![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.368 / (download) - annotate - [select for diffs], Tue Apr 30 02:10:49 2024 UTC (2 weeks, 3 days ago) by djm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.367: +31 -1 lines
Diff to previous 1.367 (colored)
add explict check for server hostkey type against HostkeyAlgorithms. Allows HostkeyAlgorithms to disable implicit fallback from certificate keys to plain keys. ok markus@
Revision 1.367 / (download) - annotate - [select for diffs], Tue Apr 23 13:34:50 2024 UTC (3 weeks, 2 days ago) by jsg
Branch: MAIN
Changes since 1.366: +2 -2 lines
Diff to previous 1.366 (colored)
correct indentation; no functional change ok tb@
Revision 1.366 / (download) - annotate - [select for diffs], Thu Jan 11 01:45:36 2024 UTC (4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.365: +3 -1 lines
Diff to previous 1.365 (colored)
make DSA key support compile-time optional, defaulting to on ok markus@
Revision 1.365 / (download) - annotate - [select for diffs], Mon Nov 20 02:50:00 2023 UTC (5 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.364: +2 -2 lines
Diff to previous 1.364 (colored)
set errno=EAFNOSUPPORT when filtering addresses that don't match AddressFamily; yields slightly better error message if no address matches. bz#3526
Revision 1.364 / (download) - annotate - [select for diffs], Wed Nov 15 23:03:38 2023 UTC (6 months ago) by djm
Branch: MAIN
Changes since 1.363: +9 -1 lines
Diff to previous 1.363 (colored)
when connecting via socket (the default case), filter addresses by AddressFamily if one was specified. Fixes the case where, if CanonicalizeHostname is enabled, ssh may ignore AddressFamily. bz5326; ok dtucker
Revision 1.363 / (download) - annotate - [select for diffs], Fri Mar 10 07:17:08 2023 UTC (14 months, 1 week ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.362: +2 -2 lines
Diff to previous 1.362 (colored)
Explicitly ignore return from fcntl(... FD_CLOEXEC) here too. Coverity CID 291853.
Revision 1.362 / (download) - annotate - [select for diffs], Sun Mar 5 05:34:09 2023 UTC (14 months, 1 week ago) by dtucker
Branch: MAIN
Changes since 1.361: +1 -2 lines
Diff to previous 1.361 (colored)
Remove unused compat.h includes. We've previously removed a lot of the really old compatibility code, and with it went the need to include compat.h in most of the files that have it.
Revision 1.361 / (download) - annotate - [select for diffs], Fri Jan 13 02:44:02 2023 UTC (16 months ago) by djm
Branch: MAIN
Changes since 1.360: +6 -3 lines
Diff to previous 1.360 (colored)
avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none
and a hostkey in one of the system known hosts file changes;
ok dtucker@
Revision 1.360 / (download) - annotate - [select for diffs], Thu Nov 3 21:59:20 2022 UTC (18 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.359: +12 -8 lines
Diff to previous 1.359 (colored)
replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@
Revision 1.359 / (download) - annotate - [select for diffs], Mon Oct 24 22:43:36 2022 UTC (18 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.358: +9 -2 lines
Diff to previous 1.358 (colored)
Be more paranoid with host/domain names coming from the resolver: don't follow CNAMEs with invalid characters when canonicalising and never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@
Revision 1.358 / (download) - annotate - [select for diffs], Fri Aug 26 08:16:27 2022 UTC (20 months, 3 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.357: +2 -2 lines
Diff to previous 1.357 (colored)
whitespace
Revision 1.357 / (download) - annotate - [select for diffs], Fri Jun 3 03:21:09 2022 UTC (23 months, 2 weeks ago) by dtucker
Branch: MAIN
Changes since 1.356: +2 -2 lines
Diff to previous 1.356 (colored)
Add period at end of "not known by any other names" message. github PR#320 from jschauma, ok djm@
Revision 1.356 / (download) - annotate - [select for diffs], Sun Dec 19 22:10:24 2021 UTC (2 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.355: +2 -2 lines
Diff to previous 1.355 (colored)
ssh-add side of destination constraints Have ssh-add accept a list of "destination constraints" that allow restricting where keys may be used in conjunction with a ssh-agent/ssh that supports session ID/hostkey binding. Constraints are specified as either "[user@]host-pattern" or "host-pattern>[user@]host-pattern". The first form permits a key to be used to authenticate as the specified user to the specified host. The second form permits a key that has previously been permitted for use at a host to be available via a forwarded agent to an additional host. For example, constraining a key with "user1@host_a" and "host_a>host_b". Would permit authentication as "user1" at "host_a", and allow the key to be available on an agent forwarded to "host_a" only for authentication to "host_b". The key would not be visible on agent forwarded to other hosts or usable for authentication there. Internally, destination constraints use host keys to identify hosts. The host patterns are used to obtain lists of host keys for that destination that are communicated to the agent. The user/hostkeys are encoded using a new restrict-destination-v00@openssh.com key constraint. host keys are looked up in the default client user/system known_hosts files. It is possible to override this set on the command-line. feedback Jann Horn & markus@ ok markus@
Revision 1.355 / (download) - annotate - [select for diffs], Fri Jul 2 05:11:21 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.354: +1 -8 lines
Diff to previous 1.354 (colored)
Remove references to ChallengeResponseAuthentication in favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but not entirely equivalent. We retain the old name as deprecated alias so config files continue to work and a reference in the man page for people looking for it. Prompted by bz#3303 which pointed out the discrepancy between the two when used with Match. Man page help & ok jmc@, with & ok djm@
Revision 1.354 / (download) - annotate - [select for diffs], Fri Jun 25 06:20:39 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.353: +2 -2 lines
Diff to previous 1.353 (colored)
Use better language to refer to the user. From l1ving via github PR#250, ok jmc@
Revision 1.353 / (download) - annotate - [select for diffs], Tue Jun 8 06:54:40 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.352: +2 -2 lines
Diff to previous 1.352 (colored)
Allow argv_split() to optionally terminate tokenisation when it encounters an unquoted comment. Add some additional utility function for working with argument vectors, since we'll be switching to using them to parse ssh/sshd_config shortly. ok markus@ as part of a larger diff; tested in snaps
Revision 1.352 / (download) - annotate - [select for diffs], Sat Apr 3 06:18:41 2021 UTC (3 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.351: +9 -7 lines
Diff to previous 1.351 (colored)
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
Revision 1.351 / (download) - annotate - [select for diffs], Wed Mar 3 21:40:16 2021 UTC (3 years, 2 months ago) by sthen
Branch: MAIN
Changes since 1.350: +2 -2 lines
Diff to previous 1.350 (colored)
typo in other_hostkeys_message() display output, ok djm
Revision 1.350 / (download) - annotate - [select for diffs], Tue Jan 26 00:49:30 2021 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.349: +20 -36 lines
Diff to previous 1.349 (colored)
move check_host_cert() from sshconnect,c to sshkey.c and refactor it to make it more generally usable and testable. ok markus@
Revision 1.349 / (download) - annotate - [select for diffs], Tue Dec 22 00:15:23 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.348: +104 -6 lines
Diff to previous 1.348 (colored)
add a ssh_config KnownHostsCommand that allows the client to obtain known_hosts data from a command in addition to the usual files. The command accepts bunch of %-expansions, including details of the connection and the offered server host key. Note that the command may be invoked up to three times per connection (see the manpage for details). ok markus@
Revision 1.348 / (download) - annotate - [select for diffs], Sun Dec 20 23:40:19 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.347: +17 -12 lines
Diff to previous 1.347 (colored)
plumb ssh_conn_info through to sshconnect.c; feedback/ok markus@
Revision 1.347 / (download) - annotate - [select for diffs], Sun Dec 20 23:38:00 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.346: +5 -1 lines
Diff to previous 1.346 (colored)
allow UserKnownHostsFile=none; feedback and ok markus@
Revision 1.346 / (download) - annotate - [select for diffs], Sun Dec 20 23:36:51 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.345: +6 -6 lines
Diff to previous 1.345 (colored)
load_hostkeys()/hostkeys_foreach() variants for FILE* Add load_hostkeys_file() and hostkeys_foreach_file() that accept a FILE* argument instead of opening the file directly. Original load_hostkeys() and hostkeys_foreach() are implemented using these new interfaces. Add a u_int note field to the hostkey_entry and hostkey_foreach_line structs that is passed directly from the load_hostkeys() and hostkeys_foreach() call. This is a lightweight way to annotate results between different invocations of load_hostkeys(). ok markus@
Revision 1.345 / (download) - annotate - [select for diffs], Fri Nov 27 00:49:58 2020 UTC (3 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.344: +6 -1 lines
Diff to previous 1.344 (colored)
Set the specified TOS/DSCP for interactive use prior to TCP connect. The connection phase of the SSH session is time-sensitive (due to server side login grace periods) and is frequently interactive (e.g. entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after authentication completes. ok dtucker@
Revision 1.344 / (download) - annotate - [select for diffs], Sun Nov 22 22:37:11 2020 UTC (3 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.343: +3 -3 lines
Diff to previous 1.343 (colored)
when mentioning that the host key has changed, don't report the type because it is ambiguous as to whether it referred to the known or new host key. bz3216; ok dtucker@
Revision 1.343 / (download) - annotate - [select for diffs], Fri Nov 20 02:14:16 2020 UTC (3 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.342: +2 -2 lines
Diff to previous 1.342 (colored)
Explicitly initialize all members of the find_by_key_ctx struct. Initializing a single member should be enough (the spec says the remainder should be initialized as per the static rules) but some GCCs warn on this which prevents us testing with -Werror on those. ok deraadt@ djm@
Revision 1.342 / (download) - annotate - [select for diffs], Thu Nov 12 22:56:00 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.341: +191 -28 lines
Diff to previous 1.341 (colored)
when prompting the user to accept a new hostkey, display any other host names/addresses already associated with the key. E.g. > The authenticity of host 'test (10.0.0.1)' can't be established. > ECDSA key fingerprint is SHA256:milU4MODXm8iJQI18wlsbPG7Yup+34fuNNmV08qDnax. > This host key is known by the following other names/addresses: > ~/.ssh/known_hosts:1: host.example.org,10.0.0.1 > ~/.ssh/known_hosts:2: [hashed name] > ~/.ssh/known_hosts:3: [hashed name] > ~/.ssh/known_hosts:4: host > ~/.ssh/known_hosts:5: [host]:2222 > Are you sure you want to continue connecting (yes/no/[fingerprint])? feedback and ok markus@
Revision 1.341 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:02 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.340: +31 -37 lines
Diff to previous 1.340 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.340 / (download) - annotate - [select for diffs], Mon Oct 12 08:36:37 2020 UTC (3 years, 7 months ago) by kn
Branch: MAIN
Changes since 1.339: +5 -5 lines
Diff to previous 1.339 (colored)
Zap unused family parameter from ssh_connect_direct() sshconnect.c r1.241 from 2013 made it unused; found while reading code. OK djm
Revision 1.339 / (download) - annotate - [select for diffs], Wed Oct 7 02:26:28 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.338: +6 -1 lines
Diff to previous 1.338 (colored)
Disable UpdateHostkeys when hostkey checking fails If host key checking fails (i.e. a wrong host key is recorded for the server) and the user elects to continue (via StrictHostKeyChecking=no), then disable UpdateHostkeys for the session. reminded by Mark D. Baushke; ok markus@
Revision 1.338 / (download) - annotate - [select for diffs], Wed Oct 7 02:24:51 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.337: +28 -4 lines
Diff to previous 1.337 (colored)
don't UpdateHostkeys when the hostkey is verified by the GlobalKnownHostsFile file, support only UserKnownHostsFile matches suggested by Mark D. Baushke; feedback and ok markus@
Revision 1.337 / (download) - annotate - [select for diffs], Wed Oct 7 02:22:23 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.336: +12 -43 lines
Diff to previous 1.336 (colored)
revert kex->flags cert hostkey downgrade back to a plain key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@
Revision 1.336 / (download) - annotate - [select for diffs], Wed Oct 7 02:20:35 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.335: +7 -2 lines
Diff to previous 1.335 (colored)
simply disable UpdateHostkeys when a certificate successfully authenticated the host; simpler than the complicated plumbing via kex->flags we have now. ok markus@
Revision 1.335 / (download) - annotate - [select for diffs], Sun Oct 4 09:45:01 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.334: +3 -2 lines
Diff to previous 1.334 (colored)
when ordering host key algorithms in the client, consider the ECDSA key subtype; ok markus@
Revision 1.334 / (download) - annotate - [select for diffs], Sat Oct 3 09:22:26 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.333: +5 -23 lines
Diff to previous 1.333 (colored)
There are lots of place where we want to redirect stdin, stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@
Revision 1.333 / (download) - annotate - [select for diffs], Sat Oct 3 08:11:28 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.332: +43 -12 lines
Diff to previous 1.332 (colored)
record when the host key checking code downgrades a certificate host key to a plain key. This occurs when the user connects to a host with a certificate host key but no corresponding CA key configured in known_hosts; feedback and ok markus@
Revision 1.332 / (download) - annotate - [select for diffs], Wed Sep 9 21:57:27 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.331: +2 -2 lines
Diff to previous 1.331 (colored)
For the hostkey confirmation message: > Are you sure you want to continue connecting (yes/no/[fingerprint])? compare the fingerprint case sensitively; spotted Patrik Lundin ok dtucker
Revision 1.331 / (download) - annotate - [select for diffs], Tue Aug 11 09:49:57 2020 UTC (3 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.330: +3 -2 lines
Diff to previous 1.330 (colored)
let ssh_config(5)'s AddKeysToAgent keyword accept a time limit for keys in addition to its current flag options. Time-limited keys will automatically be removed from ssh-agent after their expiry time has passed; ok markus@
