![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.161 / (download) - annotate - [select for diffs], Fri May 17 00:30:24 2024 UTC (4 hours, 11 minutes ago) by djm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.160: +4 -9 lines
Diff to previous 1.160 (colored)
Start the process of splitting sshd into separate binaries. This step splits sshd into a listener and a session binary. More splits are planned. After this changes, the listener binary will validate the configuration, load the hostkeys, listen on port 22 and manage MaxStartups only. All session handling will be performed by a new sshd-session binary that the listener fork+execs. This reduces the listener process to the minimum necessary and sets us up for future work on the sshd-session binary. feedback/ok markus@ deraadt@ NB. if you're updating via source, please restart sshd after installing, otherwise you run the risk of locking yourself out.
Revision 1.160 / (download) - annotate - [select for diffs], Wed Sep 6 23:35:35 2023 UTC (8 months, 1 week ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.159: +8 -6 lines
Diff to previous 1.159 (colored)
allow override of Sybsystem directives in sshd Match blocks
Revision 1.159 / (download) - annotate - [select for diffs], Tue Jan 17 09:44:48 2023 UTC (15 months, 4 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.158: +3 -1 lines
Diff to previous 1.158 (colored)
Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@
Revision 1.158 / (download) - annotate - [select for diffs], Fri Jan 6 02:47:19 2023 UTC (16 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.157: +6 -1 lines
Diff to previous 1.157 (colored)
Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker
Revision 1.157 / (download) - annotate - [select for diffs], Sat Sep 17 10:34:29 2022 UTC (19 months, 4 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.156: +2 -1 lines
Diff to previous 1.156 (colored)
Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@
Revision 1.156 / (download) - annotate - [select for diffs], Fri Mar 18 04:04:11 2022 UTC (2 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.155: +2 -2 lines
Diff to previous 1.155 (colored)
don't try to resolve ListenAddress directives in the sshd re-exec path - we're never going to use the result and if the operation fails then it can prevent connections from being accepted. Reported by Aaron Poffenberger; with / ok dtucker@
Revision 1.155 / (download) - annotate - [select for diffs], Fri Jul 2 05:11:21 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.154: +1 -2 lines
Diff to previous 1.154 (colored)
Remove references to ChallengeResponseAuthentication in favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but not entirely equivalent. We retain the old name as deprecated alias so config files continue to work and a reference in the man page for people looking for it. Prompted by bz#3303 which pointed out the discrepancy between the two when used with Match. Man page help & ok jmc@, with & ok djm@
Revision 1.154 / (download) - annotate - [select for diffs], Sat Apr 3 06:18:40 2021 UTC (3 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.153: +4 -4 lines
Diff to previous 1.153 (colored)
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
Revision 1.153 / (download) - annotate - [select for diffs], Sat Apr 3 05:54:14 2021 UTC (3 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.152: +2 -2 lines
Diff to previous 1.152 (colored)
whitespace (tab after space)
Revision 1.152 / (download) - annotate - [select for diffs], Fri Mar 12 04:08:19 2021 UTC (3 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.151: +2 -1 lines
Diff to previous 1.151 (colored)
Add ModuliFile keyword to sshd_config to specify the location of the "moduli" file containing the groups for DH-GEX. This will allow us to run tests against arbitrary moduli files without having to install them. ok djm@
Revision 1.151 / (download) - annotate - [select for diffs], Tue Jan 26 05:32:21 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.150: +3 -3 lines
Diff to previous 1.150 (colored)
Rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@
Revision 1.150 / (download) - annotate - [select for diffs], Fri Jan 22 02:44:58 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.149: +3 -3 lines
Diff to previous 1.149 (colored)
Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
Revision 1.149 / (download) - annotate - [select for diffs], Sat Jan 9 12:10:02 2021 UTC (3 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.148: +4 -1 lines
Diff to previous 1.148 (colored)
Add PerSourceMaxStartups and PerSourceNetBlockSize options which provide more fine grained MaxStartups limits. Man page help jmc@, feedback & ok djm@
Revision 1.148 / (download) - annotate - [select for diffs], Thu Oct 29 03:13:06 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.147: +2 -1 lines
Diff to previous 1.147 (colored)
fix sshd_config SetEnv directive inside Match blocks; part of github PR#201 from github user manuelm
Revision 1.147 / (download) - annotate - [select for diffs], Fri Oct 16 13:26:13 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.146: +4 -1 lines
Diff to previous 1.146 (colored)
LogVerbose keyword for ssh and sshd Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@
Revision 1.146 / (download) - annotate - [select for diffs], Thu Aug 27 01:07:10 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.145: +3 -2 lines
Diff to previous 1.145 (colored)
support for requiring user verified FIDO keys in sshd This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it. feedback and ok markus@
Revision 1.145 / (download) - annotate - [select for diffs], Sun Jul 5 23:59:45 2020 UTC (3 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.144: +4 -4 lines
Diff to previous 1.144 (colored)
some language improvements; ok markus
Revision 1.144 / (download) - annotate - [select for diffs], Fri Apr 17 03:30:05 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.143: +6 -1 lines
Diff to previous 1.143 (colored)
make IgnoreRhosts a tri-state option: "yes" ignore rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@
Revision 1.143 / (download) - annotate - [select for diffs], Fri Jan 31 22:42:45 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.142: +16 -4 lines
Diff to previous 1.142 (colored)
Add a sshd_config "Include" directive to allow inclusion of files. This has sensible semantics wrt Match blocks and accepts glob(3) patterns to specify the included files. Based on patch by Jakub Jelen in bz2468; feedback and ok markus@
Revision 1.142 / (download) - annotate - [select for diffs], Sun Dec 15 18:57:30 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.141: +2 -1 lines
Diff to previous 1.141 (colored)
allow security keys to act as host keys as well as user keys. Previously we didn't do this because we didn't want to expose the attack surface presented by USB and FIDO protocol handling, but now that this is insulated behind ssh-sk-helper there is less risk. ok markus@
Revision 1.141 / (download) - annotate - [select for diffs], Mon Nov 25 00:52:46 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.140: +5 -1 lines
Diff to previous 1.140 (colored)
Add a sshd_config PubkeyAuthOptions directive This directive has a single valid option "no-touch-required" that causes sshd to skip checking whether user presence was tested before a security key signature was made (usually by the user touching the key). ok markus@
Revision 1.140 / (download) - annotate - [select for diffs], Thu Apr 18 18:56:16 2019 UTC (5 years ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.139: +3 -1 lines
Diff to previous 1.139 (colored)
When running sshd -T, assume any attibute not provided by -C does not match, which allows it to work when sshd_config contains a Match directive with or without -C. bz#2858, ok djm@
Revision 1.139 / (download) - annotate - [select for diffs], Sat Jan 19 21:37:48 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.138: +2 -2 lines
Diff to previous 1.138 (colored)
