Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.602 / (download) - annotate - [select for diffs], Mon Jan 8 00:34:34 2024 UTC (3 months, 2 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.601: +2 -2 lines
Diff to previous 1.601 (colored)
remove ext-info-* in the kex.c code, not in callers; with/ok markus@
Revision 1.601 / (download) - annotate - [select for diffs], Mon Dec 18 14:45:49 2023 UTC (4 months ago) by djm
Branch: MAIN
Changes since 1.600: +3 -1 lines
Diff to previous 1.600 (colored)
add "ext-info-in-auth@openssh.com" extension This adds another transport protocol extension to allow a sshd to send SSH2_MSG_EXT_INFO during user authentication, after the server has learned the username that is being logged in to. This lets sshd to update the acceptable signature algoritms for public key authentication, and allows these to be varied via sshd_config(5) "Match" directives, which are evaluated after the server learns the username being authenticated. Full details in the PROTOCOL file
Revision 1.600 / (download) - annotate - [select for diffs], Wed Mar 8 04:43:12 2023 UTC (13 months, 2 weeks ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.599: +1 -5 lines
Diff to previous 1.599 (colored)
Delete obsolete /* ARGSUSED */ lint comments. ok miod@ millert@
Revision 1.599 / (download) - annotate - [select for diffs], Mon Mar 6 12:14:48 2023 UTC (13 months, 2 weeks ago) by dtucker
Branch: MAIN
Changes since 1.598: +12 -22 lines
Diff to previous 1.598 (colored)
Refactor creation of KEX proposal. This adds kex_proposal_populate_entries (and corresponding free) which populates the KEX proposal array with dynamically allocated strings. This replaces the previous mix of static and dynamic that has been the source of previous leaks and bugs. Remove unused compat functions. With & ok djm@.
Revision 1.598 / (download) - annotate - [select for diffs], Fri Mar 3 03:12:24 2023 UTC (13 months, 3 weeks ago) by dtucker
Branch: MAIN
Changes since 1.597: +9 -5 lines
Diff to previous 1.597 (colored)
Check return values of dup2. Spotted by Coverity, ok djm@
Revision 1.597 / (download) - annotate - [select for diffs], Fri Feb 10 04:47:19 2023 UTC (14 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.596: +28 -16 lines
Diff to previous 1.596 (colored)
add a `sshd -G` option that parses and prints the effective configuration without attempting to load private keys and perform other checks. This allows usage of the option before keys have been generated. bz3460 feedback/ok dtucker@
Revision 1.596 / (download) - annotate - [select for diffs], Wed Jan 18 01:50:21 2023 UTC (15 months ago) by millert
Branch: MAIN
Changes since 1.595: +7 -3 lines
Diff to previous 1.595 (colored)
Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@
Revision 1.595 / (download) - annotate - [select for diffs], Fri Jan 6 02:47:19 2023 UTC (15 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.594: +2 -1 lines
Diff to previous 1.594 (colored)
Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker
Revision 1.594 / (download) - annotate - [select for diffs], Fri Dec 16 06:56:47 2022 UTC (16 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.593: +5 -1 lines
Diff to previous 1.593 (colored)
Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@
Revision 1.593 / (download) - annotate - [select for diffs], Sun Dec 4 23:50:49 2022 UTC (16 months, 2 weeks ago) by cheloha
Branch: MAIN
Changes since 1.592: +1 -2 lines
Diff to previous 1.592 (colored)
userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@
Revision 1.592 / (download) - annotate - [select for diffs], Fri Oct 28 00:44:17 2022 UTC (17 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.591: +2 -2 lines
Diff to previous 1.591 (colored)
refactor sshkey_private_serialize_opt() feedback/ok markus@
Revision 1.591 / (download) - annotate - [select for diffs], Sat Sep 17 10:34:29 2022 UTC (19 months, 1 week ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.590: +8 -1 lines
Diff to previous 1.590 (colored)
Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@
Revision 1.590 / (download) - annotate - [select for diffs], Fri Jul 1 05:08:23 2022 UTC (21 months, 3 weeks ago) by dtucker
Branch: MAIN
Changes since 1.589: +1 -3 lines
Diff to previous 1.589 (colored)
Remove extra line leftover from merge conflict. ok djm@
Revision 1.589 / (download) - annotate - [select for diffs], Fri Jul 1 03:39:44 2022 UTC (21 months, 3 weeks ago) by dtucker
Branch: MAIN
Changes since 1.588: +11 -6 lines
Diff to previous 1.588 (colored)
Don't leak the strings allocated by order_hostkeyalgs() and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of github PR#324 from ZoltanFridrich, ok djm@ This is a roll-forward of the previous rollback now that the required changes in compat.c have been done.
Revision 1.588 / (download) - annotate - [select for diffs], Fri Jun 24 10:45:06 2022 UTC (22 months ago) by dtucker
Branch: MAIN
Changes since 1.587: +1 -5 lines
Diff to previous 1.587 (colored)
Roll back previous KEX changes as they aren't safe until compat_pkalg_proposal and friends always allocate their returned strings. Reported by Qualys.
Revision 1.587 / (download) - annotate - [select for diffs], Fri Jun 24 04:37:00 2022 UTC (22 months ago) by dtucker
Branch: MAIN
Changes since 1.586: +6 -2 lines
Diff to previous 1.586 (colored)
Don't leak the strings allocated by order_hostkeyalgs() and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of github PR#324 from ZoltanFridrich, ok djm@
Revision 1.586 / (download) - annotate - [select for diffs], Fri Jun 17 01:00:03 2022 UTC (22 months, 1 week ago) by dtucker
Branch: MAIN
Changes since 1.585: +7 -3 lines
Diff to previous 1.585 (colored)
Log an error if pipe() fails while accepting a connection. bz#3447, from vincent-openssh at vinc17 net, ok djm@
Revision 1.585 / (download) - annotate - [select for diffs], Fri Mar 18 04:04:11 2022 UTC (2 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.584: +2 -2 lines
Diff to previous 1.584 (colored)
don't try to resolve ListenAddress directives in the sshd re-exec path - we're never going to use the result and if the operation fails then it can prevent connections from being accepted. Reported by Aaron Poffenberger; with / ok dtucker@
Revision 1.584 / (download) - annotate - [select for diffs], Tue Mar 1 01:59:19 2022 UTC (2 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.583: +19 -10 lines
Diff to previous 1.583 (colored)
pack pollfd array before server_accept_loop() ppoll() call, and terminate sshd if ppoll() returns errno==EINVAL avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by Daniel Micay feedback/ok deraadt
Revision 1.583 / (download) - annotate - [select for diffs], Tue Feb 1 07:57:32 2022 UTC (2 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.582: +5 -12 lines
Diff to previous 1.582 (colored)
Remove explicit kill of privsep preauth child's PID in SIGALRM handler. It's no longer needed since the child will get terminated by the SIGTERM to the process group that cleans up any auth helpers, it simplifies the signal handler and removes the risk of a race when updating the PID. Based on analysis by HerrSpace in github PR#289, ok djm@
Revision 1.582 / (download) - annotate - [select for diffs], Thu Nov 18 03:07:59 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.581: +4 -2 lines
Diff to previous 1.581 (colored)
fd leak in sshd listen loop error path; from Gleb Smirnoff
Revision 1.581 / (download) - annotate - [select for diffs], Thu Nov 18 03:07:20 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.580: +2 -2 lines
Diff to previous 1.580 (colored)
check for POLLHUP as well as POLLIN in sshd listen loop; ok deraadt millert
Revision 1.580 / (download) - annotate - [select for diffs], Wed Nov 17 21:06:39 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.579: +2 -2 lines
Diff to previous 1.579 (colored)
set num_listen_socks to 0 on close-all instead of -1, which interferes with the new poll()-based listen loop; spotted and debugged by anton@+deraadt@
Revision 1.579 / (download) - annotate - [select for diffs], Sun Nov 14 18:47:43 2021 UTC (2 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.578: +23 -22 lines
Diff to previous 1.578 (colored)
use ppoll() instead of pselect() with djm
Revision 1.578 / (download) - annotate - [select for diffs], Mon Jul 19 02:21:50 2021 UTC (2 years, 9 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.577: +3 -1 lines
Diff to previous 1.577 (colored)
Put dh_set_moduli_file call inside ifdef WITH_OPENSSL. Fixes build with OPENSSL=no.
Revision 1.577 / (download) - annotate - [select for diffs], Fri Jul 2 05:11:21 2021 UTC (2 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.576: +1 -5 lines
Diff to previous 1.576 (colored)
Remove references to ChallengeResponseAuthentication in favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but not entirely equivalent. We retain the old name as deprecated alias so config files continue to work and a reference in the man page for people looking for it. Prompted by bz#3303 which pointed out the discrepancy between the two when used with Match. Man page help & ok jmc@, with & ok djm@
Revision 1.576 / (download) - annotate - [select for diffs], Thu Jun 10 03:14:14 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.575: +2 -2 lines
Diff to previous 1.575 (colored)
Continue accept loop when pselect returns -1, eg if it was interrupted by a signal. This should prevent the hang discovered by sthen@ wherein sshd receives a SIGHUP while it has an unauthenticated child and goes on to a blocking read on a notify_pipe. feedback deraadt@, ok djm@
Revision 1.575 / (download) - annotate - [select for diffs], Sun Jun 6 11:34:16 2021 UTC (2 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.574: +2 -2 lines
Diff to previous 1.574 (colored)
Match host certificates against host public keys, not private keys. Allows use of certificates with private keys held in a ssh-agent. Reported by Miles Zhou in bz3524; ok dtucker@
Revision 1.574 / (download) - annotate - [select for diffs], Fri Jun 4 05:09:08 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.573: +31 -14 lines
Diff to previous 1.573 (colored)
Switch the listening select loop from select() to pselect() and mask signals while checking signal flags, umasking for pselect and restoring afterwards. Also restore signals before sighup_restart so they don't remain blocked after restart. This prevents a race where a SIGTERM or SIGHUP can arrive between checking the flag and calling select (eg if sshd is processing a new connection) resulting in sshd not shutting down until the next time it receives a new connection. bz#2158, with & ok djm@
Revision 1.573 / (download) - annotate - [select for diffs], Fri May 7 03:09:38 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.572: +8 -5 lines
Diff to previous 1.572 (colored)
don't sigdie() in signal handler in privsep child process; this can end up causing sandbox violations per bz3286; ok dtucker@
Revision 1.572 / (download) - annotate - [select for diffs], Sat Apr 3 06:18:41 2021 UTC (3 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.571: +6 -4 lines
Diff to previous 1.571 (colored)
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
Revision 1.571 / (download) - annotate - [select for diffs], Fri Mar 12 04:08:19 2021 UTC (3 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.570: +5 -1 lines
Diff to previous 1.570 (colored)
Add ModuliFile keyword to sshd_config to specify the location of the "moduli" file containing the groups for DH-GEX. This will allow us to run tests against arbitrary moduli files without having to install them. ok djm@
Revision 1.570 / (download) - annotate - [select for diffs], Fri Feb 5 02:20:23 2021 UTC (3 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.569: +1 -3 lines
Diff to previous 1.569 (colored)
Remove debug message from sigchld handler. While this works on OpenBSD it can cause problems on other platforms. From kircherlike at outlook.com via bz#3259, ok djm@
Revision 1.569 / (download) - annotate - [select for diffs], Wed Jan 27 10:05:28 2021 UTC (3 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.568: +1 -11 lines
Diff to previous 1.568 (colored)
make ssh->kex->session_id a sshbuf instead of u_char*/size_t and use that instead of global variables containing copies of it. feedback/ok markus@
Revision 1.568 / (download) - annotate - [select for diffs], Wed Jan 27 09:26:54 2021 UTC (3 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.567: +5 -5 lines
Diff to previous 1.567 (colored)
remove global variable used to stash compat flags and use the purpose-built ssh->compat variable instead; feedback/ok markus@
Revision 1.567 / (download) - annotate - [select for diffs], Sat Jan 9 12:10:02 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.566: +15 -5 lines
Diff to previous 1.566 (colored)
Add PerSourceMaxStartups and PerSourceNetBlockSize options which provide more fine grained MaxStartups limits. Man page help jmc@, feedback & ok djm@
Revision 1.566 / (download) - annotate - [select for diffs], Tue Dec 29 00:59:15 2020 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.565: +2 -2 lines
Diff to previous 1.565 (colored)
Update/replace the experimental post-quantim hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519). The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761. The sntrup761 implementaion, like sntrup4591761 before it, is public domain code extracted from the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html). Thanks for Daniel J Bernstein for guidance on algorithm selection. Patch from Tobias Heider; feedback & ok markus@ and myself (note this both the updated method and the one that it replaced are disabled by default)
Revision 1.565 / (download) - annotate - [select for diffs], Sun Nov 8 11:46:12 2020 UTC (3 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.564: +3 -16 lines
Diff to previous 1.564 (colored)
Replace WITH_OPENSSL ifdefs in log calls with a macro. The log calls are themselves now macros, and preprocessor directives inside macro arguments are undefined behaviour which some compilers (eg old GCCs) choke on. It also makes the code tidier. ok deraadt@
Revision 1.564 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:02 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.563: +73 -78 lines
Diff to previous 1.563 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.563 / (download) - annotate - [select for diffs], Fri Oct 16 13:26:13 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.562: +5 -2 lines
Diff to previous 1.562 (colored)
LogVerbose keyword for ssh and sshd Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@
Revision 1.562 / (download) - annotate - [select for diffs], Sat Oct 3 09:22:26 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.561: +5 -19 lines
Diff to previous 1.561 (colored)
There are lots of place where we want to redirect stdin, stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@
Revision 1.561 / (download) - annotate - [select for diffs], Thu Aug 27 01:06:19 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.560: +4 -4 lines
Diff to previous 1.560 (colored)
support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
Revision 1.560 / (download) - annotate - [select for diffs], Fri Jul 3 10:12:26 2020 UTC (3 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.559: +2 -1 lines
Diff to previous 1.559 (colored)
update setproctitle after re-exec; ok djm
Revision 1.559 / (download) - annotate - [select for diffs], Fri Jul 3 10:11:33 2020 UTC (3 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.558: +2 -1 lines
Diff to previous 1.558 (colored)
keep ignoring HUP after fork+exec; ok djm
Revision 1.558 / (download) - annotate - [select for diffs], Fri Jul 3 10:10:17 2020 UTC (3 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.557: +2 -2 lines
Diff to previous 1.557 (colored)
don't exit the listener on send_rexec_state errors; ok djm
Revision 1.557 / (download) - annotate - [select for diffs], Thu Jun 18 23:34:19 2020 UTC (3 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.556: +11 -2 lines
Diff to previous 1.556 (colored)
check public host key matches private; ok markus@ (as part of previous diff)
Revision 1.556 / (download) - annotate - [select for diffs], Fri Jun 5 06:18:07 2020 UTC (3 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.555: +1 -2 lines
Diff to previous 1.555 (colored)
unbreak "sshd -ddd" - close of config passing fd happened too early. ok markus@
Revision 1.555 / (download) - annotate - [select for diffs], Tue May 26 01:09:05 2020 UTC (3 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.554: +64 -24 lines
Diff to previous 1.554 (colored)
improve logging for MaxStartups connection throttling: have sshd log when it starts and stops throttling and periodically while in this state. bz#3055 ok markus@
Revision 1.554 / (download) - annotate - [select for diffs], Fri May 15 08:34:03 2020 UTC (3 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.553: +3 -2 lines
Diff to previous 1.553 (colored)
sshd listener must not block if reexecd sshd exits early: the call to send_rexec_state() in the parent sshd will block forever in write(2) on config_s[0] if the forked child exits early before finishing recv_rexec_state (e.g. with fatal()) because config_s[1] stays open in the parent. this prevents the parent from accepting new connections. ok djm, deraadt
Revision 1.553 / (download) - annotate - [select for diffs], Fri May 8 05:13:14 2020 UTC (3 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.552: +6 -5 lines
Diff to previous 1.552 (colored)
fix compilation with DEBUG_KEXDH; bz#3160 ok dtucker@
Revision 1.552 / (download) - annotate - [select for diffs], Fri Mar 13 04:01:57 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.551: +4 -3 lines
Diff to previous 1.551 (colored)
use sshpkt_fatal() for kex_exchange_identification() errors. This ensures that the logged errors are consistent with other transport- layer errors and that the relevant IP addresses are logged. bz3129 ok dtucker@
Revision 1.551 / (download) - annotate - [select for diffs], Fri Mar 13 03:24:49 2020 UTC (4 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.550: +2 -8 lines
Diff to previous 1.550 (colored)
Don't clear alarm timers in listening sshd. Previously these timers were used for regenerating the SSH1 ephemeral host keys but those are now gone so there's no need to clear the timers either. ok deraadt@
Revision 1.550 / (download) - annotate - [select for diffs], Fri Mar 13 03:17:07 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.549: +2 -2 lines
Diff to previous 1.549 (colored)
spelling errors in comments; no code change from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
Revision 1.549 / (download) - annotate - [select for diffs], Fri Jan 31 23:13:04 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.548: +2 -3 lines
Diff to previous 1.548 (colored)
whitespace
Revision 1.548 / (download) - annotate - [select for diffs], Fri Jan 31 23:11:25 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.547: +2 -2 lines
Diff to previous 1.547 (colored)
force early logging to stderr if debug_flag (-d) is set; avoids missing messages from re-exec config passing
Revision 1.547 / (download) - annotate - [select for diffs], Fri Jan 31 23:08:08 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.546: +2 -2 lines
Diff to previous 1.546 (colored)
mistake in previous: filling the incorrect buffer
Revision 1.546 / (download) - annotate - [select for diffs], Fri Jan 31 22:42:45 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.545: +45 -11 lines
Diff to previous 1.545 (colored)
Add a sshd_config "Include" directive to allow inclusion of files. This has sensible semantics wrt Match blocks and accepts glob(3) patterns to specify the included files. Based on patch by Jakub Jelen in bz2468; feedback and ok markus@
Revision 1.545 / (download) - annotate - [select for diffs], Fri Jan 24 23:56:01 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.544: +18 -4 lines
Diff to previous 1.544 (colored)
tweak proctitle to include sshd arguments, as these are frequently used to distinguish between multiple independent instances of the server. New proctitle looks like this: $ pgrep -lf sshd 12844 sshd: /usr/sbin/sshd -f /etc/ssh/sshd_config [listener] 0 of 10-100 startups requested by sthen@ and aja@; ok aja@
Revision 1.544 / (download) - annotate - [select for diffs], Thu Jan 23 07:10:22 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.543: +17 -15 lines
Diff to previous 1.543 (colored)
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
Revision 1.543 / (download) - annotate - [select for diffs], Tue Jan 21 22:39:57 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.542: +8 -2 lines
Diff to previous 1.542 (colored)
expose the number of currently-authenticating connections along with the MaxStartups limit in the proctitle; suggestion from Philipp Marek, w/ feedback from Craig Miskell ok dtucker@
Revision 1.542 / (download) - annotate - [select for diffs], Sun Dec 15 18:57:30 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.541: +35 -7 lines
Diff to previous 1.541 (colored)
allow security keys to act as host keys as well as user keys. Previously we didn't do this because we didn't want to expose the attack surface presented by USB and FIDO protocol handling, but now that this is insulated behind ssh-sk-helper there is less risk. ok markus@
Revision 1.541 / (download) - annotate - [select for diffs], Mon Nov 18 16:10:05 2019 UTC (4 years, 5 months ago) by naddy
Branch: MAIN
Changes since 1.540: +2 -1 lines
Diff to previous 1.540 (colored)
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
Revision 1.540 / (download) - annotate - [select for diffs], Wed Nov 13 11:25:11 2019 UTC (4 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.539: +4 -1 lines
Diff to previous 1.539 (colored)
When clients get denied by MaxStartups, send a noification prior to the SSH2 protocol banner according to RFC4253 section 4.2. ok djm@ deraadt@ markus@
Revision 1.539 / (download) - annotate - [select for diffs], Thu Oct 31 21:23:19 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.538: +4 -4 lines
Diff to previous 1.538 (colored)
Refactor signing - use sshkey_sign for everything, including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
Revision 1.538 / (download) - annotate - [select for diffs], Tue Oct 29 07:47:27 2019 UTC (4 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.537: +1 -4 lines
Diff to previous 1.537 (colored)
Signal handler cleanup: remove leftover support for unreliable signals and now-unneeded save and restore of errno. ok deraadt@ markus@
Revision 1.537 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.536: +15 -15 lines
Diff to previous 1.536 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.536 / (download) - annotate - [select for diffs], Fri Jun 21 04:21:05 2019 UTC (4 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.535: +8 -2 lines
Diff to previous 1.535 (colored)
Add protection for private keys at rest in RAM against speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@
