![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.394 / (download) - annotate - [select for diffs], Wed Feb 21 06:01:13 2024 UTC (2 months, 3 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.393: +3 -3 lines
Diff to previous 1.393 (colored)
fix typo in match directive predicate (s/tagged/tag) GHPR#462 from Tobias Manske
Revision 1.393 / (download) - annotate - [select for diffs], Wed Jan 10 06:33:13 2024 UTC (4 months ago) by jmc
Branch: MAIN
Changes since 1.392: +3 -3 lines
Diff to previous 1.392 (colored)
fix incorrect capitalisation;
Revision 1.392 / (download) - annotate - [select for diffs], Tue Jan 9 22:19:00 2024 UTC (4 months ago) by djm
Branch: MAIN
Changes since 1.391: +16 -6 lines
Diff to previous 1.391 (colored)
add a "global" ChannelTimeout type to ssh(1) and sshd(8) that watches all open channels and will close all open channels if there is no traffic on any of them for the specified interval. This is in addition to the existing per-channel timeouts added a few releases ago. This supports use-cases like having a session + x11 forwarding channel open where one may be idle for an extended period but the other is actively used. The global timeout would allow closing both channels when both have been idle for too long. ok dtucker@
Revision 1.391 / (download) - annotate - [select for diffs], Thu Oct 12 02:18:18 2023 UTC (7 months ago) by djm
Branch: MAIN
Changes since 1.390: +6 -3 lines
Diff to previous 1.390 (colored)
add %j token that expands to the configured ProxyJump hostname (or the empty string if this option is not being used). bz3610, ok dtucker
Revision 1.390 / (download) - annotate - [select for diffs], Wed Oct 11 22:42:26 2023 UTC (7 months ago) by djm
Branch: MAIN
Changes since 1.389: +69 -2 lines
Diff to previous 1.389 (colored)
add ChannelTimeout support to the client, mirroring the same option in the server. ok markus@
Revision 1.389 / (download) - annotate - [select for diffs], Wed Oct 11 06:40:54 2023 UTC (7 months ago) by djm
Branch: MAIN
Changes since 1.388: +4 -1 lines
Diff to previous 1.388 (colored)
mention "none" is a valid argument to IdentityFile; bz3080
Revision 1.388 / (download) - annotate - [select for diffs], Wed Oct 4 05:42:10 2023 UTC (7 months, 1 week ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.387: +3 -3 lines
Diff to previous 1.387 (colored)
spelling fix;
Revision 1.387 / (download) - annotate - [select for diffs], Wed Oct 4 04:03:50 2023 UTC (7 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.386: +11 -1 lines
Diff to previous 1.386 (colored)
add some cautionary text about % token expansion and shell metacharacters; based on report from vinci AT protonmail.ch
Revision 1.386 / (download) - annotate - [select for diffs], Mon Aug 28 09:52:09 2023 UTC (8 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.385: +3 -2 lines
Diff to previous 1.385 (colored)
descriptive text shouldn't be under .Cm
Revision 1.385 / (download) - annotate - [select for diffs], Mon Aug 28 05:32:28 2023 UTC (8 months, 2 weeks ago) by jmc
Branch: MAIN
Changes since 1.384: +3 -3 lines
Diff to previous 1.384 (colored)
add spacing for punctuation when macro args;
Revision 1.384 / (download) - annotate - [select for diffs], Mon Aug 28 03:31:16 2023 UTC (8 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.383: +19 -1 lines
Diff to previous 1.383 (colored)
Add keystroke timing obfuscation to the client. This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword/ feedback/ok markus@
Revision 1.383 / (download) - annotate - [select for diffs], Mon Jul 17 05:36:14 2023 UTC (10 months ago) by jsg
Branch: MAIN
Changes since 1.382: +2 -2 lines
Diff to previous 1.382 (colored)
configuation -> configuration
Revision 1.382 / (download) - annotate - [select for diffs], Mon Jul 17 04:08:31 2023 UTC (10 months ago) by djm
Branch: MAIN
Changes since 1.381: +16 -2 lines
Diff to previous 1.381 (colored)
Add support for configuration tags to ssh(1). This adds a ssh_config(5) "Tag" directive and corresponding "Match tag" predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. ok markus
Revision 1.381 / (download) - annotate - [select for diffs], Mon Jul 17 04:04:36 2023 UTC (10 months ago) by djm
Branch: MAIN
Changes since 1.380: +14 -2 lines
Diff to previous 1.380 (colored)
add a "match localnetwork" predicate. This allows matching on the addresses of available network interfaces and may be used to vary the effective client configuration based on network location (e.g. to use a ProxyJump when not on a particular network). ok markus@
Revision 1.380 / (download) - annotate - [select for diffs], Mon Mar 27 03:56:11 2023 UTC (13 months, 3 weeks ago) by dtucker
Branch: MAIN
Changes since 1.379: +11 -2 lines
Diff to previous 1.379 (colored)
Add tilde and environment variable expansion to RevokedHostKeys. bz#3552, ok djm@
Revision 1.379 / (download) - annotate - [select for diffs], Fri Mar 10 02:32:04 2023 UTC (14 months, 1 week ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.378: +2 -2 lines
Diff to previous 1.378 (colored)
Like sshd_config, some ssh_config options are not first-match-wins. sshd_config.5 was fixed in r1.348, this is the same for this file
Revision 1.378 / (download) - annotate - [select for diffs], Fri Jan 13 07:13:40 2023 UTC (16 months ago) by jmc
Branch: MAIN
Changes since 1.377: +3 -4 lines
Diff to previous 1.377 (colored)
fix double phrase in previous;
Revision 1.377 / (download) - annotate - [select for diffs], Fri Jan 13 03:16:29 2023 UTC (16 months ago) by dtucker
Branch: MAIN
Changes since 1.376: +8 -2 lines
Diff to previous 1.376 (colored)
Document "UserKnownHostsFile none". ok djm@
Revision 1.376 / (download) - annotate - [select for diffs], Mon Nov 28 01:37:36 2022 UTC (17 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.375: +8 -2 lines
Diff to previous 1.375 (colored)
New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while
Revision 1.375 / (download) - annotate - [select for diffs], Mon Nov 7 10:09:28 2022 UTC (18 months, 1 week ago) by dtucker
Branch: MAIN
Changes since 1.374: +6 -2 lines
Diff to previous 1.374 (colored)
The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
Revision 1.374 / (download) - annotate - [select for diffs], Sat Sep 17 10:33:18 2022 UTC (19 months, 4 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.373: +13 -2 lines
Diff to previous 1.373 (colored)
add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@
Revision 1.373 / (download) - annotate - [select for diffs], Fri Jun 24 04:27:14 2022 UTC (22 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.372: +5 -5 lines
Diff to previous 1.372 (colored)
make it clear that RekeyLimit applies to both transmitted and received data. GHPR#328 from Jan Pazdziora
Revision 1.372 / (download) - annotate - [select for diffs], Fri May 27 04:13:24 2022 UTC (23 months, 3 weeks ago) by dtucker
Branch: MAIN
Changes since 1.371: +4 -2 lines
Diff to previous 1.371 (colored)
Note that ProxyJump also accepts the same tokens as ProxyCommand. From pallxk via github PR#305.
Revision 1.371 / (download) - annotate - [select for diffs], Thu Mar 31 17:58:44 2022 UTC (2 years, 1 month ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.370: +3 -3 lines
Diff to previous 1.370 (colored)
ssh: document sntrup761x25519-sha512@openssh.com as default KEX
Revision 1.370 / (download) - annotate - [select for diffs], Thu Mar 31 17:27:27 2022 UTC (2 years, 1 month ago) by naddy
Branch: MAIN
Changes since 1.369: +4 -4 lines
Diff to previous 1.369 (colored)
man pages: add missing commas between subordinate and main clauses jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@
Revision 1.369 / (download) - annotate - [select for diffs], Tue Feb 15 05:13:36 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.368: +11 -4 lines
Diff to previous 1.368 (colored)
document the unbound/host-bound options to PubkeyAuthentication; spotted by HARUYAMA Seigo
Revision 1.368 / (download) - annotate - [select for diffs], Fri Feb 4 02:49:17 2022 UTC (2 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.367: +4 -4 lines
Diff to previous 1.367 (colored)
Since they are deprecated, move DSA to the end of the default list of public keys so that they will be tried last. From github PR#295 from "ProBackup-nl", ok djm@
Revision 1.367 / (download) - annotate - [select for diffs], Wed Nov 10 06:29:25 2021 UTC (2 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.366: +3 -2 lines
Diff to previous 1.366 (colored)
add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). ok markus@
Revision 1.366 / (download) - annotate - [select for diffs], Sat Sep 25 09:40:33 2021 UTC (2 years, 7 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.365: +5 -8 lines
Diff to previous 1.365 (colored)
RSA/SHA-1 is not used by default anymore OK dtucker deraadt djm
Revision 1.365 / (download) - annotate - [select for diffs], Wed Sep 15 06:56:01 2021 UTC (2 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.364: +6 -1 lines
Diff to previous 1.364 (colored)
allow CanonicalizePermittedCNAMEs=none in ssh_config; ok markus@
Revision 1.364 / (download) - annotate - [select for diffs], Fri Sep 3 07:43:23 2021 UTC (2 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.363: +5 -5 lines
Diff to previous 1.363 (colored)
Use .Cm instead of .Dq in StrictHostKeyChecking list for consistency. Patch from scop via github PR#257, ok jmc@
Revision 1.363 / (download) - annotate - [select for diffs], Fri Sep 3 05:25:50 2021 UTC (2 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.362: +5 -5 lines
Diff to previous 1.362 (colored)
Refer to KEX "algorithms" instead of "methods" to match other references and improve consistency. Patch from scop via github PR#241, ok djm@
Revision 1.362 / (download) - annotate - [select for diffs], Thu Aug 12 23:59:25 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.361: +15 -4 lines
Diff to previous 1.361 (colored)
mention that CASignatureAlgorithms accepts +/- similarly to the other algorithm list directives; ok jmc bz#3335
Revision 1.361 / (download) - annotate - [select for diffs], Fri Aug 6 05:04:42 2021 UTC (2 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.360: +7 -2 lines
Diff to previous 1.360 (colored)
Document "ProxyJump none". bz#3334.
Revision 1.360 / (download) - annotate - [select for diffs], Fri Jul 30 14:25:01 2021 UTC (2 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.359: +5 -4 lines
Diff to previous 1.359 (colored)
fix a formatting error and mark up known_hosts consistently; issues reported by debian at helgefjell de ok djm dtucker
Revision 1.359 / (download) - annotate - [select for diffs], Fri Jul 23 04:04:52 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.358: +41 -2 lines
Diff to previous 1.358 (colored)
Add a ForkAfterAuthentication ssh_config(5) counterpart to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok dtucker
Revision 1.358 / (download) - annotate - [select for diffs], Fri Jul 23 04:00:59 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.357: +18 -2 lines
Diff to previous 1.357 (colored)
Add a StdinNull directive to ssh_config(5) that allows the config file to do the same thing as -n does on the ssh(1) commandline. Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
Revision 1.357 / (download) - annotate - [select for diffs], Wed Jul 14 06:46:38 2021 UTC (2 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.356: +17 -17 lines
Diff to previous 1.356 (colored)
reorder SessionType; ok djm
Revision 1.356 / (download) - annotate - [select for diffs], Tue Jul 13 23:48:36 2021 UTC (2 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.355: +17 -2 lines
Diff to previous 1.355 (colored)
add a SessionType directive to ssh_config, allowing the configuration file to offer equivalent control to the -N (no session) and -s (subsystem) command-line flags. Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; feedback and ok dtucker@
Revision 1.355 / (download) - annotate - [select for diffs], Fri Jul 2 05:11:21 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.354: +4 -9 lines
Diff to previous 1.354 (colored)
Remove references to ChallengeResponseAuthentication in favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but not entirely equivalent. We retain the old name as deprecated alias so config files continue to work and a reference in the man page for people looking for it. Prompted by bz#3303 which pointed out the discrepancy between the two when used with Match. Man page help & ok jmc@, with & ok djm@
Revision 1.354 / (download) - annotate - [select for diffs], Fri Jun 4 05:10:03 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.353: +4 -2 lines
Diff to previous 1.353 (colored)
adjust SetEnv description to clarify $TERM handling
Revision 1.353 / (download) - annotate - [select for diffs], Sun Apr 4 11:36:56 2021 UTC (3 years, 1 month ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.352: +3 -3 lines
Diff to previous 1.352 (colored)
remove stray inserts; from matthias schmidt
Revision 1.352 / (download) - annotate - [select for diffs], Sun Apr 4 06:11:24 2021 UTC (3 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.351: +3 -3 lines
Diff to previous 1.351 (colored)
missing comma; from kawashima james
Revision 1.351 / (download) - annotate - [select for diffs], Sat Apr 3 06:55:52 2021 UTC (3 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.350: +5 -4 lines
Diff to previous 1.350 (colored)
sync CASignatureAlgorithms lists with reality. GHPR#174 from Matt Hazinski
Revision 1.350 / (download) - annotate - [select for diffs], Fri Mar 12 05:18:01 2021 UTC (3 years, 2 months ago) by jsg
Branch: MAIN
Changes since 1.349: +3 -3 lines
Diff to previous 1.349 (colored)
spelling
Revision 1.349 / (download) - annotate - [select for diffs], Sun Feb 28 22:56:30 2021 UTC (3 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.348: +3 -3 lines
Diff to previous 1.348 (colored)
Add %k to list of keywords. From Eero Häkkinenvia bz#3267
Revision 1.348 / (download) - annotate - [select for diffs], Tue Feb 23 21:55:08 2021 UTC (3 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.347: +19 -19 lines
Diff to previous 1.347 (colored)
lots more s/key types/signature algorithms/ mostly in HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen
Revision 1.347 / (download) - annotate - [select for diffs], Mon Feb 15 20:43:15 2021 UTC (3 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.346: +41 -2 lines
Diff to previous 1.346 (colored)
ssh: add PermitRemoteOpen for remote dynamic forwarding with SOCKS ok djm@, dtucker@
Revision 1.346 / (download) - annotate - [select for diffs], Mon Feb 15 11:09:22 2021 UTC (3 years, 3 months ago) by dlg
Branch: MAIN
Changes since 1.345: +4 -1 lines
Diff to previous 1.345 (colored)
ProxyJump takes "none" to disable processing like ProxyCommand does ok djm@ jmc@
Revision 1.345 / (download) - annotate - [select for diffs], Tue Jan 26 15:40:17 2021 UTC (3 years, 3 months ago) by naddy
Branch: MAIN
Changes since 1.344: +10 -10 lines
Diff to previous 1.344 (colored)
move HostbasedAcceptedAlgorithms to the right place in alphabetical order
Revision 1.344 / (download) - annotate - [select for diffs], Tue Jan 26 05:32:22 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.343: +4 -3 lines
Diff to previous 1.343 (colored)
Rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@
