revision 1.79 / (download) - annotate - [select for diffs], Sat Jun 27 09:35:06 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.78: +3 -1 lines
Diff to previous 1.78 (colored)
Add client option UseRoaming. It doesn't do anything yet but will control whether the client tries to use roaming if enabled on the server. From Martin Forssen. ok markus@
Revision 1.78 / (download) - annotate - [select for diffs], Thu Feb 12 03:00:56 2009 UTC (15 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.77: +2 -2 lines
Diff to previous 1.77 (colored)
support remote port forwarding with a zero listen port (-R0:...) to dyamically allocate a listen port at runtime (this is actually specified in rfc4254); bz#1003 ok markus@
Revision 1.77 / (download) - annotate - [select for diffs], Thu Jan 22 10:02:34 2009 UTC (15 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.76: +3 -3 lines
Diff to previous 1.76 (colored)
make a2port() return -1 when it encounters an invalid port number rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@
Revision 1.76 / (download) - annotate - [select for diffs], Tue Nov 4 08:22:13 2008 UTC (15 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.75: +2 -1 lines
Diff to previous 1.75 (colored)
Add support for an experimental zero-knowledge password authentication method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
Revision 1.75 / (download) - annotate - [select for diffs], Sat Nov 1 17:40:33 2008 UTC (15 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.74: +2 -2 lines
Diff to previous 1.74 (colored)
merge dynamic forward parsing into parse_forward(); 'i think this is OK' djm@
Revision 1.74 / (download) - annotate - [select for diffs], Thu Jun 26 11:46:31 2008 UTC (15 years, 11 months ago) by grunk
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.73: +2 -5 lines
Diff to previous 1.73 (colored)
Move SSH Fingerprint Visualization away from sharing the config option CheckHostIP to an own config option named VisualHostKey. While there, fix the behaviour that ssh would draw a random art picture on every newly seen host even when the option was not enabled. prodded by deraadt@, discussions, help and ok markus@ djm@ dtucker@
Revision 1.73 / (download) - annotate - [select for diffs], Wed Jun 11 21:01:35 2008 UTC (16 years ago) by grunk
Branch: MAIN
Changes since 1.72: +5 -1 lines
Diff to previous 1.72 (colored)
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the graphical hash visualization schemes known as "random art", and by Dan Kaminsky's musings on the subject during a BlackOp talk at the 23C3 in Berlin. Scientific publication (original paper): "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf The algorithm used here is a worm crawling over a discrete plane, leaving a trace (augmenting the field) everywhere it goes. Movement is taken from dgst_raw 2bit-wise. Bumping into walls makes the respective movement vector be ignored for this turn, thus switching to the other color of the chessboard. Graphs are not unambiguous for now, because circles in graphs can be walked in either direction. discussions with several people, help, corrections and ok markus@ djm@
Revision 1.72 / (download) - annotate - [select for diffs], Sat Jan 19 23:09:49 2008 UTC (16 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.71: +2 -2 lines
Diff to previous 1.71 (colored)
promote rekeylimit to a int64 so it can hold the maximum useful limit of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
Revision 1.67.2.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:33 2006 UTC (17 years, 8 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.67.2.1: +2 -3 lines
Diff to previous 1.67.2.1 (colored) to branchpoint 1.67 (colored) next main 1.68 (colored)
upgrade to OpenSSH 4.4
Revision 1.68.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:51 2006 UTC (17 years, 8 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.68: +2 -3 lines
Diff to previous 1.68 (colored) next main 1.69 (colored)
upgrade to OpenSSH 4.4
Revision 1.71 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.70: +1 -3 lines
Diff to previous 1.70 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.70 / (download) - annotate - [select for diffs], Tue Jul 11 18:50:48 2006 UTC (17 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.69: +2 -1 lines
Diff to previous 1.69 (colored)
add ExitOnForwardFailure: terminate the connection if ssh(1) cannot set up all requested dynamic, local, and remote port forwardings. ok djm, dtucker, stevesk, jmc