Revision 1.535 / (download) - annotate - [select for diffs], Thu Jun 6 05:13:13 2019 UTC (4 years, 10 months ago) by otto
Branch: MAIN
Changes since 1.534: +1 -2 lines
Diff to previous 1.534 (colored)
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
Revision 1.534 / (download) - annotate - [select for diffs], Thu Apr 18 18:56:16 2019 UTC (5 years ago) by dtucker
Branch: MAIN
Changes since 1.533: +2 -1 lines
Diff to previous 1.533 (colored)
When running sshd -T, assume any attibute not provided by -C does not match, which allows it to work when sshd_config contains a Match directive with or without -C. bz#2858, ok djm@
Revision 1.533 / (download) - annotate - [select for diffs], Fri Mar 1 02:32:39 2019 UTC (5 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.532: +86 -28 lines
Diff to previous 1.532 (colored)
Fix two race conditions in sshd relating to SIGHUP: 1. Recently-forked child processes will briefly remain listening to listen_socks. If the main server sshd process completes its restart via execv() before these sockets are closed by the child processes then it can fail to listen at the desired addresses/ports and/or fail to restart. 2. When a SIGHUP is received, there may be forked child processes that are awaiting their reexecution state. If the main server sshd process restarts before passing this state, these child processes will yield errors and use a fallback path of reading the current sshd_config from the filesystem rather than use the one that sshd was started with. To fix both of these cases, we reuse the startup_pipes that are shared between the main server sshd and forked children. Previously this was used solely to implement tracking of pre-auth child processes for MaxStartups, but this extends the messaging over these pipes to include a child->parent message that the parent process is safe to restart. This message is sent from the child after it has completed its preliminaries: closing listen_socks and receiving its reexec state. bz#2953, reported by Michal Koutný; ok markus@ dtucker@
Revision 1.532 / (download) - annotate - [select for diffs], Mon Jan 21 10:38:54 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.531: +9 -9 lines
Diff to previous 1.531 (colored)
merge kexkem[cs] into kexgen from markus@ ok djm@
Revision 1.531 / (download) - annotate - [select for diffs], Mon Jan 21 10:29:56 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.530: +2 -2 lines
Diff to previous 1.530 (colored)
use KEM API for vanilla ECDH from markus@ ok djm@
Revision 1.530 / (download) - annotate - [select for diffs], Mon Jan 21 10:28:02 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.529: +6 -6 lines
Diff to previous 1.529 (colored)
use KEM API for vanilla DH KEX from markus@ ok djm@
Revision 1.529 / (download) - annotate - [select for diffs], Mon Jan 21 10:24:09 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.528: +2 -2 lines
Diff to previous 1.528 (colored)
use KEM API for vanilla c25519 KEX
Revision 1.528 / (download) - annotate - [select for diffs], Mon Jan 21 10:20:12 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.527: +2 -1 lines
Diff to previous 1.527 (colored)
Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@
Revision 1.527 / (download) - annotate - [select for diffs], Sat Jan 19 21:43:56 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.526: +36 -27 lines
Diff to previous 1.526 (colored)
remove last references to active_state with & ok markus@
Revision 1.526 / (download) - annotate - [select for diffs], Sat Jan 19 21:43:07 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.525: +5 -6 lines
Diff to previous 1.525 (colored)
convert monitor.c to new packet API with & ok markus@
Revision 1.525 / (download) - annotate - [select for diffs], Sat Jan 19 21:42:30 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.524: +39 -30 lines
Diff to previous 1.524 (colored)
convert sshd.c to new packet API with & ok markus@
Revision 1.524 / (download) - annotate - [select for diffs], Sat Jan 19 21:38:24 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.523: +3 -2 lines
Diff to previous 1.523 (colored)
convert auth2.c to new packet API
Revision 1.523 / (download) - annotate - [select for diffs], Sat Jan 19 21:37:48 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.522: +3 -3 lines
Diff to previous 1.522 (colored)
convert servconf.c to new packet API with & ok markus@
Revision 1.522 / (download) - annotate - [select for diffs], Sat Jan 19 21:31:32 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.521: +4 -1 lines
Diff to previous 1.521 (colored)
begin landing remaining refactoring of packet parsing API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@
Revision 1.521 / (download) - annotate - [select for diffs], Thu Jan 17 01:50:24 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.520: +15 -15 lines
Diff to previous 1.520 (colored)
many of the global variables in this file can be made static; patch from Markus Schmidt
Revision 1.520 / (download) - annotate - [select for diffs], Thu Dec 27 03:25:25 2018 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.519: +4 -114 lines
Diff to previous 1.519 (colored)
move client/server SSH-* banners to buffers under ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
Revision 1.519 / (download) - annotate - [select for diffs], Mon Nov 19 04:12:32 2018 UTC (5 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.518: +8 -5 lines
Diff to previous 1.518 (colored)
silence (to log level debug2) failure messages when loading the default hostkeys. Hostkeys explicitly specified in the configuration or on the command-line are still reported as errors, and failure to load at least one host key remains a fatal error. Based on patch from Dag-Erling Smørgrav via https://github.com/openssh/openssh-portable/pull/103 ok markus@
Revision 1.518 / (download) - annotate - [select for diffs], Fri Nov 16 03:26:01 2018 UTC (5 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.517: +2 -2 lines
Diff to previous 1.517 (colored)
use path_absolute() for pathname checks; from Manoj Ampalam
Revision 1.517 / (download) - annotate - [select for diffs], Tue Oct 23 05:56:35 2018 UTC (5 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.516: +3 -3 lines
Diff to previous 1.516 (colored)
refer to OpenSSL not SSLeay; we're old, but we don't have to act it
Revision 1.516 / (download) - annotate - [select for diffs], Fri Sep 21 12:23:17 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.515: +2 -3 lines
Diff to previous 1.515 (colored)
when compiled with GSSAPI support, cache supported method OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether GSSAPI authentication is enabled in the main config. This avoids sandbox violations for configurations that enable GSSAPI auth later, e.g. Match user djm GSSAPIAuthentication yes bz#2107; ok dtucker@
Revision 1.515 / (download) - annotate - [select for diffs], Thu Sep 13 02:08:33 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.514: +4 -4 lines
Diff to previous 1.514 (colored)
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
Revision 1.514 / (download) - annotate - [select for diffs], Mon Aug 13 02:41:05 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.513: +4 -4 lines
Diff to previous 1.513 (colored)
revert compat.[ch] section of the following change. It causes double-free under some circumstances. -- date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh; fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 feedback and ok dtucker@
Revision 1.513 / (download) - annotate - [select for diffs], Tue Jul 31 03:07:24 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.512: +5 -5 lines
Diff to previous 1.512 (colored)
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 feedback and ok dtucker@
Revision 1.512 / (download) - annotate - [select for diffs], Wed Jul 11 18:53:29 2018 UTC (5 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.511: +38 -31 lines
Diff to previous 1.511 (colored)
remove legacy key emulation layer; ok djm@
Revision 1.511 / (download) - annotate - [select for diffs], Mon Jul 9 21:29:36 2018 UTC (5 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.510: +28 -25 lines
Diff to previous 1.510 (colored)
sshd: switch config to sshbuf API; ok djm@
Revision 1.510 / (download) - annotate - [select for diffs], Mon Jul 9 21:26:02 2018 UTC (5 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.509: +5 -4 lines
Diff to previous 1.509 (colored)
sshd: switch loginmsg to sshbuf API; ok djm@
Revision 1.509 / (download) - annotate - [select for diffs], Tue Jul 3 11:39:54 2018 UTC (5 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.508: +34 -29 lines
Diff to previous 1.508 (colored)
Improve strictness and control over RSA-SHA2 signature types: In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@
Revision 1.508 / (download) - annotate - [select for diffs], Fri Apr 13 03:57:26 2018 UTC (6 years ago) by dtucker
Branch: MAIN
Changes since 1.507: +40 -1 lines
Diff to previous 1.507 (colored)
Defend against user enumeration timing attacks. This establishes a minimum time for each failed authentication attempt (5ms) and adds a per-user constant derived from a host secret (0-4ms). Based on work by joona.kannisto at tut.fi, ok markus@ djm@.
Revision 1.507 / (download) - annotate - [select for diffs], Tue Apr 10 00:10:49 2018 UTC (6 years ago) by djm
Branch: MAIN
Changes since 1.506: +2 -2 lines
Diff to previous 1.506 (colored)
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
Revision 1.506 / (download) - annotate - [select for diffs], Sat Mar 3 03:15:51 2018 UTC (6 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.505: +9 -1 lines
Diff to previous 1.505 (colored)
switch over to the new authorized_keys options API and remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@
Revision 1.505 / (download) - annotate - [select for diffs], Fri Feb 23 15:58:38 2018 UTC (6 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.504: +5 -1 lines
Diff to previous 1.504 (colored)
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
Revision 1.504 / (download) - annotate - [select for diffs], Sun Feb 11 21:16:56 2018 UTC (6 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.503: +1 -4 lines
Diff to previous 1.503 (colored)
Don't reset signal handlers inside handlers. The signal handlers from the original ssh1 code on which OpenSSH is based assume unreliable signals and reinstall their handlers. Since OpenBSD (and pretty much every current system) has reliable signals this is not needed. In the unlikely even that -portable is still being used on such systems we will deal with it in the compat layer. ok deraadt@
Revision 1.503 / (download) - annotate - [select for diffs], Tue Jan 23 20:00:58 2018 UTC (6 years, 3 months ago) by stsp
Branch: MAIN
Changes since 1.502: +2 -2 lines
Diff to previous 1.502 (colored)
Fix a logic bug in sshd_exchange_identification which prevented clients using major protocol version 2 from connecting to the server. ok millert@
Revision 1.502 / (download) - annotate - [select for diffs], Tue Jan 23 05:27:21 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.501: +1 -5 lines
Diff to previous 1.501 (colored)
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
Revision 1.501 / (download) - annotate - [select for diffs], Tue Jan 23 05:12:12 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.500: +2 -2 lines
Diff to previous 1.500 (colored)
unbreak support for clients that advertise a protocol version of "1.99" (indicating both v2 and v1 support). Busted by me during SSHv1 purge in r1.358; bz2810, ok dtucker
Revision 1.500 / (download) - annotate - [select for diffs], Tue Jan 23 05:01:15 2018 UTC (6 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.499: +4 -2 lines
Diff to previous 1.499 (colored)
avoid modifying pw->pw_passwd; let endpwent() clean up for us, but keep a scrubbed copy; bz2777, ok dtucker@
Revision 1.499 / (download) - annotate - [select for diffs], Tue Nov 14 00:45:29 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.498: +13 -2 lines
Diff to previous 1.498 (colored)
fix problem in configuration parsing when in config dump mode (sshd -T) without providing a full connection specification (sshd -T -C ...) spotted by bluhm@
Revision 1.498 / (download) - annotate - [select for diffs], Fri Nov 3 03:18:53 2017 UTC (6 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.497: +7 -11 lines
Diff to previous 1.497 (colored)
When doing a config test with sshd -T, only require the attributes that are actually used in Match criteria rather than (an incomplete list of) all criteria. ok djm@, man page help jmc@
Revision 1.497 / (download) - annotate - [select for diffs], Fri Oct 27 00:18:41 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.496: +5 -4 lines
Diff to previous 1.496 (colored)
improve printing of rdomain on accept() a little
Revision 1.496 / (download) - annotate - [select for diffs], Wed Oct 25 00:19:47 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.495: +8 -4 lines
Diff to previous 1.495 (colored)
add a "rdomain" criteria for the sshd_config Match keyword to allow conditional configuration that depends on which rdomain(4) a connection was recevied on. ok markus@
Revision 1.495 / (download) - annotate - [select for diffs], Wed Oct 25 00:17:08 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.494: +29 -1 lines
Diff to previous 1.494 (colored)
add sshd_config RDomain keyword to place sshd and the subsequent user session (including the shell and any TCP/IP forwardings) into the specified rdomain(4) ok markus@
Revision 1.494 / (download) - annotate - [select for diffs], Wed Oct 25 00:15:35 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.493: +32 -13 lines
Diff to previous 1.493 (colored)
Add optional rdomain qualifier to sshd_config's ListenAddress option to allow listening on a different rdomain(4), e.g. ListenAddress 0.0.0.0 rdomain 4
Revision 1.493 / (download) - annotate - [select for diffs], Thu Oct 5 15:52:03 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.492: +24 -30 lines
Diff to previous 1.492 (colored)
replace statically-sized arrays in ServerOptions with dynamic ones managed by xrecallocarray, removing some arbitrary (though large) limits and saving a bit of memory; "much nicer" markus@
Revision 1.492 / (download) - annotate - [select for diffs], Tue Sep 12 06:32:07 2017 UTC (6 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.491: +12 -7 lines
Diff to previous 1.491 (colored)
refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
Revision 1.491 / (download) - annotate - [select for diffs], Sat Jul 1 13:50:45 2017 UTC (6 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.490: +1 -2 lines
Diff to previous 1.490 (colored)
remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus
Revision 1.490 / (download) - annotate - [select for diffs], Wed May 31 08:09:45 2017 UTC (6 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.489: +3 -1 lines
Diff to previous 1.489 (colored)
clear session keys from memory; ok djm@
Revision 1.489 / (download) - annotate - [select for diffs], Wed May 31 07:00:13 2017 UTC (6 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.488: +2 -2 lines
Diff to previous 1.488 (colored)
remove now obsolete ctx from ssh_dispatch_run; ok djm@
Revision 1.488 / (download) - annotate - [select for diffs], Tue May 30 08:52:20 2017 UTC (6 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.487: +22 -21 lines
Diff to previous 1.487 (colored)
switch from Key typedef with struct sshkey; ok djm@
Revision 1.487 / (download) - annotate - [select for diffs], Sun Apr 30 23:18:44 2017 UTC (6 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.486: +1 -9 lines
Diff to previous 1.486 (colored)
remove KEY_RSA1 ok markus@
Revision 1.486 / (download) - annotate - [select for diffs], Sun Apr 30 23:13:25 2017 UTC (6 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.485: +3 -5 lines
Diff to previous 1.485 (colored)
remove compat20/compat13/compat15 variables ok markus@
Revision 1.485 / (download) - annotate - [select for diffs], Wed Mar 15 03:52:30 2017 UTC (7 years, 1 month ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.484: +2 -2 lines
Diff to previous 1.484 (colored)
accidents happen to the best of us; ok djm
Revision 1.484 / (download) - annotate - [select for diffs], Wed Mar 15 02:19:09 2017 UTC (7 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.483: +10 -1 lines
Diff to previous 1.483 (colored)
Fix segfault when sshd attempts to load RSA1 keys (can only happen when protocol v.1 support is enabled for the client). Reported by Jakub Jelen in bz#2686; ok dtucker
Revision 1.483 / (download) - annotate - [select for diffs], Fri Feb 24 03:16:34 2017 UTC (7 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.482: +6 -1 lines
Diff to previous 1.482 (colored)
might as well set the listener socket CLOEXEC
Revision 1.482 / (download) - annotate - [select for diffs], Mon Feb 6 09:22:51 2017 UTC (7 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.481: +4 -4 lines
Diff to previous 1.481 (colored)
Restore \r\n newline sequence for server ident string. The CR got lost in the flensing of SSHv1. Pointed out by Stef Bon
Revision 1.481 / (download) - annotate - [select for diffs], Fri Feb 3 02:56:00 2017 UTC (7 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.480: +2 -2 lines
Diff to previous 1.480 (colored)
Make ssh_packet_set_rekey_limits take u32 for the number of seconds until rekeying (negative values are rejected at config parse time). This allows the removal of some casts and a signed vs unsigned comparison warning. rekey_time is cast to int64 for the comparison which is a no-op on OpenBSD, but should also do the right thing in -portable on anything still using 32bit time_t (until the system time actually wraps, anyway). some early guidance deraadt@, ok djm@
Revision 1.480 / (download) - annotate - [select for diffs], Fri Dec 9 03:04:29 2016 UTC (7 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.479: +10 -2 lines
Diff to previous 1.479 (colored)
log connections dropped in excess of MaxStartups at verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@
Revision 1.479 / (download) - annotate - [select for diffs], Sun Dec 4 22:27:25 2016 UTC (7 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.478: +4 -2 lines
Diff to previous 1.478 (colored)
Unlink PidFile on SIGHUP and always recreate it when the new sshd starts. Regression tests (and possibly other things) depend on the pidfile being recreated after SIGHUP, and unlinking it means it won't contain a stale pid if sshd fails to restart. ok djm@ markus@
Revision 1.478 / (download) - annotate - [select for diffs], Wed Nov 30 00:28:31 2016 UTC (7 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.477: +8 -7 lines
Diff to previous 1.477 (colored)
On startup, check to see if sshd is already daemonized and if so, skip the call to daemon() and do not rewrite the PidFile. This means that when sshd re-execs itself on SIGHUP the process ID will no longer change. Should address bz#2641. ok djm@ markus@.
Revision 1.477 / (download) - annotate - [select for diffs], Tue Nov 29 03:54:50 2016 UTC (7 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.476: +2 -12 lines
Diff to previous 1.476 (colored)
Factor out code to disconnect from controlling terminal into its own function. ok djm@
Revision 1.476 / (download) - annotate - [select for diffs], Wed Sep 28 16:33:07 2016 UTC (7 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.475: +1 -9 lines
Diff to previous 1.475 (colored)
Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
Revision 1.475 / (download) - annotate - [select for diffs], Sun Aug 28 22:28:12 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.474: +2 -2 lines
Diff to previous 1.474 (colored)
fix uninitialised optlen in getsockopt() call; harmless on Unix/BSD but potentially crashy on Cygwin. Reported by James Slepicka ok deraadt@
Revision 1.474 / (download) - annotate - [select for diffs], Fri Aug 19 03:18:07 2016 UTC (7 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.473: +2 -2 lines
Diff to previous 1.473 (colored)
remove UseLogin option and support for having /bin/login manage login sessions; ok deraadt markus dtucker
Revision 1.473 / (download) - annotate - [select for diffs], Mon Aug 15 12:27:56 2016 UTC (7 years, 8 months ago) by naddy
Branch: MAIN
Changes since 1.472: +6 -27 lines
Diff to previous 1.472 (colored)
Remove more SSH1 server code: * Drop sshd's -k option. * Retire configuration keywords that only apply to protocol 1, as well as the "protocol" keyword. * Remove some related vestiges of protocol 1 support. ok markus@
Revision 1.472 / (download) - annotate - [select for diffs], Sat Aug 13 17:47:41 2016 UTC (7 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.471: +17 -462 lines
Diff to previous 1.471 (colored)
remove ssh1 server code; ok djm@
Revision 1.471 / (download) - annotate - [select for diffs], Wed Aug 3 04:23:55 2016 UTC (7 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.470: +2 -2 lines
Diff to previous 1.470 (colored)
Fix bug introduced in rev 1.467 which causes "buffer_get_bignum_ret: incomplete message" errors when built with WITH_SSH1 and run such that no Protocol 1 ephemeral host key is generated (eg "Protocol 2", no SSH1 host key supplied). Reported by rainer.laatsch at t-online.de, ok deraadt@
Revision 1.470 / (download) - annotate - [select for diffs], Tue May 24 04:43:45 2016 UTC (7 years, 11 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.469: +4 -3 lines
Diff to previous 1.469 (colored)
KNF compression proposal and simplify the client side a little. ok djm@
Revision 1.469 / (download) - annotate - [select for diffs], Mon May 2 14:10:58 2016 UTC (7 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.468: +2 -2 lines
Diff to previous 1.468 (colored)
unbreak config parsing on reexec from previous commit
Revision 1.468 / (download) - annotate - [select for diffs], Mon May 2 10:26:04 2016 UTC (7 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.467: +4 -1 lines
Diff to previous 1.467 (colored)
add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@
Revision 1.467 / (download) - annotate - [select for diffs], Mon May 2 08:49:03 2016 UTC (7 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.466: +30 -19 lines
Diff to previous 1.466 (colored)
fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@
Revision 1.466 / (download) - annotate - [select for diffs], Mon Mar 7 19:02:43 2016 UTC (8 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.465: +82 -36 lines
Diff to previous 1.465 (colored)
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@
Revision 1.465 / (download) - annotate - [select for diffs], Mon Feb 15 09:47:49 2016 UTC (8 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.464: +2 -1 lines
Diff to previous 1.464 (colored)
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
Revision 1.464 / (download) - annotate - [select for diffs], Fri Jan 29 02:54:45 2016 UTC (8 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.463: +2 -2 lines
Diff to previous 1.463 (colored)
Allow RekeyLimits in excess of 4G up to 2**63 bits (limited by the return type of scan_scaled). Part of bz#2521, ok djm.
