![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.372 / (download) - annotate - [select for diffs], Mon Jan 8 00:34:34 2024 UTC (4 months, 1 week ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.371: +6 -15 lines
Diff to previous 1.371 (colored)
remove ext-info-* in the kex.c code, not in callers; with/ok markus@
Revision 1.366.4.1 / (download) - annotate - [select for diffs], Mon Dec 18 14:57:43 2023 UTC (4 months, 4 weeks ago) by bluhm
Branch: OPENBSD_7_3
Changes since 1.366: +3 -9 lines
Diff to previous 1.366 (colored) next main 1.367 (colored)
implement "strict key exchange" in ssh and sshd This adds a protocol extension to improve the integrity of the SSH transport protocol, particular in and around the initial key exchange (KEX) phase. Full details of the extension are in the PROTOCOL file. from djm@; with markus@ this is errata/7.3/024_ssh.patch.sig
Revision 1.367.2.1 / (download) - annotate - [select for diffs], Mon Dec 18 14:56:35 2023 UTC (4 months, 4 weeks ago) by bluhm
Branch: OPENBSD_7_4
Changes since 1.367: +3 -9 lines
Diff to previous 1.367 (colored) next main 1.368 (colored)
implement "strict key exchange" in ssh and sshd This adds a protocol extension to improve the integrity of the SSH transport protocol, particular in and around the initial key exchange (KEX) phase. Full details of the extension are in the PROTOCOL file. from djm@; with markus@ this is errata/7.4/011_ssh.patch.sig
Revision 1.371 / (download) - annotate - [select for diffs], Mon Dec 18 14:45:49 2023 UTC (4 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.370: +35 -15 lines
Diff to previous 1.370 (colored)
add "ext-info-in-auth@openssh.com" extension This adds another transport protocol extension to allow a sshd to send SSH2_MSG_EXT_INFO during user authentication, after the server has learned the username that is being logged in to. This lets sshd to update the acceptable signature algoritms for public key authentication, and allows these to be varied via sshd_config(5) "Match" directives, which are evaluated after the server learns the username being authenticated. Full details in the PROTOCOL file
Revision 1.370 / (download) - annotate - [select for diffs], Mon Dec 18 14:45:17 2023 UTC (4 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.369: +3 -9 lines
Diff to previous 1.369 (colored)
implement "strict key exchange" in ssh and sshd This adds a protocol extension to improve the integrity of the SSH transport protocol, particular in and around the initial key exchange (KEX) phase. Full details of the extension are in the PROTOCOL file. with markus@
Revision 1.369 / (download) - annotate - [select for diffs], Wed Dec 13 03:28:19 2023 UTC (5 months ago) by djm
Branch: MAIN
Changes since 1.368: +2 -2 lines
Diff to previous 1.368 (colored)
when invoking KnownHostsCommand to determine the order of host key algorithms to request, ensure that the hostname passed to the command is decorated with the port number for ports other than 22. This matches the behaviour of KnownHostsCommand when invoked to look up the actual host key. bz3643, ok dtucker@
Revision 1.368 / (download) - annotate - [select for diffs], Thu Oct 12 02:15:53 2023 UTC (7 months ago) by djm
Branch: MAIN
Changes since 1.367: +9 -4 lines
Diff to previous 1.367 (colored)
release GSS OIDs only at end of authentication; bz2982, ok dtucker@
Revision 1.367 / (download) - annotate - [select for diffs], Tue Aug 1 08:15:04 2023 UTC (9 months, 2 weeks ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE
Branch point for: OPENBSD_7_4
Changes since 1.366: +5 -7 lines
Diff to previous 1.366 (colored)
remove unnecessary if statement. github PR#422 from eyalasulin999, ok djm@
Revision 1.366 / (download) - annotate - [select for diffs], Thu Mar 9 07:11:05 2023 UTC (14 months, 1 week ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE
Branch point for: OPENBSD_7_3
Changes since 1.365: +13 -10 lines
Diff to previous 1.365 (colored)
Re-split the merge of the reorder-hostkeys test. In the kex_proposal_populate_entries change I merged the the check for reordering hostkeys with the actual reordering, but kex_assemble_names mutates options.hostkeyalgorithms which renders the check ineffective. Put the check back where it was. Spotted and tested by jsg@, ok djm@
Revision 1.365 / (download) - annotate - [select for diffs], Wed Mar 8 04:43:12 2023 UTC (14 months, 1 week ago) by guenther
Branch: MAIN
Changes since 1.364: +1 -13 lines
Diff to previous 1.364 (colored)
Delete obsolete /* ARGSUSED */ lint comments. ok miod@ millert@
Revision 1.364 / (download) - annotate - [select for diffs], Mon Mar 6 12:14:48 2023 UTC (14 months, 1 week ago) by dtucker
Branch: MAIN
Changes since 1.363: +24 -41 lines
Diff to previous 1.363 (colored)
Refactor creation of KEX proposal. This adds kex_proposal_populate_entries (and corresponding free) which populates the KEX proposal array with dynamically allocated strings. This replaces the previous mix of static and dynamic that has been the source of previous leaks and bugs. Remove unused compat functions. With & ok djm@.
Revision 1.363 / (download) - annotate - [select for diffs], Fri Mar 3 02:34:29 2023 UTC (14 months, 2 weeks ago) by dtucker
Branch: MAIN
Changes since 1.362: +3 -2 lines
Diff to previous 1.362 (colored)
Check return value from fctnl and warn on failure. Spotted by Coverity, ok djm@
Revision 1.362 / (download) - annotate - [select for diffs], Fri Feb 17 04:22:50 2023 UTC (14 months, 4 weeks ago) by dtucker
Branch: MAIN
Changes since 1.361: +3 -17 lines
Diff to previous 1.361 (colored)
Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code to set this was removed in OpenSSH 7.7 when support for SSH implementations dating back to before RFC standardization were removed. "burn it all" djm@
Revision 1.361 / (download) - annotate - [select for diffs], Sat Sep 17 10:33:18 2022 UTC (19 months, 4 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.360: +19 -1 lines
Diff to previous 1.360 (colored)
add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@
Revision 1.360 / (download) - annotate - [select for diffs], Fri Aug 19 06:07:47 2022 UTC (20 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.359: +20 -22 lines
Diff to previous 1.359 (colored)
attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302
Revision 1.359 / (download) - annotate - [select for diffs], Fri Jul 1 03:39:44 2022 UTC (22 months, 2 weeks ago) by dtucker
Branch: MAIN
Changes since 1.358: +10 -6 lines
Diff to previous 1.358 (colored)
Don't leak the strings allocated by order_hostkeyalgs() and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of github PR#324 from ZoltanFridrich, ok djm@ This is a roll-forward of the previous rollback now that the required changes in compat.c have been done.
Revision 1.358 / (download) - annotate - [select for diffs], Fri Jun 24 10:45:06 2022 UTC (22 months, 3 weeks ago) by dtucker
Branch: MAIN
Changes since 1.357: +3 -5 lines
Diff to previous 1.357 (colored)
Roll back previous KEX changes as they aren't safe until compat_pkalg_proposal and friends always allocate their returned strings. Reported by Qualys.
Revision 1.357 / (download) - annotate - [select for diffs], Fri Jun 24 04:37:00 2022 UTC (22 months, 3 weeks ago) by dtucker
Branch: MAIN
Changes since 1.356: +6 -4 lines
Diff to previous 1.356 (colored)
Don't leak the strings allocated by order_hostkeyalgs() and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of github PR#324 from ZoltanFridrich, ok djm@
Revision 1.356 / (download) - annotate - [select for diffs], Tue Feb 1 23:32:51 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.355: +2 -2 lines
Diff to previous 1.355 (colored)
mark const string array contents const too, i.e. static const char *array => static const char * const array from Mike Frysinger
Revision 1.355 / (download) - annotate - [select for diffs], Thu Jan 6 22:06:51 2022 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.354: +5 -4 lines
Diff to previous 1.354 (colored)
allow hostbased auth to select RSA keys when only RSA/SHA2 are configured (this is the default case); ok markus@
Revision 1.354 / (download) - annotate - [select for diffs], Sun Dec 19 22:14:47 2021 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.353: +8 -4 lines
Diff to previous 1.353 (colored)
PubkeyAuthentication=yes|no|unbound|host-bound Allow control over which pubkey methods are used. Added out of concern that some hardware devices may have difficulty signing the longer pubkey authentication challenges. This provides a way for them to disable the extension. It's also handy for testing. feedback / ok markus@
Revision 1.353 / (download) - annotate - [select for diffs], Sun Dec 19 22:12:54 2021 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.352: +15 -4 lines
Diff to previous 1.352 (colored)
client side of host-bound pubkey authentication Add kex->flags member to enable the publickey-hostbound-v00@openssh.com authentication method. Use the new hostbound method in client if the kex->flags flag was set, and include the inital KEX hostkey in the userauth request. Note: nothing in kex.c actually sets the new flag yet ok markus@
Revision 1.352 / (download) - annotate - [select for diffs], Sun Dec 19 22:08:48 2021 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.351: +35 -12 lines
Diff to previous 1.351 (colored)
ssh client side of binding send session ID, hostkey, signature and a flag indicating whether the agent connection is being forwarded to ssh agent each time a connection is opened via a new "session-bind@openssh.com" agent extension. ok markus@
Revision 1.351 / (download) - annotate - [select for diffs], Fri Jul 23 05:24:02 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.350: +11 -3 lines
Diff to previous 1.350 (colored)
note successful authentication method in final "Authenticated to ..." message and partial auth success messages (all at LogLevel=verbose) ok dtucker@
Revision 1.350 / (download) - annotate - [select for diffs], Fri Jul 2 05:11:21 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.349: +1 -3 lines
Diff to previous 1.349 (colored)
Remove references to ChallengeResponseAuthentication in favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but not entirely equivalent. We retain the old name as deprecated alias so config files continue to work and a reference in the man page for people looking for it. Prompted by bz#3303 which pointed out the discrepancy between the two when used with Match. Man page help & ok jmc@, with & ok djm@
Revision 1.349 / (download) - annotate - [select for diffs], Mon Jun 7 03:38:38 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.348: +3 -3 lines
Diff to previous 1.348 (colored)
fix debug message when finding a private key to match a certificate being attempted for user authentication. Previously it would print the certificate's path, whereas it was supposed to be showing the private key's path. Patch from Alex Sherwin via GHPR247
Revision 1.348 / (download) - annotate - [select for diffs], Sun Jun 6 03:40:39 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.347: +11 -2 lines
Diff to previous 1.347 (colored)
Client-side workaround for a bug in OpenSSH 7.4: this release allows RSA/SHA2 signatures for public key authentication but fails to advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse to offer valid keys. Reported by and based on patch from Gordon Messmer via bz3213, thanks also for additional analysis by Jakub Jelen. ok dtucker
Revision 1.347 / (download) - annotate - [select for diffs], Sat Apr 3 06:18:41 2021 UTC (3 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.346: +3 -3 lines
Diff to previous 1.346 (colored)
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
Revision 1.346 / (download) - annotate - [select for diffs], Wed Jan 27 10:05:28 2021 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.345: +9 -15 lines
Diff to previous 1.345 (colored)
make ssh->kex->session_id a sshbuf instead of u_char*/size_t and use that instead of global variables containing copies of it. feedback/ok markus@
Revision 1.345 / (download) - annotate - [select for diffs], Wed Jan 27 09:26:54 2021 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.344: +14 -14 lines
Diff to previous 1.344 (colored)
remove global variable used to stash compat flags and use the purpose-built ssh->compat variable instead; feedback/ok markus@
Revision 1.344 / (download) - annotate - [select for diffs], Tue Jan 26 05:32:22 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.343: +3 -3 lines
Diff to previous 1.343 (colored)
Rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@
Revision 1.343 / (download) - annotate - [select for diffs], Mon Jan 25 06:00:17 2021 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.342: +3 -3 lines
Diff to previous 1.342 (colored)
make ssh hostbased authentication send the signature algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on signature algorithm and not key type. spotted with dtucker@ ok markus@
Revision 1.342 / (download) - annotate - [select for diffs], Fri Jan 22 02:44:58 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.341: +11 -11 lines
Diff to previous 1.341 (colored)
Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
Revision 1.341 / (download) - annotate - [select for diffs], Fri Jan 8 02:57:24 2021 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.340: +12 -3 lines
Diff to previous 1.340 (colored)
If a signature operation on a FIDO key fails with a "incorrect PIN" reason and no PIN was initially requested from the user, then request a PIN and retry the operation. This smoothes over a few corner cases including FIDO devices that require PINs for all hosted credentials, biometric FIDO devices that fall back to requiring PIN when reading the biometric failed, devices that don't implement reading credProtect status for downloaded keys and probably a few more cases that I haven't though of yet. ok dtucker@
Revision 1.340 / (download) - annotate - [select for diffs], Tue Dec 29 00:59:15 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.339: +2 -2 lines
Diff to previous 1.339 (colored)
Update/replace the experimental post-quantim hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519). The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761. The sntrup761 implementaion, like sntrup4591761 before it, is public domain code extracted from the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html). Thanks for Daniel J Bernstein for guidance on algorithm selection. Patch from Tobias Heider; feedback & ok markus@ and myself (note this both the updated method and the one that it replaced are disabled by default)
Revision 1.339 / (download) - annotate - [select for diffs], Tue Dec 22 00:15:23 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.338: +7 -2 lines
Diff to previous 1.338 (colored)
add a ssh_config KnownHostsCommand that allows the client to obtain known_hosts data from a command in addition to the usual files. The command accepts bunch of %-expansions, including details of the connection and the offered server host key. Note that the command may be invoked up to three times per connection (see the manpage for details). ok markus@
Revision 1.338 / (download) - annotate - [select for diffs], Sun Dec 20 23:40:19 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.337: +12 -7 lines
Diff to previous 1.337 (colored)
plumb ssh_conn_info through to sshconnect.c; feedback/ok markus@