Revision 1.343 / (download) - annotate - [select for diffs], Fri Jan 22 02:44:58 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.342: +9 -9 lines
Diff to previous 1.342 (colored)
Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
Revision 1.342 / (download) - annotate - [select for diffs], Thu Jan 14 19:45:06 2021 UTC (3 years, 4 months ago) by rob
Branch: MAIN
Changes since 1.341: +3 -3 lines
Diff to previous 1.341 (colored)
Minor grammatical correction. OK jmc@
Revision 1.341 / (download) - annotate - [select for diffs], Fri Jan 8 04:49:13 2021 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.340: +3 -3 lines
Diff to previous 1.340 (colored)
make CheckHostIP default to 'no'. It doesn't provide any perceptible value and makes it much harder for hosts to change host keys, particularly ones that use IP-based load-balancing. ok dtucker@
Revision 1.340 / (download) - annotate - [select for diffs], Tue Dec 22 07:40:26 2020 UTC (3 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.339: +11 -11 lines
Diff to previous 1.339 (colored)
tweak the description of KnownHostsCommand in ssh_conf.5, and add entries for it to the -O list in scp.1 and sftp.1; ok djm
Revision 1.339 / (download) - annotate - [select for diffs], Tue Dec 22 00:15:23 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.338: +55 -1 lines
Diff to previous 1.338 (colored)
add a ssh_config KnownHostsCommand that allows the client to obtain known_hosts data from a command in addition to the usual files. The command accepts bunch of %-expansions, including details of the connection and the offered server host key. Note that the command may be invoked up to three times per connection (see the manpage for details). ok markus@
Revision 1.338 / (download) - annotate - [select for diffs], Fri Oct 16 14:34:33 2020 UTC (3 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.337: +3 -3 lines
Diff to previous 1.337 (colored)
add space between macro arg and punctuation;
Revision 1.337 / (download) - annotate - [select for diffs], Fri Oct 16 13:26:13 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.336: +19 -2 lines
Diff to previous 1.336 (colored)
LogVerbose keyword for ssh and sshd Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@
Revision 1.336 / (download) - annotate - [select for diffs], Thu Oct 8 00:31:05 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.335: +9 -3 lines
Diff to previous 1.335 (colored)
clarify conditions for UpdateHostkeys
Revision 1.335 / (download) - annotate - [select for diffs], Wed Oct 7 02:18:45 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.334: +4 -2 lines
Diff to previous 1.334 (colored)
disable UpdateHostkeys by default if VerifyHostKeyDNS is enabled; suggested by Mark D. Baushke
Revision 1.334 / (download) - annotate - [select for diffs], Sat Oct 3 08:30:47 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.333: +3 -3 lines
Diff to previous 1.333 (colored)
enable UpdateHostkeys by default when the configuration has not overridden UserKnownHostsFile; ok markus@ "The timing is perfect" deraadt@
Revision 1.333 / (download) - annotate - [select for diffs], Sat Oct 3 04:15:06 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.332: +16 -13 lines
Diff to previous 1.332 (colored)
prefer ed25519 signature algorithm variants to ECDSA; ok markus@
Revision 1.332 / (download) - annotate - [select for diffs], Tue Aug 11 09:49:57 2020 UTC (3 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.331: +15 -6 lines
Diff to previous 1.331 (colored)
let ssh_config(5)'s AddKeysToAgent keyword accept a time limit for keys in addition to its current flag options. Time-limited keys will automatically be removed from ssh-agent after their expiry time has passed; ok markus@
Revision 1.331 / (download) - annotate - [select for diffs], Fri Jul 17 05:59:05 2020 UTC (3 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.330: +2 -2 lines
Diff to previous 1.330 (colored)
fix macro slip in previous;
Revision 1.330 / (download) - annotate - [select for diffs], Fri Jul 17 03:43:42 2020 UTC (3 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.329: +5 -2 lines
Diff to previous 1.329 (colored)
Add a '%k' TOKEN that expands to the effective HostKey of the destination. This allows, eg, keeping host keys in individual files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@ (man page bits)
Revision 1.329 / (download) - annotate - [select for diffs], Fri Jul 17 03:23:10 2020 UTC (3 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.328: +12 -4 lines
Diff to previous 1.328 (colored)
Add %-TOKEN, environment variable and tilde expansion to UserKnownHostsFile, allowing the file to be automagically split up in the configuration (eg bz#1654). ok djm@, man page parts jmc@
Revision 1.328 / (download) - annotate - [select for diffs], Fri May 29 05:48:39 2020 UTC (3 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.327: +1 -2 lines
Diff to previous 1.327 (colored)
remove a stray .El;
Revision 1.327 / (download) - annotate - [select for diffs], Fri May 29 05:37:03 2020 UTC (3 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.326: +3 -2 lines
Diff to previous 1.326 (colored)
mention that wildcards are processed in lexical order; bz#3165
Revision 1.326 / (download) - annotate - [select for diffs], Fri May 29 04:25:40 2020 UTC (3 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.325: +43 -10 lines
Diff to previous 1.325 (colored)
Allow some keywords to expand shell-style ${ENV} environment
variables on the client side. The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket
paths. This would for example allow forwarding of Unix domain
socket paths that change at runtime. bz#3140, ok djm@
Revision 1.325 / (download) - annotate - [select for diffs], Sat Apr 11 20:20:09 2020 UTC (4 years, 1 month ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.324: +3 -3 lines
Diff to previous 1.324 (colored)
add space between macro arg and punctuation;
Revision 1.324 / (download) - annotate - [select for diffs], Fri Apr 10 00:52:07 2020 UTC (4 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.323: +22 -9 lines
Diff to previous 1.323 (colored)
Add TOKEN percent expansion to LocalFoward and RemoteForward when used for Unix domain socket forwarding. Factor out the code for the config keywords that use the most common subset of TOKENS into its own function. bz#3014, ok jmc@ (man page bits) djm@
Revision 1.323 / (download) - annotate - [select for diffs], Fri Apr 3 02:27:12 2020 UTC (4 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.322: +11 -19 lines
Diff to previous 1.322 (colored)
Make with config keywords support which percent_expansions more consistent. - %C is moved into its own function and added to Match Exec. - move the common (global) options into a macro. This is ugly but it's the least-ugly way I could come up with. - move IdentityAgent and ForwardAgent percent expansion to before the config dump to make it regression-testable. - document all of the above ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest.
Revision 1.322 / (download) - annotate - [select for diffs], Fri Feb 7 03:54:44 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.321: +4 -4 lines
Diff to previous 1.321 (colored)
Add ssh -Q key-sig for all key and signature types. Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the corresponding query. Man page help jmc@, ok djm@.
Revision 1.321 / (download) - annotate - [select for diffs], Fri Jan 31 22:25:59 2020 UTC (4 years, 3 months ago) by jmc
Branch: MAIN
Changes since 1.320: +3 -3 lines
Diff to previous 1.320 (colored)
spelling fix;
Revision 1.320 / (download) - annotate - [select for diffs], Thu Jan 30 22:25:34 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.319: +13 -4 lines
Diff to previous 1.319 (colored)
document changed default for UpdateHostKeys
Revision 1.319 / (download) - annotate - [select for diffs], Tue Jan 28 01:49:36 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.318: +2 -1 lines
Diff to previous 1.318 (colored)
make IPTOS_DSCP_LE available via IPQoS directive; bz2986, based on patch by veegish AT cyberstorm.mu
Revision 1.318 / (download) - annotate - [select for diffs], Sat Jan 25 23:33:27 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.317: +5 -3 lines
Diff to previous 1.317 (colored)
clarify that BatchMode applies to all interactive prompts (e.g. host key confirmation) and not just password prompts.
Revision 1.317 / (download) - annotate - [select for diffs], Sat Jan 25 07:09:14 2020 UTC (4 years, 3 months ago) by tedu
Branch: MAIN
Changes since 1.316: +2 -3 lines
Diff to previous 1.316 (colored)
group14-sha1 is no longer a default algorithm
Revision 1.316 / (download) - annotate - [select for diffs], Sat Jan 25 07:02:51 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.315: +4 -4 lines
Diff to previous 1.315 (colored)
reword HashKnownHosts description a little more; some people found the wording confusing (bz#2560)
Revision 1.315 / (download) - annotate - [select for diffs], Sat Jan 25 07:01:00 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.314: +4 -4 lines
Diff to previous 1.314 (colored)
weaken the language for what HashKnownHosts provides with regards to known_hosts name privacy, it's not practical for this option to offer any guarantee that hostnames cannot be recovered from a disclosed known_hosts file (e.g. by brute force).
Revision 1.314 / (download) - annotate - [select for diffs], Tue Jan 21 12:40:04 2020 UTC (4 years, 3 months ago) by naddy
Branch: MAIN
Changes since 1.313: +3 -2 lines
Diff to previous 1.313 (colored)
document the default value of the ControlPersist option; ok dtucker@ djm@
Revision 1.313 / (download) - annotate - [select for diffs], Sat Dec 21 20:22:34 2019 UTC (4 years, 4 months ago) by naddy
Branch: MAIN
Changes since 1.312: +7 -7 lines
Diff to previous 1.312 (colored)
Replace the term "security key" with "(FIDO) authenticator". The polysemous use of "key" was too confusing. Input from markus@. ok jmc@
Revision 1.312 / (download) - annotate - [select for diffs], Sat Dec 21 02:19:13 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.311: +9 -6 lines
Diff to previous 1.311 (colored)
Allow forwarding a different agent socket to the path specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. Patch by Eric Chiang, manpage by me; ok markus@
Revision 1.311 / (download) - annotate - [select for diffs], Thu Dec 19 15:09:30 2019 UTC (4 years, 4 months ago) by naddy
Branch: MAIN
Changes since 1.310: +17 -9 lines
Diff to previous 1.310 (colored)
Document that security key-hosted keys can act as host keys. Update the list of default host key algorithms in ssh_config.5 and sshd_config.5. Copy the description of the SecurityKeyProvider option to sshd_config.5. ok jmc@
Revision 1.310 / (download) - annotate - [select for diffs], Sat Nov 30 07:07:59 2019 UTC (4 years, 5 months ago) by jmc
Branch: MAIN
Changes since 1.309: +2 -2 lines
Diff to previous 1.309 (colored)
tweak the Nd lines for a bit of consistency; ok markus
Revision 1.309 / (download) - annotate - [select for diffs], Mon Nov 18 23:17:48 2019 UTC (4 years, 5 months ago) by naddy
Branch: MAIN
Changes since 1.308: +7 -2 lines
Diff to previous 1.308 (colored)
document '$' environment variable expansion for SecurityKeyProvider; ok djm@
Revision 1.308 / (download) - annotate - [select for diffs], Mon Nov 18 23:16:49 2019 UTC (4 years, 5 months ago) by naddy
Branch: MAIN
Changes since 1.307: +4 -4 lines
Diff to previous 1.307 (colored)
more missing mentions of ed25519-sk; ok djm@
Revision 1.307 / (download) - annotate - [select for diffs], Mon Nov 18 04:55:02 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.306: +5 -2 lines
Diff to previous 1.306 (colored)
mention ed25519-sk key/cert types here too; prompted by jmc@
Revision 1.306 / (download) - annotate - [select for diffs], Thu Nov 14 21:27:30 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.305: +4 -5 lines
Diff to previous 1.305 (colored)
directly support U2F/FIDO2 security keys in OpenSSH by linking against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging.
Revision 1.305 / (download) - annotate - [select for diffs], Thu Nov 7 08:38:38 2019 UTC (4 years, 6 months ago) by naddy
Branch: MAIN
Changes since 1.304: +22 -7 lines
Diff to previous 1.304 (colored)
Fill in missing man page bits for U2F security key support: Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@
Revision 1.304 / (download) - annotate - [select for diffs], Fri Sep 13 04:52:34 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.303: +4 -4 lines
Diff to previous 1.303 (colored)
clarify that IdentitiesOnly also applies to the default ~/.ssh/id_* keys; bz#3062
Revision 1.303 / (download) - annotate - [select for diffs], Fri Sep 13 04:27:35 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.302: +3 -3 lines
Diff to previous 1.302 (colored)
allow %n to be expanded in ProxyCommand strings From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@
Revision 1.302 / (download) - annotate - [select for diffs], Fri Sep 13 04:07:42 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.301: +4 -4 lines
Diff to previous 1.301 (colored)
clarify that ConnectTimeout applies both to the TCP connection and to the protocol handshake/KEX. From Jean-Charles Longuet via Github PR140
Revision 1.301 / (download) - annotate - [select for diffs], Fri Sep 6 14:45:34 2019 UTC (4 years, 8 months ago) by naddy
Branch: MAIN
Changes since 1.300: +26 -2 lines
Diff to previous 1.300 (colored)
Allow prepending a list of algorithms to the default set by starting the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@
Revision 1.300 / (download) - annotate - [select for diffs], Wed Sep 4 20:31:15 2019 UTC (4 years, 8 months ago) by naddy
Branch: MAIN
Changes since 1.299: +6 -6 lines
Diff to previous 1.299 (colored)
Call comma-separated lists as such to clarify semantics. Options such as Ciphers take values that may be a list of ciphers; the complete list, not indiviual elements, may be prefixed with a dash or plus character to remove from or append to the default list, respectively. Users might read the current text as if each elment took an optional prefix, so tweak the wording from "values" to "list" to prevent such ambiguity for all options supporting these semantics. Fix instances missed in first commit. ok jmc@ kn@
Revision 1.299 / (download) - annotate - [select for diffs], Fri Aug 16 11:16:32 2019 UTC (4 years, 9 months ago) by kn
Branch: MAIN
Changes since 1.298: +10 -10 lines
Diff to previous 1.298 (colored)
Call comma-separated lists as such to clarify semantics Options such as Ciphers take values that may be a list of ciphers; the complete list, not indiviual elements, may be prefixed with a dash or plus character to remove from or append to the default list respectively. Users might read the current text as if each elment took an optional prefix, so tweak the wording from "values" to "list" to prevent such ambiguity for all options supporting this semantics (those that provide a list of available elements via "ssh -Q ..."). Input and OK jmc
Revision 1.298 / (download) - annotate - [select for diffs], Fri Aug 9 04:24:03 2019 UTC (4 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.297: +3 -3 lines
Diff to previous 1.297 (colored)
Change description of TCPKeepAlive from "inactive" to "unresponsive" to clarify what it checks for. Patch from jblaine at kickflop.net via github pr#129, ok djm@.