Revision 1.463 / (download) - annotate - [select for diffs], Thu Jan 14 16:17:40 2016 UTC (8 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.462: +3 -4 lines
Diff to previous 1.462 (colored)
remove roaming support; ok djm@
Revision 1.462 / (download) - annotate - [select for diffs], Thu Dec 10 17:08:40 2015 UTC (8 years, 4 months ago) by mmcc
Branch: MAIN
Changes since 1.461: +2 -3 lines
Diff to previous 1.461 (colored)
Remove NULL-checks before free(). ok dtucker@
Revision 1.461 / (download) - annotate - [select for diffs], Fri Dec 4 16:41:28 2015 UTC (8 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.460: +13 -5 lines
Diff to previous 1.460 (colored)
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
Revision 1.460 / (download) - annotate - [select for diffs], Mon Nov 16 22:51:05 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.459: +28 -29 lines
Diff to previous 1.459 (colored)
always call privsep_preauth_child() regardless of whether sshd was started by root; it does important priming before sandboxing and failing to call it could result in sandbox violations later; ok markus@
Revision 1.459 / (download) - annotate - [select for diffs], Fri Sep 4 08:21:47 2015 UTC (8 years, 7 months ago) by dtucker
Branch: MAIN
Changes since 1.458: +3 -5 lines
Diff to previous 1.458 (colored)
Plug minor memory leaks when options are used more than once. bz#2182, patch from Tiago Cunha, ok deraadt djm
Revision 1.458 / (download) - annotate - [select for diffs], Thu Aug 20 22:32:42 2015 UTC (8 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.457: +2 -2 lines
Diff to previous 1.457 (colored)
Do not cast result of malloc/calloc/realloc* if stdlib.h is in scope ok krw millert
Revision 1.457 / (download) - annotate - [select for diffs], Thu Jul 30 00:01:34 2015 UTC (8 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.456: +10 -19 lines
Diff to previous 1.456 (colored)
Allow ssh_config and sshd_config kex parameters options be prefixed by a '+' to indicate that the specified items be appended to the default rather than replacing it. approach suggested by dtucker@, feedback dlg@, ok markus@
Revision 1.456 / (download) - annotate - [select for diffs], Fri Jul 17 02:47:45 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.455: +2 -2 lines
Diff to previous 1.455 (colored)
fix incorrect test for SSH1 keys when compiled without SSH1 support
Revision 1.455 / (download) - annotate - [select for diffs], Wed Jul 15 08:00:11 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.454: +2 -2 lines
Diff to previous 1.454 (colored)
fix NULL-deref when SSH1 reenabled
Revision 1.454 / (download) - annotate - [select for diffs], Fri Jul 10 06:21:53 2015 UTC (8 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.453: +9 -1 lines
Diff to previous 1.453 (colored)
Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@
Revision 1.453 / (download) - annotate - [select for diffs], Fri Jul 3 03:49:45 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.452: +3 -3 lines
Diff to previous 1.452 (colored)
refuse to generate or accept RSA keys smaller than 1024 bits; feedback and ok dtucker@
Revision 1.452 / (download) - annotate - [select for diffs], Fri Jul 3 03:47:00 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.451: +2 -4 lines
Diff to previous 1.451 (colored)
turn off 1024 bit diffie-hellman-group1-sha1 key exchange method (already off in server, this turns it off in the client by default too) ok dtucker@
Revision 1.451 / (download) - annotate - [select for diffs], Fri Jul 3 03:43:18 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.450: +1 -5 lines
Diff to previous 1.450 (colored)
delete support for legacy v00 certificates; "sure" markus@ dtucker@
Revision 1.450 / (download) - annotate - [select for diffs], Sun May 24 23:39:16 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.449: +3 -2 lines
Diff to previous 1.449 (colored)
add missing 'c' option to getopt(), case statement was already there; from Felix Bolte
Revision 1.449 / (download) - annotate - [select for diffs], Thu May 21 06:43:31 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.448: +6 -1 lines
Diff to previous 1.448 (colored)
add AuthorizedPrincipalsCommand that allows getting authorized_principals from a subprocess rather than a file, which is quite useful in deployments with large userbases feedback and ok markus@
Revision 1.448 / (download) - annotate - [select for diffs], Mon Apr 27 00:21:21 2015 UTC (9 years ago) by djm
Branch: MAIN
Changes since 1.447: +2 -2 lines
Diff to previous 1.447 (colored)
allow "sshd -f none" to skip reading the config file, much like "ssh -F none" does. ok dtucker
Revision 1.447 / (download) - annotate - [select for diffs], Wed Apr 15 23:23:25 2015 UTC (9 years ago) by dtucker
Branch: MAIN
Changes since 1.446: +5 -4 lines
Diff to previous 1.446 (colored)
Plug leak of address passed to logging. bz#2373, patch from jjelen at redhat, ok markus@
Revision 1.446 / (download) - annotate - [select for diffs], Fri Apr 10 05:16:50 2015 UTC (9 years ago) by dtucker
Branch: MAIN
Changes since 1.445: +5 -1 lines
Diff to previous 1.445 (colored)
Don't send hostkey advertisments (hostkeys-00@openssh.com) to current versions of Tera Term as they can't handle them. Newer versions should be OK. Patch from Bryan Drewery and IWAMOTO Kouichi, ok djm@
Revision 1.445 / (download) - annotate - [select for diffs], Tue Mar 31 22:55:24 2015 UTC (9 years ago) by djm
Branch: MAIN
Changes since 1.444: +1 -3 lines
Diff to previous 1.444 (colored)
don't fatal when a !ssh1 sshd is reexeced from a w/ssh1 listener; reported by miod@; ok miod@ markus@
Revision 1.444 / (download) - annotate - [select for diffs], Fri Feb 20 22:17:21 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.443: +2 -2 lines
Diff to previous 1.443 (colored)
UpdateHostKeys fixes: I accidentally changed the format of the hostkeys@openssh.com messages last week without changing the extension name, and this has been causing connection failures for people who are running -current. First reported by sthen@ s/hostkeys@openssh.com/hostkeys-00@openssh.com/ Change the name of the proof message too, and reorder it a little. Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY available to read the response) so disable UpdateHostKeys if it is in ask mode and ControlPersist is active (and document this)
Revision 1.443 / (download) - annotate - [select for diffs], Mon Feb 16 22:30:03 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.442: +7 -8 lines
Diff to previous 1.442 (colored)
partial backout of: revision 1.441 date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid : x8klYPZMJSrVlt3O; Let sshd load public host keys even when private keys are missing. Allows sshd to advertise additional keys for future key rotation. Also log fingerprint of hostkeys loaded; ok markus@ hostkey updates now require access to the private key, so we can't load public keys only. The improved log messages (fingerprints of keys loaded) are kept.
Revision 1.442 / (download) - annotate - [select for diffs], Mon Feb 16 22:13:32 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.441: +23 -12 lines
Diff to previous 1.441 (colored)
Revise hostkeys@openssh.com hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
Revision 1.441 / (download) - annotate - [select for diffs], Sat Jan 31 20:30:05 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.440: +17 -10 lines
Diff to previous 1.440 (colored)
Let sshd load public host keys even when private keys are missing. Allows sshd to advertise additional keys for future key rotation. Also log fingerprint of hostkeys loaded; ok markus@
Revision 1.440 / (download) - annotate - [select for diffs], Mon Jan 26 06:10:03 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.439: +8 -7 lines
Diff to previous 1.439 (colored)
correctly match ECDSA subtype (== curve) for offered/recevied host keys. Fixes connection-killing host key mismatches when a server offers multiple ECDSA keys with different curve type (an extremely unlikely configuration). ok markus, "looks mechanical" deraadt@
Revision 1.439 / (download) - annotate - [select for diffs], Mon Jan 26 03:04:46 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.438: +43 -1 lines
Diff to previous 1.438 (colored)
Host key rotation support. Add a hostkeys@openssh.com protocol extension (global request) for a server to inform a client of all its available host key after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default on). ok markus@
Revision 1.438 / (download) - annotate - [select for diffs], Tue Jan 20 23:14:00 2015 UTC (9 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.437: +5 -5 lines
Diff to previous 1.437 (colored)
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
Revision 1.437 / (download) - annotate - [select for diffs], Tue Jan 20 20:16:21 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.436: +4 -2 lines
Diff to previous 1.436 (colored)
kex_setup errors are fatal()
Revision 1.436 / (download) - annotate - [select for diffs], Mon Jan 19 20:20:20 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.435: +2 -2 lines
Diff to previous 1.435 (colored)
store compat flags in struct ssh; ok djm@
Revision 1.435 / (download) - annotate - [select for diffs], Mon Jan 19 20:16:15 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.434: +24 -23 lines
Diff to previous 1.434 (colored)
adapt kex to sshbuf and struct ssh; ok djm@
Revision 1.434 / (download) - annotate - [select for diffs], Mon Jan 19 19:52:16 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.433: +4 -9 lines
Diff to previous 1.433 (colored)
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
Revision 1.433 / (download) - annotate - [select for diffs], Sat Jan 17 18:53:34 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.432: +7 -3 lines
Diff to previous 1.432 (colored)
fix hostkeys on ssh agent; found by unit test I'm about to commit
Revision 1.432 / (download) - annotate - [select for diffs], Wed Jan 14 20:05:27 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.431: +31 -12 lines
Diff to previous 1.431 (colored)
move authfd.c and its tentacles to the new buffer/key API; ok markus@
Revision 1.431 / (download) - annotate - [select for diffs], Wed Jan 7 18:15:07 2015 UTC (9 years, 3 months ago) by tedu
Branch: MAIN
Changes since 1.430: +47 -57 lines
Diff to previous 1.430 (colored)
workaround for the Meyer, et al, Bleichenbacher Side Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm markus
Revision 1.430 / (download) - annotate - [select for diffs], Mon Dec 22 07:55:51 2014 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.429: +8 -7 lines
Diff to previous 1.429 (colored)
make internal handling of filename arguments of "none" more consistent with ssh. "none" arguments are now replaced with NULL when the configuration is finalised. Simplifies checking later on (just need to test not-NULL rather than that + strcmp) and cleans up some inconsistencies. ok markus@
Revision 1.429 / (download) - annotate - [select for diffs], Thu Dec 11 08:20:09 2014 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.428: +2 -1 lines
Diff to previous 1.428 (colored)
explicitly include sys/param.h in files that use the howmany() macro; from portable
Revision 1.428 / (download) - annotate - [select for diffs], Tue Jul 15 15:54:14 2014 UTC (9 years, 9 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.427: +2 -2 lines
Diff to previous 1.427 (colored)
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
Revision 1.427 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.426: +9 -7 lines
Diff to previous 1.426 (colored)
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
Revision 1.426 / (download) - annotate - [select for diffs], Tue Apr 29 18:01:49 2014 UTC (9 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.425: +38 -6 lines
Diff to previous 1.425 (colored)
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Revision 1.420.4.1 / (download) - annotate - [select for diffs], Mon Apr 21 00:30:48 2014 UTC (10 years ago) by djm
Branch: OPENBSD_5_5
Changes since 1.420: +4 -1 lines
Diff to previous 1.420 (colored) next main 1.421 (colored)
MFC: reliability fix for OpenSSH using curve25519-sha256@libssh.org key exchange method. revision 1.71 date: 2014/04/18 23:52:25; author: djm; state: Exp; lines: +2 -2; OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. revision 1.57 date: 2014/04/16 23:22:45; author: djm; state: Exp; lines: +4 -1; skip leading zero bytes in buffer_put_bignum2_from_string(); reported by jan AT mojzis.com; ok markus@
Revision 1.425 / (download) - annotate - [select for diffs], Sat Apr 19 14:53:48 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.424: +1 -21 lines
Diff to previous 1.424 (colored)
Delete futile calls to RAND_seed. ok djm
Revision 1.424 / (download) - annotate - [select for diffs], Fri Apr 18 23:52:25 2014 UTC (10 years ago) by djm
Branch: MAIN
Changes since 1.423: +4 -1 lines
Diff to previous 1.423 (colored)
OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. reported by Aris Adamantiadis; ok markus@
Revision 1.423 / (download) - annotate - [select for diffs], Sat Apr 12 04:55:53 2014 UTC (10 years ago) by djm
Branch: MAIN
Changes since 1.422: +3 -2 lines
Diff to previous 1.422 (colored)
avoid crash at exit: check that pmonitor!=NULL before dereferencing; bz#2225, patch from kavi AT juniper.net
Revision 1.422 / (download) - annotate - [select for diffs], Thu Mar 27 23:01:27 2014 UTC (10 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.421: +2 -1 lines
Diff to previous 1.421 (colored)
disable weak proposals in sshd, but keep them in ssh; ok djm@
Revision 1.421 / (download) - annotate - [select for diffs], Wed Mar 26 19:58:37 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.420: +1 -25 lines
Diff to previous 1.420 (colored)
remove libwrap support. ok deraadt djm mfriedl
Revision 1.420 / (download) - annotate - [select for diffs], Wed Feb 26 21:53:37 2014 UTC (10 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE
Branch point for: OPENBSD_5_5
Changes since 1.419: +3 -1 lines
Diff to previous 1.419 (colored)
ssh_gssapi_prepare_supported_oids needs GSSAPI
Revision 1.419 / (download) - annotate - [select for diffs], Wed Feb 26 20:28:44 2014 UTC (10 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.418: +5 -1 lines
Diff to previous 1.418 (colored)
bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep sandboxing, as running this code in the sandbox can cause violations; ok markus@
Revision 1.418 / (download) - annotate - [select for diffs], Sun Feb 2 03:44:32 2014 UTC (10 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.417: +6 -6 lines
Diff to previous 1.417 (colored)
convert memset of potentially-private data to explicit_bzero()
Revision 1.417 / (download) - annotate - [select for diffs], Fri Jan 31 16:39:19 2014 UTC (10 years, 2 months ago) by tedu
Branch: MAIN
Changes since 1.416: +4 -4 lines
Diff to previous 1.416 (colored)
replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
Revision 1.416 / (download) - annotate - [select for diffs], Wed Jan 29 00:19:26 2014 UTC (10 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.415: +2 -2 lines
Diff to previous 1.415 (colored)
use kill(0, ...) instead of killpg(0, ...); on most operating systems they are equivalent, but SUSv2 describes the latter as having undefined behaviour; from portable; ok dtucker
Revision 1.415 / (download) - annotate - [select for diffs], Mon Jan 27 19:18:54 2014 UTC (10 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.414: +18 -12 lines
Diff to previous 1.414 (colored)
replace openssl MD5 with our ssh_digest_*; ok djm@
Revision 1.414 / (download) - annotate - [select for diffs], Thu Jan 9 23:26:48 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.413: +7 -2 lines
Diff to previous 1.413 (colored)
ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient, deranged and might make some attacks on KEX easier; ok markus@
Revision 1.413 / (download) - annotate - [select for diffs], Mon Dec 30 23:52:28 2013 UTC (10 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.412: +8 -5 lines
Diff to previous 1.412 (colored)
refuse RSA keys from old proprietary clients/servers that use the obsolete RSA+MD5 signature scheme. it will still be possible to connect with these clients/servers but only DSA keys will be accepted, and we'll deprecate them entirely in a future release. ok markus@
Revision 1.412 / (download) - annotate - [select for diffs], Fri Dec 6 13:39:49 2013 UTC (10 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.411: +5 -1 lines
Diff to previous 1.411 (colored)
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
Revision 1.411 / (download) - annotate - [select for diffs], Wed Nov 20 02:19:01 2013 UTC (10 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.410: +3 -3 lines
Diff to previous 1.410 (colored)
delay closure of in/out fds until after "Bad protocol version identification..." message, as get_remote_ipaddr/get_remote_port require them open.
Revision 1.410 / (download) - annotate - [select for diffs], Sat Nov 2 21:59:15 2013 UTC (10 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.409: +2 -1 lines
Diff to previous 1.409 (colored)
use curve25519 for default key exchange (curve25519-sha256@libssh.org); initial patch from Aris Adamantiadis; ok djm@
Revision 1.409 / (download) - annotate - [select for diffs], Wed Oct 23 23:35:32 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.408: +4 -2 lines
Diff to previous 1.408 (colored)
include local address and port in "Connection from ..." message (only shown at loglevel>=verbose)
Revision 1.408 / (download) - annotate - [select for diffs], Thu Oct 17 22:08:04 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.407: +4 -3 lines
Diff to previous 1.407 (colored)
include remote port in bad banner message; bz#2162
Revision 1.407 / (download) - annotate - [select for diffs], Thu Oct 10 01:43:03 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.406: +5 -6 lines
Diff to previous 1.406 (colored)
bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly updated; ok dtucker@
Revision 1.406 / (download) - annotate - [select for diffs], Mon Sep 2 22:00:34 2013 UTC (10 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.405: +1 -8 lines
Diff to previous 1.405 (colored)
All the instances of arc4random_stir() are bogus, since arc4random() does this itself, inside itself, and has for a very long time.. Actually, this was probably reducing the entropy available. ok djm
Revision 1.405 / (download) - annotate - [select for diffs], Thu Aug 22 19:02:21 2013 UTC (10 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.404: +7 -1 lines
Diff to previous 1.404 (colored)
Stir PRNG after post-accept fork. The child gets a different PRNG state anyway via rexec and explicit privsep reseeds, but it's good to be sure. ok markus@
Revision 1.404 / (download) - annotate - [select for diffs], Fri Jul 19 07:37:48 2013 UTC (10 years, 9 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.403: +75 -8 lines
Diff to previous 1.403 (colored)
add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974 ok djm@
Revision 1.403 / (download) - annotate - [select for diffs], Wed Jun 5 02:27:50 2013 UTC (10 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.402: +4 -2 lines
Diff to previous 1.402 (colored)
When running sshd -D, close stderr unless we have explicitly requesting logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch so, err, ok dtucker.
Revision 1.402 / (download) - annotate - [select for diffs], Fri May 17 00:13:14 2013 UTC (10 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.401: +6 -6 lines
Diff to previous 1.401 (colored)
bye, bye xfree(); ok markus@
Revision 1.401 / (download) - annotate - [select for diffs], Thu May 16 09:08:41 2013 UTC (10 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.400: +3 -2 lines
Diff to previous 1.400 (colored)
Fix some "unused result" warnings found via clang and -portable. ok markus@
Revision 1.400 / (download) - annotate - [select for diffs], Thu May 16 04:09:14 2013 UTC (10 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.399: +5 -1 lines
Diff to previous 1.399 (colored)
Add RekeyLimit to sshd with the same syntax as the client allowing rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man page.
Revision 1.399 / (download) - annotate - [select for diffs], Sun Apr 7 02:10:33 2013 UTC (11 years ago) by dtucker
Branch: MAIN
Changes since 1.398: +14 -5 lines
Diff to previous 1.398 (colored)
Add -E option to ssh and sshd to append debugging logs to a specified file instead of stderr or syslog. ok markus@, man page help jmc@
Revision 1.398 / (download) - annotate - [select for diffs], Sat Apr 6 16:07:00 2013 UTC (11 years ago) by markus
Branch: MAIN
Changes since 1.397: +3 -2 lines
Diff to previous 1.397 (colored)
handle ECONNABORTED for accept(); ok deraadt some time ago...
Revision 1.397 / (download) - annotate - [select for diffs], Mon Feb 11 21:21:58 2013 UTC (11 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.396: +3 -2 lines
Diff to previous 1.396 (colored)
Add openssl version to debug output similar to the client. ok markus@
Revision 1.396 / (download) - annotate - [select for diffs], Sun Nov 4 11:09:15 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.395: +22 -1 lines
Diff to previous 1.395 (colored)
Support multiple required authentication via an AuthenticationMethods option. This option lists one or more comma-separated lists of authentication method names. Successful completion of all the methods in any list is required for authentication to complete; feedback and ok markus@
Revision 1.395 / (download) - annotate - [select for diffs], Sun Nov 4 10:38:43 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.394: +8 -1 lines
Diff to previous 1.394 (colored)
Remove default of AuthorizedCommandUser. Administrators are now expected to explicitly specify a user. feedback and ok markus@
Revision 1.394 / (download) - annotate - [select for diffs], Tue Oct 30 21:29:55 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.393: +10 -1 lines
Diff to previous 1.393 (colored)
new sshd_config option AuthorizedKeysCommand to support fetching authorized_keys from a command in addition to (or instead of) from the filesystem. The command is run as the target server user unless another specified via a new AuthorizedKeysCommandUser option. patch originally by jchadima AT redhat.com, reworked by me; feedback and ok markus@
Revision 1.393 / (download) - annotate - [select for diffs], Tue Jul 10 02:19:15 2012 UTC (11 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.392: +2 -2 lines
Diff to previous 1.392 (colored)
Turn on systrace sandboxing of pre-auth sshd by default for new installs by shipping a config that overrides the current UsePrivilegeSeparation=yes default. Make it easier to flip the default in the future by adding too. prodded markus@ feedback dtucker@ "get it in" deraadt@
Revision 1.392 / (download) - annotate - [select for diffs], Sat Jun 30 14:35:09 2012 UTC (11 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.391: +2 -2 lines
Diff to previous 1.391 (colored)
fix a during the load of the sandbox policies (child can still make the read-syscall and wait forever for systrace-answers) by replacing the read/write synchronisation with SIGSTOP/SIGCONT; report and help hshoexer@; ok djm@, dtucker@
Revision 1.391 / (download) - annotate - [select for diffs], Sun May 13 01:42:32 2012 UTC (11 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.390: +12 -27 lines
Diff to previous 1.390 (colored)
Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests to match. Feedback and ok djm@ markus@.