Revision 1.337 / (download) - annotate - [select for diffs], Sun Dec 20 23:36:51 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.336: +6 -5 lines
Diff to previous 1.336 (colored)
load_hostkeys()/hostkeys_foreach() variants for FILE* Add load_hostkeys_file() and hostkeys_foreach_file() that accept a FILE* argument instead of opening the file directly. Original load_hostkeys() and hostkeys_foreach() are implemented using these new interfaces. Add a u_int note field to the hostkey_entry and hostkey_foreach_line structs that is passed directly from the load_hostkeys() and hostkeys_foreach() call. This is a lightweight way to annotate results between different invocations of load_hostkeys(). ok markus@
Revision 1.336 / (download) - annotate - [select for diffs], Fri Nov 13 07:30:44 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.335: +5 -3 lines
Diff to previous 1.335 (colored)
scrub keyboard-interactive authentication prompts coming from the server through asmprintf() prior to display; suggested by and ok dtucker@
Revision 1.335 / (download) - annotate - [select for diffs], Fri Nov 13 04:53:12 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.334: +12 -7 lines
Diff to previous 1.334 (colored)
prefix keyboard interactive prompts with (user@host) to make it easier to determine which connection they are associated with in cases like scp -3, ProxyJump, etc. bz#3224 ok dtucker
Revision 1.334 / (download) - annotate - [select for diffs], Sun Nov 8 22:37:24 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.333: +2 -2 lines
Diff to previous 1.333 (colored)
when requesting a security key touch on stderr, inform the user once the touch has been recorded; requested by claudio@ ok markus@
Revision 1.333 / (download) - annotate - [select for diffs], Fri Oct 30 01:50:07 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.332: +4 -4 lines
Diff to previous 1.332 (colored)
print reason in fatal error message when kex_assemble_namelist() fails
Revision 1.332 / (download) - annotate - [select for diffs], Thu Oct 29 02:52:43 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.331: +3 -3 lines
Diff to previous 1.331 (colored)
whitespace; no code change
Revision 1.331 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:02 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.330: +101 -117 lines
Diff to previous 1.330 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.330 / (download) - annotate - [select for diffs], Fri Oct 16 02:37:12 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.329: +4 -3 lines
Diff to previous 1.329 (colored)
use do_log2 instead of function pointers to different log functions
Revision 1.329 / (download) - annotate - [select for diffs], Wed Oct 7 02:22:23 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.328: +2 -7 lines
Diff to previous 1.328 (colored)
revert kex->flags cert hostkey downgrade back to a plain key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@
Revision 1.328 / (download) - annotate - [select for diffs], Sun Oct 4 09:45:01 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.327: +5 -3 lines
Diff to previous 1.327 (colored)
when ordering host key algorithms in the client, consider the ECDSA key subtype; ok markus@
Revision 1.327 / (download) - annotate - [select for diffs], Sat Oct 3 08:11:28 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.326: +7 -2 lines
Diff to previous 1.326 (colored)
record when the host key checking code downgrades a certificate host key to a plain key. This occurs when the user connects to a host with a certificate host key but no corresponding CA key configured in known_hosts; feedback and ok markus@
Revision 1.326 / (download) - annotate - [select for diffs], Fri Sep 18 05:23:03 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.325: +38 -3 lines
Diff to previous 1.325 (colored)
tweak the client hostkey preference ordering algorithm to prefer the default ordering if the user has a key that matches the best-preference default algorithm. feedback and ok markus@
Revision 1.325 / (download) - annotate - [select for diffs], Thu Aug 27 01:06:18 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.324: +24 -13 lines
Diff to previous 1.324 (colored)
support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
Revision 1.324 / (download) - annotate - [select for diffs], Sat Jun 27 13:39:09 2020 UTC (3 years, 10 months ago) by bket
Branch: MAIN
Changes since 1.323: +3 -9 lines
Diff to previous 1.323 (colored)
Replace TAILQ concatenation loops with TAILQ_CONCAT OK djm@
Revision 1.323 / (download) - annotate - [select for diffs], Fri Jun 5 03:24:16 2020 UTC (3 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.322: +3 -2 lines
Diff to previous 1.322 (colored)
wrap long line
Revision 1.322 / (download) - annotate - [select for diffs], Wed May 13 09:52:41 2020 UTC (4 years ago) by djm
Branch: MAIN
Changes since 1.321: +16 -4 lines
Diff to previous 1.321 (colored)
when ordering the hostkey algorithms to request from a server, prefer certificate types if the known_hosts files contain a key marked as a @cert-authority; bz#3157 ok markus@
Revision 1.321 / (download) - annotate - [select for diffs], Fri Apr 17 03:38:47 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.320: +2 -2 lines
Diff to previous 1.320 (colored)
fix reversed test that caused IdentitiesOnly=yes to not apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@
Revision 1.320 / (download) - annotate - [select for diffs], Thu Feb 6 22:48:23 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.319: +26 -15 lines
Diff to previous 1.319 (colored)
When using HostkeyAlgorithms to merely append or remove algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the default behaviour of preferring those algorithms that have existing keys in known_hosts; ok markus
Revision 1.319 / (download) - annotate - [select for diffs], Thu Feb 6 22:30:54 2020 UTC (4 years, 3 months ago) by naddy
Branch: MAIN
Changes since 1.318: +7 -6 lines
Diff to previous 1.318 (colored)
Replace "security key" with "authenticator" in program messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@
Revision 1.318 / (download) - annotate - [select for diffs], Thu Jan 23 10:24:30 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.317: +3 -3 lines
Diff to previous 1.317 (colored)
Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@
Revision 1.317 / (download) - annotate - [select for diffs], Thu Jan 23 07:10:22 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.316: +4 -4 lines
Diff to previous 1.316 (colored)
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
Revision 1.316 / (download) - annotate - [select for diffs], Thu Jan 23 02:46:49 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.315: +4 -4 lines
Diff to previous 1.315 (colored)
Remove unsupported algorithms from list of defaults at run time and remove ifdef and distinct settings for OPENSSL=no case. This will make things much simpler for -portable where the exact set of algos depends on the configuration of both OpenSSH and the libcrypto it's linked against (if any). ok djm@
Revision 1.315 / (download) - annotate - [select for diffs], Tue Jan 21 05:56:27 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.314: +5 -3 lines
Diff to previous 1.314 (colored)
a little more verbosity in sign_and_send_pubkey() debug messages
Revision 1.314 / (download) - annotate - [select for diffs], Fri Nov 15 02:37:24 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.313: +2 -2 lines
Diff to previous 1.313 (colored)
close the "touch your security key" notifier on the error path too
Revision 1.313 / (download) - annotate - [select for diffs], Wed Nov 13 04:47:52 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.312: +2 -1 lines
Diff to previous 1.312 (colored)
stdarg.h required more broadly; ok djm
Revision 1.312 / (download) - annotate - [select for diffs], Tue Nov 12 22:36:44 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.311: +16 -1 lines
Diff to previous 1.311 (colored)
security keys typically need to be tapped/touched in order to perform a signature operation. Notify the user when this is expected via the TTY (if available) or $SSH_ASKPASS if we can. ok markus@
Revision 1.311 / (download) - annotate - [select for diffs], Tue Nov 12 19:33:08 2019 UTC (4 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.310: +5 -8 lines
Diff to previous 1.310 (colored)
enable ed25519 support; ok djm
Revision 1.310 / (download) - annotate - [select for diffs], Thu Oct 31 21:23:19 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.309: +3 -14 lines
Diff to previous 1.309 (colored)
Refactor signing - use sshkey_sign for everything, including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
Revision 1.309 / (download) - annotate - [select for diffs], Thu Oct 31 21:18:28 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.308: +86 -25 lines
Diff to previous 1.308 (colored)
ssh client support for U2F/FIDO keys
Revision 1.308 / (download) - annotate - [select for diffs], Mon Aug 5 11:50:33 2019 UTC (4 years, 9 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.307: +3 -3 lines
Diff to previous 1.307 (colored)
Remove now-redundant perm_ok arg since sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that case. Patch from jitendra.sharma at intel.com, ok djm@
Revision 1.307 / (download) - annotate - [select for diffs], Sun Jul 7 01:05:00 2019 UTC (4 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.306: +4 -5 lines
Diff to previous 1.306 (colored)
Remove some set but never used variables. ok daraadt@
Revision 1.306 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.305: +10 -10 lines
Diff to previous 1.305 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.305 / (download) - annotate - [select for diffs], Fri May 31 03:20:07 2019 UTC (4 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.304: +2 -2 lines
Diff to previous 1.304 (colored)
fix ssh-keysign fd handling problem introduced in r1.304 caused by a typo (STDIN_FILENO vs STDERR_FILENO)
Revision 1.304 / (download) - annotate - [select for diffs], Wed May 15 04:43:31 2019 UTC (5 years ago) by deraadt
Branch: MAIN
Changes since 1.303: +9 -7 lines
Diff to previous 1.303 (colored)
When doing the fork+exec'ing for ssh-keysign, rearrange the socket into fd3, so as to not mistakenly leak other fd forward accidentally. ok djm
Revision 1.303 / (download) - annotate - [select for diffs], Tue Feb 12 23:53:10 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.302: +5 -5 lines
Diff to previous 1.302 (colored)
fix regression in r1.302 reported by naddy@ - only the first public key from the agent was being attempted for use.
Revision 1.302 / (download) - annotate - [select for diffs], Mon Feb 11 09:44:42 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.301: +88 -67 lines
Diff to previous 1.301 (colored)
cleanup GSSAPI authentication context after completion of the authmethod. Move function-static GSSAPI state to the client Authctxt structure. Make static a bunch of functions that aren't used outside this file. Based on patch from Markus Schmidt <markus@blueflash.cc>; ok markus@
Revision 1.301 / (download) - annotate - [select for diffs], Mon Jan 21 10:38:54 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.300: +9 -9 lines
Diff to previous 1.300 (colored)
merge kexkem[cs] into kexgen from markus@ ok djm@
Revision 1.300 / (download) - annotate - [select for diffs], Mon Jan 21 10:29:56 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.299: +2 -2 lines
Diff to previous 1.299 (colored)
use KEM API for vanilla ECDH from markus@ ok djm@
Revision 1.299 / (download) - annotate - [select for diffs], Mon Jan 21 10:28:02 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.298: +6 -6 lines
Diff to previous 1.298 (colored)
use KEM API for vanilla DH KEX from markus@ ok djm@
Revision 1.298 / (download) - annotate - [select for diffs], Mon Jan 21 10:24:09 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.297: +2 -2 lines
Diff to previous 1.297 (colored)
use KEM API for vanilla c25519 KEX
Revision 1.297 / (download) - annotate - [select for diffs], Mon Jan 21 10:20:12 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.296: +2 -1 lines
Diff to previous 1.296 (colored)
Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@
Revision 1.296 / (download) - annotate - [select for diffs], Mon Jan 21 01:05:00 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.295: +4 -4 lines
Diff to previous 1.295 (colored)
GSSAPI code got missed when converting to new packet API
Revision 1.295 / (download) - annotate - [select for diffs], Sat Jan 19 21:40:21 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.294: +46 -49 lines
Diff to previous 1.294 (colored)
convert the remainder of sshconnect2.c to new packet API with & ok markus@
Revision 1.294 / (download) - annotate - [select for diffs], Sat Jan 19 21:34:45 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.293: +16 -13 lines
Diff to previous 1.293 (colored)
convert sshconnect2.c to new packet API with & ok markus@
Revision 1.293 / (download) - annotate - [select for diffs], Sat Jan 19 21:31:32 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.292: +4 -1 lines
Diff to previous 1.292 (colored)
begin landing remaining refactoring of packet parsing API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@
Revision 1.292 / (download) - annotate - [select for diffs], Fri Jan 4 03:27:50 2019 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.291: +10 -8 lines
Diff to previous 1.291 (colored)
eliminate function-static attempt counters for passwd/kbdint authmethods by moving them to the client authctxt; Patch from Markus Schmidt, ok markus@
Revision 1.291 / (download) - annotate - [select for diffs], Thu Dec 27 03:25:25 2018 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.290: +23 -26 lines
Diff to previous 1.290 (colored)
move client/server SSH-* banners to buffers under ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
Revision 1.290 / (download) - annotate - [select for diffs], Wed Nov 28 06:00:38 2018 UTC (5 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.289: +5 -6 lines
Diff to previous 1.289 (colored)
don't truncate user or host name in "user@host's password: " prompts. requested by Marcel Logen; ok dtucker@
Revision 1.289 / (download) - annotate - [select for diffs], Fri Nov 16 02:46:20 2018 UTC (5 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.288: +5 -3 lines
Diff to previous 1.288 (colored)
fix bug in client that was keeping a redundant ssh-agent socket around for the life of the connection; bz#2912; reported by Simon Tatham; ok dtucker@
Revision 1.288 / (download) - annotate - [select for diffs], Thu Oct 11 03:48:04 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.287: +3 -2 lines
Diff to previous 1.287 (colored)
don't send new-style rsa-sha2-*-cert-v01@openssh.com names to older OpenSSH that can't handle them. spotted by Adam Eijdenberg; ok dtucker
Revision 1.287 / (download) - annotate - [select for diffs], Fri Sep 14 05:26:27 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.286: +53 -26 lines
Diff to previous 1.286 (colored)
second try, deals properly with missing and private-only keys: Use consistent format in debug log for keys readied, offered and received during public key authentication. This makes it a little easier to see what is going on, as each message now contains (where available) the key filename, its type and fingerprint, and whether the key is hosted in an agent or a token.