Revision 1.330 / (download) - annotate - [select for diffs], Fri Jul 17 03:43:42 2020 UTC (3 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.329: +4 -1 lines
Diff to previous 1.329 (colored)
Add a '%k' TOKEN that expands to the effective HostKey of the destination. This allows, eg, keeping host keys in individual files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@ (man page bits)
Revision 1.329 / (download) - annotate - [select for diffs], Fri Mar 13 04:01:56 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.328: +4 -3 lines
Diff to previous 1.328 (colored)
use sshpkt_fatal() for kex_exchange_identification() errors. This ensures that the logged errors are consistent with other transport- layer errors and that the relevant IP addresses are logged. bz3129 ok dtucker@
Revision 1.328 / (download) - annotate - [select for diffs], Sat Jan 25 07:17:18 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.327: +5 -4 lines
Diff to previous 1.327 (colored)
when AddKeysToAgent=yes is set and the key contains no comment, add the key to the agent with the key's path as the comment. bz2564
Revision 1.327 / (download) - annotate - [select for diffs], Thu Jan 23 07:10:22 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.326: +5 -5 lines
Diff to previous 1.326 (colored)
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
Revision 1.326 / (download) - annotate - [select for diffs], Wed Jan 22 07:38:30 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.325: +6 -5 lines
Diff to previous 1.325 (colored)
Ignore whitespace when checking explict fingerprint. When confirming a host key using the fingerprint itself, ignore leading and trailing whitespace. ok deraadt@ djm@
Revision 1.325 / (download) - annotate - [select for diffs], Sat Jan 11 16:23:10 2020 UTC (4 years, 4 months ago) by naddy
Branch: MAIN
Changes since 1.324: +4 -4 lines
Diff to previous 1.324 (colored)
revise the fix for reversed arguments on expand_proxy_command() Always put 'host' before 'host_arg' for consistency. ok markus@ djm@
Revision 1.324 / (download) - annotate - [select for diffs], Thu Jan 9 03:28:38 2020 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.323: +2 -2 lines
Diff to previous 1.323 (colored)
fix reversed arguments on expand_proxy_command(); spotted by anton@
Revision 1.323 / (download) - annotate - [select for diffs], Wed Nov 13 04:47:52 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.322: +2 -1 lines
Diff to previous 1.322 (colored)
stdarg.h required more broadly; ok djm
Revision 1.322 / (download) - annotate - [select for diffs], Tue Nov 12 19:33:08 2019 UTC (4 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.321: +2 -2 lines
Diff to previous 1.321 (colored)
enable ed25519 support; ok djm
Revision 1.321 / (download) - annotate - [select for diffs], Thu Oct 31 21:20:38 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.320: +5 -3 lines
Diff to previous 1.320 (colored)
ssh AddKeysToAgent support for U2F/FIDO keys feedback & ok markus@
Revision 1.320 / (download) - annotate - [select for diffs], Thu Oct 31 21:19:15 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.319: +2 -2 lines
Diff to previous 1.319 (colored)
add new agent key constraint for U2F/FIDO provider feedback & ok markus@
Revision 1.319 / (download) - annotate - [select for diffs], Fri Sep 13 04:31:19 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.318: +3 -3 lines
Diff to previous 1.318 (colored)
whitespace
Revision 1.318 / (download) - annotate - [select for diffs], Fri Sep 13 04:27:35 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.317: +20 -15 lines
Diff to previous 1.317 (colored)
allow %n to be expanded in ProxyCommand strings From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@
Revision 1.317 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.316: +13 -13 lines
Diff to previous 1.316 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.316 / (download) - annotate - [select for diffs], Fri Jun 21 04:21:04 2019 UTC (4 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.315: +2 -2 lines
Diff to previous 1.315 (colored)
Add protection for private keys at rest in RAM against speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@
Revision 1.315 / (download) - annotate - [select for diffs], Fri May 3 03:27:38 2019 UTC (5 years ago) by dtucker
Branch: MAIN
Changes since 1.314: +2 -1 lines
Diff to previous 1.314 (colored)
Free host on exit path. Patch from markus at blueflash.cc, ok djm@
Revision 1.314 / (download) - annotate - [select for diffs], Wed Feb 27 19:37:01 2019 UTC (5 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.313: +11 -3 lines
Diff to previous 1.313 (colored)
dup stdout/in for proxycommand=-, otherwise stdout might be redirected to /dev/null; ok djm@
Revision 1.313 / (download) - annotate - [select for diffs], Fri Feb 1 03:52:23 2019 UTC (5 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.312: +3 -2 lines
Diff to previous 1.312 (colored)
Save connection timeout and restore for 2nd and subsequent attempts, preventing them from having no timeout. bz#2918, ok djm@
Revision 1.312 / (download) - annotate - [select for diffs], Thu Jan 24 17:00:29 2019 UTC (5 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.311: +11 -8 lines
Diff to previous 1.311 (colored)
Accept the host key fingerprint as a synonym for "yes" when accepting an unknown host key. This allows you to paste a fingerprint obtained out of band into the yes/no prompt and have the client do the comparison for you. ok markus@ djm@
Revision 1.311 / (download) - annotate - [select for diffs], Sat Jan 19 21:36:38 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.310: +1 -22 lines
Diff to previous 1.310 (colored)
convert sshconnect.c to new packet API with & ok markus@
Revision 1.310 / (download) - annotate - [select for diffs], Sat Jan 19 21:31:32 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.309: +4 -1 lines
Diff to previous 1.309 (colored)
begin landing remaining refactoring of packet parsing API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@
Revision 1.309 / (download) - annotate - [select for diffs], Thu Dec 27 03:25:25 2018 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.308: +8 -180 lines
Diff to previous 1.308 (colored)
move client/server SSH-* banners to buffers under ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
Revision 1.308 / (download) - annotate - [select for diffs], Sun Nov 18 22:43:29 2018 UTC (5 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.307: +5 -3 lines
Diff to previous 1.307 (colored)
Fix inverted logic for redirecting ProxyCommand stderr to /dev/null. Fixes mosh in proxycommand mode that was broken by the previous ProxyCommand change that was reported by matthieu@. ok djm@ danj@
Revision 1.307 / (download) - annotate - [select for diffs], Fri Nov 16 06:17:38 2018 UTC (5 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.306: +32 -5 lines
Diff to previous 1.306 (colored)
redirect stderr of ProxyCommands to /dev/null when ssh is started with ControlPersist; based on patch from Steffen Prohaska
Revision 1.306 / (download) - annotate - [select for diffs], Mon Oct 15 11:28:50 2018 UTC (5 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.305: +1 -5 lines
Diff to previous 1.305 (colored)
struct sockaddr_storage is guaranteed to be large enough, no need to check the size. OK kn, deraadt
Revision 1.305 / (download) - annotate - [select for diffs], Thu Sep 20 03:30:44 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.304: +13 -4 lines
Diff to previous 1.304 (colored)
add CASignatureAlgorithms option for the client, allowing it to specify which signature algorithms may be used by CAs when signing certificates. Useful if you want to ban RSA/SHA1; ok markus@
Revision 1.304 / (download) - annotate - [select for diffs], Fri Jul 27 05:34:42 2018 UTC (5 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.303: +1 -3 lines
Diff to previous 1.303 (colored)
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
Revision 1.303 / (download) - annotate - [select for diffs], Thu Jul 19 23:03:16 2018 UTC (5 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.302: +2 -2 lines
Diff to previous 1.302 (colored)
Fix typo in comment. From Alexandru Iacob via github.
Revision 1.302 / (download) - annotate - [select for diffs], Thu Jul 19 10:28:47 2018 UTC (5 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.301: +10 -14 lines
Diff to previous 1.301 (colored)
Deprecate UsePrivilegedPort now that support for running ssh(1) setuid has been removed, remove supporting code and clean up references to it in the man pages We have not shipped ssh(1) the setuid bit since 2002. If ayone really needs to make connections from a low port number this can be implemented via a small setuid ProxyCommand. ok markus@ jmc@ djm@
Revision 1.301 / (download) - annotate - [select for diffs], Wed Jul 18 11:34:04 2018 UTC (5 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.300: +3 -25 lines
Diff to previous 1.300 (colored)
Remove support for running ssh(1) setuid and fatal if attempted. Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@
Revision 1.300 / (download) - annotate - [select for diffs], Wed Jul 11 18:53:29 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.299: +6 -6 lines
Diff to previous 1.299 (colored)
remove legacy key emulation layer; ok djm@
Revision 1.299 / (download) - annotate - [select for diffs], Mon Jul 9 21:03:30 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.298: +3 -3 lines
Diff to previous 1.298 (colored)
client: switch to sshbuf API; ok djm@
Revision 1.298 / (download) - annotate - [select for diffs], Tue Apr 10 00:10:49 2018 UTC (6 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.297: +2 -2 lines
Diff to previous 1.297 (colored)
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
Revision 1.297 / (download) - annotate - [select for diffs], Fri Feb 23 15:58:38 2018 UTC (6 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.296: +3 -2 lines
Diff to previous 1.296 (colored)
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
Revision 1.296 / (download) - annotate - [select for diffs], Fri Feb 23 04:18:46 2018 UTC (6 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.295: +3 -2 lines
Diff to previous 1.295 (colored)
Add missing braces. Caught by the tinderbox's -Werror=misleading-indentation, ok djm@
Revision 1.295 / (download) - annotate - [select for diffs], Fri Feb 23 02:34:33 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.294: +121 -21 lines
Diff to previous 1.294 (colored)
Add BindInterface ssh_config directive and -B command-line argument to ssh(1) that directs it to bind its outgoing connection to the address of the specified network interface. BindInterface prefers to use addresses that aren't loopback or link- local, but will fall back to those if no other addresses of the required family are available on that interface. Based on patch by Mike Manning in bz#2820, ok dtucker@
Revision 1.294 / (download) - annotate - [select for diffs], Sat Feb 10 09:25:35 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.293: +3 -3 lines
Diff to previous 1.293 (colored)
constify some private key-related functions; based on https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault
Revision 1.293 / (download) - annotate - [select for diffs], Wed Feb 7 22:52:45 2018 UTC (6 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.292: +2 -3 lines
Diff to previous 1.292 (colored)
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
Revision 1.292 / (download) - annotate - [select for diffs], Tue Jan 23 18:33:49 2018 UTC (6 years, 3 months ago) by stsp
Branch: MAIN
Changes since 1.291: +3 -2 lines
Diff to previous 1.291 (colored)
Add missing braces; fixes 'write: Socket is not connected' error in ssh. ok deraadt@
Revision 1.291 / (download) - annotate - [select for diffs], Tue Jan 23 05:27:21 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.290: +1 -4 lines
Diff to previous 1.290 (colored)
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
Revision 1.290 / (download) - annotate - [select for diffs], Tue Jan 23 05:17:04 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.289: +12 -5 lines
Diff to previous 1.289 (colored)
try harder to preserve errno during ssh_connect_direct() to make the final error message possibly accurate; bz#2814, ok dtucker@
Revision 1.289 / (download) - annotate - [select for diffs], Wed Dec 6 05:06:21 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.288: +6 -5 lines
Diff to previous 1.288 (colored)
don't accept junk after "yes" or "no" responses to hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@
Revision 1.288 / (download) - annotate - [select for diffs], Sat Nov 25 06:46:22 2017 UTC (6 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.287: +2 -2 lines
Diff to previous 1.287 (colored)
Add monotime_ts and monotime_tv that return monotonic timespec and timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@
Revision 1.287 / (download) - annotate - [select for diffs], Thu Sep 14 04:32:21 2017 UTC (6 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.286: +6 -43 lines
Diff to previous 1.286 (colored)
Revert commitid: gJtIN6rRTS3CHy9b. ------------- identify the case where SSHFP records are missing but other DNS RR types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ ------------- This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results are missing but the user already has the key in known_hosts Spotted by dtucker@
Revision 1.286 / (download) - annotate - [select for diffs], Tue Sep 12 06:32:07 2017 UTC (6 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.285: +22 -16 lines
Diff to previous 1.285 (colored)
refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
Revision 1.285 / (download) - annotate - [select for diffs], Sun Sep 3 23:33:13 2017 UTC (6 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.284: +18 -12 lines
Diff to previous 1.284 (colored)
Expand ssh_config's StrictModes option with two new settings: StrictModes=accept-new will automatically accept hitherto-unseen keys but will refuse connections for changed or invalid hostkeys. StrictModes=off is the same as StrictModes=no Motivation: StrictModes=no combines two behaviours for host key processing: automatically learning new hostkeys and continuing to connect to hosts with invalid/changed hostkeys. The latter behaviour is quite dangerous since it removes most of the protections the SSH protocol is supposed to provide. Quite a few users want to automatically learn hostkeys however, so this makes that feature available with less danger. At some point in the future, StrictModes=no will change to be a synonym for accept-new, with its current behaviour remaining available via StrictModes=off. bz#2400, suggested by Michael Samuel; ok markus
Revision 1.284 / (download) - annotate - [select for diffs], Fri Sep 1 05:53:56 2017 UTC (6 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.283: +43 -6 lines
Diff to previous 1.283 (colored)
identify the case where SSHFP records are missing but other DNS RR types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