Revision 1.390 / (download) - annotate - [select for diffs], Thu Apr 12 02:42:32 2012 UTC (12 years ago) by djm
Branch: MAIN
Changes since 1.389: +6 -4 lines
Diff to previous 1.389 (colored)
VersionAddendum option to allow server operators to append some arbitrary text to the SSH-... banner; ok deraadt@ "don't care" markus@
Revision 1.389 / (download) - annotate - [select for diffs], Wed Apr 11 13:26:40 2012 UTC (12 years ago) by djm
Branch: MAIN
Changes since 1.388: +5 -2 lines
Diff to previous 1.388 (colored)
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
Revision 1.388 / (download) - annotate - [select for diffs], Fri Sep 30 21:22:49 2011 UTC (12 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.387: +2 -2 lines
Diff to previous 1.387 (colored)
fix inverted test that caused logspam; spotted by henning@
Revision 1.387 / (download) - annotate - [select for diffs], Fri Sep 30 00:47:37 2011 UTC (12 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.386: +2 -2 lines
Diff to previous 1.386 (colored)
don't attempt privsep cleanup when not using privsep; ok markus@
Revision 1.386 / (download) - annotate - [select for diffs], Fri Sep 9 22:38:21 2011 UTC (12 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.385: +17 -5 lines
Diff to previous 1.385 (colored)
kill the preauth privsep child on fatal errors in the monitor; ok markus@
Revision 1.385 / (download) - annotate - [select for diffs], Thu Jun 23 09:34:13 2011 UTC (12 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.384: +2 -2 lines
Diff to previous 1.384 (colored)
rename sandbox.h => ssh-sandbox.h to make things easier for portable
Revision 1.384 / (download) - annotate - [select for diffs], Wed Jun 22 21:57:01 2011 UTC (12 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.383: +25 -5 lines
Diff to previous 1.383 (colored)
introduce sandboxing of the pre-auth privsep child using systrace(4). This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@
Revision 1.383 / (download) - annotate - [select for diffs], Fri Jun 17 21:44:31 2011 UTC (12 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.382: +8 -5 lines
Diff to previous 1.382 (colored)
make the pre-auth privsep slave log via a socketpair shared with the monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
Revision 1.382 / (download) - annotate - [select for diffs], Tue Apr 12 05:32:49 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.381: +2 -2 lines
Diff to previous 1.381 (colored)
exit with 0 status on SIGTERM; bz#1879
Revision 1.381 / (download) - annotate - [select for diffs], Tue Jan 11 06:13:10 2011 UTC (13 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.380: +3 -2 lines
Diff to previous 1.380 (colored)
some unsigned long long casts that make things a bit easier for portable without resorting to dropping PRIu64 formats everywhere
Revision 1.380 / (download) - annotate - [select for diffs], Wed Sep 22 05:01:29 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.379: +3 -1 lines
Diff to previous 1.379 (colored)
add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@
Revision 1.379 / (download) - annotate - [select for diffs], Tue Aug 31 12:33:38 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.378: +2 -2 lines
Diff to previous 1.378 (colored)
reintroduce commit from tedu@, which I pulled out for release engineering: OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
Revision 1.378 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.377: +6 -1 lines
Diff to previous 1.377 (colored)
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
Revision 1.377 / (download) - annotate - [select for diffs], Mon Aug 16 04:06:06 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.376: +1 -1 lines
Diff to previous 1.376 (colored)
backout previous temporarily; discussed with deraadt@
Revision 1.376 / (download) - annotate - [select for diffs], Thu Aug 12 23:34:39 2010 UTC (13 years, 8 months ago) by tedu
Branch: MAIN
Changes since 1.375: +2 -2 lines
Diff to previous 1.375 (colored)
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
Revision 1.375 / (download) - annotate - [select for diffs], Fri Apr 16 01:47:26 2010 UTC (14 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.374: +12 -3 lines
Diff to previous 1.374 (colored)
revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the following changes: move the nonce field to the beginning of the certificate where it can better protect against chosen-prefix attacks on the signature hash Rename "constraints" field to "critical options" Add a new non-critical "extensions" field Add a serial number The older format is still support for authentication and cert generation (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) ok markus@
Revision 1.374 / (download) - annotate - [select for diffs], Sun Mar 7 11:57:13 2010 UTC (14 years, 1 month ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.373: +2 -1 lines
Diff to previous 1.373 (colored)
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
Revision 1.373 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.372: +104 -13 lines
Diff to previous 1.372 (colored)
Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
Revision 1.372 / (download) - annotate - [select for diffs], Fri Jan 29 00:20:41 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.371: +5 -1 lines
Diff to previous 1.371 (colored)
set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com ok dtucker@
Revision 1.371 / (download) - annotate - [select for diffs], Wed Jan 13 03:48:13 2010 UTC (14 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.370: +3 -2 lines
Diff to previous 1.370 (colored)
avoid run-time failures when specifying hostkeys via a relative path by prepending the cwd in these cases; bz#1290; ok dtucker@
Revision 1.370 / (download) - annotate - [select for diffs], Sat Jan 9 23:04:13 2010 UTC (14 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.369: +4 -5 lines
Diff to previous 1.369 (colored)
Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
Revision 1.369 / (download) - annotate - [select for diffs], Sat Jan 9 11:17:56 2010 UTC (14 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.368: +2 -1 lines
Diff to previous 1.368 (colored)
Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs itself. Prevents two HUPs in quick succession from resulting in sshd dying. bz#1692, patch from Colin Watson via Ubuntu.
Revision 1.368 / (download) - annotate - [select for diffs], Wed Oct 28 16:38:18 2009 UTC (14 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.367: +5 -4 lines
Diff to previous 1.367 (colored)
Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
Revision 1.367 / (download) - annotate - [select for diffs], Thu May 28 16:50:16 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.366: +4 -3 lines
Diff to previous 1.366 (colored)
Keep track of number of bytes read and written. Needed for upcoming changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@
Revision 1.366 / (download) - annotate - [select for diffs], Thu Jan 22 10:02:34 2009 UTC (15 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.365: +2 -2 lines
Diff to previous 1.365 (colored)
make a2port() return -1 when it encounters an invalid port number rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@
Revision 1.365 / (download) - annotate - [select for diffs], Thu Oct 30 19:31:16 2008 UTC (15 years, 5 months ago) by stevesk
Branch: MAIN
Changes since 1.364: +1 -2 lines
Diff to previous 1.364 (colored)
don't need to #include "monitor_fdpass.h"
Revision 1.364 / (download) - annotate - [select for diffs], Thu Jul 10 18:08:11 2008 UTC (15 years, 9 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.363: +8 -3 lines
Diff to previous 1.363 (colored)
sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@
Revision 1.363 / (download) - annotate - [select for diffs], Tue Jul 1 07:24:22 2008 UTC (15 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.362: +5 -3 lines
Diff to previous 1.362 (colored)
Send CR LF during protocol banner exchanges, but only for Protocol 2 only, in order to comply with RFC 4253. bz #1443, ok djm@
Revision 1.362 / (download) - annotate - [select for diffs], Sat Jun 14 17:07:11 2008 UTC (15 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.361: +6 -1 lines
Diff to previous 1.361 (colored)
ensure default umask disallows at least group and world write; ok djm@
Revision 1.361 / (download) - annotate - [select for diffs], Sat Jun 14 15:49:48 2008 UTC (15 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.360: +3 -2 lines
Diff to previous 1.360 (colored)
wrap long line at 80 chars
Revision 1.360 / (download) - annotate - [select for diffs], Thu Jun 12 20:38:28 2008 UTC (15 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.359: +4 -1 lines
Diff to previous 1.359 (colored)
Make keepalive timeouts apply while waiting for a packet, particularly during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
Revision 1.359 / (download) - annotate - [select for diffs], Tue Jun 10 08:17:40 2008 UTC (15 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.358: +4 -3 lines
Diff to previous 1.358 (colored)
- update usage() - fix SYNOPSIS, and sort options - some minor additional fixes
Revision 1.358 / (download) - annotate - [select for diffs], Tue Jun 10 04:50:25 2008 UTC (15 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.357: +44 -3 lines
Diff to previous 1.357 (colored)
Add extended test mode (-T) and connection parameters for test mode (-C). -T causes sshd to write its effective configuration to stdout and exit. -C causes any relevant Match rules to be applied before output. The combination allows tesing of the parser and config files. ok deraadt djm
Revision 1.357 / (download) - annotate - [select for diffs], Thu May 8 12:02:23 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.356: +2 -1 lines
Diff to previous 1.356 (colored)
Implement a channel success/failure status confirmation callback mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
Revision 1.356 / (download) - annotate - [select for diffs], Sun Apr 13 00:22:17 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.355: +6 -24 lines
Diff to previous 1.355 (colored)
Use arc4random_buf() when requesting more than a single word of output Use arc4random_uniform() when the desired random number upper bound is not a power of two ok deraadt@ millert@
Revision 1.355 / (download) - annotate - [select for diffs], Thu Feb 14 13:10:31 2008 UTC (16 years, 2 months ago) by mbalmer
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.354: +2 -2 lines
Diff to previous 1.354 (colored)
When started in configuration test mode (-t) do not check that sshd is being started with an absolute path. ok djm
Revision 1.354 / (download) - annotate - [select for diffs], Wed Feb 13 22:38:17 2008 UTC (16 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.353: +11 -2 lines
Diff to previous 1.353 (colored)
rekey arc4random and OpenSSL RNG in postauth child closefrom fds > 2 before shell/command execution ok markus@
Revision 1.353 / (download) - annotate - [select for diffs], Mon Dec 31 15:27:04 2007 UTC (16 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.352: +5 -5 lines
Diff to previous 1.352 (colored)
When in inetd mode, have sshd generate a Protocol 1 ephemeral server key only for connections where the client chooses Protocol 1 as opposed to when it's enabled in the server's config. Speeds up Protocol 2 connections to inetd-mode servers that also allow Protocol 1. bz #440, based on a patch from bruno at wolff.to, ok markus@
Revision 1.352 / (download) - annotate - [select for diffs], Thu Dec 27 14:22:08 2007 UTC (16 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.351: +2 -3 lines
Diff to previous 1.351 (colored)
Add a small helper function to consistently handle the EAI_SYSTEM error code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@
Revision 1.351 / (download) - annotate - [select for diffs], Tue May 22 10:18:52 2007 UTC (16 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.350: +1 -2 lines
Diff to previous 1.350 (colored)
zap double include; from p_nowaczyk AT o2.pl
Revision 1.350 / (download) - annotate - [select for diffs], Fri Mar 9 05:20:06 2007 UTC (17 years, 1 month ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.349: +5 -1 lines
Diff to previous 1.349 (colored)
Move C/R -> kbdint special case to after the defaults have been loaded, which makes ChallengeResponse default to yes again. This was broken by the Match changes and not fixed properly subsequently. Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
Revision 1.349 / (download) - annotate - [select for diffs], Wed Feb 21 11:00:05 2007 UTC (17 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.348: +2 -1 lines
Diff to previous 1.348 (colored)
Clear alarm() before restarting sshd on SIGHUP. Without this, if there's a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the newly exec'ed sshd will get the SIGALRM and not have a handler for it, and the default action will terminate the listening sshd. Analysis and patch from andrew at gaul.org.
Revision 1.312.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 00:44:05 2006 UTC (17 years, 5 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.312.2.2: +3 -3 lines
Diff to previous 1.312.2.2 (colored) to branchpoint 1.312 (colored) next main 1.313 (colored)
upgrade to OpenSSH 4.5
Revision 1.347.4.1 / (download) - annotate - [select for diffs], Wed Nov 8 00:42:11 2006 UTC (17 years, 5 months ago) by brad
Branch: OPENBSD_4_0
Changes since 1.347: +3 -3 lines
Diff to previous 1.347 (colored) next main 1.348 (colored)
upgrade to OpenSSH 4.5
Revision 1.323.2.2 / (download) - annotate - [select for diffs], Wed Nov 8 00:17:14 2006 UTC (17 years, 5 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.323.2.1: +3 -3 lines
Diff to previous 1.323.2.1 (colored) to branchpoint 1.323 (colored) next main 1.324 (colored)
upgrade to OpenSSH 4.5
Revision 1.348 / (download) - annotate - [select for diffs], Mon Nov 6 21:25:28 2006 UTC (17 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.347: +3 -3 lines
Diff to previous 1.347 (colored)
add missing checks for openssl return codes; with & ok djm@
Revision 1.312.2.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:33 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.312.2.1: +401 -335 lines
Diff to previous 1.312.2.1 (colored) to branchpoint 1.312 (colored)
upgrade to OpenSSH 4.4
Revision 1.323.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:51 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.323: +395 -337 lines
Diff to previous 1.323 (colored)
upgrade to OpenSSH 4.4
Revision 1.347 / (download) - annotate - [select for diffs], Fri Aug 18 09:15:20 2006 UTC (17 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE
Branch point for: OPENBSD_4_0
Changes since 1.346: +2 -1 lines
Diff to previous 1.346 (colored)
delay authentication related cleanups until we're authenticated and all alarms have been cancelled; ok deraadt
Revision 1.346 / (download) - annotate - [select for diffs], Fri Aug 18 09:13:26 2006 UTC (17 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.345: +2 -4 lines
Diff to previous 1.345 (colored)
make signal handler termination path shorter; risky code pointed out by mark dowd; ok djm markus
Revision 1.345 / (download) - annotate - [select for diffs], Wed Aug 16 11:47:15 2006 UTC (17 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.344: +333 -308 lines
Diff to previous 1.344 (colored)
factor inetd connection, TCP listen and main TCP accept loop out of main() into separate functions to improve readability; ok markus@
Revision 1.344 / (download) - annotate - [select for diffs], Sat Aug 5 07:52:52 2006 UTC (17 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.343: +2 -1 lines
Diff to previous 1.343 (colored)
Add headers required to build with KERBEROS5=no. ok djm@
Revision 1.343 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.342: +11 -8 lines
Diff to previous 1.342 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.342 / (download) - annotate - [select for diffs], Tue Aug 1 23:22:48 2006 UTC (17 years, 8 months ago) by stevesk
Branch: MAIN
Changes since 1.341: +2 -1 lines
Diff to previous 1.341 (colored)
move #include <stdio.h> out of includes.h
Revision 1.341 / (download) - annotate - [select for diffs], Wed Jul 26 13:57:17 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.340: +2 -1 lines
Diff to previous 1.340 (colored)
move #include <stdlib.h> out of includes.h
Revision 1.340 / (download) - annotate - [select for diffs], Tue Jul 25 02:59:21 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.339: +2 -1 lines
Diff to previous 1.339 (colored)
move #include <sys/time.h> out of includes.h
Revision 1.339 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.338: +2 -1 lines
Diff to previous 1.338 (colored)
move #include <string.h> out of includes.h
Revision 1.338 / (download) - annotate - [select for diffs], Wed Jul 12 22:28:52 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.337: +2 -1 lines
Diff to previous 1.337 (colored)
move #include <netdb.h> out of includes.h; ok djm@
Revision 1.337 / (download) - annotate - [select for diffs], Wed Jul 12 11:34:58 2006 UTC (17 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.336: +8 -9 lines
Diff to previous 1.336 (colored)
Add support for conditional directives to sshd_config via a "Match" keyword, which works similarly to the "Host" directive in ssh_config. Lines after a Match line override the default set in the main section if the condition on the Match line is true, eg AllowTcpForwarding yes Match User anoncvs AllowTcpForwarding no will allow port forwarding by all users except "anoncvs". Currently only a very small subset of directives are supported. ok djm@
Revision 1.336 / (download) - annotate - [select for diffs], Tue Jul 11 20:07:25 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.335: +2 -1 lines
Diff to previous 1.335 (colored)
move #include <errno.h> out of includes.h; ok markus@
Revision 1.335 / (download) - annotate - [select for diffs], Sun Jul 9 15:15:11 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.334: +2 -1 lines
Diff to previous 1.334 (colored)
move #include <fcntl.h> out of includes.h
Revision 1.334 / (download) - annotate - [select for diffs], Sat Jul 8 21:47:12 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.333: +2 -1 lines
Diff to previous 1.333 (colored)
move #include <sys/socket.h> out of includes.h
Revision 1.333 / (download) - annotate - [select for diffs], Thu Jul 6 16:03:53 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.332: +2 -1 lines
Diff to previous 1.332 (colored)
move #include <pwd.h> out of includes.h; ok markus@
Revision 1.332 / (download) - annotate - [select for diffs], Mon Jul 3 08:54:20 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.331: +2 -1 lines
Diff to previous 1.331 (colored)
move #include "version.h" out of includes.h; ok markus@
Revision 1.331 / (download) - annotate - [select for diffs], Thu Jun 1 09:21:48 2006 UTC (17 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.330: +8 -2 lines
Diff to previous 1.330 (colored)
call get_remote_ipaddr() early; fixes logging after client disconnects; report mpf@; ok dtucker@
Revision 1.330 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.329: +1 -0 lines
Diff to previous 1.329 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.329 / (download) - annotate - [select for diffs], Sat Mar 25 00:05:41 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.328: +7 -9 lines
Diff to previous 1.328 (colored)
introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
Revision 1.328 / (download) - annotate - [select for diffs], Mon Mar 20 18:17:20 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.327: +0 -1 lines
Diff to previous 1.327 (colored)
sprinkle some ARGSUSED for table driven functions (which sometimes must ignore their args)
Revision 1.327 / (download) - annotate - [select for diffs], Sun Mar 19 18:56:41 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.326: +37 -20 lines
Diff to previous 1.326 (colored)
ARGSUSED for signal handlers
Revision 1.326 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:19 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.325: +0 -1 lines
Diff to previous 1.325 (colored)
RCSID() can die
Revision 1.325 / (download) - annotate - [select for diffs], Mon Mar 13 08:16:00 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.324: +4 -4 lines
Diff to previous 1.324 (colored)
don't log that we are listening on a socket before the listen() call actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
Revision 1.324 / (download) - annotate - [select for diffs], Tue Mar 7 09:07:40 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.323: +2 -1 lines
Diff to previous 1.323 (colored)
Implement the diffie-hellman-group-exchange-sha256 key exchange method using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY
Revision 1.323 / (download) - annotate - [select for diffs], Mon Feb 20 17:19:54 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.322: +2 -1 lines
Diff to previous 1.322 (colored)
move #include <sys/stat.h> out of includes.h; ok markus@
Revision 1.322 / (download) - annotate - [select for diffs], Mon Feb 20 17:02:44 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.321: +2 -1 lines
Diff to previous 1.321 (colored)
move #include <signal.h> out of includes.h; ok markus@
Revision 1.321 / (download) - annotate - [select for diffs], Fri Feb 10 01:44:27 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.320: +3 -1 lines
Diff to previous 1.320 (colored)
move #include <sys/wait.h> out of includes.h; ok markus@
Revision 1.320 / (download) - annotate - [select for diffs], Fri Feb 10 00:27:13 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.319: +3 -1 lines
Diff to previous 1.319 (colored)
move #include <sys/ioctl.h> out of includes.h; ok markus@
Revision 1.319 / (download) - annotate - [select for diffs], Wed Feb 8 12:15:27 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.318: +3 -1 lines
Diff to previous 1.318 (colored)
move #include <paths.h> out of includes.h; ok markus@
Revision 1.312.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:58 2006 UTC (18 years, 2 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.312: +25 -13 lines
Diff to previous 1.312 (colored)
upgrade to OpenSSH 4.3
Revision 1.308.2.2 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:46 2006 UTC (18 years, 2 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.308.2.1: +25 -13 lines
Diff to previous 1.308.2.1 (colored) to branchpoint 1.308 (colored) next main 1.309 (colored)
upgrade to OpenSSH 4.3
Revision 1.318 / (download) - annotate - [select for diffs], Sat Dec 24 02:27:41 2005 UTC (18 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.317: +12 -8 lines
Diff to previous 1.317 (colored)
eliminate some code duplicated in privsep and non-privsep paths, and explicitly clear SIGALRM handler; "groovy" deraadt@
Revision 1.317 / (download) - annotate - [select for diffs], Sun Oct 30 08:52:18 2005 UTC (18 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.316: +3 -3 lines