Revision 1.69 / (download) - annotate - [select for diffs], Sat Mar 25 22:22:43 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.68: +1 -1 lines
Diff to previous 1.68 (colored)
standardise spacing in $OpenBSD$ tags; requested by deraadt@
Revision 1.67.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:56 2006 UTC (18 years, 4 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.67: +9 -1 lines
Diff to previous 1.67 (colored)
upgrade to OpenSSH 4.3
Revision 1.66.2.2 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:44 2006 UTC (18 years, 4 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.66.2.1: +9 -1 lines
Diff to previous 1.66.2.1 (colored) to branchpoint 1.66 (colored) next main 1.67 (colored)
upgrade to OpenSSH 4.3
Revision 1.68 / (download) - annotate - [select for diffs], Tue Dec 6 22:38:27 2005 UTC (18 years, 6 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.67: +9 -1 lines
Diff to previous 1.67 (colored)
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
Revision 1.66.2.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:03 2005 UTC (18 years, 9 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.66: +6 -1 lines
Diff to previous 1.66 (colored)
upgrade to OpenSSH 4.2
Revision 1.64.2.2 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:00 2005 UTC (18 years, 9 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.64.2.1: +6 -1 lines
Diff to previous 1.64.2.1 (colored) to branchpoint 1.64 (colored) next main 1.65 (colored)
upgrade to OpenSSH 4.2
Revision 1.67 / (download) - annotate - [select for diffs], Wed Jun 8 11:25:09 2005 UTC (19 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_8
Changes since 1.66: +6 -1 lines
Diff to previous 1.66 (colored)
add ControlMaster=auto/autoask options to support opportunistic multiplexing; tested avsm@ and jakob@, ok markus@
Revision 1.60.2.2 / (download) - annotate - [select for diffs], Thu Mar 10 17:15:04 2005 UTC (19 years, 3 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.60.2.1: +10 -6 lines
Diff to previous 1.60.2.1 (colored) to branchpoint 1.60 (colored) next main 1.61 (colored)
upgrade to OpenSSH 4.0
Revision 1.64.2.1 / (download) - annotate - [select for diffs], Thu Mar 10 16:28:27 2005 UTC (19 years, 3 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.64: +10 -6 lines
Diff to previous 1.64 (colored)
upgrade to OpenSSH 4.0
Revision 1.66 / (download) - annotate - [select for diffs], Tue Mar 1 10:40:27 2005 UTC (19 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE
Branch point for: OPENBSD_3_7
Changes since 1.65: +3 -1 lines
Diff to previous 1.65 (colored)
add support for hashing host names and addresses added to known_hosts files, to improve privacy of which hosts user have been visiting; ok markus@ deraadt@
Revision 1.65 / (download) - annotate - [select for diffs], Tue Mar 1 10:09:52 2005 UTC (19 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.64: +8 -6 lines
Diff to previous 1.64 (colored)
bz#413: allow optional specification of bind address for port forwardings. Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports. ok markus@
Revision 1.55.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:31 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.55.2.1: +12 -3 lines
Diff to previous 1.55.2.1 (colored) to branchpoint 1.55 (colored) next main 1.56 (colored)
upgrade to OpenSSH 3.9
Revision 1.60.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:27 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.60: +11 -3 lines
Diff to previous 1.60 (colored)
upgrade to OpenSSH 3.9
Revision 1.64 / (download) - annotate - [select for diffs], Sun Jul 11 17:48:47 2004 UTC (19 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.63: +2 -2 lines
Diff to previous 1.63 (colored)
spaces
Revision 1.63 / (download) - annotate - [select for diffs], Sun Jun 13 15:03:02 2004 UTC (20 years ago) by djm
Branch: MAIN
Changes since 1.62: +4 -1 lines
Diff to previous 1.62 (colored)
implement session multiplexing in the client (the server has supported this since 2.0); ok markus@
Revision 1.62 / (download) - annotate - [select for diffs], Tue Apr 27 09:46:37 2004 UTC (20 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.61: +6 -1 lines
Diff to previous 1.61 (colored)
bz #815: implement ability to pass specified environment variables from the client to the server; ok markus@
Revision 1.61 / (download) - annotate - [select for diffs], Sun Apr 18 23:10:26 2004 UTC (20 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (colored)
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions
Revision 1.60 / (download) - annotate - [select for diffs], Fri Mar 5 10:53:58 2004 UTC (20 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.59: +2 -1 lines
Diff to previous 1.59 (colored)
add IdentitiesOnly; ok djm@, pb@
Revision 1.44.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:16 2004 UTC (20 years, 3 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.44.2.1: +6 -3 lines
Diff to previous 1.44.2.1 (colored) to branchpoint 1.44 (colored) next main 1.45 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.55.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:33 2004 UTC (20 years, 3 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.55: +6 -3 lines
Diff to previous 1.55 (colored)
upgrade to OpenSSH 3.8
Revision 1.59 / (download) - annotate - [select for diffs], Tue Dec 16 15:49:51 2003 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.58: +3 -1 lines
Diff to previous 1.58 (colored)
application layer keep alive (ServerAliveInterval ServerAliveCountMax) for ssh(1), similar to the sshd(8) option; ok beck@; with help from jmc and dtucker@
Revision 1.58 / (download) - annotate - [select for diffs], Tue Dec 9 21:53:36 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.57: +2 -2 lines
Diff to previous 1.57 (colored)
rename keepalive to tcpkeepalive; the old name causes too much confusion; ok djm, dtucker; with help from jmc@
Revision 1.57 / (download) - annotate - [select for diffs], Fri Nov 21 11:57:03 2003 UTC (20 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)
unexpand and delete whitespace at EOL; ok markus@
Revision 1.56 / (download) - annotate - [select for diffs], Sat Oct 11 08:24:08 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.55: +2 -1 lines
Diff to previous 1.55 (colored)
remote x11 clients are now untrusted by default, uses xauth(8) to generate untrusted cookies; ForwardX11Trusted=yes restores old behaviour. ok deraadt; feedback and ok djm/fries
Revision 1.43.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:26 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.43.2.1: +8 -11 lines
Diff to previous 1.43.2.1 (colored) to branchpoint 1.43 (colored) next main 1.44 (colored)
upgrade to OpenSSH 3.7
Revision 1.44.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:43 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.44: +8 -11 lines
Diff to previous 1.44 (colored)
upgrade to OpenSSH 3.7
Revision 1.55 / (download) - annotate - [select for diffs], Mon Sep 1 18:15:50 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.54: +1 -3 lines
Diff to previous 1.54 (colored)
remove unused kerberos code; ok henning@
Revision 1.54 / (download) - annotate - [select for diffs], Fri Aug 22 10:56:09 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.53: +3 -1 lines
Diff to previous 1.53 (colored)
support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
Revision 1.53 / (download) - annotate - [select for diffs], Wed Aug 13 08:46:30 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.52: +1 -2 lines
Diff to previous 1.52 (colored)
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others
Revision 1.52 / (download) - annotate - [select for diffs], Tue Jul 22 13:35:22 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.51: +1 -2 lines
Diff to previous 1.51 (colored)
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@
Revision 1.51 / (download) - annotate - [select for diffs], Thu Jul 3 08:09:06 2003 UTC (20 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.50: +2 -1 lines
Diff to previous 1.50 (colored)
fix AddressFamily option in config file, from brent@graveland.net; ok markus@
Revision 1.50 / (download) - annotate - [select for diffs], Thu May 15 14:55:25 2003 UTC (21 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.49: +3 -1 lines
Diff to previous 1.49 (colored)
add a ConnectTimeout option to ssh, based on patch from Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
Revision 1.49 / (download) - annotate - [select for diffs], Thu May 15 01:48:10 2003 UTC (21 years, 1 month ago) by jakob
Branch: MAIN
Changes since 1.48: +1 -7 lines
Diff to previous 1.48 (colored)
always parse kerberos options. ok djm@ markus@
Revision 1.48 / (download) - annotate - [select for diffs], Wed May 14 18:16:20 2003 UTC (21 years, 1 month ago) by jakob
Branch: MAIN
Changes since 1.47: +2 -1 lines
Diff to previous 1.47 (colored)
add experimental support for verifying hos keys using DNS as described in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