Revision 1.286 / (download) - annotate - [select for diffs], Fri Sep 14 04:44:04 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.285: +25 -46 lines
Diff to previous 1.285 (colored)
revert following; deals badly with agent keys revision 1.285 date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK; Use consistent format in debug log for keys readied, offered and received during public key authentication. This makes it a little easier to see what is going on, as each message now contains the key filename, its type and fingerprint, and whether the key is hosted in an agent or a token.
Revision 1.285 / (download) - annotate - [select for diffs], Fri Sep 14 04:17:12 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.284: +47 -26 lines
Diff to previous 1.284 (colored)
Use consistent format in debug log for keys readied, offered and received during public key authentication. This makes it a little easier to see what is going on, as each message now contains the key filename, its type and fingerprint, and whether the key is hosted in an agent or a token.
Revision 1.284 / (download) - annotate - [select for diffs], Mon Aug 13 02:41:05 2018 UTC (5 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.283: +6 -7 lines
Diff to previous 1.283 (colored)
revert compat.[ch] section of the following change. It causes double-free under some circumstances. -- date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh; fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 feedback and ok dtucker@
Revision 1.283 / (download) - annotate - [select for diffs], Tue Jul 31 03:07:24 2018 UTC (5 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.282: +8 -7 lines
Diff to previous 1.282 (colored)
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 feedback and ok dtucker@
Revision 1.282 / (download) - annotate - [select for diffs], Wed Jul 18 11:34:04 2018 UTC (5 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.281: +1 -2 lines
Diff to previous 1.281 (colored)
Remove support for running ssh(1) setuid and fatal if attempted. Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@
Revision 1.281 / (download) - annotate - [select for diffs], Mon Jul 16 11:05:41 2018 UTC (5 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.280: +3 -7 lines
Diff to previous 1.280 (colored)
Remove support for loading HostBasedAuthentication keys directly in ssh(1) and always use ssh-keysign. This removes one of the few remaining reasons why ssh(1) might be setuid. ok markus@
Revision 1.280 / (download) - annotate - [select for diffs], Wed Jul 11 18:55:11 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.279: +3 -3 lines
Diff to previous 1.279 (colored)
treat ssh_packet_write_wait() errors as fatal; ok djm@
Revision 1.279 / (download) - annotate - [select for diffs], Wed Jul 11 18:53:29 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.278: +6 -6 lines
Diff to previous 1.278 (colored)
remove legacy key emulation layer; ok djm@
Revision 1.278 / (download) - annotate - [select for diffs], Mon Jul 9 21:03:30 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.277: +275 -210 lines
Diff to previous 1.277 (colored)
client: switch to sshbuf API; ok djm@
Revision 1.277 / (download) - annotate - [select for diffs], Mon Jul 9 13:37:10 2018 UTC (5 years, 10 months ago) by sf
Branch: MAIN
Changes since 1.276: +2 -2 lines
Diff to previous 1.276 (colored)
Revert previous two commits It turns out we still support pre-auth compression on the client. Therefore revert the previous two commits: date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; Rename COMP_DELAYED to COMP_ZLIB Only delayed compression is supported nowadays. ok markus@ date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@
Revision 1.276 / (download) - annotate - [select for diffs], Fri Jul 6 09:05:01 2018 UTC (5 years, 10 months ago) by sf
Branch: MAIN
Changes since 1.275: +2 -2 lines
Diff to previous 1.275 (colored)
Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@
Revision 1.275 / (download) - annotate - [select for diffs], Wed Jul 4 13:49:31 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.274: +6 -4 lines
Diff to previous 1.274 (colored)
repair PubkeyAcceptedKeyTypes (and friends) after RSA signature work - returns ability to add/remove/specify algorithms by wildcard. Algorithm lists are now fully expanded when the server/client configs are finalised, so errors are reported early and the config dumps (e.g. "ssh -G ...") now list the actual algorithms selected. Clarify that, while wildcards are accepted in algorithm lists, they aren't full pattern-lists that support negation. (lots of) feedback, ok markus@
Revision 1.274 / (download) - annotate - [select for diffs], Tue Jul 3 13:20:25 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.273: +6 -3 lines
Diff to previous 1.273 (colored)
some finesse to fix RSA-SHA2 certificate authentication for certs hosted in ssh-agent
Revision 1.273 / (download) - annotate - [select for diffs], Tue Jul 3 13:07:58 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.272: +2 -2 lines
Diff to previous 1.272 (colored)
check correct variable; unbreak agent keys
Revision 1.272 / (download) - annotate - [select for diffs], Tue Jul 3 11:39:54 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.271: +215 -128 lines
Diff to previous 1.271 (colored)
Improve strictness and control over RSA-SHA2 signature types: In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@
Revision 1.271 / (download) - annotate - [select for diffs], Tue Jun 26 02:02:36 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.270: +2 -2 lines
Diff to previous 1.270 (colored)
whitespace
Revision 1.270 / (download) - annotate - [select for diffs], Sat Mar 24 19:28:43 2018 UTC (6 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.269: +3 -1 lines
Diff to previous 1.269 (colored)
fix bogus warning when signing cert keys using agent; from djm; ok deraadt dtucker
Revision 1.269 / (download) - annotate - [select for diffs], Sat Mar 3 03:01:50 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.268: +34 -7 lines
Diff to previous 1.268 (colored)
warn when the agent returns a signature type that was different to what was requested. This might happen when an old/non-OpenSSH agent is asked to make a rsa-sha2-256/512 signature but only supports ssh-rsa. bz#2799 feedback and ok markus@
Revision 1.268 / (download) - annotate - [select for diffs], Wed Feb 7 22:52:45 2018 UTC (6 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.267: +2 -3 lines
Diff to previous 1.267 (colored)
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
Revision 1.267 / (download) - annotate - [select for diffs], Tue Jan 23 05:27:21 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.266: +10 -45 lines
Diff to previous 1.266 (colored)
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
Revision 1.266 / (download) - annotate - [select for diffs], Sun Aug 27 00:38:41 2017 UTC (6 years, 8 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.265: +3 -3 lines
Diff to previous 1.265 (colored)
Increase the buffer sizes for user prompts to ensure that they won't be truncated by snprintf. Based on patch from cjwatson at debian.org via bz#2768, ok djm@
Revision 1.265 / (download) - annotate - [select for diffs], Fri Aug 11 04:47:12 2017 UTC (6 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.264: +6 -1 lines
Diff to previous 1.264 (colored)
refuse to a private keys when its corresponding .pub key does not match. bz#2737 ok dtucker@
Revision 1.264 / (download) - annotate - [select for diffs], Wed Jun 14 00:31:38 2017 UTC (6 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.263: +3 -2 lines
Diff to previous 1.263 (colored)
Add user@host prefix to client's "Permisison denied" messages, useful in particular when using "stacked" connections where it's not clear which host is denying. bz#2720, ok djm@ markus@
Revision 1.263 / (download) - annotate - [select for diffs], Wed May 31 07:00:13 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.262: +3 -3 lines
Diff to previous 1.262 (colored)
remove now obsolete ctx from ssh_dispatch_run; ok djm@
Revision 1.262 / (download) - annotate - [select for diffs], Wed May 31 05:08:46 2017 UTC (6 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.261: +4 -5 lines
Diff to previous 1.261 (colored)
another ctx => ssh conversion (in GSSAPI code)
Revision 1.261 / (download) - annotate - [select for diffs], Tue May 30 14:23:52 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.260: +31 -41 lines
Diff to previous 1.260 (colored)
protocol handlers all get struct ssh passed; ok djm@
Revision 1.260 / (download) - annotate - [select for diffs], Tue May 30 14:19:15 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.259: +27 -15 lines
Diff to previous 1.259 (colored)
ssh: pass struct ssh to auth functions, too; ok djm@
Revision 1.259 / (download) - annotate - [select for diffs], Tue May 30 08:52:20 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.258: +7 -7 lines
Diff to previous 1.258 (colored)
switch from Key typedef with struct sshkey; ok djm@
Revision 1.258 / (download) - annotate - [select for diffs], Fri May 5 10:42:49 2017 UTC (7 years ago) by naddy
Branch: MAIN
Changes since 1.257: +2 -2 lines
Diff to previous 1.257 (colored)
more simplification and removal of SSHv1-related code; ok djm@
Revision 1.257 / (download) - annotate - [select for diffs], Sun Apr 30 23:18:44 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.256: +2 -5 lines
Diff to previous 1.256 (colored)
remove KEY_RSA1 ok markus@
Revision 1.256 / (download) - annotate - [select for diffs], Fri Apr 28 03:24:53 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.255: +12 -3 lines
Diff to previous 1.255 (colored)
include key fingerprint in "Offering public key" debug message
Revision 1.255 / (download) - annotate - [select for diffs], Sat Mar 11 23:40:26 2017 UTC (7 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.254: +52 -15 lines
Diff to previous 1.254 (colored)
allow ssh to use certificates accompanied by a private key file but no corresponding plain *.pub public key. bz#2617 based on patch from Adam Eijdenberg; ok dtucker@ markus@
Revision 1.254 / (download) - annotate - [select for diffs], Fri Feb 3 02:56:00 2017 UTC (7 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.253: +3 -3 lines
Diff to previous 1.253 (colored)
Make ssh_packet_set_rekey_limits take u32 for the number of seconds until rekeying (negative values are rejected at config parse time). This allows the removal of some casts and a signed vs unsigned comparison warning. rekey_time is cast to int64 for the comparison which is a no-op on OpenBSD, but should also do the right thing in -portable on anything still using 32bit time_t (until the system time actually wraps, anyway). some early guidance deraadt@, ok djm@
Revision 1.253 / (download) - annotate - [select for diffs], Mon Jan 30 00:32:28 2017 UTC (7 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.252: +2 -2 lines
Diff to previous 1.252 (colored)
misplaced braces in test; from Karsten Weiss
Revision 1.252 / (download) - annotate - [select for diffs], Mon Jan 30 00:32:03 2017 UTC (7 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.251: +3 -3 lines
Diff to previous 1.251 (colored)
don't dereference authctxt before testing != NULL, it causes compilers to make assumptions; from Karsten Weiss
Revision 1.251 / (download) - annotate - [select for diffs], Sun Dec 4 23:54:02 2016 UTC (7 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.250: +13 -3 lines
Diff to previous 1.250 (colored)
Fix public key authentication when multiple authentication is in use. Instead of deleting and re-preparing the entire keys list, just reset the 'used' flags; the keys list is already in a good order (with already- tried keys at the back) Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
Revision 1.250 / (download) - annotate - [select for diffs], Wed Sep 28 20:32:42 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.249: +2 -2 lines
Diff to previous 1.249 (colored)
restore pre-auth compression support in the client -- the previous commit was intended to remove it from the server only. remove a few server-side pre-auth compression bits that escaped adjust wording of Compression directive in sshd_config(5) pointed out by naddy@ ok markus@
Revision 1.249 / (download) - annotate - [select for diffs], Wed Sep 28 16:33:07 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.248: +2 -2 lines
Diff to previous 1.248 (colored)
Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
Revision 1.248 / (download) - annotate - [select for diffs], Thu Sep 22 02:29:57 2016 UTC (7 years, 7 months ago) by dtucker
Branch: MAIN
Changes since 1.247: +3 -1 lines
Diff to previous 1.247 (colored)
If ssh receives a PACKET_DISCONNECT during userauth it will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the session being authenticated. Check for this and exit if necessary. ok djm@
Revision 1.247 / (download) - annotate - [select for diffs], Fri Jul 22 05:46:11 2016 UTC (7 years, 9 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.246: +2 -2 lines
Diff to previous 1.246 (colored)
Lower loglevel for "Authenticated with partial success" message similar to other similar level. bz#2599, patch from cgallek at gmail.com, ok markus@
Revision 1.246 / (download) - annotate - [select for diffs], Sun Jul 17 04:20:16 2016 UTC (7 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.245: +8 -13 lines
Diff to previous 1.245 (colored)
support UTF-8 characters in ssh(1) banners using schwarze@'s safe fmprintf printer; bz#2058 feedback schwarze@ ok dtucker@
Revision 1.245 / (download) - annotate - [select for diffs], Tue May 24 04:43:45 2016 UTC (7 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.244: +4 -8 lines
Diff to previous 1.244 (colored)
KNF compression proposal and simplify the client side a little. ok djm@
Revision 1.244 / (download) - annotate - [select for diffs], Mon May 23 23:30:50 2016 UTC (7 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.243: +24 -24 lines
Diff to previous 1.243 (colored)
prefer agent-hosted keys to keys from PKCS#11; ok markus
Revision 1.243 / (download) - annotate - [select for diffs], Mon May 2 10:26:04 2016 UTC (8 years ago) by djm
Branch: MAIN
Changes since 1.242: +4 -1 lines
Diff to previous 1.242 (colored)
add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@
Revision 1.242 / (download) - annotate - [select for diffs], Mon May 2 08:49:03 2016 UTC (8 years ago) by djm
Branch: MAIN
Changes since 1.241: +3 -3 lines
Diff to previous 1.241 (colored)
fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@
Revision 1.241 / (download) - annotate - [select for diffs], Thu Apr 28 14:30:21 2016 UTC (8 years ago) by djm
Branch: MAIN
Changes since 1.240: +3 -3 lines
Diff to previous 1.240 (colored)
fix comment
Revision 1.240 / (download) - annotate - [select for diffs], Mon Mar 14 16:20:54 2016 UTC (8 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.239: +2 -6 lines
Diff to previous 1.239 (colored)
unbreak authentication using lone certificate keys in ssh-agent: when attempting pubkey auth with a certificate, if no separate private key is found among the keys then try with the certificate key itself. bz#2550 reported by Peter Moody
Revision 1.239 / (download) - annotate - [select for diffs], Tue Feb 23 01:34:14 2016 UTC (8 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.238: +4 -3 lines
Diff to previous 1.238 (colored)
fix spurious error message when incorrect passphrase entered for keys; reported by espie@ ok deraadt@
Revision 1.238 / (download) - annotate - [select for diffs], Fri Feb 5 04:31:21 2016 UTC (8 years, 3 months ago) by jsg
Branch: MAIN
Changes since 1.237: +2 -2 lines
Diff to previous 1.237 (colored)
avoid an uninitialised value when NumberOfPasswordPrompts is 0 ok markus@ djm@
Revision 1.237 / (download) - annotate - [select for diffs], Thu Jan 14 22:56:56 2016 UTC (8 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.236: +2 -1 lines
Diff to previous 1.236 (colored)
fd leaks; report Qualys Security Advisory team; ok deraadt@
Revision 1.236 / (download) - annotate - [select for diffs], Thu Jan 14 16:17:40 2016 UTC (8 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.235: +1 -5 lines