Diff to previous 1.316 (colored)
no need to escape single quotes in comments, no binary change
Revision 1.316 / (download) - annotate - [select for diffs], Sun Oct 30 08:29:29 2005 UTC (18 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.315: +7 -2 lines
Diff to previous 1.315 (colored)
Check for connections with IP options earlier and drop silently. ok djm@
Revision 1.315 / (download) - annotate - [select for diffs], Wed Sep 21 23:37:11 2005 UTC (18 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.314: +3 -3 lines
Diff to previous 1.314 (colored)
change label at markus@'s request
Revision 1.314 / (download) - annotate - [select for diffs], Mon Sep 19 11:47:09 2005 UTC (18 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.313: +3 -3 lines
Diff to previous 1.313 (colored)
stop connection abort on rekey with delayed compression enabled when post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
Revision 1.313 / (download) - annotate - [select for diffs], Tue Sep 13 23:40:07 2005 UTC (18 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.312: +4 -1 lines
Diff to previous 1.312 (colored)
ensure that stdio fds are attached; ok deraadt@
Revision 1.308.2.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:11 2005 UTC (18 years, 7 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.308: +25 -11 lines
Diff to previous 1.308 (colored)
upgrade to OpenSSH 4.2
Revision 1.302.2.2 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:01 2005 UTC (18 years, 7 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.302.2.1: +25 -11 lines
Diff to previous 1.302.2.1 (colored) to branchpoint 1.302 (colored) next main 1.303 (colored)
upgrade to OpenSSH 4.2
Revision 1.312 / (download) - annotate - [select for diffs], Mon Jul 25 11:59:40 2005 UTC (18 years, 9 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_8
Changes since 1.311: +13 -2 lines
Diff to previous 1.311 (colored)
add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
Revision 1.311 / (download) - annotate - [select for diffs], Fri Jun 17 02:44:33 2005 UTC (18 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.310: +4 -3 lines
Diff to previous 1.310 (colored)
make this -Wsign-compare clean; ok avsm@ markus@
Revision 1.310 / (download) - annotate - [select for diffs], Thu Jun 16 08:00:00 2005 UTC (18 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.309: +5 -2 lines
Diff to previous 1.309 (colored)
don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
Revision 1.309 / (download) - annotate - [select for diffs], Wed Apr 6 09:43:59 2005 UTC (19 years ago) by djm
Branch: MAIN
Changes since 1.308: +6 -7 lines
Diff to previous 1.308 (colored)
avoid harmless logspam by not performing setsockopt() on non-socket; ok markus@
Revision 1.290.2.2 / (download) - annotate - [select for diffs], Thu Mar 10 17:15:05 2005 UTC (19 years, 1 month ago) by brad
Branch: OPENBSD_3_5
Changes since 1.290.2.1: +23 -24 lines
Diff to previous 1.290.2.1 (colored) to branchpoint 1.290 (colored) next main 1.291 (colored)
upgrade to OpenSSH 4.0
Revision 1.302.2.1 / (download) - annotate - [select for diffs], Thu Mar 10 16:28:28 2005 UTC (19 years, 1 month ago) by brad
Branch: OPENBSD_3_6
Changes since 1.302: +20 -22 lines
Diff to previous 1.302 (colored)
upgrade to OpenSSH 4.0
Revision 1.308 / (download) - annotate - [select for diffs], Tue Feb 8 22:24:57 2005 UTC (19 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE
Branch point for: OPENBSD_3_7
Changes since 1.307: +6 -4 lines
Diff to previous 1.307 (colored)
Provide reason in error message if getnameinfo fails; ok markus@
Revision 1.307 / (download) - annotate - [select for diffs], Fri Jan 21 08:32:02 2005 UTC (19 years, 3 months ago) by otto
Branch: MAIN
Changes since 1.306: +5 -4 lines
Diff to previous 1.306 (colored)
Warn in advance for password and account expiry; initialize loginmsg buffer earlier and clear it after privsep fork. ok and help dtucker@ markus@
Revision 1.306 / (download) - annotate - [select for diffs], Mon Jan 17 22:48:39 2005 UTC (19 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.305: +2 -2 lines
Diff to previous 1.305 (colored)
Make debugging output continue after reexec; ok djm@
Revision 1.305 / (download) - annotate - [select for diffs], Thu Dec 23 23:11:00 2004 UTC (19 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.304: +6 -10 lines
Diff to previous 1.304 (colored)
bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz ok deraadt@
Revision 1.304 / (download) - annotate - [select for diffs], Sat Sep 25 03:45:14 2004 UTC (19 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.303: +2 -2 lines
Diff to previous 1.303 (colored)
these printf args are no longer double; ok deraadt@ markus@
Revision 1.303 / (download) - annotate - [select for diffs], Wed Sep 15 18:42:27 2004 UTC (19 years, 7 months ago) by mickey
Branch: MAIN
Changes since 1.302: +4 -5 lines
Diff to previous 1.302 (colored)
use less doubles in daemons; markus@ ok
Revision 1.302 / (download) - annotate - [select for diffs], Sat Aug 28 01:01:48 2004 UTC (19 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.301: +4 -3 lines
Diff to previous 1.301 (colored)
don't erroneously close stdin for !reexec case, from Dave Johnson; ok markus@
Revision 1.276.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:33 2004 UTC (19 years, 8 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.276.2.1: +251 -45 lines
Diff to previous 1.276.2.1 (colored) to branchpoint 1.276 (colored) next main 1.277 (colored)
upgrade to OpenSSH 3.9
Revision 1.290.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:28 2004 UTC (19 years, 8 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.290: +244 -25 lines
Diff to previous 1.290 (colored)
upgrade to OpenSSH 3.9
Revision 1.301 / (download) - annotate - [select for diffs], Wed Aug 11 11:50:09 2004 UTC (19 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.300: +3 -2 lines
Diff to previous 1.300 (colored)
Don't try to close startup_pipe if it's not open; ok djm@
Revision 1.300 / (download) - annotate - [select for diffs], Wed Jul 28 08:56:22 2004 UTC (19 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.299: +9 -9 lines
Diff to previous 1.299 (colored)
call setsid() _before_ re-exec
Revision 1.299 / (download) - annotate - [select for diffs], Sat Jul 17 05:31:41 2004 UTC (19 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.298: +7 -1 lines
Diff to previous 1.298 (colored)
Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@
Revision 1.298 / (download) - annotate - [select for diffs], Sun Jul 11 17:48:47 2004 UTC (19 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.297: +3 -3 lines
Diff to previous 1.297 (colored)
spaces
Revision 1.297 / (download) - annotate - [select for diffs], Sat Jun 26 20:07:16 2004 UTC (19 years, 10 months ago) by avsm
Branch: MAIN
Changes since 1.296: +3 -2 lines
Diff to previous 1.296 (colored)
initialise some fd variables to -1, djm@ ok
Revision 1.296 / (download) - annotate - [select for diffs], Fri Jun 25 18:43:36 2004 UTC (19 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.295: +28 -14 lines
Diff to previous 1.295 (colored)
fix broken fd handling in the re-exec fallback path, particularly when /dev/crypto is in use; ok deraadt@ markus@
Revision 1.295 / (download) - annotate - [select for diffs], Fri Jun 25 01:16:09 2004 UTC (19 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.294: +2 -2 lines
Diff to previous 1.294 (colored)
only perform tcp wrappers checks when the incoming connection is on a socket. silences useless warnings from regress tests that use proxycommand="sshd -i" prompted by david@ ok markus@
Revision 1.294 / (download) - annotate - [select for diffs], Thu Jun 24 19:30:54 2004 UTC (19 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.293: +214 -16 lines
Diff to previous 1.293 (colored)
re-exec sshd on accept(); initial work, final debugging and ok markus@
Revision 1.293 / (download) - annotate - [select for diffs], Mon Jun 14 01:44:39 2004 UTC (19 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.292: +3 -5 lines
Diff to previous 1.292 (colored)
set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
Revision 1.292 / (download) - annotate - [select for diffs], Sun Jun 13 12:53:24 2004 UTC (19 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.291: +2 -1 lines
Diff to previous 1.291 (colored)
implement diffie-hellman-group14-sha1 kex method (trivial extension to existing diffie-hellman-group1-sha1); ok markus@
Revision 1.291 / (download) - annotate - [select for diffs], Sun May 9 01:19:28 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.290: +5 -5 lines
Diff to previous 1.290 (colored)
kill some more tiny files; ok deraadt@
Revision 1.290 / (download) - annotate - [select for diffs], Thu Mar 11 10:21:17 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.289: +2 -2 lines
Diff to previous 1.289 (colored)
ssh, sshd: sync version output, ok djm
Revision 1.289 / (download) - annotate - [select for diffs], Thu Mar 11 08:36:26 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.288: +5 -19 lines
Diff to previous 1.288 (colored)
trim usage; ok deraadt
Revision 1.263.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:17 2004 UTC (20 years, 1 month ago) by brad
Branch: OPENBSD_3_3
Changes since 1.263.2.1: +55 -41 lines
Diff to previous 1.263.2.1 (colored) to branchpoint 1.263 (colored) next main 1.264 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.288 / (download) - annotate - [select for diffs], Wed Mar 3 06:47:52 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.287: +2 -1 lines
Diff to previous 1.287 (colored)
change proctiltle after accept(2); ok henning, deraadt, djm
Revision 1.276.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:34 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.276: +55 -41 lines
Diff to previous 1.276 (colored)
upgrade to OpenSSH 3.8
Revision 1.287 / (download) - annotate - [select for diffs], Wed Feb 25 00:22:45 2004 UTC (20 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.286: +2 -2 lines
Diff to previous 1.286 (colored)
typo in comment
Revision 1.286 / (download) - annotate - [select for diffs], Mon Feb 23 12:02:33 2004 UTC (20 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.285: +11 -1 lines
Diff to previous 1.285 (colored)
backout revision 1.279; set listen socket to non-block; ok henning.
Revision 1.285 / (download) - annotate - [select for diffs], Thu Feb 5 05:37:17 2004 UTC (20 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.284: +6 -2 lines
Diff to previous 1.284 (colored)
Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
Revision 1.284 / (download) - annotate - [select for diffs], Tue Dec 9 21:53:37 2003 UTC (20 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.283: +3 -3 lines
Diff to previous 1.283 (colored)
rename keepalive to tcpkeepalive; the old name causes too much confusion; ok djm, dtucker; with help from jmc@
Revision 1.283 / (download) - annotate - [select for diffs], Tue Dec 9 17:29:04 2003 UTC (20 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.282: +5 -2 lines
Diff to previous 1.282 (colored)
fix -o and HUP; ok henning@
Revision 1.282 / (download) - annotate - [select for diffs], Tue Dec 2 17:01:15 2003 UTC (20 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.281: +2 -2 lines
Diff to previous 1.281 (colored)
use SSH_LISTEN_BACKLOG (=128) in listen(2).
Revision 1.281 / (download) - annotate - [select for diffs], Mon Nov 10 16:23:41 2003 UTC (20 years, 5 months ago) by jakob
Branch: MAIN
Changes since 1.280: +6 -5 lines
Diff to previous 1.280 (colored)
constify. ok markus@ & djm@
Revision 1.280 / (download) - annotate - [select for diffs], Thu Oct 2 10:41:59 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.279: +3 -2 lines
Diff to previous 1.279 (colored)
print openssl version, too, several requests; ok henning/djm.
Revision 1.279 / (download) - annotate - [select for diffs], Fri Sep 26 08:19:29 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.278: +1 -11 lines
Diff to previous 1.278 (colored)
no need to set the listen sockets to non-block; ok deraadt@
Revision 1.278 / (download) - annotate - [select for diffs], Tue Sep 23 20:17:11 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.277: +36 -23 lines
Diff to previous 1.277 (colored)
replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
Revision 1.277 / (download) - annotate - [select for diffs], Fri Sep 19 11:33:09 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.276: +1 -9 lines
Diff to previous 1.276 (colored)
do not call packet_close on fatal; ok deraadt
Revision 1.260.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:29 2003 UTC (20 years, 7 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.260.2.1: +51 -102 lines
Diff to previous 1.260.2.1 (colored) to branchpoint 1.260 (colored) next main 1.261 (colored)
upgrade to OpenSSH 3.7
Revision 1.263.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:44 2003 UTC (20 years, 7 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.263: +51 -102 lines
Diff to previous 1.263 (colored)
upgrade to OpenSSH 3.7
Revision 1.276 / (download) - annotate - [select for diffs], Thu Aug 28 12:54:34 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.275: +1 -15 lines
Diff to previous 1.275 (colored)
remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
Revision 1.275 / (download) - annotate - [select for diffs], Wed Aug 13 08:46:31 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.274: +2 -17 lines
Diff to previous 1.274 (colored)
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others
Revision 1.274 / (download) - annotate - [select for diffs], Tue Jul 22 13:35:22 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.273: +4 -17 lines
Diff to previous 1.273 (colored)
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@
Revision 1.273 / (download) - annotate - [select for diffs], Wed Jul 16 10:34:53 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.272: +3 -7 lines
Diff to previous 1.272 (colored)
don't exit on multiple -v or -d; ok deraadt@
Revision 1.272 / (download) - annotate - [select for diffs], Mon Jul 14 12:36:37 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.271: +28 -35 lines
Diff to previous 1.271 (colored)
remove undocumented -V option. would be only useful if openssh is used as ssh v1 server for ssh.com's ssh v2.
Revision 1.271 / (download) - annotate - [select for diffs], Sat Jun 28 16:23:06 2003 UTC (20 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.270: +4 -4 lines
Diff to previous 1.270 (colored)
deal with typing of write vs read in atomicio
Revision 1.270 / (download) - annotate - [select for diffs], Sat Jun 28 07:48:10 2003 UTC (20 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.269: +5 -2 lines
Diff to previous 1.269 (colored)
report pidfile creation errors, based on patch from Roumen Petrov; ok markus@
Revision 1.269 / (download) - annotate - [select for diffs], Tue Jun 24 08:23:46 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.268: +2 -2 lines
Diff to previous 1.268 (colored)
int -> u_int; ok djm@, deraadt@, mouring@
Revision 1.268 / (download) - annotate - [select for diffs], Wed Jun 4 10:23:48 2003 UTC (20 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.267: +1 -5 lines
Diff to previous 1.267 (colored)
remove duplicated group-dropping code; ok markus@
Revision 1.267 / (download) - annotate - [select for diffs], Thu May 29 16:58:45 2003 UTC (20 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.266: +4 -2 lines
Diff to previous 1.266 (colored)
seteuid and setegid; markus ok
Revision 1.266 / (download) - annotate - [select for diffs], Sat May 24 09:30:40 2003 UTC (20 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.265: +2 -2 lines
Diff to previous 1.265 (colored)
cast some types for printing; ok markus@
Revision 1.265 / (download) - annotate - [select for diffs], Mon Apr 14 14:17:50 2003 UTC (21 years ago) by markus
Branch: MAIN
Changes since 1.264: +3 -2 lines
Diff to previous 1.264 (colored)
avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
Revision 1.264 / (download) - annotate - [select for diffs], Tue Apr 8 20:21:29 2003 UTC (21 years ago) by itojun
Branch: MAIN
Changes since 1.263: +15 -15 lines
Diff to previous 1.263 (colored)
rename log() into logit() to avoid name conflict. markus ok, from netbsd
Revision 1.239.2.5 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:18 2003 UTC (21 years ago) by miod
Branch: OPENBSD_3_1
Changes since 1.239.2.4: +8 -6 lines
Diff to previous 1.239.2.4 (colored) to branchpoint 1.239 (colored) next main 1.240 (colored)
Merge OpenSSH 3.6.1
Revision 1.260.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:14 2003 UTC (21 years ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.260: +8 -6 lines
Diff to previous 1.260 (colored)
Update to OpenSSH 3.6
Revision 1.263 / (download) - annotate - [select for diffs], Sun Feb 16 17:09:57 2003 UTC (21 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.262: +5 -3 lines
Diff to previous 1.262 (colored)
split kex into client and server code, no need to link server code into the client; ok provos@
Revision 1.262 / (download) - annotate - [select for diffs], Mon Jan 27 17:06:31 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.261: +3 -3 lines
Diff to previous 1.261 (colored)
more specific error message when /var/empty has wrong permissions; bug #46, map@appgate.com; ok henning@, provos@, stevesk@
Revision 1.261 / (download) - annotate - [select for diffs], Thu Nov 7 16:28:47 2002 UTC (21 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.260: +2 -2 lines
Diff to previous 1.260 (colored)
log to stderr if -ie is given, bug #414, prj@po.cwru.edu
Revision 1.206.2.6 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:07 2002 UTC (21 years, 6 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.206.2.5: +41 -41 lines
Diff to previous 1.206.2.5 (colored) to branchpoint 1.206 (colored) next main 1.207 (colored)
Update to OpenSSH 3.5
Revision 1.239.2.4 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:53 2002 UTC (21 years, 6 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.239.2.3: +41 -41 lines
Diff to previous 1.239.2.3 (colored) to branchpoint 1.239 (colored)
Update to OpenSSH 3.5
Revision 1.260 / (download) - annotate - [select for diffs], Fri Sep 27 10:42:09 2002 UTC (21 years, 7 months ago) by mickey
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.259: +7 -1 lines
Diff to previous 1.259 (colored)
add a generic match for a prober, such as sie big brother; idea from stevesk@; markus@ ok
Revision 1.259 / (download) - annotate - [select for diffs], Wed Sep 25 15:19:02 2002 UTC (21 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.258: +2 -2 lines
Diff to previous 1.258 (colored)
typo; pilot@monkey.org
Revision 1.258 / (download) - annotate - [select for diffs], Fri Sep 13 19:23:09 2002 UTC (21 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.257: +6 -22 lines
Diff to previous 1.257 (colored)
remove use of SO_LINGER, it should not be needed. error check SO_REUSEADDR. fixup comments. ok markus@
Revision 1.257 / (download) - annotate - [select for diffs], Tue Jul 23 16:03:10 2002 UTC (21 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.256: +5 -3 lines
Diff to previous 1.256 (colored)
utmp_len is unsigned; display error consistent with other options. ok markus@
Revision 1.256 / (download) - annotate - [select for diffs], Fri Jul 19 15:43:33 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.255: +9 -4 lines
Diff to previous 1.255 (colored)
remove fatal cleanups after fork; based on discussions with and code from solar.
Revision 1.255 / (download) - annotate - [select for diffs], Sun Jun 30 21:59:45 2002 UTC (21 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.254: +5 -4 lines
Diff to previous 1.254 (colored)
minor KNF
Revision 1.254 / (download) - annotate - [select for diffs], Sun Jun 30 21:54:16 2002 UTC (21 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.253: +12 -12 lines
Diff to previous 1.253 (colored)
lint asks that we use names that do not overlap
Revision 1.253 / (download) - annotate - [select for diffs], Fri Jun 28 23:05:06 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.252: +2 -2 lines
Diff to previous 1.252 (colored)
gidset[2] -> gidset[1]; markus ok
Revision 1.252 / (download) - annotate - [select for diffs], Fri Jun 28 10:08:25 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.251: +3 -1 lines
Diff to previous 1.251 (colored)
range check -u option at invocation
Revision 1.206.2.5 / (download) - annotate - [select for diffs], Wed Jun 26 18:22:36 2002 UTC (21 years, 10 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.206.2.4: +34 -12 lines
Diff to previous 1.206.2.4 (colored) to branchpoint 1.206 (colored)
There was an update to OpenSSH 3.4, and people rejoiced.
Revision 1.239.2.3 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:39 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.239.2.2: +57 -18 lines
Diff to previous 1.239.2.2 (colored) to branchpoint 1.239 (colored)
Pull in OpenSSH-3.4
Revision 1.251 / (download) - annotate - [select for diffs], Tue Jun 25 18:51:04 2002 UTC (21 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.250: +12 -1 lines
Diff to previous 1.250 (colored)
lightweight do_setusercontext after chroot()
Revision 1.250 / (download) - annotate - [select for diffs], Sun Jun 23 10:29:52 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.249: +16 -8 lines
Diff to previous 1.249 (colored)
some minor KNF and %u
Revision 1.249 / (download) - annotate - [select for diffs], Sun Jun 23 03:30:17 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.248: +3 -3 lines
Diff to previous 1.248 (colored)
various KNF and %d for unsigned
Revision 1.248 / (download) - annotate - [select for diffs], Sat Jun 22 20:05:27 2002 UTC (21 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.247: +2 -2 lines
Diff to previous 1.247 (colored)
don't call setsid() if debugging or run from inetd; no "Operation not permitted" errors now; ok millert@ markus@
Revision 1.247 / (download) - annotate - [select for diffs], Sat Jun 22 16:40:19 2002 UTC (21 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.246: +4 -1 lines
Diff to previous 1.246 (colored)
check /var/empty owner mode; ok provos@
Revision 1.206.2.4 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:18 2002 UTC (21 years, 10 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.206.2.3: +29 -8 lines
Diff to previous 1.206.2.3 (colored) to branchpoint 1.206 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.246 / (download) - annotate - [select for diffs], Thu Jun 20 23:05:56 2002 UTC (21 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.245: +5 -1 lines
Diff to previous 1.245 (colored)
allow Compression=yes/no in sshd_config
Revision 1.245 / (download) - annotate - [select for diffs], Tue Jun 11 05:46:20 2002 UTC (21 years, 10 months ago) by mpech
Branch: MAIN
Changes since 1.244: +5 -5 lines
Diff to previous 1.244 (colored)
pid_t cleanup. Markus need this now to keep hacking. markus@, millert@ ok Note: big usr.bin/ cleanup is comming. Now I'm waiting Ok from espie@ for make/.