Revision 1.283 / (download) - annotate - [select for diffs], Sat Jul 1 13:50:45 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.282: +1 -2 lines
Diff to previous 1.282 (colored)
remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus
Revision 1.282 / (download) - annotate - [select for diffs], Sat Jun 24 05:37:44 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.281: +62 -92 lines
Diff to previous 1.281 (colored)
switch sshconnect.c from (slightly abused) select() to poll(); ok deraadt@ a while back
Revision 1.281 / (download) - annotate - [select for diffs], Sat Jun 24 05:35:05 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.280: +4 -2 lines
Diff to previous 1.280 (colored)
use HostKeyAlias if specified instead of hostname for matching host certificate principal names; bz#2728; ok dtucker@
Revision 1.280 / (download) - annotate - [select for diffs], Tue May 30 14:13:40 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.279: +15 -12 lines
Diff to previous 1.279 (colored)
switch sshconnect.c to modern APIs; ok djm@
Revision 1.279 / (download) - annotate - [select for diffs], Tue May 30 08:52:19 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.278: +11 -11 lines
Diff to previous 1.278 (colored)
switch from Key typedef with struct sshkey; ok djm@
Revision 1.278 / (download) - annotate - [select for diffs], Mon May 1 02:27:11 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.277: +1 -3 lines
Diff to previous 1.277 (colored)
remove unused variable
Revision 1.277 / (download) - annotate - [select for diffs], Sun Apr 30 23:18:44 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.276: +1 -2 lines
Diff to previous 1.276 (colored)
remove KEY_RSA1 ok markus@
Revision 1.276 / (download) - annotate - [select for diffs], Sun Apr 30 23:13:25 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.275: +9 -23 lines
Diff to previous 1.275 (colored)
remove compat20/compat13/compat15 variables ok markus@
Revision 1.275 / (download) - annotate - [select for diffs], Sun Apr 30 23:11:45 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.274: +10 -39 lines
Diff to previous 1.274 (colored)
remove options.protocol and client Protocol configuration knob ok markus@
Revision 1.274 / (download) - annotate - [select for diffs], Sun Apr 30 23:10:43 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.273: +1 -6 lines
Diff to previous 1.273 (colored)
unifdef WITH_SSH1 ok markus@
Revision 1.273 / (download) - annotate - [select for diffs], Fri Mar 10 03:22:40 2017 UTC (7 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.272: +3 -1 lines
Diff to previous 1.272 (colored)
Plug descriptor leaks of auth_sock. From jjelen at redhat.com via bz#2687, ok djm@
Revision 1.272 / (download) - annotate - [select for diffs], Mon Sep 12 01:22:38 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.271: +2 -3 lines
Diff to previous 1.271 (colored)
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
Revision 1.271 / (download) - annotate - [select for diffs], Thu Jan 14 22:56:56 2016 UTC (8 years, 4 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.270: +2 -1 lines
Diff to previous 1.270 (colored)
fd leaks; report Qualys Security Advisory team; ok deraadt@
Revision 1.270 / (download) - annotate - [select for diffs], Thu Jan 14 16:17:40 2016 UTC (8 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.269: +3 -4 lines
Diff to previous 1.269 (colored)
remove roaming support; ok djm@
Revision 1.269 / (download) - annotate - [select for diffs], Fri Nov 20 01:45:29 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.268: +3 -2 lines
Diff to previous 1.268 (colored)
add cast to make -Werror clean
Revision 1.268 / (download) - annotate - [select for diffs], Thu Nov 19 08:23:27 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.267: +3 -1 lines
Diff to previous 1.267 (colored)
ban ConnectionAttempts=0, it makes no sense and would cause ssh_connect_direct() to print an uninitialised stack variable; bz#2500 reported by dvw AT phas.ubc.ca
Revision 1.267 / (download) - annotate - [select for diffs], Thu Nov 19 01:09:38 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.266: +28 -4 lines
Diff to previous 1.266 (colored)
print host certificate contents at debug level
Revision 1.266 / (download) - annotate - [select for diffs], Sun Nov 15 22:26:49 2015 UTC (8 years, 6 months ago) by jcs
Branch: MAIN
Changes since 1.265: +29 -1 lines
Diff to previous 1.265 (colored)
Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@
Revision 1.265 / (download) - annotate - [select for diffs], Fri Sep 4 04:55:24 2015 UTC (8 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.264: +3 -3 lines
Diff to previous 1.264 (colored)
correct function name in error messages
Revision 1.264 / (download) - annotate - [select for diffs], Fri Sep 4 03:57:38 2015 UTC (8 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.263: +2 -2 lines
Diff to previous 1.263 (colored)
remove extra newline in nethack-mode hostkey; from Christian Hesse bz#2686
Revision 1.263 / (download) - annotate - [select for diffs], Thu Aug 20 22:32:42 2015 UTC (8 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.262: +2 -2 lines
Diff to previous 1.262 (colored)
Do not cast result of malloc/calloc/realloc* if stdlib.h is in scope ok krw millert
Revision 1.262 / (download) - annotate - [select for diffs], Thu May 28 05:41:29 2015 UTC (8 years, 11 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.261: +2 -2 lines
Diff to previous 1.261 (colored)
Increase the allowed length of the known host file name in the log message to be consistent with other cases. Part of bz#1993, ok deraadt.
Revision 1.261 / (download) - annotate - [select for diffs], Tue Apr 14 04:17:03 2015 UTC (9 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.260: +2 -1 lines
Diff to previous 1.260 (colored)
Output remote username in debug output since with Host and Match it's not always obvious what it will be. bz#2368, ok djm@
Revision 1.260 / (download) - annotate - [select for diffs], Tue Mar 24 01:11:12 2015 UTC (9 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.259: +2 -2 lines
Diff to previous 1.259 (colored)
fix double-negative error message "ssh1 is not unsupported"
Revision 1.259 / (download) - annotate - [select for diffs], Wed Jan 28 22:36:00 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.258: +17 -9 lines
Diff to previous 1.258 (colored)
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
Revision 1.258 / (download) - annotate - [select for diffs], Mon Jan 26 06:10:03 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.257: +3 -2 lines
Diff to previous 1.257 (colored)
correctly match ECDSA subtype (== curve) for offered/recevied host keys. Fixes connection-killing host key mismatches when a server offers multiple ECDSA keys with different curve type (an extremely unlikely configuration). ok markus, "looks mechanical" deraadt@
Revision 1.257 / (download) - annotate - [select for diffs], Mon Jan 26 03:04:46 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.256: +10 -1 lines
Diff to previous 1.256 (colored)
Host key rotation support. Add a hostkeys@openssh.com protocol extension (global request) for a server to inform a client of all its available host key after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default on). ok markus@
Revision 1.256 / (download) - annotate - [select for diffs], Tue Jan 20 23:14:00 2015 UTC (9 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.255: +2 -2 lines
Diff to previous 1.255 (colored)
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
Revision 1.255 / (download) - annotate - [select for diffs], Mon Jan 19 20:20:20 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.254: +2 -2 lines
Diff to previous 1.254 (colored)
store compat flags in struct ssh; ok djm@
Revision 1.254 / (download) - annotate - [select for diffs], Sun Dec 21 22:27:56 2014 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.253: +16 -11 lines
Diff to previous 1.253 (colored)
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
Revision 1.253 / (download) - annotate - [select for diffs], Thu Dec 11 08:20:09 2014 UTC (9 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.252: +2 -1 lines
Diff to previous 1.252 (colored)
explicitly include sys/param.h in files that use the howmany() macro; from portable
Revision 1.252 / (download) - annotate - [select for diffs], Thu Dec 4 02:24:32 2014 UTC (9 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.251: +48 -18 lines
Diff to previous 1.251 (colored)
add RevokedHostKeys option for the client Allow textfile or KRL-based revocation of hostkeys.
Revision 1.251 / (download) - annotate - [select for diffs], Tue Jul 15 15:54:14 2014 UTC (9 years, 10 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.250: +2 -2 lines
Diff to previous 1.250 (colored)
Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
Revision 1.250 / (download) - annotate - [select for diffs], Thu Jul 3 22:23:46 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.249: +19 -4 lines
Diff to previous 1.249 (colored)
when rekeying, skip file/DNS lookup if it is the same as the key sent during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@
Revision 1.249 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.248: +2 -2 lines
Diff to previous 1.248 (colored)
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
Revision 1.248 / (download) - annotate - [select for diffs], Tue Apr 29 18:01:49 2014 UTC (10 years ago) by markus
Branch: MAIN
Changes since 1.247: +5 -1 lines
Diff to previous 1.247 (colored)
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Revision 1.247 / (download) - annotate - [select for diffs], Tue Apr 1 03:34:10 2014 UTC (10 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.246: +27 -17 lines
Diff to previous 1.246 (colored)
When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any certificate keys to plain keys and attempt SSHFP resolution. Prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys. Reported by mcv21 AT cam.ac.uk
Revision 1.246 / (download) - annotate - [select for diffs], Thu Feb 6 22:21:01 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.245: +18 -15 lines
Diff to previous 1.245 (colored)
in ssh_create_socket(), only do the getaddrinfo for BindAddress when BindAddress is actually specified. Fixes regression in 6.5 for UsePrivilegedPort=yes; patch from Corinna Vinschen
Revision 1.245 / (download) - annotate - [select for diffs], Sun Feb 2 03:44:31 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.244: +2 -2 lines
Diff to previous 1.244 (colored)
convert memset of potentially-private data to explicit_bzero()
Revision 1.244 / (download) - annotate - [select for diffs], Thu Jan 9 23:26:48 2014 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.243: +4 -1 lines
Diff to previous 1.243 (colored)
ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient, deranged and might make some attacks on KEX easier; ok markus@
Revision 1.243 / (download) - annotate - [select for diffs], Mon Dec 30 23:52:27 2013 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.242: +4 -1 lines
Diff to previous 1.242 (colored)
refuse RSA keys from old proprietary clients/servers that use the obsolete RSA+MD5 signature scheme. it will still be possible to connect with these clients/servers but only DSA keys will be accepted, and we'll deprecate them entirely in a future release. ok markus@
Revision 1.242 / (download) - annotate - [select for diffs], Sun Dec 29 05:57:02 2013 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.241: +9 -2 lines
Diff to previous 1.241 (colored)
when showing other hostkeys, don't forget Ed25519 keys
Revision 1.241 / (download) - annotate - [select for diffs], Wed Oct 16 02:31:46 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.240: +29 -45 lines
Diff to previous 1.240 (colored)
Implement client-side hostname canonicalisation to allow an explicit search path of domain suffixes to use to convert unqualified host names to fully-qualified ones for host key matching. This is particularly useful for host certificates, which would otherwise need to list unqualified names alongside fully-qualified ones (and this causes a number of problems). "looks fine" markus@
Revision 1.240 / (download) - annotate - [select for diffs], Thu Sep 19 01:26:29 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.239: +26 -25 lines
Diff to previous 1.239 (colored)
bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from swp AT swp.pp.ru; ok dtucker@
Revision 1.239 / (download) - annotate - [select for diffs], Tue Aug 20 00:11:38 2013 UTC (10 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.238: +106 -18 lines
Diff to previous 1.238 (colored)
Add a ssh_config ProxyUseFDPass option that supports the use of ProxyCommands that establish a connection and then pass a connected file descriptor back to ssh(1). This allows the ProxyCommand to exit rather than have to shuffle data back and forth and enables ssh to use getpeername, etc. to obtain address information just like it does with regular directly-connected sockets. ok markus@
Revision 1.238 / (download) - annotate - [select for diffs], Fri May 17 00:13:14 2013 UTC (11 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.237: +20 -21 lines
Diff to previous 1.237 (colored)
bye, bye xfree(); ok markus@
Revision 1.237 / (download) - annotate - [select for diffs], Fri Feb 22 19:13:56 2013 UTC (11 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.236: +8 -1 lines
Diff to previous 1.236 (colored)
support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
Revision 1.236 / (download) - annotate - [select for diffs], Fri Sep 14 16:51:34 2012 UTC (11 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.235: +1 -3 lines
Diff to previous 1.235 (colored)
remove unused variable
Revision 1.235 / (download) - annotate - [select for diffs], Fri Aug 17 01:30:00 2012 UTC (11 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.234: +34 -13 lines
Diff to previous 1.234 (colored)
Send client banner immediately, rather than waiting for the server to move first for SSH protocol 2 connections (the default). Patch based on one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
Revision 1.234 / (download) - annotate - [select for diffs], Tue May 24 07:15:47 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.233: +36 -36 lines
Diff to previous 1.233 (colored)
Remove undocumented legacy options UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile accept multiple paths per line and making their defaults include known_hosts2; ok markus
Revision 1.233 / (download) - annotate - [select for diffs], Mon May 23 03:52:55 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.232: +1 -2 lines
Diff to previous 1.232 (colored)
remove extra newline
Revision 1.232 / (download) - annotate - [select for diffs], Sun Jan 16 11:50:36 2011 UTC (13 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.231: +3 -1 lines
Diff to previous 1.231 (colored)
reset the SIGPIPE handler when forking to execute child processes; ok dtucker@
Revision 1.231 / (download) - annotate - [select for diffs], Thu Jan 6 23:01:35 2011 UTC (13 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.230: +4 -1 lines