Diff to previous 1.235 (colored)
remove roaming support; ok djm@
Revision 1.235 / (download) - annotate - [select for diffs], Fri Dec 11 02:31:47 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
Changes since 1.234: +2 -3 lines
Diff to previous 1.234 (colored)
Remove NULL-checks before sshkey_free(). ok djm@
Revision 1.234 / (download) - annotate - [select for diffs], Fri Dec 11 02:20:28 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.233: +2 -1 lines
Diff to previous 1.233 (colored)
correct error messages; from Tomas Kuthan bz#2507
Revision 1.233 / (download) - annotate - [select for diffs], Fri Dec 11 00:20:04 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
Changes since 1.232: +2 -2 lines
Diff to previous 1.232 (colored)
Pass (char *)NULL rather than (char *)0 to execl and execlp. ok dtucker@
Revision 1.232 / (download) - annotate - [select for diffs], Thu Dec 10 17:08:40 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
Changes since 1.231: +2 -3 lines
Diff to previous 1.231 (colored)
Remove NULL-checks before free(). ok dtucker@
Revision 1.231 / (download) - annotate - [select for diffs], Fri Dec 4 16:41:28 2015 UTC (8 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.230: +90 -38 lines
Diff to previous 1.230 (colored)
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@
Revision 1.230 / (download) - annotate - [select for diffs], Fri Dec 4 00:24:55 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.229: +9 -6 lines
Diff to previous 1.229 (colored)
clean up agent_fd handling; properly initialise it to -1 and make tests consistent ok markus@
Revision 1.229 / (download) - annotate - [select for diffs], Sun Nov 15 22:26:49 2015 UTC (8 years, 6 months ago) by jcs
Branch: MAIN
Changes since 1.228: +20 -15 lines
Diff to previous 1.228 (colored)
Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@
Revision 1.228 / (download) - annotate - [select for diffs], Tue Oct 13 16:15:21 2015 UTC (8 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.227: +15 -8 lines
Diff to previous 1.227 (colored)
apply PubkeyAcceptedKeyTypes filtering earlier, so all skipped keys are noted before pubkey authentication starts. ok dtucker@
Revision 1.227 / (download) - annotate - [select for diffs], Thu Sep 24 06:15:11 2015 UTC (8 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.226: +52 -9 lines
Diff to previous 1.226 (colored)
add ssh_config CertificateFile option to explicitly list a certificate; patch from Meghana Bhat on bz#2436; ok markus@
Revision 1.226 / (download) - annotate - [select for diffs], Thu Jul 30 00:01:34 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.225: +12 -21 lines
Diff to previous 1.225 (colored)
Allow ssh_config and sshd_config kex parameters options be prefixed by a '+' to indicate that the specified items be appended to the default rather than replacing it. approach suggested by dtucker@, feedback dlg@, ok markus@
Revision 1.225 / (download) - annotate - [select for diffs], Fri Jul 10 06:21:53 2015 UTC (8 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.224: +26 -13 lines
Diff to previous 1.224 (colored)
Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@
Revision 1.224 / (download) - annotate - [select for diffs], Mon May 4 06:10:48 2015 UTC (9 years ago) by djm
Branch: MAIN
Changes since 1.223: +2 -3 lines
Diff to previous 1.223 (colored)
Remove pattern length argument from match_pattern_list(), we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
Revision 1.223 / (download) - annotate - [select for diffs], Fri Jan 30 11:43:14 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.222: +197 -107 lines
Diff to previous 1.222 (colored)
Add a ssh_config HostbasedKeyType option to control which host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
Revision 1.222 / (download) - annotate - [select for diffs], Wed Jan 28 22:36:00 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.221: +7 -3 lines
Diff to previous 1.221 (colored)
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
Revision 1.221 / (download) - annotate - [select for diffs], Tue Jan 20 20:16:21 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.220: +4 -2 lines
Diff to previous 1.220 (colored)
kex_setup errors are fatal()
Revision 1.220 / (download) - annotate - [select for diffs], Tue Jan 20 07:56:44 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.219: +12 -8 lines
Diff to previous 1.219 (colored)
make this compile with KERBEROS5 enabled
Revision 1.219 / (download) - annotate - [select for diffs], Mon Jan 19 20:16:15 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.218: +6 -6 lines
Diff to previous 1.218 (colored)
adapt kex to sshbuf and struct ssh; ok djm@
Revision 1.218 / (download) - annotate - [select for diffs], Mon Jan 19 20:07:45 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.217: +31 -23 lines
Diff to previous 1.217 (colored)
move dispatch to struct ssh; ok djm@
Revision 1.217 / (download) - annotate - [select for diffs], Mon Jan 19 19:52:16 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.216: +2 -5 lines
Diff to previous 1.216 (colored)
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
Revision 1.216 / (download) - annotate - [select for diffs], Sun Jan 18 13:33:34 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.215: +3 -2 lines
Diff to previous 1.215 (colored)
avoid trailing ',' in host key algorithms
Revision 1.215 / (download) - annotate - [select for diffs], Thu Jan 15 11:04:36 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.214: +5 -3 lines
Diff to previous 1.214 (colored)
fix regression reported by brad@ for passworded keys without agent present
Revision 1.214 / (download) - annotate - [select for diffs], Wed Jan 14 20:05:27 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.213: +102 -69 lines
Diff to previous 1.213 (colored)
move authfd.c and its tentacles to the new buffer/key API; ok markus@
Revision 1.213 / (download) - annotate - [select for diffs], Thu Jan 8 10:14:08 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.212: +3 -1 lines
Diff to previous 1.212 (colored)
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@
Revision 1.212 / (download) - annotate - [select for diffs], Sun Dec 21 22:27:56 2014 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.211: +3 -3 lines
Diff to previous 1.211 (colored)
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
Revision 1.211 / (download) - annotate - [select for diffs], Thu Dec 11 05:13:28 2014 UTC (9 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.210: +5 -1 lines
Diff to previous 1.210 (colored)
show in debug output which hostkeys are being tried when attempting hostbased auth; patch from Iain Morgan
Revision 1.210 / (download) - annotate - [select for diffs], Tue Jul 15 15:54:14 2014 UTC (9 years, 10 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.209: +2 -2 lines
Diff to previous 1.209 (colored)
Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
Revision 1.209 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.208: +4 -4 lines
Diff to previous 1.208 (colored)
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
Revision 1.208 / (download) - annotate - [select for diffs], Thu Jun 5 22:17:50 2014 UTC (9 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.207: +2 -2 lines
Diff to previous 1.207 (colored)
fix inverted test that caused PKCS#11 keys that were explicitly listed not to be preferred. Reported by Dirk-Willem van Gulik
Revision 1.207 / (download) - annotate - [select for diffs], Tue Apr 29 18:01:49 2014 UTC (10 years ago) by markus
Branch: MAIN
Changes since 1.206: +3 -1 lines
Diff to previous 1.206 (colored)
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Revision 1.204.4.1 / (download) - annotate - [select for diffs], Mon Apr 21 00:30:48 2014 UTC (10 years ago) by djm
Branch: OPENBSD_5_5
Changes since 1.204: +3 -1 lines
Diff to previous 1.204 (colored) next main 1.205 (colored)
MFC: reliability fix for OpenSSH using curve25519-sha256@libssh.org key exchange method. revision 1.71 date: 2014/04/18 23:52:25; author: djm; state: Exp; lines: +2 -2; OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. revision 1.57 date: 2014/04/16 23:22:45; author: djm; state: Exp; lines: +4 -1; skip leading zero bytes in buffer_put_bignum2_from_string(); reported by jan AT mojzis.com; ok markus@
Revision 1.206 / (download) - annotate - [select for diffs], Fri Apr 18 23:52:25 2014 UTC (10 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.205: +3 -1 lines
Diff to previous 1.205 (colored)
OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. reported by Aris Adamantiadis; ok markus@
Revision 1.205 / (download) - annotate - [select for diffs], Thu Mar 27 23:01:27 2014 UTC (10 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.204: +2 -1 lines
Diff to previous 1.204 (colored)
disable weak proposals in sshd, but keep them in ssh; ok djm@
Revision 1.204 / (download) - annotate - [select for diffs], Sun Feb 2 03:44:32 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE
Branch point for: OPENBSD_5_5
Changes since 1.203: +9 -9 lines
Diff to previous 1.203 (colored)
convert memset of potentially-private data to explicit_bzero()
Revision 1.203 / (download) - annotate - [select for diffs], Fri Jan 31 16:39:19 2014 UTC (10 years, 3 months ago) by tedu
Branch: MAIN
Changes since 1.202: +2 -2 lines
Diff to previous 1.202 (colored)
replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
Revision 1.202 / (download) - annotate - [select for diffs], Wed Jan 29 06:18:35 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.201: +1 -292 lines
Diff to previous 1.201 (colored)
remove experimental, never-enabled JPAKE code; ok markus@
Revision 1.201 / (download) - annotate - [select for diffs], Thu Jan 9 23:20:00 2014 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.200: +2 -2 lines
Diff to previous 1.200 (colored)
Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@
Revision 1.200 / (download) - annotate - [select for diffs], Mon Dec 30 23:52:28 2013 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.199: +24 -9 lines
Diff to previous 1.199 (colored)
refuse RSA keys from old proprietary clients/servers that use the obsolete RSA+MD5 signature scheme. it will still be possible to connect with these clients/servers but only DSA keys will be accepted, and we'll deprecate them entirely in a future release. ok markus@
Revision 1.199 / (download) - annotate - [select for diffs], Sat Nov 2 21:59:15 2013 UTC (10 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.198: +2 -1 lines
Diff to previous 1.198 (colored)
use curve25519 for default key exchange (curve25519-sha256@libssh.org); initial patch from Aris Adamantiadis; ok djm@
Revision 1.198 / (download) - annotate - [select for diffs], Wed Jun 5 12:52:38 2013 UTC (10 years, 11 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.197: +6 -2 lines
Diff to previous 1.197 (colored)
Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
Revision 1.197 / (download) - annotate - [select for diffs], Fri May 17 00:13:14 2013 UTC (11 years ago) by djm
Branch: MAIN
Changes since 1.196: +68 -77 lines
Diff to previous 1.196 (colored)
bye, bye xfree(); ok markus@
Revision 1.196 / (download) - annotate - [select for diffs], Thu May 16 02:00:34 2013 UTC (11 years ago) by dtucker
Branch: MAIN
Changes since 1.195: +4 -3 lines
Diff to previous 1.195 (colored)
Add an optional second argument to RekeyLimit in the client to allow rekeying based on elapsed time in addition to amount of traffic. with djm@ jmc@, ok djm
Revision 1.195 / (download) - annotate - [select for diffs], Fri May 10 03:40:07 2013 UTC (11 years ago) by djm
Branch: MAIN
Changes since 1.194: +2 -2 lines
Diff to previous 1.194 (colored)
fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from Colin Watson
Revision 1.194 / (download) - annotate - [select for diffs], Fri Apr 5 00:14:00 2013 UTC (11 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.193: +5 -6 lines
Diff to previous 1.193 (colored)
hush some {unused, printf type} warnings
Revision 1.193 / (download) - annotate - [select for diffs], Tue Mar 5 20:16:09 2013 UTC (11 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.192: +6 -2 lines
Diff to previous 1.192 (colored)
reset pubkey order on partial success; ok djm@
Revision 1.192 / (download) - annotate - [select for diffs], Sun Feb 17 23:16:57 2013 UTC (11 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.191: +2 -2 lines
Diff to previous 1.191 (colored)
Keep track of which IndentityFile options were manually supplied and which were default options, and don't warn if the latter are missing. ok markus@
Revision 1.191 / (download) - annotate - [select for diffs], Fri Feb 15 00:21:01 2013 UTC (11 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.190: +12 -7 lines
Diff to previous 1.190 (colored)
Warn more loudly if an IdentityFile provided by the user cannot be read. bz #1981, ok djm@
Revision 1.190 / (download) - annotate - [select for diffs], Sun Dec 2 20:26:11 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.189: +26 -3 lines
Diff to previous 1.189 (colored)
Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. This allows control of which keys are offered from tokens using IdentityFile. ok markus@
Revision 1.189 / (download) - annotate - [select for diffs], Fri Jun 22 12:30:26 2012 UTC (11 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.188: +1 -3 lines
Diff to previous 1.188 (colored)
remove dead code following 'for (;;)' loops. From Steve.McClellan at radisys com, ok markus@
Revision 1.188 / (download) - annotate - [select for diffs], Tue May 24 07:15:47 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.187: +6 -5 lines
Diff to previous 1.187 (colored)
Remove undocumented legacy options UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile accept multiple paths per line and making their defaults include known_hosts2; ok markus
Revision 1.187 / (download) - annotate - [select for diffs], Fri May 6 02:05:41 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.186: +4 -1 lines
Diff to previous 1.186 (colored)
fix memory leak; bz#1849 ok dtucker@
Revision 1.186 / (download) - annotate - [select for diffs], Mon Nov 29 23:45:51 2010 UTC (13 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.185: +60 -2 lines
Diff to previous 1.185 (colored)
automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys that are preferred by default; with markus@
Revision 1.185 / (download) - annotate - [select for diffs], Wed Sep 22 05:01:29 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.184: +3 -1 lines
Diff to previous 1.184 (colored)
add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@
Revision 1.184 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.183: +2 -1 lines
Diff to previous 1.183 (colored)
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
Revision 1.183 / (download) - annotate - [select for diffs], Mon Apr 26 22:28:24 2010 UTC (14 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.182: +2 -2 lines
Diff to previous 1.182 (colored)
bz#1502: authctxt.success is declared as an int, but passed by reference to function that accepts sig_atomic_t*. Convert it to the latter; ok markus@ dtucker@
Revision 1.182 / (download) - annotate - [select for diffs], Fri Apr 16 01:47:26 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.181: +5 -2 lines
Diff to previous 1.181 (colored)
revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
following changes:
move the nonce field to the beginning of the certificate where it can
better protect against chosen-prefix attacks on the signature hash
Rename "constraints" field to "critical options"
Add a new non-critical "extensions" field
Add a serial number
The older format is still support for authentication and cert generation
(use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
ok markus@
Revision 1.181 / (download) - annotate - [select for diffs], Sat Apr 10 02:10:56 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.180: +3 -2 lines
Diff to previous 1.180 (colored)
show the key type that we are offering in debug(), helps distinguish between certs and plain keys as the path to the private key is usually the same.