convert servconf.c to new packet API with & ok markus@
Revision 1.138 / (download) - annotate - [select for diffs], Mon Nov 19 04:12:32 2018 UTC (5 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.137: +3 -2 lines
Diff to previous 1.137 (colored)
silence (to log level debug2) failure messages when loading the default hostkeys. Hostkeys explicitly specified in the configuration or on the command-line are still reported as errors, and failure to load at least one host key remains a fatal error. Based on patch from Dag-Erling Smørgrav via https://github.com/openssh/openssh-portable/pull/103 ok markus@
Revision 1.137 / (download) - annotate - [select for diffs], Thu Sep 20 03:28:06 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.136: +3 -1 lines
Diff to previous 1.136 (colored)
Add sshd_config CASignatureAlgorithms option to allow control over which signature algorithms a CA may use when signing certificates. In particular, this allows a sshd to ban certificates signed with RSA/SHA1. ok markus@
Revision 1.136 / (download) - annotate - [select for diffs], Mon Jul 9 21:26:02 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.135: +3 -3 lines
Diff to previous 1.135 (colored)
sshd: switch loginmsg to sshbuf API; ok djm@
Revision 1.135 / (download) - annotate - [select for diffs], Tue Jul 3 10:59:35 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.134: +3 -1 lines
Diff to previous 1.134 (colored)
allow sshd_config PermitUserEnvironment to accept a pattern-list of whitelisted environment variable names in addition to yes|no. bz#1800, feedback and ok markus@
Revision 1.134 / (download) - annotate - [select for diffs], Sat Jun 9 03:03:10 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.133: +3 -1 lines
Diff to previous 1.133 (colored)
add a SetEnv directive for sshd_config to allow an administrator to explicitly specify environment variables set in sessions started by sshd. These override the default environment and any variables set by user configuration (PermitUserEnvironment, etc), but not the SSH_* variables set by sshd itself. ok markus@
Revision 1.133 / (download) - annotate - [select for diffs], Wed Jun 6 18:23:32 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.132: +4 -5 lines
Diff to previous 1.132 (colored)
permitlisten option for authorized_keys; ok markus@
Revision 1.132 / (download) - annotate - [select for diffs], Wed Jun 6 18:22:41 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.131: +7 -9 lines
Diff to previous 1.131 (colored)
Add a PermitListen directive to control which server-side addresses may be listened on when the client requests remote forwarding (ssh -R). This is the converse of the existing PermitOpen directive and this includes some refactoring to share much of its implementation. feedback and ok markus@
Revision 1.131 / (download) - annotate - [select for diffs], Fri Apr 13 03:57:26 2018 UTC (6 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.130: +2 -1 lines
Diff to previous 1.130 (colored)
Defend against user enumeration timing attacks. This establishes a minimum time for each failed authentication attempt (5ms) and adds a per-user constant derived from a host secret (0-4ms). Based on work by joona.kannisto at tut.fi, ok markus@ djm@.
Revision 1.130 / (download) - annotate - [select for diffs], Wed Oct 25 00:19:47 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.129: +2 -1 lines
Diff to previous 1.129 (colored)
add a "rdomain" criteria for the sshd_config Match keyword to allow conditional configuration that depends on which rdomain(4) a connection was recevied on. ok markus@
Revision 1.129 / (download) - annotate - [select for diffs], Wed Oct 25 00:17:08 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.128: +4 -1 lines
Diff to previous 1.128 (colored)
add sshd_config RDomain keyword to place sshd and the subsequent user session (including the shell and any TCP/IP forwardings) into the specified rdomain(4) ok markus@
Revision 1.128 / (download) - annotate - [select for diffs], Wed Oct 25 00:15:35 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.127: +21 -4 lines
Diff to previous 1.127 (colored)
Add optional rdomain qualifier to sshd_config's ListenAddress option to allow listening on a different rdomain(4), e.g. ListenAddress 0.0.0.0 rdomain 4
Revision 1.127 / (download) - annotate - [select for diffs], Thu Oct 5 15:52:03 2017 UTC (6 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.126: +24 -28 lines
Diff to previous 1.126 (colored)
replace statically-sized arrays in ServerOptions with dynamic ones managed by xrecallocarray, removing some arbitrary (though large) limits and saving a bit of memory; "much nicer" markus@
Revision 1.126 / (download) - annotate - [select for diffs], Mon Oct 2 19:33:20 2017 UTC (6 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.125: +2 -2 lines
Diff to previous 1.125 (colored)
Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@
Revision 1.125 / (download) - annotate - [select for diffs], Tue Sep 12 06:32:07 2017 UTC (6 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.124: +12 -2 lines
Diff to previous 1.124 (colored)
refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
Revision 1.124 / (download) - annotate - [select for diffs], Sat Jun 24 06:34:38 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.123: +2 -1 lines
Diff to previous 1.123 (colored)
refactor authentication logging optionally record successful auth methods and public credentials used in a file accessible to user sessions feedback and ok markus@
Revision 1.123 / (download) - annotate - [select for diffs], Wed Nov 30 03:00:05 2016 UTC (7 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.122: +2 -1 lines
Diff to previous 1.122 (colored)
Add a sshd_config DisableForwaring option that disables X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as anything else we might implement in the future. This, like the 'restrict' authorized_keys flag, is intended to be a simple and future-proof way of restricting an account. Suggested as a complement to 'restrict' by Jann Horn; ok markus@
Revision 1.122 / (download) - annotate - [select for diffs], Fri Aug 19 03:18:06 2016 UTC (7 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.121: +1 -2 lines
Diff to previous 1.121 (colored)
remove UseLogin option and support for having /bin/login manage login sessions; ok deraadt markus dtucker
Revision 1.121 / (download) - annotate - [select for diffs], Mon Aug 15 12:27:56 2016 UTC (7 years, 9 months ago) by naddy
Branch: MAIN
Changes since 1.120: +1 -7 lines
Diff to previous 1.120 (colored)
Remove more SSH1 server code: * Drop sshd's -k option. * Retire configuration keywords that only apply to protocol 1, as well as the "protocol" keyword. * Remove some related vestiges of protocol 1 support. ok markus@
Revision 1.120 / (download) - annotate - [select for diffs], Fri Jul 10 06:21:53 2015 UTC (8 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.119: +2 -1 lines
Diff to previous 1.119 (colored)
Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@
Revision 1.119 / (download) - annotate - [select for diffs], Fri May 22 03:50:02 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.118: +2 -1 lines
Diff to previous 1.118 (colored)
add knob to relax GSSAPI host credential check for multihomed hosts bz#928, patch by Simon Wilkinson; ok dtucker (kerberos/GSSAPI is not compiled by default on OpenBSD)
Revision 1.118 / (download) - annotate - [select for diffs], Thu May 21 06:43:31 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.117: +7 -3 lines
Diff to previous 1.117 (colored)
add AuthorizedPrincipalsCommand that allows getting authorized_principals from a subprocess rather than a file, which is quite useful in deployments with large userbases feedback and ok markus@
Revision 1.117 / (download) - annotate - [select for diffs], Wed Apr 29 03:48:56 2015 UTC (9 years ago) by dtucker
Branch: MAIN
Changes since 1.116: +4 -2 lines
Diff to previous 1.116 (colored)
Allow ListenAddress, Port and AddressFamily in any order. bz#68, ok djm@, jmc@ (for the man page bit).