Revision 1.195.2.5 / (download) - annotate - [select for diffs], Sun Jun 2 22:56:11 2002 UTC (21 years, 10 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.195.2.4: +287 -44 lines
Diff to previous 1.195.2.4 (colored) to branchpoint 1.195 (colored) next main 1.196 (colored)
Upgrade to OpenSSH 3.2.3. Except for improbable compilation error fixes, this should be the last commit made to the 2.9-STABLE branche. Have fun upgrading.
Revision 1.244 / (download) - annotate - [select for diffs], Wed May 29 11:21:57 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.243: +14 -1 lines
Diff to previous 1.243 (colored)
don't start if privsep is enabled and SSH_PRIVSEP_USER or _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
Revision 1.243 / (download) - annotate - [select for diffs], Wed May 22 23:18:25 2002 UTC (21 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.242: +4 -4 lines
Diff to previous 1.242 (colored)
spelling; abishoff@arc.nasa.gov
Revision 1.239.2.2 / (download) - annotate - [select for diffs], Sat May 18 04:50:38 2002 UTC (21 years, 11 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.239.2.1: +0 -0 lines
Diff to previous 1.239.2.1 (colored) to branchpoint 1.239 (colored)
Update to OpenSSH-3.2.3
Revision 1.239.2.1 / (download) - annotate - [select for diffs], Sat May 18 04:12:11 2002 UTC (21 years, 11 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.239: +30 -21 lines
Diff to previous 1.239 (colored)
Update to OpenSSH-3.2.2
Revision 1.206.2.3 / (download) - annotate - [select for diffs], Fri May 17 00:03:25 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.206.2.2: +287 -44 lines
Diff to previous 1.206.2.2 (colored) to branchpoint 1.206 (colored)
Update OpenSSH to version 3.2.2.
Revision 1.242 / (download) - annotate - [select for diffs], Wed May 15 15:47:49 2002 UTC (21 years, 11 months ago) by mouring
Branch: MAIN
Changes since 1.241: +20 -20 lines
Diff to previous 1.241 (colored)
'monitor' variable clashes with at least one lame platform (NeXT). Renamed to 'pmonitor'. provos@
Revision 1.241 / (download) - annotate - [select for diffs], Mon May 13 15:53:19 2002 UTC (21 years, 11 months ago) by millert
Branch: MAIN
Changes since 1.240: +9 -1 lines
Diff to previous 1.240 (colored)
Call setsid() in the child after sshd accepts the connection and forks. This is needed for privsep which calls setlogin() when it changes uids. Without this, there is a race where the login name of an existing connection, as returned by getlogin(), may be changed to the privsep user (sshd). markus@ OK
Revision 1.240 / (download) - annotate - [select for diffs], Tue Apr 23 22:16:29 2002 UTC (22 years ago) by djm
Branch: MAIN
Changes since 1.239: +3 -2 lines
Diff to previous 1.239 (colored)
Improve error message; ok markus@ stevesk@
Revision 1.239 / (download) - annotate - [select for diffs], Sat Mar 30 18:51:15 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.238: +7 -4 lines
Diff to previous 1.238 (colored)
check waitpid for EINTR; based on patch from peter@ifm.liu.se
Revision 1.238 / (download) - annotate - [select for diffs], Sat Mar 23 20:57:26 2002 UTC (22 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.237: +2 -1 lines
Diff to previous 1.237 (colored)
setproctitle() after preauth child; ok markus@
Revision 1.237 / (download) - annotate - [select for diffs], Thu Mar 21 21:23:34 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.236: +55 -43 lines
Diff to previous 1.236 (colored)
add privsep_preauth() and remove 1 goto; ok provos@
Revision 1.236 / (download) - annotate - [select for diffs], Wed Mar 20 21:08:08 2002 UTC (22 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.235: +2 -2 lines
Diff to previous 1.235 (colored)
strerror() on chdir() fail; ok provos@
Revision 1.235 / (download) - annotate - [select for diffs], Wed Mar 20 19:12:25 2002 UTC (22 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.234: +10 -5 lines
Diff to previous 1.234 (colored)
for unprivileged user, group do: pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
Revision 1.234 / (download) - annotate - [select for diffs], Tue Mar 19 10:49:35 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.233: +5 -5 lines
Diff to previous 1.233 (colored)
KNF whitespace
Revision 1.233 / (download) - annotate - [select for diffs], Tue Mar 19 10:35:39 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.232: +3 -3 lines
Diff to previous 1.232 (colored)
clean up prototypes
Revision 1.232 / (download) - annotate - [select for diffs], Tue Mar 19 03:03:43 2002 UTC (22 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.231: +4 -3 lines
Diff to previous 1.231 (colored)
_PATH_PRIVSEP_CHROOT_DIR; ok provos@
Revision 1.231 / (download) - annotate - [select for diffs], Mon Mar 18 17:50:31 2002 UTC (22 years, 1 month ago) by provos
Branch: MAIN
Changes since 1.230: +203 -6 lines
Diff to previous 1.230 (colored)
integrate privilege separated openssh; its turned off by default for now. work done by me and markus@
Revision 1.230 / (download) - annotate - [select for diffs], Mon Mar 18 01:12:14 2002 UTC (22 years, 1 month ago) by provos
Branch: MAIN
Changes since 1.229: +9 -3 lines
Diff to previous 1.229 (colored)
have the authentication functions return the authentication context and then do_authenticated; okay millert@
Revision 1.229 / (download) - annotate - [select for diffs], Thu Mar 14 16:38:26 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.228: +47 -38 lines
Diff to previous 1.228 (colored)
split out ssh1 session key decryption; ok provos@
Revision 1.195.2.4 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:45 2002 UTC (22 years, 1 month ago) by miod
Branch: OPENBSD_2_9
Changes since 1.195.2.3: +98 -65 lines
Diff to previous 1.195.2.3 (colored) to branchpoint 1.195 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.132.2.8 / (download) - annotate - [select for diffs], Fri Mar 8 17:04:43 2002 UTC (22 years, 1 month ago) by brad
Branch: OPENBSD_2_8
Changes since 1.132.2.7: +98 -65 lines
Diff to previous 1.132.2.7 (colored) to branchpoint 1.132 (colored) next main 1.133 (colored)
Merge OpenSSH 3.1.
Revision 1.206.2.2 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:48 2002 UTC (22 years, 1 month ago) by jason
Branch: OPENBSD_3_0
Changes since 1.206.2.1: +98 -65 lines
Diff to previous 1.206.2.1 (colored) to branchpoint 1.206 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.228 / (download) - annotate - [select for diffs], Wed Feb 27 21:23:13 2002 UTC (22 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.227: +5 -5 lines
Diff to previous 1.227 (colored)
remove unneeded casts in [gs]etsockopt(); ok markus@
Revision 1.227 / (download) - annotate - [select for diffs], Sun Feb 24 16:09:52 2002 UTC (22 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.226: +2 -2 lines
Diff to previous 1.226 (colored)
use u_char* here; ok markus@
Revision 1.226 / (download) - annotate - [select for diffs], Mon Feb 11 16:19:39 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.225: +2 -2 lines
Diff to previous 1.225 (colored)
include md5.h not hmac.h
Revision 1.225 / (download) - annotate - [select for diffs], Mon Feb 11 16:17:55 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.224: +4 -3 lines
Diff to previous 1.224 (colored)
do not complain about port > 1024 if rhosts-auth is disabled
Revision 1.224 / (download) - annotate - [select for diffs], Mon Feb 4 12:15:25 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.223: +5 -3 lines
Diff to previous 1.223 (colored)
add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1, fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
Revision 1.223 / (download) - annotate - [select for diffs], Sun Jan 13 17:57:37 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.222: +14 -10 lines
Diff to previous 1.222 (colored)
use buffer API and avoid static strings of fixed size; ok provos@/mouring@
Revision 1.222 / (download) - annotate - [select for diffs], Fri Dec 28 14:50:54 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.221: +2 -3 lines
Diff to previous 1.221 (colored)
packet_read* no longer return the packet length, since it's not used.
Revision 1.221 / (download) - annotate - [select for diffs], Fri Dec 28 13:57:33 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.220: +3 -3 lines
Diff to previous 1.220 (colored)
packet_get_bignum* no longer returns a size
Revision 1.220 / (download) - annotate - [select for diffs], Fri Dec 28 12:14:27 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.219: +2 -2 lines
Diff to previous 1.219 (colored)
s/packet_done/packet_check_eom/ (end-of-message); ok djm@
Revision 1.219 / (download) - annotate - [select for diffs], Thu Dec 27 20:39:58 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.218: +2 -3 lines
Diff to previous 1.218 (colored)
get rid of packet_integrity_check, use packet_done() instead.
Revision 1.218 / (download) - annotate - [select for diffs], Thu Dec 27 18:22:16 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.217: +3 -2 lines
Diff to previous 1.217 (colored)
call fatal() for openssl allocation failures
Revision 1.217 / (download) - annotate - [select for diffs], Wed Dec 19 07:18:56 2001 UTC (22 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.216: +10 -10 lines
Diff to previous 1.216 (colored)
basic KNF done while i was looking for something else
Revision 1.216 / (download) - annotate - [select for diffs], Mon Dec 10 16:45:04 2001 UTC (22 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.215: +2 -1 lines
Diff to previous 1.215 (colored)
possible fd leak on error; ok markus@
Revision 1.215 / (download) - annotate - [select for diffs], Thu Dec 6 13:30:06 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.214: +34 -21 lines
Diff to previous 1.214 (colored)
add -o to sshd, too. ok deraadt@
Revision 1.214 / (download) - annotate - [select for diffs], Wed Dec 5 10:06:13 2001 UTC (22 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.213: +4 -4 lines
Diff to previous 1.213 (colored)
minor KNF
Revision 1.213 / (download) - annotate - [select for diffs], Wed Dec 5 03:50:01 2001 UTC (22 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.212: +2 -2 lines
Diff to previous 1.212 (colored)
deal with LP64 printf issue with sig_atomic_t. from thorpej
Revision 1.212 / (download) - annotate - [select for diffs], Thu Nov 22 12:34:22 2001 UTC (22 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.211: +4 -4 lines
Diff to previous 1.211 (colored)
volatile sig_atomic_t
Revision 1.211 / (download) - annotate - [select for diffs], Mon Nov 19 11:20:21 2001 UTC (22 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.210: +17 -7 lines
Diff to previous 1.210 (colored)
fd leak on HUP; ok stevesk@
Revision 1.195.2.3 / (download) - annotate - [select for diffs], Thu Nov 15 22:51:15 2001 UTC (22 years, 5 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.195.2.2: +9 -9 lines
Diff to previous 1.195.2.2 (colored) to branchpoint 1.195 (colored)
Merge OpenSSH 3.0.1.
Revision 1.132.2.7 / (download) - annotate - [select for diffs], Thu Nov 15 22:50:30 2001 UTC (22 years, 5 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.132.2.6: +9 -9 lines
Diff to previous 1.132.2.6 (colored) to branchpoint 1.132 (colored)
Merge OpenSSH 3.0.1. This is likely to be the last commit to the 2.8-STABLE branch.
Revision 1.195.2.2 / (download) - annotate - [select for diffs], Thu Nov 15 00:15:19 2001 UTC (22 years, 5 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.195.2.1: +3 -1 lines
Diff to previous 1.195.2.1 (colored) to branchpoint 1.195 (colored)
Merge OpenSSH 3.0
Revision 1.132.2.6 / (download) - annotate - [select for diffs], Thu Nov 15 00:15:00 2001 UTC (22 years, 5 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.132.2.5: +3 -1 lines
Diff to previous 1.132.2.5 (colored) to branchpoint 1.132 (colored)
Merge OpenSSH 3.0
Revision 1.210 / (download) - annotate - [select for diffs], Wed Nov 14 20:45:08 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.209: +4 -1 lines
Diff to previous 1.209 (colored)
errno saving wrapping in a signal handler
Revision 1.206.2.1 / (download) - annotate - [select for diffs], Wed Nov 14 03:24:39 2001 UTC (22 years, 5 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.206: +9 -9 lines
Diff to previous 1.206 (colored)
Pull in patches from current (Errata 002): Update to OpenSSH-3.0.1 via errata patch (Instead of using release tarball)
Revision 1.209 / (download) - annotate - [select for diffs], Sat Nov 10 13:19:45 2001 UTC (22 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.208: +6 -6 lines
Diff to previous 1.208 (colored)
cleanup libwrap support (remove bogus comment, bogus close(), add debug, etc).
Revision 1.208 / (download) - annotate - [select for diffs], Fri Nov 9 19:08:35 2001 UTC (22 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.207: +3 -3 lines
Diff to previous 1.207 (colored)
remove extra trailing dot from log message; pilot@naughty.monkey.org
Revision 1.207 / (download) - annotate - [select for diffs], Wed Oct 24 08:41:41 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.206: +2 -2 lines
Diff to previous 1.206 (colored)
mention remote port in debug message
Revision 1.206 / (download) - annotate - [select for diffs], Tue Oct 2 22:56:09 2001 UTC (22 years, 6 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.205: +2 -1 lines
Diff to previous 1.205 (colored)
#include "channels.h" for channel_set_af()
Revision 1.205 / (download) - annotate - [select for diffs], Mon Oct 1 21:38:53 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.204: +2 -1 lines
Diff to previous 1.204 (colored)
remove ugliness; vp@drexel.edu via angelos
Revision 1.195.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:55 2001 UTC (22 years, 7 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.195: +75 -56 lines
Diff to previous 1.195 (colored)
Pull in OpenSSH-2.9.9
Revision 1.132.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:43 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.132.2.4: +75 -56 lines
Diff to previous 1.132.2.4 (colored) to branchpoint 1.132 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.204 / (download) - annotate - [select for diffs], Thu Aug 23 17:59:31 2001 UTC (22 years, 8 months ago) by camield
Branch: MAIN
Changes since 1.203: +2 -2 lines
Diff to previous 1.203 (colored)
end request with 0, not NULL ok markus@
Revision 1.203 / (download) - annotate - [select for diffs], Thu Jul 26 17:18:22 2001 UTC (22 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.202: +13 -2 lines
Diff to previous 1.202 (colored)
add -t option to test configuration file and keys; pekkas@netcore.fi ok markus@
Revision 1.202 / (download) - annotate - [select for diffs], Tue Jun 26 16:15:25 2001 UTC (22 years, 10 months ago) by dugsong
Branch: MAIN
Changes since 1.201: +7 -12 lines
Diff to previous 1.201 (colored)
Kerberos v5 support for SSH1, mostly from Assar Westerlund <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
Revision 1.201 / (download) - annotate - [select for diffs], Sat Jun 23 19:12:43 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.200: +17 -12 lines
Diff to previous 1.200 (colored)
pidfile/sigterm race; bbraun@synack.net
Revision 1.200 / (download) - annotate - [select for diffs], Sat Jun 23 15:12:21 2001 UTC (22 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.199: +18 -19 lines
Diff to previous 1.199 (colored)
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
Revision 1.199 / (download) - annotate - [select for diffs], Mon Jun 4 23:07:21 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.198: +14 -9 lines
Diff to previous 1.198 (colored)
set flags in the signal handlers, do real work in the main loop, ok provos@
Revision 1.198 / (download) - annotate - [select for diffs], Mon May 28 23:58:35 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.197: +1 -3 lines
Diff to previous 1.197 (colored)
remove some lines, simplify.
Revision 1.197 / (download) - annotate - [select for diffs], Sat May 19 19:43:57 2001 UTC (22 years, 11 months ago) by stevesk
Branch: MAIN
Changes since 1.196: +9 -3 lines
Diff to previous 1.196 (colored)
sshd command-line arguments and configuration file options that specify time may be expressed using a sequence of the form: time[qualifier], where time is a positive integer value and qualifier is one of the following: <none>,s,m,h,d,w Examples: 600 600 seconds (10 minutes) 10m 10 minutes 1h30m 1 hour 30 minutes (90 minutes) ok markus@
Revision 1.196 / (download) - annotate - [select for diffs], Fri May 18 14:13:29 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.195: +2 -2 lines
Diff to previous 1.195 (colored)
improved kbd-interactive support. work by per@appgate.com and me
Revision 1.132.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:38 2001 UTC (22 years, 11 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.132.2.3: +54 -369 lines
Diff to previous 1.132.2.3 (colored) to branchpoint 1.132 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.195 / (download) - annotate - [select for diffs], Sun Apr 15 16:58:03 2001 UTC (23 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.194: +3 -3 lines
Diff to previous 1.194 (colored)
don't use errno for key_{load,save}_private; discussion w/ solar@openwall
Revision 1.194 / (download) - annotate - [select for diffs], Sun Apr 15 08:43:47 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.193: +3 -3 lines
Diff to previous 1.193 (colored)
some unused variable and typos; from tomh@po.crl.go.jp
Revision 1.193 / (download) - annotate - [select for diffs], Thu Apr 12 20:09:38 2001 UTC (23 years ago) by stevesk
Branch: MAIN
Changes since 1.192: +6 -2 lines
Diff to previous 1.192 (colored)
robust port validation; ok markus@ jakob@
Revision 1.192 / (download) - annotate - [select for diffs], Wed Apr 11 16:25:30 2001 UTC (23 years ago) by lebel
Branch: MAIN
Changes since 1.191: +5 -2 lines
Diff to previous 1.191 (colored)
implement the -e option into sshd: -e When this option is specified, sshd will send the output to the standard error instead of the system log. markus@ OK.
Revision 1.191 / (download) - annotate - [select for diffs], Thu Apr 5 10:42:57 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.190: +4 -4 lines
Diff to previous 1.190 (colored)
fix whitespace: unexpand + trailing spaces.
Revision 1.190 / (download) - annotate - [select for diffs], Wed Apr 4 20:25:38 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.189: +2 -2 lines
Diff to previous 1.189 (colored)
more robust rekeying don't send channel data after rekeying is started.
Revision 1.189 / (download) - annotate - [select for diffs], Wed Apr 4 14:34:58 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.188: +7 -2 lines
Diff to previous 1.188 (colored)
enable server side rekeying + some rekey related clientup. todo: we should not send any non-KEX messages after we send KEXINIT
Revision 1.188 / (download) - annotate - [select for diffs], Wed Apr 4 09:48:35 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.187: +2 -2 lines
Diff to previous 1.187 (colored)
don't sent multiple kexinit-requests. send newkeys, block while waiting for newkeys. fix comments.
Revision 1.187 / (download) - annotate - [select for diffs], Tue Apr 3 23:32:12 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.186: +4 -1 lines
Diff to previous 1.186 (colored)
undo parts of recent my changes: main part of keyexchange does not need dispatch-callbacks, since application data is delayed until the keyexchange completes (if i understand the drafts correctly). add some infrastructure for re-keying.
Revision 1.186 / (download) - annotate - [select for diffs], Tue Apr 3 19:53:29 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.185: +10 -349 lines
Diff to previous 1.185 (colored)
move kex to kex*.c, used dispatch_set() callbacks for kex. should make rekeying easier.
Revision 1.185 / (download) - annotate - [select for diffs], Thu Mar 29 23:42:01 2001 UTC (23 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.184: +6 -5 lines
Diff to previous 1.184 (colored)
Protocol 1 key regeneration log => verbose, some KNF; ok markus@
Revision 1.184 / (download) - annotate - [select for diffs], Thu Mar 29 21:06:21 2001 UTC (23 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.183: +6 -4 lines
Diff to previous 1.183 (colored)
need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
Revision 1.183 / (download) - annotate - [select for diffs], Wed Mar 28 21:59:41 2001 UTC (23 years, 1 month ago) by provos
Branch: MAIN
Changes since 1.182: +9 -2 lines
Diff to previous 1.182 (colored)
forgot to include min and max params in hash, okay markus@
Revision 1.182 / (download) - annotate - [select for diffs], Wed Mar 28 20:50:45 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.181: +2 -2 lines
Diff to previous 1.181 (colored)
call refuse() before close(); from olemx@ans.pl
Revision 1.181 / (download) - annotate - [select for diffs], Tue Mar 27 17:46:49 2001 UTC (23 years, 1 month ago) by provos
Branch: MAIN
Changes since 1.180: +29 -5 lines
Diff to previous 1.180 (colored)
make dh group exchange more flexible, allow min and max group size, okay markus@, deraadt@
Revision 1.180 / (download) - annotate - [select for diffs], Tue Mar 27 10:34:08 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.179: +2 -1 lines
Diff to previous 1.179 (colored)
use EVP_get_digestbynid, reorder some calls and fix missing free.