Diff to previous 1.230 (colored)
reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; ok markus@
Revision 1.230 / (download) - annotate - [select for diffs], Tue Dec 14 11:59:06 2010 UTC (13 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.229: +3 -4 lines
Diff to previous 1.229 (colored)
don't mention key type in key-changed-warning, since we also print this warning if a new key type appears. ok djm@
Revision 1.229 / (download) - annotate - [select for diffs], Mon Nov 29 23:45:51 2010 UTC (13 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.228: +137 -134 lines
Diff to previous 1.228 (colored)
automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys that are preferred by default; with markus@
Revision 1.228 / (download) - annotate - [select for diffs], Wed Oct 6 21:10:21 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.227: +2 -2 lines
Diff to previous 1.227 (colored)
swapped args to kill(2)
Revision 1.227 / (download) - annotate - [select for diffs], Wed Oct 6 06:39:28 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.226: +14 -2 lines
Diff to previous 1.226 (colored)
kill proxy command on fatal() (we already kill it on clean exit); ok markus@
Revision 1.226 / (download) - annotate - [select for diffs], Tue Oct 5 05:13:18 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.225: +3 -3 lines
Diff to previous 1.225 (colored)
use default shell /bin/sh if $SHELL is ""; ok markus@
Revision 1.225 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.224: +2 -2 lines
Diff to previous 1.224 (colored)
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
Revision 1.224 / (download) - annotate - [select for diffs], Fri Apr 16 21:14:27 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.223: +2 -2 lines
Diff to previous 1.223 (colored)
oops, %r => remote username, not %u
Revision 1.223 / (download) - annotate - [select for diffs], Fri Apr 16 01:47:26 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.222: +4 -4 lines
Diff to previous 1.222 (colored)
revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
following changes:
move the nonce field to the beginning of the certificate where it can
better protect against chosen-prefix attacks on the signature hash
Rename "constraints" field to "critical options"
Add a new non-critical "extensions" field
Add a serial number
The older format is still support for authentication and cert generation
(use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
ok markus@
Revision 1.222 / (download) - annotate - [select for diffs], Wed Apr 14 22:27:42 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.221: +3 -3 lines
Diff to previous 1.221 (colored)
expand %r => remote username in ssh_config:ProxyCommand; ok deraadt markus
Revision 1.221 / (download) - annotate - [select for diffs], Sat Apr 10 00:04:30 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.220: +2 -2 lines
Diff to previous 1.220 (colored)
fix terminology: we didn't find a certificate in known_hosts, we found a CA key
Revision 1.220 / (download) - annotate - [select for diffs], Thu Mar 4 10:36:03 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.219: +22 -2 lines
Diff to previous 1.219 (colored)
Add a TrustedUserCAKeys option to sshd_config to specify CA keys that are trusted to authenticate users (in addition than doing it per-user in authorized_keys). Add a RevokedKeys option to sshd_config and a @revoked marker to known_hosts to allow keys to me revoked and banned for user or host authentication. feedback and ok markus@
Revision 1.219 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.218: +65 -13 lines
Diff to previous 1.218 (colored)
Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
Revision 1.218 / (download) - annotate - [select for diffs], Wed Jan 13 00:19:04 2010 UTC (14 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.217: +2 -2 lines
Diff to previous 1.217 (colored)
Fix a couple of typos/mispellings in comments
Revision 1.217 / (download) - annotate - [select for diffs], Sat Jan 9 23:04:13 2010 UTC (14 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.216: +2 -3 lines
Diff to previous 1.216 (colored)
Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
Revision 1.216 / (download) - annotate - [select for diffs], Tue Nov 10 04:30:45 2009 UTC (14 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.215: +6 -2 lines
Diff to previous 1.215 (colored)
Set close-on-exec on various descriptors so they don't get leaked to child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
Revision 1.215 / (download) - annotate - [select for diffs], Wed Oct 28 16:38:18 2009 UTC (14 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.214: +3 -2 lines
Diff to previous 1.214 (colored)
Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
Revision 1.214 / (download) - annotate - [select for diffs], Thu May 28 16:50:16 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.213: +5 -3 lines
Diff to previous 1.213 (colored)
Keep track of number of bytes read and written. Needed for upcoming changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@
Revision 1.213 / (download) - annotate - [select for diffs], Wed May 27 06:38:16 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
Changes since 1.212: +2 -2 lines
Diff to previous 1.212 (colored)
Un-static ssh_exchange_identification(), part of a larger change from Martin Forssen and needed for upcoming changes. ok markus@
Revision 1.212 / (download) - annotate - [select for diffs], Tue Oct 14 18:11:33 2008 UTC (15 years, 7 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.211: +3 -3 lines
Diff to previous 1.211 (colored)
use #define ROQUIET here; no binary change. ok dtucker@
Revision 1.211 / (download) - annotate - [select for diffs], Tue Jul 1 07:24:22 2008 UTC (15 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.210: +3 -3 lines
Diff to previous 1.210 (colored)
Send CR LF during protocol banner exchanges, but only for Protocol 2 only, in order to comply with RFC 4253. bz #1443, ok djm@
Revision 1.210 / (download) - annotate - [select for diffs], Tue Jul 1 07:20:52 2008 UTC (15 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.209: +13 -2 lines
Diff to previous 1.209 (colored)
Check ExitOnForwardFailure if forwardings are disabled due to a failed host key check. ok djm@
Revision 1.209 / (download) - annotate - [select for diffs], Thu Jun 26 11:46:31 2008 UTC (15 years, 10 months ago) by grunk
Branch: MAIN
Changes since 1.208: +7 -11 lines
Diff to previous 1.208 (colored)
Move SSH Fingerprint Visualization away from sharing the config option CheckHostIP to an own config option named VisualHostKey. While there, fix the behaviour that ssh would draw a random art picture on every newly seen host even when the option was not enabled. prodded by deraadt@, discussions, help and ok markus@ djm@ dtucker@
Revision 1.208 / (download) - annotate - [select for diffs], Thu Jun 12 23:24:58 2008 UTC (15 years, 11 months ago) by ian
Branch: MAIN
Changes since 1.207: +2 -2 lines
Diff to previous 1.207 (colored)
tweak wording in message, ok deraadt@ jmc@
Revision 1.207 / (download) - annotate - [select for diffs], Thu Jun 12 20:38:28 2008 UTC (15 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.206: +5 -18 lines
Diff to previous 1.206 (colored)
Make keepalive timeouts apply while waiting for a packet, particularly during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
Revision 1.206 / (download) - annotate - [select for diffs], Thu Jun 12 00:13:55 2008 UTC (15 years, 11 months ago) by grunk
Branch: MAIN
Changes since 1.205: +10 -2 lines
Diff to previous 1.205 (colored)
Make ssh print the random art also when ssh'ing to a host using IP only. spotted by naddy@, ok and help djm@ dtucker@
Revision 1.205 / (download) - annotate - [select for diffs], Thu Jun 12 00:03:49 2008 UTC (15 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.204: +2 -2 lines
Diff to previous 1.204 (colored)
Do not pass "0" strings as ports to getaddrinfo because the lookups can slow things down and we never use the service info anyway. bz #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok deraadt@ djm@ djm belives that the reason for the "0" strings is to ensure that it's not possible to call getaddrinfo with both host and port being NULL. In the case of canohost.c host is a local array. In the case of sshconnect.c, it's checked for null immediately before use. In dns.c it ultimately comes from ssh.c:main() and is guaranteed to be non-null but it's not obvious, so I added a warning message in case it is ever passed a null.
Revision 1.204 / (download) - annotate - [select for diffs], Wed Jun 11 21:01:35 2008 UTC (15 years, 11 months ago) by grunk
Branch: MAIN
Changes since 1.203: +19 -7 lines
Diff to previous 1.203 (colored)
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the graphical hash visualization schemes known as "random art", and by Dan Kaminsky's musings on the subject during a BlackOp talk at the 23C3 in Berlin. Scientific publication (original paper): "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf The algorithm used here is a worm crawling over a discrete plane, leaving a trace (augmenting the field) everywhere it goes. Movement is taken from dgst_raw 2bit-wise. Bumping into walls makes the respective movement vector be ignored for this turn, thus switching to the other color of the chessboard. Graphs are not unambiguous for now, because circles in graphs can be walked in either direction. discussions with several people, help, corrections and ok markus@ djm@
Revision 1.203 / (download) - annotate - [select for diffs], Thu Dec 27 14:22:08 2007 UTC (16 years, 4 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.202: +4 -4 lines
Diff to previous 1.202 (colored)
Add a small helper function to consistently handle the EAI_SYSTEM error code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@
Revision 1.202 / (download) - annotate - [select for diffs], Tue Sep 4 11:15:55 2007 UTC (16 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.201: +84 -21 lines
Diff to previous 1.201 (colored)
make ssh(1)'s ConnectTimeout option apply to both the TCP connection and SSH banner exchange (previously it just covered the TCP connection). This allows callers of ssh(1) to better detect and deal with stuck servers that accept a TCP connection but don't progress the protocol, and also makes ConnectTimeout useful for connections via a ProxyCommand; feedback and "looks ok" markus@
Revision 1.201 / (download) - annotate - [select for diffs], Thu Aug 23 03:23:26 2007 UTC (16 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.200: +6 -3 lines
Diff to previous 1.200 (colored)
Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally
Revision 1.168.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 00:44:05 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.168.2.2: +5 -6 lines
Diff to previous 1.168.2.2 (colored) to branchpoint 1.168 (colored) next main 1.169 (colored)
upgrade to OpenSSH 4.5
Revision 1.199.4.1 / (download) - annotate - [select for diffs], Wed Nov 8 00:42:11 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_4_0
Changes since 1.199: +5 -6 lines
Diff to previous 1.199 (colored) next main 1.200 (colored)
upgrade to OpenSSH 4.5
Revision 1.176.2.2 / (download) - annotate - [select for diffs], Wed Nov 8 00:17:14 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.176.2.1: +5 -6 lines
Diff to previous 1.176.2.1 (colored) to branchpoint 1.176 (colored) next main 1.177 (colored)
upgrade to OpenSSH 4.5
Revision 1.200 / (download) - annotate - [select for diffs], Tue Oct 10 10:12:45 2006 UTC (17 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.199: +5 -6 lines
Diff to previous 1.199 (colored)
sleep before retrying (not after) since sleep changes errno; fixes pr 5250; rad@twig.com; ok dtucker djm
Revision 1.168.2.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:33 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.168.2.1: +82 -56 lines
Diff to previous 1.168.2.1 (colored) to branchpoint 1.168 (colored)
upgrade to OpenSSH 4.4
Revision 1.176.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:51 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.176: +76 -55 lines
Diff to previous 1.176 (colored)
upgrade to OpenSSH 4.4
Revision 1.199 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE
Branch point for: OPENBSD_4_0
Changes since 1.198: +3 -4 lines
Diff to previous 1.198 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.198 / (download) - annotate - [select for diffs], Tue Aug 1 23:22:47 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.197: +2 -1 lines
Diff to previous 1.197 (colored)
move #include <stdio.h> out of includes.h
Revision 1.197 / (download) - annotate - [select for diffs], Tue Aug 1 11:34:36 2006 UTC (17 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.196: +25 -9 lines
Diff to previous 1.196 (colored)
Allow fallback to known_hosts entries without port qualifiers for non-standard ports too, so that all existing known_hosts entries will be recognised. Requested by, feedback and ok markus@
Revision 1.196 / (download) - annotate - [select for diffs], Wed Jul 26 13:57:17 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.195: +2 -1 lines
Diff to previous 1.195 (colored)
move #include <stdlib.h> out of includes.h
Revision 1.195 / (download) - annotate - [select for diffs], Tue Jul 25 02:59:21 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.194: +2 -1 lines
Diff to previous 1.194 (colored)
move #include <sys/time.h> out of includes.h
Revision 1.194 / (download) - annotate - [select for diffs], Mon Jul 24 13:58:22 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.193: +7 -2 lines
Diff to previous 1.193 (colored)
disable tunnel forwarding when no strict host key checking and key changed; ok djm@ markus@ dtucker@
Revision 1.193 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.192: +2 -1 lines
Diff to previous 1.192 (colored)
move #include <string.h> out of includes.h
Revision 1.192 / (download) - annotate - [select for diffs], Mon Jul 17 01:31:10 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.191: +2 -1 lines
Diff to previous 1.191 (colored)
move #include <unistd.h> out of includes.h
Revision 1.191 / (download) - annotate - [select for diffs], Wed Jul 12 22:28:52 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.190: +2 -1 lines
Diff to previous 1.190 (colored)
move #include <netdb.h> out of includes.h; ok djm@
Revision 1.190 / (download) - annotate - [select for diffs], Tue Jul 11 20:07:25 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.189: +2 -1 lines
Diff to previous 1.189 (colored)
move #include <errno.h> out of includes.h; ok markus@
Revision 1.189 / (download) - annotate - [select for diffs], Mon Jul 10 12:46:51 2006 UTC (17 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.188: +15 -10 lines
Diff to previous 1.188 (colored)
Add port identifier to known_hosts for non-default ports, based originally on a patch from Devin Nate in bz#910. For any connection using the default port or using a HostKeyAlias the format is unchanged, otherwise the host name or address is enclosed within square brackets in the same format as sshd's ListenAddress. Tested by many, ok markus@.