Revision 1.42.2.2 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:17 2003 UTC (21 years, 2 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.42.2.1: +3 -1 lines
Diff to previous 1.42.2.1 (colored) to branchpoint 1.42 (colored) next main 1.43 (colored)
Merge OpenSSH 3.6.1
Revision 1.47 / (download) - annotate - [select for diffs], Wed Apr 2 09:48:07 2003 UTC (21 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.46: +2 -1 lines
Diff to previous 1.46 (colored)
reapply rekeying chage, tested by henning@, ok djm@
Revision 1.46 / (download) - annotate - [select for diffs], Tue Apr 1 10:22:21 2003 UTC (21 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.45: +1 -2 lines
Diff to previous 1.45 (colored)
backout rekeying changes (for 3.6.1)
Revision 1.45 / (download) - annotate - [select for diffs], Tue Apr 1 10:10:23 2003 UTC (21 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.44: +2 -1 lines
Diff to previous 1.44 (colored)
rekeying bugfixes and automatic rekeying: * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying
Revision 1.43.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:14 2003 UTC (21 years, 2 months ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.43: +3 -1 lines
Diff to previous 1.43 (colored)
Update to OpenSSH 3.6
Revision 1.44 / (download) - annotate - [select for diffs], Thu Nov 7 22:08:07 2002 UTC (21 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.43: +3 -1 lines
Diff to previous 1.43 (colored)
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
Revision 1.42.2.1 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:38 2002 UTC (21 years, 11 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.42: +1 -3 lines
Diff to previous 1.42 (colored)
Pull in OpenSSH-3.4
Revision 1.40.2.3 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:17 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.40.2.2: +1 -3 lines
Diff to previous 1.40.2.2 (colored) to branchpoint 1.40 (colored) next main 1.41 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.43 / (download) - annotate - [select for diffs], Sat Jun 8 05:17:01 2002 UTC (22 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.42: +1 -3 lines
Diff to previous 1.42 (colored)
deprecate FallBackToRsh and UseRsh; patch from djm@
Revision 1.30.2.3 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:44 2002 UTC (22 years, 3 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.30.2.2: +2 -2 lines
Diff to previous 1.30.2.2 (colored) to branchpoint 1.30 (colored) next main 1.31 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.22.2.7 / (download) - annotate - [select for diffs], Fri Mar 8 17:04:42 2002 UTC (22 years, 3 months ago) by brad
Branch: OPENBSD_2_8
Changes since 1.22.2.6: +2 -2 lines
Diff to previous 1.22.2.6 (colored) to branchpoint 1.22 (colored) next main 1.23 (colored)
Merge OpenSSH 3.1.
Revision 1.40.2.2 / (download) - annotate - [select for diffs], Fri Mar 8 15:17:18 2002 UTC (22 years, 3 months ago) by brad
Branch: OPENBSD_3_0
Changes since 1.40.2.1: +2 -2 lines
Diff to previous 1.40.2.1 (colored) to branchpoint 1.40 (colored)
apply the necessary openbsd30_3.1.patch patch. -- Ok'd by markus@
Revision 1.40.2.1 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:47 2002 UTC (22 years, 3 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.40: +3 -3 lines
Diff to previous 1.40 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.42 / (download) - annotate - [select for diffs], Mon Mar 4 17:27:39 2002 UTC (22 years, 3 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)
$OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
Revision 1.41 / (download) - annotate - [select for diffs], Sun Feb 10 01:07:05 2002 UTC (22 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)
more /etc/ssh; openbsd@davidkrause.com
Revision 1.30.2.2 / (download) - annotate - [select for diffs], Thu Nov 15 00:15:19 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.30.2.1: +2 -1 lines
Diff to previous 1.30.2.1 (colored) to branchpoint 1.30 (colored)
Merge OpenSSH 3.0
Revision 1.22.2.6 / (download) - annotate - [select for diffs], Thu Nov 15 00:14:59 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.22.2.5: +2 -1 lines
Diff to previous 1.22.2.5 (colored) to branchpoint 1.22 (colored)
Merge OpenSSH 3.0
Revision 1.40 / (download) - annotate - [select for diffs], Mon Oct 1 21:51:16 2001 UTC (22 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.39: +2 -1 lines
Diff to previous 1.39 (colored)
add NoHostAuthenticationForLocalhost; note that the hostkey is now check for localhost, too.