Revision 1.116 / (download) - annotate - [select for diffs], Tue Jan 13 07:39:19 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.115: +5 -1 lines
Diff to previous 1.115 (colored)
add sshd_config HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options to allow sshd to control what public key types will be accepted. Currently defaults to all. Feedback & ok markus@
Revision 1.115 / (download) - annotate - [select for diffs], Sun Dec 21 22:27:56 2014 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.114: +3 -1 lines
Diff to previous 1.114 (colored)
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
Revision 1.114 / (download) - annotate - [select for diffs], Tue Jul 15 15:54:14 2014 UTC (9 years, 10 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.113: +3 -2 lines
Diff to previous 1.113 (colored)
Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
Revision 1.113 / (download) - annotate - [select for diffs], Thu Jul 3 22:40:43 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.112: +2 -1 lines
Diff to previous 1.112 (colored)
Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys option; bz#2160; ok markus@
Revision 1.112 / (download) - annotate - [select for diffs], Wed Jan 29 06:18:35 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.111: +1 -3 lines
Diff to previous 1.111 (colored)
remove experimental, never-enabled JPAKE code; ok markus@
Revision 1.111 / (download) - annotate - [select for diffs], Thu Dec 5 01:16:41 2013 UTC (10 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.110: +4 -1 lines
Diff to previous 1.110 (colored)
bz#2161 - fix AuthorizedKeysCommand inside a Match block and rearrange things so the same error is harder to make next time; with and ok dtucker@
Revision 1.110 / (download) - annotate - [select for diffs], Tue Oct 29 09:48:02 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.109: +2 -1 lines
Diff to previous 1.109 (colored)
shd_config PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option; bz#2070, patch from Teran McKinney; ok markus@
Revision 1.109 / (download) - annotate - [select for diffs], Fri Jul 19 07:37:48 2013 UTC (10 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.108: +2 -1 lines
Diff to previous 1.108 (colored)
add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974 ok djm@
Revision 1.108 / (download) - annotate - [select for diffs], Thu May 16 04:09:14 2013 UTC (11 years ago) by dtucker
Branch: MAIN
Changes since 1.107: +4 -1 lines
Diff to previous 1.107 (colored)
Add RekeyLimit to sshd with the same syntax as the client allowing rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man page.
Revision 1.107 / (download) - annotate - [select for diffs], Thu Jan 3 05:49:36 2013 UTC (11 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.106: +3 -1 lines
Diff to previous 1.106 (colored)
add a couple of ServerOptions members that should be copied to the privsep child (for consistency, in this case they happen only to be accessed in the monitor); ok dtucker@
Revision 1.106 / (download) - annotate - [select for diffs], Sun Dec 2 20:46:11 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.105: +8 -2 lines
Diff to previous 1.105 (colored)
make AllowTcpForwarding accept "local" and "remote" in addition to its current "yes"/"no" to allow the server to specify whether just local or remote TCP forwarding is enabled. ok markus@
Revision 1.105 / (download) - annotate - [select for diffs], Sun Nov 4 11:09:15 2012 UTC (11 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.104: +6 -1 lines
Diff to previous 1.104 (colored)
Support multiple required authentication via an AuthenticationMethods option. This option lists one or more comma-separated lists of authentication method names. Successful completion of all the methods in any list is required for authentication to complete; feedback and ok markus@
Revision 1.104 / (download) - annotate - [select for diffs], Tue Oct 30 21:29:55 2012 UTC (11 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.103: +3 -1 lines
Diff to previous 1.103 (colored)
new sshd_config option AuthorizedKeysCommand to support fetching authorized_keys from a command in addition to (or instead of) from the filesystem. The command is run as the target server user unless another specified via a new AuthorizedKeysCommandUser option. patch originally by jchadima AT redhat.com, reworked by me; feedback and ok markus@
Revision 1.103 / (download) - annotate - [select for diffs], Tue Jul 10 02:19:15 2012 UTC (11 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.102: +2 -2 lines
Diff to previous 1.102 (colored)
Turn on systrace sandboxing of pre-auth sshd by default for new installs by shipping a config that overrides the current UsePrivilegeSeparation=yes default. Make it easier to flip the default in the future by adding too. prodded markus@ feedback dtucker@ "get it in" deraadt@
Revision 1.102 / (download) - annotate - [select for diffs], Tue Jun 19 18:25:28 2012 UTC (11 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.101: +6 -1 lines
Diff to previous 1.101 (colored)
sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
ok djm@ (back in March)
Revision 1.101 / (download) - annotate - [select for diffs], Sun May 13 01:42:32 2012 UTC (12 years ago) by dtucker
Branch: MAIN
Changes since 1.100: +17 -5 lines
Diff to previous 1.100 (colored)
Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests to match. Feedback and ok djm@ markus@.