Revision 1.179 / (download) - annotate - [select for diffs], Mon Mar 26 08:07:09 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.178: +7 -36 lines
Diff to previous 1.178 (colored)
simpler key load/save interface, see authfile.h
Revision 1.178 / (download) - annotate - [select for diffs], Fri Mar 23 14:28:32 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.177: +4 -1 lines
Diff to previous 1.177 (colored)
ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
Revision 1.177 / (download) - annotate - [select for diffs], Fri Mar 23 11:04:07 2001 UTC (23 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.176: +4 -1 lines
Diff to previous 1.176 (colored)
Compat for OpenSSH with broken Rijndael/AES. ok markus@
Revision 1.176 / (download) - annotate - [select for diffs], Thu Mar 22 20:22:55 2001 UTC (23 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.175: +3 -6 lines
Diff to previous 1.175 (colored)
do not place linefeeds in buffer
Revision 1.132.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:31 2001 UTC (23 years, 1 month ago) by jason
Branch: OPENBSD_2_8
Changes since 1.132.2.2: +62 -30 lines
Diff to previous 1.132.2.2 (colored) to branchpoint 1.132 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.115.2.5 / (download) - annotate - [select for diffs], Wed Mar 21 18:53:16 2001 UTC (23 years, 1 month ago) by jason
Branch: OPENBSD_2_7
Changes since 1.115.2.4: +62 -30 lines
Diff to previous 1.115.2.4 (colored) to branchpoint 1.115 (colored) next main 1.116 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.175 / (download) - annotate - [select for diffs], Sun Mar 18 23:30:55 2001 UTC (23 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.174: +7 -1 lines
Diff to previous 1.174 (colored)
specifically version match on ssh scanners. do not log scan information to the console, because clueless users freak out when people do completely legal probes. instead, generate a detailed log file entry and use british humour to relax their sphincters a little bit.
Revision 1.115.2.4 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:17 2001 UTC (23 years, 1 month ago) by jason
Branch: OPENBSD_2_7
Changes since 1.115.2.3: +359 -243 lines
Diff to previous 1.115.2.3 (colored) to branchpoint 1.115 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.174 / (download) - annotate - [select for diffs], Fri Mar 9 12:30:29 2001 UTC (23 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.173: +6 -6 lines
Diff to previous 1.173 (colored)
typo; slade@shore.net
Revision 1.173 / (download) - annotate - [select for diffs], Mon Mar 5 17:17:21 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.172: +3 -3 lines
Diff to previous 1.172 (colored)
generate a 2*need size (~300 instead of 1024/2048) random private exponent during the DH key agreement. according to Niels (the great german advisor) this is safe since /etc/primes contains strong primes only. References: P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key agreement with short exponents, In Advances in Cryptology - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
Revision 1.172 / (download) - annotate - [select for diffs], Sun Mar 4 17:42:28 2001 UTC (23 years, 1 month ago) by millert
Branch: MAIN
Changes since 1.171: +2 -2 lines
Diff to previous 1.171 (colored)
log functions should not be passed strings that end in newline as they get passed on to syslog() and when logging to stderr, do_log() appends its own newline.
Revision 1.171 / (download) - annotate - [select for diffs], Sun Mar 4 01:46:30 2001 UTC (23 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.170: +2 -2 lines
Diff to previous 1.170 (colored)
Rename pty.[ch] -> sshpty.[ch] and login.[ch] to sshlogin.[ch] to avoid header conflicts in portable; ok markus@
Revision 1.170 / (download) - annotate - [select for diffs], Wed Feb 28 21:21:41 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.169: +3 -1 lines
Diff to previous 1.169 (colored)
generate a fake session id, too
Revision 1.169 / (download) - annotate - [select for diffs], Fri Feb 23 18:15:13 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.168: +43 -20 lines
Diff to previous 1.168 (colored)
the random session key depends now on the session_key_int sent by the 'attacker' dig1 = md5(cookie|session_key_int); dig2 = md5(dig1|cookie|session_key_int); fake_session_key = dig1|dig2; this change is caused by a mail from anakin@pobox.com patch based on discussions with my german advisor niels@openbsd.org
Revision 1.168 / (download) - annotate - [select for diffs], Mon Feb 19 23:09:05 2001 UTC (23 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.167: +3 -2 lines
Diff to previous 1.167 (colored)
clarify message to make it not mention "ident"
Revision 1.132.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:19:38 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.132.2.1: +0 -0 lines
Diff to previous 1.132.2.1 (colored) to branchpoint 1.132 (colored)
Pull in OpenSSH-2.5.1
Revision 1.132.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:13:23 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.132: +359 -243 lines
Diff to previous 1.132 (colored)
Pull in OpenSSH 2.5.0
Revision 1.167 / (download) - annotate - [select for diffs], Mon Feb 12 23:26:20 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.166: +3 -2 lines
Diff to previous 1.166 (colored)
missing memset; from solar@openwall.com
Revision 1.166 / (download) - annotate - [select for diffs], Sun Feb 11 12:59:25 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.165: +5 -1 lines
Diff to previous 1.165 (colored)
1) clean up the MAC support for SSH-2 2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@
Revision 1.165 / (download) - annotate - [select for diffs], Thu Feb 8 19:30:53 2001 UTC (23 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.164: +5 -5 lines
Diff to previous 1.164 (colored)
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
Revision 1.164 / (download) - annotate - [select for diffs], Wed Feb 7 22:35:46 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.163: +8 -1 lines
Diff to previous 1.163 (colored)
move k_setpag() to a central place; ok dugsong@
Revision 1.163 / (download) - annotate - [select for diffs], Sun Feb 4 23:56:23 2001 UTC (23 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.162: +3 -3 lines
Diff to previous 1.162 (colored)
alpha happiness
Revision 1.162 / (download) - annotate - [select for diffs], Sun Feb 4 22:12:17 2001 UTC (23 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.161: +2 -2 lines
Diff to previous 1.161 (colored)
precedence; ok markus@
Revision 1.161 / (download) - annotate - [select for diffs], Sun Feb 4 15:32:27 2001 UTC (23 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.160: +5 -5 lines
Diff to previous 1.160 (colored)
unexpand and remove end-of-line whitespace; ok markus@
Revision 1.160 / (download) - annotate - [select for diffs], Sun Feb 4 15:14:15 2001 UTC (23 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.159: +2 -2 lines
Diff to previous 1.159 (colored)
make the alpha happy
Revision 1.159 / (download) - annotate - [select for diffs], Mon Jan 29 19:47:31 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.158: +38 -19 lines
Diff to previous 1.158 (colored)
handle rsa_private_decrypt failures; helps against the Bleichenbacher pkcs#1 attack
Revision 1.158 / (download) - annotate - [select for diffs], Sun Jan 28 10:37:26 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.157: +3 -6 lines
Diff to previous 1.157 (colored)
remove -Q, no longer needed
Revision 1.157 / (download) - annotate - [select for diffs], Mon Jan 22 23:06:40 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.156: +2 -2 lines
Diff to previous 1.156 (colored)
rename skey -> challenge response. auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
Revision 1.156 / (download) - annotate - [select for diffs], Mon Jan 22 17:22:28 2001 UTC (23 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.155: +5 -1 lines
Diff to previous 1.155 (colored)
fix memory leaks in SSH2 key exchange; ok markus@
Revision 1.155 / (download) - annotate - [select for diffs], Sun Jan 21 19:06:00 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.154: +14 -12 lines
Diff to previous 1.154 (colored)
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
Revision 1.154 / (download) - annotate - [select for diffs], Fri Jan 19 15:55:12 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.153: +6 -4 lines
Diff to previous 1.153 (colored)
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
Revision 1.153 / (download) - annotate - [select for diffs], Fri Jan 19 12:45:27 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.152: +1 -3 lines
Diff to previous 1.152 (colored)
only auth-chall.c needs #ifdef SKEY
Revision 1.152 / (download) - annotate - [select for diffs], Thu Jan 18 16:20:22 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.151: +2 -2 lines
Diff to previous 1.151 (colored)
log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many systems
Revision 1.151 / (download) - annotate - [select for diffs], Thu Jan 18 15:54:49 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.150: +25 -26 lines
Diff to previous 1.150 (colored)
don't call rsa-keygen from signalhandler. re-schedule keygen at the time the key is actually used.
Revision 1.150 / (download) - annotate - [select for diffs], Sat Jan 13 18:32:51 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.149: +7 -1 lines
Diff to previous 1.149 (colored)
split out keepalive from packet_interactive (from dale@accentre.com) set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
Revision 1.149 / (download) - annotate - [select for diffs], Sat Jan 13 18:03:07 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.148: +2 -2 lines
Diff to previous 1.148 (colored)
getopt() returns -1 not EOF; stevesk@pobox.com
Revision 1.148 / (download) - annotate - [select for diffs], Thu Jan 11 22:14:20 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.147: +3 -3 lines
Diff to previous 1.147 (colored)
maxfd+1
Revision 1.147 / (download) - annotate - [select for diffs], Wed Jan 10 19:43:20 2001 UTC (23 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.146: +3 -2 lines
Diff to previous 1.146 (colored)
XXX -- generate_empheral_server_key() is not safe against races, because it calls log()
Revision 1.146 / (download) - annotate - [select for diffs], Sun Jan 7 11:28:07 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.145: +2 -2 lines
Diff to previous 1.145 (colored)
rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE syslog priority changes: fatal() LOG_ERR -> LOG_CRIT log() LOG_INFO -> LOG_NOTICE
Revision 1.145 / (download) - annotate - [select for diffs], Thu Jan 4 22:25:58 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.144: +2 -2 lines
Diff to previous 1.144 (colored)
sync usage()/man with defaults; from stevesk@pobox.com
Revision 1.144 / (download) - annotate - [select for diffs], Thu Dec 28 12:03:58 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.143: +2 -1 lines
Diff to previous 1.143 (colored)
document -D
Revision 1.143 / (download) - annotate - [select for diffs], Wed Dec 27 12:34:50 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.142: +2 -2 lines
Diff to previous 1.142 (colored)
typo
Revision 1.142 / (download) - annotate - [select for diffs], Wed Dec 20 19:37:22 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.141: +5 -5 lines
Diff to previous 1.141 (colored)
fix prototypes; from stevesk@pobox.com
Revision 1.141 / (download) - annotate - [select for diffs], Wed Dec 20 19:32:08 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.140: +3 -1 lines
Diff to previous 1.140 (colored)
init pointer to NULL; report from Jan.Iven@cern.ch
Revision 1.140 / (download) - annotate - [select for diffs], Tue Dec 19 23:17:59 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.139: +20 -20 lines
Diff to previous 1.139 (colored)
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
Revision 1.139 / (download) - annotate - [select for diffs], Fri Dec 15 17:30:14 2000 UTC (23 years, 4 months ago) by provos
Branch: MAIN
Changes since 1.138: +9 -4 lines
Diff to previous 1.138 (colored)
compute diffie-hellman in parallel between server and client. okay markus@
Revision 1.138 / (download) - annotate - [select for diffs], Tue Dec 12 22:30:02 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.137: +11 -16 lines
Diff to previous 1.137 (colored)
consistently use __progname; from stevesk@pobox.com
Revision 1.137 / (download) - annotate - [select for diffs], Tue Dec 12 21:45:21 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.136: +4 -5 lines
Diff to previous 1.136 (colored)
source port < 1024 is no longer required for rhosts-rsa since it adds no additional security.
Revision 1.136 / (download) - annotate - [select for diffs], Tue Dec 5 16:47:28 2000 UTC (23 years, 4 months ago) by todd
Branch: MAIN
Changes since 1.135: +4 -4 lines
Diff to previous 1.135 (colored)
tweak comment to reflect real location of pid file; ok provos@
Revision 1.135 / (download) - annotate - [select for diffs], Wed Nov 29 21:11:59 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.134: +9 -3 lines
Diff to previous 1.134 (colored)
sshd -D, startup w/o daemon(), for monitoring scripts or initab; from handler@sub-rosa.com and eric@urbanrage.com; ok niels@
Revision 1.134 / (download) - annotate - [select for diffs], Sun Nov 12 19:50:38 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.133: +192 -126 lines
Diff to previous 1.133 (colored)
add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
Revision 1.115.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 21:31:32 2000 UTC (23 years, 5 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.115.2.2: +249 -44 lines
Diff to previous 1.115.2.2 (colored) to branchpoint 1.115 (colored)
openssh-2.3.0 (again) for 2.7 branch
Revision 1.133 / (download) - annotate - [select for diffs], Mon Nov 6 23:13:27 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.132: +3 -1 lines
Diff to previous 1.132 (colored)
do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi
Revision 1.132 / (download) - annotate - [select for diffs], Fri Oct 13 18:34:46 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.131: +5 -1 lines
Diff to previous 1.131 (colored)
Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
Revision 1.131 / (download) - annotate - [select for diffs], Thu Oct 12 09:59:20 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.130: +3 -3 lines
Diff to previous 1.130 (colored)
enable DES in SSH-1 clients only
Revision 1.130 / (download) - annotate - [select for diffs], Wed Oct 11 20:27:24 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.129: +8 -3 lines
Diff to previous 1.129 (colored)
new cipher framework
Revision 1.129 / (download) - annotate - [select for diffs], Wed Oct 11 04:02:17 2000 UTC (23 years, 6 months ago) by provos
Branch: MAIN
Changes since 1.128: +185 -25 lines
Diff to previous 1.128 (colored)
First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company.
Revision 1.128 / (download) - annotate - [select for diffs], Sun Sep 17 15:38:59 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.127: +6 -5 lines
Diff to previous 1.127 (colored)
fix DEBUG_KEXDH
Revision 1.127 / (download) - annotate - [select for diffs], Tue Sep 12 20:53:10 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.126: +15 -6 lines
Diff to previous 1.126 (colored)
multiple debug levels
Revision 1.126 / (download) - annotate - [select for diffs], Thu Sep 7 20:27:55 2000 UTC (23 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.125: +34 -8 lines
Diff to previous 1.125 (colored)
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
Revision 1.115.2.2 / (download) - annotate - [select for diffs], Fri Sep 1 18:23:24 2000 UTC (23 years, 7 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.115.2.1: +153 -57 lines
Diff to previous 1.115.2.1 (colored) to branchpoint 1.115 (colored)
Pull in the rest of openssh-2.2.0 to 2.7 branch (luvin' cvs...)
Revision 1.125 / (download) - annotate - [select for diffs], Thu Aug 17 20:06:34 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.124: +9 -2 lines
Diff to previous 1.124 (colored)
sshd -u len, similar to telnetd
Revision 1.124 / (download) - annotate - [select for diffs], Sat Jul 22 09:14:37 2000 UTC (23 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.123: +32 -2 lines
Diff to previous 1.123 (colored)
random early drop; ok theo, niels
Revision 1.123 / (download) - annotate - [select for diffs], Tue Jul 18 01:25:01 2000 UTC (23 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.122: +2 -1 lines
Diff to previous 1.122 (colored)
Another closing of stdin; ok deraadt
Revision 1.122 / (download) - annotate - [select for diffs], Tue Jul 11 08:11:34 2000 UTC (23 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.121: +2 -1 lines
Diff to previous 1.121 (colored)
make MaxStartups code still work with -d; djm
Revision 1.121 / (download) - annotate - [select for diffs], Wed Jul 5 21:35:56 2000 UTC (23 years, 9 months ago) by provos
Branch: MAIN
Changes since 1.120: +2 -2 lines
Diff to previous 1.120 (colored)
typo
Revision 1.120 / (download) - annotate - [select for diffs], Mon Jun 26 21:59:18 2000 UTC (23 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.119: +111 -54 lines
Diff to previous 1.119 (colored)
MaxStartups: limit number of unauthenticated connections, work by theo and me
Revision 1.119 / (download) - annotate - [select for diffs], Thu Jun 22 16:32:27 2000 UTC (23 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.118: +2 -2 lines
Diff to previous 1.118 (colored)
missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
Revision 1.115.2.1 / (download) - annotate - [select for diffs], Mon Jun 12 02:37:39 2000 UTC (23 years, 10 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.115: +13 -58 lines
Diff to previous 1.115 (colored)
lovin' CVS... update patch branch to OpenSSH-2.1.1
Revision 1.118 / (download) - annotate - [select for diffs], Thu May 25 20:45:20 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.117: +7 -40 lines
Diff to previous 1.117 (colored)
split kexinit/kexdh, factor out common code
Revision 1.117 / (download) - annotate - [select for diffs], Thu May 18 13:27:36 2000 UTC (23 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.116: +7 -4 lines
Diff to previous 1.116 (colored)
Check for RSA key presence before freeing them. From kevin_oconnor@standardandpoors.com. ok Markus.
Revision 1.116 / (download) - annotate - [select for diffs], Wed May 17 08:20:16 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.115: +1 -16 lines
Diff to previous 1.115 (colored)
enable nonblocking IO for sshd w/ proto 1, too; split out common code
Revision 1.115 / (download) - annotate - [select for diffs], Wed May 3 10:21:49 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE
Branch point for: OPENBSD_2_7
Changes since 1.114: +4 -3 lines
Diff to previous 1.114 (colored)
s/DsaKey/HostDSAKey/, document option
Revision 1.114 / (download) - annotate - [select for diffs], Tue May 2 12:44:38 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.113: +2 -2 lines
Diff to previous 1.113 (colored)
use c-style comments
Revision 1.113 / (download) - annotate - [select for diffs], Mon May 1 20:34:51 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.112: +2 -1 lines
Diff to previous 1.112 (colored)
unlink pid file, ok niels@
Revision 1.112 / (download) - annotate - [select for diffs], Mon May 1 18:50:59 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.111: +2 -2 lines
Diff to previous 1.111 (colored)
PidFile, pr 1210
Revision 1.111 / (download) - annotate - [select for diffs], Thu Apr 27 08:01:28 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.110: +3 -1 lines
Diff to previous 1.110 (colored)
xfree DSA blobs
Revision 1.110 / (download) - annotate - [select for diffs], Wed Apr 26 22:36:06 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.109: +6 -7 lines
Diff to previous 1.109 (colored)
silent if -Q is specified
Revision 1.109 / (download) - annotate - [select for diffs], Wed Apr 26 22:15:59 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.108: +2 -4 lines
Diff to previous 1.108 (colored)
remove unused
Revision 1.108 / (download) - annotate - [select for diffs], Wed Apr 26 20:56:30 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.107: +137 -79 lines
Diff to previous 1.107 (colored)
add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX] for trading keys with the real and the original SSH, directly from the people who invented the SSH protocol.
Revision 1.107 / (download) - annotate - [select for diffs], Wed Apr 19 07:05:50 2000 UTC (24 years ago) by deraadt
Branch: MAIN
Changes since 1.106: +3 -2 lines
Diff to previous 1.106 (colored)
pid_t
Revision 1.106 / (download) - annotate - [select for diffs], Mon Apr 17 12:31:47 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.105: +2 -1 lines
Diff to previous 1.105 (colored)
missing xfree()
Revision 1.105 / (download) - annotate - [select for diffs], Fri Apr 14 10:30:33 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.104: +27 -27 lines
Diff to previous 1.104 (colored)
whitespace cleanup
Revision 1.104 / (download) - annotate - [select for diffs], Wed Apr 12 09:39:10 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.103: +6 -6 lines
Diff to previous 1.103 (colored)
#include <ssl/foo.h> -> <openssh/foo.h>
Revision 1.103 / (download) - annotate - [select for diffs], Wed Apr 12 08:11:36 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.102: +3 -2 lines
Diff to previous 1.102 (colored)
print 1.99 only if server supports both
Revision 1.102 / (download) - annotate - [select for diffs], Wed Apr 12 07:45:44 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.101: +45 -23 lines
Diff to previous 1.101 (colored)
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
Revision 1.101 / (download) - annotate - [select for diffs], Wed Apr 12 07:03:06 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.100: +4 -2 lines
Diff to previous 1.100 (colored)
check for reasonable public DH values
Revision 1.100 / (download) - annotate - [select for diffs], Wed Apr 12 06:37:02 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.99: +3 -2 lines
Diff to previous 1.99 (colored)
less debugging output
Revision 1.99 / (download) - annotate - [select for diffs], Fri Apr 7 09:17:39 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.98: +5 -2 lines
Diff to previous 1.98 (colored)
interop w/ latest ssh.com windows client.