Revision 1.188 / (download) - annotate - [select for diffs], Thu Jul 6 16:03:53 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.187: +2 -1 lines
Diff to previous 1.187 (colored)
move #include <pwd.h> out of includes.h; ok markus@
Revision 1.187 / (download) - annotate - [select for diffs], Wed Jul 5 02:42:09 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.186: +4 -1 lines
Diff to previous 1.186 (colored)
move #include <netinet/in.h> out of includes.h; ok deraadt@
Revision 1.186 / (download) - annotate - [select for diffs], Mon Jul 3 08:54:20 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.185: +2 -1 lines
Diff to previous 1.185 (colored)
move #include "version.h" out of includes.h; ok markus@
Revision 1.185 / (download) - annotate - [select for diffs], Wed Jun 14 10:50:42 2006 UTC (17 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.184: +5 -3 lines
Diff to previous 1.184 (colored)
limit the number of pre-banner characters we will accept; ok markus@
Revision 1.184 / (download) - annotate - [select for diffs], Thu Jun 8 14:45:49 2006 UTC (17 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.183: +2 -2 lines
Diff to previous 1.183 (colored)
do not set the gid, noted by solar; ok djm
Revision 1.183 / (download) - annotate - [select for diffs], Tue Jun 6 10:20:20 2006 UTC (17 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.182: +2 -3 lines
Diff to previous 1.182 (colored)
replace remaining setuid() calls with permanently_set_uid() and check seteuid() return values; report Marcus Meissner; ok dtucker djm
Revision 1.182 / (download) - annotate - [select for diffs], Wed May 17 12:43:34 2006 UTC (18 years ago) by markus
Branch: MAIN
Changes since 1.181: +2 -1 lines
Diff to previous 1.181 (colored)
fix leak; coverity via Kylene Jo Hall
Revision 1.181 / (download) - annotate - [select for diffs], Thu Apr 20 09:47:59 2006 UTC (18 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.180: +9 -20 lines
Diff to previous 1.180 (colored)
simplify; ok djm@
Revision 1.180 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.179: +1 -0 lines
Diff to previous 1.179 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.179 / (download) - annotate - [select for diffs], Sat Mar 25 00:05:41 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.178: +5 -12 lines
Diff to previous 1.178 (colored)
introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
Revision 1.178 / (download) - annotate - [select for diffs], Mon Mar 20 18:42:27 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.177: +1 -1 lines
Diff to previous 1.177 (colored)
be strict with tolower() casting
Revision 1.177 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:19 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.176: +0 -1 lines
Diff to previous 1.176 (colored)
RCSID() can die
Revision 1.176 / (download) - annotate - [select for diffs], Wed Feb 22 00:04:45 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.175: +2 -1 lines
Diff to previous 1.175 (colored)
move #include <ctype.h> out of includes.h; ok djm@
Revision 1.175 / (download) - annotate - [select for diffs], Mon Feb 20 17:19:54 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.174: +2 -1 lines
Diff to previous 1.174 (colored)
move #include <sys/stat.h> out of includes.h; ok markus@
Revision 1.174 / (download) - annotate - [select for diffs], Fri Feb 10 01:44:27 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.173: +4 -1 lines
Diff to previous 1.173 (colored)
move #include <sys/wait.h> out of includes.h; ok markus@
Revision 1.173 / (download) - annotate - [select for diffs], Wed Feb 8 14:16:59 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.172: +1 -3 lines
Diff to previous 1.172 (colored)
<openssl/bn.h> not needed
Revision 1.172 / (download) - annotate - [select for diffs], Wed Feb 8 12:15:27 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.171: +3 -1 lines
Diff to previous 1.171 (colored)
move #include <paths.h> out of includes.h; ok markus@
Revision 1.168.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:58 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.168: +39 -4 lines
Diff to previous 1.168 (colored)
upgrade to OpenSSH 4.3
Revision 1.162.2.2 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:45 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.162.2.1: +39 -4 lines
Diff to previous 1.162.2.1 (colored) to branchpoint 1.162 (colored) next main 1.163 (colored)
upgrade to OpenSSH 4.3
Revision 1.171 / (download) - annotate - [select for diffs], Tue Dec 6 22:38:27 2005 UTC (18 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.170: +37 -1 lines
Diff to previous 1.170 (colored)
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
Revision 1.170 / (download) - annotate - [select for diffs], Sun Oct 30 08:52:18 2005 UTC (18 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.169: +2 -2 lines
Diff to previous 1.169 (colored)
no need to escape single quotes in comments, no binary change
Revision 1.169 / (download) - annotate - [select for diffs], Sat Oct 15 15:28:12 2005 UTC (18 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.168: +2 -3 lines
Diff to previous 1.168 (colored)
make external definition static; ok deraadt@
Revision 1.162.2.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:10 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.162: +22 -48 lines
Diff to previous 1.162 (colored)
upgrade to OpenSSH 4.2
Revision 1.158.2.3 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:01 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.158.2.2: +22 -48 lines
Diff to previous 1.158.2.2 (colored) to branchpoint 1.158 (colored) next main 1.159 (colored)
upgrade to OpenSSH 4.2
Revision 1.168 / (download) - annotate - [select for diffs], Sun Jul 17 07:17:55 2005 UTC (18 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_8
Changes since 1.167: +4 -4 lines
Diff to previous 1.167 (colored)
knf says that a 2nd level indent is four (not three or five) spaces
Revision 1.167 / (download) - annotate - [select for diffs], Sat Jul 16 01:35:24 2005 UTC (18 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.166: +2 -2 lines
Diff to previous 1.166 (colored)
spacing
Revision 1.166 / (download) - annotate - [select for diffs], Fri Jun 17 22:53:47 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.165: +1 -10 lines
Diff to previous 1.165 (colored)
Fix ControlPath's %p expanding to "0" for a default port, spotted dwmw2 AT infradead.org; ok markus@
Revision 1.165 / (download) - annotate - [select for diffs], Fri Jun 17 02:44:33 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.164: +3 -2 lines
Diff to previous 1.164 (colored)
make this -Wsign-compare clean; ok avsm@ markus@
Revision 1.164 / (download) - annotate - [select for diffs], Mon Jun 6 11:20:36 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.163: +11 -30 lines
Diff to previous 1.163 (colored)
introduce a generic %foo expansion function. replace existing % expansion and add expansion to ControlPath; ok markus@
Revision 1.158.2.2 / (download) - annotate - [select for diffs], Sun Jun 5 02:22:39 2005 UTC (18 years, 11 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.158.2.1: +3 -3 lines
Diff to previous 1.158.2.1 (colored) to branchpoint 1.158 (colored)
upgrade to OpenSSH 4.1
Revision 1.163 / (download) - annotate - [select for diffs], Tue May 24 17:32:44 2005 UTC (18 years, 11 months ago) by avsm
Branch: MAIN
Changes since 1.162: +7 -6 lines
Diff to previous 1.162 (colored)
Switch atomicio to use a simpler interface; it now returns a size_t
(containing number of bytes read/written), and indicates error by
returning 0. EOF is signalled by errno==EPIPE.
Typical use now becomes:
if (atomicio(read, ..., len) != len)
err(1,"read");
ok deraadt@, cloder@, djm@
Revision 1.162 / (download) - annotate - [select for diffs], Thu Mar 10 22:01:06 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE
Branch point for: OPENBSD_3_7
Changes since 1.161: +3 -3 lines
Diff to previous 1.161 (colored)
spacing
Revision 1.156.2.2 / (download) - annotate - [select for diffs], Thu Mar 10 17:15:05 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.156.2.1: +28 -26 lines
Diff to previous 1.156.2.1 (colored) to branchpoint 1.156 (colored) next main 1.157 (colored)
upgrade to OpenSSH 4.0
Revision 1.158.2.1 / (download) - annotate - [select for diffs], Thu Mar 10 16:28:28 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.158: +28 -26 lines
Diff to previous 1.158 (colored)
upgrade to OpenSSH 4.0
Revision 1.161 / (download) - annotate - [select for diffs], Wed Mar 2 01:00:06 2005 UTC (19 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.160: +25 -10 lines
Diff to previous 1.160 (colored)
fix addition of new hashed hostnames when CheckHostIP=yes; found and ok dtucker@
Revision 1.160 / (download) - annotate - [select for diffs], Tue Mar 1 10:40:27 2005 UTC (19 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.159: +4 -3 lines
Diff to previous 1.159 (colored)
add support for hashing host names and addresses added to known_hosts files, to improve privacy of which hosts user have been visiting; ok markus@ deraadt@
Revision 1.159 / (download) - annotate - [select for diffs], Wed Jan 5 08:51:32 2005 UTC (19 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.158: +3 -17 lines
Diff to previous 1.158 (colored)
remove dead code, log connect() failures with level error, ok djm@
Revision 1.147.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:32 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.147.2.1: +6 -7 lines
Diff to previous 1.147.2.1 (colored) to branchpoint 1.147 (colored) next main 1.148 (colored)
upgrade to OpenSSH 3.9
Revision 1.156.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:27 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.156: +6 -7 lines
Diff to previous 1.156 (colored)
upgrade to OpenSSH 3.9
Revision 1.158 / (download) - annotate - [select for diffs], Mon Jun 21 17:36:31 2004 UTC (19 years, 10 months ago) by avsm
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.157: +6 -6 lines
Diff to previous 1.157 (colored)
make ssh -Wshadow clean, no functional changes markus@ ok
Revision 1.157 / (download) - annotate - [select for diffs], Sat May 8 00:21:31 2004 UTC (20 years ago) by djm
Branch: MAIN
Changes since 1.156: +1 -2 lines
Diff to previous 1.156 (colored)
kill a tiny header; ok deraadt@
Revision 1.137.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:17 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.137.2.1: +58 -50 lines
Diff to previous 1.137.2.1 (colored) to branchpoint 1.137 (colored) next main 1.138 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.147.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:34 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.147: +58 -50 lines
Diff to previous 1.147 (colored)
upgrade to OpenSSH 3.8
Revision 1.156 / (download) - annotate - [select for diffs], Sun Jan 25 03:49:09 2004 UTC (20 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.155: +6 -5 lines
Diff to previous 1.155 (colored)
reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785) from jclonguet AT free.fr; ok millert@
Revision 1.155 / (download) - annotate - [select for diffs], Tue Dec 9 21:53:37 2003 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.154: +3 -3 lines
Diff to previous 1.154 (colored)
rename keepalive to tcpkeepalive; the old name causes too much confusion; ok djm, dtucker; with help from jmc@
Revision 1.154 / (download) - annotate - [select for diffs], Fri Nov 21 11:57:03 2003 UTC (20 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.153: +5 -5 lines
Diff to previous 1.153 (colored)
unexpand and delete whitespace at EOL; ok markus@
Revision 1.153 / (download) - annotate - [select for diffs], Wed Nov 12 16:39:58 2003 UTC (20 years, 6 months ago) by jakob
Branch: MAIN
Changes since 1.152: +21 -19 lines
Diff to previous 1.152 (colored)
update SSHFP validation. ok markus@
Revision 1.152 / (download) - annotate - [select for diffs], Mon Nov 10 16:23:41 2003 UTC (20 years, 6 months ago) by jakob
Branch: MAIN
Changes since 1.151: +2 -2 lines
Diff to previous 1.151 (colored)
constify. ok markus@ & djm@
Revision 1.151 / (download) - annotate - [select for diffs], Mon Nov 3 09:37:32 2003 UTC (20 years, 6 months ago) by jakob
Branch: MAIN
Changes since 1.150: +2 -3 lines
Diff to previous 1.150 (colored)
do not free static type pointer in warn_changed_key()
Revision 1.150 / (download) - annotate - [select for diffs], Mon Nov 3 09:09:41 2003 UTC (20 years, 6 months ago) by jakob
Branch: MAIN
Changes since 1.149: +25 -12 lines
Diff to previous 1.149 (colored)
move changed key warning into warn_changed_key(). ok markus@
Revision 1.149 / (download) - annotate - [select for diffs], Tue Oct 14 19:42:10 2003 UTC (20 years, 7 months ago) by jakob
Branch: MAIN
Changes since 1.148: +1 -9 lines
Diff to previous 1.148 (colored)
include SSHFP lookup code (not enabled by default). ok markus@
Revision 1.148 / (download) - annotate - [select for diffs], Thu Sep 18 07:52:54 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.147: +3 -2 lines
Diff to previous 1.147 (colored)