Revision 1.297 / (download) - annotate - [select for diffs], Fri Aug 2 01:23:19 2019 UTC (4 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.296: +2 -2 lines
Diff to previous 1.296 (colored)
typo; from Christian Hesse
Revision 1.296 / (download) - annotate - [select for diffs], Wed Jun 12 11:31:50 2019 UTC (4 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.295: +4 -4 lines
Diff to previous 1.295 (colored)
Hostname->HostName cleanup; from lauri tirkkonen ok dtucker
Revision 1.295 / (download) - annotate - [select for diffs], Wed Jun 12 05:53:21 2019 UTC (4 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.294: +7 -7 lines
Diff to previous 1.294 (colored)
deraadt noticed some inconsistency in the way we denote the "Hostname" and "X11UseLocalhost" keywords; this makes things consistent (effectively reversing my commit of yesterday); ok deraadt markus djm
Revision 1.294 / (download) - annotate - [select for diffs], Tue Jun 11 13:39:40 2019 UTC (4 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.293: +3 -3 lines
Diff to previous 1.293 (colored)
consistent lettering for "HostName" keyword; from lauri tirkkonen
Revision 1.293 / (download) - annotate - [select for diffs], Tue May 14 12:47:17 2019 UTC (5 years ago) by schwarze
Branch: MAIN
Changes since 1.292: +3 -5 lines
Diff to previous 1.292 (colored)
Delete some .Sx macros that were used in a wrong way. Part of a patch from Stephen Gregoratto <dev at sgregoratto dot me>.
Revision 1.292 / (download) - annotate - [select for diffs], Fri Mar 1 02:16:47 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.291: +8 -6 lines
Diff to previous 1.291 (colored)
mention PKCS11Provide=none, reword a little and remove mention of RSA keys only (since we support ECDSA now and might support others in the future). Inspired by Jakub Jelen via bz#2974
Revision 1.291 / (download) - annotate - [select for diffs], Sat Feb 23 08:20:43 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.290: +2 -3 lines
Diff to previous 1.290 (colored)
openssh-7.9 accidentally reused the server's algorithm lists in the client for KEX, ciphers and MACs. The ciphers and MACs were identical between the client and server, but the error accidentially disabled the diffie-hellman-group-exchange-sha1 KEX method. This fixes the client code to use the correct method list, but because nobody complained, it also disables the diffie-hellman-group-exchange-sha1 KEX method. Reported by nuxi AT vault24.org via bz#2697; ok dtucker
Revision 1.290 / (download) - annotate - [select for diffs], Mon Feb 18 07:02:34 2019 UTC (5 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.289: +3 -3 lines
Diff to previous 1.289 (colored)
sync the description of ~/.ssh/config with djm's updated description in ssh.1; issue pointed out by andreas kahari ok dtucker djm
Revision 1.289 / (download) - annotate - [select for diffs], Tue Jan 22 11:51:25 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.288: +7 -1 lines
Diff to previous 1.288 (colored)
Mention that configuration for the destination host is not applied to any ProxyJump/-J hosts. This has confused a few people...
Revision 1.288 / (download) - annotate - [select for diffs], Fri Nov 23 06:58:28 2018 UTC (5 years, 5 months ago) by jmc
Branch: MAIN
Changes since 1.287: +5 -5 lines
Diff to previous 1.287 (colored)
tweak previous;
Revision 1.287 / (download) - annotate - [select for diffs], Fri Nov 23 05:08:07 2018 UTC (5 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.286: +22 -4 lines
Diff to previous 1.286 (colored)
add a ssh_config "Match final" predicate Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
Revision 1.286 / (download) - annotate - [select for diffs], Wed Oct 3 06:38:35 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.285: +5 -1 lines
Diff to previous 1.285 (colored)
Allow ssh_config IdentityAgent directive to accept environment variable names as well as explicit paths. ok dtucker@
Revision 1.285 / (download) - annotate - [select for diffs], Fri Sep 21 12:46:22 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.284: +6 -2 lines
Diff to previous 1.284 (colored)
Allow ssh_config ForwardX11Timeout=0 to disable the timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@
Revision 1.284 / (download) - annotate - [select for diffs], Fri Sep 21 03:11:36 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.283: +4 -2 lines
Diff to previous 1.283 (colored)
Treat connections with ProxyJump specified the same as ones with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't try to canonicalise the hostname unless CanonicalizeHostname is set to 'always'). Patch from Sven Wegener via bz#2896
Revision 1.283 / (download) - annotate - [select for diffs], Thu Sep 20 06:58:48 2018 UTC (5 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.282: +14 -14 lines
Diff to previous 1.282 (colored)
reorder CASignatureAlgorithms, and add them to the various -o lists; ok djm
Revision 1.282 / (download) - annotate - [select for diffs], Thu Sep 20 03:30:44 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.281: +14 -2 lines
Diff to previous 1.281 (colored)
add CASignatureAlgorithms option for the client, allowing it to specify which signature algorithms may be used by CAs when signing certificates. Useful if you want to ban RSA/SHA1; ok markus@
Revision 1.281 / (download) - annotate - [select for diffs], Mon Jul 23 19:02:49 2018 UTC (5 years, 9 months ago) by kn
Branch: MAIN
Changes since 1.280: +3 -3 lines
Diff to previous 1.280 (colored)
Point to glob in section 7 for the actual list of special characters instead the C API in section 3. OK millert jmc nicm, "the right idea" deraadt
Revision 1.280 / (download) - annotate - [select for diffs], Thu Jul 19 10:28:47 2018 UTC (5 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.279: +2 -21 lines
Diff to previous 1.279 (colored)
Deprecate UsePrivilegedPort now that support for running ssh(1) setuid has been removed, remove supporting code and clean up references to it in the man pages We have not shipped ssh(1) the setuid bit since 2002. If ayone really needs to make connections from a low port number this can be implemented via a small setuid ProxyCommand. ok markus@ jmc@ djm@
Revision 1.279 / (download) - annotate - [select for diffs], Wed Jul 4 13:49:31 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.278: +4 -4 lines
Diff to previous 1.278 (colored)
repair PubkeyAcceptedKeyTypes (and friends) after RSA signature work - returns ability to add/remove/specify algorithms by wildcard. Algorithm lists are now fully expanded when the server/client configs are finalised, so errors are reported early and the config dumps (e.g. "ssh -G ...") now list the actual algorithms selected. Clarify that, while wildcards are accepted in algorithm lists, they aren't full pattern-lists that support negation. (lots of) feedback, ok markus@
Revision 1.278 / (download) - annotate - [select for diffs], Tue Jul 3 11:39:54 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.277: +7 -4 lines
Diff to previous 1.277 (colored)
Improve strictness and control over RSA-SHA2 signature types: In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@
Revision 1.277 / (download) - annotate - [select for diffs], Sat Jun 9 06:36:31 2018 UTC (5 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.276: +8 -8 lines
Diff to previous 1.276 (colored)
sort previous;
Revision 1.276 / (download) - annotate - [select for diffs], Sat Jun 9 03:01:12 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.275: +7 -1 lines
Diff to previous 1.275 (colored)
add a SetEnv directive to ssh_config that allows setting environment variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@
Revision 1.275 / (download) - annotate - [select for diffs], Fri Jun 1 06:23:10 2018 UTC (5 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.274: +5 -5 lines
Diff to previous 1.274 (colored)
add missing punctuation after %i in ssh_config.5, and make the grammatical format in sshd_config.5 match that in ssh_config.5;
Revision 1.274 / (download) - annotate - [select for diffs], Fri Jun 1 03:33:53 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.273: +7 -7 lines
Diff to previous 1.273 (colored)
make UID available as a %-expansion everywhere that the username is available currently. In the client this is via %i, in the server %U (since %i was already used in the client in some places for this, but used for something different in the server); bz#2870, ok dtucker@
Revision 1.273 / (download) - annotate - [select for diffs], Tue Apr 10 00:10:49 2018 UTC (6 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.272: +3 -3 lines
Diff to previous 1.272 (colored)
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
Revision 1.272 / (download) - annotate - [select for diffs], Sat Apr 7 13:50:10 2018 UTC (6 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.271: +5 -5 lines
Diff to previous 1.271 (colored)
tweak previous;
Revision 1.271 / (download) - annotate - [select for diffs], Fri Apr 6 13:02:39 2018 UTC (6 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.270: +8 -3 lines
Diff to previous 1.270 (colored)
Allow "SendEnv -PATTERN" to clear environment variables previously labeled for sendind. bz#1285 ok dtucker@
Revision 1.270 / (download) - annotate - [select for diffs], Thu Apr 5 22:54:28 2018 UTC (6 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.269: +3 -4 lines
Diff to previous 1.269 (colored)
We don't offer CBC cipher by default any more. Spotted by Renaud Allard (via otto@)
Revision 1.269 / (download) - annotate - [select for diffs], Wed Apr 4 15:12:17 2018 UTC (6 years, 1 month ago) by job
Branch: MAIN
Changes since 1.268: +5 -3 lines
Diff to previous 1.268 (colored)
Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for interactive and CS1 for bulk
AF21 was selected as this is the highest priority within the low-latency
service class (and it is higher than what we have today). SSH is elastic
and time-sensitive data, where a user is waiting for a response via the
network in order to continue with a task at hand. As such, these flows
should be considered foreground traffic, with delays or drops to such
traffic directly impacting user-productivity.
For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable
networks implementing a scavanger/lower-than-best effort class to
discriminate scp(1) below normal activities, such as web surfing. In
general this type of bulk SSH traffic is a background activity.
An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH
is that they are recognisable values on all common platforms (IANA
https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and
for AF21 specifically a definition of the intended behavior exists
https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition
of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and
for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662
The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE
802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate",
or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e,
MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK").
OK deraadt@, "no objection" djm@
Revision 1.268 / (download) - annotate - [select for diffs], Fri Feb 23 07:38:09 2018 UTC (6 years, 2 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.267: +9 -9 lines
Diff to previous 1.267 (colored)
some cleanup for BindInterface and ssh-keyscan;
Revision 1.267 / (download) - annotate - [select for diffs], Fri Feb 23 02:34:33 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.266: +9 -2 lines
Diff to previous 1.266 (colored)
Add BindInterface ssh_config directive and -B command-line argument to ssh(1) that directs it to bind its outgoing connection to the address of the specified network interface. BindInterface prefers to use addresses that aren't loopback or link- local, but will fall back to those if no other addresses of the required family are available on that interface. Based on patch by Mike Manning in bz#2820, ok dtucker@
Revision 1.266 / (download) - annotate - [select for diffs], Fri Feb 16 02:40:45 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.265: +4 -1 lines
Diff to previous 1.265 (colored)
Mention recent DH KEX methods: diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 From Jakub Jelen via bz#2826
Revision 1.265 / (download) - annotate - [select for diffs], Sat Feb 10 09:03:54 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.264: +5 -2 lines
Diff to previous 1.264 (colored)
Mention ServerAliveTimeout in context of TCPKeepAlives; prompted by Christoph Anton Mitterer via github
Revision 1.264 / (download) - annotate - [select for diffs], Sat Feb 10 06:40:28 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.263: +3 -6 lines
Diff to previous 1.263 (colored)
Shorter, more accurate explanation of NoHostAuthenticationForLocalhost without the confusing example. Prompted by Christoph Anton Mitterer via github and bz#2293.