Revision 1.100 / (download) - annotate - [select for diffs], Thu Apr 12 02:42:32 2012 UTC (12 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.99: +3 -1 lines
Diff to previous 1.99 (colored)
VersionAddendum option to allow server operators to append some arbitrary text to the SSH-... banner; ok deraadt@ "don't care" markus@
Revision 1.99 / (download) - annotate - [select for diffs], Wed Jun 22 21:57:01 2011 UTC (12 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.98: +6 -1 lines
Diff to previous 1.98 (colored)
introduce sandboxing of the pre-auth privsep child using systrace(4). This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@
Revision 1.98 / (download) - annotate - [select for diffs], Mon May 23 03:30:07 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.97: +5 -3 lines
Diff to previous 1.97 (colored)
allow AuthorizedKeysFile to specify multiple files, separated by spaces. Bring back authorized_keys2 as a default search path (to avoid breaking existing users of this file), but override this in sshd_config so it will be no longer used on fresh installs. Maybe in 2015 we can remove it entierly :) feedback and ok markus@ dtucker@
Revision 1.97 / (download) - annotate - [select for diffs], Fri May 20 03:25:45 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.96: +15 -1 lines
Diff to previous 1.96 (colored)
use a macro to define which string options to copy between configs for Match. This avoids problems caused by forgetting to keep three code locations in perfect sync and ordering "this is at once beautiful and horrible" + ok dtucker@
Revision 1.96 / (download) - annotate - [select for diffs], Wed May 11 04:47:06 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.95: +1 -2 lines
Diff to previous 1.95 (colored)
remove support for authorized_keys2; it is a relic from the early days of protocol v.2 support and has been undocumented for many years; ok markus@
Revision 1.95 / (download) - annotate - [select for diffs], Sat Nov 13 23:27:50 2010 UTC (13 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.94: +3 -1 lines
Diff to previous 1.94 (colored)
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Revision 1.94 / (download) - annotate - [select for diffs], Wed Sep 22 05:01:29 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.93: +2 -1 lines
Diff to previous 1.93 (colored)
add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@
Revision 1.93 / (download) - annotate - [select for diffs], Fri May 7 11:30:30 2010 UTC (14 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.92: +2 -1 lines
Diff to previous 1.92 (colored)
add some optional indirection to matching of principal names listed in certificates. Currently, a certificate must include the a user's name to be accepted for authentication. This change adds the ability to specify a list of certificate principal names that are acceptable. When authenticating using a CA trusted through ~/.ssh/authorized_keys, this adds a new principals="name1[,name2,...]" key option. For CAs listed through sshd_config's TrustedCAKeys option, a new config option "AuthorizedPrincipalsFile" specifies a per-user file containing the list of acceptable names. If either option is absent, the current behaviour of requiring the username to appear in principals continues to apply. These options are useful for role accounts, disjoint account namespaces and "user@realm"-style naming policies in certificates. feedback and ok markus@
Revision 1.92 / (download) - annotate - [select for diffs], Thu Mar 4 10:36:03 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.91: +3 -1 lines
Diff to previous 1.91 (colored)
Add a TrustedUserCAKeys option to sshd_config to specify CA keys that are trusted to authenticate users (in addition than doing it per-user in authorized_keys). Add a RevokedKeys option to sshd_config and a @revoked marker to known_hosts to allow keys to me revoked and banned for user or host authentication. feedback and ok markus@
Revision 1.91 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.90: +4 -1 lines
Diff to previous 1.90 (colored)
Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
Revision 1.90 / (download) - annotate - [select for diffs], Wed Jan 13 03:48:13 2010 UTC (14 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.89: +2 -1 lines
Diff to previous 1.89 (colored)
avoid run-time failures when specifying hostkeys via a relative path by prepending the cwd in these cases; bz#1290; ok dtucker@
Revision 1.89 / (download) - annotate - [select for diffs], Sat Jan 9 23:04:13 2010 UTC (14 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.88: +0 -2 lines
Diff to previous 1.88 (colored)
Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
Revision 1.88 / (download) - annotate - [select for diffs], Wed Oct 28 16:38:18 2009 UTC (14 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.87: +3 -1 lines
Diff to previous 1.87 (colored)
Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
Revision 1.87 / (download) - annotate - [select for diffs], Thu Jan 22 10:02:34 2009 UTC (15 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.86: +4 -4 lines
Diff to previous 1.86 (colored)
make a2port() return -1 when it encounters an invalid port number rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@
Revision 1.86 / (download) - annotate - [select for diffs], Tue Nov 4 08:22:13 2008 UTC (15 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.85: +3 -1 lines
Diff to previous 1.85 (colored)
Add support for an experimental zero-knowledge password authentication method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
Revision 1.85 / (download) - annotate - [select for diffs], Tue Jun 10 04:50:25 2008 UTC (15 years, 11 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.84: +2 -1 lines
Diff to previous 1.84 (colored)
Add extended test mode (-T) and connection parameters for test mode (-C). -T causes sshd to write its effective configuration to stdout and exit. -C causes any relevant Match rules to be applied before output. The combination allows tesing of the parser and config files. ok deraadt djm
Revision 1.84 / (download) - annotate - [select for diffs], Thu May 8 12:21:16 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.83: +3 -1 lines
Diff to previous 1.83 (colored)
Make the maximum number of sessions run-time controllable via a sshd_config MaxSessions knob. This is useful for disabling login/shell/subsystem access while leaving port-forwarding working (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or simply increasing the number of allows multiplexed sessions. Because some bozos are sure to configure MaxSessions in excess of the number of available file descriptors in sshd (which, at peak, might be as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds on error paths, and make it fail gracefully on out-of-fd conditions - sending channel errors instead of than exiting with fatal(). bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com ok markus@
Revision 1.83 / (download) - annotate - [select for diffs], Wed May 7 05:49:37 2008 UTC (16 years ago) by pyr
Branch: MAIN
Changes since 1.82: +2 -1 lines
Diff to previous 1.82 (colored)
Enable the AllowAgentForwarding option in sshd_config (global and match context), to specify if agents should be permitted on the server. As the man page states: ``Note that disabling Agent forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders.'' ok djm@, ok and a mild frown markus@
Revision 1.82 / (download) - annotate - [select for diffs], Wed Feb 13 22:38:17 2008 UTC (16 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.81: +4 -1 lines
Diff to previous 1.81 (colored)
rekey arc4random and OpenSSL RNG in postauth child closefrom fds > 2 before shell/command execution ok markus@
Revision 1.81 / (download) - annotate - [select for diffs], Fri Feb 8 23:24:08 2008 UTC (16 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.80: +3 -1 lines
Diff to previous 1.80 (colored)
add sshd_config ChrootDirectory option to chroot(2) users to a directory and tweak internal sftp server to work with it (no special files in chroot required). ok markus@
Revision 1.80 / (download) - annotate - [select for diffs], Mon Feb 19 10:45:58 2007 UTC (17 years, 3 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.79: +2 -2 lines
Diff to previous 1.79 (colored)
Teach Match how handle config directives that are used before authentication. This allows configurations such as permitting password authentication from the local net only while requiring pubkey from offsite. ok djm@, man page bits ok jmc@
Revision 1.71.4.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:33 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.71.4.1: +14 -5 lines
Diff to previous 1.71.4.1 (colored) to branchpoint 1.71 (colored) next main 1.72 (colored)
upgrade to OpenSSH 4.4
Revision 1.72.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:51 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.72: +14 -5 lines
Diff to previous 1.72 (colored) next main 1.73 (colored)
upgrade to OpenSSH 4.4
Revision 1.79 / (download) - annotate - [select for diffs], Mon Aug 14 12:40:25 2006 UTC (17 years, 9 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.78: +2 -1 lines
Diff to previous 1.78 (colored)
Add ability to match groups to Match keyword in sshd_config. Feedback djm@, stevesk@, ok stevesk@.