Revision 1.180 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.179: +3 -1 lines
Diff to previous 1.179 (colored)
Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
Revision 1.179 / (download) - annotate - [select for diffs], Wed Jan 13 01:20:20 2010 UTC (14 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.178: +4 -13 lines
Diff to previous 1.178 (colored)
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
Revision 1.178 / (download) - annotate - [select for diffs], Mon Jan 11 04:46:45 2010 UTC (14 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.177: +2 -2 lines
Diff to previous 1.177 (colored)
Do not prompt for a passphrase if we fail to open a keyfile, and log the reason the open failed to debug. bz #1693, found by tj AT castaglia org, ok djm@
Revision 1.177 / (download) - annotate - [select for diffs], Mon Jan 4 01:45:30 2010 UTC (14 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.176: +2 -2 lines
Diff to previous 1.176 (colored)
Don't escape backslashes in the SSH2 banner. bz#1533, patch from Michal Gorny via Gentoo.
Revision 1.176 / (download) - annotate - [select for diffs], Sun Dec 6 23:41:15 2009 UTC (14 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.175: +2 -3 lines
Diff to previous 1.175 (colored)
zap unused variable and strlen; from Steve McClellan, ok djm
Revision 1.175 / (download) - annotate - [select for diffs], Fri Nov 20 00:59:36 2009 UTC (14 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.174: +9 -5 lines
Diff to previous 1.174 (colored)
Use the HostKeyAlias when prompting for passwords. bz#1039, ok djm@
Revision 1.174 / (download) - annotate - [select for diffs], Tue Nov 10 04:30:45 2009 UTC (14 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.173: +4 -1 lines
Diff to previous 1.173 (colored)
Set close-on-exec on various descriptors so they don't get leaked to child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
Revision 1.173 / (download) - annotate - [select for diffs], Sat Oct 24 11:13:54 2009 UTC (14 years, 6 months ago) by andreas
Branch: MAIN
Changes since 1.172: +6 -1 lines
Diff to previous 1.172 (colored)
Let the client detect if the server supports roaming by looking for the resume@appgate.com kex algorithm. ok markus@
Revision 1.172 / (download) - annotate - [select for diffs], Fri Oct 23 01:57:11 2009 UTC (14 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.171: +20 -1 lines
Diff to previous 1.171 (colored)
disallow a hostile server from checking jpake auth by sending an out-of-sequence success message. (doesn't affect code enabled by default)
Revision 1.171 / (download) - annotate - [select for diffs], Thu Mar 5 07:18:19 2009 UTC (15 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.170: +2 -1 lines
Diff to previous 1.170 (colored)
refactor the (disabled) Schnorr proof code to make it a little more generally useful
Revision 1.170 / (download) - annotate - [select for diffs], Tue Nov 4 08:22:13 2008 UTC (15 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.169: +301 -2 lines
Diff to previous 1.169 (colored)
Add support for an experimental zero-knowledge password authentication method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
Revision 1.169 / (download) - annotate - [select for diffs], Sat Nov 1 04:50:08 2008 UTC (15 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.168: +13 -2 lines
Diff to previous 1.168 (colored)
sprinkle ARGSUSED on dispatch handlers nuke stale unusued prototype
Revision 1.168 / (download) - annotate - [select for diffs], Fri Oct 3 23:56:28 2008 UTC (15 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.167: +3 -3 lines
Diff to previous 1.167 (colored)
Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the function. spotted by des@freebsd, who commited an incorrect fix to the freebsd tree and (as is fairly typical) did not report the problem to us. But this fix is correct. ok djm
Revision 1.167 / (download) - annotate - [select for diffs], Thu Jul 31 14:48:28 2008 UTC (15 years, 9 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.166: +2 -2 lines
Diff to previous 1.166 (colored)
don't allocate space for empty banners; report t8m at centrum.cz; ok deraadt
Revision 1.166 / (download) - annotate - [select for diffs], Thu Jul 17 08:48:00 2008 UTC (15 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.165: +13 -5 lines
Diff to previous 1.165 (colored)
strnvis preauth banner; pointed out by mpf@ ok markus@
Revision 1.165 / (download) - annotate - [select for diffs], Sat Jan 19 23:09:49 2008 UTC (16 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.164: +2 -2 lines
Diff to previous 1.164 (colored)
promote rekeylimit to a int64 so it can hold the maximum useful limit of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
Revision 1.164 / (download) - annotate - [select for diffs], Thu May 17 23:53:41 2007 UTC (17 years ago) by jolan
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.163: +2 -1 lines
Diff to previous 1.163 (colored)
djm owes me a vb and a tism cd for breaking ssh compilation
Revision 1.163 / (download) - annotate - [select for diffs], Thu May 17 20:48:13 2007 UTC (17 years ago) by djm
Branch: MAIN
Changes since 1.162: +12 -3 lines
Diff to previous 1.162 (colored)
fall back to gethostname() when the outgoing connection is not on a socket, such as is the case when ProxyCommand is used. Gives hostbased auth an opportunity to work; bz#616, report and feedback stuart AT kaloram.com; ok markus@
Revision 1.142.2.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:33 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.142.2.1: +34 -26 lines
Diff to previous 1.142.2.1 (colored) to branchpoint 1.142 (colored) next main 1.143 (colored)
upgrade to OpenSSH 4.4
Revision 1.146.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:51 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.146: +30 -27 lines
Diff to previous 1.146 (colored) next main 1.147 (colored)
upgrade to OpenSSH 4.4
Revision 1.162 / (download) - annotate - [select for diffs], Wed Aug 30 00:06:51 2006 UTC (17 years, 8 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.161: +2 -2 lines
Diff to previous 1.161 (colored)
Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@
Revision 1.161 / (download) - annotate - [select for diffs], Fri Aug 18 13:54:54 2006 UTC (17 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.160: +4 -11 lines
Diff to previous 1.160 (colored)
bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk ok markus@
Revision 1.160 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.159: +6 -5 lines
Diff to previous 1.159 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.159 / (download) - annotate - [select for diffs], Tue Aug 1 23:22:48 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.158: +2 -1 lines
Diff to previous 1.158 (colored)
move #include <stdio.h> out of includes.h
Revision 1.158 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.157: +2 -1 lines
Diff to previous 1.157 (colored)
move #include <string.h> out of includes.h
Revision 1.157 / (download) - annotate - [select for diffs], Thu Jul 20 15:26:15 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.156: +2 -1 lines
Diff to previous 1.156 (colored)
missed some needed #include <unistd.h> when KERBEROS5=no; issue from massimo@cedoc.mo.it
Revision 1.156 / (download) - annotate - [select for diffs], Tue Jul 11 20:07:25 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.155: +3 -1 lines
Diff to previous 1.155 (colored)
move #include <errno.h> out of includes.h; ok markus@
Revision 1.155 / (download) - annotate - [select for diffs], Thu Jun 8 14:45:49 2006 UTC (17 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.154: +2 -2 lines
Diff to previous 1.154 (colored)
do not set the gid, noted by solar; ok djm
Revision 1.154 / (download) - annotate - [select for diffs], Tue Jun 6 10:20:20 2006 UTC (17 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.153: +3 -3 lines
Diff to previous 1.153 (colored)
replace remaining setuid() calls with permanently_set_uid() and check seteuid() return values; report Marcus Meissner; ok dtucker djm
Revision 1.153 / (download) - annotate - [select for diffs], Mon May 8 10:49:48 2006 UTC (18 years ago) by djm
Branch: MAIN
Changes since 1.152: +2 -2 lines
Diff to previous 1.152 (colored)
uint32_t -> u_int32_t (which we use everywhere else)
Revision 1.152 / (download) - annotate - [select for diffs], Tue Apr 25 08:02:27 2006 UTC (18 years ago) by dtucker
Branch: MAIN
Changes since 1.151: +7 -5 lines
Diff to previous 1.151 (colored)
Prevent ssh from trying to open private keys with bad permissions more than once or prompting for their passphrases (which it subsequently ignores anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
Revision 1.151 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.150: +1 -0 lines
Diff to previous 1.150 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.150 / (download) - annotate - [select for diffs], Sat Mar 25 00:05:41 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.149: +3 -7 lines
Diff to previous 1.149 (colored)
introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
Revision 1.149 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:19 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.148: +0 -1 lines
Diff to previous 1.148 (colored)
RCSID() can die
Revision 1.148 / (download) - annotate - [select for diffs], Sun Mar 19 07:41:30 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.147: +7 -2 lines
Diff to previous 1.147 (colored)
memory leaks detected by Coverity via elad AT netbsd.org; deraadt@ ok
Revision 1.147 / (download) - annotate - [select for diffs], Tue Mar 7 09:07:40 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.146: +2 -1 lines
Diff to previous 1.146 (colored)
Implement the diffie-hellman-group-exchange-sha256 key exchange method using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY
Revision 1.146 / (download) - annotate - [select for diffs], Mon Feb 20 17:19:54 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.145: +2 -1 lines
Diff to previous 1.145 (colored)
move #include <sys/stat.h> out of includes.h; ok markus@
Revision 1.145 / (download) - annotate - [select for diffs], Fri Feb 10 01:44:27 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.144: +3 -1 lines
Diff to previous 1.144 (colored)
move #include <sys/wait.h> out of includes.h; ok markus@
Revision 1.144 / (download) - annotate - [select for diffs], Tue Feb 7 01:18:09 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.143: +3 -1 lines
Diff to previous 1.143 (colored)
move #include <sys/queue.h> out of includes.h; ok markus@
Revision 1.142.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:58 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.142: +2 -2 lines
Diff to previous 1.142 (colored)
upgrade to OpenSSH 4.3
Revision 1.138.4.2 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:45 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.138.4.1: +2 -2 lines
Diff to previous 1.138.4.1 (colored) to branchpoint 1.138 (colored) next main 1.139 (colored)
upgrade to OpenSSH 4.3
Revision 1.143 / (download) - annotate - [select for diffs], Fri Oct 14 02:17:59 2005 UTC (18 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.142: +2 -2 lines
Diff to previous 1.142 (colored)
no trailing "\n" for log functions; ok djm@
Revision 1.138.4.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:11 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.138: +10 -8 lines
Diff to previous 1.138 (colored)
upgrade to OpenSSH 4.2
Revision 1.138.2.1 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:01 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.138: +10 -8 lines
Diff to previous 1.138 (colored) next main 1.139 (colored)
upgrade to OpenSSH 4.2
Revision 1.142 / (download) - annotate - [select for diffs], Tue Aug 30 22:08:05 2005 UTC (18 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_8
Changes since 1.141: +3 -2 lines
Diff to previous 1.141 (colored)
destroy credentials if krb5_kuserok() call fails. Stops credentials being delegated to users who are not authorised for GSSAPIAuthentication when GSSAPIDeletegateCredentials=yes and another authentication mechanism succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
Revision 1.141 / (download) - annotate - [select for diffs], Mon Jul 25 11:59:40 2005 UTC (18 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.140: +3 -3 lines
Diff to previous 1.140 (colored)
add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
Revision 1.140 / (download) - annotate - [select for diffs], Sun Jul 17 07:17:55 2005 UTC (18 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.139: +3 -3 lines
Diff to previous 1.139 (colored)
knf says that a 2nd level indent is four (not three or five) spaces
Revision 1.139 / (download) - annotate - [select for diffs], Fri Jun 17 02:44:33 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.138: +4 -3 lines
Diff to previous 1.138 (colored)
make this -Wsign-compare clean; ok avsm@ markus@
Revision 1.124.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:33 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.124.2.1: +4 -3 lines
Diff to previous 1.124.2.1 (colored) to branchpoint 1.124 (colored) next main 1.125 (colored)
upgrade to OpenSSH 3.9
Revision 1.135.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:27 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.135: +3 -2 lines
Diff to previous 1.135 (colored) next main 1.136 (colored)
upgrade to OpenSSH 3.9
Revision 1.138 / (download) - annotate - [select for diffs], Sun Jun 13 12:53:24 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_7,
OPENBSD_3_6
Changes since 1.137: +2 -1 lines
Diff to previous 1.137 (colored)
implement diffie-hellman-group14-sha1 kex method (trivial extension to existing diffie-hellman-group1-sha1); ok markus@
Revision 1.137 / (download) - annotate - [select for diffs], Sat May 8 00:21:31 2004 UTC (20 years ago) by djm
Branch: MAIN
Changes since 1.136: +2 -2 lines
Diff to previous 1.136 (colored)
kill a tiny header; ok deraadt@
Revision 1.136 / (download) - annotate - [select for diffs], Thu Apr 8 16:08:21 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.135: +2 -2 lines
Diff to previous 1.135 (colored)
swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what FreeBSD and NetBSD do. ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@
Revision 1.135 / (download) - annotate - [select for diffs], Fri Mar 5 10:53:58 2004 UTC (20 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.134: +2 -2 lines
Diff to previous 1.134 (colored)
add IdentitiesOnly; ok djm@, pb@
Revision 1.112.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:17 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.112.2.1: +102 -83 lines
Diff to previous 1.112.2.1 (colored) to branchpoint 1.112 (colored) next main 1.113 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.124.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:34 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.124: +102 -83 lines
Diff to previous 1.124 (colored)
upgrade to OpenSSH 3.8
Revision 1.134 / (download) - annotate - [select for diffs], Mon Jan 19 21:25:15 2004 UTC (20 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.133: +4 -4 lines
Diff to previous 1.133 (colored)
fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
Revision 1.133 / (download) - annotate - [select for diffs], Fri Nov 21 11:57:03 2003 UTC (20 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.132: +12 -12 lines
Diff to previous 1.132 (colored)
unexpand and delete whitespace at EOL; ok markus@
Revision 1.132 / (download) - annotate - [select for diffs], Mon Nov 17 11:06:07 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.131: +29 -7 lines
Diff to previous 1.131 (colored)
replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.
