Age | Commit message (Collapse) | Author |
|
- markus@cvs.openbsd.org 2001/03/13 17:34:42
[auth-options.c]
missing xfree, deny key on parse error; ok stevesk@
|
|
- markus@cvs.openbsd.org 2001/03/12 22:02:02
[key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
remove old key_fingerprint interface, s/_ex//
|
|
|
|
|
|
|
|
[ssh-keygen.1 ssh-keygen.c]
remove -v again. use -B instead for bubblebabble. make -B consistent
with -l and make -B work with /path/to/known_hosts. ok deraadt@
|
|
[key.c]
style+cleanup
|
|
add /dev to search path for PRNGD/EGD socket
fix my mistake in USER_PATH test program
|
|
[ssh-keygen.c]
KNF, and SHA1 binary output is just creeping featurism
|
|
[key.c]
cleanup & shorten some var names key_fingerprint_bubblebabble.
|
|
[ssh-keygen.1 ssh-keygen.c]
print both md5, sha1 and bubblebabble fingerprints when using
ssh-keygen -l -v. ok markus@.
|
|
[key.c key.h]
add improved fingerprint functions. based on work by Carsten
Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
|
|
[auth2.c key.c]
debug
|
|
[kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
add PreferredAuthentications
|
|
make sure $bindir is in USER_PATH so scp will work
|
|
|
|
[compat.c compat.h sshconnect.c]
all known netscreen ssh versions, and older versions of OSU ssh cannot
handle password padding (newer OSU is fixed)
|
|
[ttymodes.c ttymodes.h]
remove unused sgtty macros; ok markus@
|
|
[readconf.c ssh_config]
default to SSH2, now that m68k runs fast
|
|
[sshconnect2.c]
ignore nonexisting private keys; report rjmooney@mediaone.net
|
|
|
|
[sshd.c]
typo; slade@shore.net
|
|
[ssh-keygen.c]
create *.pub files with umask 0644, so that you can mv them to
authorized_keys
|
|
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
no need to do enter passphrase or do expensive sign operations if the
server does not accept key).
|
|
[sftp.1]
spelling, cleanup; ok deraadt@
|
|
[auth1.c]
unused; ok markus@
|
|
Dirk Markwardt <D.Markwardt@tu-bs.de>
|
|
- markus@cvs.openbsd.org 2001/03/08 00:15:48
[readconf.c ssh.1]
turn off useprivilegedports by default. only rhost-auth needs
this. older sshd's may need this, too.
|
|
- djm@cvs.openbsd.org 2001/03/07 10:11:23
[sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
functions and small protocol change.
|
|
|
|
[ssh.1]
removed dated comment
|
|
[ssh.1 sshd.8]
the name "secure shell" is boring, noone ever uses it
|
|
[sftp.1]
order things
|
|
[sftp-int.c sftp.1 sftp.c]
sftp -b batchfile; mouring@etoh.eviladmin.org
|
|
[ssh-keyscan.c]
appease gcc
|
|
[clientloop.c]
If read() fails with EINTR deal with it the same way we treat EAGAIN
|
|
[ssh-keyscan.c]
Don't assume we wil get the version string all in one read().
deraadt@ OK'd
|
|
[authfd.c cli.c ssh-agent.c]
EINTR/EAGAIN handling is required in more cases
|
|
[dh.c]
spelling
|
|
[ssh.1]
more ssh_known_hosts2 documentation; ok markus@
|
|
[kex.c kex.h sshconnect2.c sshd.c]
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
|
|
[sshd.8]
detail default hmac setup too
|
|
[myproposal.h ssh.1]
switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
provos & markus ok
|
|
[servconf.c]
sync error message; ok markus@
|
|
[sshd.8]
alpha order; jcs@rt.fm
|
|
|
|
- deraadt@cvs.openbsd.org 2001/03/05 08:37:27
[ssh-keyscan.c]
skip inlining, why bother
|
|
|
|
|
|
|