Revision 1.78 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.77: +1 -3 lines
Diff to previous 1.77 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.77 / (download) - annotate - [select for diffs], Fri Jul 21 12:43:36 2006 UTC (17 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.76: +3 -1 lines
Diff to previous 1.76 (colored)
Make PermitOpen take a list of permitted ports and act more like most other keywords (ie the first match is the effective setting). This also makes it easier to override a previously set PermitOpen. ok djm@
Revision 1.76 / (download) - annotate - [select for diffs], Wed Jul 19 13:07:10 2006 UTC (17 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.75: +3 -1 lines
Diff to previous 1.75 (colored)
Add ForceCommand keyword to sshd_config, equivalent to the "command=" key option, man page entry and example in sshd_config. Feedback & ok djm@, man page corrections & ok jmc@
Revision 1.75 / (download) - annotate - [select for diffs], Wed Jul 12 11:34:58 2006 UTC (17 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.74: +8 -3 lines
Diff to previous 1.74 (colored)
Add support for conditional directives to sshd_config via a "Match" keyword,
which works similarly to the "Host" directive in ssh_config.
Lines after a Match line override the default set in the main section
if the condition on the Match line is true, eg
AllowTcpForwarding yes
Match User anoncvs
AllowTcpForwarding no
will allow port forwarding by all users except "anoncvs".
Currently only a very small subset of directives are supported.
ok djm@
Revision 1.74 / (download) - annotate - [select for diffs], Thu Jul 6 10:47:05 2006 UTC (17 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.73: +2 -1 lines
Diff to previous 1.73 (colored)
support arguments to Subsystem commands; ok markus@
Revision 1.73 / (download) - annotate - [select for diffs], Sat Mar 25 22:22:43 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.72: +1 -1 lines
Diff to previous 1.72 (colored)
standardise spacing in $OpenBSD$ tags; requested by deraadt@
Revision 1.71.4.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:57 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.71: +3 -1 lines
Diff to previous 1.71 (colored)
upgrade to OpenSSH 4.3
Revision 1.71.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:45 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.71: +3 -1 lines
Diff to previous 1.71 (colored) next main 1.72 (colored)
upgrade to OpenSSH 4.3
Revision 1.72 / (download) - annotate - [select for diffs], Tue Dec 6 22:38:27 2005 UTC (18 years, 5 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.71: +3 -1 lines
Diff to previous 1.71 (colored)
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
Revision 1.67.2.2 / (download) - annotate - [select for diffs], Thu Mar 10 17:15:04 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.67.2.1: +2 -1 lines
Diff to previous 1.67.2.1 (colored) to branchpoint 1.67 (colored) next main 1.68 (colored)
upgrade to OpenSSH 4.0
Revision 1.70.2.1 / (download) - annotate - [select for diffs], Thu Mar 10 16:28:27 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.70: +2 -1 lines
Diff to previous 1.70 (colored) next main 1.71 (colored)
upgrade to OpenSSH 4.0
Revision 1.71 / (download) - annotate - [select for diffs], Thu Dec 23 23:11:00 2004 UTC (19 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_7_BASE
Branch point for: OPENBSD_3_8,
OPENBSD_3_7
Changes since 1.70: +2 -1 lines
Diff to previous 1.70 (colored)
bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz ok deraadt@
Revision 1.65.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:32 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.65.2.1: +11 -3 lines
Diff to previous 1.65.2.1 (colored) to branchpoint 1.65 (colored) next main 1.66 (colored)
upgrade to OpenSSH 3.9
Revision 1.67.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:27 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.67: +11 -3 lines
Diff to previous 1.67 (colored)
upgrade to OpenSSH 3.9
Revision 1.70 / (download) - annotate - [select for diffs], Thu Jun 24 19:30:54 2004 UTC (19 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.69: +5 -3 lines
Diff to previous 1.69 (colored)
re-exec sshd on accept(); initial work, final debugging and ok markus@
Revision 1.69 / (download) - annotate - [select for diffs], Sun May 23 23:59:53 2004 UTC (19 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.68: +3 -1 lines
Diff to previous 1.68 (colored)
Add MaxAuthTries sshd config option; ok markus@
Revision 1.68 / (download) - annotate - [select for diffs], Tue Apr 27 09:46:37 2004 UTC (20 years ago) by djm
Branch: MAIN
Changes since 1.67: +5 -1 lines
Diff to previous 1.67 (colored)
bz #815: implement ability to pass specified environment variables from the client to the server; ok markus@
Revision 1.59.4.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:16 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.59.4.1: +4 -2 lines
Diff to previous 1.59.4.1 (colored) to branchpoint 1.59 (colored) next main 1.60 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.65.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:33 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.65: +4 -2 lines
Diff to previous 1.65 (colored)
upgrade to OpenSSH 3.8
Revision 1.67 / (download) - annotate - [select for diffs], Tue Dec 23 16:12:10 2003 UTC (20 years, 4 months ago) by jakob
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.66: +3 -1 lines
Diff to previous 1.66 (colored)
implement KerberosGetAFSToken server option. ok markus@, beck@
Revision 1.66 / (download) - annotate - [select for diffs], Tue Dec 9 21:53:37 2003 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)
rename keepalive to tcpkeepalive; the old name causes too much confusion; ok djm, dtucker; with help from jmc@
Revision 1.59.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:27 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.59: +4 -13 lines
Diff to previous 1.59 (colored) next main 1.60 (colored)
upgrade to OpenSSH 3.7
Revision 1.59.4.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:43 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.59: +4 -13 lines
Diff to previous 1.59 (colored)
upgrade to OpenSSH 3.7
Revision 1.65 / (download) - annotate - [select for diffs], Mon Sep 1 18:15:50 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.64: +1 -3 lines
Diff to previous 1.64 (colored)
remove unused kerberos code; ok henning@
Revision 1.64 / (download) - annotate - [select for diffs], Fri Aug 22 10:56:09 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.63: +3 -1 lines
Diff to previous 1.63 (colored)
support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
Revision 1.63 / (download) - annotate - [select for diffs], Wed Aug 13 08:46:30 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.62: +1 -3 lines
Diff to previous 1.62 (colored)
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others
Revision 1.62 / (download) - annotate - [select for diffs], Tue Jul 22 13:35:22 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.61: +1 -2 lines
Diff to previous 1.61 (colored)
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@
Revision 1.61 / (download) - annotate - [select for diffs], Mon Jun 2 09:17:34 2003 UTC (20 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (colored)
deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
Revision 1.60 / (download) - annotate - [select for diffs], Thu May 15 01:48:10 2003 UTC (21 years ago) by jakob
Branch: MAIN
Changes since 1.59: +1 -7 lines
Diff to previous 1.59 (colored)
always parse kerberos options. ok djm@ markus@
Revision 1.49.2.4 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:07 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.49.2.3: +2 -1 lines
Diff to previous 1.49.2.3 (colored) to branchpoint 1.49 (colored) next main 1.50 (colored)
Update to OpenSSH 3.5
Revision 1.57.2.2 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:52 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.57.2.1: +2 -1 lines
Diff to previous 1.57.2.1 (colored) to branchpoint 1.57 (colored) next main 1.58 (colored)
Update to OpenSSH 3.5
Revision 1.59 / (download) - annotate - [select for diffs], Tue Jul 30 17:03:55 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_3,
OPENBSD_3_2
Changes since 1.58: +2 -1 lines
Diff to previous 1.58 (colored)
add PermitUserEnvironment (off by default!); from dot@dotat.at; ok provos, deraadt
Revision 1.57.2.1 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:38 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.57: +2 -1 lines
Diff to previous 1.57 (colored)
Pull in OpenSSH-3.4
Revision 1.49.2.3 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:17 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.49.2.2: +2 -1 lines
Diff to previous 1.49.2.2 (colored) to branchpoint 1.49 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.58 / (download) - annotate - [select for diffs], Thu Jun 20 23:05:55 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.57: +2 -1 lines
Diff to previous 1.57 (colored)
allow Compression=yes/no in sshd_config
Revision 1.41.2.3 / (download) - annotate - [select for diffs], Sun Jun 2 22:56:10 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.41.2.2: +1 -2 lines
Diff to previous 1.41.2.2 (colored) to branchpoint 1.41 (colored) next main 1.42 (colored)
Upgrade to OpenSSH 3.2.3. Except for improbable compilation error fixes, this should be the last commit made to the 2.9-STABLE branche. Have fun upgrading.
Revision 1.49.2.2 / (download) - annotate - [select for diffs], Fri May 17 00:03:24 2002 UTC (22 years ago) by miod
Branch: OPENBSD_3_0
Changes since 1.49.2.1: +1 -2 lines
Diff to previous 1.49.2.1 (colored) to branchpoint 1.49 (colored)
Update OpenSSH to version 3.2.2.
Revision 1.57 / (download) - annotate - [select for diffs], Wed Mar 20 19:12:25 2002 UTC (22 years, 2 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.56: +1 -4 lines
Diff to previous 1.56 (colored)
for unprivileged user, group do: pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
Revision 1.56 / (download) - annotate - [select for diffs], Tue Mar 19 03:03:43 2002 UTC (22 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.55: +1 -2 lines
Diff to previous 1.55 (colored)
_PATH_PRIVSEP_CHROOT_DIR; ok provos@
Revision 1.55 / (download) - annotate - [select for diffs], Mon Mar 18 17:50:31 2002 UTC (22 years, 2 months ago) by provos
Branch: MAIN
Changes since 1.54: +4 -1 lines
Diff to previous 1.54 (colored)
integrate privilege separated openssh; its turned off by default for now. work done by me and markus@
Revision 1.41.2.2 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:44 2002 UTC (22 years, 2 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.41.2.1: +9 -6 lines
Diff to previous 1.41.2.1 (colored) to branchpoint 1.41 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.30.2.6 / (download) - annotate - [select for diffs], Fri Mar 8 17:04:43 2002 UTC (22 years, 2 months ago) by brad
Branch: OPENBSD_2_8
Changes since 1.30.2.5: +9 -6 lines
Diff to previous 1.30.2.5 (colored) to branchpoint 1.30 (colored) next main 1.31 (colored)
Merge OpenSSH 3.1.
Revision 1.49.2.1 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:47 2002 UTC (22 years, 2 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.49: +9 -6 lines
Diff to previous 1.49 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.54 / (download) - annotate - [select for diffs], Mon Mar 4 17:27:39 2002 UTC (22 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)
$OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
Revision 1.53 / (download) - annotate - [select for diffs], Tue Jan 29 14:32:03 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.52: +2 -2 lines
Diff to previous 1.52 (colored)
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
Revision 1.52 / (download) - annotate - [select for diffs], Sun Jan 27 14:57:46 2002 UTC (22 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.51: +2 -1 lines
Diff to previous 1.51 (colored)
add X11UseLocalhost; ok markus@
Revision 1.51 / (download) - annotate - [select for diffs], Wed Dec 19 07:18:56 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.50: +4 -4 lines
Diff to previous 1.50 (colored)
basic KNF done while i was looking for something else
Revision 1.50 / (download) - annotate - [select for diffs], Thu Dec 6 13:30:05 2001 UTC (22 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.49: +3 -1 lines
Diff to previous 1.49 (colored)
add -o to sshd, too. ok deraadt@
Revision 1.41.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:55 2001 UTC (22 years, 7 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.41: +16 -22 lines
Diff to previous 1.41 (colored)
Pull in OpenSSH-2.9.9
Revision 1.30.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:42 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.30.2.4: +16 -22 lines
Diff to previous 1.30.2.4 (colored) to branchpoint 1.30 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.49 / (download) - annotate - [select for diffs], Fri Aug 17 18:59:47 2001 UTC (22 years, 9 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.48: +4 -4 lines
Diff to previous 1.48 (colored)
typo in comment
Revision 1.48 / (download) - annotate - [select for diffs], Thu Aug 16 19:18:34 2001 UTC (22 years, 9 months ago) by jakob
Branch: MAIN
Changes since 1.47: +1 -2 lines
Diff to previous 1.47 (colored)
deprecate CheckMail. ok markus@ ----------------------------------------------------------------------
Revision 1.47 / (download) - annotate - [select for diffs], Tue Jun 26 17:27:24 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.46: +4 -14 lines
Diff to previous 1.46 (colored)
remove comments from .h, since they are cut&paste from the .c files and out of sync
Revision 1.46 / (download) - annotate - [select for diffs], Tue Jun 26 16:15:24 2001 UTC (22 years, 10 months ago) by dugsong
Branch: MAIN
Changes since 1.45: +6 -4 lines
Diff to previous 1.45 (colored)
Kerberos v5 support for SSH1, mostly from Assar Westerlund <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
Revision 1.45 / (download) - annotate - [select for diffs], Tue Jun 26 06:33:00 2001 UTC (22 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.44: +4 -4 lines
Diff to previous 1.44 (colored)
prototype pedant. not very creative... - () -> (void) - no variable names
Revision 1.44 / (download) - annotate - [select for diffs], Sat Jun 23 02:34:31 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.43: +3 -3 lines
Diff to previous 1.43 (colored)
get rid of known_hosts2, use it for hostkey lookup, but do not modify.
