![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.600 / (download) - annotate - [select for diffs], Thu Jan 11 01:45:36 2024 UTC (4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.599: +5 -1 lines
Diff to previous 1.599 (colored)
make DSA key support compile-time optional, defaulting to on ok markus@
Revision 1.599 / (download) - annotate - [select for diffs], Mon Dec 18 14:47:44 2023 UTC (4 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.598: +40 -1 lines
Diff to previous 1.598 (colored)
ban user/hostnames with most shell metacharacters This makes ssh(1) refuse user or host names provided on the commandline that contain most shell metacharacters. Some programs that invoke ssh(1) using untrusted data do not filter metacharacters in arguments they supply. This could create interactions with user-specified ProxyCommand and other directives that allow shell injection attacks to occur. It's a mistake to invoke ssh(1) with arbitrary untrusted arguments, but getting this stuff right can be tricky, so this should prevent most obvious ways of creating risky situations. It however is not and cannot be perfect: ssh(1) has no practical way of interpreting what shell quoting rules are in use and how they interact with the user's specified ProxyCommand. To allow configurations that use strange user or hostnames to continue to work, this strictness is applied only to names coming from the commandline. Names specified using User or Hostname directives in ssh_config(5) are not affected. feedback/ok millert@ markus@ dtucker@ deraadt@
Revision 1.598 / (download) - annotate - [select for diffs], Thu Oct 12 02:48:43 2023 UTC (7 months ago) by djm
Branch: MAIN
Changes since 1.597: +3 -3 lines
Diff to previous 1.597 (colored)
don't dereference NULL pointer when hashing jumphost
Revision 1.597 / (download) - annotate - [select for diffs], Thu Oct 12 02:18:18 2023 UTC (7 months ago) by djm
Branch: MAIN
Changes since 1.596: +5 -2 lines
Diff to previous 1.596 (colored)
add %j token that expands to the configured ProxyJump hostname (or the empty string if this option is not being used). bz3610, ok dtucker
Revision 1.596 / (download) - annotate - [select for diffs], Wed Oct 11 23:23:58 2023 UTC (7 months ago) by djm
Branch: MAIN
Changes since 1.595: +4 -3 lines
Diff to previous 1.595 (colored)
sync usage() with ssh.1; spotted by kn@
Revision 1.595 / (download) - annotate - [select for diffs], Wed Oct 11 22:42:26 2023 UTC (7 months ago) by djm
Branch: MAIN
Changes since 1.594: +15 -1 lines
Diff to previous 1.594 (colored)
add ChannelTimeout support to the client, mirroring the same option in the server. ok markus@
Revision 1.594 / (download) - annotate - [select for diffs], Sun Sep 3 23:59:32 2023 UTC (8 months, 1 week ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.593: +7 -4 lines
Diff to previous 1.593 (colored)
set interactive mode for ControlPersist sessions if they originally requested a tty; enables keystroke timing obfuscation for most ControlPersist sessions. Spotted by naddy@
Revision 1.593 / (download) - annotate - [select for diffs], Wed Jul 26 23:06:00 2023 UTC (9 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.592: +11 -6 lines
Diff to previous 1.592 (colored)
make ssh -f (fork after authentication) work properly in multiplexed cases (inc. ControlPersist). bz3589 bz3589 Based on patches by Peter Chubb; ok dtucker@
Revision 1.592 / (download) - annotate - [select for diffs], Mon Jul 17 05:41:53 2023 UTC (10 months ago) by jmc
Branch: MAIN
Changes since 1.591: +8 -8 lines
Diff to previous 1.591 (colored)
- add -P to usage() - sync the arg name to -J in usage() with that in ssh.1 - reformat usage() to match what "man ssh" does on 80width
Revision 1.591 / (download) - annotate - [select for diffs], Mon Jul 17 04:08:31 2023 UTC (10 months ago) by djm
Branch: MAIN
Changes since 1.590: +5 -3 lines
Diff to previous 1.590 (colored)
Add support for configuration tags to ssh(1). This adds a ssh_config(5) "Tag" directive and corresponding "Match tag" predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. ok markus
Revision 1.590 / (download) - annotate - [select for diffs], Tue Jul 4 03:59:21 2023 UTC (10 months, 1 week ago) by dlg
Branch: MAIN
Changes since 1.589: +4 -2 lines
Diff to previous 1.589 (colored)
add support for unix domain sockets to ssh -W ok djm@ dtucker@
Revision 1.589 / (download) - annotate - [select for diffs], Wed Jun 21 05:08:32 2023 UTC (10 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.588: +4 -2 lines
Diff to previous 1.588 (colored)
make `ssh -Q CASignatureAlgorithms` only list signature algorithms that are valid for CA signing. Previous behaviour was to list all signing algorithms, including certificate algorithms (OpenSSH certificates do not support CA chains). part of bz3577; ok dtucker@
Revision 1.588 / (download) - annotate - [select for diffs], Wed Apr 26 01:36:03 2023 UTC (12 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.587: +3 -3 lines
Diff to previous 1.587 (colored)
Check for ProxyJump=none in CanonicalizeHostname logic. Previously ssh would incorrectly refuse to canonicalise the hostname if ProxyJump was explicitly set to "none" when CanonicalizeHostname=yes bz3567; ok dtucker
Revision 1.587 / (download) - annotate - [select for diffs], Thu Mar 30 07:19:50 2023 UTC (13 months, 2 weeks ago) by dtucker
Branch: MAIN
Changes since 1.586: +2 -2 lines
Diff to previous 1.586 (colored)
Ignore return value from muxclient(). It normally loops without returning, but it if returns on failure we immediately exit. Coverity CID 405050.
Revision 1.586 / (download) - annotate - [select for diffs], Mon Mar 27 03:56:11 2023 UTC (13 months, 3 weeks ago) by dtucker
Branch: MAIN
Changes since 1.585: +9 -1 lines
Diff to previous 1.585 (colored)
Add tilde and environment variable expansion to RevokedHostKeys. bz#3552, ok djm@
Revision 1.585 / (download) - annotate - [select for diffs], Fri Feb 10 04:40:28 2023 UTC (15 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.584: +2 -1 lines
Diff to previous 1.584 (colored)
make `ssh -Q CASignatureAlgorithms` work as the manpage says it should bz3532
Revision 1.584 / (download) - annotate - [select for diffs], Tue Jan 17 18:52:44 2023 UTC (15 months, 4 weeks ago) by millert
Branch: MAIN
Changes since 1.583: +2 -3 lines
Diff to previous 1.583 (colored)
For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@
Revision 1.583 / (download) - annotate - [select for diffs], Fri Jan 13 02:58:20 2023 UTC (16 months ago) by dtucker
Branch: MAIN
Changes since 1.582: +9 -9 lines
Diff to previous 1.582 (colored)
Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@
Revision 1.582 / (download) - annotate - [select for diffs], Fri Jan 6 02:39:59 2023 UTC (16 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.581: +2 -2 lines
Diff to previous 1.581 (colored)
Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker
Revision 1.581 / (download) - annotate - [select for diffs], Fri Dec 9 00:22:29 2022 UTC (17 months, 1 week ago) by dtucker
Branch: MAIN
Changes since 1.580: +12 -3 lines
Diff to previous 1.580 (colored)
Warn if no host keys for hostbased auth can be loaded. From bz#3507, ok djm@
Revision 1.580 / (download) - annotate - [select for diffs], Wed Nov 9 00:15:59 2022 UTC (18 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.579: +2 -2 lines
Diff to previous 1.579 (colored)
typo in comment
Revision 1.579 / (download) - annotate - [select for diffs], Mon Oct 24 22:43:36 2022 UTC (18 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.578: +6 -2 lines
Diff to previous 1.578 (colored)
Be more paranoid with host/domain names coming from the resolver: don't follow CNAMEs with invalid characters when canonicalising and never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@
Revision 1.578 / (download) - annotate - [select for diffs], Thu Oct 13 09:09:28 2022 UTC (19 months ago) by jsg
Branch: MAIN
Changes since 1.577: +2 -2 lines
Diff to previous 1.577 (colored)
use correct type with sizeof ok djm@
Revision 1.577 / (download) - annotate - [select for diffs], Thu Oct 6 22:42:37 2022 UTC (19 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.576: +2 -2 lines
Diff to previous 1.576 (colored)
honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@
Revision 1.576 / (download) - annotate - [select for diffs], Sat Sep 17 10:33:18 2022 UTC (19 months, 4 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.575: +18 -9 lines
Diff to previous 1.575 (colored)
add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@
Revision 1.575 / (download) - annotate - [select for diffs], Fri Jul 1 00:36:30 2022 UTC (22 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.574: +3 -2 lines
Diff to previous 1.574 (colored)
ignore SIGPIPE earlier in main(), specifically before muxclient() which performs operations that could cause one; Reported by Noam Lewis via bz3454, ok dtucker@
Revision 1.574 / (download) - annotate - [select for diffs], Wed Mar 30 04:33:09 2022 UTC (2 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.573: +2 -2 lines
Diff to previous 1.573 (colored)
ssh is almost out of getopt() characters; note the remaining remaining available ones in a comment
Revision 1.573 / (download) - annotate - [select for diffs], Tue Feb 8 08:59:12 2022 UTC (2 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.572: +4 -5 lines
Diff to previous 1.572 (colored)
Switch hpdelim interface to accept only ":" as delimiter. Historicallly, hpdelim accepted ":" or "/" as a port delimiter between hosts (or addresses) and ports. These days most of the uses for "/" are no longer accepted, so there are several places where it checks the delimiter to disallow it. Make hpdelim accept only ":" and use hpdelim2 in the other cases. ok djm@
Revision 1.572 / (download) - annotate - [select for diffs], Thu Jan 6 22:04:20 2022 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.571: +7 -1 lines
Diff to previous 1.571 (colored)
log some details on hostkeys that ssh loads for hostbased authn ok markus@
Revision 1.571 / (download) - annotate - [select for diffs], Sat Jan 1 05:55:06 2022 UTC (2 years, 4 months ago) by jsg
Branch: MAIN
Changes since 1.570: +2 -2 lines
Diff to previous 1.570 (colored)
spelling
Revision 1.570 / (download) - annotate - [select for diffs], Thu Dec 2 02:44:44 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.569: +3 -2 lines
Diff to previous 1.569 (colored)
don't put the tty into raw mode when SessionType=none, avoids ^c being unable to kill such a session. bz3360; ok dtucker@
Revision 1.569 / (download) - annotate - [select for diffs], Mon Sep 20 04:02:13 2021 UTC (2 years, 7 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.568: +3 -2 lines
Diff to previous 1.568 (colored)
Fix "Allocated port" debug message for unix sockets. From peder.stray at gmail.com via github PR#272, ok deraadt@
Revision 1.568 / (download) - annotate - [select for diffs], Wed Sep 15 06:56:01 2021 UTC (2 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.567: +4 -3 lines
Diff to previous 1.567 (colored)
allow CanonicalizePermittedCNAMEs=none in ssh_config; ok markus@
Revision 1.567 / (download) - annotate - [select for diffs], Fri Sep 10 10:26:02 2021 UTC (2 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.566: +2 -2 lines
Diff to previous 1.566 (colored)
Document behaviour of arguments following non-interactive commands. Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@
Revision 1.566 / (download) - annotate - [select for diffs], Sun Aug 8 08:49:09 2021 UTC (2 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.565: +2 -2 lines
Diff to previous 1.565 (colored)
xstrdup environment variable used by ForwardAgent. bz#3328 from goetze at dovetail.com, ok djm@ deraadt@
Revision 1.565 / (download) - annotate - [select for diffs], Fri Jul 23 05:24:02 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.564: +1 -8 lines
Diff to previous 1.564 (colored)
note successful authentication method in final "Authenticated to ..." message and partial auth success messages (all at LogLevel=verbose) ok dtucker@
Revision 1.564 / (download) - annotate - [select for diffs], Fri Jul 23 04:04:52 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.563: +8 -15 lines
Diff to previous 1.563 (colored)
Add a ForkAfterAuthentication ssh_config(5) counterpart to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok dtucker
Revision 1.563 / (download) - annotate - [select for diffs], Fri Jul 23 04:00:59 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.562: +8 -14 lines
Diff to previous 1.562 (colored)
Add a StdinNull directive to ssh_config(5) that allows the config file to do the same thing as -n does on the ssh(1) commandline. Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
Revision 1.562 / (download) - annotate - [select for diffs], Sat Jul 17 00:38:11 2021 UTC (2 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.561: +7 -4 lines
Diff to previous 1.561 (colored)
wrap some long lines
Revision 1.561 / (download) - annotate - [select for diffs], Sat Jul 17 00:36:53 2021 UTC (2 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.560: +2 -1 lines
Diff to previous 1.560 (colored)
fix sftp on ControlPersist connections, broken by recent SessionType change; spotted by sthen@
Revision 1.560 / (download) - annotate - [select for diffs], Tue Jul 13 23:48:36 2021 UTC (2 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.559: +19 -19 lines
Diff to previous 1.559 (colored)
add a SessionType directive to ssh_config, allowing the configuration file to offer equivalent control to the -N (no session) and -s (subsystem) command-line flags. Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; feedback and ok dtucker@
Revision 1.559 / (download) - annotate - [select for diffs], Tue Jun 8 07:07:15 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.558: +7 -2 lines
Diff to previous 1.558 (colored)
Switch ssh_config parsing to use argv_split() This fixes a couple of problems with the previous tokeniser, strdelim() 1. strdelim() is permissive wrt accepting '=' characters. This is intended to allow it to tokenise "Option=value" but because it cannot keep state, it will incorrectly split "Opt=val=val2". 2. strdelim() has rudimentry handling of quoted strings, but it is incomplete and inconsistent. E.g. it doesn't handle escaped quotes inside a quoted string. 3. It has no support for stopping on a (unquoted) comment. Because of this readconf.c r1.343 added chopping of lines at '#', but this caused a regression because these characters may legitimately appear inside quoted strings. The new tokeniser is stricter is a number of cases, including #1 above but previously it was also possible for some directives to appear without arguments. AFAIK these were nonsensical in all cases, and the new tokeniser refuses to accept them. The new code handles quotes much better, permitting quoted space as well as escaped closing quotes. Finally, comment handling should be fixed - the tokeniser will terminate only on unquoted # characters. feedback & ok markus@ tested in snaps for the last five or so days - thanks Theo and those who caught bugs
Revision 1.558 / (download) - annotate - [select for diffs], Fri Jun 4 05:02:40 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.557: +6 -3 lines
Diff to previous 1.557 (colored)
allow ssh_config SetEnv to override $TERM, which is otherwise handled specially by the protocol. Useful in ~/.ssh/config to set TERM to something generic (e.g. "xterm" instead of "xterm-256color") for destinations that lack terminfo entries. feedback and ok dtucker@
Revision 1.557 / (download) - annotate - [select for diffs], Wed May 19 01:24:05 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.556: +5 -12 lines
Diff to previous 1.556 (colored)
restore blocking status on stdio fds before close
ssh(1) needs to set file descriptors to non-blocking mode to operate
but it was not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell, e.g.
> $ cat > test.sh << _EOF
> #!/bin/sh
> {
> ssh -Fnone -oLogLevel=verbose ::1 hostname
> cat /usr/share/dict/words
> } | sleep 10
> _EOF
> $ ./test.sh
> Authenticated to ::1 ([::1]:22).
> Transferred: sent 2352, received 2928 bytes, in 0.1 seconds
> Bytes per second: sent 44338.9, received 55197.4
> cat: stdout: Resource temporarily unavailable
This restores the blocking status for fds 0,1,2 (stdio) before ssh(1)
abandons/closes them.
This was reported as bz3280 and GHPR246; ok dtucker@
Revision 1.556 / (download) - annotate - [select for diffs], Mon May 17 11:43:16 2021 UTC (3 years ago) by djm
Branch: MAIN
Changes since 1.555: +3 -2 lines
Diff to previous 1.555 (colored)
fix breakage of -W forwaring introduced in 1.554; reported by naddy@ and sthen@, ok sthen@
Revision 1.555 / (download) - annotate - [select for diffs], Fri May 14 05:20:32 2021 UTC (3 years ago) by djm
Branch: MAIN
Changes since 1.554: +2 -2 lines
Diff to previous 1.554 (colored)
fix previous: test saved no_shell_flag, not the one that just got clobbered
Revision 1.554 / (download) - annotate - [select for diffs], Fri May 14 03:09:48 2021 UTC (3 years ago) by djm
Branch: MAIN
Changes since 1.553: +2 -2 lines
Diff to previous 1.553 (colored)
Fix ssh started with ControlPersist incorrectly executing a shell when the -N (no shell) option was specified. bz3290 reported by Richard Schwab; patch from markus@ ok me
Revision 1.553 / (download) - annotate - [select for diffs], Sat Apr 3 05:40:39 2021 UTC (3 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.552: +5 -1 lines
Diff to previous 1.552 (colored)
ensure that pkcs11_del_provider() is called before exit - some PKCS#11 providers get upset if C_Initialize is not matched with C_Finalize. From Adithya Baglody via GHPR#234; ok markus
Revision 1.552 / (download) - annotate - [select for diffs], Tue Feb 23 00:05:31 2021 UTC (3 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.551: +7 -1 lines
Diff to previous 1.551 (colored)
warn when the user specifies a ForwardAgent path that does not exist and exit if ExitOnForwardFailure is set; bz3264
Revision 1.551 / (download) - annotate - [select for diffs], Mon Feb 15 20:43:15 2021 UTC (3 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.550: +42 -1 lines
Diff to previous 1.550 (colored)
ssh: add PermitRemoteOpen for remote dynamic forwarding with SOCKS ok djm@, dtucker@
Revision 1.550 / (download) - annotate - [select for diffs], Tue Feb 2 22:36:59 2021 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.549: +1 -2 lines
Diff to previous 1.549 (colored)
whitespace
Revision 1.549 / (download) - annotate - [select for diffs], Wed Jan 27 09:26:54 2021 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.548: +2 -2 lines
Diff to previous 1.548 (colored)
remove global variable used to stash compat flags and use the purpose-built ssh->compat variable instead; feedback/ok markus@
Revision 1.548 / (download) - annotate - [select for diffs], Tue Jan 26 05:32:22 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.547: +4 -3 lines
Diff to previous 1.547 (colored)
Rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@
Revision 1.547 / (download) - annotate - [select for diffs], Fri Jan 22 02:44:58 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.546: +3 -2 lines
Diff to previous 1.546 (colored)
Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
Revision 1.546 / (download) - annotate - [select for diffs], Sun Dec 20 23:40:19 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.545: +5 -30 lines
Diff to previous 1.545 (colored)
plumb ssh_conn_info through to sshconnect.c; feedback/ok markus@
Revision 1.545 / (download) - annotate - [select for diffs], Sun Dec 20 23:38:00 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.544: +30 -12 lines
Diff to previous 1.544 (colored)
allow UserKnownHostsFile=none; feedback and ok markus@
Revision 1.544 / (download) - annotate - [select for diffs], Thu Dec 17 23:26:11 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.543: +80 -65 lines
Diff to previous 1.543 (colored)
refactor client percent_expand() argument passing; consolidate the common arguments into a single struct and pass that around instead of using a bunch of globals. ok markus@
Revision 1.543 / (download) - annotate - [select for diffs], Thu Dec 17 23:10:27 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.542: +3 -2 lines
Diff to previous 1.542 (colored)
prepare readconf.c for fuzzing; remove fatal calls and fix some (one-off) memory leaks; ok markus@
Revision 1.542 / (download) - annotate - [select for diffs], Thu Nov 12 22:38:57 2020 UTC (3 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.541: +5 -2 lines
Diff to previous 1.541 (colored)
Prevent integer overflow when ridiculously large ConnectTimeout is specified, capping the effective value (for most platforms) at 24 days. bz#3229, ok djm@
Revision 1.541 / (download) - annotate - [select for diffs], Sun Nov 8 11:46:12 2020 UTC (3 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.540: +3 -15 lines
Diff to previous 1.540 (colored)
Replace WITH_OPENSSL ifdefs in log calls with a macro. The log calls are themselves now macros, and preprocessor directives inside macro arguments are undefined behaviour which some compilers (eg old GCCs) choke on. It also makes the code tidier. ok deraadt@
Revision 1.540 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:02 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.539: +50 -56 lines
Diff to previous 1.539 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.539 / (download) - annotate - [select for diffs], Fri Oct 16 13:26:13 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.538: +3 -1 lines
Diff to previous 1.538 (colored)
LogVerbose keyword for ssh and sshd Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@
Revision 1.538 / (download) - annotate - [select for diffs], Mon Oct 12 08:36:36 2020 UTC (3 years, 7 months ago) by kn
Branch: MAIN
Changes since 1.537: +2 -2 lines
Diff to previous 1.537 (colored)
Zap unused family parameter from ssh_connect_direct() sshconnect.c r1.241 from 2013 made it unused; found while reading code. OK djm
Revision 1.537 / (download) - annotate - [select for diffs], Sat Oct 3 09:22:26 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.536: +8 -40 lines
Diff to previous 1.536 (colored)
There are lots of place where we want to redirect stdin, stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@
Revision 1.536 / (download) - annotate - [select for diffs], Mon Sep 21 07:29:09 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.535: +3 -2 lines
Diff to previous 1.535 (colored)
close stdin when forking after authentication too; ok markus
Revision 1.535 / (download) - annotate - [select for diffs], Sun Sep 20 23:31:46 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.534: +21 -6 lines
Diff to previous 1.534 (colored)
close stdout/stderr after "ssh -f ..." forking bz#3137, ok markus
Revision 1.534 / (download) - annotate - [select for diffs], Fri Jul 31 04:19:37 2020 UTC (3 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.533: +9 -6 lines
Diff to previous 1.533 (colored)
Also compare username when checking for JumpHost loops. bz#3057, ok djm@
Revision 1.533 / (download) - annotate - [select for diffs], Fri Jul 17 03:43:42 2020 UTC (3 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.532: +4 -1 lines
Diff to previous 1.532 (colored)
Add a '%k' TOKEN that expands to the effective HostKey of the destination. This allows, eg, keeping host keys in individual files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@ (man page bits)
Revision 1.532 / (download) - annotate - [select for diffs], Fri Jul 17 03:23:10 2020 UTC (3 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.531: +17 -1 lines
Diff to previous 1.531 (colored)
Add %-TOKEN, environment variable and tilde expansion to UserKnownHostsFile, allowing the file to be automagically split up in the configuration (eg bz#1654). ok djm@, man page parts jmc@
Revision 1.531 / (download) - annotate - [select for diffs], Sun Jul 5 23:59:45 2020 UTC (3 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.530: +6 -6 lines
Diff to previous 1.530 (colored)
some language improvements; ok markus
Revision 1.530 / (download) - annotate - [select for diffs], Fri Jun 26 05:02:03 2020 UTC (3 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.529: +2 -12 lines
Diff to previous 1.529 (colored)
Defer creation of ~/.ssh by ssh(1) until we attempt to write to it so we don't leave an empty .ssh directory when it's not needed. Use the same function to replace the code in ssh-keygen that does the same thing. bz#3156, ok djm@
Revision 1.529 / (download) - annotate - [select for diffs], Fri Jun 5 03:15:26 2020 UTC (3 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.528: +2 -2 lines
Diff to previous 1.528 (colored)
Correct historical comment: provos@ modified OpenSSH to work with SSLeay (very quickly replaced by OpenSSL) not SSL in general. ok deraadt, historical context markus@
Revision 1.528 / (download) - annotate - [select for diffs], Fri May 29 04:25:40 2020 UTC (3 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.527: +33 -7 lines
Diff to previous 1.527 (colored)
Allow some keywords to expand shell-style ${ENV} environment
variables on the client side. The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket
paths. This would for example allow forwarding of Unix domain
socket paths that change at runtime. bz#3140, ok djm@
Revision 1.527 / (download) - annotate - [select for diffs], Fri Apr 10 00:52:07 2020 UTC (4 years, 1 month ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.526: +87 -50 lines
Diff to previous 1.526 (colored)
Add TOKEN percent expansion to LocalFoward and RemoteForward when used for Unix domain socket forwarding. Factor out the code for the config keywords that use the most common subset of TOKENS into its own function. bz#3014, ok jmc@ (man page bits) djm@
Revision 1.526 / (download) - annotate - [select for diffs], Fri Apr 3 06:07:57 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.525: +2 -1 lines
Diff to previous 1.525 (colored)
r1.522 deleted one too many lines; repair
Revision 1.525 / (download) - annotate - [select for diffs], Fri Apr 3 04:06:26 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.524: +2 -2 lines
Diff to previous 1.524 (colored)
fix debug statement
Revision 1.524 / (download) - annotate - [select for diffs], Fri Apr 3 04:03:51 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.523: +14 -3 lines
Diff to previous 1.523 (colored)
the tunnel-forwarding vs ExitOnForwardFailure fix that I committed earlier had an off-by-one. Fix this and add some debugging that would have made it apparent sooner.