missing {}; bug #656; jclonguet at free.fr
Revision 1.135.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:28 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.135.2.1: +156 -28 lines
Diff to previous 1.135.2.1 (colored) to branchpoint 1.135 (colored) next main 1.136 (colored)
upgrade to OpenSSH 3.7
Revision 1.137.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:44 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.137: +156 -28 lines
Diff to previous 1.137 (colored)
upgrade to OpenSSH 3.7
Revision 1.147 / (download) - annotate - [select for diffs], Sun Jun 29 12:44:38 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.146: +2 -2 lines
Diff to previous 1.146 (colored)
memset 0, not \0; andrushock@korovino.net
Revision 1.146 / (download) - annotate - [select for diffs], Sat Jun 28 16:23:06 2003 UTC (20 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.145: +2 -2 lines
Diff to previous 1.145 (colored)
deal with typing of write vs read in atomicio
Revision 1.145 / (download) - annotate - [select for diffs], Wed Jun 11 10:16:16 2003 UTC (20 years, 11 months ago) by jakob
Branch: MAIN
Changes since 1.144: +34 -8 lines
Diff to previous 1.144 (colored)
clean up check_host_key() and improve SSHFP feedback. ok markus@
Revision 1.144 / (download) - annotate - [select for diffs], Wed Jun 4 08:25:18 2003 UTC (20 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.143: +13 -2 lines
Diff to previous 1.143 (colored)
disable challenge/response and keyboard-interactive auth methods upon hostkey mismatch. based on patch from fcusack AT fcusack.com. bz #580; ok markus@
Revision 1.143 / (download) - annotate - [select for diffs], Mon May 26 12:54:40 2003 UTC (20 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.142: +3 -3 lines
Diff to previous 1.142 (colored)
fix format strings; ok markus@
Revision 1.142 / (download) - annotate - [select for diffs], Fri May 23 08:29:30 2003 UTC (20 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.141: +9 -7 lines
Diff to previous 1.141 (colored)
fix leak; ok markus@
Revision 1.141 / (download) - annotate - [select for diffs], Thu May 15 14:55:25 2003 UTC (21 years ago) by djm
Branch: MAIN
Changes since 1.140: +68 -2 lines
Diff to previous 1.140 (colored)
add a ConnectTimeout option to ssh, based on patch from Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
Revision 1.140 / (download) - annotate - [select for diffs], Wed May 14 18:16:21 2003 UTC (21 years ago) by jakob
Branch: MAIN
Changes since 1.139: +22 -1 lines
Diff to previous 1.139 (colored)
add experimental support for verifying hos keys using DNS as described in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
Revision 1.139 / (download) - annotate - [select for diffs], Mon Apr 14 14:17:50 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.138: +10 -8 lines
Diff to previous 1.138 (colored)
avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
Revision 1.138 / (download) - annotate - [select for diffs], Tue Apr 8 20:21:29 2003 UTC (21 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.137: +11 -11 lines
Diff to previous 1.137 (colored)
rename log() into logit() to avoid name conflict. markus ok, from netbsd
Revision 1.119.2.3 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:18 2003 UTC (21 years, 1 month ago) by miod
Branch: OPENBSD_3_1
Changes since 1.119.2.2: +6 -6 lines
Diff to previous 1.119.2.2 (colored) to branchpoint 1.119 (colored) next main 1.120 (colored)
Merge OpenSSH 3.6.1
Revision 1.135.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:14 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.135: +6 -6 lines
Diff to previous 1.135 (colored)
Update to OpenSSH 3.6
Revision 1.137 / (download) - annotate - [select for diffs], Thu Nov 21 23:03:51 2002 UTC (21 years, 5 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.136: +5 -5 lines
Diff to previous 1.136 (colored)
KNF
Revision 1.136 / (download) - annotate - [select for diffs], Thu Nov 21 22:45:31 2002 UTC (21 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.135: +2 -2 lines
Diff to previous 1.135 (colored)
debug->debug2, unify debug messages
Revision 1.115.2.4 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:07 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.115.2.3: +87 -31 lines
Diff to previous 1.115.2.3 (colored) to branchpoint 1.115 (colored) next main 1.116 (colored)
Update to OpenSSH 3.5
Revision 1.119.2.2 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:53 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.119.2.1: +87 -31 lines
Diff to previous 1.119.2.1 (colored) to branchpoint 1.119 (colored)
Update to OpenSSH 3.5
Revision 1.135 / (download) - annotate - [select for diffs], Thu Sep 19 01:58:18 2002 UTC (21 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.134: +13 -3 lines
Diff to previous 1.134 (colored)
bugzilla.mindrot.org #223 - ProxyCommands don't exit. Patch from dtucker@zip.com.au; ok markus@
Revision 1.134 / (download) - annotate - [select for diffs], Fri Sep 13 19:23:09 2002 UTC (21 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.133: +1 -11 lines
Diff to previous 1.133 (colored)
remove use of SO_LINGER, it should not be needed. error check SO_REUSEADDR. fixup comments. ok markus@
Revision 1.133 / (download) - annotate - [select for diffs], Mon Jul 29 18:57:30 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.132: +2 -2 lines
Diff to previous 1.132 (colored)
print file:line
Revision 1.132 / (download) - annotate - [select for diffs], Wed Jul 24 16:11:18 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.131: +69 -4 lines
Diff to previous 1.131 (colored)
print out all known keys for a host if we get a unknown host key, see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4 the ssharp mitm tool attacks users in a similar way, so i'd like to pointed out again: A MITM attack is always possible if the ssh client prints: The authenticity of host 'bla' can't be established. (protocol version 2 with pubkey authentication allows you to detect MITM attacks)
Revision 1.131 / (download) - annotate - [select for diffs], Fri Jul 12 13:29:09 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.130: +3 -14 lines
Diff to previous 1.130 (colored)
print connect failure during debugging mode.
Revision 1.130 / (download) - annotate - [select for diffs], Wed Jul 10 10:28:15 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.129: +5 -7 lines
Diff to previous 1.129 (colored)
bark if all connection attempt fails.
Revision 1.129 / (download) - annotate - [select for diffs], Tue Jul 9 12:04:02 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.128: +3 -1 lines
Diff to previous 1.128 (colored)
ed static function (less warnings)
Revision 1.128 / (download) - annotate - [select for diffs], Tue Jul 9 11:56:50 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.127: +3 -1 lines
Diff to previous 1.127 (colored)
silently try next address on connect(2). markus ok
Revision 1.127 / (download) - annotate - [select for diffs], Thu Jun 27 08:49:44 2002 UTC (21 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.126: +2 -2 lines
Diff to previous 1.126 (colored)
more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@
Revision 1.115.2.3 / (download) - annotate - [select for diffs], Wed Jun 26 18:22:36 2002 UTC (21 years, 10 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.115.2.2: +2 -3 lines
Diff to previous 1.115.2.2 (colored) to branchpoint 1.115 (colored)
There was an update to OpenSSH 3.4, and people rejoiced.
Revision 1.119.2.1 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:39 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.119: +28 -50 lines
Diff to previous 1.119 (colored)
Pull in OpenSSH-3.4
Revision 1.126 / (download) - annotate - [select for diffs], Sun Jun 23 03:30:17 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.125: +2 -3 lines
Diff to previous 1.125 (colored)
various KNF and %d for unsigned
Revision 1.115.2.2 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:18 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.115.2.1: +27 -48 lines
Diff to previous 1.115.2.1 (colored) to branchpoint 1.115 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.125 / (download) - annotate - [select for diffs], Wed Jun 19 00:27:55 2002 UTC (21 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.124: +2 -2 lines
Diff to previous 1.124 (colored)
KNF done automatically while reading....
Revision 1.124 / (download) - annotate - [select for diffs], Tue Jun 11 04:14:26 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.123: +16 -27 lines
Diff to previous 1.123 (colored)
no longer use uidswap.[ch] from the ssh client run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@
Revision 1.123 / (download) - annotate - [select for diffs], Sun Jun 9 22:17:21 2002 UTC (21 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.122: +5 -5 lines
Diff to previous 1.122 (colored)
pass salen to sockaddr_ntop so that we are happy on linux/solaris
Revision 1.122 / (download) - annotate - [select for diffs], Sun Jun 9 04:33:27 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.121: +2 -2 lines
Diff to previous 1.121 (colored)
abort() - > fatal()
Revision 1.121 / (download) - annotate - [select for diffs], Sat Jun 8 21:15:27 2002 UTC (21 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.120: +4 -14 lines
Diff to previous 1.120 (colored)
always use getnameinfo. (diag message only)
Revision 1.120 / (download) - annotate - [select for diffs], Thu May 23 19:24:30 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.119: +4 -4 lines
Diff to previous 1.119 (colored)
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
Revision 1.104.2.3 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:45 2002 UTC (22 years, 2 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.104.2.2: +54 -63 lines
Diff to previous 1.104.2.2 (colored) to branchpoint 1.104 (colored) next main 1.105 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.79.2.7 / (download) - annotate - [select for diffs], Fri Mar 8 17:04:43 2002 UTC (22 years, 2 months ago) by brad
Branch: OPENBSD_2_8
Changes since 1.79.2.6: +54 -63 lines
Diff to previous 1.79.2.6 (colored) to branchpoint 1.79 (colored) next main 1.80 (colored)
Merge OpenSSH 3.1.
Revision 1.115.2.1 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:47 2002 UTC (22 years, 2 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.115: +54 -63 lines
Diff to previous 1.115 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.119 / (download) - annotate - [select for diffs], Mon Jan 21 15:13:51 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.118: +38 -46 lines
Diff to previous 1.118 (colored)
use read_passphrase+ECHO in confirm(), allows use of ssh-askpass for hostkey confirm.
Revision 1.118 / (download) - annotate - [select for diffs], Wed Dec 19 07:18:56 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.117: +8 -8 lines
Diff to previous 1.117 (colored)
basic KNF done while i was looking for something else
Revision 1.117 / (download) - annotate - [select for diffs], Thu Dec 6 18:02:32 2001 UTC (22 years, 5 months ago) by stevesk
Branch: MAIN
Changes since 1.116: +1 -2 lines
Diff to previous 1.116 (colored)
shutdown(sock, SHUT_RDWR) not needed here; ok markus@
Revision 1.116 / (download) - annotate - [select for diffs], Wed Dec 5 10:06:13 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.115: +11 -11 lines
Diff to previous 1.115 (colored)
minor KNF
Revision 1.104.2.2 / (download) - annotate - [select for diffs], Thu Nov 15 00:15:19 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.104.2.1: +13 -29 lines
Diff to previous 1.104.2.1 (colored) to branchpoint 1.104 (colored)
Merge OpenSSH 3.0
Revision 1.79.2.6 / (download) - annotate - [select for diffs], Thu Nov 15 00:15:00 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.79.2.5: +13 -29 lines
Diff to previous 1.79.2.5 (colored) to branchpoint 1.79 (colored)
Merge OpenSSH 3.0
Revision 1.115 / (download) - annotate - [select for diffs], Mon Oct 8 19:05:05 2001 UTC (22 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.114: +4 -8 lines
Diff to previous 1.114 (colored)
some more IPv4or6 cleanup
Revision 1.114 / (download) - annotate - [select for diffs], Mon Oct 8 16:15:47 2001 UTC (22 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.113: +2 -2 lines
Diff to previous 1.113 (colored)
use correct family for -b option
Revision 1.113 / (download) - annotate - [select for diffs], Sat Oct 6 11:18:19 2001 UTC (22 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.112: +3 -5 lines
Diff to previous 1.112 (colored)
unify hostkey check error messages, simplify prompt.
Revision 1.112 / (download) - annotate - [select for diffs], Sat Oct 6 00:14:50 2001 UTC (22 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.111: +5 -16 lines
Diff to previous 1.111 (colored)
remove unused argument
Revision 1.111 / (download) - annotate - [select for diffs], Mon Oct 1 21:51:16 2001 UTC (22 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.110: +3 -2 lines
Diff to previous 1.110 (colored)
add NoHostAuthenticationForLocalhost; note that the hostkey is now check for localhost, too.