Revision 1.263 / (download) - annotate - [select for diffs], Tue Feb 6 06:01:54 2018 UTC (6 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.262: +3 -3 lines
Diff to previous 1.262 (colored)
Replace "trojan horse" with the correct term (MITM). From maikel at predikkta.com via bz#2822, ok markus@
Revision 1.262 / (download) - annotate - [select for diffs], Tue Oct 24 06:27:42 2017 UTC (6 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.261: +4 -5 lines
Diff to previous 1.261 (colored)
tweak previous; ok djm
Revision 1.261 / (download) - annotate - [select for diffs], Mon Oct 23 05:08:00 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.260: +13 -3 lines
Diff to previous 1.260 (colored)
Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus
Revision 1.260 / (download) - annotate - [select for diffs], Sat Oct 21 23:06:24 2017 UTC (6 years, 6 months ago) by millert
Branch: MAIN
Changes since 1.259: +3 -2 lines
Diff to previous 1.259 (colored)
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
Revision 1.259 / (download) - annotate - [select for diffs], Wed Oct 18 05:36:59 2017 UTC (6 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.258: +2 -3 lines
Diff to previous 1.258 (colored)
remove unused Pp;
Revision 1.258 / (download) - annotate - [select for diffs], Wed Oct 18 02:49:44 2017 UTC (6 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.257: +15 -2 lines
Diff to previous 1.257 (colored)
In the description of pattern-lists, clarify negated matches by explicitly stating that a negated match will never yield a positive result, and that at least one positive term in the pattern-list must match. bz#1918
Revision 1.257 / (download) - annotate - [select for diffs], Thu Oct 5 12:56:50 2017 UTC (6 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.256: +3 -3 lines
Diff to previous 1.256 (colored)
%C is hashed; from klemens nanni ok markus
Revision 1.256 / (download) - annotate - [select for diffs], Thu Sep 21 19:16:53 2017 UTC (6 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.255: +11 -5 lines
Diff to previous 1.255 (colored)
Add 'reverse' dynamic forwarding which combines dynamic forwarding (-D) with remote forwarding (-R) where the remote-forwarded port expects SOCKS-requests. The SSH server code is unchanged and the parsing happens at the SSH clients side. Thus the full SOCKS-request is sent over the forwarded channel and the client parses c->output. Parsing happens in channel_before_prepare_select(), _before_ the select bitmask is computed in the pre[] handlers, but after network input processing in the post[] handlers. help and ok djm@
Revision 1.255 / (download) - annotate - [select for diffs], Mon Sep 4 06:34:43 2017 UTC (6 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.254: +7 -6 lines
Diff to previous 1.254 (colored)
tweak previous;
Revision 1.254 / (download) - annotate - [select for diffs], Sun Sep 3 23:33:13 2017 UTC (6 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.253: +13 -5 lines
Diff to previous 1.253 (colored)
Expand ssh_config's StrictModes option with two new settings: StrictModes=accept-new will automatically accept hitherto-unseen keys but will refuse connections for changed or invalid hostkeys. StrictModes=off is the same as StrictModes=no Motivation: StrictModes=no combines two behaviours for host key processing: automatically learning new hostkeys and continuing to connect to hosts with invalid/changed hostkeys. The latter behaviour is quite dangerous since it removes most of the protections the SSH protocol is supposed to provide. Quite a few users want to automatically learn hostkeys however, so this makes that feature available with less danger. At some point in the future, StrictModes=no will change to be a synonym for accept-new, with its current behaviour remaining available via StrictModes=off. bz#2400, suggested by Michael Samuel; ok markus
Revision 1.253 / (download) - annotate - [select for diffs], Sun Jul 23 23:37:02 2017 UTC (6 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.252: +5 -3 lines
Diff to previous 1.252 (colored)
Allow IPQoS=none in ssh/sshd to not set an explicit ToS/DSCP value and just use the operating system default; ok dtucker@
Revision 1.252 / (download) - annotate - [select for diffs], Thu Jul 13 19:16:33 2017 UTC (6 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.251: +2 -5 lines
Diff to previous 1.251 (colored)
man pages with pseudo synopses which list filenames end up creating very ugly output in man -k; after some discussion with ingo, we feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly helpful at page top, is contained already in FILES, and there are sufficiently few that just zapping them is simple; ok schwarze, who also helpfully ran things through a build to check output;
Revision 1.251 / (download) - annotate - [select for diffs], Sat Jun 24 05:35:05 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.250: +2 -2 lines
Diff to previous 1.250 (colored)
use HostKeyAlias if specified instead of hostname for matching host certificate principal names; bz#2728; ok dtucker@
Revision 1.250 / (download) - annotate - [select for diffs], Tue May 30 19:38:17 2017 UTC (6 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.249: +10 -5 lines
Diff to previous 1.249 (colored)
tweak previous;
Revision 1.249 / (download) - annotate - [select for diffs], Tue May 30 18:58:37 2017 UTC (6 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.248: +10 -2 lines
Diff to previous 1.248 (colored)
Add RemoteCommand option to specify a command in the ssh config file instead of giving it on the client's command line. This command will be executed on the remote host. The feature allows to automate tasks using ssh config. OK markus@
Revision 1.248 / (download) - annotate - [select for diffs], Sun May 7 23:12:57 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.247: +1 -6 lines
Diff to previous 1.247 (colored)
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
Revision 1.247 / (download) - annotate - [select for diffs], Wed May 3 21:49:18 2017 UTC (7 years ago) by naddy
Branch: MAIN
Changes since 1.246: +7 -2 lines
Diff to previous 1.246 (colored)
restore mistakenly deleted description of the ConnectionAttempts option ok markus@
Revision 1.246 / (download) - annotate - [select for diffs], Wed May 3 21:08:09 2017 UTC (7 years ago) by naddy
Branch: MAIN
Changes since 1.245: +2 -7 lines
Diff to previous 1.245 (colored)
remove miscellaneous SSH1 leftovers; ok markus@
Revision 1.245 / (download) - annotate - [select for diffs], Sun Apr 30 23:18:22 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.244: +3 -72 lines
Diff to previous 1.244 (colored)
remove SSHv1 configuration options and man pages bits ok markus@
Revision 1.244 / (download) - annotate - [select for diffs], Fri Apr 28 06:15:03 2017 UTC (7 years ago) by jmc
Branch: MAIN
Changes since 1.243: +8 -8 lines
Diff to previous 1.243 (colored)
sort;
Revision 1.243 / (download) - annotate - [select for diffs], Fri Apr 28 03:20:27 2017 UTC (7 years ago) by dtucker
Branch: MAIN
Changes since 1.242: +8 -2 lines
Diff to previous 1.242 (colored)
Add SyslogFacility option to ssh(1) matching the equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok djm@
Revision 1.242 / (download) - annotate - [select for diffs], Mon Feb 27 14:30:33 2017 UTC (7 years, 2 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.241: +3 -3 lines
Diff to previous 1.241 (colored)
errant dot; from klemens nanni
Revision 1.241 / (download) - annotate - [select for diffs], Fri Feb 3 23:01:19 2017 UTC (7 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.240: +26 -2 lines
Diff to previous 1.240 (colored)
support =- for removing methods from algorithms lists, e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like it" markus@
Revision 1.240 / (download) - annotate - [select for diffs], Sat Oct 15 19:56:25 2016 UTC (7 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.239: +244 -322 lines
Diff to previous 1.239 (colored)
various formatting fixes, specifically removing Dq;
Revision 1.239 / (download) - annotate - [select for diffs], Wed Sep 28 17:59:22 2016 UTC (7 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.238: +99 -117 lines
Diff to previous 1.238 (colored)
use a separate TOKENS section, as we've done for sshd_config(5); help/ok djm
Revision 1.238 / (download) - annotate - [select for diffs], Thu Sep 22 17:55:13 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.237: +3 -3 lines
Diff to previous 1.237 (colored)
mention curve25519-sha256 KEX
Revision 1.237 / (download) - annotate - [select for diffs], Mon Sep 5 14:02:42 2016 UTC (7 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.236: +2 -2 lines
Diff to previous 1.236 (colored)
remove 3des-cbc from the client's default proposal; 64-bit block ciphers are not safe in 2016 and we don't want to wait until attacks like sweet32 are extended to SSH. As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may cause problems connecting to older devices using the defaults, but it's highly likely that such devices already need explicit configuration for KEX and hostkeys anyway. ok deraadt, markus, dtucker
Revision 1.236 / (download) - annotate - [select for diffs], Fri Jul 22 07:00:46 2016 UTC (7 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.235: +3 -3 lines
Diff to previous 1.235 (colored)
improve wording; suggested by jmc@
Revision 1.235 / (download) - annotate - [select for diffs], Fri Jul 22 03:35:11 2016 UTC (7 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.234: +4 -3 lines
Diff to previous 1.234 (colored)
reverse the order in which -J/JumpHost proxies are visited to be more intuitive and document reported by and manpage bits naddy@
Revision 1.234 / (download) - annotate - [select for diffs], Sat Jul 16 06:57:55 2016 UTC (7 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.233: +5 -6 lines
Diff to previous 1.233 (colored)
- add proxyjump to the options list - formatting fixes - update usage() ok djm
Revision 1.233 / (download) - annotate - [select for diffs], Fri Jul 15 00:24:30 2016 UTC (7 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.232: +25 -1 lines
Diff to previous 1.232 (colored)
Add a ProxyJump ssh_config(5) option and corresponding -J ssh(1) command-line flag to allow simplified indirection through a SSH bastion or "jump host". These options construct a proxy command that connects to the specified jump host(s) (more than one may be specified) and uses port-forwarding to establish a connection to the next destination. This codifies the safest way of indirecting connections through SSH servers and makes it easy to use. ok markus@
Revision 1.232 / (download) - annotate - [select for diffs], Wed May 4 14:29:58 2016 UTC (8 years ago) by markus
Branch: MAIN
Changes since 1.231: +7 -2 lines
Diff to previous 1.231 (colored)
allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@
Revision 1.231 / (download) - annotate - [select for diffs], Wed May 4 12:21:53 2016 UTC (8 years ago) by markus
Branch: MAIN
Changes since 1.230: +27 -2 lines
Diff to previous 1.230 (colored)
IdentityAgent for specifying specific agent sockets; ok djm@
Revision 1.230 / (download) - annotate - [select for diffs], Sun Apr 17 14:34:46 2016 UTC (8 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.229: +4 -4 lines
Diff to previous 1.229 (colored)
tweak previous;
Revision 1.229 / (download) - annotate - [select for diffs], Fri Apr 15 00:30:19 2016 UTC (8 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.228: +21 -2 lines
Diff to previous 1.228 (colored)
Include directive for ssh_config(5); feedback & ok markus@
Revision 1.228 / (download) - annotate - [select for diffs], Sat Feb 20 23:01:46 2016 UTC (8 years, 2 months ago) by sobrado
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.227: +3 -1 lines
Diff to previous 1.227 (colored)
AddressFamily defaults to any. ok djm@
Revision 1.227 / (download) - annotate - [select for diffs], Wed Feb 17 08:57:34 2016 UTC (8 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.226: +5 -5 lines
Diff to previous 1.226 (colored)
rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly in *KeyTypes options yet. Remove them from the lists of algorithms for now. committing on behalf of markus@ ok djm@
Revision 1.226 / (download) - annotate - [select for diffs], Wed Feb 17 07:38:19 2016 UTC (8 years, 3 months ago) by jmc
Branch: MAIN
Changes since 1.225: +5 -18 lines
Diff to previous 1.225 (colored)
since these pages now clearly tell folks to avoid v1, normalise the docs from a v2 perspective (i.e. stop pointing out which bits are v2 only); ok/tweaks djm ok markus
Revision 1.225 / (download) - annotate - [select for diffs], Tue Feb 16 05:11:04 2016 UTC (8 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.224: +5 -2 lines
Diff to previous 1.224 (colored)
Replace list of ciphers and MACs adjacent to -1/-2 flag descriptions in ssh(1) with a strong recommendation not to use protocol 1. Add a similar warning to the Protocol option descriptions in ssh_config(5) and sshd_config(5); prompted by and ok mmcc@
Revision 1.224 / (download) - annotate - [select for diffs], Thu Feb 11 02:56:32 2016 UTC (8 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.223: +7 -13 lines
Diff to previous 1.223 (colored)
sync crypto algorithm lists in ssh_config(5) and sshd_config(5) with current reality. bz#2527
Revision 1.223 / (download) - annotate - [select for diffs], Sun Nov 15 23:58:04 2015 UTC (8 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.222: +3 -3 lines
Diff to previous 1.222 (colored)
correct section number for ssh-agent;
Revision 1.222 / (download) - annotate - [select for diffs], Sun Nov 15 22:26:49 2015 UTC (8 years, 6 months ago) by jcs
Branch: MAIN
Changes since 1.221: +35 -2 lines
Diff to previous 1.221 (colored)
Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@
Revision 1.221 / (download) - annotate - [select for diffs], Thu Sep 24 06:15:11 2015 UTC (8 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.220: +50 -4 lines
Diff to previous 1.220 (colored)
add ssh_config CertificateFile option to explicitly list a certificate; patch from Meghana Bhat on bz#2436; ok markus@
Revision 1.220 / (download) - annotate - [select for diffs], Tue Sep 22 08:33:23 2015 UTC (8 years, 7 months ago) by sobrado
Branch: MAIN
Changes since 1.219: +3 -3 lines
Diff to previous 1.219 (colored)
fix two typos.
Revision 1.219 / (download) - annotate - [select for diffs], Fri Sep 11 06:51:39 2015 UTC (8 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.218: +5 -4 lines
Diff to previous 1.218 (colored)
tweak previous;
Revision 1.218 / (download) - annotate - [select for diffs], Fri Sep 11 03:47:28 2015 UTC (8 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.217: +4 -2 lines
Diff to previous 1.217 (colored)
expand %i in ControlPath to UID; bz#2449 patch from Christian Hesse w/ feedback from dtucker@
Revision 1.217 / (download) - annotate - [select for diffs], Fri Sep 4 06:40:45 2015 UTC (8 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.216: +3 -3 lines
Diff to previous 1.216 (colored)
full stop belongs outside the brackets, not inside;
Revision 1.216 / (download) - annotate - [select for diffs], Fri Sep 4 04:47:50 2015 UTC (8 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.215: +10 -3 lines
Diff to previous 1.215 (colored)
better document ExitOnForwardFailure; bz#2444, ok dtucker@
Revision 1.215 / (download) - annotate - [select for diffs], Fri Aug 14 15:32:41 2015 UTC (8 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.214: +3 -3 lines
Diff to previous 1.214 (colored)
match myproposal.h order; from brian conway (i snuck in a tweak while here) ok dtucker
Revision 1.214 / (download) - annotate - [select for diffs], Thu Jul 30 00:01:34 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.213: +29 -2 lines
Diff to previous 1.213 (colored)
Allow ssh_config and sshd_config kex parameters options be prefixed by a '+' to indicate that the specified items be appended to the default rather than replacing it. approach suggested by dtucker@, feedback dlg@, ok markus@
Revision 1.213 / (download) - annotate - [select for diffs], Fri Jul 10 06:21:53 2015 UTC (8 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.212: +34 -8 lines
Diff to previous 1.212 (colored)
Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@
Revision 1.212 / (download) - annotate - [select for diffs], Fri Jul 3 03:47:00 2015 UTC (8 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.211: +3 -4 lines
Diff to previous 1.211 (colored)
turn off 1024 bit diffie-hellman-group1-sha1 key exchange method (already off in server, this turns it off in the client by default too) ok dtucker@
Revision 1.211 / (download) - annotate - [select for diffs], Tue Jun 2 09:10:40 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.210: +7 -3 lines
Diff to previous 1.210 (colored)
mention CheckHostIP adding addresses to known_hosts; bz#1993; ok dtucker@
Revision 1.210 / (download) - annotate - [select for diffs], Thu May 28 05:09:45 2015 UTC (8 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.209: +3 -3 lines
Diff to previous 1.209 (colored)
Fix typo (keywork->keyword)
Revision 1.209 / (download) - annotate - [select for diffs], Wed May 27 23:51:10 2015 UTC (8 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.208: +2 -2 lines
Diff to previous 1.208 (colored)
Reorder client proposal to prefer diffie-hellman-group-exchange-sha1 over diffie-hellman-group14-sha1. ok djm@
Revision 1.208 / (download) - annotate - [select for diffs], Tue Apr 28 13:47:38 2015 UTC (9 years ago) by jmc
Branch: MAIN
Changes since 1.207: +3 -3 lines
Diff to previous 1.207 (colored)
enviroment -> environment: apologies to darren for not spotting that first time round...