Revision 1.523 / (download) - annotate - [select for diffs], Fri Apr 3 02:40:32 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.522: +39 -23 lines
Diff to previous 1.522 (colored)
make failures when establishing "Tunnel" forwarding terminate the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker
Revision 1.522 / (download) - annotate - [select for diffs], Fri Apr 3 02:27:12 2020 UTC (4 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.521: +53 -67 lines
Diff to previous 1.521 (colored)
Make with config keywords support which percent_expansions more consistent. - %C is moved into its own function and added to Match Exec. - move the common (global) options into a macro. This is ugly but it's the least-ugly way I could come up with. - move IdentityAgent and ForwardAgent percent expansion to before the config dump to make it regression-testable. - document all of the above ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest.
Revision 1.521 / (download) - annotate - [select for diffs], Fri Mar 6 18:20:02 2020 UTC (4 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.520: +3 -2 lines
Diff to previous 1.520 (colored)
initialize cname in case ai_canonname is NULL or too long; ok djm
Revision 1.520 / (download) - annotate - [select for diffs], Tue Feb 18 08:49:49 2020 UTC (4 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.519: +9 -1 lines
Diff to previous 1.519 (colored)
Detect and prevent simple configuration loops when using ProxyJump. bz#3057, ok djm@
Revision 1.519 / (download) - annotate - [select for diffs], Fri Feb 7 03:54:44 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.518: +14 -5 lines
Diff to previous 1.518 (colored)
Add ssh -Q key-sig for all key and signature types. Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the corresponding query. Man page help jmc@, ok djm@.
Revision 1.518 / (download) - annotate - [select for diffs], Thu Feb 6 22:30:54 2020 UTC (4 years, 3 months ago) by naddy
Branch: MAIN
Changes since 1.517: +2 -2 lines
Diff to previous 1.517 (colored)
Replace "security key" with "authenticator" in program messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@
Revision 1.517 / (download) - annotate - [select for diffs], Tue Jan 28 07:24:15 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.516: +4 -1 lines
Diff to previous 1.516 (colored)
disable UpdateHostKeys=ask when in quiet mode; "work for me" matthieu@
Revision 1.516 / (download) - annotate - [select for diffs], Mon Jan 27 20:51:32 2020 UTC (4 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.515: +13 -6 lines
Diff to previous 1.515 (colored)
disable UpdateHostKeys=ask if command is specified; ok djm@ sthen@
Revision 1.515 / (download) - annotate - [select for diffs], Sat Jan 25 00:21:08 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.514: +2 -2 lines
Diff to previous 1.514 (colored)
allow UpdateKnownHosts=yes to function when multiple known_hosts files are in use. When updating host keys, ssh will now search subsequent known_hosts files, but will add new/changed host keys to the first specified file only. bz#2738 ok markus@
Revision 1.514 / (download) - annotate - [select for diffs], Sat Jan 25 00:03:36 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.513: +7 -5 lines
Diff to previous 1.513 (colored)
expose PKCS#11 key labels/X.509 subjects as comments Extract the key label or X.509 subject string when PKCS#11 keys are retrieved from the token and plumb this through to places where it may be used as a comment. based on https://github.com/openssh/openssh-portable/pull/138 by Danielle Church feedback and ok markus@
Revision 1.513 / (download) - annotate - [select for diffs], Thu Jan 23 10:24:29 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.512: +15 -4 lines
Diff to previous 1.512 (colored)
Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@
Revision 1.512 / (download) - annotate - [select for diffs], Thu Jan 23 07:10:22 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.511: +3 -3 lines
Diff to previous 1.511 (colored)
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
Revision 1.511 / (download) - annotate - [select for diffs], Sun Jan 5 16:28:22 2020 UTC (4 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.510: +2 -2 lines
Diff to previous 1.510 (colored)
fix CanonicalizeHostname, broken by rev 1.507 Issue noticed and reported by Pierre-Olivier Martel <pom@apple.com> ok dtucker@ markus@ djm@
Revision 1.510 / (download) - annotate - [select for diffs], Sat Dec 21 02:19:13 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.509: +33 -1 lines
Diff to previous 1.509 (colored)
Allow forwarding a different agent socket to the path specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. Patch by Eric Chiang, manpage by me; ok markus@
Revision 1.509 / (download) - annotate - [select for diffs], Mon Nov 18 16:10:05 2019 UTC (4 years, 5 months ago) by naddy
Branch: MAIN
Changes since 1.508: +2 -1 lines
Diff to previous 1.508 (colored)
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
Revision 1.508 / (download) - annotate - [select for diffs], Thu Oct 31 21:18:28 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.507: +17 -1 lines
Diff to previous 1.507 (colored)
ssh client support for U2F/FIDO keys
Revision 1.507 / (download) - annotate - [select for diffs], Fri Sep 13 04:27:35 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.506: +2 -2 lines
Diff to previous 1.506 (colored)
allow %n to be expanded in ProxyCommand strings From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@
Revision 1.506 / (download) - annotate - [select for diffs], Fri Sep 6 14:45:34 2019 UTC (4 years, 8 months ago) by naddy
Branch: MAIN
Changes since 1.505: +2 -2 lines
Diff to previous 1.505 (colored)
Allow prepending a list of algorithms to the default set by starting the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@
Revision 1.505 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.504: +10 -10 lines
Diff to previous 1.504 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.504 / (download) - annotate - [select for diffs], Fri Jun 14 04:13:58 2019 UTC (4 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.503: +6 -3 lines
Diff to previous 1.503 (colored)
slightly more instructive error message when the user specifies multiple -J options on the commandline. bz3015 ok dtucker@
Revision 1.503 / (download) - annotate - [select for diffs], Wed Jun 12 11:31:50 2019 UTC (4 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.502: +2 -2 lines
Diff to previous 1.502 (colored)
Hostname->HostName cleanup; from lauri tirkkonen ok dtucker
Revision 1.502 / (download) - annotate - [select for diffs], Thu Jun 6 05:13:13 2019 UTC (4 years, 11 months ago) by otto
Branch: MAIN
Changes since 1.501: +1 -2 lines
Diff to previous 1.501 (colored)
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
Revision 1.501 / (download) - annotate - [select for diffs], Tue Apr 23 11:56:41 2019 UTC (5 years ago) by dtucker
Branch: MAIN
Changes since 1.500: +3 -2 lines
Diff to previous 1.500 (colored)
Use the LogLevel typdef instead of int where appropriate. Patch from Markus Schmidt via openssh-unix-dev, ok markus@
Revision 1.500 / (download) - annotate - [select for diffs], Sat Jan 19 21:43:56 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.499: +1 -4 lines
Diff to previous 1.499 (colored)
remove last references to active_state with & ok markus@
Revision 1.499 / (download) - annotate - [select for diffs], Sat Jan 19 21:36:06 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.498: +41 -26 lines
Diff to previous 1.498 (colored)
convert ssh.c to new packet API with & ok markus@
Revision 1.498 / (download) - annotate - [select for diffs], Sat Jan 19 21:31:32 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.497: +4 -1 lines
Diff to previous 1.497 (colored)
begin landing remaining refactoring of packet parsing API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@
Revision 1.497 / (download) - annotate - [select for diffs], Thu Dec 27 03:25:25 2018 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.496: +2 -2 lines
Diff to previous 1.496 (colored)
move client/server SSH-* banners to buffers under ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
Revision 1.496 / (download) - annotate - [select for diffs], Fri Nov 23 05:08:07 2018 UTC (5 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.495: +20 -11 lines
Diff to previous 1.495 (colored)
add a ssh_config "Match final" predicate Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
Revision 1.495 / (download) - annotate - [select for diffs], Tue Oct 23 05:56:35 2018 UTC (5 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.494: +3 -3 lines
Diff to previous 1.494 (colored)
refer to OpenSSL not SSLeay; we're old, but we don't have to act it
Revision 1.494 / (download) - annotate - [select for diffs], Wed Oct 3 06:38:35 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.493: +21 -3 lines
Diff to previous 1.493 (colored)
Allow ssh_config IdentityAgent directive to accept environment variable names as well as explicit paths. ok dtucker@
Revision 1.493 / (download) - annotate - [select for diffs], Fri Sep 21 03:11:36 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.492: +3 -4 lines
Diff to previous 1.492 (colored)
Treat connections with ProxyJump specified the same as ones with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't try to canonicalise the hostname unless CanonicalizeHostname is set to 'always'). Patch from Sven Wegener via bz#2896
Revision 1.492 / (download) - annotate - [select for diffs], Thu Sep 20 03:31:49 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.491: +2 -2 lines
Diff to previous 1.491 (colored)
fix "ssh -Q sig" to show correct signature algorithm list (it was erroneously showing certificate algorithms); prompted by markus@
Revision 1.491 / (download) - annotate - [select for diffs], Wed Sep 12 01:30:10 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.490: +9 -2 lines
Diff to previous 1.490 (colored)
Add "ssh -Q sig" to allow listing supported signature algorithms ok markus@
Revision 1.490 / (download) - annotate - [select for diffs], Fri Jul 27 05:34:42 2018 UTC (5 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.489: +9 -22 lines
Diff to previous 1.489 (colored)
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
Revision 1.489 / (download) - annotate - [select for diffs], Wed Jul 25 13:10:56 2018 UTC (5 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.488: +1 -3 lines
Diff to previous 1.488 (colored)
Use the caller provided (copied) pwent struct in load_public_identity_files instead of calling getpwuid() again and discarding the argument. This prevents a client crash where tilde_expand_filename calls getpwuid() again before the pwent pointer is used. Issue noticed and reported by Pierre-Olivier Martel <pom@apple.com> ok djm@ deraadt@
Revision 1.488 / (download) - annotate - [select for diffs], Thu Jul 19 10:28:47 2018 UTC (5 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.487: +2 -7 lines
Diff to previous 1.487 (colored)
Deprecate UsePrivilegedPort now that support for running ssh(1) setuid has been removed, remove supporting code and clean up references to it in the man pages We have not shipped ssh(1) the setuid bit since 2002. If ayone really needs to make connections from a low port number this can be implemented via a small setuid ProxyCommand. ok markus@ jmc@ djm@
Revision 1.487 / (download) - annotate - [select for diffs], Wed Jul 18 11:34:04 2018 UTC (5 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.486: +6 -32 lines
Diff to previous 1.486 (colored)
Remove support for running ssh(1) setuid and fatal if attempted. Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@
Revision 1.486 / (download) - annotate - [select for diffs], Mon Jul 16 22:25:01 2018 UTC (5 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.485: +22 -22 lines
Diff to previous 1.485 (colored)
Slot 0 in the hostbased key array was previously RSA1, but that is now gone and the slot is unused so remove it. Remove two now-unused macros, and add an array bounds check to the two remaining ones (array is statically sized, so mostly a safety check on future changes). ok markus@
Revision 1.485 / (download) - annotate - [select for diffs], Mon Jul 16 11:05:41 2018 UTC (5 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.484: +5 -30 lines
Diff to previous 1.484 (colored)
Remove support for loading HostBasedAuthentication keys directly in ssh(1) and always use ssh-keysign. This removes one of the few remaining reasons why ssh(1) might be setuid. ok markus@
Revision 1.484 / (download) - annotate - [select for diffs], Mon Jul 16 07:06:50 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.483: +18 -2 lines
Diff to previous 1.483 (colored)
keep options.identity_file_userprovided array in sync when we load keys, fixing some spurious error messages; ok markus
Revision 1.483 / (download) - annotate - [select for diffs], Wed Jul 11 18:53:29 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.482: +78 -57 lines
Diff to previous 1.482 (colored)
remove legacy key emulation layer; ok djm@
Revision 1.482 / (download) - annotate - [select for diffs], Mon Jul 9 21:03:30 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.481: +16 -13 lines
Diff to previous 1.481 (colored)
client: switch to sshbuf API; ok djm@
Revision 1.481 / (download) - annotate - [select for diffs], Fri Jun 8 03:35:36 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.480: +2 -2 lines
Diff to previous 1.480 (colored)
fix incorrect expansion of %i in load_public_identity_files(); reported by Roumen Petrov
Revision 1.480 / (download) - annotate - [select for diffs], Wed Jun 6 18:22:41 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.479: +3 -3 lines
Diff to previous 1.479 (colored)
Add a PermitListen directive to control which server-side addresses may be listened on when the client requests remote forwarding (ssh -R). This is the converse of the existing PermitOpen directive and this includes some refactoring to share much of its implementation. feedback and ok markus@
Revision 1.479 / (download) - annotate - [select for diffs], Fri Jun 1 03:33:53 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.478: +22 -8 lines
Diff to previous 1.478 (colored)
make UID available as a %-expansion everywhere that the username is available currently. In the client this is via %i, in the server %U (since %i was already used in the client in some places for this, but used for something different in the server); bz#2870, ok dtucker@
Revision 1.478 / (download) - annotate - [select for diffs], Fri Jun 1 03:11:49 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.477: +11 -2 lines
Diff to previous 1.477 (colored)
prefer argv0 to "ssh" when re-executing ssh for ProxyJump directive; bz2831, feedback and ok dtucker@
Revision 1.477 / (download) - annotate - [select for diffs], Sat Apr 14 21:50:41 2018 UTC (6 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.476: +1 -2 lines
Diff to previous 1.476 (colored)
don't free the %C expansion, it's used later for LocalCommand
Revision 1.476 / (download) - annotate - [select for diffs], Tue Apr 10 00:10:49 2018 UTC (6 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.475: +2 -2 lines
Diff to previous 1.475 (colored)
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
Revision 1.475 / (download) - annotate - [select for diffs], Fri Feb 23 15:58:38 2018 UTC (6 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.474: +12 -3 lines
Diff to previous 1.474 (colored)
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
Revision 1.474 / (download) - annotate - [select for diffs], Fri Feb 23 02:34:33 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.473: +12 -9 lines
Diff to previous 1.473 (colored)
Add BindInterface ssh_config directive and -B command-line argument to ssh(1) that directs it to bind its outgoing connection to the address of the specified network interface. BindInterface prefers to use addresses that aren't loopback or link- local, but will fall back to those if no other addresses of the required family are available on that interface. Based on patch by Mike Manning in bz#2820, ok dtucker@
Revision 1.473 / (download) - annotate - [select for diffs], Tue Feb 13 03:36:56 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.472: +18 -18 lines
Diff to previous 1.472 (colored)
remove space before tab
Revision 1.472 / (download) - annotate - [select for diffs], Sun Feb 11 21:16:56 2018 UTC (6 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.471: +1 -3 lines
Diff to previous 1.471 (colored)
Don't reset signal handlers inside handlers. The signal handlers from the original ssh1 code on which OpenSSH is based assume unreliable signals and reinstall their handlers. Since OpenBSD (and pretty much every current system) has reliable signals this is not needed. In the unlikely even that -portable is still being used on such systems we will deal with it in the compat layer. ok deraadt@
Revision 1.471 / (download) - annotate - [select for diffs], Tue Jan 23 05:27:21 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.470: +2 -2 lines
Diff to previous 1.470 (colored)
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
Revision 1.470 / (download) - annotate - [select for diffs], Tue Jan 23 05:06:25 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.469: +71 -17 lines
Diff to previous 1.469 (colored)
don't attempt to force hostnames that are addresses to lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to remove ambiguities (e.g. ::0001 => ::1) before they are matched against known_hosts; bz#2763, ok dtucker@
Revision 1.469 / (download) - annotate - [select for diffs], Wed Nov 1 00:04:15 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.468: +10 -8 lines
Diff to previous 1.468 (colored)
fix broken stdout in ControlPersist mode, introduced by me in r1.467 and reported by Alf Schlichting
Revision 1.468 / (download) - annotate - [select for diffs], Fri Oct 27 01:57:06 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.467: +6 -6 lines
Diff to previous 1.467 (colored)
whitespace at EOL
Revision 1.467 / (download) - annotate - [select for diffs], Wed Oct 25 00:21:37 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.466: +16 -2 lines
Diff to previous 1.466 (colored)
transfer ownership of stdout to the session channel by dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to the local side; reported by David Newall, ok markus@
Revision 1.466 / (download) - annotate - [select for diffs], Mon Oct 23 05:08:00 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.465: +54 -54 lines
Diff to previous 1.465 (colored)
Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus
Revision 1.465 / (download) - annotate - [select for diffs], Sat Oct 21 23:06:24 2017 UTC (6 years, 6 months ago) by millert
Branch: MAIN
Changes since 1.464: +41 -15 lines
Diff to previous 1.464 (colored)
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
Revision 1.464 / (download) - annotate - [select for diffs], Thu Sep 21 19:16:53 2017 UTC (6 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.463: +3 -2 lines
Diff to previous 1.463 (colored)
Add 'reverse' dynamic forwarding which combines dynamic forwarding (-D) with remote forwarding (-R) where the remote-forwarded port expects SOCKS-requests. The SSH server code is unchanged and the parsing happens at the SSH clients side. Thus the full SOCKS-request is sent over the forwarded channel and the client parses c->output. Parsing happens in channel_before_prepare_select(), _before_ the select bitmask is computed in the pre[] handlers, but after network input processing in the post[] handlers. help and ok djm@
Revision 1.463 / (download) - annotate - [select for diffs], Tue Sep 12 06:32:07 2017 UTC (6 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.462: +48 -40 lines
Diff to previous 1.462 (colored)
refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
Revision 1.462 / (download) - annotate - [select for diffs], Sat Aug 12 06:46:01 2017 UTC (6 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.461: +7 -4 lines
Diff to previous 1.461 (colored)
make "--" before the hostname terminate command-line option processing completely; previous behaviour would not prevent further options appearing after the hostname (ssh has a supported options after the hostname for >20 years, so that's too late to change). ok deraadt@
Revision 1.461 / (download) - annotate - [select for diffs], Tue May 30 18:58:37 2017 UTC (6 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.460: +32 -8 lines
Diff to previous 1.460 (colored)
Add RemoteCommand option to specify a command in the ssh config file instead of giving it on the client's command line. This command will be executed on the remote host. The feature allows to automate tasks using ssh config. OK markus@
Revision 1.460 / (download) - annotate - [select for diffs], Tue May 30 08:52:19 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.459: +5 -5 lines
Diff to previous 1.459 (colored)
switch from Key typedef with struct sshkey; ok djm@
Revision 1.459 / (download) - annotate - [select for diffs], Tue May 2 08:06:33 2017 UTC (7 years ago) by jmc
Branch: MAIN
Changes since 1.458: +2 -2 lines
Diff to previous 1.458 (colored)
remove options -12 from usage();
Revision 1.458 / (download) - annotate - [select for diffs], Sun Apr 30 23:28:42 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.457: +1 -2 lines
Diff to previous 1.457 (colored)
obliterate ssh1.h and some dead code that used it ok markus@
Revision 1.457 / (download) - annotate - [select for diffs], Sun Apr 30 23:18:44 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.456: +2 -3 lines
Diff to previous 1.456 (colored)
remove KEY_RSA1 ok markus@
Revision 1.456 / (download) - annotate - [select for diffs], Sun Apr 30 23:15:04 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.455: +4 -17 lines
Diff to previous 1.455 (colored)
remove SSHv1 ciphers; ok markus@
Revision 1.455 / (download) - annotate - [select for diffs], Sun Apr 30 23:13:25 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.454: +2 -172 lines
Diff to previous 1.454 (colored)
remove compat20/compat13/compat15 variables ok markus@
Revision 1.454 / (download) - annotate - [select for diffs], Sun Apr 30 23:11:45 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.453: +3 -3 lines
Diff to previous 1.453 (colored)
remove options.protocol and client Protocol configuration knob ok markus@
Revision 1.453 / (download) - annotate - [select for diffs], Sun Apr 30 23:10:43 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.452: +1 -9 lines
Diff to previous 1.452 (colored)
unifdef WITH_SSH1 ok markus@
Revision 1.452 / (download) - annotate - [select for diffs], Fri Apr 28 03:20:27 2017 UTC (7 years ago) by dtucker
Branch: MAIN
Changes since 1.451: +7 -4 lines
Diff to previous 1.451 (colored)
Add SyslogFacility option to ssh(1) matching the equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok djm@
Revision 1.451 / (download) - annotate - [select for diffs], Fri Mar 10 04:07:20 2017 UTC (7 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.450: +4 -4 lines
Diff to previous 1.450 (colored)
fix regression in 7.4 server-sig-algs, where we were accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno Goncalves; ok dtucker@
Revision 1.450 / (download) - annotate - [select for diffs], Wed Mar 8 12:07:47 2017 UTC (7 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.449: +2 -2 lines
Diff to previous 1.449 (colored)
quote [host]:port in generated ProxyJump commandline; the [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri Tirkkonen via bugs@
Revision 1.449 / (download) - annotate - [select for diffs], Fri Feb 17 02:04:15 2017 UTC (7 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.448: +2 -2 lines
Diff to previous 1.448 (colored)
For ProxyJump/-J, surround host name with brackets to allow literal IPv6 addresses. From Dick Visser; ok dtucker@
Revision 1.448 / (download) - annotate - [select for diffs], Tue Dec 6 07:48:01 2016 UTC (7 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.447: +3 -2 lines
Diff to previous 1.447 (colored)
make IdentityFile successfully load and use certificates that have no corresponding bare public key. E.g. just a private id_rsa and certificate id_rsa-cert.pub (and no id_rsa.pub). bz#2617 ok dtucker@
Revision 1.447 / (download) - annotate - [select for diffs], Fri Sep 30 09:19:13 2016 UTC (7 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.446: +18 -9 lines
Diff to previous 1.446 (colored)
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux client speaks the ssh-packet protocol directly over unix-domain socket. - mux server acts as a proxy, translates channel IDs and relays to the server. - no filedescriptor passing necessary. - combined with unix-domain forwarding it's even possible to run mux client and server on different machines. feedback & ok djm@
Revision 1.446 / (download) - annotate - [select for diffs], Mon Sep 12 23:31:27 2016 UTC (7 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.445: +4 -4 lines
Diff to previous 1.445 (colored)
list all supported signature algorithms in the server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly) Ron Frederick; ok markus@
Revision 1.445 / (download) - annotate - [select for diffs], Sun Jul 17 04:20:16 2016 UTC (7 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.444: +4 -1 lines
Diff to previous 1.444 (colored)
support UTF-8 characters in ssh(1) banners using schwarze@'s safe fmprintf printer; bz#2058 feedback schwarze@ ok dtucker@
Revision 1.444 / (download) - annotate - [select for diffs], Sat Jul 16 06:57:55 2016 UTC (7 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.443: +6 -5 lines
Diff to previous 1.443 (colored)
- add proxyjump to the options list - formatting fixes - update usage() ok djm
Revision 1.443 / (download) - annotate - [select for diffs], Fri Jul 15 00:24:30 2016 UTC (7 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.442: +63 -14 lines
Diff to previous 1.442 (colored)
Add a ProxyJump ssh_config(5) option and corresponding -J ssh(1) command-line flag to allow simplified indirection through a SSH bastion or "jump host". These options construct a proxy command that connects to the specified jump host(s) (more than one may be specified) and uses port-forwarding to establish a connection to the next destination. This codifies the safest way of indirecting connections through SSH servers and makes it easy to use. ok markus@
Revision 1.442 / (download) - annotate - [select for diffs], Fri Jun 3 04:09:39 2016 UTC (7 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.441: +1 -3 lines
Diff to previous 1.441 (colored)
Allow ExitOnForwardFailure and ClearAllForwardings to be overridden when using ssh -W (but still default to yes in that case). bz#2577, ok djm@.
