Age | Commit message (Collapse) | Author |
|
|
|
[sshd.c]
typo; slade@shore.net
|
|
[ssh-keygen.c]
create *.pub files with umask 0644, so that you can mv them to
authorized_keys
|
|
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
no need to do enter passphrase or do expensive sign operations if the
server does not accept key).
|
|
[sftp.1]
spelling, cleanup; ok deraadt@
|
|
[auth1.c]
unused; ok markus@
|
|
Dirk Markwardt <D.Markwardt@tu-bs.de>
|
|
- markus@cvs.openbsd.org 2001/03/08 00:15:48
[readconf.c ssh.1]
turn off useprivilegedports by default. only rhost-auth needs
this. older sshd's may need this, too.
|
|
- djm@cvs.openbsd.org 2001/03/07 10:11:23
[sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
functions and small protocol change.
|
|
|
|
[ssh.1]
removed dated comment
|
|
[ssh.1 sshd.8]
the name "secure shell" is boring, noone ever uses it
|
|
[sftp.1]
order things
|
|
[sftp-int.c sftp.1 sftp.c]
sftp -b batchfile; mouring@etoh.eviladmin.org
|
|
[ssh-keyscan.c]
appease gcc
|
|
[clientloop.c]
If read() fails with EINTR deal with it the same way we treat EAGAIN
|
|
[ssh-keyscan.c]
Don't assume we wil get the version string all in one read().
deraadt@ OK'd
|
|
[authfd.c cli.c ssh-agent.c]
EINTR/EAGAIN handling is required in more cases
|
|
[dh.c]
spelling
|
|
[ssh.1]
more ssh_known_hosts2 documentation; ok markus@
|
|
[kex.c kex.h sshconnect2.c sshd.c]
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
|
|
[sshd.8]
detail default hmac setup too
|
|
[myproposal.h ssh.1]
switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
provos & markus ok
|
|
[servconf.c]
sync error message; ok markus@
|
|
[sshd.8]
alpha order; jcs@rt.fm
|
|
|
|
- deraadt@cvs.openbsd.org 2001/03/05 08:37:27
[ssh-keyscan.c]
skip inlining, why bother
|
|
|
|
|
|
|
|
[sshd.8]
list SSH2 ciphers
|
|
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
ssh.c sshconnect.c sshd.c]
log functions should not be passed strings that end in newline as they
get passed on to syslog() and when logging to stderr, do_log() appends
its own newline.
|
|
[sshd.8]
spelling
|
|
[servconf.c sshd.8]
kill obsolete RandomSeed; ok markus@ deraadt@
|
|
[sshd.8]
small cleanup and clarify for PermitRootLogin; ok markus@
|
|
[ssh.c]
add -m to usage; ok markus@
|
|
|
|
[channels.c]
debug1->2
|
|
[log.c ssh.c]
log*.c -> log.c
|
|
[sftp.c]
clean up arg processing. based on work by Christophe_Moret@hp.com
|
|
[sftp-server.c]
KNF
|
|
[packet.c]
Dynamically allocate fd_set; deraadt@ OK
|
|
[sftp-server.c]
Dynamically allocate fd_set; deraadt@ OK
|
|
[ssh-keyscan.c]
Dynamically allocate read_wait and its copies. Since maxfd is
based on resource limits it is often (usually?) larger than FD_SETSIZE.
|
|
[ssh-keyscan.c]
standard theo sweep
|
|
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
make copyright lines the same format
|
|
[sshd.8]
doc the dsa/rsa key pair files
|
|
[sshd.8]
explain SIGHUP better
|
|
[ssh.c]
don't truncate remote ssh-2 commands; from mkubita@securities.cz
use min, not max for logging, fixes overflow.
|
|
[cli.c cli.h rijndael.h ssh-keyscan.1]
copyright notices on all source files
|