Revision 1.98 / (download) - annotate - [select for diffs], Thu Apr 6 08:55:22 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.97: +229 -6 lines
Diff to previous 1.97 (colored)
ssh2 server side, see README.openssh2; enable with 'sshd -2'
Revision 1.97 / (download) - annotate - [select for diffs], Tue Apr 4 21:37:27 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)
remove unused argument, split cipher_mask()
Revision 1.96 / (download) - annotate - [select for diffs], Tue Mar 28 21:15:45 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.95: +101 -1624 lines
Diff to previous 1.95 (colored)
split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
Revision 1.95 / (download) - annotate - [select for diffs], Tue Mar 28 20:31:29 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.94: +3 -1 lines
Diff to previous 1.94 (colored)
replace big switch() with function tables (prepare for ssh2)
Revision 1.94 / (download) - annotate - [select for diffs], Thu Mar 23 22:15:34 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.93: +15 -12 lines
Diff to previous 1.93 (colored)
initial support for DSA keys. ok deraadt@, niels@
Revision 1.93 / (download) - annotate - [select for diffs], Wed Mar 22 09:55:10 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.92: +1 -4 lines
Diff to previous 1.92 (colored)
remove unused cipher_attack_detected code
Revision 1.92 / (download) - annotate - [select for diffs], Thu Mar 16 20:56:15 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.91: +11 -7 lines
Diff to previous 1.91 (colored)
-pedantic: signed vs. unsigned, void*-arithm, etc
Revision 1.91 / (download) - annotate - [select for diffs], Thu Mar 9 19:31:47 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.90: +16 -9 lines
Diff to previous 1.90 (colored)
disallow guessing of root password
Revision 1.90 / (download) - annotate - [select for diffs], Mon Mar 6 20:29:04 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.89: +2 -2 lines
Diff to previous 1.89 (colored)
fix pr 1113, fclose() -> pclose(), todo: remote popen()
Revision 1.89 / (download) - annotate - [select for diffs], Mon Feb 28 19:40:23 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.88: +3 -2 lines
Diff to previous 1.88 (colored)
create x11 cookie file
Revision 1.88 / (download) - annotate - [select for diffs], Tue Feb 15 16:52:57 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.87: +48 -56 lines
Diff to previous 1.87 (colored)
register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@
Revision 1.87 / (download) - annotate - [select for diffs], Tue Feb 15 09:25:45 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.86: +34 -26 lines
Diff to previous 1.86 (colored)
move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too. (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
Revision 1.86 / (download) - annotate - [select for diffs], Sun Feb 6 10:18:58 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)
typo
Revision 1.85 / (download) - annotate - [select for diffs], Sat Feb 5 10:13:12 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.84: +7 -3 lines
Diff to previous 1.84 (colored)
missing xfree()
Revision 1.84 / (download) - annotate - [select for diffs], Tue Feb 1 13:52:26 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.83: +2 -2 lines
Diff to previous 1.83 (colored)
oops, fix comment, too.
Revision 1.83 / (download) - annotate - [select for diffs], Mon Jan 31 23:57:01 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.82: +10 -4 lines
Diff to previous 1.82 (colored)
delay close() of pty until the pty has been chowned back to root
Revision 1.82 / (download) - annotate - [select for diffs], Thu Jan 27 20:20:02 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.81: +12 -5 lines
Diff to previous 1.81 (colored)
deny login if shell does not exist or is not executable at all make no-port-forwarding for RSA keys deny both -L and -R style fwding
Revision 1.81 / (download) - annotate - [select for diffs], Mon Jan 24 20:31:19 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.80: +4 -3 lines
Diff to previous 1.80 (colored)
don't panic if client behaves strange. ok deraadt@
Revision 1.80 / (download) - annotate - [select for diffs], Thu Jan 20 15:19:22 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.79: +15 -9 lines
Diff to previous 1.79 (colored)
log with level log() not fatal() if peer behaves badly.
Revision 1.79 / (download) - annotate - [select for diffs], Tue Jan 18 13:45:05 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.78: +1 -3 lines
Diff to previous 1.78 (colored)
no need for poll.h; from bright@wintelcom.net
Revision 1.78 / (download) - annotate - [select for diffs], Tue Jan 18 09:42:18 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.77: +3 -6 lines
Diff to previous 1.77 (colored)
disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
Revision 1.77 / (download) - annotate - [select for diffs], Sun Jan 16 23:03:10 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.76: +38 -38 lines
Diff to previous 1.76 (colored)
split key exchange (kex) and user authentication (user-auth), ok: provos@
Revision 1.76 / (download) - annotate - [select for diffs], Tue Jan 4 16:54:58 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.75: +9 -1 lines
Diff to previous 1.75 (colored)
allow auth-kerberos for IPv4 only
Revision 1.75 / (download) - annotate - [select for diffs], Tue Jan 4 00:08:01 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.74: +160 -81 lines
Diff to previous 1.74 (colored)
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
Revision 1.74 / (download) - annotate - [select for diffs], Sun Dec 12 19:20:03 1999 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.73: +2 -2 lines
Diff to previous 1.73 (colored)
type conflict for 'extern Type *options' in channels.c; dot@dotat.at
Revision 1.73 / (download) - annotate - [select for diffs], Wed Dec 8 23:59:12 1999 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.72: +19 -15 lines
Diff to previous 1.72 (colored)
repair fake-skey for AUTH_TIS
Revision 1.72 / (download) - annotate - [select for diffs], Wed Dec 8 04:36:41 1999 UTC (24 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.71: +3 -1 lines
Diff to previous 1.71 (colored)
careless niels
Revision 1.71 / (download) - annotate - [select for diffs], Wed Dec 8 00:08:09 1999 UTC (24 years, 4 months ago) by provos
Branch: MAIN
Changes since 1.70: +2 -2 lines
Diff to previous 1.70 (colored)
make that a fatal
Revision 1.70 / (download) - annotate - [select for diffs], Tue Dec 7 23:14:36 1999 UTC (24 years, 4 months ago) by provos
Branch: MAIN
Changes since 1.69: +14 -2 lines
Diff to previous 1.69 (colored)
fix sighup handling. accept would just restart and daemon handled sighup only after the next connection was accepted. use poll on listen sock now.
Revision 1.69 / (download) - annotate - [select for diffs], Tue Dec 7 17:52:29 1999 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.68: +5 -2 lines
Diff to previous 1.68 (colored)
make sure the client selects a supported cipher
Revision 1.68 / (download) - annotate - [select for diffs], Mon Dec 6 20:15:30 1999 UTC (24 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.67: +9 -7 lines
Diff to previous 1.67 (colored)
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
Revision 1.67 / (download) - annotate - [select for diffs], Mon Dec 6 12:10:12 1999 UTC (24 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.66: +3 -2 lines
Diff to previous 1.66 (colored)
use openpty() if it exists (it does on BSD4_4)
Revision 1.66 / (download) - annotate - [select for diffs], Wed Nov 24 19:53:53 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.65: +286 -215 lines
Diff to previous 1.65 (colored)
KNF, final part 3
Revision 1.65 / (download) - annotate - [select for diffs], Wed Nov 24 00:26:03 1999 UTC (24 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.64: +116 -94 lines
Diff to previous 1.64 (colored)
much more KNF
Revision 1.64 / (download) - annotate - [select for diffs], Tue Nov 23 22:25:55 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.63: +1966 -2069 lines
Diff to previous 1.63 (colored)
KNF part 1
Revision 1.63 / (download) - annotate - [select for diffs], Mon Nov 22 21:52:42 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.62: +43 -2 lines
Diff to previous 1.62 (colored)
tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@
Revision 1.62 / (download) - annotate - [select for diffs], Mon Nov 22 21:02:39 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.61: +104 -62 lines
Diff to previous 1.61 (colored)
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
Revision 1.61 / (download) - annotate - [select for diffs], Mon Nov 22 20:02:45 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.60: +41 -27 lines
Diff to previous 1.60 (colored)
-V, for fallback to openssh in SSH2 compatibility mode
Revision 1.60 / (download) - annotate - [select for diffs], Sat Nov 20 20:07:23 1999 UTC (24 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.59: +5 -2 lines
Diff to previous 1.59 (colored)
fix sigchld race; cjc5@po.cwru.edu
Revision 1.59 / (download) - annotate - [select for diffs], Fri Nov 19 19:58:18 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.58: +6 -5 lines
Diff to previous 1.58 (colored)
SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@ [hope this time my ISP stays alive during commit]
Revision 1.58 / (download) - annotate - [select for diffs], Thu Nov 18 14:00:49 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.57: +2 -2 lines
Diff to previous 1.57 (colored)
more %d vs. %s in fmt-strings
Revision 1.57 / (download) - annotate - [select for diffs], Wed Nov 17 09:51:21 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.56: +6 -2 lines
Diff to previous 1.56 (colored)
bugfix: the log() for passwd-auth escaped during logging changes.
Revision 1.56 / (download) - annotate - [select for diffs], Tue Nov 16 21:15:19 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.55: +12 -18 lines
Diff to previous 1.55 (colored)
force logging to stderr while loading private key file (lost while converting to new log-levels)
Revision 1.55 / (download) - annotate - [select for diffs], Mon Nov 15 21:38:54 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.54: +2 -3 lines
Diff to previous 1.54 (colored)
remove support for cipher RC4
Revision 1.54 / (download) - annotate - [select for diffs], Mon Nov 15 20:53:25 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.53: +8 -7 lines
Diff to previous 1.53 (colored)
the keysize of rsa-parameter 'n' is passed implizit, a few more checks and warnings about 'pretended' keysizes.
Revision 1.53 / (download) - annotate - [select for diffs], Mon Nov 15 00:42:01 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.52: +6 -4 lines
Diff to previous 1.52 (colored)
disconnect if getpeername() fails
Revision 1.52 / (download) - annotate - [select for diffs], Sun Nov 14 23:20:09 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.51: +281 -321 lines
Diff to previous 1.51 (colored)
split do_authentication() in subroutines move checking of remote port to central place
Revision 1.51 / (download) - annotate - [select for diffs], Thu Nov 11 23:36:53 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.50: +3 -4 lines
Diff to previous 1.50 (colored)
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
Revision 1.50 / (download) - annotate - [select for diffs], Thu Nov 11 22:58:39 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.49: +2 -5 lines
Diff to previous 1.49 (colored)
IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok deraadt,millert
Revision 1.49 / (download) - annotate - [select for diffs], Thu Nov 11 15:23:14 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
session_key_int may be zero
Revision 1.48 / (download) - annotate - [select for diffs], Thu Nov 11 10:05:34 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.47: +8 -7 lines
Diff to previous 1.47 (colored)
fix fatal/assert() bug reported by damien@ibs.com.au: allow session_key_int != sizeof(session_key) [this should fix the pre-assert-removal-core-files]
Revision 1.47 / (download) - annotate - [select for diffs], Wed Nov 10 23:36:45 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.46: +17 -16 lines
Diff to previous 1.46 (colored)
add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd, obsoletes QuietMode and FascistLogging in sshd.
Revision 1.46 / (download) - annotate - [select for diffs], Wed Nov 10 22:24:01 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.45: +23 -14 lines
Diff to previous 1.45 (colored)
remove x11- and krb-cleanup from fatal() + krb-cleanup cleanup
Revision 1.45 / (download) - annotate - [select for diffs], Wed Nov 3 23:31:03 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.44: +9 -9 lines
Diff to previous 1.44 (colored)
don't send fail-msg but disconnect if too many authentication failures
Revision 1.44 / (download) - annotate - [select for diffs], Tue Nov 2 19:42:37 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.43: +20 -7 lines
Diff to previous 1.43 (colored)
replace assert() with error, fatal or packet_disconnect
Revision 1.43 / (download) - annotate - [select for diffs], Tue Nov 2 19:10:15 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)
remove unused argument. ok dugsong
Revision 1.42 / (download) - annotate - [select for diffs], Tue Nov 2 00:08:42 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)
typo
Revision 1.41 / (download) - annotate - [select for diffs], Mon Oct 25 20:38:49 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.40: +3 -3 lines
Diff to previous 1.40 (colored)
typo, s/to many/too many/, from zzlevo@dd.chalmers.se
Revision 1.40 / (download) - annotate - [select for diffs], Mon Oct 18 06:16:50 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.39: +3 -4 lines
Diff to previous 1.39 (colored)
OpenSSH-1.2, read my lips: no more patches
Revision 1.39 / (download) - annotate - [select for diffs], Mon Oct 18 01:54:18 1999 UTC (24 years, 6 months ago) by provos
Branch: MAIN
Changes since 1.38: +2 -1 lines
Diff to previous 1.38 (colored)
the session key is only the least significant 256-bits, mask the rest away
Revision 1.38 / (download) - annotate - [select for diffs], Sun Oct 17 23:11:24 1999 UTC (24 years, 6 months ago) by dugsong
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
don't use KerberosOrLocalPassword unless KerberosAuthentication is set - from millert@
Revision 1.37 / (download) - annotate - [select for diffs], Sun Oct 17 20:48:07 1999 UTC (24 years, 6 months ago) by dugsong
Branch: MAIN
Changes since 1.36: +20 -65 lines
Diff to previous 1.36 (colored)
remove AllowHosts, DenyHosts, SilentDeny server access control cruft - replace with LIBWRAP moved to child. ok markus@ deraat@
Revision 1.36 / (download) - annotate - [select for diffs], Sun Oct 17 20:43:31 1999 UTC (24 years, 6 months ago) by dugsong
Branch: MAIN
Changes since 1.35: +4 -12 lines
Diff to previous 1.35 (colored)
use daemon()
Revision 1.35 / (download) - annotate - [select for diffs], Sun Oct 17 20:39:11 1999 UTC (24 years, 6 months ago) by dugsong
Branch: MAIN
Changes since 1.34: +1 -3 lines
Diff to previous 1.34 (colored)
-Wall, get rid of unused headers/vars
Revision 1.34 / (download) - annotate - [select for diffs], Sat Oct 16 23:11:29 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.33: +3 -3 lines
Diff to previous 1.33 (colored)
refuse to talk to protocol < 1.3
Revision 1.33 / (download) - annotate - [select for diffs], Sat Oct 16 20:47:14 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.32: +19 -7 lines
Diff to previous 1.32 (colored)
support for SSH protocol 1.5 which is poorly documented, the RFC.troff lies. interops (x11,agent,etc) with 1.2.27 and protocol 1.3
Revision 1.32 / (download) - annotate - [select for diffs], Thu Oct 14 18:54:45 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.31: +3 -1 lines
Diff to previous 1.31 (colored)
"the french issue", stir RC4 after key usage, ok niels from planchon@math.polytechnique.fr
Revision 1.31 / (download) - annotate - [select for diffs], Thu Oct 14 18:17:42 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.30: +8 -1 lines
Diff to previous 1.30 (colored)
fix old connect() race security-bug for ssh-agent and agent-forwarding by removing the connect() junk, with the following restrictions: 1) change the version to "OpenSSH-1.1": agent-forwarding will work only between OpenSSH-1.1 client and OpenSSH-1.1 server 2) renamed the environment variable of OpenSSH-1.1 to "SSH_AUTH_SOCKET", since useing OpenSSH-1.0 ssh-add against the new ssh-agent does not work
Revision 1.30 / (download) - annotate - [select for diffs], Tue Oct 12 18:11:55 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.29: +14 -6 lines
Diff to previous 1.29 (colored)
SilentDeny, don't log/answer refused connections, deraadt@
Revision 1.29 / (download) - annotate - [select for diffs], Tue Oct 12 05:45:43 1999 UTC (24 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.28: +8 -2 lines
Diff to previous 1.28 (colored)
setsid() for all connections; millert/markus
Revision 1.28 / (download) - annotate - [select for diffs], Mon Oct 11 21:48:29 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.27: +82 -3 lines
Diff to previous 1.27 (colored)
Allow/Deny Users/Groups, from zzlevo@dd.chalmers.se, ok deraadt@
Revision 1.27 / (download) - annotate - [select for diffs], Mon Oct 11 21:07:37 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.26: +148 -121 lines
Diff to previous 1.26 (colored)
UseLogin, default=no, from kpa@gmx.net, ok deraadt@
Revision 1.26 / (download) - annotate - [select for diffs], Mon Oct 11 20:00:36 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
make sure ~/.ssh/authorized_keys is not writable for group/world (sshd) don't load private keys if they are group/world-{rwx} (ssh,sshd and ssh-add)
Revision 1.25 / (download) - annotate - [select for diffs], Thu Oct 7 22:46:33 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.24: +17 -1 lines
Diff to previous 1.24 (colored)
You have Mail. Email fuer Dich. Karsten Patzwaldt <kpa@gmx.net> default=no
Revision 1.24 / (download) - annotate - [select for diffs], Thu Oct 7 21:45:02 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.23: +30 -5 lines
Diff to previous 1.23 (colored)
add skey to sshd: 1) pass *pw to auth_password() not user_name, do_authentication already keeps private copy of struct passwd for current user. 2) limit authentication attemps to 5, otherwise ssh -o 'NumberOfPasswordPrompts 100000' host lets you enter 100000 passwds 3) make s/key a run-time option in /etc/sshd_config 4) generate fake skeys, for s/key for nonexisting users, too limit auth-tries for nonexisting users, too. Note that % ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host has NO limits in ssh-1.2.27
Revision 1.23 / (download) - annotate - [select for diffs], Thu Oct 7 04:40:03 1999 UTC (24 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.22: +14 -8 lines
Diff to previous 1.22 (colored)
add -Q flag: says whether ssh RSA check should whine on stdout
Revision 1.22 / (download) - annotate - [select for diffs], Tue Oct 5 22:18:52 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.21: +2 -6 lines
Diff to previous 1.21 (colored)
move auth-sockets to private dir delete minfd residua
Revision 1.21 / (download) - annotate - [select for diffs], Tue Oct 5 18:34:55 1999 UTC (24 years, 6 months ago) by dugsong
Branch: MAIN
Changes since 1.20: +2 -1 lines
Diff to previous 1.20 (colored)
clear xauthfile on mkstemp failure. adam@xpert.com
Revision 1.20 / (download) - annotate - [select for diffs], Tue Oct 5 18:01:07 1999 UTC (24 years, 6 months ago) by dugsong
Branch: MAIN
Changes since 1.19: +11 -5 lines
Diff to previous 1.19 (colored)
fix potential xauth race
Revision 1.19 / (download) - annotate - [select for diffs], Mon Oct 4 20:45:02 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.18: +4 -13 lines
Diff to previous 1.18 (colored)
nuke genminfd/AUTH_FD
Revision 1.18 / (download) - annotate - [select for diffs], Sun Oct 3 21:02:12 1999 UTC (24 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.17: +6 -1 lines
Diff to previous 1.17 (colored)
errno trashing in signal handlers
Revision 1.17 / (download) - annotate - [select for diffs], Sun Oct 3 19:22:39 1999 UTC (24 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.16: +3 -3 lines
Diff to previous 1.16 (colored)
use SHUT_* symbols
Revision 1.16 / (download) - annotate - [select for diffs], Sun Oct 3 04:21:08 1999 UTC (24 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.15: +6 -1 lines
Diff to previous 1.15 (colored)
a few setproctitle() calls...
Revision 1.15 / (download) - annotate - [select for diffs], Thu Sep 30 21:45:47 1999 UTC (24 years, 6 months ago) by aaron
Branch: MAIN
Changes since 1.14: +1 -5 lines
Diff to previous 1.14 (colored)
We don't have an /etc/environment.
Revision 1.14 / (download) - annotate - [select for diffs], Thu Sep 30 08:34:25 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.13: +7 -13 lines
Diff to previous 1.13 (colored)
even smaller
Revision 1.13 / (download) - annotate - [select for diffs], Thu Sep 30 06:06:31 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
use IPPORT_RESERVED instead of 1024
Revision 1.12 / (download) - annotate - [select for diffs], Thu Sep 30 05:53:04 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.11: +1 -7 lines
Diff to previous 1.11 (colored)
"ssh is a very large program" -- anonymous
Revision 1.11 / (download) - annotate - [select for diffs], Thu Sep 30 05:03:05 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.10: +1 -7 lines
Diff to previous 1.10 (colored)
cull more ancient garbage from pre-POSIX days
Revision 1.10 / (download) - annotate - [select for diffs], Thu Sep 30 04:30:03 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.9: +1 -142 lines
Diff to previous 1.9 (colored)
more culling
Revision 1.9 / (download) - annotate - [select for diffs], Thu Sep 30 04:10:29 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.8: +4 -18 lines
Diff to previous 1.8 (colored)
rely on paths.h more
Revision 1.8 / (download) - annotate - [select for diffs], Wed Sep 29 22:08:13 1999 UTC (24 years, 7 months ago) by dugsong
Branch: MAIN
Changes since 1.7: +3 -3 lines
Diff to previous 1.7 (colored)
fix server krb4 option initialization
Revision 1.7 / (download) - annotate - [select for diffs], Wed Sep 29 21:15:54 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +1 -3 lines
Diff to previous 1.6 (colored)
we have setsid
Revision 1.6 / (download) - annotate - [select for diffs], Wed Sep 29 21:14:16 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.5: +12 -10 lines
Diff to previous 1.5 (colored)
numerous sprintf, strncpy, strcpy cleanups
Revision 1.5 / (download) - annotate - [select for diffs], Wed Sep 29 18:16:21 1999 UTC (24 years, 7 months ago) by dugsong
Branch: MAIN
Changes since 1.4: +27 -32 lines
Diff to previous 1.4 (colored)
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
Revision 1.4 / (download) - annotate - [select for diffs], Wed Sep 29 17:42:10 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +5 -5 lines
Diff to previous 1.3 (colored)
log all auth failures; Markus.Friedl@informatik.uni-erlangen.de
Revision 1.3 / (download) - annotate - [select for diffs], Wed Sep 29 06:15:00 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +7 -1 lines
Diff to previous 1.2 (colored)
test for RSA in the ssl library, real early on
Revision 1.2 / (download) - annotate - [select for diffs], Tue Sep 28 04:45:37 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.1: +97 -91 lines
Diff to previous 1.1 (colored)
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Sep 26 20:53:38 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.