Revision 1.30.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:55 2001 UTC (22 years, 8 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.30: +18 -53 lines
Diff to previous 1.30 (colored)
Pull in OpenSSH-2.9.9
Revision 1.22.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:42 2001 UTC (22 years, 8 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.22.2.4: +18 -53 lines
Diff to previous 1.22.2.4 (colored) to branchpoint 1.22 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.39 / (download) - annotate - [select for diffs], Wed Sep 19 19:24:18 2001 UTC (22 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.38: +2 -1 lines
Diff to previous 1.38 (colored)
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
Revision 1.38 / (download) - annotate - [select for diffs], Mon Sep 3 20:58:33 2001 UTC (22 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
fatal() for nonexistent -Fssh_config. ok markus@
Revision 1.37 / (download) - annotate - [select for diffs], Wed Aug 1 22:03:33 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored)
use strings instead of ints for smartcard reader ids
Revision 1.36 / (download) - annotate - [select for diffs], Tue Jul 31 09:28:44 2001 UTC (22 years, 10 months ago) by jakob
Branch: MAIN
Changes since 1.35: +2 -1 lines
Diff to previous 1.35 (colored)
add 'SmartcardDevice' client option to specify which smartcard device is used to access a smartcard used for storing the user's private RSA key. ok markus@.
Revision 1.35 / (download) - annotate - [select for diffs], Tue Jun 26 17:27:24 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.34: +7 -41 lines
Diff to previous 1.34 (colored)
remove comments from .h, since they are cut&paste from the .c files and out of sync
Revision 1.34 / (download) - annotate - [select for diffs], Tue Jun 26 16:15:24 2001 UTC (22 years, 11 months ago) by dugsong
Branch: MAIN
Changes since 1.33: +6 -5 lines
Diff to previous 1.33 (colored)
Kerberos v5 support for SSH1, mostly from Assar Westerlund <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
Revision 1.33 / (download) - annotate - [select for diffs], Tue Jun 26 06:32:58 2001 UTC (22 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.32: +7 -12 lines
Diff to previous 1.32 (colored)
prototype pedant. not very creative... - () -> (void) - no variable names
Revision 1.32 / (download) - annotate - [select for diffs], Fri May 18 14:13:29 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)
improved kbd-interactive support. work by per@appgate.com and me
Revision 1.22.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:32 2001 UTC (23 years, 1 month ago) by jason
Branch: OPENBSD_2_8
Changes since 1.22.2.3: +3 -1 lines
Diff to previous 1.22.2.3 (colored) to branchpoint 1.22 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.31 / (download) - annotate - [select for diffs], Mon Apr 30 11:18:52 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.30: +2 -1 lines
Diff to previous 1.30 (colored)
implement 'ssh -b bind_address' like 'telnet -b'
Revision 1.30 / (download) - annotate - [select for diffs], Tue Apr 17 10:53:25 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.29: +2 -1 lines
Diff to previous 1.29 (colored)
add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
Revision 1.29 / (download) - annotate - [select for diffs], Thu Apr 12 19:15:25 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.28: +2 -1 lines
Diff to previous 1.28 (colored)
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
Revision 1.22.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:27 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.22.2.2: +5 -2 lines
Diff to previous 1.22.2.2 (colored) to branchpoint 1.22 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.18.2.5 / (download) - annotate - [select for diffs], Wed Mar 21 18:52:57 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.18.2.4: +5 -2 lines
Diff to previous 1.18.2.4 (colored) to branchpoint 1.18 (colored) next main 1.19 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.18.2.4 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:13 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.18.2.3: +8 -6 lines
Diff to previous 1.18.2.3 (colored) to branchpoint 1.18 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.28 / (download) - annotate - [select for diffs], Sat Mar 10 17:51:04 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.27: +2 -1 lines
Diff to previous 1.27 (colored)
add PreferredAuthentications
Revision 1.27 / (download) - annotate - [select for diffs], Thu Mar 8 21:42:32 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.26: +4 -2 lines
Diff to previous 1.26 (colored)
implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key -> no need to do enter passphrase or do expensive sign operations if the server does not accept key).