Revision 1.441 / (download) - annotate - [select for diffs], Fri Jun 3 03:14:41 2016 UTC (7 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.440: +10 -13 lines
Diff to previous 1.440 (colored)
Move the host and port used by ssh -W into the Options struct. This will make future changes a bit easier. ok djm@
Revision 1.440 / (download) - annotate - [select for diffs], Wed May 4 14:29:58 2016 UTC (8 years ago) by markus
Branch: MAIN
Changes since 1.439: +3 -2 lines
Diff to previous 1.439 (colored)
allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@
Revision 1.439 / (download) - annotate - [select for diffs], Wed May 4 12:21:53 2016 UTC (8 years ago) by markus
Branch: MAIN
Changes since 1.438: +17 -1 lines
Diff to previous 1.438 (colored)
IdentityAgent for specifying specific agent sockets; ok djm@
Revision 1.438 / (download) - annotate - [select for diffs], Fri Apr 29 08:07:53 2016 UTC (8 years ago) by djm
Branch: MAIN
Changes since 1.437: +5 -3 lines
Diff to previous 1.437 (colored)
close ControlPersist background process stderr when not in debug mode or when logging to a file or syslog. bz#1988 ok dtucker
Revision 1.437 / (download) - annotate - [select for diffs], Mon Mar 7 19:02:43 2016 UTC (8 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.436: +5 -2 lines
Diff to previous 1.436 (colored)
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@
Revision 1.436 / (download) - annotate - [select for diffs], Mon Feb 15 09:47:49 2016 UTC (8 years, 3 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.435: +2 -1 lines
Diff to previous 1.435 (colored)
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
Revision 1.435 / (download) - annotate - [select for diffs], Thu Jan 14 16:17:40 2016 UTC (8 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.434: +1 -2 lines
Diff to previous 1.434 (colored)
remove roaming support; ok djm@
Revision 1.416.2.2 / (download) - annotate - [select for diffs], Thu Jan 14 14:48:36 2016 UTC (8 years, 4 months ago) by sthen
Branch: OPENBSD_5_7
Changes since 1.416.2.1: +1 -4 lines
Diff to previous 1.416.2.1 (colored) to branchpoint 1.416 (colored) next main 1.417 (colored)
MFC changes by: deraadt@cvs.openbsd.org 2016/01/14 07:34:34 Disable experimental client-side roaming support. Server side was disabled/gutted for years already, but this aspect was surprisingly forgotten. Thanks for report from Qualys
Revision 1.420.2.2 / (download) - annotate - [select for diffs], Thu Jan 14 14:48:18 2016 UTC (8 years, 4 months ago) by sthen
Branch: OPENBSD_5_8
Changes since 1.420.2.1: +1 -4 lines
Diff to previous 1.420.2.1 (colored) to branchpoint 1.420 (colored) next main 1.421 (colored)
MFC changes by: deraadt@cvs.openbsd.org 2016/01/14 07:34:34 Disable experimental client-side roaming support. Server side was disabled/gutted for years already, but this aspect was surprisingly forgotten. Thanks for report from Qualys
Revision 1.434 / (download) - annotate - [select for diffs], Thu Jan 14 14:34:34 2016 UTC (8 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.433: +1 -4 lines
Diff to previous 1.433 (colored)
Disable experimental client-side roaming support. Server side was disabled/gutted for years already, but this aspect was surprisingly forgotten. Thanks for report from Qualys
Revision 1.416.2.1 / (download) - annotate - [select for diffs], Thu Jan 14 11:53:20 2016 UTC (8 years, 4 months ago) by sthen
Branch: OPENBSD_5_7
Changes since 1.416: +9 -14 lines
Diff to previous 1.416 (colored)
MFC changes by djm@cvs.openbsd.org, 2016/01/13 16:04:47 "eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension; Reported by Thomas Hoger; ok deraadt@"
Revision 1.420.2.1 / (download) - annotate - [select for diffs], Thu Jan 14 11:50:37 2016 UTC (8 years, 4 months ago) by sthen
Branch: OPENBSD_5_8
Changes since 1.420: +9 -14 lines
Diff to previous 1.420 (colored)
MFC changes by djm@cvs.openbsd.org, 2016/01/13 16:04:47 "eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension; Reported by Thomas Hoger; ok deraadt@"
Revision 1.433 / (download) - annotate - [select for diffs], Wed Jan 13 23:04:47 2016 UTC (8 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.432: +9 -14 lines
Diff to previous 1.432 (colored)
eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension; Reported by Thomas Hoger; ok deraadt@
Revision 1.432 / (download) - annotate - [select for diffs], Fri Dec 11 03:20:09 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.431: +3 -1 lines
Diff to previous 1.431 (colored)
don't try to load SSHv1 private key when compiled without SSHv1 support. From Iain Morgan bz#2505
Revision 1.431 / (download) - annotate - [select for diffs], Thu Dec 10 17:08:40 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
Changes since 1.430: +2 -3 lines
Diff to previous 1.430 (colored)
Remove NULL-checks before free(). ok dtucker@
Revision 1.430 / (download) - annotate - [select for diffs], Thu Nov 19 08:23:27 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.429: +4 -1 lines
Diff to previous 1.429 (colored)
ban ConnectionAttempts=0, it makes no sense and would cause ssh_connect_direct() to print an uninitialised stack variable; bz#2500 reported by dvw AT phas.ubc.ca
Revision 1.429 / (download) - annotate - [select for diffs], Sun Oct 25 23:42:00 2015 UTC (8 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.428: +7 -6 lines
Diff to previous 1.428 (colored)
Expand tildes in filenames passed to -i before checking whether or not the identity file exists. This means that if the shell doesn't do the expansion (eg because the option and filename were given as a single argument) then we'll still add the key. bz#2481, ok markus@
Revision 1.428 / (download) - annotate - [select for diffs], Fri Oct 16 18:40:49 2015 UTC (8 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.427: +14 -1 lines
Diff to previous 1.427 (colored)
better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in hostname canonicalisation - treat them as already canonical and remove the trailing '.' before matching ssh_config; ok markus@
Revision 1.427 / (download) - annotate - [select for diffs], Thu Oct 15 23:51:40 2015 UTC (8 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.426: +2 -2 lines
Diff to previous 1.426 (colored)
fix some signed/unsigned integer type mismatches in format strings; reported by Nicholas Lemonias
Revision 1.426 / (download) - annotate - [select for diffs], Thu Sep 24 06:15:11 2015 UTC (8 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.425: +58 -7 lines
Diff to previous 1.425 (colored)
add ssh_config CertificateFile option to explicitly list a certificate; patch from Meghana Bhat on bz#2436; ok markus@
Revision 1.425 / (download) - annotate - [select for diffs], Fri Sep 11 06:55:46 2015 UTC (8 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.424: +4 -6 lines
Diff to previous 1.424 (colored)
sync -Q in usage() to SYNOPSIS; since it's drastically shorter, i've reformatted the block to sync with the man (80 cols) and saved a line;
Revision 1.424 / (download) - annotate - [select for diffs], Fri Sep 11 05:27:02 2015 UTC (8 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.423: +2 -2 lines
Diff to previous 1.423 (colored)
Update usage to match man page.
Revision 1.423 / (download) - annotate - [select for diffs], Fri Sep 11 03:47:28 2015 UTC (8 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.422: +4 -3 lines
Diff to previous 1.422 (colored)
expand %i in ControlPath to UID; bz#2449 patch from Christian Hesse w/ feedback from dtucker@
Revision 1.422 / (download) - annotate - [select for diffs], Fri Sep 4 08:21:47 2015 UTC (8 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.421: +8 -7 lines
Diff to previous 1.421 (colored)
Plug minor memory leaks when options are used more than once. bz#2182, patch from Tiago Cunha, ok deraadt djm
Revision 1.421 / (download) - annotate - [select for diffs], Fri Sep 4 04:56:09 2015 UTC (8 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.420: +2 -1 lines
Diff to previous 1.420 (colored)
add a debug2() right before DNS resolution; it's a place where ssh could previously silently hang for a while. bz#2433
Revision 1.420 / (download) - annotate - [select for diffs], Thu Jul 30 00:01:34 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE
Branch point for: OPENBSD_5_8
Changes since 1.419: +18 -17 lines
Diff to previous 1.419 (colored)
Allow ssh_config and sshd_config kex parameters options be prefixed by a '+' to indicate that the specified items be appended to the default rather than replacing it. approach suggested by dtucker@, feedback dlg@, ok markus@
Revision 1.419 / (download) - annotate - [select for diffs], Mon Jul 20 18:42:35 2015 UTC (8 years, 9 months ago) by millert
Branch: MAIN
Changes since 1.418: +3 -3 lines
Diff to previous 1.418 (colored)
Sync usage with SYNOPSIS
Revision 1.418 / (download) - annotate - [select for diffs], Mon May 4 06:10:48 2015 UTC (9 years ago) by djm
Branch: MAIN
Changes since 1.417: +3 -5 lines
Diff to previous 1.417 (colored)
Remove pattern length argument from match_pattern_list(), we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
Revision 1.417 / (download) - annotate - [select for diffs], Fri Apr 17 13:16:48 2015 UTC (9 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.416: +5 -1 lines
Diff to previous 1.416 (colored)
debug log missing DISPLAY environment when X11 forwarding requested; bz#1682 ok dtucker@
Revision 1.416 / (download) - annotate - [select for diffs], Tue Mar 3 06:48:58 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE
Branch point for: OPENBSD_5_7
Changes since 1.415: +8 -1 lines
Diff to previous 1.415 (colored)
Allow "ssh -Q protocol-version" to list supported SSH protocol versions. Useful for detecting builds without SSH v.1 support; idea and ok markus@
Revision 1.415 / (download) - annotate - [select for diffs], Fri Feb 20 22:17:21 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.414: +7 -1 lines
Diff to previous 1.414 (colored)
UpdateHostKeys fixes: I accidentally changed the format of the hostkeys@openssh.com messages last week without changing the extension name, and this has been causing connection failures for people who are running -current. First reported by sthen@ s/hostkeys@openssh.com/hostkeys-00@openssh.com/ Change the name of the proof message too, and reorder it a little. Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY available to read the response) so disable UpdateHostKeys if it is in ask mode and ControlPersist is active (and document this)
Revision 1.414 / (download) - annotate - [select for diffs], Tue Jan 20 23:14:00 2015 UTC (9 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.413: +4 -4 lines
Diff to previous 1.413 (colored)
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
Revision 1.413 / (download) - annotate - [select for diffs], Fri Jan 16 07:19:48 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.412: +72 -5 lines
Diff to previous 1.412 (colored)
when hostname canonicalisation is enabled, try to parse hostnames as addresses before looking them up for canonicalisation. fixes bz#2074 and avoids needless DNS lookups in some cases; ok markus
Revision 1.412 / (download) - annotate - [select for diffs], Wed Jan 14 20:05:27 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.411: +9 -2 lines
Diff to previous 1.411 (colored)
move authfd.c and its tentacles to the new buffer/key API; ok markus@
Revision 1.411 / (download) - annotate - [select for diffs], Thu Jan 8 10:15:45 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.410: +17 -17 lines
Diff to previous 1.410 (colored)
reorder hostbased key attempts to better match the default hostkey algorithms order in myproposal.h; ok markus@
Revision 1.410 / (download) - annotate - [select for diffs], Tue Nov 18 20:54:28 2014 UTC (9 years, 5 months ago) by krw
Branch: MAIN
Changes since 1.409: +1 -2 lines
Diff to previous 1.409 (colored)
Nuke more obvious #include duplications. ok deraadt@ millert@ tedu@
Revision 1.409 / (download) - annotate - [select for diffs], Thu Oct 9 06:21:31 2014 UTC (9 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.408: +2 -2 lines
Diff to previous 1.408 (colored)
tweak previous;
Revision 1.408 / (download) - annotate - [select for diffs], Wed Oct 8 22:20:25 2014 UTC (9 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.407: +61 -19 lines
Diff to previous 1.407 (colored)
Tweak config reparsing with host canonicalisation Make the second pass through the config files always run when hostname canonicalisation is enabled. Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T" Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored). bz#2267 bz#2286; ok markus
Revision 1.407 / (download) - annotate - [select for diffs], Thu Jul 17 07:22:19 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.406: +9 -1 lines
Diff to previous 1.406 (colored)
reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
previously we were always returning 0. bz#2255 reported by Brendan
Germain; ok dtucker
Revision 1.406 / (download) - annotate - [select for diffs], Tue Jul 15 15:54:14 2014 UTC (9 years, 10 months ago) by millert
Branch: MAIN
Changes since 1.405: +37 -25 lines
Diff to previous 1.405 (colored)
Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
Revision 1.405 / (download) - annotate - [select for diffs], Thu Jul 3 06:39:19 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.404: +36 -8 lines
Diff to previous 1.404 (colored)
Add a %C escape sequence for LocalCommand and ControlPath that expands to a unique identifer based on a has of the tuple of (local host, remote user, hostname, port). Helps avoid exceeding sockaddr_un's miserly pathname limits for mux control paths. bz#2220, based on patch from mancha1 AT zoho.com; ok markus@
Revision 1.404 / (download) - annotate - [select for diffs], Fri Jun 27 16:41:56 2014 UTC (9 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.403: +4 -2 lines
Diff to previous 1.403 (colored)
fix remote fwding with same listen port but different listen address with gerhard@, ok djm@
Revision 1.403 / (download) - annotate - [select for diffs], Tue Jun 24 02:19:48 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.402: +9 -5 lines
Diff to previous 1.402 (colored)
don't fatal() when hostname canonicalisation fails with a ProxyCommand in use; continue and allow the ProxyCommand to connect anyway (e.g. to a host with a name outside the DNS behind a bastion)
Revision 1.402 / (download) - annotate - [select for diffs], Tue Apr 29 18:01:49 2014 UTC (10 years ago) by markus
Branch: MAIN
Changes since 1.401: +19 -3 lines
Diff to previous 1.401 (colored)
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Revision 1.401 / (download) - annotate - [select for diffs], Wed Feb 26 20:18:37 2014 UTC (10 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.400: +24 -6 lines
Diff to previous 1.400 (colored)
bz#2205: avoid early hostname lookups unless canonicalisation is enabled; ok dtucker@ markus@
Revision 1.400 / (download) - annotate - [select for diffs], Sun Feb 23 20:11:36 2014 UTC (10 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.399: +94 -56 lines
Diff to previous 1.399 (colored)
reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
the hostname. This allows users to write configurations that always
refer to canonical hostnames, e.g.