Revision 1.207 / (download) - annotate - [select for diffs], Tue Apr 28 10:17:58 2015 UTC (9 years ago) by dtucker
Branch: MAIN
Changes since 1.206: +6 -2 lines
Diff to previous 1.206 (colored)
Document that the TERM environment variable is not subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from jjelen at redhat, help and ok jmc@
Revision 1.206 / (download) - annotate - [select for diffs], Mon Mar 30 18:28:37 2015 UTC (9 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.205: +4 -7 lines
Diff to previous 1.205 (colored)
ssh-askpass(1) is the default, overridden by SSH_ASKPASS; diff originally from jiri b;
Revision 1.205 / (download) - annotate - [select for diffs], Fri Feb 20 22:17:21 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.204: +5 -2 lines
Diff to previous 1.204 (colored)
UpdateHostKeys fixes: I accidentally changed the format of the hostkeys@openssh.com messages last week without changing the extension name, and this has been causing connection failures for people who are running -current. First reported by sthen@ s/hostkeys@openssh.com/hostkeys-00@openssh.com/ Change the name of the proof message too, and reorder it a little. Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY available to read the response) so disable UpdateHostKeys if it is in ask mode and ControlPersist is active (and document this)
Revision 1.204 / (download) - annotate - [select for diffs], Mon Feb 16 22:13:32 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.203: +10 -5 lines
Diff to previous 1.203 (colored)
Revise hostkeys@openssh.com hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
Revision 1.203 / (download) - annotate - [select for diffs], Mon Feb 2 07:41:40 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.202: +4 -4 lines
Diff to previous 1.202 (colored)
turn UpdateHostkeys off by default until I figure out mlarkin@'s warning message; requested by deraadt@
Revision 1.202 / (download) - annotate - [select for diffs], Fri Jan 30 11:43:14 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.201: +12 -1 lines
Diff to previous 1.201 (colored)
Add a ssh_config HostbasedKeyType option to control which host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
Revision 1.201 / (download) - annotate - [select for diffs], Mon Jan 26 12:16:36 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.200: +5 -5 lines
Diff to previous 1.200 (colored)
correct description of UpdateHostKeys in ssh_config.5 and add it to -o lists for ssh, scp and sftp; pointed out by jmc@
Revision 1.200 / (download) - annotate - [select for diffs], Mon Jan 26 03:04:45 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.199: +23 -1 lines
Diff to previous 1.199 (colored)
Host key rotation support. Add a hostkeys@openssh.com protocol extension (global request) for a server to inform a client of all its available host key after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default on). ok markus@
Revision 1.199 / (download) - annotate - [select for diffs], Mon Dec 22 09:24:59 2014 UTC (9 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.198: +2 -3 lines
Diff to previous 1.198 (colored)
tweak previous;
Revision 1.198 / (download) - annotate - [select for diffs], Mon Dec 22 09:05:17 2014 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.197: +26 -3 lines
Diff to previous 1.197 (colored)
mention ssh -Q feature to list supported { MAC, cipher, KEX, key }
algorithms in more places and include the query string used to
list the relevant information; bz#2288
Revision 1.197 / (download) - annotate - [select for diffs], Sun Dec 21 23:12:42 2014 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.196: +13 -4 lines
Diff to previous 1.196 (colored)
document FingerprintHash here too
Revision 1.196 / (download) - annotate - [select for diffs], Thu Dec 4 02:24:32 2014 UTC (9 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.195: +12 -2 lines
Diff to previous 1.195 (colored)
add RevokedHostKeys option for the client Allow textfile or KRL-based revocation of hostkeys.
Revision 1.195 / (download) - annotate - [select for diffs], Mon Nov 10 22:25:49 2014 UTC (9 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.194: +7 -4 lines
Diff to previous 1.194 (colored)
mux-related manual tweaks mention ControlPersist=0 is the same as ControlPersist=yes recommend that ControlPath sockets be placed in a og-w directory
Revision 1.194 / (download) - annotate - [select for diffs], Thu Oct 9 06:21:31 2014 UTC (9 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.193: +3 -3 lines
Diff to previous 1.193 (colored)
tweak previous;
Revision 1.193 / (download) - annotate - [select for diffs], Wed Oct 8 22:20:25 2014 UTC (9 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.192: +42 -13 lines
Diff to previous 1.192 (colored)
Tweak config reparsing with host canonicalisation Make the second pass through the config files always run when hostname canonicalisation is enabled. Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T" Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored). bz#2267 bz#2286; ok markus
Revision 1.192 / (download) - annotate - [select for diffs], Sat Aug 30 15:33:50 2014 UTC (9 years, 8 months ago) by sobrado
Branch: MAIN
Changes since 1.191: +3 -3 lines
Diff to previous 1.191 (colored)
improve capitalization for the Ed25519 public-key signature system. ok djm@
Revision 1.191 / (download) - annotate - [select for diffs], Tue Jul 15 15:54:14 2014 UTC (9 years, 10 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.190: +29 -2 lines
Diff to previous 1.190 (colored)
Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
Revision 1.190 / (download) - annotate - [select for diffs], Mon Jul 7 08:19:12 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.189: +6 -3 lines
Diff to previous 1.189 (colored)
mention that ProxyCommand is executed using shell "exec" to avoid a lingering process; bz#1977
Revision 1.189 / (download) - annotate - [select for diffs], Thu Jul 3 07:45:27 2014 UTC (9 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.188: +3 -3 lines
Diff to previous 1.188 (colored)
escape %C since groff thinks it part of an Rs/Re block;
Revision 1.188 / (download) - annotate - [select for diffs], Thu Jul 3 06:39:19 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.187: +10 -6 lines
Diff to previous 1.187 (colored)
Add a %C escape sequence for LocalCommand and ControlPath that expands to a unique identifer based on a has of the tuple of (local host, remote user, hostname, port). Helps avoid exceeding sockaddr_un's miserly pathname limits for mux control paths. bz#2220, based on patch from mancha1 AT zoho.com; ok markus@
Revision 1.187 / (download) - annotate - [select for diffs], Thu Jul 3 05:32:36 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.186: +8 -2 lines
Diff to previous 1.186 (colored)
mention '%%' escape sequence in HostName directives and how it may be used to specify IPv6 link-local addresses
Revision 1.186 / (download) - annotate - [select for diffs], Fri Mar 28 05:17:11 2014 UTC (10 years, 1 month ago) by naddy
Branch: MAIN
Changes since 1.185: +46 -28 lines
Diff to previous 1.185 (colored)
sync available and default algorithms, improve algorithm list formatting help from jmc@ and schwarze@, ok deraadt@
Revision 1.185 / (download) - annotate - [select for diffs], Sun Feb 23 20:11:36 2014 UTC (10 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.184: +8 -2 lines
Diff to previous 1.184 (colored)
reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
the hostname. This allows users to write configurations that always
refer to canonical hostnames, e.g.
CanonicalizeHostname yes
CanonicalDomains int.example.org example.org
CanonicalizeFallbackLocal no
Host *.int.example.org
Compression off
Host *.example.org
User djm
ok markus@
Revision 1.184 / (download) - annotate - [select for diffs], Sun Jan 19 04:48:08 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.183: +4 -4 lines
Diff to previous 1.183 (colored)
fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal
Revision 1.183 / (download) - annotate - [select for diffs], Sat Dec 7 11:58:46 2013 UTC (10 years, 5 months ago) by naddy
Branch: MAIN
Changes since 1.182: +6 -4 lines
Diff to previous 1.182 (colored)
add missing mentions of ed25519; ok djm@
Revision 1.182 / (download) - annotate - [select for diffs], Fri Dec 6 13:39:49 2013 UTC (10 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.181: +2 -2 lines
Diff to previous 1.181 (colored)
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
Revision 1.181 / (download) - annotate - [select for diffs], Thu Nov 21 08:05:09 2013 UTC (10 years, 5 months ago) by jmc
Branch: MAIN
Changes since 1.180: +2 -3 lines
Diff to previous 1.180 (colored)
no need for .Pp before displays;
Revision 1.180 / (download) - annotate - [select for diffs], Thu Nov 21 00:45:44 2013 UTC (10 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.179: +14 -4 lines
Diff to previous 1.179 (colored)
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
Revision 1.179 / (download) - annotate - [select for diffs], Sat Nov 2 22:39:19 2013 UTC (10 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.178: +3 -2 lines
Diff to previous 1.178 (colored)
the default kex is now curve25519-sha256@libssh.org
Revision 1.178 / (download) - annotate - [select for diffs], Thu Oct 24 00:51:48 2013 UTC (10 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.177: +5 -2 lines
Diff to previous 1.177 (colored)
Disallow empty Match statements and add "Match all" which matches everything. ok djm, man page help jmc@
Revision 1.177 / (download) - annotate - [select for diffs], Sun Oct 20 18:00:13 2013 UTC (10 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.176: +3 -3 lines
Diff to previous 1.176 (colored)
tweak the "exec" description, as worded by djm;
Revision 1.176 / (download) - annotate - [select for diffs], Sun Oct 20 06:19:28 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.175: +6 -6 lines
Diff to previous 1.175 (colored)
rename "command" subclause of the recently-added "Match" keyword to "exec"; it's shorter, clearer in intent and we might want to add the ability to match against the command being executed at the remote end in the future.
Revision 1.175 / (download) - annotate - [select for diffs], Sun Oct 20 04:39:28 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.174: +20 -2 lines
Diff to previous 1.174 (colored)
document % expansions performed by "Match command ..."
Revision 1.174 / (download) - annotate - [select for diffs], Wed Oct 16 22:58:01 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.173: +7 -7 lines
Diff to previous 1.173 (colored)
one I missed in previous: s/isation/ization/
Revision 1.173 / (download) - annotate - [select for diffs], Wed Oct 16 22:49:39 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.172: +12 -12 lines
Diff to previous 1.172 (colored)
s/canonicalise/canonicalize/ for consistency with existing spelling, e.g. authorized_keys; pointed out by naddy@
Revision 1.172 / (download) - annotate - [select for diffs], Wed Oct 16 06:42:25 2013 UTC (10 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.171: +19 -21 lines
Diff to previous 1.171 (colored)
tweak previous;
Revision 1.171 / (download) - annotate - [select for diffs], Wed Oct 16 02:31:46 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.170: +73 -2 lines
Diff to previous 1.170 (colored)
Implement client-side hostname canonicalisation to allow an explicit search path of domain suffixes to use to convert unqualified host names to fully-qualified ones for host key matching. This is particularly useful for host certificates, which would otherwise need to list unqualified names alongside fully-qualified ones (and this causes a number of problems). "looks fine" markus@
Revision 1.170 / (download) - annotate - [select for diffs], Tue Oct 15 14:10:25 2013 UTC (10 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.169: +3 -3 lines
Diff to previous 1.169 (colored)
tweak previous;
Revision 1.169 / (download) - annotate - [select for diffs], Mon Oct 14 22:22:05 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.168: +49 -1 lines
Diff to previous 1.168 (colored)
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
Revision 1.168 / (download) - annotate - [select for diffs], Tue Aug 20 06:56:07 2013 UTC (10 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.167: +4 -4 lines
Diff to previous 1.167 (colored)
some proxyusefdpass tweaks;
Revision 1.167 / (download) - annotate - [select for diffs], Tue Aug 20 00:11:38 2013 UTC (10 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.166: +10 -2 lines
Diff to previous 1.166 (colored)
Add a ssh_config ProxyUseFDPass option that supports the use of ProxyCommands that establish a connection and then pass a connected file descriptor back to ssh(1). This allows the ProxyCommand to exit rather than have to shuffle data back and forth and enables ssh to use getpeername, etc. to obtain address information just like it does with regular directly-connected sockets. ok markus@
Revision 1.166 / (download) - annotate - [select for diffs], Thu Jun 27 14:05:37 2013 UTC (10 years, 10 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.165: +5 -9 lines
Diff to previous 1.165 (colored)
do not use Sx for sections outwith the man page - ingo informs me that stuff like html will render with broken links; issue reported by Eric S. Raymond, via djm
Revision 1.165 / (download) - annotate - [select for diffs], Fri Jun 21 00:37:49 2013 UTC (10 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.164: +9 -2 lines
Diff to previous 1.164 (colored)
explicitly mention that IdentitiesOnly can be used with IdentityFile to control which keys are offered from an agent.
Revision 1.164 / (download) - annotate - [select for diffs], Thu May 16 06:28:45 2013 UTC (11 years ago) by jmc
Branch: MAIN
Changes since 1.163: +12 -12 lines
Diff to previous 1.163 (colored)
put IgnoreUnknown in the right place;
Revision 1.163 / (download) - annotate - [select for diffs], Thu May 16 04:27:50 2013 UTC (11 years ago) by djm
Branch: MAIN
Changes since 1.162: +13 -2 lines
Diff to previous 1.162 (colored)
add the ability to ignore specific unrecognised ssh_config options; bz#866; ok markus@
Revision 1.162 / (download) - annotate - [select for diffs], Thu May 16 02:00:34 2013 UTC (11 years ago) by dtucker
Branch: MAIN
Changes since 1.161: +16 -4 lines
Diff to previous 1.161 (colored)
Add an optional second argument to RekeyLimit in the client to allow rekeying based on elapsed time in addition to amount of traffic. with djm@ jmc@, ok djm
Revision 1.161 / (download) - annotate - [select for diffs], Tue Jan 8 18:49:04 2013 UTC (11 years, 4 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.160: +5 -2 lines
Diff to previous 1.160 (colored)
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
Revision 1.160 / (download) - annotate - [select for diffs], Tue Dec 11 22:31:18 2012 UTC (11 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.159: +11 -2 lines
Diff to previous 1.159 (colored)
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
Revision 1.159 / (download) - annotate - [select for diffs], Sun Dec 2 20:26:10 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.158: +4 -2 lines
Diff to previous 1.158 (colored)
Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. This allows control of which keys are offered from tokens using IdentityFile. ok markus@
Revision 1.158 / (download) - annotate - [select for diffs], Thu Oct 4 13:21:50 2012 UTC (11 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.157: +3 -3 lines
Diff to previous 1.157 (colored)
add umac128 variant; ok djm@ at n2k12
Revision 1.157 / (download) - annotate - [select for diffs], Fri Jun 29 13:57:25 2012 UTC (11 years, 10 months ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.156: +4 -4 lines
Diff to previous 1.156 (colored)
match the documented MAC order of preference to the actual one; ok dtucker@
Revision 1.156 / (download) - annotate - [select for diffs], Thu Jun 28 05:07:45 2012 UTC (11 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.155: +3 -4 lines
Diff to previous 1.155 (colored)
Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed from draft6 of the spec and will not be in the RFC when published. Patch from mdb at juniper net via bz#2023, ok markus.