Revision 1.131 / (download) - annotate - [select for diffs], Mon Nov 17 09:45:39 2003 UTC (20 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.130: +3 -2 lines
Diff to previous 1.130 (colored)
return error on msg send/receive failure (rather than fatal); ok markus@
Revision 1.130 / (download) - annotate - [select for diffs], Fri Nov 14 13:19:09 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.129: +36 -44 lines
Diff to previous 1.129 (colored)
cleanup and minor fixes for the client code; from Simon Wilkinson
Revision 1.129 / (download) - annotate - [select for diffs], Sun Nov 2 11:01:03 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.128: +16 -24 lines
Diff to previous 1.128 (colored)
remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
Revision 1.128 / (download) - annotate - [select for diffs], Sun Oct 26 16:57:43 2003 UTC (20 years, 6 months ago) by avsm
Branch: MAIN
Changes since 1.127: +13 -13 lines
Diff to previous 1.127 (colored)
rename 'supported' static var in userauth_gssapi() to 'gss_supported' to avoid shadowing the global version. markus@ ok
Revision 1.127 / (download) - annotate - [select for diffs], Sat Oct 11 08:26:43 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.126: +8 -2 lines
Diff to previous 1.126 (colored)
search keys in reverse order; fixes #684
Revision 1.126 / (download) - annotate - [select for diffs], Tue Oct 7 21:58:28 2003 UTC (20 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.125: +9 -4 lines
Diff to previous 1.125 (colored)
set ptr to NULL after free
Revision 1.125 / (download) - annotate - [select for diffs], Tue Oct 7 01:47:27 2003 UTC (20 years, 7 months ago) by dtucker
Branch: MAIN
Changes since 1.124: +3 -2 lines
Diff to previous 1.124 (colored)
Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 & #707. ok markus@
Revision 1.107.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:29 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.107.2.1: +457 -162 lines
Diff to previous 1.107.2.1 (colored) to branchpoint 1.107 (colored) next main 1.108 (colored)
upgrade to OpenSSH 3.7
Revision 1.112.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:44 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.112: +457 -162 lines
Diff to previous 1.112 (colored)
upgrade to OpenSSH 3.7
Revision 1.124 / (download) - annotate - [select for diffs], Mon Aug 25 10:33:33 2003 UTC (20 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.123: +2 -2 lines
Diff to previous 1.123 (colored)
fprintf->logit to silence login banner with "ssh -q"; ok markus@
Revision 1.123 / (download) - annotate - [select for diffs], Sun Aug 24 17:36:52 2003 UTC (20 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.122: +4 -2 lines
Diff to previous 1.122 (colored)
64 bit cleanups; markus ok
Revision 1.122 / (download) - annotate - [select for diffs], Fri Aug 22 13:20:03 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.121: +1 -99 lines
Diff to previous 1.121 (colored)
remove support for "kerberos-2@ssh.com"
Revision 1.121 / (download) - annotate - [select for diffs], Fri Aug 22 10:56:09 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.120: +251 -1 lines
Diff to previous 1.120 (colored)
support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
Revision 1.120 / (download) - annotate - [select for diffs], Tue Jun 24 08:23:46 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.119: +3 -3 lines
Diff to previous 1.119 (colored)
int -> u_int; ok djm@, deraadt@, mouring@
Revision 1.119 / (download) - annotate - [select for diffs], Thu May 15 00:28:28 2003 UTC (21 years ago) by markus
Branch: MAIN
Changes since 1.118: +10 -15 lines
Diff to previous 1.118 (colored)
cleanup unregister of per-method packet handlers; ok djm@
Revision 1.118 / (download) - annotate - [select for diffs], Wed May 14 02:15:47 2003 UTC (21 years ago) by markus
Branch: MAIN
Changes since 1.117: +100 -1 lines
Diff to previous 1.117 (colored)
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
server interops with commercial client; ok jakob@ djm@
Revision 1.117 / (download) - annotate - [select for diffs], Mon May 12 16:55:37 2003 UTC (21 years ago) by markus
Branch: MAIN
Changes since 1.116: +188 -144 lines
Diff to previous 1.116 (colored)
for pubkey authentication try the user keys in the following order: 1. agent keys that are found in the config file 2. other agent keys 3. keys that are only listed in the config file this helps when an agent has many keys, where the server might close the connection before the correct key is used. report & ok pb@
Revision 1.116 / (download) - annotate - [select for diffs], Tue Apr 8 20:21:29 2003 UTC (21 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.115: +7 -7 lines
Diff to previous 1.115 (colored)
rename log() into logit() to avoid name conflict. markus ok, from netbsd
Revision 1.99.2.3 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:18 2003 UTC (21 years, 1 month ago) by miod
Branch: OPENBSD_3_1
Changes since 1.99.2.2: +22 -22 lines
Diff to previous 1.99.2.2 (colored) to branchpoint 1.99 (colored) next main 1.100 (colored)
Merge OpenSSH 3.6.1
Revision 1.115 / (download) - annotate - [select for diffs], Wed Apr 2 09:48:07 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.114: +4 -1 lines
Diff to previous 1.114 (colored)
reapply rekeying chage, tested by henning@, ok djm@
Revision 1.114 / (download) - annotate - [select for diffs], Tue Apr 1 10:22:21 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.113: +1 -4 lines
Diff to previous 1.113 (colored)
backout rekeying changes (for 3.6.1)
Revision 1.113 / (download) - annotate - [select for diffs], Tue Apr 1 10:10:23 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.112: +4 -1 lines
Diff to previous 1.112 (colored)
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
Revision 1.107.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:14 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.107: +22 -22 lines
Diff to previous 1.107 (colored)
Update to OpenSSH 3.6
Revision 1.112 / (download) - annotate - [select for diffs], Wed Mar 5 22:33:43 2003 UTC (21 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.111: +2 -1 lines
Diff to previous 1.111 (colored)
fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
Revision 1.111 / (download) - annotate - [select for diffs], Sun Feb 16 17:09:57 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.110: +3 -1 lines
Diff to previous 1.110 (colored)
split kex into client and server code, no need to link server code into the client; ok provos@
Revision 1.110 / (download) - annotate - [select for diffs], Thu Dec 19 00:07:02 2002 UTC (21 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.109: +3 -3 lines
Diff to previous 1.109 (colored)
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
Revision 1.109 / (download) - annotate - [select for diffs], Fri Dec 13 10:03:15 2002 UTC (21 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.108: +12 -13 lines
Diff to previous 1.108 (colored)
cleanup debug messages, more useful information for the client user.
Revision 1.108 / (download) - annotate - [select for diffs], Thu Nov 21 22:45:31 2002 UTC (21 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.107: +6 -8 lines
Diff to previous 1.107 (colored)
debug->debug2, unify debug messages
Revision 1.83.2.6 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:07 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.83.2.5: +4 -4 lines
Diff to previous 1.83.2.5 (colored) to branchpoint 1.83 (colored) next main 1.84 (colored)
Update to OpenSSH 3.5
Revision 1.99.2.2 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:53 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.99.2.1: +4 -4 lines
Diff to previous 1.99.2.1 (colored) to branchpoint 1.99 (colored)
Update to OpenSSH 3.5
Revision 1.107 / (download) - annotate - [select for diffs], Mon Jul 1 19:48:46 2002 UTC (21 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.106: +3 -3 lines
Diff to previous 1.106 (colored)
for compression=yes, we fallback to no-compression if the server does not support compression, vice versa for compression=no. ok mouring@
Revision 1.106 / (download) - annotate - [select for diffs], Sun Jun 30 21:59:45 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.105: +2 -2 lines
Diff to previous 1.105 (colored)
minor KNF
Revision 1.83.2.5 / (download) - annotate - [select for diffs], Wed Jun 26 18:22:36 2002 UTC (21 years, 10 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.83.2.4: +8 -5 lines
Diff to previous 1.83.2.4 (colored) to branchpoint 1.83 (colored)
There was an update to OpenSSH 3.4, and people rejoiced.
Revision 1.99.2.1 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:39 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.99: +104 -22 lines
Diff to previous 1.99 (colored)
Pull in OpenSSH-3.4
Revision 1.105 / (download) - annotate - [select for diffs], Sun Jun 23 03:30:17 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.104: +8 -5 lines
Diff to previous 1.104 (colored)
various KNF and %d for unsigned
Revision 1.83.2.4 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:18 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.83.2.3: +100 -21 lines
Diff to previous 1.83.2.3 (colored) to branchpoint 1.83 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.104 / (download) - annotate - [select for diffs], Wed Jun 19 00:27:55 2002 UTC (21 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.103: +8 -8 lines
Diff to previous 1.103 (colored)
KNF done automatically while reading....
Revision 1.72.2.5 / (download) - annotate - [select for diffs], Sun Jun 2 22:56:11 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.72.2.4: +76 -3 lines
Diff to previous 1.72.2.4 (colored) to branchpoint 1.72 (colored) next main 1.73 (colored)
Upgrade to OpenSSH 3.2.3. Except for improbable compilation error fixes, this should be the last commit made to the 2.9-STABLE branche. Have fun upgrading.
Revision 1.103 / (download) - annotate - [select for diffs], Fri May 31 10:30:33 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.102: +8 -5 lines
Diff to previous 1.102 (colored)
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
Revision 1.102 / (download) - annotate - [select for diffs], Sat May 25 08:50:39 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.101: +2 -2 lines
Diff to previous 1.101 (colored)
execlp->execl; from stevesk
Revision 1.101 / (download) - annotate - [select for diffs], Fri May 24 08:45:14 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.100: +15 -14 lines
Diff to previous 1.100 (colored)
stat ssh-keysign first, print error if stat fails; some debug->error; fix comment
Revision 1.100 / (download) - annotate - [select for diffs], Thu May 23 19:24:30 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.99: +85 -10 lines
Diff to previous 1.99 (colored)
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
Revision 1.83.2.3 / (download) - annotate - [select for diffs], Fri May 17 00:03:24 2002 UTC (22 years ago) by miod
Branch: OPENBSD_3_0
Changes since 1.83.2.2: +76 -3 lines
Diff to previous 1.83.2.2 (colored) to branchpoint 1.83 (colored)
Update OpenSSH to version 3.2.2.