CanonicalizeHostname yes
CanonicalDomains int.example.org example.org
CanonicalizeFallbackLocal no
Host *.int.example.org
Compression off
Host *.example.org
User djm
ok markus@
Revision 1.399 / (download) - annotate - [select for diffs], Tue Feb 4 00:24:29 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.398: +2 -2 lines
Diff to previous 1.398 (colored)
delay lowercasing of hostname until right before hostname canonicalisation to unbreak case-sensitive matching of ssh_config; reported by Ike Devolder; ok markus@
Revision 1.398 / (download) - annotate - [select for diffs], Fri Jan 31 16:39:19 2014 UTC (10 years, 3 months ago) by tedu
Branch: MAIN
Changes since 1.397: +6 -6 lines
Diff to previous 1.397 (colored)
replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
Revision 1.397 / (download) - annotate - [select for diffs], Sun Dec 29 05:42:16 2013 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.396: +16 -12 lines
Diff to previous 1.396 (colored)
don't forget to load Ed25519 certs too
Revision 1.396 / (download) - annotate - [select for diffs], Fri Dec 6 13:39:49 2013 UTC (10 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.395: +13 -4 lines
Diff to previous 1.395 (colored)
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
Revision 1.395 / (download) - annotate - [select for diffs], Tue Nov 26 12:14:54 2013 UTC (10 years, 5 months ago) by jmc
Branch: MAIN
Changes since 1.394: +5 -5 lines
Diff to previous 1.394 (colored)
- put -Q in the right place - Ar was a poor choice for the arguments to -Q. i've chosen an admittedly equally poor Cm, at least consistent with the rest of the docs. also no need for multiple instances - zap a now redundant Nm - usage() sync
Revision 1.394 / (download) - annotate - [select for diffs], Mon Nov 25 18:04:21 2013 UTC (10 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.393: +10 -10 lines
Diff to previous 1.393 (colored)
improve -Q usage and such. One usage change is that the option is now case-sensitive ok dtucker markus djm
Revision 1.393 / (download) - annotate - [select for diffs], Thu Nov 21 00:45:44 2013 UTC (10 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.392: +4 -2 lines
Diff to previous 1.392 (colored)
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
Revision 1.392 / (download) - annotate - [select for diffs], Thu Nov 7 11:58:27 2013 UTC (10 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.391: +4 -4 lines
Diff to previous 1.391 (colored)
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
Revision 1.391 / (download) - annotate - [select for diffs], Fri Oct 25 23:04:51 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.390: +4 -2 lines
Diff to previous 1.390 (colored)
fix crash when using ProxyCommand caused by previous commit - was calling freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
Revision 1.390 / (download) - annotate - [select for diffs], Thu Oct 24 08:19:36 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.389: +5 -3 lines
Diff to previous 1.389 (colored)
fix bug introduced in hostname canonicalisation commit: don't try to resolve hostnames when a ProxyCommand is set unless the user has forced canonicalisation; spotted by Iain Morgan
Revision 1.389 / (download) - annotate - [select for diffs], Wed Oct 23 03:05:19 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.388: +2 -1 lines
Diff to previous 1.388 (colored)
comment
Revision 1.388 / (download) - annotate - [select for diffs], Thu Oct 17 00:46:49 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.387: +4 -2 lines
Diff to previous 1.387 (colored)
rearrange check to reduce diff against -portable
Revision 1.387 / (download) - annotate - [select for diffs], Wed Oct 16 22:58:01 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.386: +6 -6 lines
Diff to previous 1.386 (colored)
one I missed in previous: s/isation/ization/
Revision 1.386 / (download) - annotate - [select for diffs], Wed Oct 16 22:49:39 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.385: +16 -16 lines
Diff to previous 1.385 (colored)
s/canonicalise/canonicalize/ for consistency with existing spelling, e.g. authorized_keys; pointed out by naddy@
Revision 1.385 / (download) - annotate - [select for diffs], Wed Oct 16 02:31:46 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.384: +162 -11 lines
Diff to previous 1.384 (colored)
Implement client-side hostname canonicalisation to allow an explicit search path of domain suffixes to use to convert unqualified host names to fully-qualified ones for host key matching. This is particularly useful for host certificates, which would otherwise need to list unqualified names alongside fully-qualified ones (and this causes a number of problems). "looks fine" markus@
Revision 1.384 / (download) - annotate - [select for diffs], Mon Oct 14 23:31:01 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.383: +4 -4 lines
Diff to previous 1.383 (colored)
whitespace at EOL; pointed out by markus@
Revision 1.383 / (download) - annotate - [select for diffs], Mon Oct 14 23:28:23 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.382: +9 -19 lines
Diff to previous 1.382 (colored)
refactor client config code a little: add multistate option partsing to readconf.c, similar to servconf.c's existing code. move checking of options that accept "none" as an argument to readconf.c add a lowercase() function and use it instead of explicit tolower() in loops part of a larger diff that was ok markus@
Revision 1.382 / (download) - annotate - [select for diffs], Mon Oct 14 22:22:04 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.381: +10 -13 lines
Diff to previous 1.381 (colored)
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
Revision 1.381 / (download) - annotate - [select for diffs], Thu Jul 25 00:29:10 2013 UTC (10 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.380: +2 -1 lines
Diff to previous 1.380 (colored)
daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure it is fully detached from its controlling terminal. based on debugging and patch from tedu@ ok dtucker@ "be careful" deraadt@
Revision 1.380 / (download) - annotate - [select for diffs], Sat Jul 20 01:44:37 2013 UTC (10 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.379: +2 -2 lines
Diff to previous 1.379 (colored)
More useful error message on missing current user in /etc/passwd
Revision 1.379 / (download) - annotate - [select for diffs], Fri Jul 12 05:48:55 2013 UTC (10 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.378: +6 -1 lines
Diff to previous 1.378 (colored)
set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
Revision 1.378 / (download) - annotate - [select for diffs], Fri May 17 00:13:14 2013 UTC (11 years ago) by djm
Branch: MAIN
Changes since 1.377: +21 -23 lines
Diff to previous 1.377 (colored)
bye, bye xfree(); ok markus@
Revision 1.377 / (download) - annotate - [select for diffs], Fri Apr 19 11:10:18 2013 UTC (11 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.376: +2 -2 lines
Diff to previous 1.376 (colored)
add -Q to usage; reminded by jmc@
Revision 1.376 / (download) - annotate - [select for diffs], Fri Apr 19 01:06:50 2013 UTC (11 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.375: +18 -2 lines
Diff to previous 1.375 (colored)
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
Revision 1.375 / (download) - annotate - [select for diffs], Sun Apr 7 02:10:33 2013 UTC (11 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.374: +20 -8 lines
Diff to previous 1.374 (colored)
Add -E option to ssh and sshd to append debugging logs to a specified file instead of stderr or syslog. ok markus@, man page help jmc@
Revision 1.374 / (download) - annotate - [select for diffs], Fri Mar 8 06:32:58 2013 UTC (11 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.373: +3 -2 lines
Diff to previous 1.373 (colored)
allow "ssh -f none ..." ok markus@
Revision 1.373 / (download) - annotate - [select for diffs], Fri Feb 22 22:09:01 2013 UTC (11 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.372: +3 -2 lines
Diff to previous 1.372 (colored)
Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier version)
Revision 1.372 / (download) - annotate - [select for diffs], Fri Feb 22 04:45:09 2013 UTC (11 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.371: +6 -4 lines
Diff to previous 1.371 (colored)
Don't complain if IdentityFiles specified in system-wide configs are missing. ok djm, deraadt.
Revision 1.371 / (download) - annotate - [select for diffs], Sun Feb 17 23:16:57 2013 UTC (11 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.370: +2 -7 lines
Diff to previous 1.370 (colored)
Keep track of which IndentityFile options were manually supplied and which were default options, and don't warn if the latter are missing. ok markus@
Revision 1.370 / (download) - annotate - [select for diffs], Fri Jul 6 01:47:38 2012 UTC (11 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.369: +21 -22 lines
Diff to previous 1.369 (colored)
move setting of tty_flag to after config parsing so RequestTTY options are correctly picked up. bz#1995 patch from przemoc AT gmail.com; ok dtucker@
Revision 1.369 / (download) - annotate - [select for diffs], Mon Jul 2 08:50:03 2012 UTC (11 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.368: +5 -1 lines
Diff to previous 1.368 (colored)
set interactive ToS for forwarded X11 sessions. ok djm@
Revision 1.368 / (download) - annotate - [select for diffs], Mon Oct 24 02:10:46 2011 UTC (12 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.367: +27 -25 lines
Diff to previous 1.367 (colored)
bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh was incorrectly requesting the forward in both the control master and slave. skip requesting it in the master to fix. ok markus@
Revision 1.367 / (download) - annotate - [select for diffs], Tue Oct 18 05:15:28 2011 UTC (12 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.366: +9 -6 lines
Diff to previous 1.366 (colored)
ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
Revision 1.366 / (download) - annotate - [select for diffs], Fri Sep 23 07:45:05 2011 UTC (12 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.365: +19 -10 lines
Diff to previous 1.365 (colored)
unbreak remote portforwarding with dynamic allocated listen ports: 1) send the actual listen port in the open message (instead of 0). this allows multiple forwardings with a dynamic listen port 2) update the matching permit-open entry, so we can identify where to connect to report: den at skbkontur.ru and P. Szczygielski feedback and ok djm@
Revision 1.365 / (download) - annotate - [select for diffs], Fri Sep 9 22:46:44 2011 UTC (12 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.364: +3 -1 lines
Diff to previous 1.364 (colored)
support for cancelling local and remote port forwards via the multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request the cancellation of the specified forwardings; ok markus@
Revision 1.364 / (download) - annotate - [select for diffs], Tue Aug 2 23:15:03 2011 UTC (12 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.363: +2 -2 lines
Diff to previous 1.363 (colored)
typo in comment
Revision 1.363 / (download) - annotate - [select for diffs], Wed Jun 22 22:08:42 2011 UTC (12 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.362: +7 -5 lines
Diff to previous 1.362 (colored)
hook up a channel confirm callback to warn the user then requested X11 forwarding was refused by the server; ok markus@
Revision 1.362 / (download) - annotate - [select for diffs], Fri Jun 3 00:54:38 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.361: +2 -1 lines
Diff to previous 1.361 (colored)
bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg AT googlemail.com; ok dtucker@
Revision 1.361 / (download) - annotate - [select for diffs], Tue May 24 07:15:47 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.360: +18 -10 lines
Diff to previous 1.360 (colored)
Remove undocumented legacy options UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile accept multiple paths per line and making their defaults include known_hosts2; ok markus
Revision 1.360 / (download) - annotate - [select for diffs], Fri May 6 21:38:58 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.359: +1 -2 lines
Diff to previous 1.359 (colored)
fix dropping from previous diff
Revision 1.359 / (download) - annotate - [select for diffs], Fri May 6 21:34:32 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.358: +22 -19 lines
Diff to previous 1.358 (colored)
Add a RequestTTY ssh_config option to allow configuration-based control over tty allocation (like -t/-T); ok markus@
Revision 1.358 / (download) - annotate - [select for diffs], Fri May 6 21:18:02 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.357: +14 -14 lines
Diff to previous 1.357 (colored)
add a %L expansion (short-form of the local host name) for ControlPath; sync some more expansions with LocalCommand; ok markus@
Revision 1.357 / (download) - annotate - [select for diffs], Sun Apr 17 22:42:42 2011 UTC (13 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.356: +3 -1 lines
Diff to previous 1.356 (colored)
allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests; ok markus@
Revision 1.356 / (download) - annotate - [select for diffs], Thu Jan 6 22:23:53 2011 UTC (13 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.355: +5 -3 lines
Diff to previous 1.355 (colored)
unbreak %n expansion in LocalCommand; patch from bert.wesarg AT googlemail.com; ok markus@
Revision 1.355 / (download) - annotate - [select for diffs], Mon Nov 29 23:45:51 2010 UTC (13 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.354: +2 -2 lines
Diff to previous 1.354 (colored)
automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys that are preferred by default; with markus@
Revision 1.354 / (download) - annotate - [select for diffs], Sat Nov 13 23:27:50 2010 UTC (13 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.353: +3 -4 lines
Diff to previous 1.353 (colored)
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Revision 1.353 / (download) - annotate - [select for diffs], Wed Oct 6 06:39:28 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.352: +3 -10 lines
Diff to previous 1.352 (colored)
kill proxy command on fatal() (we already kill it on clean exit); ok markus@
Revision 1.352 / (download) - annotate - [select for diffs], Mon Sep 20 04:41:47 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.351: +20 -1 lines
Diff to previous 1.351 (colored)
install a SIGCHLD handler to reap expiried child process; ok markus@
Revision 1.351 / (download) - annotate - [select for diffs], Thu Sep 2 16:08:39 2010 UTC (13 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.350: +2 -1 lines
Diff to previous 1.350 (colored)
unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
Revision 1.350 / (download) - annotate - [select for diffs], Tue Aug 31 12:33:38 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.349: +2 -2 lines
Diff to previous 1.349 (colored)
reintroduce commit from tedu@, which I pulled out for release engineering: OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
Revision 1.349 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.348: +18 -9 lines
Diff to previous 1.348 (colored)
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
Revision 1.348 / (download) - annotate - [select for diffs], Mon Aug 16 04:06:06 2010 UTC (13 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.347: +1 -1 lines
Diff to previous 1.347 (colored)
backout previous temporarily; discussed with deraadt@
Revision 1.347 / (download) - annotate - [select for diffs], Thu Aug 12 23:34:39 2010 UTC (13 years, 9 months ago) by tedu
Branch: MAIN
Changes since 1.346: +2 -2 lines
Diff to previous 1.346 (colored)
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
Revision 1.346 / (download) - annotate - [select for diffs], Thu Aug 12 21:49:44 2010 UTC (13 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.345: +18 -1 lines
Diff to previous 1.345 (colored)
close any extra file descriptors inherited from parent at start and reopen stdin/stdout to /dev/null when forking for ControlPersist. prevents tools that fork and run a captive ssh for communication from failing to exit when the ssh completes while they wait for these fds to close. The inherited fds may persist arbitrarily long if a background mux master has been started by ControlPersist. cvs and scp were effected by this. "please commit" markus@
Revision 1.345 / (download) - annotate - [select for diffs], Wed Aug 4 05:42:47 2010 UTC (13 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.344: +16 -8 lines
Diff to previous 1.344 (colored)
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
Revision 1.344 / (download) - annotate - [select for diffs], Mon Jul 19 09:15:12 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.343: +95 -22 lines
Diff to previous 1.343 (colored)
add a "ControlPersist" option that automatically starts a background ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but further hacked on by wmertens AT cisco.com, apb AT cequrux.com, martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
Revision 1.343 / (download) - annotate - [select for diffs], Mon Jul 12 22:41:13 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.342: +8 -7 lines
Diff to previous 1.342 (colored)
expand %h to the hostname in ssh_config Hostname options. While this sounds useless, it is actually handy for working with unqualified hostnames: Host *.* Hostname %h Host * Hostname %h.example.org "I like it" markus@
Revision 1.342 / (download) - annotate - [select for diffs], Mon Jul 12 22:38:52 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.341: +8 -3 lines
Diff to previous 1.341 (colored)
Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
for protocol 2. ok markus@
Revision 1.341 / (download) - annotate - [select for diffs], Sat Jun 26 23:04:04 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.340: +2 -1 lines
Diff to previous 1.340 (colored)
oops, forgot to #include <canohost.h>; spotted and patch from chl@
Revision 1.340 / (download) - annotate - [select for diffs], Fri Jun 25 23:15:36 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.339: +6 -3 lines
Diff to previous 1.339 (colored)
Add X11ForwardTimeout option to specify timeout for untrusted X11 authentication cookies to avoid fallback in X11 code to fully-trusted implicit authentication using SO_PEERCRED described at: http://lists.x.org/archives/xorg-devel/2010-May/008636.html After the X11ForwardTimeout has expired the client will now refuse incoming X11 channel opens. based on patch from Tavis Ormandy; "nice" markus@
Revision 1.339 / (download) - annotate - [select for diffs], Fri Jun 25 23:10:30 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.338: +8 -1 lines
Diff to previous 1.338 (colored)
log the hostname and address that we connected to at LogLevel=verbose after authentication is successful to mitigate "phishing" attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts; "nice!" markus@
Revision 1.338 / (download) - annotate - [select for diffs], Sun May 16 12:55:51 2010 UTC (14 years ago) by markus
Branch: MAIN
Changes since 1.337: +6 -3 lines
Diff to previous 1.337 (colored)
mux support for remote forwarding with dynamic port allocation, use with LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` feedback and ok djm@
Revision 1.337 / (download) - annotate - [select for diffs], Fri May 14 23:29:23 2010 UTC (14 years ago) by djm
Branch: MAIN
Changes since 1.336: +5 -2 lines
Diff to previous 1.336 (colored)
Pause the mux channel while waiting for reply from aynch callbacks. Prevents misordering of replies if new requests arrive while waiting. Extend channel open confirm callback to allow signalling failure conditions as well as success. Use this to 1) fix a memory leak, 2) start using the above pause mechanism and 3) delay sending a success/ failure message on mux slave session open until we receive a reply from the server. motivated by and with feedback from markus@
Revision 1.336 / (download) - annotate - [select for diffs], Sat Apr 10 00:00:16 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.335: +2 -2 lines
Diff to previous 1.335 (colored)
bz#1746 - suppress spurious tty warning when using -O and stdin is not a tty; ok dtucker@ markus@
Revision 1.335 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.334: +53 -20 lines
Diff to previous 1.334 (colored)
Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
Revision 1.334 / (download) - annotate - [select for diffs], Mon Feb 8 22:03:05 2010 UTC (14 years, 3 months ago) by jmc
Branch: MAIN
Changes since 1.333: +3 -2 lines
Diff to previous 1.333 (colored)
tweak previous; ok markus
Revision 1.333 / (download) - annotate - [select for diffs], Mon Feb 8 10:50:20 2010 UTC (14 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.332: +17 -12 lines
Diff to previous 1.332 (colored)
replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev
Revision 1.332 / (download) - annotate - [select for diffs], Tue Jan 26 01:28:35 2010 UTC (14 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.331: +19 -3 lines
Diff to previous 1.331 (colored)
rewrite ssh(1) multiplexing code to a more sensible protocol.
The new multiplexing code uses channels for the listener and
accepted control sockets to make the mux master non-blocking, so
no stalls when processing messages from a slave.
avoid use of fatal() in mux master protocol parsing so an errant slave
process cannot take down a running master.
implement requesting of port-forwards over multiplexed sessions. Any
port forwards requested by the slave are added to those the master has
established.
add support for stdio forwarding ("ssh -W host:port ...") in mux slaves.
document master/slave mux protocol so that other tools can use it to
control a running ssh(1). Note: there are no guarantees that this
protocol won't be incompatibly changed (though it is versioned).