Revision 1.155 / (download) - annotate - [select for diffs], Mon Jun 18 11:49:58 2012 UTC (11 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.154: +3 -3 lines
Diff to previous 1.154 (colored)
RSA instead of DSA twice. From Steve.McClellan at radisys com
Revision 1.154 / (download) - annotate - [select for diffs], Fri Sep 9 00:43:00 2011 UTC (12 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.153: +3 -3 lines
Diff to previous 1.153 (colored)
fix typo in IPQoS parsing: there is no "AF14" class, but there is an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
Revision 1.153 / (download) - annotate - [select for diffs], Tue Aug 2 01:22:11 2011 UTC (12 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.152: +5 -3 lines
Diff to previous 1.152 (colored)
Add new SHA256 and SHA512 based HMAC modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt feedback and ok markus@
Revision 1.152 / (download) - annotate - [select for diffs], Sat Jun 4 00:10:26 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.151: +6 -2 lines
Diff to previous 1.151 (colored)
explain IdentifyFile's semantics a little better, prompted by bz#1898 ok dtucker jmc
Revision 1.151 / (download) - annotate - [select for diffs], Tue May 24 07:15:47 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.150: +12 -8 lines
Diff to previous 1.150 (colored)
Remove undocumented legacy options UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile accept multiple paths per line and making their defaults include known_hosts2; ok markus
Revision 1.150 / (download) - annotate - [select for diffs], Sat May 7 23:19:39 2011 UTC (13 years ago) by jmc
Branch: MAIN
Changes since 1.149: +5 -4 lines
Diff to previous 1.149 (colored)
- tweak previous - come consistency fixes ok djm
Revision 1.149 / (download) - annotate - [select for diffs], Fri May 6 21:34:32 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.148: +18 -1 lines
Diff to previous 1.148 (colored)
Add a RequestTTY ssh_config option to allow configuration-based control over tty allocation (like -t/-T); ok markus@
Revision 1.148 / (download) - annotate - [select for diffs], Fri May 6 21:31:38 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.147: +11 -2 lines
Diff to previous 1.147 (colored)
support negated Host matching, e.g. Host *.example.org !c.example.org User mekmitasdigoat Will match "a.example.org", "b.example.org", but not "c.example.org" ok markus@
Revision 1.147 / (download) - annotate - [select for diffs], Fri May 6 21:18:02 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.146: +12 -5 lines
Diff to previous 1.146 (colored)
add a %L expansion (short-form of the local host name) for ControlPath; sync some more expansions with LocalCommand; ok markus@
Revision 1.146 / (download) - annotate - [select for diffs], Wed Dec 8 04:02:47 2010 UTC (13 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.145: +3 -3 lines
Diff to previous 1.145 (colored)
explain that IPQoS arguments are separated by whitespace; iirc requested by jmc@ a while back CVS ----------------------------------------------------------------------
Revision 1.145 / (download) - annotate - [select for diffs], Mon Nov 29 23:45:51 2010 UTC (13 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.144: +5 -2 lines
Diff to previous 1.144 (colored)
automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys that are preferred by default; with markus@
Revision 1.144 / (download) - annotate - [select for diffs], Mon Nov 15 07:40:14 2010 UTC (13 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.143: +3 -3 lines
Diff to previous 1.143 (colored)
libary -> library;
Revision 1.143 / (download) - annotate - [select for diffs], Sat Nov 13 23:27:50 2010 UTC (13 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.142: +39 -2 lines
Diff to previous 1.142 (colored)
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Revision 1.142 / (download) - annotate - [select for diffs], Thu Oct 28 18:33:28 2010 UTC (13 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.141: +1 -2 lines
Diff to previous 1.141 (colored)
knock out some "-*- nroff -*-" lines;
Revision 1.141 / (download) - annotate - [select for diffs], Wed Sep 22 08:30:08 2010 UTC (13 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.140: +10 -10 lines
Diff to previous 1.140 (colored)
ssh.1: add kexalgorithms to the -o list ssh_config.5: format the kexalgorithms in a more consistent (prettier!) way ok djm
Revision 1.140 / (download) - annotate - [select for diffs], Wed Sep 22 05:01:29 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.139: +13 -2 lines
Diff to previous 1.139 (colored)
add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@
Revision 1.139 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.138: +16 -7 lines
Diff to previous 1.138 (colored)
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
Revision 1.138 / (download) - annotate - [select for diffs], Wed Aug 4 05:37:01 2010 UTC (13 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.137: +5 -15 lines
Diff to previous 1.137 (colored)
Remove mentions of weird "addr/port" alternate address format for IPv6 addresses combinations. It hasn't worked for ages and we have supported the more commen "[addr]:port" format for a long time. ok jmc@ markus@
Revision 1.137 / (download) - annotate - [select for diffs], Mon Jul 19 09:15:12 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.136: +24 -2 lines
Diff to previous 1.136 (colored)
add a "ControlPersist" option that automatically starts a background ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but further hacked on by wmertens AT cisco.com, apb AT cequrux.com, martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
Revision 1.136 / (download) - annotate - [select for diffs], Mon Jul 12 22:41:13 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.135: +6 -2 lines
Diff to previous 1.135 (colored)
expand %h to the hostname in ssh_config Hostname options. While this sounds useless, it is actually handy for working with unqualified hostnames: Host *.* Hostname %h Host * Hostname %h.example.org "I like it" markus@
Revision 1.135 / (download) - annotate - [select for diffs], Sat Jun 26 00:57:07 2010 UTC (13 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.134: +4 -3 lines
Diff to previous 1.134 (colored)
tweak previous;
Revision 1.134 / (download) - annotate - [select for diffs], Fri Jun 25 23:15:36 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.133: +12 -2 lines
Diff to previous 1.133 (colored)
Add X11ForwardTimeout option to specify timeout for untrusted X11 authentication cookies to avoid fallback in X11 code to fully-trusted implicit authentication using SO_PEERCRED described at: http://lists.x.org/archives/xorg-devel/2010-May/008636.html After the X11ForwardTimeout has expired the client will now refuse incoming X11 channel opens. based on patch from Tavis Ormandy; "nice" markus@
Revision 1.133 / (download) - annotate - [select for diffs], Fri Apr 16 06:45:01 2010 UTC (14 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.132: +5 -5 lines
Diff to previous 1.132 (colored)
tweak previous; ok djm
Revision 1.132 / (download) - annotate - [select for diffs], Wed Apr 14 22:27:42 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.131: +7 -5 lines
Diff to previous 1.131 (colored)
expand %r => remote username in ssh_config:ProxyCommand; ok deraadt markus
Revision 1.131 / (download) - annotate - [select for diffs], Sat Mar 27 14:26:55 2010 UTC (14 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.130: +8 -6 lines
Diff to previous 1.130 (colored)
tweak previous; ok dtucker
Revision 1.130 / (download) - annotate - [select for diffs], Fri Mar 26 01:06:13 2010 UTC (14 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.129: +3 -7 lines
Diff to previous 1.129 (colored)
Reformat default value of PreferredAuthentications entry (current formatting implies ", " is acceptable as a separator, which it's not. ok djm@
Revision 1.129 / (download) - annotate - [select for diffs], Fri Mar 5 10:28:21 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.128: +8 -2 lines
Diff to previous 1.128 (colored)
mention loading of certificate files from [private]-cert.pub when they are present; feedback and ok jmc@
Revision 1.128 / (download) - annotate - [select for diffs], Wed Feb 10 23:20:38 2010 UTC (14 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.127: +3 -4 lines
Diff to previous 1.127 (colored)
pkcs#11 is no longer optional; improve wording; ok jmc@
Revision 1.127 / (download) - annotate - [select for diffs], Mon Feb 8 10:50:20 2010 UTC (14 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.126: +9 -9 lines
Diff to previous 1.126 (colored)
replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev
Revision 1.126 / (download) - annotate - [select for diffs], Sat Jan 9 23:04:13 2010 UTC (14 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.125: +1 -4 lines
Diff to previous 1.125 (colored)
Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
Revision 1.125 / (download) - annotate - [select for diffs], Tue Dec 29 18:03:32 2009 UTC (14 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.124: +5 -5 lines
Diff to previous 1.124 (colored)
sort previous;
Revision 1.124 / (download) - annotate - [select for diffs], Tue Dec 29 16:38:41 2009 UTC (14 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.123: +3 -3 lines
Diff to previous 1.123 (colored)
Rename RDomain config option to RoutingDomain to be more clear and consistent with other options. NOTE: if you currently use RDomain in the ssh client or server config, or ssh/sshd -o, you must update to use RoutingDomain. ok markus@ djm@
Revision 1.123 / (download) - annotate - [select for diffs], Tue Nov 10 02:56:22 2009 UTC (14 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.122: +9 -2 lines
Diff to previous 1.122 (colored)
explain the constraints on LocalCommand some more so people don't try to abuse it.
Revision 1.122 / (download) - annotate - [select for diffs], Wed Oct 28 16:38:18 2009 UTC (14 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.121: +4 -1 lines
Diff to previous 1.121 (colored)
Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
Revision 1.121 / (download) - annotate - [select for diffs], Thu Oct 8 20:42:13 2009 UTC (14 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.120: +4 -4 lines
Diff to previous 1.120 (colored)
some tweaks now that protocol 1 is not offered by default; ok markus
Revision 1.120 / (download) - annotate - [select for diffs], Thu Oct 8 14:03:41 2009 UTC (14 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.119: +8 -6 lines
Diff to previous 1.119 (colored)
disable protocol 1 by default (after a transition period of about 10 years) ok deraadt
Revision 1.119 / (download) - annotate - [select for diffs], Sun Feb 22 23:50:57 2009 UTC (15 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.118: +2 -13 lines
Diff to previous 1.118 (colored)
don't advertise experimental options
Revision 1.118 / (download) - annotate - [select for diffs], Thu Feb 12 07:34:20 2009 UTC (15 years, 3 months ago) by jmc
Branch: MAIN
Changes since 1.117: +3 -3 lines
Diff to previous 1.117 (colored)
kill trailing whitespace;
Revision 1.117 / (download) - annotate - [select for diffs], Thu Feb 12 03:46:17 2009 UTC (15 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.116: +9 -2 lines
Diff to previous 1.116 (colored)
document RemoteForward usage with 0 listen port
Revision 1.116 / (download) - annotate - [select for diffs], Sat Jan 24 17:10:22 2009 UTC (15 years, 3 months ago) by naddy
Branch: MAIN
Changes since 1.115: +5 -5 lines
Diff to previous 1.115 (colored)
sync list of preferred ciphers; ok djm@
Revision 1.115 / (download) - annotate - [select for diffs], Tue Nov 4 08:22:13 2008 UTC (15 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.114: +13 -2 lines
Diff to previous 1.114 (colored)
Add support for an experimental zero-knowledge password authentication method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
Revision 1.114 / (download) - annotate - [select for diffs], Fri Oct 17 18:36:24 2008 UTC (15 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.113: +6 -4 lines
Diff to previous 1.113 (colored)
correct and clarify VisualHostKey; ok jmc@
Revision 1.113 / (download) - annotate - [select for diffs], Fri Oct 10 16:43:27 2008 UTC (15 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.112: +4 -3 lines
Diff to previous 1.112 (colored)
use 'Privileged ports can be forwarded only when logging in as root on the remote machine.' for RemoteForward just like ssh.1 -R. ok djm@ jmc@
Revision 1.112 / (download) - annotate - [select for diffs], Sat Aug 2 04:29:51 2008 UTC (15 years, 9 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.111: +3 -3 lines
Diff to previous 1.111 (colored)
whitepsace -> whitespace. From Matthew Clarke via bugs@.
Revision 1.111 / (download) - annotate - [select for diffs], Thu Jun 26 11:46:31 2008 UTC (15 years, 10 months ago) by grunk
Branch: MAIN
Changes since 1.110: +11 -5 lines
Diff to previous 1.110 (colored)
Move SSH Fingerprint Visualization away from sharing the config option CheckHostIP to an own config option named VisualHostKey. While there, fix the behaviour that ssh would draw a random art picture on every newly seen host even when the option was not enabled. prodded by deraadt@, discussions, help and ok markus@ djm@ dtucker@
Revision 1.110 / (download) - annotate - [select for diffs], Thu Jun 12 19:10:09 2008 UTC (15 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.109: +4 -5 lines
Diff to previous 1.109 (colored)
tweak the ascii art text; ok grunk
Revision 1.109 / (download) - annotate - [select for diffs], Thu Jun 12 16:35:31 2008 UTC (15 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.108: +16 -1 lines
Diff to previous 1.108 (colored)
keyword expansion for localcommand. ok djm@
Revision 1.108 / (download) - annotate - [select for diffs], Wed Jun 11 23:03:56 2008 UTC (15 years, 11 months ago) by grunk
Branch: MAIN
Changes since 1.107: +4 -3 lines
Diff to previous 1.107 (colored)
CheckHostIP set to ``fingerprint'' will display both hex and random art spotted by naddy@
Revision 1.107 / (download) - annotate - [select for diffs], Wed Jun 11 21:01:35 2008 UTC (15 years, 11 months ago) by grunk
Branch: MAIN
Changes since 1.106: +6 -2 lines
Diff to previous 1.106 (colored)
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the graphical hash visualization schemes known as "random art", and by Dan Kaminsky's musings on the subject during a BlackOp talk at the 23C3 in Berlin. Scientific publication (original paper): "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf The algorithm used here is a worm crawling over a discrete plane, leaving a trace (augmenting the field) everywhere it goes. Movement is taken from dgst_raw 2bit-wise. Bumping into walls makes the respective movement vector be ignored for this turn, thus switching to the other color of the chessboard. Graphs are not unambiguous for now, because circles in graphs can be walked in either direction. discussions with several people, help, corrections and ok markus@ djm@
Revision 1.106 / (download) - annotate - [select for diffs], Tue Jun 10 18:21:24 2008 UTC (15 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.105: +2 -1 lines
Diff to previous 1.105 (colored)
clarify that Host patterns are space-separated. ok deraadt
Revision 1.105 / (download) - annotate - [select for diffs], Mon Oct 29 07:48:19 2007 UTC (16 years, 6 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.104: +4 -4 lines
Diff to previous 1.104 (colored)
clean up after previous macro removal;
Revision 1.104 / (download) - annotate - [select for diffs], Mon Oct 29 06:51:59 2007 UTC (16 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.103: +3 -3 lines
Diff to previous 1.103 (colored)
ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@
Revision 1.103 / (download) - annotate - [select for diffs], Fri Sep 21 03:05:23 2007 UTC (16 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.102: +10 -2 lines
Diff to previous 1.102 (colored)
document KbdInteractiveAuthentication in ssh_config.5; patch from dkg AT fifthhorseman.net
Revision 1.102 / (download) - annotate - [select for diffs], Wed Aug 15 12:13:41 2007 UTC (16 years, 9 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.101: +3 -3 lines
Diff to previous 1.101 (colored)
tun device forwarding now honours ExitOnForwardFailure; ok markus@
Revision 1.101 / (download) - annotate - [select for diffs], Fri Jun 8 07:43:46 2007 UTC (16 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.100: +5 -2 lines
Diff to previous 1.100 (colored)
put the MAC list into a display, like we do for ciphers, since groff has trouble handling wide lines;
Revision 1.100 / (download) - annotate - [select for diffs], Thu Jun 7 19:37:34 2007 UTC (16 years, 11 months ago) by pvalchev
Branch: MAIN
Changes since 1.99: +2 -2 lines
Diff to previous 1.99 (colored)
Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
Revision 1.99 / (download) - annotate - [select for diffs], Thu May 31 19:20:16 2007 UTC (16 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.98: +2 -2 lines
Diff to previous 1.98 (colored)
convert to new .Dd format;
Revision 1.98 / (download) - annotate - [select for diffs], Wed Jan 10 13:23:22 2007 UTC (17 years, 4 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.97: +3 -5 lines
Diff to previous 1.97 (colored)
do not use a list for SYNOPSIS; this is actually part of a larger report sent by eric s. raymond and forwarded by brad, but i only read half of it. spotted by brad.