Revision 1.43 / (download) - annotate - [select for diffs], Sun May 20 17:20:35 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.42: +4 -1 lines
Diff to previous 1.42 (colored)
configurable authorized_keys{,2} location; originally from peter@; ok djm@
Revision 1.42 / (download) - annotate - [select for diffs], Fri May 18 14:13:29 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)
improved kbd-interactive support. work by per@appgate.com and me
Revision 1.30.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:33 2001 UTC (23 years ago) by jason
Branch: OPENBSD_2_8
Changes since 1.30.2.3: +13 -1 lines
Diff to previous 1.30.2.3 (colored) to branchpoint 1.30 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.41 / (download) - annotate - [select for diffs], Fri Apr 13 22:46:53 2001 UTC (23 years, 1 month ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.40: +10 -1 lines
Diff to previous 1.40 (colored)
Add options ClientAliveInterval and ClientAliveCountMax to sshd. This gives the ability to do a "keepalive" via the encrypted channel which can't be spoofed (unlike TCP keepalives). Useful for when you want to use ssh connections to authenticate people for something, and know relatively quickly when they are no longer authenticated. Disabled by default (of course). ok markus@
Revision 1.40 / (download) - annotate - [select for diffs], Thu Apr 12 19:15:25 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.39: +3 -1 lines
Diff to previous 1.39 (colored)
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
Revision 1.39 / (download) - annotate - [select for diffs], Sun Mar 25 13:16:10 2001 UTC (23 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.38: +2 -1 lines
Diff to previous 1.38 (colored)
PrintLastLog option; from chip@valinux.com with some minor changes by me. ok markus@
Revision 1.30.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:28 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.30.2.2: +0 -0 lines
Diff to previous 1.30.2.2 (colored) to branchpoint 1.30 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.22.2.5 / (download) - annotate - [select for diffs], Wed Mar 21 18:53:02 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.22.2.4: +0 -0 lines
Diff to previous 1.22.2.4 (colored) to branchpoint 1.22 (colored) next main 1.23 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.22.2.4 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:14 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.22.2.3: +27 -18 lines
Diff to previous 1.22.2.3 (colored) to branchpoint 1.22 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.30.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:19:19 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.30.2.1: +0 -0 lines
Diff to previous 1.30.2.1 (colored) to branchpoint 1.30 (colored)
Pull in OpenSSH-2.5.1
Revision 1.30.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:13:13 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.30: +27 -18 lines
Diff to previous 1.30 (colored)
Pull in OpenSSH 2.5.0
Revision 1.38 / (download) - annotate - [select for diffs], Mon Feb 12 16:16:23 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.37: +10 -2 lines
Diff to previous 1.37 (colored)
PermitRootLogin={yes,without-password,forced-commands-only,no}
(before this change, root could login even if PermitRootLogin==no)
Revision 1.37 / (download) - annotate - [select for diffs], Sun Feb 11 12:59:25 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.36: +4 -3 lines
Diff to previous 1.36 (colored)
1) clean up the MAC support for SSH-2
2) allow you to specify the MAC with 'ssh -m'
3) or the 'MACs' keyword in ssh(d)_config
4) add hmac-{md5,sha1}-96
ok stevesk@, provos@
Revision 1.36 / (download) - annotate - [select for diffs], Sat Feb 3 10:08:37 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.35: +2 -1 lines
Diff to previous 1.35 (colored)
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
Revision 1.35 / (download) - annotate - [select for diffs], Mon Jan 22 23:06:40 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.34: +2 -3 lines
Diff to previous 1.34 (colored)
rename skey -> challenge response. auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
Revision 1.34 / (download) - annotate - [select for diffs], Fri Jan 19 12:45:27 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.33: +1 -3 lines
Diff to previous 1.33 (colored)
only auth-chall.c needs #ifdef SKEY
Revision 1.33 / (download) - annotate - [select for diffs], Mon Jan 8 22:29:05 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.32: +2 -1 lines
Diff to previous 1.32 (colored)
implement option 'Banner /etc/issue.net' for ssh2, move version to 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner is enabled).
Revision 1.32 / (download) - annotate - [select for diffs], Tue Dec 19 23:17:58 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.31: +8 -8 lines
Diff to previous 1.31 (colored)
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
Revision 1.31 / (download) - annotate - [select for diffs], Sun Nov 12 19:50:38 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.30: +5 -4 lines
Diff to previous 1.30 (colored)
add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
Revision 1.22.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 21:31:13 2000 UTC (23 years, 6 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.22.2.2: +8 -8 lines
Diff to previous 1.22.2.2 (colored) to branchpoint 1.22 (colored)
openssh-2.3.0 (again) for 2.7 branch
Revision 1.30 / (download) - annotate - [select for diffs], Sat Oct 14 12:12:09 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.29: +2 -1 lines
Diff to previous 1.29 (colored)
AllowTcpForwarding; from naddy@
Revision 1.29 / (download) - annotate - [select for diffs], Wed Oct 11 20:14:39 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.28: +2 -1 lines
Diff to previous 1.28 (colored)
add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me
Revision 1.28 / (download) - annotate - [select for diffs], Thu Sep 7 20:27:53 2000 UTC (23 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.27: +6 -8 lines
Diff to previous 1.27 (colored)
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
Revision 1.22.2.2 / (download) - annotate - [select for diffs], Fri Sep 1 18:23:22 2000 UTC (23 years, 8 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.22.2.1: +11 -1 lines
Diff to previous 1.22.2.1 (colored) to branchpoint 1.22 (colored)
Pull in the rest of openssh-2.2.0 to 2.7 branch (luvin' cvs...)