feedback Salvador Fandino, dtucker@
channel changes ok markus@
Revision 1.331 / (download) - annotate - [select for diffs], Mon Jan 11 01:39:46 2010 UTC (14 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.330: +54 -3 lines
Diff to previous 1.330 (colored)
Add a 'netcat mode' (ssh -W). This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz #1618, man page help from jmc@, ok markus@
Revision 1.330 / (download) - annotate - [select for diffs], Sat Jan 9 23:04:13 2010 UTC (14 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.329: +1 -2 lines
Diff to previous 1.329 (colored)
Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
Revision 1.329 / (download) - annotate - [select for diffs], Sun Dec 20 07:28:36 2009 UTC (14 years, 4 months ago) by guenther
Branch: MAIN
Changes since 1.328: +2 -2 lines
Diff to previous 1.328 (colored)
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'. Based on a diff by halex@ ok halex@ djm@ deraadt@
Revision 1.328 / (download) - annotate - [select for diffs], Wed Oct 28 16:38:18 2009 UTC (14 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.327: +2 -1 lines
Diff to previous 1.327 (colored)
Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
Revision 1.327 / (download) - annotate - [select for diffs], Sat Oct 24 11:23:42 2009 UTC (14 years, 6 months ago) by andreas
Branch: MAIN
Changes since 1.326: +5 -1 lines
Diff to previous 1.326 (colored)
Request roaming to be enabled if UseRoaming is true and the server supports it. ok markus@
Revision 1.326 / (download) - annotate - [select for diffs], Thu Jul 2 02:11:47 2009 UTC (14 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.325: +9 -7 lines
Diff to previous 1.325 (colored)
allow for long home dir paths (bz #1615). ok deraadt
Revision 1.325 / (download) - annotate - [select for diffs], Tue Mar 17 21:37:00 2009 UTC (15 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.324: +5 -4 lines
Diff to previous 1.324 (colored)
pass correct argv[0] to openlog(); ok djm@
Revision 1.324 / (download) - annotate - [select for diffs], Thu Feb 12 03:00:56 2009 UTC (15 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.323: +11 -4 lines
Diff to previous 1.323 (colored)
support remote port forwarding with a zero listen port (-R0:...) to dyamically allocate a listen port at runtime (this is actually specified in rfc4254); bz#1003 ok markus@
Revision 1.323 / (download) - annotate - [select for diffs], Thu Jan 22 10:02:34 2009 UTC (15 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.322: +2 -2 lines
Diff to previous 1.322 (colored)
make a2port() return -1 when it encounters an invalid port number rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@
Revision 1.322 / (download) - annotate - [select for diffs], Sat Nov 1 17:40:33 2008 UTC (15 years, 6 months ago) by stevesk
Branch: MAIN
Changes since 1.321: +8 -24 lines
Diff to previous 1.321 (colored)
merge dynamic forward parsing into parse_forward(); 'i think this is OK' djm@
Revision 1.321 / (download) - annotate - [select for diffs], Thu Oct 9 06:54:22 2008 UTC (15 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.320: +2 -2 lines
Diff to previous 1.320 (colored)
add -y to usage();
Revision 1.320 / (download) - annotate - [select for diffs], Wed Oct 8 23:34:03 2008 UTC (15 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.319: +9 -5 lines
Diff to previous 1.319 (colored)
Add -y option to force logging via syslog rather than stderr. Useful for daemonised ssh connection (ssh -f). Patch originally from and ok'd by markus@
Revision 1.319 / (download) - annotate - [select for diffs], Thu Sep 11 14:22:37 2008 UTC (15 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.318: +3 -2 lines
Diff to previous 1.318 (colored)
only send eow and no-more-sessions requests to openssh 5 and newer; fixes interop problems with broken ssh v2 implementations; ok djm@
Revision 1.318 / (download) - annotate - [select for diffs], Wed Jul 2 13:47:39 2008 UTC (15 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.317: +21 -6 lines
Diff to previous 1.317 (colored)
When forking after authentication ("ssh -f") with ExitOnForwardFailure
enabled, delay the fork until after replies for any -R forwards have
been seen. Allows for robust detection of -R forward failure when
using -f (similar to bz#92); ok dtucker@
Revision 1.317 / (download) - annotate - [select for diffs], Thu Jun 12 16:35:31 2008 UTC (15 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.316: +23 -7 lines
Diff to previous 1.316 (colored)
keyword expansion for localcommand. ok djm@
Revision 1.316 / (download) - annotate - [select for diffs], Thu Jun 12 04:24:06 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.315: +47 -26 lines
Diff to previous 1.315 (colored)
thal shalt not code past the eightieth column
Revision 1.315 / (download) - annotate - [select for diffs], Thu Jun 12 04:06:00 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.314: +26 -27 lines
Diff to previous 1.314 (colored)
maintain an ordered queue of outstanding global requests that we expect replies to, similar to the per-channel confirmation queue. Use this queue to verify success or failure for remote forward establishment in a race free way. ok dtucker@
Revision 1.314 / (download) - annotate - [select for diffs], Tue Jun 10 22:15:23 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.313: +10 -1 lines
Diff to previous 1.313 (colored)
Add a no-more-sessions@openssh.com global request extension that the client sends when it knows that it will never request another session (i.e. when session multiplexing is disabled). This allows a server to disallow further session requests and terminate the session. Why would a non-multiplexing client ever issue additional session requests? It could have been attacked with something like SSH'jack: http://www.storm.net.nz/projects/7 feedback & ok markus
Revision 1.313 / (download) - annotate - [select for diffs], Fri May 9 14:26:08 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.312: +6 -1 lines
Diff to previous 1.312 (colored)
dingo stole my diff hunk
Revision 1.312 / (download) - annotate - [select for diffs], Fri May 9 14:18:44 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.311: +15 -298 lines
Diff to previous 1.311 (colored)
tidy up session multiplexing code, moving it into its own file and making the function names more consistent - making ssh.c and clientloop.c a fair bit more readable. ok markus@
Revision 1.311 / (download) - annotate - [select for diffs], Thu May 8 13:06:11 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.310: +2 -17 lines
Diff to previous 1.310 (colored)
Use new channel status confirmation callback system to properly deal with "important" channel requests that fail, in particular command exec, shell and subsystem requests. Previously we would optimistically assume that the requests would always succeed, which could cause hangs if they did not (e.g. when the server runs out of fds) or were unimplemented by the server (bz #1384) Also, properly report failing multiplex channel requests via the mux client stderr (subject to LogLevel in the mux master) - better than silently failing. most bits ok markus@ (as part of a larger diff)
Revision 1.310 / (download) - annotate - [select for diffs], Thu May 8 12:02:23 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.309: +4 -2 lines
Diff to previous 1.309 (colored)
Implement a channel success/failure status confirmation callback mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
Revision 1.309 / (download) - annotate - [select for diffs], Sat Jan 19 20:51:26 2008 UTC (16 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.308: +3 -1 lines
Diff to previous 1.308 (colored)
ignore SIGPIPE in multiplex client mode - we can receive this if the server runs out of fds on us midway. Report and patch from gregory_shively AT fanniemae.com
Revision 1.308 / (download) - annotate - [select for diffs], Sat Nov 3 02:03:49 2007 UTC (16 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.307: +5 -1 lines
Diff to previous 1.307 (colored)
avoid errno trashing in signal handler; ok dtucker
Revision 1.307 / (download) - annotate - [select for diffs], Sat Nov 3 02:00:32 2007 UTC (16 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.306: +5 -5 lines
Diff to previous 1.306 (colored)
Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@
Revision 1.306 / (download) - annotate - [select for diffs], Sat Nov 3 01:24:06 2007 UTC (16 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.305: +10 -3 lines
Diff to previous 1.305 (colored)
bz #1377: getpwuid results were being clobbered by another getpw* call inside tilde_expand_filename(); save the data we need carefully ok djm
Revision 1.305 / (download) - annotate - [select for diffs], Mon Oct 29 06:54:50 2007 UTC (16 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.304: +6 -1 lines
Diff to previous 1.304 (colored)
Make LocalCommand work for Protocol 1 too; ok djm@
Revision 1.304 / (download) - annotate - [select for diffs], Mon Oct 29 01:55:04 2007 UTC (16 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.303: +8 -3 lines
Diff to previous 1.303 (colored)
Plug tiny mem leaks in ControlPath and ProxyCommand option processing; ok djm@
Revision 1.303 / (download) - annotate - [select for diffs], Tue Sep 4 11:15:55 2007 UTC (16 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.302: +11 -4 lines
Diff to previous 1.302 (colored)
make ssh(1)'s ConnectTimeout option apply to both the TCP connection and SSH banner exchange (previously it just covered the TCP connection). This allows callers of ssh(1) to better detect and deal with stuck servers that accept a TCP connection but don't progress the protocol, and also makes ConnectTimeout useful for connections via a ProxyCommand; feedback and "looks ok" markus@
Revision 1.302 / (download) - annotate - [select for diffs], Tue Sep 4 03:21:03 2007 UTC (16 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.301: +5 -4 lines
Diff to previous 1.301 (colored)
make file descriptor passing code return an error rather than call fatal() when it encounters problems, and use this to make session multiplexing masters survive slaves failing to pass all stdio FDs; ok markus@
Revision 1.301 / (download) - annotate - [select for diffs], Tue Aug 7 07:32:53 2007 UTC (16 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.300: +15 -24 lines
Diff to previous 1.300 (colored)
bz#1232: ensure that any specified LocalCommand is executed after the tunnel device is opened. Also, make failures to open a tunnel device fatal when ExitOnForwardFailure is active. Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
Revision 1.300 / (download) - annotate - [select for diffs], Thu Jun 14 22:48:05 2007 UTC (16 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.299: +21 -13 lines
Diff to previous 1.299 (colored)
when waiting for the multiplex exit status, read until the master end writes an entire int of data *and* closes the client_fd; fixes mux regression spotted by dtucker, ok dtucker@
Revision 1.299 / (download) - annotate - [select for diffs], Thu Jun 14 21:43:25 2007 UTC (16 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.298: +5 -2 lines
Diff to previous 1.298 (colored)
handle EINTR when waiting for mux exit status properly
Revision 1.298 / (download) - annotate - [select for diffs], Tue Jun 12 11:45:27 2007 UTC (16 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.297: +3 -2 lines
Diff to previous 1.297 (colored)
improved exit message from multiplex slave sessions; bz #1262 reported by alexandre.nunes AT gmail.com; ok dtucker@
Revision 1.297 / (download) - annotate - [select for diffs], Tue Jun 12 11:15:17 2007 UTC (16 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.296: +7 -3 lines
Diff to previous 1.296 (colored)
Add "-K" flag for ssh to set GSSAPIAuthentication=yes and GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI) and is useful for hosts with /home on Kerberised NFS; bz #1312 patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
Revision 1.296 / (download) - annotate - [select for diffs], Tue Jun 12 11:11:08 2007 UTC (16 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.295: +13 -10 lines
Diff to previous 1.295 (colored)
fix slave exit value when a control master goes away without passing the full exit status by ensuring that the slave reads a full int. bz#1261 reported by frekko AT gmail.com; ok markus@ dtucker@
Revision 1.295 / (download) - annotate - [select for diffs], Wed Jan 3 03:01:40 2007 UTC (17 years, 4 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.294: +2 -2 lines
Diff to previous 1.294 (colored)
spaces
Revision 1.249.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 00:44:05 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.249.2.2: +1 -1 lines
Diff to previous 1.249.2.2 (colored) to branchpoint 1.249 (colored) next main 1.250 (colored)
upgrade to OpenSSH 4.5
Revision 1.293.4.1 / (download) - annotate - [select for diffs], Wed Nov 8 00:42:11 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_4_0
Changes since 1.293: +2 -1 lines
Diff to previous 1.293 (colored) next main 1.294 (colored)
upgrade to OpenSSH 4.5
Revision 1.265.2.2 / (download) - annotate - [select for diffs], Wed Nov 8 00:17:14 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.265.2.1: +2 -1 lines
Diff to previous 1.265.2.1 (colored) to branchpoint 1.265 (colored) next main 1.266 (colored)
upgrade to OpenSSH 4.5
Revision 1.249.2.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:33 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.249.2.1: +94 -45 lines
Diff to previous 1.249.2.1 (colored) to branchpoint 1.249 (colored)
upgrade to OpenSSH 4.4
Revision 1.294 / (download) - annotate - [select for diffs], Fri Oct 6 02:29:19 2006 UTC (17 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.293: +2 -1 lines
Diff to previous 1.293 (colored)
sys/resource.h needs sys/time.h; prompted by brad@
Revision 1.265.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:51 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.265: +82 -48 lines
Diff to previous 1.265 (colored)
upgrade to OpenSSH 4.4
Revision 1.293 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE
Branch point for: OPENBSD_4_0
Changes since 1.292: +4 -6 lines
Diff to previous 1.292 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.292 / (download) - annotate - [select for diffs], Tue Aug 1 23:36:12 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.291: +2 -2 lines
Diff to previous 1.291 (colored)
clean extra spaces
Revision 1.291 / (download) - annotate - [select for diffs], Tue Aug 1 23:22:47 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.290: +2 -1 lines
Diff to previous 1.290 (colored)
move #include <stdio.h> out of includes.h
Revision 1.290 / (download) - annotate - [select for diffs], Wed Jul 26 13:57:17 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.289: +2 -1 lines
Diff to previous 1.289 (colored)
move #include <stdlib.h> out of includes.h
Revision 1.289 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.288: +2 -1 lines
Diff to previous 1.288 (colored)
move #include <string.h> out of includes.h
Revision 1.288 / (download) - annotate - [select for diffs], Mon Jul 17 01:31:10 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.287: +2 -1 lines
Diff to previous 1.287 (colored)
move #include <unistd.h> out of includes.h
Revision 1.287 / (download) - annotate - [select for diffs], Wed Jul 12 22:42:32 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.286: +2 -1 lines
Diff to previous 1.286 (colored)
move #include <stddef.h> out of includes.h
Revision 1.286 / (download) - annotate - [select for diffs], Wed Jul 12 22:28:52 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.285: +2 -1 lines
Diff to previous 1.285 (colored)
move #include <netdb.h> out of includes.h; ok djm@
Revision 1.285 / (download) - annotate - [select for diffs], Tue Jul 11 20:27:56 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.284: +2 -1 lines
Diff to previous 1.284 (colored)
need <errno.h> here also (it's also included in <openssl/err.h>)
Revision 1.284 / (download) - annotate - [select for diffs], Tue Jul 11 20:16:43 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.283: +2 -2 lines
Diff to previous 1.283 (colored)
cast asterisk field precision argument to int to remove warning; ok markus@
Revision 1.283 / (download) - annotate - [select for diffs], Tue Jul 11 18:50:48 2006 UTC (17 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.282: +21 -6 lines
Diff to previous 1.282 (colored)
add ExitOnForwardFailure: terminate the connection if ssh(1) cannot set up all requested dynamic, local, and remote port forwardings. ok djm, dtucker, stevesk, jmc
Revision 1.282 / (download) - annotate - [select for diffs], Tue Jul 11 10:12:07 2006 UTC (17 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.281: +6 -7 lines
Diff to previous 1.281 (colored)
Only copy the part of environment variable that we actually use. Prevents ssh bailing when SendEnv is used and an environment variable with a really long value exists. ok djm@
Revision 1.281 / (download) - annotate - [select for diffs], Sun Jul 9 15:15:11 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.280: +2 -1 lines
Diff to previous 1.280 (colored)
move #include <fcntl.h> out of includes.h
Revision 1.280 / (download) - annotate - [select for diffs], Sat Jul 8 21:47:12 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.279: +2 -1 lines
Diff to previous 1.279 (colored)
move #include <sys/socket.h> out of includes.h
Revision 1.279 / (download) - annotate - [select for diffs], Thu Jul 6 16:03:53 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.278: +2 -1 lines
Diff to previous 1.278 (colored)
move #include <pwd.h> out of includes.h; ok markus@
Revision 1.278 / (download) - annotate - [select for diffs], Mon Jul 3 08:54:20 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.277: +2 -1 lines
Diff to previous 1.277 (colored)
move #include "version.h" out of includes.h; ok markus@
Revision 1.277 / (download) - annotate - [select for diffs], Sun Jul 2 17:12:58 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.276: +2 -2 lines
Diff to previous 1.276 (colored)
more details and clarity for tun(4) device forwarding; ok and help jmc@
Revision 1.276 / (download) - annotate - [select for diffs], Tue Apr 25 08:02:27 2006 UTC (18 years ago) by dtucker
Branch: MAIN
Changes since 1.275: +4 -4 lines
Diff to previous 1.275 (colored)
Prevent ssh from trying to open private keys with bad permissions more than once or prompting for their passphrases (which it subsequently ignores anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
Revision 1.275 / (download) - annotate - [select for diffs], Thu Mar 30 10:41:25 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.274: +16 -6 lines
Diff to previous 1.274 (colored)
add percent escape chars to the IdentityFile option, bz #1159 based on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
Revision 1.274 / (download) - annotate - [select for diffs], Tue Mar 28 00:12:31 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.273: +2 -2 lines
Diff to previous 1.273 (colored)
spacing
Revision 1.273 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.272: +1 -0 lines
Diff to previous 1.272 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.272 / (download) - annotate - [select for diffs], Sat Mar 25 00:05:41 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.271: +3 -2 lines
Diff to previous 1.271 (colored)
introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
Revision 1.271 / (download) - annotate - [select for diffs], Mon Mar 20 18:42:26 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.270: +1 -1 lines
Diff to previous 1.270 (colored)
be strict with tolower() casting
Revision 1.270 / (download) - annotate - [select for diffs], Mon Mar 20 18:26:55 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.269: +2 -2 lines
Diff to previous 1.269 (colored)
annoying spacing fixes getting in the way of real diffs
Revision 1.269 / (download) - annotate - [select for diffs], Mon Mar 20 18:14:02 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.268: +4 -4 lines
Diff to previous 1.268 (colored)
sprinkle u_int throughout pty subsystem, ok markus
Revision 1.268 / (download) - annotate - [select for diffs], Sun Mar 19 18:59:30 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.267: +13 -13 lines
Diff to previous 1.267 (colored)
spacing
Revision 1.267 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:18 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.266: +0 -1 lines
Diff to previous 1.266 (colored)
RCSID() can die
Revision 1.266 / (download) - annotate - [select for diffs], Sun Mar 12 04:23:07 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.265: +2 -2 lines
Diff to previous 1.265 (colored)
knf nit
Revision 1.265 / (download) - annotate - [select for diffs], Wed Feb 22 00:04:45 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.264: +2 -1 lines
Diff to previous 1.264 (colored)
move #include <ctype.h> out of includes.h; ok djm@
Revision 1.264 / (download) - annotate - [select for diffs], Mon Feb 20 17:19:54 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.263: +2 -1 lines
Diff to previous 1.263 (colored)
move #include <sys/stat.h> out of includes.h; ok markus@
Revision 1.263 / (download) - annotate - [select for diffs], Mon Feb 20 17:02:44 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.262: +2 -1 lines
Diff to previous 1.262 (colored)
move #include <signal.h> out of includes.h; ok markus@
Revision 1.262 / (download) - annotate - [select for diffs], Mon Feb 20 16:36:15 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.261: +3 -1 lines
Diff to previous 1.261 (colored)
move #include <sys/un.h> out of includes.h; ok djm@
Revision 1.261 / (download) - annotate - [select for diffs], Sun Feb 12 06:45:34 2006 UTC (18 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.260: +6 -2 lines
Diff to previous 1.260 (colored)
add a %l expansion code to the ControlPath, which is filled in with the local hostname at runtime. Requested by henning@ to avoid some problems with /home on NFS; ok dtucker@
Revision 1.260 / (download) - annotate - [select for diffs], Fri Feb 10 00:27:13 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.259: +2 -1 lines
Diff to previous 1.259 (colored)
move #include <sys/ioctl.h> out of includes.h; ok markus@
Revision 1.259 / (download) - annotate - [select for diffs], Wed Feb 8 14:31:30 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.258: +3 -1 lines
Diff to previous 1.258 (colored)
move #include <sys/resource.h> out of includes.h; ok markus@
Revision 1.258 / (download) - annotate - [select for diffs], Wed Feb 8 12:15:27 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.257: +3 -1 lines
Diff to previous 1.257 (colored)
move #include <paths.h> out of includes.h; ok markus@
Revision 1.249.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:58 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.249: +61 -23 lines
Diff to previous 1.249 (colored)
upgrade to OpenSSH 4.3
Revision 1.234.2.2 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:45 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.234.2.1: +61 -23 lines
Diff to previous 1.234.2.1 (colored) to branchpoint 1.234 (colored) next main 1.235 (colored)
upgrade to OpenSSH 4.3
Revision 1.257 / (download) - annotate - [select for diffs], Tue Dec 20 04:41:07 2005 UTC (18 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.256: +14 -14 lines
Diff to previous 1.256 (colored)
exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
Revision 1.256 / (download) - annotate - [select for diffs], Thu Dec 8 18:34:11 2005 UTC (18 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.255: +8 -5 lines
Diff to previous 1.255 (colored)
two changes to the new ssh tunnel support. this breaks compatibility with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@
Revision 1.255 / (download) - annotate - [select for diffs], Tue Dec 6 22:38:27 2005 UTC (18 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.254: +36 -3 lines
Diff to previous 1.254 (colored)
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
Revision 1.254 / (download) - annotate - [select for diffs], Sun Oct 30 08:52:18 2005 UTC (18 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.253: +3 -3 lines
Diff to previous 1.253 (colored)
no need to escape single quotes in comments, no binary change
Revision 1.253 / (download) - annotate - [select for diffs], Sun Oct 30 04:03:24 2005 UTC (18 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.252: +2 -3 lines
Diff to previous 1.252 (colored)
fix misleading debug message; ok dtucker@
Revision 1.252 / (download) - annotate - [select for diffs], Fri Oct 14 02:17:59 2005 UTC (18 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.251: +4 -4 lines
Diff to previous 1.251 (colored)
no trailing "\n" for log functions; ok djm@
Revision 1.251 / (download) - annotate - [select for diffs], Mon Sep 19 15:42:44 2005 UTC (18 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.250: +2 -2 lines
Diff to previous 1.250 (colored)
update -D usage here too;
Revision 1.250 / (download) - annotate - [select for diffs], Tue Sep 13 23:40:07 2005 UTC (18 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.249: +4 -1 lines
Diff to previous 1.249 (colored)
ensure that stdio fds are attached; ok deraadt@
Revision 1.234.2.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:10 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.234: +94 -140 lines
Diff to previous 1.234 (colored)
upgrade to OpenSSH 4.2
Revision 1.226.2.3 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:01 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.226.2.2: +94 -140 lines
Diff to previous 1.226.2.2 (colored) to branchpoint 1.226 (colored) next main 1.227 (colored)
upgrade to OpenSSH 4.2
Revision 1.249 / (download) - annotate - [select for diffs], Sat Jul 30 01:26:16 2005 UTC (18 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_8
Changes since 1.248: +2 -2 lines
Diff to previous 1.248 (colored)
fix -D listen_host initialisation, so it picks up gateway_ports setting correctly
Revision 1.248 / (download) - annotate - [select for diffs], Sat Jul 16 01:35:24 2005 UTC (18 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.247: +6 -6 lines
Diff to previous 1.247 (colored)
spacing
Revision 1.247 / (download) - annotate - [select for diffs], Mon Jul 4 00:58:43 2005 UTC (18 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.246: +11 -8 lines
Diff to previous 1.246 (colored)
implement support for X11 and agent forwarding over multiplex slave connections. Because of protocol limitations, the slave connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding their own. ok dtucker@ "put it in" deraadt@
Revision 1.246 / (download) - annotate - [select for diffs], Sat Jun 25 22:47:49 2005 UTC (18 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.245: +7 -7 lines
Diff to previous 1.245 (colored)
do the default port filling code a few lines earlier, so it really does fix %p
Revision 1.245 / (download) - annotate - [select for diffs], Sat Jun 18 04:30:36 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.244: +4 -1 lines
Diff to previous 1.244 (colored)
allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
Revision 1.244 / (download) - annotate - [select for diffs], Fri Jun 17 22:53:46 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.243: +8 -1 lines
Diff to previous 1.243 (colored)
Fix ControlPath's %p expanding to "0" for a default port, spotted dwmw2 AT infradead.org; ok markus@
Revision 1.243 / (download) - annotate - [select for diffs], Thu Jun 16 03:38:36 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.242: +14 -112 lines
Diff to previous 1.242 (colored)
move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd easier later; ok deraadt@
Revision 1.242 / (download) - annotate - [select for diffs], Wed Jun 8 11:25:09 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.241: +24 -8 lines
Diff to previous 1.241 (colored)
add ControlMaster=auto/autoask options to support opportunistic multiplexing; tested avsm@ and jakob@, ok markus@
Revision 1.241 / (download) - annotate - [select for diffs], Mon Jun 6 11:20:36 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.240: +7 -3 lines
Diff to previous 1.240 (colored)
introduce a generic %foo expansion function. replace existing % expansion and add expansion to ControlPath; ok markus@
Revision 1.226.2.2 / (download) - annotate - [select for diffs], Sun Jun 5 02:22:39 2005 UTC (18 years, 11 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.226.2.1: +4 -4 lines
Diff to previous 1.226.2.1 (colored) to branchpoint 1.226 (colored)
upgrade to OpenSSH 4.1
Revision 1.240 / (download) - annotate - [select for diffs], Fri May 27 08:30:37 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.239: +12 -3 lines
Diff to previous 1.239 (colored)
fix -O for cases where no ControlPath has been specified or socket at ControlPath is not contactable; spotted by and ok avsm@
Revision 1.239 / (download) - annotate - [select for diffs], Tue May 10 10:30:43 2005 UTC (19 years ago) by djm
Branch: MAIN
Changes since 1.238: +7 -2 lines
Diff to previous 1.238 (colored)
report real errors on fallback from ControlMaster=no to normal connect
Revision 1.238 / (download) - annotate - [select for diffs], Tue May 10 10:28:11 2005 UTC (19 years ago) by djm
Branch: MAIN
Changes since 1.237: +2 -2 lines
Diff to previous 1.237 (colored)
print nice error message for EADDRINUSE as well
Revision 1.237 / (download) - annotate - [select for diffs], Tue Apr 26 13:08:37 2005 UTC (19 years ago) by jakob
Branch: MAIN
Changes since 1.236: +17 -14 lines
Diff to previous 1.236 (colored)
fallback gracefully if client cannot connect to ControlPath. ok djm@
Revision 1.236 / (download) - annotate - [select for diffs], Thu Apr 21 11:47:19 2005 UTC (19 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.235: +2 -2 lines
Diff to previous 1.235 (colored)
don't allocate a pty when -n flag (/dev/null stdin) is set, patch from ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@
Revision 1.235 / (download) - annotate - [select for diffs], Wed Apr 6 12:26:06 2005 UTC (19 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.234: +3 -1 lines
Diff to previous 1.234 (colored)
Fix debug call for port forwards; patch from pete at seebeyond.com, ok djm@
Revision 1.234 / (download) - annotate - [select for diffs], Thu Mar 10 22:01:06 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE
Branch point for: OPENBSD_3_7
Changes since 1.233: +4 -4 lines
Diff to previous 1.233 (colored)
spacing
Revision 1.209.2.2 / (download) - annotate - [select for diffs], Thu Mar 10 17:15:05 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.209.2.1: +137 -64 lines
Diff to previous 1.209.2.1 (colored) to branchpoint 1.209 (colored) next main 1.210 (colored)
upgrade to OpenSSH 4.0
Revision 1.226.2.1 / (download) - annotate - [select for diffs], Thu Mar 10 16:28:28 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.226: +131 -62 lines
Diff to previous 1.226 (colored)
upgrade to OpenSSH 4.0
Revision 1.233 / (download) - annotate - [select for diffs], Tue Mar 1 17:22:06 2005 UTC (19 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.232: +4 -4 lines
Diff to previous 1.232 (colored)
sync usage() w/ man SYNOPSIS; ok markus@
Revision 1.232 / (download) - annotate - [select for diffs], Tue Mar 1 10:09:52 2005 UTC (19 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.231: +65 -45 lines
Diff to previous 1.231 (colored)
bz#413: allow optional specification of bind address for port forwardings. Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports. ok markus@
Revision 1.231 / (download) - annotate - [select for diffs], Wed Feb 16 09:56:44 2005 UTC (19 years, 3 months ago) by otto
Branch: MAIN
Changes since 1.230: +3 -2 lines
Diff to previous 1.230 (colored)
Better diagnostic if an identity file is not accesible. ok markus@ djm@
Revision 1.230 / (download) - annotate - [select for diffs], Sun Nov 7 17:57:30 2004 UTC (19 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.229: +5 -4 lines
Diff to previous 1.229 (colored)
usage(): - add -O - sync -S w/ manpage - remove -h
Revision 1.229 / (download) - annotate - [select for diffs], Sun Nov 7 00:01:46 2004 UTC (19 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.228: +52 -14 lines
Diff to previous 1.228 (colored)
add basic control of a running multiplex master connection; including the ability to check its status and request it to exit; ok markus@
Revision 1.228 / (download) - annotate - [select for diffs], Thu Sep 23 13:00:04 2004 UTC (19 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.227: +11 -2 lines
Diff to previous 1.227 (colored)
correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@
Revision 1.227 / (download) - annotate - [select for diffs], Wed Sep 15 00:46:01 2004 UTC (19 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.226: +2 -2 lines
Diff to previous 1.226 (colored)
/* fallthrough */ is something a programmer understands. But /* FALLTHROUGH */ is also understood by lint, so that is better.