Revision 1.61.2.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:33 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.61.2.1: +197 -103 lines
Diff to previous 1.61.2.1 (colored) to branchpoint 1.61 (colored) next main 1.62 (colored)
upgrade to OpenSSH 4.4
Revision 1.87.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:51 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.87: +67 -13 lines
Diff to previous 1.87 (colored) next main 1.88 (colored)
upgrade to OpenSSH 4.4
Revision 1.97 / (download) - annotate - [select for diffs], Thu Jul 27 08:00:50 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.96: +4 -3 lines
Diff to previous 1.96 (colored)
avoid confusing wording in HashKnownHosts: originally spotted by alan amesbury; ok deraadt
Revision 1.96 / (download) - annotate - [select for diffs], Tue Jul 11 18:50:48 2006 UTC (17 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.95: +12 -1 lines
Diff to previous 1.95 (colored)
add ExitOnForwardFailure: terminate the connection if ssh(1) cannot set up all requested dynamic, local, and remote port forwardings. ok djm, dtucker, stevesk, jmc
Revision 1.95 / (download) - annotate - [select for diffs], Sun Jul 2 17:12:58 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.94: +29 -9 lines
Diff to previous 1.94 (colored)
more details and clarity for tun(4) device forwarding; ok and help jmc@
Revision 1.94 / (download) - annotate - [select for diffs], Mon May 29 16:10:03 2006 UTC (17 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.93: +7 -2 lines
Diff to previous 1.93 (colored)
oops - previous was too long; split the list of auths up
Revision 1.93 / (download) - annotate - [select for diffs], Mon May 29 12:54:08 2006 UTC (17 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.92: +2 -2 lines
Diff to previous 1.92 (colored)
Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
Revision 1.92 / (download) - annotate - [select for diffs], Fri Mar 31 09:13:56 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.91: +2 -2 lines
Diff to previous 1.91 (colored)
remote user escape is %r not %h; spotted by jmc@
Revision 1.91 / (download) - annotate - [select for diffs], Fri Mar 31 09:09:30 2006 UTC (18 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.90: +2 -2 lines
Diff to previous 1.90 (colored)
kill trailing whitespace;
Revision 1.90 / (download) - annotate - [select for diffs], Thu Mar 30 10:41:25 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.89: +15 -2 lines
Diff to previous 1.89 (colored)
add percent escape chars to the IdentityFile option, bz #1159 based on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
Revision 1.89 / (download) - annotate - [select for diffs], Tue Mar 14 16:32:48 2006 UTC (18 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.88: +2 -1 lines
Diff to previous 1.88 (colored)
*AliveCountMax applies to protcol v2 only; ok dtucker, djm
Revision 1.88 / (download) - annotate - [select for diffs], Mon Mar 13 10:14:29 2006 UTC (18 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.87: +4 -1 lines
Diff to previous 1.87 (colored)
Allow config directives to contain whitespace by surrounding them by double quotes. mindrot #482, man page help from jmc@, ok djm@
Revision 1.87 / (download) - annotate - [select for diffs], Sun Feb 26 18:03:10 2006 UTC (18 years, 2 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.86: +2 -2 lines
Diff to previous 1.86 (colored)
comma;
Revision 1.86 / (download) - annotate - [select for diffs], Sun Feb 26 17:17:18 2006 UTC (18 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.85: +36 -36 lines
Diff to previous 1.85 (colored)
move PATTERNS to the end of the main body; requested by dtucker
Revision 1.85 / (download) - annotate - [select for diffs], Sat Feb 25 12:26:17 2006 UTC (18 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.84: +8 -1 lines
Diff to previous 1.84 (colored)
document the possible values for KbdInteractiveDevices; help/ok dtucker
Revision 1.84 / (download) - annotate - [select for diffs], Fri Feb 24 23:20:07 2006 UTC (18 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.83: +74 -78 lines
Diff to previous 1.83 (colored)
some grammar/wording fixes;
Revision 1.83 / (download) - annotate - [select for diffs], Fri Feb 24 20:31:31 2006 UTC (18 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.82: +3 -3 lines
Diff to previous 1.82 (colored)
more consistency fixes;
Revision 1.82 / (download) - annotate - [select for diffs], Fri Feb 24 20:22:16 2006 UTC (18 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.81: +2 -2 lines
Diff to previous 1.81 (colored)
some consistency fixes;
Revision 1.81 / (download) - annotate - [select for diffs], Fri Feb 24 10:37:07 2006 UTC (18 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.80: +9 -7 lines
Diff to previous 1.80 (colored)
tidy up the refs to PATTERNS;
Revision 1.80 / (download) - annotate - [select for diffs], Fri Feb 24 10:25:14 2006 UTC (18 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.79: +43 -11 lines
Diff to previous 1.79 (colored)
add section on patterns; from dtucker + myself
Revision 1.79 / (download) - annotate - [select for diffs], Sun Feb 19 20:12:25 2006 UTC (18 years, 3 months ago) by jmc
Branch: MAIN
Changes since 1.78: +2 -1 lines
Diff to previous 1.78 (colored)
add some vertical space;
Revision 1.78 / (download) - annotate - [select for diffs], Sun Feb 12 10:49:44 2006 UTC (18 years, 3 months ago) by jmc
Branch: MAIN
Changes since 1.77: +2 -2 lines
Diff to previous 1.77 (colored)
slight rewording; ok djm
Revision 1.77 / (download) - annotate - [select for diffs], Sun Feb 12 06:45:34 2006 UTC (18 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.76: +4 -2 lines
Diff to previous 1.76 (colored)
add a %l expansion code to the ControlPath, which is filled in with the local hostname at runtime. Requested by henning@ to avoid some problems with /home on NFS; ok dtucker@
Revision 1.61.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:58 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.61: +116 -37 lines
Diff to previous 1.61 (colored)
upgrade to OpenSSH 4.3
Revision 1.49.2.2 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:45 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.49.2.1: +116 -37 lines
Diff to previous 1.49.2.1 (colored) to branchpoint 1.49 (colored) next main 1.50 (colored)
upgrade to OpenSSH 4.3
Revision 1.76 / (download) - annotate - [select for diffs], Fri Jan 20 11:21:45 2006 UTC (18 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.75: +6 -6 lines
Diff to previous 1.75 (colored)
- word change, agreed w/ markus - consistency fixes
Revision 1.75 / (download) - annotate - [select for diffs], Fri Jan 20 00:14:55 2006 UTC (18 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.74: +16 -1 lines
Diff to previous 1.74 (colored)
Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot #1056 with feedback from jmc, djm and markus; ok jmc@ djm@
Revision 1.74 / (download) - annotate - [select for diffs], Thu Jan 12 22:26:02 2006 UTC (18 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.73: +4 -4 lines
Diff to previous 1.73 (colored)
refer to TCP forwarding, rather than TCP/IP forwarding;
Revision 1.73 / (download) - annotate - [select for diffs], Mon Jan 2 17:09:49 2006 UTC (18 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.72: +3 -3 lines
Diff to previous 1.72 (colored)
some corrections from michael knudsen;
Revision 1.72 / (download) - annotate - [select for diffs], Thu Dec 22 10:31:40 2005 UTC (18 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.71: +18 -18 lines
Diff to previous 1.71 (colored)
put the description of "UsePrivilegedPort" in the correct place;
Revision 1.71 / (download) - annotate - [select for diffs], Sat Dec 17 21:36:42 2005 UTC (18 years, 5 months ago) by stevesk
Branch: MAIN
Changes since 1.70: +2 -2 lines
Diff to previous 1.70 (colored)
spelling: intented -> intended
Revision 1.70 / (download) - annotate - [select for diffs], Sat Dec 17 21:13:05 2005 UTC (18 years, 5 months ago) by stevesk
Branch: MAIN
Changes since 1.69: +2 -2 lines
Diff to previous 1.69 (colored)
spelling: fowarding, fowarded
Revision 1.69 / (download) - annotate - [select for diffs], Thu Dec 8 21:37:50 2005 UTC (18 years, 5 months ago) by jmc
Branch: MAIN
Changes since 1.68: +4 -4 lines
Diff to previous 1.68 (colored)
new sentence, new line;
Revision 1.68 / (download) - annotate - [select for diffs], Thu Dec 8 18:34:11 2005 UTC (18 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.67: +7 -3 lines
Diff to previous 1.67 (colored)
two changes to the new ssh tunnel support. this breaks compatibility with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@
Revision 1.67 / (download) - annotate - [select for diffs], Thu Dec 8 15:06:29 2005 UTC (18 years, 5 months ago) by jmc
Branch: MAIN
Changes since 1.66: +30 -30 lines
Diff to previous 1.66 (colored)
keep options in order;
Revision 1.66 / (download) - annotate - [select for diffs], Thu Dec 8 14:59:44 2005 UTC (18 years, 5 months ago) by jmc
Branch: MAIN
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)
make `!command' a little clearer; ok reyk
Revision 1.65 / (download) - annotate - [select for diffs], Tue Dec 6 22:38:27 2005 UTC (18 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.64: +37 -1 lines
Diff to previous 1.64 (colored)
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
Revision 1.64 / (download) - annotate - [select for diffs], Sun Oct 30 08:43:47 2005 UTC (18 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.63: +2 -2 lines
Diff to previous 1.63 (colored)
remove trailing whitespace;
Revision 1.63 / (download) - annotate - [select for diffs], Sun Oct 30 01:23:19 2005 UTC (18 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.62: +5 -3 lines
Diff to previous 1.62 (colored)
mention control socket fallback behaviour, reported by tryponraj AT gmail.com
Revision 1.62 / (download) - annotate - [select for diffs], Mon Sep 19 11:37:34 2005 UTC (18 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.61: +24 -2 lines
Diff to previous 1.61 (colored)
mention ability to specify bind_address for DynamicForward and -D options; bz#1077 spotted by Haruyama Seigo
Revision 1.49.2.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:10 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.49: +65 -17 lines
Diff to previous 1.49 (colored)
upgrade to OpenSSH 4.2
Revision 1.38.2.3 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:01 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.38.2.2: +65 -17 lines
Diff to previous 1.38.2.2 (colored) to branchpoint 1.38 (colored) next main 1.39 (colored)
upgrade to OpenSSH 4.2
Revision 1.61 / (download) - annotate - [select for diffs], Fri Jul 8 12:53:10 2005 UTC (18 years, 10 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_8
Changes since 1.60: +3 -2 lines
Diff to previous 1.60 (colored)
new sentence, new line;
Revision 1.60 / (download) - annotate - [select for diffs], Fri Jul 8 10:20:41 2005 UTC (18 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.59: +3 -3 lines
Diff to previous 1.59 (colored)
change BindAddress to match recent ssh -b change; prompted by markus@
Revision 1.59 / (download) - annotate - [select for diffs], Mon Jul 4 11:29:51 2005 UTC (18 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.58: +3 -3 lines
Diff to previous 1.58 (colored)
fix Xr and a little grammar;
Revision 1.58 / (download) - annotate - [select for diffs], Mon Jul 4 00:58:43 2005 UTC (18 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.57: +7 -1 lines
Diff to previous 1.57 (colored)
implement support for X11 and agent forwarding over multiplex slave connections. Because of protocol limitations, the slave connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding their own. ok dtucker@ "put it in" deraadt@
Revision 1.57 / (download) - annotate - [select for diffs], Sat Jun 18 04:30:36 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.56: +4 -2 lines
Diff to previous 1.56 (colored)
allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
Revision 1.56 / (download) - annotate - [select for diffs], Wed Jun 8 11:25:09 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.55: +17 -1 lines
Diff to previous 1.55 (colored)
add ControlMaster=auto/autoask options to support opportunistic multiplexing; tested avsm@ and jakob@, ok markus@
Revision 1.55 / (download) - annotate - [select for diffs], Mon Jun 6 11:20:36 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.54: +11 -4 lines
Diff to previous 1.54 (colored)
introduce a generic %foo expansion function. replace existing % expansion and add expansion to ControlPath; ok markus@
Revision 1.38.2.2 / (download) - annotate - [select for diffs], Sun Jun 5 02:22:39 2005 UTC (18 years, 11 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.38.2.1: +19 -27 lines
Diff to previous 1.38.2.1 (colored) to branchpoint 1.38 (colored)
upgrade to OpenSSH 4.1
Revision 1.54 / (download) - annotate - [select for diffs], Mon May 23 23:32:46 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.53: +6 -3 lines
Diff to previous 1.53 (colored)
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
Revision 1.53 / (download) - annotate - [select for diffs], Fri May 20 11:23:32 2005 UTC (19 years ago) by jmc
Branch: MAIN
Changes since 1.52: +2 -3 lines
Diff to previous 1.52 (colored)
oops - article and spacing;
Revision 1.52 / (download) - annotate - [select for diffs], Fri May 20 10:50:55 2005 UTC (19 years ago) by djm
Branch: MAIN
Changes since 1.51: +10 -1 lines
Diff to previous 1.51 (colored)
give a ProxyCommand example using nc(1), with and ok jmc@
Revision 1.51 / (download) - annotate - [select for diffs], Tue Apr 26 13:08:37 2005 UTC (19 years ago) by jakob
Branch: MAIN
Changes since 1.50: +6 -1 lines
Diff to previous 1.50 (colored)
fallback gracefully if client cannot connect to ControlPath. ok djm@
Revision 1.50 / (download) - annotate - [select for diffs], Thu Apr 21 06:17:50 2005 UTC (19 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.49: +10 -10 lines
Diff to previous 1.49 (colored)
OpenSSH doesn't ever look at the $HOME environment variable, so don't say that we do (bz #623); ok deraadt@
Revision 1.49 / (download) - annotate - [select for diffs], Wed Mar 16 11:10:38 2005 UTC (19 years, 2 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE
Branch point for: OPENBSD_3_7
Changes since 1.48: +17 -25 lines
Diff to previous 1.48 (colored)
get the syntax right for {Local,Remote}Forward;
based on a diff from markus;
problem report from ponraj;
ok dtucker@ markus@ deraadt@
Revision 1.48 / (download) - annotate - [select for diffs], Sat Mar 12 11:55:03 2005 UTC (19 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.47: +3 -3 lines
Diff to previous 1.47 (colored)
escape `.' at eol to avoid double spacing issues;
Revision 1.29.2.2 / (download) - annotate - [select for diffs], Thu Mar 10 17:15:05 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.29.2.1: +89 -12 lines
Diff to previous 1.29.2.1 (colored) to branchpoint 1.29 (colored) next main 1.30 (colored)
upgrade to OpenSSH 4.0
Revision 1.38.2.1 / (download) - annotate - [select for diffs], Thu Mar 10 16:28:28 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.38: +89 -12 lines
Diff to previous 1.38 (colored)
upgrade to OpenSSH 4.0
Revision 1.47 / (download) - annotate - [select for diffs], Mon Mar 7 23:41:54 2005 UTC (19 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.46: +7 -7 lines
Diff to previous 1.46 (colored)
more macro simplification;
Revision 1.46 / (download) - annotate - [select for diffs], Tue Mar 1 14:55:23 2005 UTC (19 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.45: +16 -16 lines
Diff to previous 1.45 (colored)
do not mark up punctuation; whitespace;
Revision 1.45 / (download) - annotate - [select for diffs], Tue Mar 1 10:42:49 2005 UTC (19 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.44: +3 -2 lines
Diff to previous 1.44 (colored)
add tools for managing known_hosts files with hashed hostnames, including hashing existing files and deleting hosts by name; ok markus@ deraadt@
Revision 1.44 / (download) - annotate - [select for diffs], Tue Mar 1 10:40:27 2005 UTC (19 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.43: +16 -1 lines
Diff to previous 1.43 (colored)
add support for hashing host names and addresses added to known_hosts files, to improve privacy of which hosts user have been visiting; ok markus@ deraadt@
Revision 1.43 / (download) - annotate - [select for diffs], Tue Mar 1 10:09:52 2005 UTC (19 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.42: +61 -9 lines
Diff to previous 1.42 (colored)
bz#413: allow optional specification of bind address for port forwardings. Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports. ok markus@
Revision 1.42 / (download) - annotate - [select for diffs], Mon Feb 28 00:54:10 2005 UTC (19 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.41: +6 -1 lines
Diff to previous 1.41 (colored)
bz#849: document timeout on untrusted x11 forwarding sessions. Reported by orion AT cora.nwra.com; ok markus@
Revision 1.41 / (download) - annotate - [select for diffs], Fri Jan 28 18:14:09 2005 UTC (19 years, 3 months ago) by jmc
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)
wording; ok markus@
Revision 1.40 / (download) - annotate - [select for diffs], Fri Jan 28 15:05:43 2005 UTC (19 years, 3 months ago) by jmc
Branch: MAIN
Changes since 1.39: +3 -3 lines
Diff to previous 1.39 (colored)
grammar;
Revision 1.39 / (download) - annotate - [select for diffs], Thu Oct 7 10:10:24 2004 UTC (19 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.38: +5 -1 lines
Diff to previous 1.38 (colored)
document KbdInteractiveDevices; ok markus@
Revision 1.20.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:32 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.20.2.1: +86 -5 lines
Diff to previous 1.20.2.1 (colored) to branchpoint 1.20 (colored) next main 1.21 (colored)
upgrade to OpenSSH 3.9
Revision 1.29.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:27 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.29: +69 -6 lines
Diff to previous 1.29 (colored)
upgrade to OpenSSH 3.9
Revision 1.38 / (download) - annotate - [select for diffs], Sat Jun 26 09:11:14 2004 UTC (19 years, 10 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.37: +16 -16 lines
Diff to previous 1.37 (colored)
punctuation and grammar fixes. also, keep the options in order.