Revision 1.104.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:55 2001 UTC (22 years, 7 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.104: +193 -66 lines
Diff to previous 1.104 (colored)
Pull in OpenSSH-2.9.9
Revision 1.79.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:43 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.79.2.4: +193 -66 lines
Diff to previous 1.79.2.4 (colored) to branchpoint 1.79 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.110 / (download) - annotate - [select for diffs], Wed Jul 25 14:35:18 2001 UTC (22 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.109: +49 -7 lines
Diff to previous 1.109 (colored)
cleanup connect(); connection_attempts 4 -> 1; from eivind@freebsd.org
Revision 1.109 / (download) - annotate - [select for diffs], Sat Jun 23 15:12:21 2001 UTC (22 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.108: +6 -6 lines
Diff to previous 1.108 (colored)
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
Revision 1.108 / (download) - annotate - [select for diffs], Sat Jun 23 02:34:31 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.107: +105 -42 lines
Diff to previous 1.107 (colored)
get rid of known_hosts2, use it for hostkey lookup, but do not modify.
Revision 1.107 / (download) - annotate - [select for diffs], Thu Jun 7 20:23:05 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.106: +2 -2 lines
Diff to previous 1.106 (colored)
use xxx_put_cstring()
Revision 1.106 / (download) - annotate - [select for diffs], Mon May 28 23:58:35 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.105: +1 -3 lines
Diff to previous 1.105 (colored)
remove some lines, simplify.
Revision 1.79.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:37 2001 UTC (23 years ago) by jason
Branch: OPENBSD_2_8
Changes since 1.79.2.3: +14 -19 lines
Diff to previous 1.79.2.3 (colored) to branchpoint 1.79 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.105 / (download) - annotate - [select for diffs], Mon Apr 30 11:18:52 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.104: +36 -12 lines
Diff to previous 1.104 (colored)
implement 'ssh -b bind_address' like 'telnet -b'
Revision 1.104 / (download) - annotate - [select for diffs], Thu Apr 12 19:15:25 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.103: +4 -4 lines
Diff to previous 1.103 (colored)
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
Revision 1.103 / (download) - annotate - [select for diffs], Fri Apr 6 21:00:14 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.102: +10 -15 lines
Diff to previous 1.102 (colored)
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
Revision 1.102 / (download) - annotate - [select for diffs], Thu Apr 5 10:42:55 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.101: +2 -2 lines
Diff to previous 1.101 (colored)
fix whitespace: unexpand + trailing spaces.
Revision 1.101 / (download) - annotate - [select for diffs], Mon Mar 26 08:07:09 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.100: +3 -3 lines
Diff to previous 1.100 (colored)
simpler key load/save interface, see authfile.h
Revision 1.79.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:30 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.79.2.2: +14 -6 lines
Diff to previous 1.79.2.2 (colored) to branchpoint 1.79 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.72.2.5 / (download) - annotate - [select for diffs], Wed Mar 21 18:53:14 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.72.2.4: +14 -6 lines
Diff to previous 1.72.2.4 (colored) to branchpoint 1.72 (colored) next main 1.73 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.100 / (download) - annotate - [select for diffs], Mon Mar 12 22:02:02 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.99: +8 -4 lines
Diff to previous 1.99 (colored)
remove old key_fingerprint interface, s/_ex//
Revision 1.72.2.4 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:17 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.72.2.3: +135 -52 lines
Diff to previous 1.72.2.3 (colored) to branchpoint 1.72 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.99 / (download) - annotate - [select for diffs], Sat Mar 10 15:31:00 2001 UTC (23 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.98: +5 -1 lines
Diff to previous 1.98 (colored)
all known netscreen ssh versions, and older versions of OSU ssh cannot handle password padding (newer OSU is fixed)
Revision 1.98 / (download) - annotate - [select for diffs], Sun Mar 4 17:42:28 2001 UTC (23 years, 2 months ago) by millert
Branch: MAIN
Changes since 1.97: +3 -3 lines
Diff to previous 1.97 (colored)
log functions should not be passed strings that end in newline as they get passed on to syslog() and when logging to stderr, do_log() appends its own newline.
Revision 1.79.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:19:35 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.79.2.1: +0 -0 lines
Diff to previous 1.79.2.1 (colored) to branchpoint 1.79 (colored)
Pull in OpenSSH-2.5.1
Revision 1.79.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:13:21 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.79: +135 -52 lines
Diff to previous 1.79 (colored)
Pull in OpenSSH 2.5.0
Revision 1.97 / (download) - annotate - [select for diffs], Thu Feb 15 23:19:59 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.96: +16 -1 lines
Diff to previous 1.96 (colored)
genericize password padding function for SSH1 and SSH2. add stylized echo to 2, too.
Revision 1.96 / (download) - annotate - [select for diffs], Thu Feb 8 22:35:30 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.95: +5 -1 lines
Diff to previous 1.95 (colored)
don't connect if batch_mode is true and stricthostkeychecking set to 'ask'
Revision 1.95 / (download) - annotate - [select for diffs], Thu Feb 8 19:30:52 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.94: +3 -3 lines
Diff to previous 1.94 (colored)
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
Revision 1.94 / (download) - annotate - [select for diffs], Thu Feb 8 10:47:04 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.93: +4 -4 lines
Diff to previous 1.93 (colored)
%.30s is too short for IPv6 numeric address. use %.128s for now. markus ok
Revision 1.93 / (download) - annotate - [select for diffs], Sun Feb 4 15:32:26 2001 UTC (23 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.92: +3 -3 lines
Diff to previous 1.92 (colored)
unexpand and remove end-of-line whitespace; ok markus@
Revision 1.92 / (download) - annotate - [select for diffs], Tue Jan 30 22:48:52 2001 UTC (23 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.91: +3 -2 lines
Diff to previous 1.91 (colored)
Make warning message a little more consistent. ok markus@
Revision 1.91 / (download) - annotate - [select for diffs], Sun Jan 21 19:05:59 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.90: +9 -5 lines
Diff to previous 1.90 (colored)
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
Revision 1.90 / (download) - annotate - [select for diffs], Sat Jan 13 18:32:50 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.89: +12 -5 lines
Diff to previous 1.89 (colored)
split out keepalive from packet_interactive (from dale@accentre.com) set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
Revision 1.89 / (download) - annotate - [select for diffs], Thu Jan 4 22:41:03 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.88: +4 -4 lines
Diff to previous 1.88 (colored)
consistent use of _PATH_BSHELL; from stevesk@pobox.com
Revision 1.88 / (download) - annotate - [select for diffs], Tue Jan 2 20:50:56 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.87: +42 -34 lines
Diff to previous 1.87 (colored)
strict_host_key_checking for host_status != HOST_CHANGED && ip_status == HOST_CHANGED
Revision 1.87 / (download) - annotate - [select for diffs], Thu Dec 28 14:25:03 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.86: +5 -4 lines
Diff to previous 1.86 (colored)
fingerprint for MITM attacks, too
Revision 1.86 / (download) - annotate - [select for diffs], Wed Dec 27 12:30:20 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.85: +19 -4 lines
Diff to previous 1.85 (colored)
new option: HostKeyAlias: allows the user to record the host key under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine.
Revision 1.85 / (download) - annotate - [select for diffs], Thu Dec 21 15:10:17 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.84: +25 -9 lines
Diff to previous 1.84 (colored)
print keyfile:line for changed hostkeys, for deraadt@; ok deraadt@
Revision 1.84 / (download) - annotate - [select for diffs], Wed Dec 20 19:27:55 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.83: +9 -5 lines
Diff to previous 1.83 (colored)
cannot get ip for remote host if proxy_command is used
Revision 1.83 / (download) - annotate - [select for diffs], Thu Nov 30 22:53:35 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.82: +9 -1 lines
Diff to previous 1.82 (colored)
disable agent/x11/port fwding if hostkey has changed; ok niels@
Revision 1.82 / (download) - annotate - [select for diffs], Wed Nov 29 13:51:27 2000 UTC (23 years, 5 months ago) by provos
Branch: MAIN
Changes since 1.81: +9 -11 lines
Diff to previous 1.81 (colored)
show IP address and hostname when new key is encountered. okay markus@
Revision 1.72.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 21:31:27 2000 UTC (23 years, 6 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.72.2.2: +10 -3 lines
Diff to previous 1.72.2.2 (colored) to branchpoint 1.72 (colored)
openssh-2.3.0 (again) for 2.7 branch
Revision 1.81 / (download) - annotate - [select for diffs], Mon Nov 6 23:16:35 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.80: +5 -3 lines
Diff to previous 1.80 (colored)
downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
Revision 1.80 / (download) - annotate - [select for diffs], Mon Nov 6 23:13:26 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.79: +2 -2 lines
Diff to previous 1.79 (colored)
do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi
Revision 1.79 / (download) - annotate - [select for diffs], Sun Sep 17 15:52:51 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.78: +4 -2 lines
Diff to previous 1.78 (colored)
yes no; ok niels@
Revision 1.78 / (download) - annotate - [select for diffs], Thu Sep 7 20:27:54 2000 UTC (23 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.77: +7 -2 lines
Diff to previous 1.77 (colored)
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
Revision 1.72.2.2 / (download) - annotate - [select for diffs], Fri Sep 1 18:23:24 2000 UTC (23 years, 8 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.72.2.1: +23 -18 lines
Diff to previous 1.72.2.1 (colored) to branchpoint 1.72 (colored)
Pull in the rest of openssh-2.2.0 to 2.7 branch (luvin' cvs...)
Revision 1.77 / (download) - annotate - [select for diffs], Mon Aug 28 03:50:54 2000 UTC (23 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.76: +4 -4 lines
Diff to previous 1.76 (colored)
print uid/gid as unsigned
Revision 1.76 / (download) - annotate - [select for diffs], Sat Jun 17 20:30:10 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.75: +3 -3 lines
Diff to previous 1.75 (colored)
missing atomicio, typo
Revision 1.75 / (download) - annotate - [select for diffs], Sat Jun 17 19:24:34 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.74: +20 -15 lines
Diff to previous 1.74 (colored)
allow extended server banners
Revision 1.72.2.1 / (download) - annotate - [select for diffs], Mon Jun 12 02:37:37 2000 UTC (23 years, 11 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.72: +2 -17 lines
Diff to previous 1.72 (colored)
lovin' CVS... update patch branch to OpenSSH-2.1.1
Revision 1.74 / (download) - annotate - [select for diffs], Wed May 17 16:57:02 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.73: +2 -2 lines
Diff to previous 1.73 (colored)
copy only ai_addrlen bytes; misiek@pld.org.pl
Revision 1.73 / (download) - annotate - [select for diffs], Wed May 17 08:20:15 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.72: +1 -16 lines
Diff to previous 1.72 (colored)
enable nonblocking IO for sshd w/ proto 1, too; split out common code
Revision 1.72 / (download) - annotate - [select for diffs], Thu May 4 09:50:22 2000 UTC (24 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE
Branch point for: OPENBSD_2_7
Changes since 1.71: +18 -16 lines
Diff to previous 1.71 (colored)
print key type when talking about host keys
Revision 1.71 / (download) - annotate - [select for diffs], Wed Apr 26 21:28:33 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.70: +4 -1389 lines
Diff to previous 1.70 (colored)
split auth/sshconnect in one file per protocol version
Revision 1.70 / (download) - annotate - [select for diffs], Wed Apr 26 20:56:30 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.69: +179 -88 lines
Diff to previous 1.69 (colored)
add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX] for trading keys with the real and the original SSH, directly from the people who invented the SSH protocol.
Revision 1.69 / (download) - annotate - [select for diffs], Wed Apr 19 07:05:50 2000 UTC (24 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.68: +2 -2 lines
Diff to previous 1.68 (colored)
pid_t
Revision 1.68 / (download) - annotate - [select for diffs], Fri Apr 14 10:30:33 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.67: +19 -19 lines
Diff to previous 1.67 (colored)
whitespace cleanup
Revision 1.67 / (download) - annotate - [select for diffs], Fri Apr 14 10:09:16 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.66: +16 -4 lines
Diff to previous 1.66 (colored)
check payload for (illegal) extra data
Revision 1.66 / (download) - annotate - [select for diffs], Wed Apr 12 09:39:10 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.65: +7 -7 lines
Diff to previous 1.65 (colored)
#include <ssl/foo.h> -> <openssh/foo.h>
Revision 1.65 / (download) - annotate - [select for diffs], Wed Apr 12 07:56:16 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.64: +2 -2 lines
Diff to previous 1.64 (colored)
typo
Revision 1.64 / (download) - annotate - [select for diffs], Wed Apr 12 07:45:44 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.63: +46 -30 lines
Diff to previous 1.63 (colored)
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
Revision 1.63 / (download) - annotate - [select for diffs], Wed Apr 12 07:03:06 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.62: +5 -2 lines
Diff to previous 1.62 (colored)
check for reasonable public DH values
Revision 1.62 / (download) - annotate - [select for diffs], Wed Apr 12 06:36:48 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.61: +7 -3 lines
Diff to previous 1.61 (colored)
fix passwd prompt for ssh2, less debugging output.