Revision 1.226 / (download) - annotate - [select for diffs], Tue Sep 7 23:41:30 2004 UTC (19 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.225: +2 -1 lines
Diff to previous 1.225 (colored)
cleanup multiplex control socket on SIGHUP too, spotted by sturm@ ok markus@ deraadt@
Revision 1.225 / (download) - annotate - [select for diffs], Mon Aug 23 14:26:38 2004 UTC (19 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.224: +6 -3 lines
Diff to previous 1.224 (colored)
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
Revision 1.201.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:32 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.201.2.1: +245 -115 lines
Diff to previous 1.201.2.1 (colored) to branchpoint 1.201 (colored) next main 1.202 (colored)
upgrade to OpenSSH 3.9
Revision 1.209.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:27 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.209: +238 -67 lines
Diff to previous 1.209 (colored)
upgrade to OpenSSH 3.9
Revision 1.224 / (download) - annotate - [select for diffs], Wed Jul 28 09:40:29 2004 UTC (19 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.223: +2 -2 lines
Diff to previous 1.223 (colored)
more s/illegal/invalid/
Revision 1.223 / (download) - annotate - [select for diffs], Sun Jul 11 17:48:47 2004 UTC (19 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.222: +6 -6 lines
Diff to previous 1.222 (colored)
spaces
Revision 1.222 / (download) - annotate - [select for diffs], Wed Jun 23 14:31:01 2004 UTC (19 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.221: +5 -3 lines
Diff to previous 1.221 (colored)
Fix counting in master/slave when passing environment variables; ok djm@
Revision 1.221 / (download) - annotate - [select for diffs], Mon Jun 21 17:36:31 2004 UTC (19 years, 10 months ago) by avsm
Branch: MAIN
Changes since 1.220: +5 -5 lines
Diff to previous 1.220 (colored)
make ssh -Wshadow clean, no functional changes markus@ ok
Revision 1.220 / (download) - annotate - [select for diffs], Sun Jun 20 17:36:59 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.219: +36 -8 lines
Diff to previous 1.219 (colored)
filter passed env vars at slave in connection sharing case; ok markus@
Revision 1.219 / (download) - annotate - [select for diffs], Fri Jun 18 10:55:43 2004 UTC (19 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.218: +4 -6 lines
Diff to previous 1.218 (colored)
trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask'; ok djm
Revision 1.218 / (download) - annotate - [select for diffs], Fri Jun 18 10:40:19 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.217: +5 -5 lines
Diff to previous 1.217 (colored)
delay signal handler setup until we have finished talking to the master. allow interrupting of setup (e.g. if master is stuck); ok markus@
Revision 1.217 / (download) - annotate - [select for diffs], Thu Jun 17 23:56:57 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.216: +4 -3 lines
Diff to previous 1.216 (colored)
sync usage() and SYNPOSIS with connection sharing changes
Revision 1.216 / (download) - annotate - [select for diffs], Thu Jun 17 15:10:14 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.215: +5 -2 lines
Diff to previous 1.215 (colored)
Add option for confirmation (ControlMaster=ask) via ssh-askpass before opening shared connections; ok markus@
Revision 1.215 / (download) - annotate - [select for diffs], Thu Jun 17 14:52:48 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.214: +13 -5 lines
Diff to previous 1.214 (colored)
support environment passing over shared connections; ok markus@
Revision 1.214 / (download) - annotate - [select for diffs], Sun Jun 13 15:03:02 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.213: +185 -93 lines
Diff to previous 1.213 (colored)
implement session multiplexing in the client (the server has supported this since 2.0); ok markus@
Revision 1.213 / (download) - annotate - [select for diffs], Sat May 8 00:01:37 2004 UTC (20 years ago) by deraadt
Branch: MAIN
Changes since 1.212: +2 -3 lines
Diff to previous 1.212 (colored)
make two tiny header files go away; djm ok
Revision 1.212 / (download) - annotate - [select for diffs], Tue Apr 27 09:46:37 2004 UTC (20 years ago) by djm
Branch: MAIN
Changes since 1.211: +40 -1 lines
Diff to previous 1.211 (colored)
bz #815: implement ability to pass specified environment variables from the client to the server; ok markus@
Revision 1.211 / (download) - annotate - [select for diffs], Mon Apr 19 21:51:49 2004 UTC (20 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.210: +2 -2 lines
Diff to previous 1.210 (colored)
fix idiot typo that i introduced in my last commit; spotted by cschneid AT cschneid.com
Revision 1.210 / (download) - annotate - [select for diffs], Sun Apr 18 23:10:26 2004 UTC (20 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.209: +5 -4 lines
Diff to previous 1.209 (colored)
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions
Revision 1.209 / (download) - annotate - [select for diffs], Thu Mar 11 10:21:17 2004 UTC (20 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.208: +3 -7 lines
Diff to previous 1.208 (colored)
ssh, sshd: sync version output, ok djm
Revision 1.208 / (download) - annotate - [select for diffs], Wed Mar 10 09:45:06 2004 UTC (20 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.207: +7 -44 lines
Diff to previous 1.207 (colored)
trim usage to match ssh(1) and look more like unix. ok djm@
Revision 1.207 / (download) - annotate - [select for diffs], Tue Mar 9 22:11:05 2004 UTC (20 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.206: +2 -2 lines
Diff to previous 1.206 (colored)
increase x11 cookie lifetime to 20 minutes; ok djm
Revision 1.190.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:16 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.190.2.1: +77 -34 lines
Diff to previous 1.190.2.1 (colored) to branchpoint 1.190 (colored) next main 1.191 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.201.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:34 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.201: +77 -34 lines
Diff to previous 1.201 (colored)
upgrade to OpenSSH 3.8
Revision 1.206 / (download) - annotate - [select for diffs], Tue Dec 16 15:49:51 2003 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.205: +3 -6 lines
Diff to previous 1.205 (colored)
application layer keep alive (ServerAliveInterval ServerAliveCountMax) for ssh(1), similar to the sshd(8) option; ok beck@; with help from jmc and dtucker@
Revision 1.205 / (download) - annotate - [select for diffs], Tue Dec 9 17:30:05 2003 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.204: +5 -3 lines
Diff to previous 1.204 (colored)
don't modify argv for ssh -o; similar to sshd.c 1.283
Revision 1.204 / (download) - annotate - [select for diffs], Mon Nov 24 00:16:35 2003 UTC (20 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.203: +2 -2 lines
Diff to previous 1.203 (colored)
Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@
Revision 1.203 / (download) - annotate - [select for diffs], Fri Nov 21 11:57:03 2003 UTC (20 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.202: +3 -3 lines
Diff to previous 1.202 (colored)
unexpand and delete whitespace at EOL; ok markus@
Revision 1.202 / (download) - annotate - [select for diffs], Sat Oct 11 08:24:08 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.201: +68 -24 lines
Diff to previous 1.201 (colored)
remote x11 clients are now untrusted by default, uses xauth(8) to generate untrusted cookies; ForwardX11Trusted=yes restores old behaviour. ok deraadt; feedback and ok djm/fries
Revision 1.186.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:28 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.186.2.1: +33 -42 lines
Diff to previous 1.186.2.1 (colored) to branchpoint 1.186 (colored) next main 1.187 (colored)
upgrade to OpenSSH 3.7
Revision 1.190.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:44 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.190: +33 -42 lines
Diff to previous 1.190 (colored)
upgrade to OpenSSH 3.7
Revision 1.201 / (download) - annotate - [select for diffs], Mon Sep 1 18:15:50 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.200: +2 -3 lines
Diff to previous 1.200 (colored)
remove unused kerberos code; ok henning@
Revision 1.200 / (download) - annotate - [select for diffs], Wed Aug 13 09:07:10 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.199: +2 -2 lines
Diff to previous 1.199 (colored)
socks4->socks, since with support both 4 and 5; dtucker@zip.com.au
Revision 1.199 / (download) - annotate - [select for diffs], Wed Aug 13 08:46:30 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.198: +1 -8 lines
Diff to previous 1.198 (colored)
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others
Revision 1.198 / (download) - annotate - [select for diffs], Tue Jul 22 13:35:22 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.197: +2 -7 lines
Diff to previous 1.197 (colored)
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@
Revision 1.197 / (download) - annotate - [select for diffs], Wed Jul 16 10:34:53 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.196: +6 -6 lines
Diff to previous 1.196 (colored)
don't exit on multiple -v or -d; ok deraadt@
Revision 1.196 / (download) - annotate - [select for diffs], Thu Jul 3 08:09:06 2003 UTC (20 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.195: +7 -10 lines
Diff to previous 1.195 (colored)
fix AddressFamily option in config file, from brent@graveland.net; ok markus@
Revision 1.195 / (download) - annotate - [select for diffs], Wed Jul 2 20:37:48 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.194: +8 -1 lines
Diff to previous 1.194 (colored)
convert hostkeyalias to lowercase, otherwise uppercase aliases will not match at all; ok henning@
Revision 1.194 / (download) - annotate - [select for diffs], Thu Jun 12 19:12:03 2003 UTC (20 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.193: +2 -2 lines
Diff to previous 1.193 (colored)
add sc_get_key_label; larsch at trustcenter.de; bugzilla#591
Revision 1.193 / (download) - annotate - [select for diffs], Thu May 15 13:52:10 2003 UTC (21 years ago) by djm
Branch: MAIN
Changes since 1.192: +3 -3 lines
Diff to previous 1.192 (colored)
Make "ssh -V" print the OpenSSL version in a human readable form. Patch from Craig Leres (mindrot at ee.lbl.gov); ok markus@
Revision 1.192 / (download) - annotate - [select for diffs], Sun May 11 20:30:25 2003 UTC (21 years ago) by markus
Branch: MAIN
Changes since 1.191: +2 -2 lines
Diff to previous 1.191 (colored)
make channel_new() strdup the 'remote_name' (not the caller); ok theo
Revision 1.191 / (download) - annotate - [select for diffs], Tue Apr 8 20:21:29 2003 UTC (21 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.190: +9 -9 lines
Diff to previous 1.190 (colored)
rename log() into logit() to avoid name conflict. markus ok, from netbsd
Revision 1.169.2.5 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:18 2003 UTC (21 years, 1 month ago) by miod
Branch: OPENBSD_3_1
Changes since 1.169.2.4: +11 -8 lines
Diff to previous 1.169.2.4 (colored) to branchpoint 1.169 (colored) next main 1.170 (colored)
Merge OpenSSH 3.6.1
Revision 1.186.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:14 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.186: +11 -8 lines
Diff to previous 1.186 (colored)
Update to OpenSSH 3.6
Revision 1.190 / (download) - annotate - [select for diffs], Thu Feb 6 09:27:29 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.189: +5 -1 lines
Diff to previous 1.189 (colored)
support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@
Revision 1.189 / (download) - annotate - [select for diffs], Mon Dec 9 16:50:30 2002 UTC (21 years, 5 months ago) by millert
Branch: MAIN
Changes since 1.188: +4 -5 lines
Diff to previous 1.188 (colored)
Avoid setting optind to 0 as GNU getopt treats that like we do optreset. markus@ OK
Revision 1.188 / (download) - annotate - [select for diffs], Wed Nov 27 17:53:35 2002 UTC (21 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.187: +3 -3 lines
Diff to previous 1.187 (colored)
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
Revision 1.187 / (download) - annotate - [select for diffs], Thu Nov 21 23:04:33 2002 UTC (21 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.186: +2 -2 lines
Diff to previous 1.186 (colored)
debug->debug2
Revision 1.147.2.5 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:07 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.147.2.4: +39 -21 lines
Diff to previous 1.147.2.4 (colored) to branchpoint 1.147 (colored) next main 1.148 (colored)
Update to OpenSSH 3.5
Revision 1.169.2.4 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:53 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.169.2.3: +39 -21 lines
Diff to previous 1.169.2.3 (colored) to branchpoint 1.169 (colored)
Update to OpenSSH 3.5
Revision 1.186 / (download) - annotate - [select for diffs], Thu Sep 19 01:58:18 2002 UTC (21 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.185: +12 -1 lines
Diff to previous 1.185 (colored)
bugzilla.mindrot.org #223 - ProxyCommands don't exit. Patch from dtucker@zip.com.au; ok markus@
Revision 1.185 / (download) - annotate - [select for diffs], Wed Sep 11 18:27:26 2002 UTC (21 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.184: +2 -5 lines
Diff to previous 1.184 (colored)
don't connect to agent to test for presence if we've previously connected; ok markus@
Revision 1.184 / (download) - annotate - [select for diffs], Thu Aug 29 19:49:42 2002 UTC (21 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.183: +10 -10 lines
Diff to previous 1.183 (colored)
shrink initial privilege bracket for setuid case; ok markus@
Revision 1.183 / (download) - annotate - [select for diffs], Thu Aug 29 16:02:54 2002 UTC (21 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.182: +2 -3 lines
Diff to previous 1.182 (colored)
deprecate -P as UsePrivilegedPort defaults to no now; ok markus@
Revision 1.182 / (download) - annotate - [select for diffs], Fri Jul 19 17:42:40 2002 UTC (21 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.181: +12 -3 lines
Diff to previous 1.181 (colored)
display a warning from ssh when XAuthLocation does not exist or xauth returned no authentication data. ok markus@
Revision 1.181 / (download) - annotate - [select for diffs], Wed Jul 3 14:21:05 2002 UTC (21 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.180: +3 -2 lines
Diff to previous 1.180 (colored)
re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
Revision 1.180 / (download) - annotate - [select for diffs], Sun Jun 30 21:59:45 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.179: +4 -3 lines
Diff to previous 1.179 (colored)
minor KNF
Revision 1.169.2.3 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:39 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.169.2.2: +34 -103 lines
Diff to previous 1.169.2.2 (colored) to branchpoint 1.169 (colored)
Pull in OpenSSH-3.4
Revision 1.147.2.4 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:18 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.147.2.3: +34 -103 lines
Diff to previous 1.147.2.3 (colored) to branchpoint 1.147 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.179 / (download) - annotate - [select for diffs], Wed Jun 12 01:09:52 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.178: +2 -2 lines
Diff to previous 1.178 (colored)
ssh_connect returns 0 on success
Revision 1.178 / (download) - annotate - [select for diffs], Tue Jun 11 23:03:54 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.177: +7 -9 lines
Diff to previous 1.177 (colored)
remove unused cruft.
Revision 1.177 / (download) - annotate - [select for diffs], Tue Jun 11 04:14:26 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.176: +10 -10 lines
Diff to previous 1.176 (colored)
no longer use uidswap.[ch] from the ssh client run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@
Revision 1.176 / (download) - annotate - [select for diffs], Sat Jun 8 05:17:01 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.175: +3 -71 lines
Diff to previous 1.175 (colored)
deprecate FallBackToRsh and UseRsh; patch from djm@
Revision 1.175 / (download) - annotate - [select for diffs], Sat Jun 8 05:07:56 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.174: +1 -9 lines
Diff to previous 1.174 (colored)
nuke ptrace comment
Revision 1.116.2.5 / (download) - annotate - [select for diffs], Sun Jun 2 22:56:11 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.116.2.4: +47 -34 lines
Diff to previous 1.116.2.4 (colored) to branchpoint 1.116 (colored) next main 1.117 (colored)
Upgrade to OpenSSH 3.2.3. Except for improbable compilation error fixes, this should be the last commit made to the 2.9-STABLE branche. Have fun upgrading.
Revision 1.174 / (download) - annotate - [select for diffs], Thu May 23 19:39:34 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.173: +3 -1 lines
Diff to previous 1.173 (colored)
add comment about ssh-keysign
Revision 1.173 / (download) - annotate - [select for diffs], Thu May 23 19:24:30 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.172: +14 -7 lines
Diff to previous 1.172 (colored)
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
Revision 1.172 / (download) - annotate - [select for diffs], Wed May 22 23:18:25 2002 UTC (22 years ago) by deraadt
Branch: MAIN
Changes since 1.171: +3 -3 lines
Diff to previous 1.171 (colored)
spelling; abishoff@arc.nasa.gov
Revision 1.169.2.2 / (download) - annotate - [select for diffs], Sat May 18 04:50:38 2002 UTC (22 years ago) by jason
Branch: OPENBSD_3_1
Changes since 1.169.2.1: +0 -0 lines
Diff to previous 1.169.2.1 (colored) to branchpoint 1.169 (colored)
Update to OpenSSH-3.2.3
Revision 1.169.2.1 / (download) - annotate - [select for diffs], Sat May 18 04:12:11 2002 UTC (22 years ago) by jason
Branch: OPENBSD_3_1
Changes since 1.169: +25 -1 lines
Diff to previous 1.169 (colored)
Update to OpenSSH-3.2.2
Revision 1.147.2.3 / (download) - annotate - [select for diffs], Fri May 17 00:03:24 2002 UTC (22 years ago) by miod
Branch: OPENBSD_3_0
Changes since 1.147.2.2: +47 -34 lines
Diff to previous 1.147.2.2 (colored) to branchpoint 1.147 (colored)
Update OpenSSH to version 3.2.2.