Revision 1.37 / (download) - annotate - [select for diffs], Thu Jun 17 15:10:14 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.36: +10 -1 lines
Diff to previous 1.36 (colored)
Add option for confirmation (ControlMaster=ask) via ssh-askpass before opening shared connections; ok markus@
Revision 1.36 / (download) - annotate - [select for diffs], Sun Jun 13 15:03:02 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.35: +23 -1 lines
Diff to previous 1.35 (colored)
implement session multiplexing in the client (the server has supported this since 2.0); ok markus@
Revision 1.35 / (download) - annotate - [select for diffs], Sun Jun 13 14:01:42 2004 UTC (19 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.34: +13 -1 lines
Diff to previous 1.34 (colored)
List supported ciphers in man pages, tidy up ssh -c; "looks fine" jmc@, ok markus@
Revision 1.34 / (download) - annotate - [select for diffs], Thu May 6 11:24:23 2004 UTC (20 years ago) by jmc
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
typo from John Cosimano (PR 3770);
Revision 1.33 / (download) - annotate - [select for diffs], Wed Apr 28 05:17:10 2004 UTC (20 years ago) by djm
Branch: MAIN
Changes since 1.32: +4 -4 lines
Diff to previous 1.32 (colored)
manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu)
Revision 1.32 / (download) - annotate - [select for diffs], Tue Apr 27 09:46:37 2004 UTC (20 years ago) by djm
Branch: MAIN
Changes since 1.31: +22 -1 lines
Diff to previous 1.31 (colored)
bz #815: implement ability to pass specified environment variables from the client to the server; ok markus@
Revision 1.31 / (download) - annotate - [select for diffs], Mon Apr 19 16:12:14 2004 UTC (20 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)
kill whitespace at eol;
Revision 1.30 / (download) - annotate - [select for diffs], Mon Apr 19 13:02:40 2004 UTC (20 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.29: +3 -4 lines
Diff to previous 1.29 (colored)
document strict permission checks on ~/.ssh/config; prompted by, with & ok jmc@
Revision 1.29 / (download) - annotate - [select for diffs], Fri Mar 5 10:53:58 2004 UTC (20 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.28: +19 -1 lines
Diff to previous 1.28 (colored)
add IdentitiesOnly; ok djm@, pb@
Revision 1.6.2.3 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:17 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.6.2.2: +94 -25 lines
Diff to previous 1.6.2.2 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.20.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:34 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.20: +94 -25 lines
Diff to previous 1.20 (colored)
upgrade to OpenSSH 3.8
Revision 1.28 / (download) - annotate - [select for diffs], Tue Dec 16 15:49:51 2003 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.27: +37 -1 lines
Diff to previous 1.27 (colored)
application layer keep alive (ServerAliveInterval ServerAliveCountMax) for ssh(1), similar to the sshd(8) option; ok beck@; with help from jmc and dtucker@
Revision 1.27 / (download) - annotate - [select for diffs], Sun Dec 14 12:37:21 2003 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.26: +2 -4 lines
Diff to previous 1.26 (colored)
we don't support GSS KEX; from Simon Wilkinson
Revision 1.26 / (download) - annotate - [select for diffs], Tue Dec 9 21:53:37 2003 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.25: +18 -18 lines
Diff to previous 1.25 (colored)
rename keepalive to tcpkeepalive; the old name causes too much confusion; ok djm, dtucker; with help from jmc@
Revision 1.25 / (download) - annotate - [select for diffs], Wed Nov 12 20:14:51 2003 UTC (20 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.24: +4 -4 lines
Diff to previous 1.24 (colored)
make verb agree with subject, and kill some whitespace;
Revision 1.24 / (download) - annotate - [select for diffs], Wed Nov 12 16:39:58 2003 UTC (20 years, 6 months ago) by jakob
Branch: MAIN
Changes since 1.23: +18 -1 lines
Diff to previous 1.23 (colored)
update SSHFP validation. ok markus@
Revision 1.23 / (download) - annotate - [select for diffs], Sun Oct 12 13:12:13 2003 UTC (20 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
note that EnableSSHKeySign should be in the non-hostspecific section; remove unnecessary .Pp; ok markus@
Revision 1.22 / (download) - annotate - [select for diffs], Sat Oct 11 08:24:08 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.21: +21 -3 lines
Diff to previous 1.21 (colored)
remote x11 clients are now untrusted by default, uses xauth(8) to generate untrusted cookies; ForwardX11Trusted=yes restores old behaviour. ok deraadt; feedback and ok djm/fries
Revision 1.21 / (download) - annotate - [select for diffs], Wed Oct 8 15:21:24 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
default GSS API to no in client, too; ok jakob, deraadt@
Revision 1.5.2.3 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:28 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.5.2.2: +65 -56 lines
Diff to previous 1.5.2.2 (colored) to branchpoint 1.5 (colored) next main 1.6 (colored)
upgrade to OpenSSH 3.7
Revision 1.6.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:44 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.6.2.1: +65 -56 lines
Diff to previous 1.6.2.1 (colored) to branchpoint 1.6 (colored)
upgrade to OpenSSH 3.7
Revision 1.20 / (download) - annotate - [select for diffs], Tue Sep 2 18:50:06 2003 UTC (20 years, 8 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.19: +3 -3 lines
Diff to previous 1.19 (colored)
escape punctuation; ok deraadt@
Revision 1.19 / (download) - annotate - [select for diffs], Thu Aug 28 12:54:34 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.18: +1 -13 lines
Diff to previous 1.18 (colored)
remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
Revision 1.18 / (download) - annotate - [select for diffs], Fri Aug 22 10:56:09 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.17: +13 -1 lines
Diff to previous 1.17 (colored)
support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
Revision 1.17 / (download) - annotate - [select for diffs], Wed Aug 13 08:46:31 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.16: +3 -25 lines
Diff to previous 1.16 (colored)
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others
Revision 1.16 / (download) - annotate - [select for diffs], Tue Jul 22 13:35:22 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.15: +1 -9 lines
Diff to previous 1.15 (colored)
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@
Revision 1.15 / (download) - annotate - [select for diffs], Wed Jul 2 14:51:16 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.14: +3 -3 lines
Diff to previous 1.14 (colored)
(re)add socks5 suppport to -D; ok djm@ now ssh(1) can act both as a socks 4 and socks 5 server and dynamically forward ports.
Revision 1.14 / (download) - annotate - [select for diffs], Mon Jun 23 09:02:44 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.13: +19 -1 lines
Diff to previous 1.13 (colored)
document EnableSSHKeysign; bugzilla #599; ok deraadt@, jmc@
Revision 1.13 / (download) - annotate - [select for diffs], Tue Jun 10 09:12:12 2003 UTC (20 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)
- section reorder - COMPATIBILITY merge - macro cleanup - kill whitespace at EOL - new sentence, new line ssh pages ok markus@
Revision 1.12 / (download) - annotate - [select for diffs], Mon Jun 2 08:31:10 2003 UTC (20 years, 11 months ago) by jakob
Branch: MAIN
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)
VerifyHostKeyDNS is v2 only. ok markus@
Revision 1.11 / (download) - annotate - [select for diffs], Tue May 20 12:09:32 2003 UTC (21 years ago) by jmc
Branch: MAIN
Changes since 1.10: +14 -11 lines
Diff to previous 1.10 (colored)
new sentence, new line
Revision 1.10 / (download) - annotate - [select for diffs], Fri May 16 03:27:12 2003 UTC (21 years ago) by djm
Branch: MAIN
Changes since 1.9: +8 -1 lines
Diff to previous 1.9 (colored)
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
Revision 1.9 / (download) - annotate - [select for diffs], Thu May 15 14:55:25 2003 UTC (21 years ago) by djm
Branch: MAIN
Changes since 1.8: +6 -1 lines
Diff to previous 1.8 (colored)
add a ConnectTimeout option to ssh, based on patch from Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
Revision 1.8 / (download) - annotate - [select for diffs], Wed May 14 18:16:20 2003 UTC (21 years ago) by jakob
Branch: MAIN
Changes since 1.7: +6 -1 lines
Diff to previous 1.7 (colored)
add experimental support for verifying hos keys using DNS as described in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
Revision 1.6.2.1 / (download) - annotate - [select for diffs], Sun May 11 12:01:52 2003 UTC (21 years ago) by margarida
Branch: OPENBSD_3_3
Changes since 1.6: +26 -22 lines
Diff to previous 1.6 (colored)
Update OpenSSH to version 3.6.1
Revision 1.5.2.2 / (download) - annotate - [select for diffs], Thu Apr 3 23:27:13 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.5.2.1: +26 -22 lines
Diff to previous 1.5.2.1 (colored) to branchpoint 1.5 (colored)
Update to OpenSSH 3.6.1
Revision 1.1.4.3 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:18 2003 UTC (21 years, 1 month ago) by miod
Branch: OPENBSD_3_1
Changes since 1.1.4.2: +27 -20 lines
Diff to previous 1.1.4.2 (colored) next main 1.2 (colored)
Merge OpenSSH 3.6.1
Revision 1.5.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:14 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.5: +4 -1 lines
Diff to previous 1.5 (colored)
Update to OpenSSH 3.6
Revision 1.7 / (download) - annotate - [select for diffs], Fri Mar 28 10:11:43 2003 UTC (21 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.6: +26 -22 lines
Diff to previous 1.6 (colored)
- killed whitespace - new sentence new line - .Bk for arguments ok markus@
Revision 1.6 / (download) - annotate - [select for diffs], Thu Feb 6 09:27:29 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.5: +4 -1 lines
Diff to previous 1.5 (colored)
support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@
Revision 1.1.2.3 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:07 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.1.2.2: +35 -7 lines
Diff to previous 1.1.2.2 (colored) next main 1.2 (colored)
Update to OpenSSH 3.5
Revision 1.1.4.2 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:53 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.1.4.1: +35 -7 lines
Diff to previous 1.1.4.1 (colored)
Update to OpenSSH 3.5
Revision 1.5 / (download) - annotate - [select for diffs], Thu Aug 29 22:54:10 2002 UTC (21 years, 8 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
state XAuthLocation is a full pathname
Revision 1.4 / (download) - annotate - [select for diffs], Thu Aug 29 16:09:02 2002 UTC (21 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.3: +11 -2 lines
Diff to previous 1.3 (colored)
more on UsePrivilegedPort and setuid root; ok markus@
Revision 1.3 / (download) - annotate - [select for diffs], Tue Aug 27 17:18:40 2002 UTC (21 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.2: +14 -1 lines
Diff to previous 1.2 (colored)
some warning text for ForwardAgent and ForwardX11; ok markus@
Revision 1.2 / (download) - annotate - [select for diffs], Sat Aug 17 23:55:01 2002 UTC (21 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.1: +11 -5 lines
Diff to previous 1.1 (colored)
ordered list here
Revision 1.1.2.2 / (download) - annotate - [select for diffs], Wed Jun 26 18:22:36 2002 UTC (21 years, 10 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.1.2.1: +6 -6 lines
Diff to previous 1.1.2.1 (colored)
There was an update to OpenSSH 3.4, and people rejoiced.
Revision 1.1.4.1 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:39 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
Pull in OpenSSH-3.4
Revision 1.1.2.1 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:18 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.1 / (download) - annotate - [select for diffs], Thu Jun 20 19:56:07 2002 UTC (21 years, 11 months ago) by stevesk
Branch: MAIN
Branch point for: OPENBSD_3_1,
OPENBSD_3_0
move configuration file options from ssh.1/sshd.8 to ssh_config.5/sshd_config.5; ok deraadt@ millert@