Revision 1.99 / (download) - annotate - [select for diffs], Tue Mar 26 15:58:46 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.98: +75 -2 lines
Diff to previous 1.98 (colored)
client side support for PASSWD_CHANGEREQ based on work by johan.andersson@appgate.com; ok provos@
Revision 1.98 / (download) - annotate - [select for diffs], Tue Mar 19 10:49:35 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.97: +2 -2 lines
Diff to previous 1.97 (colored)
KNF whitespace
Revision 1.72.2.4 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:45 2002 UTC (22 years, 2 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.72.2.3: +63 -63 lines
Diff to previous 1.72.2.3 (colored) to branchpoint 1.72 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.27.2.8 / (download) - annotate - [select for diffs], Fri Mar 8 17:04:43 2002 UTC (22 years, 2 months ago) by brad
Branch: OPENBSD_2_8
Changes since 1.27.2.7: +63 -63 lines
Diff to previous 1.27.2.7 (colored) to branchpoint 1.27 (colored) next main 1.28 (colored)
Merge OpenSSH 3.1.
Revision 1.83.2.2 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:48 2002 UTC (22 years, 2 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.83.2.1: +63 -63 lines
Diff to previous 1.83.2.1 (colored) to branchpoint 1.83 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.97 / (download) - annotate - [select for diffs], Mon Feb 25 16:33:27 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.96: +3 -3 lines
Diff to previous 1.96 (colored)
more u_* fixes
Revision 1.96 / (download) - annotate - [select for diffs], Sun Feb 24 19:14:59 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.95: +13 -11 lines
Diff to previous 1.95 (colored)
signed vs. unsigned: make size arguments u_int, ok stevesk@
Revision 1.95 / (download) - annotate - [select for diffs], Sun Feb 3 17:59:23 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.94: +9 -3 lines
Diff to previous 1.94 (colored)
more cross checking if announced vs. used key type; ok stevesk@
Revision 1.94 / (download) - annotate - [select for diffs], Fri Jan 25 21:00:24 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.93: +1 -9 lines
Diff to previous 1.93 (colored)
unused include
Revision 1.93 / (download) - annotate - [select for diffs], Sun Jan 13 17:57:37 2002 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.92: +11 -10 lines
Diff to previous 1.92 (colored)
use buffer API and avoid static strings of fixed size; ok provos@/mouring@
Revision 1.92 / (download) - annotate - [select for diffs], Fri Dec 28 15:06:00 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.91: +13 -13 lines
Diff to previous 1.91 (colored)
remove plen from the dispatch fn. it's no longer used.
Revision 1.91 / (download) - annotate - [select for diffs], Fri Dec 28 14:50:54 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.90: +3 -4 lines
Diff to previous 1.90 (colored)
packet_read* no longer return the packet length, since it's not used.
Revision 1.90 / (download) - annotate - [select for diffs], Fri Dec 28 12:14:27 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.89: +5 -5 lines
Diff to previous 1.89 (colored)
s/packet_done/packet_check_eom/ (end-of-message); ok djm@
Revision 1.89 / (download) - annotate - [select for diffs], Thu Dec 20 22:50:24 2001 UTC (22 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.88: +13 -13 lines
Diff to previous 1.88 (colored)
Conformance fix: we should send failing packet sequence number when responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by yakk@yakk.dot.net; ok markus@
Revision 1.88 / (download) - annotate - [select for diffs], Wed Dec 19 07:18:56 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.87: +4 -4 lines
Diff to previous 1.87 (colored)
basic KNF done while i was looking for something else
Revision 1.87 / (download) - annotate - [select for diffs], Wed Dec 5 10:06:13 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.86: +4 -4 lines
Diff to previous 1.86 (colored)
minor KNF
Revision 1.86 / (download) - annotate - [select for diffs], Wed Dec 5 03:56:39 2001 UTC (22 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.85: +14 -14 lines
Diff to previous 1.85 (colored)
make it compile with more strict prototype checking
Revision 1.72.2.3 / (download) - annotate - [select for diffs], Thu Nov 15 22:51:15 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.72.2.2: +17 -16 lines
Diff to previous 1.72.2.2 (colored) to branchpoint 1.72 (colored)
Merge OpenSSH 3.0.1.
Revision 1.27.2.7 / (download) - annotate - [select for diffs], Thu Nov 15 22:50:30 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.27.2.6: +17 -16 lines
Diff to previous 1.27.2.6 (colored) to branchpoint 1.27 (colored)
Merge OpenSSH 3.0.1. This is likely to be the last commit to the 2.8-STABLE branch.
Revision 1.72.2.2 / (download) - annotate - [select for diffs], Thu Nov 15 00:15:19 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.72.2.1: +2 -2 lines
Diff to previous 1.72.2.1 (colored) to branchpoint 1.72 (colored)
Merge OpenSSH 3.0
Revision 1.27.2.6 / (download) - annotate - [select for diffs], Thu Nov 15 00:15:00 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.27.2.5: +2 -2 lines
Diff to previous 1.27.2.5 (colored) to branchpoint 1.27 (colored)
Merge OpenSSH 3.0
Revision 1.83.2.1 / (download) - annotate - [select for diffs], Wed Nov 14 03:24:39 2001 UTC (22 years, 6 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.83: +17 -16 lines
Diff to previous 1.83 (colored)
Pull in patches from current (Errata 002): Update to OpenSSH-3.0.1 via errata patch (Instead of using release tarball)
Revision 1.85 / (download) - annotate - [select for diffs], Wed Nov 7 16:03:17 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.84: +3 -3 lines
Diff to previous 1.84 (colored)
pad using the padding field from the ssh2 packet instead of sending extra ignore messages. tested against several other ssh servers.
Revision 1.84 / (download) - annotate - [select for diffs], Mon Oct 29 19:27:15 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.83: +15 -14 lines
Diff to previous 1.83 (colored)
hostbased: check for client hostkey before building chost
Revision 1.83 / (download) - annotate - [select for diffs], Sat Oct 6 11:18:19 2001 UTC (22 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.82: +2 -2 lines
Diff to previous 1.82 (colored)
unify hostkey check error messages, simplify prompt.
Revision 1.72.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:55 2001 UTC (22 years, 7 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.72: +57 -39 lines
Diff to previous 1.72 (colored)
Pull in OpenSSH-2.9.9
Revision 1.27.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:43 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.27.2.4: +57 -39 lines
Diff to previous 1.27.2.4 (colored) to branchpoint 1.27 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.82 / (download) - annotate - [select for diffs], Fri Aug 31 11:46:39 2001 UTC (22 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.81: +13 -1 lines
Diff to previous 1.81 (colored)
disable kbd-interactive if we don't get SSH2_MSG_USERAUTH_INFO_REQUEST messages
Revision 1.81 / (download) - annotate - [select for diffs], Mon Jul 23 09:06:28 2001 UTC (22 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.80: +9 -9 lines
Diff to previous 1.80 (colored)
reorder default sequence of userauth methods to match ssh behaviour: hostbased,publickey,keyboard-interactive,password
Revision 1.80 / (download) - annotate - [select for diffs], Tue Jun 26 20:14:11 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.79: +6 -1 lines
Diff to previous 1.79 (colored)
add smartcard support to the client, too (now you can use both the agent and the client).
Revision 1.79 / (download) - annotate - [select for diffs], Mon Jun 25 20:26:37 2001 UTC (22 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.78: +4 -3 lines
Diff to previous 1.78 (colored)
prototype cleanup; ok markus@
Revision 1.78 / (download) - annotate - [select for diffs], Sun Jun 24 05:47:13 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.77: +3 -3 lines
Diff to previous 1.77 (colored)
oops, missing format string
Revision 1.77 / (download) - annotate - [select for diffs], Sun Jun 24 05:35:34 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.76: +4 -5 lines
Diff to previous 1.76 (colored)
switch to readpassphrase(3) 2.7/8-stable needs readpassphrase.[ch] from libc
Revision 1.76 / (download) - annotate - [select for diffs], Sat Jun 23 15:12:21 2001 UTC (22 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.75: +20 -20 lines
Diff to previous 1.75 (colored)
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
Revision 1.75 / (download) - annotate - [select for diffs], Sat Jun 23 02:34:33 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.74: +5 -5 lines
Diff to previous 1.74 (colored)
get rid of known_hosts2, use it for hostkey lookup, but do not modify.
Revision 1.74 / (download) - annotate - [select for diffs], Sat May 19 16:32:16 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.73: +5 -5 lines
Diff to previous 1.73 (colored)
change preferredauthentication order to publickey,hostbased,password,keyboard-interactive document that hostbased defaults to no, document order
Revision 1.73 / (download) - annotate - [select for diffs], Fri May 18 14:13:29 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.72: +3 -2 lines
Diff to previous 1.72 (colored)
improved kbd-interactive support. work by per@appgate.com and me
Revision 1.27.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:37 2001 UTC (23 years ago) by jason
Branch: OPENBSD_2_8
Changes since 1.27.2.3: +154 -369 lines
Diff to previous 1.27.2.3 (colored) to branchpoint 1.27 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.72 / (download) - annotate - [select for diffs], Wed Apr 18 23:43:26 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.71: +6 -10 lines
Diff to previous 1.71 (colored)
more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now (however the 2.1.0 server seems to work only if debug is enabled...)
Revision 1.71 / (download) - annotate - [select for diffs], Wed Apr 18 22:03:45 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.70: +6 -3 lines
Diff to previous 1.70 (colored)
use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
Revision 1.70 / (download) - annotate - [select for diffs], Tue Apr 17 10:53:26 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.69: +4 -1 lines
Diff to previous 1.69 (colored)
add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
Revision 1.69 / (download) - annotate - [select for diffs], Sun Apr 15 08:43:47 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.68: +3 -3 lines
Diff to previous 1.68 (colored)
some unused variable and typos; from tomh@po.crl.go.jp
Revision 1.68 / (download) - annotate - [select for diffs], Thu Apr 12 19:15:25 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.67: +108 -3 lines
Diff to previous 1.67 (colored)
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
Revision 1.67 / (download) - annotate - [select for diffs], Thu Apr 5 10:42:56 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.66: +3 -3 lines
Diff to previous 1.66 (colored)
fix whitespace: unexpand + trailing spaces.
Revision 1.66 / (download) - annotate - [select for diffs], Wed Apr 4 20:25:38 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)
more robust rekeying don't send channel data after rekeying is started.
Revision 1.65 / (download) - annotate - [select for diffs], Wed Apr 4 14:34:58 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.64: +3 -7 lines
Diff to previous 1.64 (colored)
enable server side rekeying + some rekey related clientup. todo: we should not send any non-KEX messages after we send KEXINIT
Revision 1.64 / (download) - annotate - [select for diffs], Wed Apr 4 09:48:35 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.63: +3 -3 lines
Diff to previous 1.63 (colored)
don't sent multiple kexinit-requests. send newkeys, block while waiting for newkeys. fix comments.
Revision 1.63 / (download) - annotate - [select for diffs], Wed Apr 4 00:06:54 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.62: +5 -1 lines
Diff to previous 1.62 (colored)
enable client rekeying (1) force rekeying with ~R, or (2) if the server requests rekeying. works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
Revision 1.62 / (download) - annotate - [select for diffs], Tue Apr 3 23:32:12 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.61: +4 -1 lines
Diff to previous 1.61 (colored)
undo parts of recent my changes: main part of keyexchange does not need dispatch-callbacks, since application data is delayed until the keyexchange completes (if i understand the drafts correctly). add some infrastructure for re-keying.
Revision 1.61 / (download) - annotate - [select for diffs], Tue Apr 3 19:53:29 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.60: +28 -381 lines
Diff to previous 1.60 (colored)
move kex to kex*.c, used dispatch_set() callbacks for kex. should make rekeying easier.