Revision 1.22.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:19:13 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.22.2.1: +0 -0 lines
Diff to previous 1.22.2.1 (colored) to branchpoint 1.22 (colored)
Pull in OpenSSH-2.5.1
Revision 1.22.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:13:10 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.22: +8 -6 lines
Diff to previous 1.22 (colored)
Pull in OpenSSH 2.5.0
Revision 1.26 / (download) - annotate - [select for diffs], Sun Feb 11 12:59:25 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored)
1) clean up the MAC support for SSH-2 2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@
Revision 1.25 / (download) - annotate - [select for diffs], Mon Jan 22 23:06:39 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.24: +3 -2 lines
Diff to previous 1.24 (colored)
rename skey -> challenge response. auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
Revision 1.24 / (download) - annotate - [select for diffs], Wed Dec 27 12:30:20 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.23: +2 -1 lines
Diff to previous 1.23 (colored)
new option: HostKeyAlias: allows the user to record the host key under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine.
Revision 1.23 / (download) - annotate - [select for diffs], Sun Nov 12 19:50:37 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.22: +4 -5 lines
Diff to previous 1.22 (colored)
add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
Revision 1.18.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 21:31:07 2000 UTC (23 years, 7 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.18.2.2: +8 -8 lines
Diff to previous 1.18.2.2 (colored) to branchpoint 1.18 (colored)
openssh-2.3.0 (again) for 2.7 branch
Revision 1.22 / (download) - annotate - [select for diffs], Wed Oct 11 20:14:39 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.21: +3 -1 lines
Diff to previous 1.21 (colored)
add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me
Revision 1.21 / (download) - annotate - [select for diffs], Thu Sep 7 20:27:53 2000 UTC (23 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.20: +6 -8 lines
Diff to previous 1.20 (colored)
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
Revision 1.18.2.2 / (download) - annotate - [select for diffs], Fri Sep 1 18:23:21 2000 UTC (23 years, 9 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.18.2.1: +1 -1 lines
Diff to previous 1.18.2.1 (colored) to branchpoint 1.18 (colored)
Pull in the rest of openssh-2.2.0 to 2.7 branch (luvin' cvs...)
Revision 1.20 / (download) - annotate - [select for diffs], Tue Jun 20 01:39:43 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.19: +1 -1 lines
Diff to previous 1.19 (colored)
OpenBSD tag
Revision 1.18.2.1 / (download) - annotate - [select for diffs], Mon Jun 12 02:37:34 2000 UTC (24 years ago) by jason
Branch: OPENBSD_2_7
Changes since 1.18: +2 -1 lines
Diff to previous 1.18 (colored)
lovin' CVS... update patch branch to OpenSSH-2.1.1
Revision 1.19 / (download) - annotate - [select for diffs], Wed May 31 06:36:40 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.18: +2 -1 lines
Diff to previous 1.18 (colored)
xauth_location support; pr 1234
Revision 1.18 / (download) - annotate - [select for diffs], Mon May 8 17:12:15 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE
Branch point for: OPENBSD_2_7
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
Revision 1.17 / (download) - annotate - [select for diffs], Sat May 6 17:45:36 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.16: +2 -1 lines
Diff to previous 1.16 (colored)
add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
Revision 1.16 / (download) - annotate - [select for diffs], Wed Apr 26 20:56:29 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.15: +5 -1 lines
Diff to previous 1.15 (colored)
add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX] for trading keys with the real and the original SSH, directly from the people who invented the SSH protocol.