Revision 1.61 / (download) - annotate - [select for diffs], Tue Apr 4 21:37:27 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (colored)
remove unused argument, split cipher_mask()
Revision 1.60 / (download) - annotate - [select for diffs], Tue Apr 4 15:30:51 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.59: +3 -3 lines
Diff to previous 1.59 (colored)
missing free.
Revision 1.59 / (download) - annotate - [select for diffs], Tue Apr 4 15:19:43 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.58: +331 -14 lines
Diff to previous 1.58 (colored)
ssh2 client implementation, interops w/ ssh.com and lsh servers.
Revision 1.58 / (download) - annotate - [select for diffs], Thu Mar 23 22:15:33 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.57: +31 -35 lines
Diff to previous 1.57 (colored)
initial support for DSA keys. ok deraadt@, niels@
Revision 1.57 / (download) - annotate - [select for diffs], Thu Mar 16 20:56:14 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.56: +17 -13 lines
Diff to previous 1.56 (colored)
-pedantic: signed vs. unsigned, void*-arithm, etc
Revision 1.56 / (download) - annotate - [select for diffs], Fri Feb 18 08:50:33 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.55: +5 -2 lines
Diff to previous 1.55 (colored)
read error vs. "Connection closed by remote host"
Revision 1.55 / (download) - annotate - [select for diffs], Tue Feb 15 13:08:01 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.54: +4 -3 lines
Diff to previous 1.54 (colored)
retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
Revision 1.54 / (download) - annotate - [select for diffs], Sat Feb 5 10:13:11 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.53: +2 -1 lines
Diff to previous 1.53 (colored)
missing xfree()
Revision 1.53 / (download) - annotate - [select for diffs], Tue Jan 18 09:42:17 2000 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.52: +3 -4 lines
Diff to previous 1.52 (colored)
disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
Revision 1.52 / (download) - annotate - [select for diffs], Sun Jan 16 23:53:02 2000 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.51: +7 -7 lines
Diff to previous 1.51 (colored)
destroy keys earlier
Revision 1.51 / (download) - annotate - [select for diffs], Sun Jan 16 23:03:10 2000 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.50: +68 -43 lines
Diff to previous 1.50 (colored)
split key exchange (kex) and user authentication (user-auth), ok: provos@
Revision 1.50 / (download) - annotate - [select for diffs], Wed Jan 5 08:32:42 2000 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.49: +4 -2 lines
Diff to previous 1.49 (colored)
better error message
Revision 1.49 / (download) - annotate - [select for diffs], Tue Jan 4 00:08:00 2000 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.48: +90 -111 lines
Diff to previous 1.48 (colored)
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
Revision 1.48 / (download) - annotate - [select for diffs], Sun Jan 2 14:25:51 2000 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)
compare correct version for 1.3 compat mode
Revision 1.47 / (download) - annotate - [select for diffs], Mon Dec 20 08:35:36 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)
say "REMOTE HOST IDENTIFICATION HAS CHANGED"
Revision 1.46 / (download) - annotate - [select for diffs], Wed Dec 8 22:39:21 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.45: +135 -111 lines
Diff to previous 1.45 (colored)
move checking of hostkey into own function.
Revision 1.45 / (download) - annotate - [select for diffs], Mon Dec 6 20:15:30 1999 UTC (24 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.44: +10 -9 lines
Diff to previous 1.44 (colored)
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
Revision 1.44 / (download) - annotate - [select for diffs], Wed Dec 1 16:51:19 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)
typo
Revision 1.43 / (download) - annotate - [select for diffs], Wed Dec 1 14:24:38 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.42: +100 -72 lines
Diff to previous 1.42 (colored)
easier to read client code for passwd and skey auth
Revision 1.42 / (download) - annotate - [select for diffs], Wed Dec 1 14:07:22 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.41: +8 -1 lines
Diff to previous 1.41 (colored)
turn of checkhostip for proxy connects, since we don't know the remote ip
Revision 1.41 / (download) - annotate - [select for diffs], Wed Dec 1 13:59:15 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.40: +4 -4 lines
Diff to previous 1.40 (colored)
ports are u_short
Revision 1.40 / (download) - annotate - [select for diffs], Wed Nov 24 19:53:53 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.39: +117 -70 lines
Diff to previous 1.39 (colored)
KNF, final part 3
Revision 1.39 / (download) - annotate - [select for diffs], Wed Nov 24 00:26:03 1999 UTC (24 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.38: +53 -51 lines
Diff to previous 1.38 (colored)
much more KNF
Revision 1.38 / (download) - annotate - [select for diffs], Tue Nov 23 22:25:55 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.37: +1388 -1446 lines
Diff to previous 1.37 (colored)
KNF part 1
Revision 1.37 / (download) - annotate - [select for diffs], Mon Nov 22 21:52:42 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.36: +48 -1 lines
Diff to previous 1.36 (colored)
tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@
Revision 1.36 / (download) - annotate - [select for diffs], Fri Nov 19 19:58:18 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)
SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@ [hope this time my ISP stays alive during commit]
Revision 1.35 / (download) - annotate - [select for diffs], Thu Nov 18 14:00:49 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
more %d vs. %s in fmt-strings
Revision 1.34 / (download) - annotate - [select for diffs], Wed Nov 17 09:51:57 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.33: +2 -1 lines
Diff to previous 1.33 (colored)
include fingerprint.h
Revision 1.33 / (download) - annotate - [select for diffs], Tue Nov 16 22:49:28 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.32: +5 -3 lines
Diff to previous 1.32 (colored)
rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
Revision 1.32 / (download) - annotate - [select for diffs], Tue Nov 16 20:44:42 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.31: +7 -7 lines
Diff to previous 1.31 (colored)
prettyprint dreaded keysize warnings
Revision 1.31 / (download) - annotate - [select for diffs], Mon Nov 15 23:58:54 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.30: +17 -8 lines
Diff to previous 1.30 (colored)
more detailed messages about adding and checking hostkeys
Revision 1.30 / (download) - annotate - [select for diffs], Mon Nov 15 21:38:54 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.29: +2 -3 lines
Diff to previous 1.29 (colored)
remove support for cipher RC4
Revision 1.29 / (download) - annotate - [select for diffs], Mon Nov 15 20:53:25 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.28: +7 -15 lines
Diff to previous 1.28 (colored)
the keysize of rsa-parameter 'n' is passed implizit, a few more checks and warnings about 'pretended' keysizes.
Revision 1.28 / (download) - annotate - [select for diffs], Mon Nov 15 00:42:01 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.27: +4 -2 lines
Diff to previous 1.27 (colored)
disconnect if getpeername() fails
Revision 1.27 / (download) - annotate - [select for diffs], Thu Nov 11 23:36:53 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.26: +51 -50 lines
Diff to previous 1.26 (colored)
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
Revision 1.26 / (download) - annotate - [select for diffs], Sun Nov 7 22:38:39 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.25: +18 -3 lines
Diff to previous 1.25 (colored)
warn if announced size of modulus 'n' != real size
Revision 1.25 / (download) - annotate - [select for diffs], Tue Nov 2 19:42:36 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.24: +21 -6 lines
Diff to previous 1.24 (colored)
replace assert() with error, fatal or packet_disconnect
Revision 1.24 / (download) - annotate - [select for diffs], Wed Oct 27 16:37:46 1999 UTC (24 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.23: +6 -6 lines
Diff to previous 1.23 (colored)
use libssl md5 routines
Revision 1.23 / (download) - annotate - [select for diffs], Mon Oct 25 20:34:30 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
bugfix: print remote version, from chris@dqc.org
Revision 1.22 / (download) - annotate - [select for diffs], Sat Oct 16 23:11:29 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.21: +5 -5 lines
Diff to previous 1.21 (colored)
refuse to talk to protocol < 1.3
Revision 1.21 / (download) - annotate - [select for diffs], Sat Oct 16 20:47:14 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.20: +8 -4 lines
Diff to previous 1.20 (colored)
support for SSH protocol 1.5 which is poorly documented, the RFC.troff lies. interops (x11,agent,etc) with 1.2.27 and protocol 1.3
Revision 1.20 / (download) - annotate - [select for diffs], Sat Oct 16 19:23:35 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.19: +7 -5 lines
Diff to previous 1.19 (colored)
-Wall cleanup
Revision 1.19 / (download) - annotate - [select for diffs], Fri Oct 15 20:51:01 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.18: +12 -5 lines
Diff to previous 1.18 (colored)
turn of agent-fwding if hostkey changed, ok: theo. and don't forget: "1.5 won't die!"
Revision 1.18 / (download) - annotate - [select for diffs], Thu Oct 14 20:03:44 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.17: +3 -1 lines
Diff to previous 1.17 (colored)
say "Permission denied" if passwd is wrong. from wvdputte, ok niels
Revision 1.17 / (download) - annotate - [select for diffs], Thu Oct 14 18:17:42 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.16: +9 -1 lines
Diff to previous 1.16 (colored)
fix old connect() race security-bug for ssh-agent and agent-forwarding by removing the connect() junk, with the following restrictions: 1) change the version to "OpenSSH-1.1": agent-forwarding will work only between OpenSSH-1.1 client and OpenSSH-1.1 server 2) renamed the environment variable of OpenSSH-1.1 to "SSH_AUTH_SOCKET", since useing OpenSSH-1.0 ssh-add against the new ssh-agent does not work
Revision 1.16 / (download) - annotate - [select for diffs], Wed Oct 6 20:07:42 1999 UTC (24 years, 7 months ago) by dugsong
Branch: MAIN
Changes since 1.15: +16 -15 lines
Diff to previous 1.15 (colored)
implement client NumberOfPasswordPrompts option
Revision 1.15 / (download) - annotate - [select for diffs], Wed Oct 6 04:22:20 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.14: +22 -24 lines
Diff to previous 1.14 (colored)
force HOST_OK not only for localhost but for localnet, suggested tholo@ some cleanup.
Revision 1.14 / (download) - annotate - [select for diffs], Mon Oct 4 19:46:30 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.13: +7 -5 lines
Diff to previous 1.13 (colored)
fix handling of the localhost case. used to be a check against 'localhost', but we use canonical names, so check against ip address.
Revision 1.13 / (download) - annotate - [select for diffs], Sun Oct 3 22:01:39 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.12: +9 -10 lines
Diff to previous 1.12 (colored)
fix last commit.
Revision 1.12 / (download) - annotate - [select for diffs], Sun Oct 3 21:50:04 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.11: +146 -71 lines
Diff to previous 1.11 (colored)
add code to detect DNS spoofing: the main idea is to not only store the host key for the hostname but also for the according IP address. When we check the host key in the known_hosts file, we also check the key against the according IP address. When the server key changes, host_status = HOST_CHANGED. If check_host_in_hostfile() returns differing status for the IP address that means that either DNS was spoofed or that the IP address for the host and the host key changed at the same time.
Revision 1.11 / (download) - annotate - [select for diffs], Sun Oct 3 19:22:39 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.10: +3 -3 lines
Diff to previous 1.10 (colored)
use SHUT_* symbols
Revision 1.10 / (download) - annotate - [select for diffs], Thu Sep 30 17:08:52 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.9: +4 -3 lines
Diff to previous 1.9 (colored)
use libc md5
Revision 1.9 / (download) - annotate - [select for diffs], Thu Sep 30 06:06:31 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored)
use IPPORT_RESERVED instead of 1024
Revision 1.8 / (download) - annotate - [select for diffs], Thu Sep 30 05:53:04 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.7: +1 -7 lines
Diff to previous 1.7 (colored)
"ssh is a very large program" -- anonymous
Revision 1.7 / (download) - annotate - [select for diffs], Thu Sep 30 04:30:03 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +1 -5 lines
Diff to previous 1.6 (colored)
more culling
Revision 1.6 / (download) - annotate - [select for diffs], Wed Sep 29 21:14:16 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.5: +8 -7 lines
Diff to previous 1.5 (colored)
numerous sprintf, strncpy, strcpy cleanups
Revision 1.5 / (download) - annotate - [select for diffs], Wed Sep 29 18:16:21 1999 UTC (24 years, 7 months ago) by dugsong
Branch: MAIN
Changes since 1.4: +34 -57 lines
Diff to previous 1.4 (colored)
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
Revision 1.4 / (download) - annotate - [select for diffs], Wed Sep 29 15:52:55 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.3: +5 -2 lines
Diff to previous 1.3 (colored)
print username and host in password prompt
Revision 1.3 / (download) - annotate - [select for diffs], Tue Sep 28 04:45:37 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.2: +125 -116 lines
Diff to previous 1.2 (colored)
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
Revision 1.2 / (download) - annotate - [select for diffs], Sun Sep 26 22:01:24 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.1: +6 -24 lines
Diff to previous 1.1 (colored)
use rresvport(), for random port allocation
Revision 1.1 / (download) - annotate - [select for diffs], Sun Sep 26 20:53:38 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.