Revision 1.171 / (download) - annotate - [select for diffs], Thu May 16 22:09:59 2002 UTC (22 years ago) by stevesk
Branch: MAIN
Changes since 1.170: +3 -3 lines
Diff to previous 1.170 (colored)
don't limit xauth pathlen on client side and longer print length on server when debug; ok markus@ patch from pin@math.chalmers.se
Revision 1.170 / (download) - annotate - [select for diffs], Mon Apr 22 21:04:52 2002 UTC (22 years ago) by markus
Branch: MAIN
Changes since 1.169: +25 -1 lines
Diff to previous 1.169 (colored)
request reply (success/failure) for -R style fwd in protocol v2, depends on ordered replies. fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@
Revision 1.169 / (download) - annotate - [select for diffs], Tue Mar 26 11:37:05 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.168: +2 -1 lines
Diff to previous 1.168 (colored)
update Copyright
Revision 1.168 / (download) - annotate - [select for diffs], Mon Mar 25 21:04:02 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.167: +3 -3 lines
Diff to previous 1.167 (colored)
simplify num_identity_files handling
Revision 1.167 / (download) - annotate - [select for diffs], Mon Mar 25 17:34:27 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.166: +21 -33 lines
Diff to previous 1.166 (colored)
change sc_get_key to sc_get_keys and hide smartcard details in scard.c
Revision 1.166 / (download) - annotate - [select for diffs], Thu Mar 21 22:44:05 2002 UTC (22 years, 2 months ago) by rees
Branch: MAIN
Changes since 1.165: +2 -2 lines
Diff to previous 1.165 (colored)
Add PIN-protection for secret key.
Revision 1.165 / (download) - annotate - [select for diffs], Tue Mar 19 10:49:35 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.164: +2 -2 lines
Diff to previous 1.164 (colored)
KNF whitespace
Revision 1.116.2.4 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:45 2002 UTC (22 years, 2 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.116.2.3: +48 -37 lines
Diff to previous 1.116.2.3 (colored) to branchpoint 1.116 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.69.2.8 / (download) - annotate - [select for diffs], Fri Mar 8 17:04:43 2002 UTC (22 years, 2 months ago) by brad
Branch: OPENBSD_2_8
Changes since 1.69.2.7: +48 -37 lines
Diff to previous 1.69.2.7 (colored) to branchpoint 1.69 (colored) next main 1.70 (colored)
Merge OpenSSH 3.1.
Revision 1.147.2.2 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:47 2002 UTC (22 years, 2 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.147.2.1: +48 -37 lines
Diff to previous 1.147.2.1 (colored) to branchpoint 1.147 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.164 / (download) - annotate - [select for diffs], Thu Feb 14 23:28:00 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.163: +4 -4 lines
Diff to previous 1.163 (colored)
increase the SSH v2 window size to 4 packets. comsumes a little bit more memory for slow receivers but increases througput.
Revision 1.163 / (download) - annotate - [select for diffs], Thu Feb 7 09:35:39 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.162: +1 -3 lines
Diff to previous 1.162 (colored)
remove bogus comments
Revision 1.162 / (download) - annotate - [select for diffs], Wed Feb 6 14:55:16 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.161: +1 -3 lines
Diff to previous 1.161 (colored)
channel_new never returns NULL, mouring@; ok djm@
Revision 1.161 / (download) - annotate - [select for diffs], Tue Feb 5 14:32:55 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.160: +3 -2 lines
Diff to previous 1.160 (colored)
merge channel_request() into channel_request_start()
Revision 1.160 / (download) - annotate - [select for diffs], Sun Feb 3 17:58:21 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.159: +2 -4 lines
Diff to previous 1.159 (colored)
generic callbacks are not really used, remove and add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION ok djm@
Revision 1.159 / (download) - annotate - [select for diffs], Sun Jan 27 18:08:17 2002 UTC (22 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.158: +17 -4 lines
Diff to previous 1.158 (colored)
handle simple case to identify FamilyLocal display; ok markus@
Revision 1.158 / (download) - annotate - [select for diffs], Wed Jan 16 13:17:51 2002 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.157: +2 -2 lines
Diff to previous 1.157 (colored)
wrapper for channel_setup_fwd_listener
Revision 1.157 / (download) - annotate - [select for diffs], Fri Dec 28 15:06:00 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.156: +2 -2 lines
Diff to previous 1.156 (colored)
remove plen from the dispatch fn. it's no longer used.
Revision 1.156 / (download) - annotate - [select for diffs], Fri Dec 28 14:50:54 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.155: +5 -6 lines
Diff to previous 1.155 (colored)
packet_read* no longer return the packet length, since it's not used.
Revision 1.155 / (download) - annotate - [select for diffs], Fri Dec 28 12:14:27 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.154: +3 -3 lines
Diff to previous 1.154 (colored)
s/packet_done/packet_check_eom/ (end-of-message); ok djm@
Revision 1.154 / (download) - annotate - [select for diffs], Thu Dec 27 20:39:58 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.153: +2 -2 lines
Diff to previous 1.153 (colored)
get rid of packet_integrity_check, use packet_done() instead.
Revision 1.153 / (download) - annotate - [select for diffs], Thu Dec 20 22:50:24 2001 UTC (22 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.152: +2 -2 lines
Diff to previous 1.152 (colored)
Conformance fix: we should send failing packet sequence number when responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by yakk@yakk.dot.net; ok markus@
Revision 1.152 / (download) - annotate - [select for diffs], Wed Dec 19 17:16:13 2001 UTC (22 years, 5 months ago) by stevesk
Branch: MAIN
Changes since 1.151: +5 -5 lines
Diff to previous 1.151 (colored)
change the buffer/packet interface to use void* vs. char*; ok markus@
Revision 1.151 / (download) - annotate - [select for diffs], Wed Dec 19 07:18:56 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.150: +4 -4 lines
Diff to previous 1.150 (colored)
basic KNF done while i was looking for something else
Revision 1.150 / (download) - annotate - [select for diffs], Fri Nov 30 20:39:28 2001 UTC (22 years, 5 months ago) by stevesk
Branch: MAIN
Changes since 1.149: +13 -9 lines
Diff to previous 1.149 (colored)
sscanf() length dependencies are clearer now; can also shrink proto and data if desired, but i have not done that. ok markus@
Revision 1.116.2.3 / (download) - annotate - [select for diffs], Thu Nov 15 22:51:15 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.116.2.2: +3 -9 lines
Diff to previous 1.116.2.2 (colored) to branchpoint 1.116 (colored)
Merge OpenSSH 3.0.1.
Revision 1.69.2.7 / (download) - annotate - [select for diffs], Thu Nov 15 22:50:30 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.69.2.6: +3 -9 lines
Diff to previous 1.69.2.6 (colored) to branchpoint 1.69 (colored)
Merge OpenSSH 3.0.1. This is likely to be the last commit to the 2.8-STABLE branch.
Revision 1.116.2.2 / (download) - annotate - [select for diffs], Thu Nov 15 00:15:19 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.116.2.1: +5 -4 lines
Diff to previous 1.116.2.1 (colored) to branchpoint 1.116 (colored)
Merge OpenSSH 3.0
Revision 1.69.2.6 / (download) - annotate - [select for diffs], Thu Nov 15 00:15:00 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.69.2.5: +5 -4 lines
Diff to previous 1.69.2.5 (colored) to branchpoint 1.69 (colored)
Merge OpenSSH 3.0
Revision 1.147.2.1 / (download) - annotate - [select for diffs], Wed Nov 14 03:24:39 2001 UTC (22 years, 6 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.147: +3 -9 lines
Diff to previous 1.147 (colored)
Pull in patches from current (Errata 002): Update to OpenSSH-3.0.1 via errata patch (Instead of using release tarball)
Revision 1.149 / (download) - annotate - [select for diffs], Wed Oct 24 08:51:35 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.148: +3 -1 lines
Diff to previous 1.148 (colored)
ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
Revision 1.148 / (download) - annotate - [select for diffs], Wed Oct 24 08:41:20 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.147: +1 -9 lines
Diff to previous 1.147 (colored)
remove unused
Revision 1.147 / (download) - annotate - [select for diffs], Mon Oct 8 19:05:05 2001 UTC (22 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.146: +2 -2 lines
Diff to previous 1.146 (colored)
some more IPv4or6 cleanup
Revision 1.146 / (download) - annotate - [select for diffs], Mon Oct 1 21:38:53 2001 UTC (22 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.145: +2 -1 lines
Diff to previous 1.145 (colored)
remove ugliness; vp@drexel.edu via angelos
Revision 1.145 / (download) - annotate - [select for diffs], Fri Sep 28 15:46:29 2001 UTC (22 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.144: +3 -3 lines
Diff to previous 1.144 (colored)
bug: read user config first; report kaukasoi@elektroni.ee.tut.fi
Revision 1.116.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:55 2001 UTC (22 years, 7 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.116: +227 -130 lines
Diff to previous 1.116 (colored)
Pull in OpenSSH-2.9.9
Revision 1.69.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:42 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.69.2.4: +227 -130 lines
Diff to previous 1.69.2.4 (colored) to branchpoint 1.69 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.144 / (download) - annotate - [select for diffs], Mon Sep 24 03:38:58 2001 UTC (22 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.143: +3 -1 lines
Diff to previous 1.143 (colored)
don't rely on <unistd.h> for getopt(3) extern variable declarations; for portable. ok deraadt@
Revision 1.143 / (download) - annotate - [select for diffs], Thu Sep 20 13:50:40 2001 UTC (22 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.142: +15 -10 lines
Diff to previous 1.142 (colored)
bug compat: request a dummy channel for -N (no shell) sessions + cleanup; vinschen@redhat.com
Revision 1.142 / (download) - annotate - [select for diffs], Mon Sep 3 20:58:33 2001 UTC (22 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.141: +6 -4 lines
Diff to previous 1.141 (colored)
fatal() for nonexistent -Fssh_config. ok markus@
Revision 1.141 / (download) - annotate - [select for diffs], Wed Aug 29 23:27:23 2001 UTC (22 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.140: +19 -20 lines
Diff to previous 1.140 (colored)
validate ports for -L/-R; ok markus@
Revision 1.140 / (download) - annotate - [select for diffs], Wed Aug 29 23:13:10 2001 UTC (22 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.139: +2 -1 lines
Diff to previous 1.139 (colored)
document -D and DynamicForward; ok markus@
Revision 1.139 / (download) - annotate - [select for diffs], Tue Aug 28 15:39:48 2001 UTC (22 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.138: +24 -8 lines
Diff to previous 1.138 (colored)
allow: ssh -F configfile host
Revision 1.138 / (download) - annotate - [select for diffs], Sat Aug 11 22:51:27 2001 UTC (22 years, 9 months ago) by jakob
Branch: MAIN
Changes since 1.137: +2 -2 lines
Diff to previous 1.137 (colored)
fix more paths beginning with "//"; <bradshaw@staff.crosswalk.com>. ok markus@
Revision 1.137 / (download) - annotate - [select for diffs], Thu Aug 2 16:14:05 2001 UTC (22 years, 9 months ago) by jakob
Branch: MAIN
Changes since 1.136: +5 -5 lines
Diff to previous 1.136 (colored)
clean up some /* SMARTCARD */. ok markus@
Revision 1.136 / (download) - annotate - [select for diffs], Thu Aug 2 15:43:57 2001 UTC (22 years, 9 months ago) by jakob
Branch: MAIN
Changes since 1.135: +5 -5 lines
Diff to previous 1.135 (colored)
add /* SMARTCARD */ to #else/#endif. ok markus@
Revision 1.135 / (download) - annotate - [select for diffs], Thu Aug 2 15:32:10 2001 UTC (22 years, 9 months ago) by jakob
Branch: MAIN
Changes since 1.134: +4 -1 lines
Diff to previous 1.134 (colored)
add smartcard to usage(). ok markus@
Revision 1.134 / (download) - annotate - [select for diffs], Wed Aug 1 23:38:45 2001 UTC (22 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.133: +11 -1 lines
Diff to previous 1.133 (colored)
support finish rsa keys. free public keys after login -> call finish -> close smartcard.
Revision 1.133 / (download) - annotate - [select for diffs], Wed Aug 1 22:03:33 2001 UTC (22 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.132: +3 -3 lines
Diff to previous 1.132 (colored)
use strings instead of ints for smartcard reader ids
Revision 1.132 / (download) - annotate - [select for diffs], Tue Jul 31 09:28:44 2001 UTC (22 years, 9 months ago) by jakob
Branch: MAIN
Changes since 1.131: +4 -9 lines
Diff to previous 1.131 (colored)
add 'SmartcardDevice' client option to specify which smartcard device is used to access a smartcard used for storing the user's private RSA key. ok markus@.
Revision 1.131 / (download) - annotate - [select for diffs], Fri Jul 27 14:50:45 2001 UTC (22 years, 9 months ago) by millert
Branch: MAIN
Changes since 1.130: +23 -18 lines
Diff to previous 1.130 (colored)
If smart card support is compiled in and a smart card is being used for authentication, make it the first method used. markus@ OK
Revision 1.130 / (download) - annotate - [select for diffs], Wed Jul 25 14:35:18 2001 UTC (22 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.129: +14 -15 lines
Diff to previous 1.129 (colored)
cleanup connect(); connection_attempts 4 -> 1; from eivind@freebsd.org
Revision 1.129 / (download) - annotate - [select for diffs], Wed Jul 11 16:29:59 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.128: +2 -2 lines
Diff to previous 1.128 (colored)
sort options string, fix -p, add -k
Revision 1.128 / (download) - annotate - [select for diffs], Mon Jul 9 05:58:47 2001 UTC (22 years, 10 months ago) by fgsch
Branch: MAIN
Changes since 1.127: +69 -63 lines
Diff to previous 1.127 (colored)
Use getopt(3); markus@ ok.
Revision 1.127 / (download) - annotate - [select for diffs], Tue Jun 26 20:14:11 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.126: +47 -2 lines
Diff to previous 1.126 (colored)
add smartcard support to the client, too (now you can use both the agent and the client).
Revision 1.126 / (download) - annotate - [select for diffs], Sat Jun 23 15:12:21 2001 UTC (22 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.125: +15 -15 lines
Diff to previous 1.125 (colored)
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
Revision 1.125 / (download) - annotate - [select for diffs], Fri Jun 22 23:35:21 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.124: +7 -5 lines
Diff to previous 1.124 (colored)
don't overwrite argv (fixes ssh user@host in 'ps'), report by ericj@
Revision 1.124 / (download) - annotate - [select for diffs], Thu Jun 7 20:23:05 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.123: +2 -2 lines
Diff to previous 1.123 (colored)
use xxx_put_cstring()
Revision 1.123 / (download) - annotate - [select for diffs], Thu May 31 10:30:17 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.122: +2 -2 lines
Diff to previous 1.122 (colored)
undo the .c file split, just merge the header and keep the cvs history
Revision 1.122 / (download) - annotate - [select for diffs], Wed May 30 15:20:10 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.121: +2 -2 lines
Diff to previous 1.121 (colored)
merge functions, simplify.
Revision 1.121 / (download) - annotate - [select for diffs], Wed May 30 12:55:13 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.120: +2 -2 lines
Diff to previous 1.120 (colored)
channel layer cleanup: merge header files and split .c files
Revision 1.120 / (download) - annotate - [select for diffs], Mon May 28 08:04:39 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.119: +5 -6 lines
Diff to previous 1.119 (colored)
fix usage()
Revision 1.119 / (download) - annotate - [select for diffs], Thu May 24 18:57:53 2001 UTC (22 years, 11 months ago) by stevesk
Branch: MAIN
Changes since 1.118: +6 -4 lines
Diff to previous 1.118 (colored)
don't perform escape processing when ``EscapeChar none''; ok markus@
Revision 1.69.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:36 2001 UTC (23 years ago) by jason
Branch: OPENBSD_2_8
Changes since 1.69.2.3: +88 -78 lines
Diff to previous 1.69.2.3 (colored) to branchpoint 1.69 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.118 / (download) - annotate - [select for diffs], Fri May 4 23:47:34 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.117: +10 -8 lines
Diff to previous 1.117 (colored)
move to Channel **channels (instead of Channel *channels), fixes realloc problems. channel_new now returns a Channel *, favour Channel * over channel id. remove old channel_allocate interface.
Revision 1.117 / (download) - annotate - [select for diffs], Mon Apr 30 11:18:52 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.116: +6 -2 lines
Diff to previous 1.116 (colored)
implement 'ssh -b bind_address' like 'telnet -b'
Revision 1.116 / (download) - annotate - [select for diffs], Tue Apr 17 12:55:04 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.115: +1 -5 lines
Diff to previous 1.115 (colored)
undo socks5 and https support since they are not really used and only bloat ssh. remove -D from usage(), since '-D' is experimental.
Revision 1.115 / (download) - annotate - [select for diffs], Sat Apr 14 16:33:20 2001 UTC (23 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.114: +6 -3 lines
Diff to previous 1.114 (colored)
protocol 2 tty modes support; ok markus@
Revision 1.114 / (download) - annotate - [select for diffs], Fri Apr 13 01:26:17 2001 UTC (23 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.113: +2 -2 lines
Diff to previous 1.113 (colored)
missing \n in error message
Revision 1.113 / (download) - annotate - [select for diffs], Thu Apr 12 20:09:37 2001 UTC (23 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.112: +7 -7 lines
Diff to previous 1.112 (colored)
robust port validation; ok markus@ jakob@
Revision 1.112 / (download) - annotate - [select for diffs], Thu Apr 12 19:15:25 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.111: +31 -9 lines
Diff to previous 1.111 (colored)
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
Revision 1.111 / (download) - annotate - [select for diffs], Thu Apr 12 14:29:09 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.110: +3 -2 lines
Diff to previous 1.110 (colored)
show debug output during option processing, report from pekkas@netcore.fi
Revision 1.110 / (download) - annotate - [select for diffs], Wed Apr 11 13:56:13 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.109: +4 -3 lines
Diff to previous 1.109 (colored)
https-connect and socks5 support. i feel so bad.
Revision 1.109 / (download) - annotate - [select for diffs], Wed Apr 11 10:59:01 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.108: +12 -4 lines
Diff to previous 1.108 (colored)
use strtol() for ports, thanks jakob@
Revision 1.108 / (download) - annotate - [select for diffs], Sat Apr 7 08:55:18 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.107: +11 -2 lines
Diff to previous 1.107 (colored)
allow the ssh client act as a SOCKS4 proxy (dynamic local portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me. thanks to Dan for this great patch: use 'ssh -D 1080 host' and make netscape use localhost:1080 as a socks proxy.
Revision 1.107 / (download) - annotate - [select for diffs], Fri Apr 6 21:00:13 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.106: +15 -17 lines
Diff to previous 1.106 (colored)
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
Revision 1.106 / (download) - annotate - [select for diffs], Thu Apr 5 21:05:24 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.105: +23 -15 lines
Diff to previous 1.105 (colored)
don't request a session for 'ssh -N', pointed out slade@shore.net
Revision 1.105 / (download) - annotate - [select for diffs], Mon Mar 26 08:07:09 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.104: +9 -45 lines
Diff to previous 1.104 (colored)
simpler key load/save interface, see authfile.h
Revision 1.69.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:30 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.69.2.2: +54 -34 lines
Diff to previous 1.69.2.2 (colored) to branchpoint 1.69 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.51.2.5 / (download) - annotate - [select for diffs], Wed Mar 21 18:53:13 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.51.2.4: +54 -34 lines
Diff to previous 1.51.2.4 (colored) to branchpoint 1.51 (colored) next main 1.52 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.51.2.4 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:16 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.51.2.3: +222 -153 lines
Diff to previous 1.51.2.3 (colored) to branchpoint 1.51 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.104 / (download) - annotate - [select for diffs], Thu Mar 8 21:42:32 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.103: +35 -11 lines
Diff to previous 1.103 (colored)
implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key -> no need to do enter passphrase or do expensive sign operations if the server does not accept key).
Revision 1.103 / (download) - annotate - [select for diffs], Sun Mar 4 17:42:28 2001 UTC (23 years, 2 months ago) by millert
Branch: MAIN
Changes since 1.102: +4 -4 lines
Diff to previous 1.102 (colored)
log functions should not be passed strings that end in newline as they get passed on to syslog() and when logging to stderr, do_log() appends its own newline.
Revision 1.102 / (download) - annotate - [select for diffs], Sun Mar 4 10:57:53 2001 UTC (23 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.101: +2 -1 lines
Diff to previous 1.101 (colored)
add -m to usage; ok markus@
Revision 1.101 / (download) - annotate - [select for diffs], Sat Mar 3 23:59:34 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.100: +7 -5 lines
Diff to previous 1.100 (colored)
log*.c -> log.c
Revision 1.100 / (download) - annotate - [select for diffs], Thu Mar 1 22:46:37 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.99: +4 -3 lines
Diff to previous 1.99 (colored)
don't truncate remote ssh-2 commands; from mkubita@securities.cz use min, not max for logging, fixes overflow.