Revision 1.15 / (download) - annotate - [select for diffs], Fri Apr 14 10:30:32 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.14: +11 -11 lines
Diff to previous 1.14 (colored)
whitespace cleanup
Revision 1.14 / (download) - annotate - [select for diffs], Wed Apr 12 07:45:44 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.13: +3 -1 lines
Diff to previous 1.13 (colored)
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
Revision 1.13 / (download) - annotate - [select for diffs], Wed Dec 1 13:59:15 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.12: +8 -8 lines
Diff to previous 1.12 (colored)
ports are u_short
Revision 1.12 / (download) - annotate - [select for diffs], Wed Nov 24 19:53:49 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.11: +29 -18 lines
Diff to previous 1.11 (colored)
KNF, final part 3
Revision 1.11 / (download) - annotate - [select for diffs], Wed Nov 24 00:26:02 1999 UTC (24 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.10: +88 -81 lines
Diff to previous 1.10 (colored)
much more KNF
Revision 1.10 / (download) - annotate - [select for diffs], Mon Nov 22 21:52:41 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.9: +2 -1 lines
Diff to previous 1.9 (colored)
tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@
Revision 1.9 / (download) - annotate - [select for diffs], Sun Nov 14 21:45:07 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.8: +4 -3 lines
Diff to previous 1.8 (colored)
print _all_ bad config-options in ssh(1), too
Revision 1.8 / (download) - annotate - [select for diffs], Wed Nov 10 23:36:44 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)
add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd, obsoletes QuietMode and FascistLogging in sshd.
Revision 1.7 / (download) - annotate - [select for diffs], Tue Oct 12 21:04:22 1999 UTC (24 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored)
-P/UsePrivilegedPort from 1.2.27, it turns of allocation of priv. port and disabled rhosts/rhosts-rsa, ok deraadt@
Revision 1.6 / (download) - annotate - [select for diffs], Wed Oct 6 20:07:42 1999 UTC (24 years, 8 months ago) by dugsong
Branch: MAIN
Changes since 1.5: +2 -1 lines
Diff to previous 1.5 (colored)
implement client NumberOfPasswordPrompts option
Revision 1.5 / (download) - annotate - [select for diffs], Sun Oct 3 21:50:03 1999 UTC (24 years, 8 months ago) by provos
Branch: MAIN
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)
add code to detect DNS spoofing: the main idea is to not only store the host key for the hostname but also for the according IP address. When we check the host key in the known_hosts file, we also check the key against the according IP address. When the server key changes, host_status = HOST_CHANGED. If check_host_in_hostfile() returns differing status for the IP address that means that either DNS was spoofed or that the IP address for the host and the host key changed at the same time.
Revision 1.4 / (download) - annotate - [select for diffs], Thu Sep 30 05:03:05 1999 UTC (24 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +1 -3 lines
Diff to previous 1.3 (colored)
cull more ancient garbage from pre-POSIX days
Revision 1.3 / (download) - annotate - [select for diffs], Wed Sep 29 18:16:20 1999 UTC (24 years, 8 months ago) by dugsong
Branch: MAIN
Changes since 1.2: +2 -4 lines
Diff to previous 1.2 (colored)
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
Revision 1.2 / (download) - annotate - [select for diffs], Wed Sep 29 00:10:16 1999 UTC (24 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.1: +2 -1 lines
Diff to previous 1.1 (colored)
GatewayPorts and ssh -g; markus.friedl@informatik.uni-erlangen.de
Revision 1.1 / (download) - annotate - [select for diffs], Sun Sep 26 20:53:37 1999 UTC (24 years, 8 months ago) by deraadt
Branch: MAIN
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.