Revision 1.60 / (download) - annotate - [select for diffs], Thu Mar 29 21:06:21 2001 UTC (23 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.59: +5 -4 lines
Diff to previous 1.59 (colored)
need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
Revision 1.59 / (download) - annotate - [select for diffs], Thu Mar 29 14:24:59 2001 UTC (23 years, 1 month ago) by provos
Branch: MAIN
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored)
use recommended defaults
Revision 1.58 / (download) - annotate - [select for diffs], Wed Mar 28 21:59:40 2001 UTC (23 years, 1 month ago) by provos
Branch: MAIN
Changes since 1.57: +9 -2 lines
Diff to previous 1.57 (colored)
forgot to include min and max params in hash, okay markus@
Revision 1.57 / (download) - annotate - [select for diffs], Tue Mar 27 17:46:49 2001 UTC (23 years, 1 month ago) by provos
Branch: MAIN
Changes since 1.56: +29 -6 lines
Diff to previous 1.56 (colored)
make dh group exchange more flexible, allow min and max group size, okay markus@, deraadt@
Revision 1.56 / (download) - annotate - [select for diffs], Mon Mar 26 08:07:09 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.55: +8 -14 lines
Diff to previous 1.55 (colored)
simpler key load/save interface, see authfile.h
Revision 1.55 / (download) - annotate - [select for diffs], Fri Mar 23 11:04:07 2001 UTC (23 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.54: +4 -1 lines
Diff to previous 1.54 (colored)
Compat for OpenSSH with broken Rijndael/AES. ok markus@
Revision 1.27.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:31 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.27.2.2: +279 -135 lines
Diff to previous 1.27.2.2 (colored) to branchpoint 1.27 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.10.2.5 / (download) - annotate - [select for diffs], Wed Mar 21 18:53:16 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.10.2.4: +279 -135 lines
Diff to previous 1.10.2.4 (colored) to branchpoint 1.10 (colored) next main 1.11 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.54 / (download) - annotate - [select for diffs], Mon Mar 12 22:02:02 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.53: +5 -4 lines
Diff to previous 1.53 (colored)
remove old key_fingerprint interface, s/_ex//
Revision 1.10.2.4 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:17 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.10.2.3: +140 -104 lines
Diff to previous 1.10.2.3 (colored) to branchpoint 1.10 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.53 / (download) - annotate - [select for diffs], Sat Mar 10 17:51:04 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.52: +53 -75 lines
Diff to previous 1.52 (colored)
add PreferredAuthentications
Revision 1.52 / (download) - annotate - [select for diffs], Sat Mar 10 12:48:27 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.51: +6 -1 lines
Diff to previous 1.51 (colored)
ignore nonexisting private keys; report rjmooney@mediaone.net
Revision 1.51 / (download) - annotate - [select for diffs], Thu Mar 8 21:42:33 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.50: +215 -57 lines
Diff to previous 1.50 (colored)
implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key -> no need to do enter passphrase or do expensive sign operations if the server does not accept key).
Revision 1.50 / (download) - annotate - [select for diffs], Mon Mar 5 17:17:21 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.49: +4 -4 lines
Diff to previous 1.49 (colored)
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
Revision 1.49 / (download) - annotate - [select for diffs], Wed Feb 28 09:57:07 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.48: +5 -3 lines
Diff to previous 1.48 (colored)
in ssh protocol v2 use ignore messages for padding (instead of trailing \0).
Revision 1.27.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:19:37 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.27.2.1: +0 -0 lines
Diff to previous 1.27.2.1 (colored) to branchpoint 1.27 (colored)
Pull in OpenSSH-2.5.1
Revision 1.27.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:13:22 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.27: +140 -104 lines
Diff to previous 1.27 (colored)
Pull in OpenSSH 2.5.0
Revision 1.48 / (download) - annotate - [select for diffs], Thu Feb 15 23:19:59 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.47: +3 -3 lines
Diff to previous 1.47 (colored)
genericize password padding function for SSH1 and SSH2. add stylized echo to 2, too.
Revision 1.47 / (download) - annotate - [select for diffs], Sun Feb 11 12:59:25 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.46: +7 -3 lines
Diff to previous 1.46 (colored)
1) clean up the MAC support for SSH-2
2) allow you to specify the MAC with 'ssh -m'
3) or the 'MACs' keyword in ssh(d)_config
4) add hmac-{md5,sha1}-96
ok stevesk@, provos@
Revision 1.46 / (download) - annotate - [select for diffs], Sat Feb 10 12:09:21 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.45: +5 -12 lines
Diff to previous 1.45 (colored)
remove some lines
Revision 1.45 / (download) - annotate - [select for diffs], Fri Feb 9 17:10:53 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.44: +3 -3 lines
Diff to previous 1.44 (colored)
partial success: debug->log; "Permission denied" if no more auth methods
Revision 1.44 / (download) - annotate - [select for diffs], Fri Feb 9 12:28:35 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)
do not free twice, thanks to /etc/malloc.conf
Revision 1.43 / (download) - annotate - [select for diffs], Thu Feb 8 10:47:05 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)
%.30s is too short for IPv6 numeric address. use %.128s for now. markus ok
Revision 1.42 / (download) - annotate - [select for diffs], Tue Feb 6 22:26:17 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.41: +8 -5 lines
Diff to previous 1.41 (colored)
do not ask for passphrase in batch mode; report from ejb@ql.org
Revision 1.41 / (download) - annotate - [select for diffs], Sun Feb 4 15:32:26 2001 UTC (23 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.40: +11 -11 lines
Diff to previous 1.40 (colored)
unexpand and remove end-of-line whitespace; ok markus@
Revision 1.40 / (download) - annotate - [select for diffs], Wed Jan 31 20:48:08 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.39: +1 -2 lines
Diff to previous 1.39 (colored)
unused
Revision 1.39 / (download) - annotate - [select for diffs], Mon Jan 22 23:06:40 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.38: +4 -1 lines
Diff to previous 1.38 (colored)
rename skey -> challenge response. auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
Revision 1.38 / (download) - annotate - [select for diffs], Mon Jan 22 17:22:28 2001 UTC (23 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.37: +7 -1 lines
Diff to previous 1.37 (colored)
fix memory leaks in SSH2 key exchange; ok markus@
Revision 1.37 / (download) - annotate - [select for diffs], Sun Jan 21 19:06:00 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.36: +6 -5 lines
Diff to previous 1.36 (colored)
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
Revision 1.36 / (download) - annotate - [select for diffs], Sat Jan 20 18:20:29 2001 UTC (23 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.35: +2 -3 lines
Diff to previous 1.35 (colored)
dh_new_group() does not return NULL. ok markus@
Revision 1.35 / (download) - annotate - [select for diffs], Thu Jan 4 22:21:26 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.34: +16 -2 lines
Diff to previous 1.34 (colored)
handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server that prints a banner (e.g. /etc/issue.net)
Revision 1.34 / (download) - annotate - [select for diffs], Wed Dec 27 12:34:50 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
typo
Revision 1.33 / (download) - annotate - [select for diffs], Wed Dec 20 19:37:22 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.32: +3 -3 lines
Diff to previous 1.32 (colored)
fix prototypes; from stevesk@pobox.com
Revision 1.32 / (download) - annotate - [select for diffs], Tue Dec 19 23:17:58 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.31: +21 -21 lines
Diff to previous 1.31 (colored)
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
Revision 1.31 / (download) - annotate - [select for diffs], Fri Dec 15 17:30:14 2000 UTC (23 years, 5 months ago) by provos
Branch: MAIN
Changes since 1.30: +4 -1 lines
Diff to previous 1.30 (colored)
compute diffie-hellman in parallel between server and client. okay markus@
Revision 1.30 / (download) - annotate - [select for diffs], Sun Dec 3 11:15:04 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.29: +14 -7 lines
Diff to previous 1.29 (colored)
support f-secure/ssh.com 2.0.12; ok niels@
Revision 1.29 / (download) - annotate - [select for diffs], Thu Nov 23 21:03:47 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.28: +4 -9 lines
Diff to previous 1.28 (colored)
complain about invalid ciphers for ssh1/ssh2, fall back to reasonable defaults
Revision 1.28 / (download) - annotate - [select for diffs], Sun Nov 12 19:50:38 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.27: +43 -34 lines
Diff to previous 1.27 (colored)
add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
Revision 1.10.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 21:31:30 2000 UTC (23 years, 6 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.10.2.2: +691 -192 lines
Diff to previous 1.10.2.2 (colored) to branchpoint 1.10 (colored)
openssh-2.3.0 (again) for 2.7 branch
Revision 1.27 / (download) - annotate - [select for diffs], Thu Oct 19 16:45:16 2000 UTC (23 years, 7 months ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.26: +8 -7 lines
Diff to previous 1.26 (colored)
don't reference freed memory. okay deraadt@
Revision 1.26 / (download) - annotate - [select for diffs], Sat Oct 14 12:16:56 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.25: +5 -5 lines
Diff to previous 1.25 (colored)
OpenSSH_2.3; note that is is not complete, but the version number needs to be changed for interoperability reasons
Revision 1.25 / (download) - annotate - [select for diffs], Thu Oct 12 09:59:19 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.24: +3 -1 lines
Diff to previous 1.24 (colored)
enable DES in SSH-1 clients only
Revision 1.24 / (download) - annotate - [select for diffs], Wed Oct 11 20:27:24 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.23: +9 -11 lines
Diff to previous 1.23 (colored)
new cipher framework
Revision 1.23 / (download) - annotate - [select for diffs], Wed Oct 11 20:14:39 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.22: +138 -24 lines
Diff to previous 1.22 (colored)
add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me
Revision 1.22 / (download) - annotate - [select for diffs], Wed Oct 11 04:02:17 2000 UTC (23 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.21: +243 -56 lines
Diff to previous 1.21 (colored)
First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company.
Revision 1.21 / (download) - annotate - [select for diffs], Wed Sep 27 21:41:34 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.20: +3 -3 lines
Diff to previous 1.20 (colored)
use key_type()
Revision 1.20 / (download) - annotate - [select for diffs], Thu Sep 21 11:25:07 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.19: +319 -120 lines
Diff to previous 1.19 (colored)
change login logic in ssh2, allows plugin of other auth methods
Revision 1.19 / (download) - annotate - [select for diffs], Sun Sep 17 15:38:58 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.18: +8 -5 lines
Diff to previous 1.18 (colored)
fix DEBUG_KEXDH
Revision 1.18 / (download) - annotate - [select for diffs], Thu Sep 7 20:27:55 2000 UTC (23 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.17: +1 -6 lines
Diff to previous 1.17 (colored)
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
Revision 1.10.2.2 / (download) - annotate - [select for diffs], Fri Sep 1 18:23:24 2000 UTC (23 years, 8 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.10.2.1: +113 -36 lines
Diff to previous 1.10.2.1 (colored) to branchpoint 1.10 (colored)
Pull in the rest of openssh-2.2.0 to 2.7 branch (luvin' cvs...)
Revision 1.17 / (download) - annotate - [select for diffs], Sat Aug 19 21:34:44 2000 UTC (23 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.16: +67 -11 lines
Diff to previous 1.16 (colored)
add SSH2/DSA support to the agent and some other DSA related cleanups. (note that we cannot talk to ssh.com's ssh2 agents)
Revision 1.16 / (download) - annotate - [select for diffs], Sun Jul 16 08:27:22 2000 UTC (23 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.15: +42 -29 lines
Diff to previous 1.15 (colored)
make ssh-add accept dsa keys (the agent does not)
Revision 1.15 / (download) - annotate - [select for diffs], Wed Jun 21 16:46:10 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.14: +4 -3 lines
Diff to previous 1.14 (colored)
missing free; nuke old comment
Revision 1.14 / (download) - annotate - [select for diffs], Mon Jun 19 00:50:11 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.13: +11 -4 lines
Diff to previous 1.13 (colored)
make userauth+pubkey interop with ssh.com-2.2.0
Revision 1.10.2.1 / (download) - annotate - [select for diffs], Mon Jun 12 02:37:38 2000 UTC (23 years, 11 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.10: +60 -81 lines
Diff to previous 1.10 (colored)
lovin' CVS... update patch branch to OpenSSH-2.1.1
Revision 1.13 / (download) - annotate - [select for diffs], Fri Jun 2 02:00:19 2000 UTC (23 years, 11 months ago) by todd
Branch: MAIN
Changes since 1.12: +5 -2 lines
Diff to previous 1.12 (colored)
teach protocol v2 to count login failures properly and also enable an explanation of why the password prompt comes up again like v1; this is NOT crypto
Revision 1.12 / (download) - annotate - [select for diffs], Wed May 31 09:20:38 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.11: +1 -2 lines
Diff to previous 1.11 (colored)
typo, unused
Revision 1.11 / (download) - annotate - [select for diffs], Thu May 25 20:45:20 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.10: +57 -80 lines
Diff to previous 1.10 (colored)
split kexinit/kexdh, factor out common code
Revision 1.10 / (download) - annotate - [select for diffs], Mon May 8 17:42:25 2000 UTC (24 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE
Branch point for: OPENBSD_2_7
Changes since 1.9: +18 -3 lines
Diff to previous 1.9 (colored)
bug compat w/ ssh-2.0.13 x11, split out bugs
Revision 1.9 / (download) - annotate - [select for diffs], Mon May 8 17:12:16 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.8: +8 -7 lines
Diff to previous 1.8 (colored)
complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
Revision 1.8 / (download) - annotate - [select for diffs], Sun May 7 18:23:32 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
make x11-fwd interop w/ ssh-2.0.13
Revision 1.7 / (download) - annotate - [select for diffs], Sat May 6 17:45:37 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
Revision 1.6 / (download) - annotate - [select for diffs], Wed May 3 17:55:21 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.5: +5 -1 lines
Diff to previous 1.5 (colored)
respect number_of_password_prompts
Revision 1.5 / (download) - annotate - [select for diffs], Mon May 1 18:41:06 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.4: +8 -3 lines
Diff to previous 1.4 (colored)
check whether file exists before asking for passphrase
Revision 1.4 / (download) - annotate - [select for diffs], Thu Apr 27 17:54:01 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.3: +8 -9 lines
Diff to previous 1.3 (colored)
less debug, respect .ssh/config
Revision 1.3 / (download) - annotate - [select for diffs], Thu Apr 27 08:01:27 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.2: +3 -1 lines
Diff to previous 1.2 (colored)
xfree DSA blobs
Revision 1.2 / (download) - annotate - [select for diffs], Wed Apr 26 21:33:53 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.1: +1 -3 lines
Diff to previous 1.1 (colored)
remove debug
Revision 1.1 / (download) - annotate - [select for diffs], Wed Apr 26 21:28:33 2000 UTC (24 years ago) by markus
Branch: MAIN
split auth/sshconnect in one file per protocol version