Revision 1.99 / (download) - annotate - [select for diffs], Thu Mar 1 02:29:04 2001 UTC (23 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.98: +4 -5 lines
Diff to previous 1.98 (colored)
shorten usage by a line
Revision 1.98 / (download) - annotate - [select for diffs], Thu Feb 22 21:59:44 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.97: +3 -11 lines
Diff to previous 1.97 (colored)
use pwcopy in ssh.c, too
Revision 1.97 / (download) - annotate - [select for diffs], Wed Feb 21 21:14:04 2001 UTC (23 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.96: +3 -2 lines
Diff to previous 1.96 (colored)
-i supports DSA identities now; ok markus@
Revision 1.69.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:19:33 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.69.2.1: +5 -4 lines
Diff to previous 1.69.2.1 (colored) to branchpoint 1.69 (colored)
Pull in OpenSSH-2.5.1
Revision 1.96 / (download) - annotate - [select for diffs], Sat Feb 17 23:28:58 2001 UTC (23 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.95: +5 -4 lines
Diff to previous 1.95 (colored)
cleanup -V output; noted by millert
Revision 1.69.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:13:20 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.69: +218 -150 lines
Diff to previous 1.69 (colored)
Pull in OpenSSH 2.5.0
Revision 1.95 / (download) - annotate - [select for diffs], Sun Feb 11 12:59:25 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.94: +12 -2 lines
Diff to previous 1.94 (colored)
1) clean up the MAC support for SSH-2
2) allow you to specify the MAC with 'ssh -m'
3) or the 'MACs' keyword in ssh(d)_config
4) add hmac-{md5,sha1}-96
ok stevesk@, provos@
Revision 1.94 / (download) - annotate - [select for diffs], Sat Feb 10 01:46:28 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.93: +1 -7 lines
Diff to previous 1.93 (colored)
remove mapping of argv[0] -> hostname
Revision 1.93 / (download) - annotate - [select for diffs], Thu Feb 8 19:30:52 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.92: +5 -5 lines
Diff to previous 1.92 (colored)
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
Revision 1.92 / (download) - annotate - [select for diffs], Tue Feb 6 23:06:21 2001 UTC (23 years, 3 months ago) by jakob
Branch: MAIN
Changes since 1.91: +3 -3 lines
Diff to previous 1.91 (colored)
reorder -{1,2,4,6} options. ok markus@
Revision 1.91 / (download) - annotate - [select for diffs], Tue Feb 6 23:03:24 2001 UTC (23 years, 3 months ago) by jakob
Branch: MAIN
Changes since 1.90: +5 -1 lines
Diff to previous 1.90 (colored)
add -1 option (force protocol version 1). ok markus@
Revision 1.90 / (download) - annotate - [select for diffs], Tue Feb 6 22:43:02 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.89: +2 -2 lines
Diff to previous 1.89 (colored)
remove confusing callback code
Revision 1.89 / (download) - annotate - [select for diffs], Tue Feb 6 22:07:42 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.88: +21 -2 lines
Diff to previous 1.88 (colored)
fatal() if subsystem fails
Revision 1.88 / (download) - annotate - [select for diffs], Sun Feb 4 15:32:26 2001 UTC (23 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.87: +3 -3 lines
Diff to previous 1.87 (colored)
unexpand and remove end-of-line whitespace; ok markus@
Revision 1.87 / (download) - annotate - [select for diffs], Sun Feb 4 15:14:14 2001 UTC (23 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.86: +2 -2 lines
Diff to previous 1.86 (colored)
make the alpha happy
Revision 1.86 / (download) - annotate - [select for diffs], Wed Jan 31 20:37:23 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.85: +6 -2 lines
Diff to previous 1.85 (colored)
do not disconnect if local port forwarding fails, e.g. if port is already in use
Revision 1.85 / (download) - annotate - [select for diffs], Mon Jan 29 12:36:10 2001 UTC (23 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.84: +19 -3 lines
Diff to previous 1.84 (colored)
Allow invocation of sybsystem by commandline (-s); ok markus@
Revision 1.84 / (download) - annotate - [select for diffs], Sun Jan 21 19:05:58 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.83: +11 -9 lines
Diff to previous 1.83 (colored)
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
Revision 1.83 / (download) - annotate - [select for diffs], Fri Jan 19 15:55:11 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.82: +7 -5 lines
Diff to previous 1.82 (colored)
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
Revision 1.82 / (download) - annotate - [select for diffs], Mon Jan 15 21:40:10 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.81: +3 -3 lines
Diff to previous 1.81 (colored)
use log() instead of stderr
Revision 1.81 / (download) - annotate - [select for diffs], Sat Jan 13 19:14:09 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.80: +3 -4 lines
Diff to previous 1.80 (colored)
move callback to headerfile
Revision 1.80 / (download) - annotate - [select for diffs], Sat Jan 13 18:32:50 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.79: +7 -3 lines
Diff to previous 1.79 (colored)
split out keepalive from packet_interactive (from dale@accentre.com) set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
Revision 1.79 / (download) - annotate - [select for diffs], Wed Dec 27 11:51:54 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.78: +6 -3 lines
Diff to previous 1.78 (colored)
multiple -t force pty allocation, document ORIGINAL_COMMAND
Revision 1.78 / (download) - annotate - [select for diffs], Tue Dec 19 23:17:58 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.77: +4 -4 lines
Diff to previous 1.77 (colored)
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
Revision 1.77 / (download) - annotate - [select for diffs], Tue Dec 12 23:11:48 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.76: +7 -12 lines
Diff to previous 1.76 (colored)
rhosts-rsa is no longer automagically disabled if ssh is not privileged. UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers. these changes should not change the visible default behaviour of the ssh client.
Revision 1.76 / (download) - annotate - [select for diffs], Tue Dec 12 22:30:01 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.75: +4 -13 lines
Diff to previous 1.75 (colored)
consistently use __progname; from stevesk@pobox.com
Revision 1.75 / (download) - annotate - [select for diffs], Thu Nov 30 07:02:35 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.74: +4 -4 lines
Diff to previous 1.74 (colored)
check -T before isatty()
Revision 1.74 / (download) - annotate - [select for diffs], Thu Nov 23 21:03:47 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.73: +10 -4 lines
Diff to previous 1.73 (colored)
complain about invalid ciphers for ssh1/ssh2, fall back to reasonable defaults
Revision 1.73 / (download) - annotate - [select for diffs], Wed Nov 15 19:58:08 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.72: +2 -2 lines
Diff to previous 1.72 (colored)
just ignore non existing user keys
Revision 1.72 / (download) - annotate - [select for diffs], Sun Nov 12 19:50:38 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.71: +45 -37 lines
Diff to previous 1.71 (colored)
add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
Revision 1.51.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 21:31:24 2000 UTC (23 years, 6 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.51.2.2: +59 -31 lines
Diff to previous 1.51.2.2 (colored) to branchpoint 1.51 (colored)
openssh-2.3.0 (again) for 2.7 branch
Revision 1.71 / (download) - annotate - [select for diffs], Mon Nov 6 23:13:26 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.70: +3 -1 lines
Diff to previous 1.70 (colored)
do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi
Revision 1.70 / (download) - annotate - [select for diffs], Mon Nov 6 23:04:56 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.69: +60 -51 lines
Diff to previous 1.69 (colored)
agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi
Revision 1.69 / (download) - annotate - [select for diffs], Fri Oct 27 07:32:19 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.68: +10 -2 lines
Diff to previous 1.68 (colored)
enable non-blocking IO on channels, and tty's (except for the client ttys).
Revision 1.68 / (download) - annotate - [select for diffs], Wed Oct 11 20:27:24 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.67: +4 -3 lines
Diff to previous 1.67 (colored)
new cipher framework
Revision 1.67 / (download) - annotate - [select for diffs], Tue Oct 3 18:16:47 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.66: +1 -17 lines
Diff to previous 1.66 (colored)
do not resolve canonname, i have no idea why this was added oin ossh
Revision 1.66 / (download) - annotate - [select for diffs], Tue Sep 12 20:53:10 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.65: +12 -3 lines
Diff to previous 1.65 (colored)
multiple debug levels
Revision 1.65 / (download) - annotate - [select for diffs], Thu Sep 7 20:40:30 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.64: +7 -9 lines
Diff to previous 1.64 (colored)
cleanup window and packet sizes for ssh2 flow control; ok niels
Revision 1.64 / (download) - annotate - [select for diffs], Thu Sep 7 20:27:54 2000 UTC (23 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.63: +31 -3 lines
Diff to previous 1.63 (colored)
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
Revision 1.51.2.2 / (download) - annotate - [select for diffs], Fri Sep 1 18:23:23 2000 UTC (23 years, 8 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.51.2.1: +25 -13 lines
Diff to previous 1.51.2.1 (colored) to branchpoint 1.51 (colored)
Pull in the rest of openssh-2.2.0 to 2.7 branch (luvin' cvs...)
Revision 1.63 / (download) - annotate - [select for diffs], Mon Aug 28 20:19:52 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.62: +2 -2 lines
Diff to previous 1.62 (colored)
allow combination of -N and -f
Revision 1.62 / (download) - annotate - [select for diffs], Mon Aug 28 19:51:00 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.61: +12 -8 lines
Diff to previous 1.61 (colored)
enable -n and -f for ssh2
Revision 1.61 / (download) - annotate - [select for diffs], Sun Aug 20 18:42:40 2000 UTC (23 years, 9 months ago) by millert
Branch: MAIN
Changes since 1.60: +2 -1 lines
Diff to previous 1.60 (colored)
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
Revision 1.60 / (download) - annotate - [select for diffs], Sat Aug 19 18:48:11 2000 UTC (23 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.59: +14 -7 lines
Diff to previous 1.59 (colored)
support for ~. in ssh2
Revision 1.59 / (download) - annotate - [select for diffs], Sat Aug 19 02:07:23 2000 UTC (23 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.58: +3 -3 lines
Diff to previous 1.58 (colored)
accept remsh as a valid name as well; roman@buildpoint.com
Revision 1.58 / (download) - annotate - [select for diffs], Sun Jul 16 08:27:22 2000 UTC (23 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.57: +2 -2 lines
Diff to previous 1.57 (colored)
make ssh-add accept dsa keys (the agent does not)
Revision 1.57 / (download) - annotate - [select for diffs], Sat Jul 15 04:01:37 2000 UTC (23 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)
Always create ~/.ssh with mode 700; ok Markus
Revision 1.56 / (download) - annotate - [select for diffs], Tue Jun 20 01:39:44 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.55: +1 -1 lines
Diff to previous 1.55 (colored)
OpenBSD tag
Revision 1.51.2.1 / (download) - annotate - [select for diffs], Mon Jun 12 02:37:36 2000 UTC (23 years, 11 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.51: +18 -13 lines
Diff to previous 1.51 (colored)
lovin' CVS... update patch branch to OpenSSH-2.1.1
Revision 1.55 / (download) - annotate - [select for diffs], Wed May 31 06:36:40 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.54: +12 -12 lines
Diff to previous 1.54 (colored)
xauth_location support; pr 1234
Revision 1.54 / (download) - annotate - [select for diffs], Tue May 30 17:32:06 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)
remove dependency on openssl-0.9.5a; green@FreeBSD.org via kris@FreeBSD.org
Revision 1.53 / (download) - annotate - [select for diffs], Mon May 29 20:20:46 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.52: +5 -1 lines
Diff to previous 1.52 (colored)
forwardagent defaults to no, add ssh -A
Revision 1.52 / (download) - annotate - [select for diffs], Mon May 15 06:52:55 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.51: +3 -2 lines
Diff to previous 1.51 (colored)
fix usage()
Revision 1.51 / (download) - annotate - [select for diffs], Mon May 8 17:12:15 2000 UTC (24 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE
Branch point for: OPENBSD_2_7
Changes since 1.50: +2 -1 lines
Diff to previous 1.50 (colored)
complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
Revision 1.50 / (download) - annotate - [select for diffs], Fri Apr 28 08:10:20 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.49: +59 -43 lines
Diff to previous 1.49 (colored)
support for x11-fwding, client+server
Revision 1.49 / (download) - annotate - [select for diffs], Wed Apr 26 20:56:30 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.48: +49 -18 lines
Diff to previous 1.48 (colored)
add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX] for trading keys with the real and the original SSH, directly from the people who invented the SSH protocol.
Revision 1.48 / (download) - annotate - [select for diffs], Fri Apr 14 10:30:33 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.47: +8 -31 lines
Diff to previous 1.47 (colored)
whitespace cleanup
Revision 1.47 / (download) - annotate - [select for diffs], Fri Apr 14 10:11:12 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.46: +6 -1 lines
Diff to previous 1.46 (colored)
ssh -2
Revision 1.46 / (download) - annotate - [select for diffs], Wed Apr 12 07:45:44 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.45: +6 -3 lines
Diff to previous 1.45 (colored)
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
Revision 1.45 / (download) - annotate - [select for diffs], Tue Apr 4 15:19:42 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.44: +147 -15 lines
Diff to previous 1.44 (colored)
ssh2 client implementation, interops w/ ssh.com and lsh servers.
Revision 1.44 / (download) - annotate - [select for diffs], Tue Mar 28 20:31:28 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.43: +2 -1 lines
Diff to previous 1.43 (colored)
replace big switch() with function tables (prepare for ssh2)
Revision 1.43 / (download) - annotate - [select for diffs], Thu Mar 23 21:52:02 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.42: +6 -4 lines
Diff to previous 1.42 (colored)
switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
Revision 1.42 / (download) - annotate - [select for diffs], Wed Mar 22 09:55:10 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.41: +1 -4 lines
Diff to previous 1.41 (colored)
remove unused cipher_attack_detected code
Revision 1.41 / (download) - annotate - [select for diffs], Mon Feb 28 19:51:58 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.40: +2 -1 lines
Diff to previous 1.40 (colored)
turn off x11-fwd for the client, too.
Revision 1.40 / (download) - annotate - [select for diffs], Sun Feb 20 20:05:19 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
Revision 1.39 / (download) - annotate - [select for diffs], Tue Jan 4 13:41:32 2000 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.38: +2 -1 lines
Diff to previous 1.38 (colored)
more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo, from itojun@
Revision 1.38 / (download) - annotate - [select for diffs], Tue Jan 4 09:07:59 2000 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.37: +3 -1 lines
Diff to previous 1.37 (colored)
'ssh @host' is illegal (null user name), from karsten@gedankenpolizei.de
Revision 1.37 / (download) - annotate - [select for diffs], Tue Jan 4 00:08:00 2000 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.36: +36 -15 lines
Diff to previous 1.36 (colored)
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
Revision 1.36 / (download) - annotate - [select for diffs], Sun Dec 12 19:20:03 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.35: +3 -2 lines
Diff to previous 1.35 (colored)
type conflict for 'extern Type *options' in channels.c; dot@dotat.at
Revision 1.35 / (download) - annotate - [select for diffs], Wed Dec 1 13:59:15 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.34: +6 -10 lines
Diff to previous 1.34 (colored)
ports are u_short
Revision 1.34 / (download) - annotate - [select for diffs], Wed Nov 24 20:15:35 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.33: +6 -10 lines
Diff to previous 1.33 (colored)
postpone fork_after_authentication until command execution, request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au plus: use daemon() for backgrounding
Revision 1.33 / (download) - annotate - [select for diffs], Wed Nov 24 19:53:52 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.32: +100 -67 lines
Diff to previous 1.32 (colored)
KNF, final part 3
Revision 1.32 / (download) - annotate - [select for diffs], Wed Nov 24 00:26:03 1999 UTC (24 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.31: +18 -23 lines
Diff to previous 1.31 (colored)
much more KNF
Revision 1.31 / (download) - annotate - [select for diffs], Tue Nov 23 22:25:55 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.30: +657 -710 lines
Diff to previous 1.30 (colored)
KNF part 1
Revision 1.30 / (download) - annotate - [select for diffs], Mon Nov 15 21:05:03 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.29: +8 -1 lines
Diff to previous 1.29 (colored)
a note for legay systems about secuity issues with permanently_set_uid(), the private hostkey and ptrace()
Revision 1.29 / (download) - annotate - [select for diffs], Sun Nov 14 21:45:07 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.28: +4 -3 lines
Diff to previous 1.28 (colored)
print _all_ bad config-options in ssh(1), too
Revision 1.28 / (download) - annotate - [select for diffs], Thu Nov 11 23:36:53 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
Revision 1.27 / (download) - annotate - [select for diffs], Wed Nov 10 23:36:44 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.26: +9 -7 lines
Diff to previous 1.26 (colored)
add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
obsoletes QuietMode and FascistLogging in sshd.
Revision 1.26 / (download) - annotate - [select for diffs], Thu Oct 28 21:29:26 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.25: +3 -9 lines
Diff to previous 1.25 (colored)
save a few lines when disabling rhosts-{rsa-}auth
Revision 1.25 / (download) - annotate - [select for diffs], Tue Oct 26 22:38:51 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.24: +1 -3 lines
Diff to previous 1.24 (colored)
don't define original_real_uid twice
Revision 1.24 / (download) - annotate - [select for diffs], Thu Oct 14 18:17:42 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)
fix old connect() race security-bug for ssh-agent and agent-forwarding by removing the connect() junk, with the following restrictions: 1) change the version to "OpenSSH-1.1": agent-forwarding will work only between OpenSSH-1.1 client and OpenSSH-1.1 server 2) renamed the environment variable of OpenSSH-1.1 to "SSH_AUTH_SOCKET", since useing OpenSSH-1.0 ssh-add against the new ssh-agent does not work
Revision 1.23 / (download) - annotate - [select for diffs], Tue Oct 12 21:04:22 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.22: +14 -2 lines
Diff to previous 1.22 (colored)
-P/UsePrivilegedPort from 1.2.27, it turns of allocation of priv. port and disabled rhosts/rhosts-rsa, ok deraadt@
Revision 1.22 / (download) - annotate - [select for diffs], Sun Oct 3 21:50:04 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.21: +6 -3 lines
Diff to previous 1.21 (colored)
add code to detect DNS spoofing: the main idea is to not only store the host key for the hostname but also for the according IP address. When we check the host key in the known_hosts file, we also check the key against the according IP address. When the server key changes, host_status = HOST_CHANGED. If check_host_in_hostfile() returns differing status for the IP address that means that either DNS was spoofed or that the IP address for the host and the host key changed at the same time.
Revision 1.21 / (download) - annotate - [select for diffs], Thu Sep 30 20:39:08 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
reorder usage, like real ssh
Revision 1.20 / (download) - annotate - [select for diffs], Thu Sep 30 18:28:36 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.19: +1 -3 lines
Diff to previous 1.19 (colored)
better way to deal with authfile cipher; dugsong@
Revision 1.19 / (download) - annotate - [select for diffs], Thu Sep 30 14:05:41 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.18: +4 -11 lines
Diff to previous 1.18 (colored)
remove ``none''.
Revision 1.18 / (download) - annotate - [select for diffs], Thu Sep 30 05:53:04 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.17: +1 -3 lines
Diff to previous 1.17 (colored)
"ssh is a very large program" -- anonymous
Revision 1.17 / (download) - annotate - [select for diffs], Thu Sep 30 05:43:33 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.16: +1 -5 lines
Diff to previous 1.16 (colored)
wringing out all the water
Revision 1.16 / (download) - annotate - [select for diffs], Thu Sep 30 05:11:29 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.15: +1 -3 lines
Diff to previous 1.15 (colored)
do not bother with dinosaur pacification
Revision 1.15 / (download) - annotate - [select for diffs], Thu Sep 30 05:03:05 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.14: +1 -7 lines
Diff to previous 1.14 (colored)
cull more ancient garbage from pre-POSIX days
Revision 1.14 / (download) - annotate - [select for diffs], Thu Sep 30 04:30:03 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.13: +1 -6 lines
Diff to previous 1.13 (colored)
more culling
Revision 1.13 / (download) - annotate - [select for diffs], Thu Sep 30 04:10:28 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.12: +4 -8 lines
Diff to previous 1.12 (colored)
rely on paths.h more
Revision 1.12 / (download) - annotate - [select for diffs], Wed Sep 29 21:15:54 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.11: +1 -3 lines
Diff to previous 1.11 (colored)
we have setsid
Revision 1.11 / (download) - annotate - [select for diffs], Wed Sep 29 21:14:16 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.10: +8 -12 lines
Diff to previous 1.10 (colored)
numerous sprintf, strncpy, strcpy cleanups
Revision 1.10 / (download) - annotate - [select for diffs], Wed Sep 29 18:27:23 1999 UTC (24 years, 7 months ago) by dugsong
Branch: MAIN
Changes since 1.9: +3 -2 lines
Diff to previous 1.9 (colored)
global original_real_uid
Revision 1.9 / (download) - annotate - [select for diffs], Wed Sep 29 18:16:20 1999 UTC (24 years, 7 months ago) by dugsong
Branch: MAIN
Changes since 1.8: +10 -11 lines
Diff to previous 1.8 (colored)
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
Revision 1.8 / (download) - annotate - [select for diffs], Wed Sep 29 12:16:35 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)
-V in usage()
Revision 1.7 / (download) - annotate - [select for diffs], Wed Sep 29 11:45:50 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
correct the usage, disable agent forwarding is -a
Revision 1.6 / (download) - annotate - [select for diffs], Wed Sep 29 06:15:18 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.5: +3 -0 lines
Diff to previous 1.5 (colored)
add -V option
Revision 1.5 / (download) - annotate - [select for diffs], Wed Sep 29 06:15:00 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.4: +11 -1 lines
Diff to previous 1.4 (colored)
test for RSA in the ssl library, real early on
Revision 1.4 / (download) - annotate - [select for diffs], Wed Sep 29 00:10:16 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +6 -1 lines
Diff to previous 1.3 (colored)
GatewayPorts and ssh -g; markus.friedl@informatik.uni-erlangen.de
Revision 1.3 / (download) - annotate - [select for diffs], Tue Sep 28 07:57:42 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +8 -2 lines
Diff to previous 1.2 (colored)
user@host; aaron
Revision 1.2 / (download) - annotate - [select for diffs], Tue Sep 28 04:45:37 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.1: +25 -31 lines
Diff to previous 1.1 (colored)
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Sep 26 20:53:38 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.