Revision 1.27 / (download) - annotate - [select for diffs], Sat Jul 22 09:14:36 2000 UTC (23 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.26: +3 -1 lines
Diff to previous 1.26 (colored)
random early drop; ok theo, niels
Revision 1.26 / (download) - annotate - [select for diffs], Mon Jun 26 21:59:18 2000 UTC (23 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.25: +4 -1 lines
Diff to previous 1.25 (colored)
MaxStartups: limit number of unauthenticated connections, work by theo and me
Revision 1.25 / (download) - annotate - [select for diffs], Tue Jun 20 01:39:44 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.24: +1 -1 lines
Diff to previous 1.24 (colored)
OpenBSD tag
Revision 1.24 / (download) - annotate - [select for diffs], Sat Jun 17 22:52:33 2000 UTC (23 years, 11 months ago) by jakob
Branch: MAIN
Changes since 1.23: +6 -1 lines
Diff to previous 1.23 (colored)
add support for ssh v2 subsystems. ok markus@.
Revision 1.22.2.1 / (download) - annotate - [select for diffs], Mon Jun 12 02:37:35 2000 UTC (23 years, 11 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.22: +2 -1 lines
Diff to previous 1.22 (colored)
lovin' CVS... update patch branch to OpenSSH-2.1.1
Revision 1.23 / (download) - annotate - [select for diffs], Wed May 31 06:36:40 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.22: +2 -1 lines
Diff to previous 1.22 (colored)
xauth_location support; pr 1234
Revision 1.22 / (download) - annotate - [select for diffs], Sat May 6 17:45:37 2000 UTC (24 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE
Branch point for: OPENBSD_2_7
Changes since 1.21: +2 -1 lines
Diff to previous 1.21 (colored)
add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
Revision 1.21 / (download) - annotate - [select for diffs], Wed May 3 18:03:07 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.20: +2 -1 lines
Diff to previous 1.20 (colored)
GatewayPorts for sshd, ok deraadt@
Revision 1.20 / (download) - annotate - [select for diffs], Wed May 3 10:21:48 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
s/DsaKey/HostDSAKey/, document option
Revision 1.19 / (download) - annotate - [select for diffs], Mon May 1 18:50:59 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.18: +2 -1 lines
Diff to previous 1.18 (colored)
PidFile, pr 1210
Revision 1.18 / (download) - annotate - [select for diffs], Fri Apr 14 10:30:33 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.17: +7 -7 lines
Diff to previous 1.17 (colored)
whitespace cleanup
Revision 1.17 / (download) - annotate - [select for diffs], Wed Apr 12 07:45:44 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.16: +3 -1 lines
Diff to previous 1.16 (colored)
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
Revision 1.16 / (download) - annotate - [select for diffs], Thu Apr 6 08:55:22 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored)
ssh2 server side, see README.openssh2; enable with 'sshd -2'
Revision 1.15 / (download) - annotate - [select for diffs], Tue Jan 4 00:08:00 2000 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.14: +8 -4 lines
Diff to previous 1.14 (colored)
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
Revision 1.14 / (download) - annotate - [select for diffs], Wed Nov 24 19:53:51 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.13: +9 -5 lines
Diff to previous 1.13 (colored)
KNF, final part 3
Revision 1.13 / (download) - annotate - [select for diffs], Wed Nov 24 00:26:03 1999 UTC (24 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.12: +78 -66 lines
Diff to previous 1.12 (colored)
much more KNF
Revision 1.12 / (download) - annotate - [select for diffs], Thu Nov 11 22:58:38 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)
IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok deraadt,millert
Revision 1.11 / (download) - annotate - [select for diffs], Wed Nov 10 23:36:44 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.10: +2 -3 lines
Diff to previous 1.10 (colored)
add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
obsoletes QuietMode and FascistLogging in sshd.
Revision 1.10 / (download) - annotate - [select for diffs], Sun Oct 17 20:48:07 1999 UTC (24 years, 7 months ago) by dugsong
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.9: +1 -8 lines
Diff to previous 1.9 (colored)
remove AllowHosts, DenyHosts, SilentDeny server access control cruft - replace with LIBWRAP moved to child. ok markus@ deraat@
Revision 1.9 / (download) - annotate - [select for diffs], Tue Oct 12 18:11:54 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored)
SilentDeny, don't log/answer refused connections, deraadt@
Revision 1.8 / (download) - annotate - [select for diffs], Mon Oct 11 21:48:29 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.7: +13 -1 lines
Diff to previous 1.7 (colored)
Allow/Deny Users/Groups, from zzlevo@dd.chalmers.se, ok deraadt@
Revision 1.7 / (download) - annotate - [select for diffs], Mon Oct 11 21:07:37 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored)
UseLogin, default=no, from kpa@gmx.net, ok deraadt@
Revision 1.6 / (download) - annotate - [select for diffs], Thu Oct 7 22:46:32 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.5: +2 -1 lines
Diff to previous 1.5 (colored)
You have Mail. Email fuer Dich. Karsten Patzwaldt <kpa@gmx.net> default=no
Revision 1.5 / (download) - annotate - [select for diffs], Thu Oct 7 21:45:02 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.4: +4 -1 lines
Diff to previous 1.4 (colored)
add skey to sshd:
1) pass *pw to auth_password() not user_name, do_authentication already
keeps private copy of struct passwd for current user.
2) limit authentication attemps to 5, otherwise
ssh -o 'NumberOfPasswordPrompts 100000' host
lets you enter 100000 passwds
3) make s/key a run-time option in /etc/sshd_config
4) generate fake skeys,
for s/key for nonexisting users, too
limit auth-tries for nonexisting users, too.
Note that
% ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host
has NO limits in ssh-1.2.27
Revision 1.4 / (download) - annotate - [select for diffs], Fri Oct 1 02:38:09 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.3: +1 -2 lines
Diff to previous 1.3 (colored)
get rid of references to randomseedfile we dont need it. for sshd just spit out a warning that the configuration option is obsolete.
Revision 1.3 / (download) - annotate - [select for diffs], Wed Sep 29 18:16:20 1999 UTC (24 years, 7 months ago) by dugsong
Branch: MAIN
Changes since 1.2: +5 -7 lines
Diff to previous 1.2 (colored)
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
Revision 1.2 / (download) - annotate - [select for diffs], Tue Sep 28 07:56:47 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.1: +2 -1 lines
Diff to previous 1.1 (colored)
X11DisplayOffset; aaron
Revision 1.1 / (download) - annotate - [select for diffs], Sun Sep 26 20:53:37 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.