Age | Commit message (Collapse) | Author |
|
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -t life, Set lifetime (in seconds) when adding identities;
ok provos@
|
|
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -x for lock and -X for unlocking the agent.
todo: encrypt private keys with locked...
|
|
[authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
Add PIN-protection for secret key.
|
|
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
uuencode.c xmalloc.h]
$OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
files. ok markus@
|
|
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
signed vs. unsigned: make size arguments u_int, ok stevesk@
|
|
[authfd.c authfd.h]
extended failure messages from galb@vandyke.com
|
|
[authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c
ssh-agent.c ssh.c]
use strings instead of ints for smartcard reader ids
|
|
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
canohost.h channels.h cipher.h clientloop.h compat.h compress.h
crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
tildexpand.h uidswap.h uuencode.h xmalloc.h]
remove comments from .h, since they are cut&paste from the .c files
and out of sync
|
|
[atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
radix.h readconf.h readpass.h rsa.h]
prototype pedant. not very creative...
- () -> (void)
- no variable names
|
|
[authfd.c authfd.h ssh-add.c]
initial support for smartcards in the agent
|
|
And I think I have all the bits right from the OpenBSD tree.
20001222
- Updated RCSID for pty.c
- (bal) OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/12/21 15:10:16
[auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
- markus@cvs.openbsd.org 2000/12/20 19:26:56
[authfile.c]
allow ssh -i userkey for root
- markus@cvs.openbsd.org 2000/12/20 19:37:21
[authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
fix prototypes; from stevesk@pobox.com
- markus@cvs.openbsd.org 2000/12/20 19:32:08
[sshd.c]
init pointer to NULL; report from Jan.Ivan@cern.ch
- markus@cvs.openbsd.org 2000/12/19 23:17:54
[auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
unsigned' with u_char.
|
|
- markus@cvs.openbsd.org 2000/11/06 16:04:56
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c ssh.c]
agent forwarding and -R for ssh2, based on work from
jhuuskon@messi.uku.fi
- markus@cvs.openbsd.org 2000/11/06 16:13:27
[ssh.c sshconnect.c sshd.c]
do not disabled rhosts(rsa) if server port > 1024; from
pekkas@netcore.fi
- markus@cvs.openbsd.org 2000/11/06 16:16:35
[sshconnect.c]
downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
- markus@cvs.openbsd.org 2000/11/09 18:04:40
[auth1.c]
typo; from mouring@pconline.com
- markus@cvs.openbsd.org 2000/11/12 12:03:28
[ssh-agent.c]
off-by-one when removing a key from the agent
- markus@cvs.openbsd.org 2000/11/12 12:50:39
[auth-rh-rsa.c auth2.c authfd.c authfd.h]
[authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
[readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
[sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
[ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
add support for RSA to SSH2. please test.
there are now 3 types of keys: RSA1 is used by ssh-1 only,
RSA and DSA are used by SSH2.
you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
keys for SSH2 and use the RSA keys for hostkeys or for user keys.
SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
- (djm) Fix up Makefile and Redhat init script to create RSA host keys
- (djm) Change to interim version
|
|
- markus@cvs.openbsd.org 2000/09/30 10:27:44
[log.c]
allow loglevel debug
- markus@cvs.openbsd.org 2000/10/03 11:59:57
[packet.c]
hmac->mac
- markus@cvs.openbsd.org 2000/10/03 12:03:03
[auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
move fake-auth from auth1.c to individual auth methods, disables s/key in
debug-msg
- markus@cvs.openbsd.org 2000/10/03 12:16:48
ssh.c
do not resolve canonname, i have no idea why this was added oin ossh
- markus@cvs.openbsd.org 2000/10/09 15:30:44
ssh-keygen.1 ssh-keygen.c
-X now reads private ssh.com DSA keys, too.
- markus@cvs.openbsd.org 2000/10/09 15:32:34
auth-options.c
clear options on every call.
- markus@cvs.openbsd.org 2000/10/09 15:51:00
authfd.c authfd.h
interop with ssh-agent2, from <res@shore.net>
- markus@cvs.openbsd.org 2000/10/10 14:20:45
compat.c
use rexexp for version string matching
- provos@cvs.openbsd.org 2000/10/10 22:02:18
[kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
First rough implementation of the diffie-hellman group exchange. The
client can ask the server for bigger groups to perform the diffie-hellman
in, thus increasing the attack complexity when using ciphers with longer
keys. University of Windsor provided network, T the company.
- markus@cvs.openbsd.org 2000/10/11 13:59:52
[auth-rsa.c auth2.c]
clear auth options unless auth sucessfull
- markus@cvs.openbsd.org 2000/10/11 14:00:27
[auth-options.h]
clear auth options unless auth sucessfull
- markus@cvs.openbsd.org 2000/10/11 14:03:27
[scp.1 scp.c]
support 'scp -o' with help from mouring@pconline.com
- markus@cvs.openbsd.org 2000/10/11 14:11:35
[dh.c]
Wall
- markus@cvs.openbsd.org 2000/10/11 14:14:40
[auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
[ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
add support for s/key (kbd-interactive) to ssh2, based on work by
mkiernan@avantgo.com and me
- markus@cvs.openbsd.org 2000/10/11 14:27:24
[auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
[myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
[sshconnect2.c sshd.c]
new cipher framework
- markus@cvs.openbsd.org 2000/10/11 14:45:21
[cipher.c]
remove DES
- markus@cvs.openbsd.org 2000/10/12 03:59:20
[cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
enable DES in SSH-1 clients only
- markus@cvs.openbsd.org 2000/10/12 08:21:13
[kex.h packet.c]
remove unused
- markus@cvs.openbsd.org 2000/10/13 12:34:46
[sshd.c]
Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
- markus@cvs.openbsd.org 2000/10/13 12:59:15
[cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
rijndael/aes support
- markus@cvs.openbsd.org 2000/10/13 13:10:54
[sshd.8]
more info about -V
- markus@cvs.openbsd.org 2000/10/13 13:12:02
[myproposal.h]
prefer no compression
|
|
- markus@cvs.openbsd.org 2000/09/17 09:38:59
[sshconnect2.c sshd.c]
fix DEBUG_KEXDH
- markus@cvs.openbsd.org 2000/09/17 09:52:51
[sshconnect.c]
yes no; ok niels@
- markus@cvs.openbsd.org 2000/09/21 04:55:11
[sshd.8]
typo
- markus@cvs.openbsd.org 2000/09/21 05:03:54
[serverloop.c]
typo
- markus@cvs.openbsd.org 2000/09/21 05:11:42
scp.c
utime() to utimes(); mouring@pconline.com
- markus@cvs.openbsd.org 2000/09/21 05:25:08
sshconnect2.c
change login logic in ssh2, allows plugin of other auth methods
- markus@cvs.openbsd.org 2000/09/21 05:25:35
[auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
[serverloop.c]
add context to dispatch_run
- markus@cvs.openbsd.org 2000/09/21 05:07:52
authfd.c authfd.h ssh-agent.c
bug compat for old ssh.com software
|
|
- markus@cvs.openbsd.org 2000/09/05 02:59:57
[session.c]
print hostname (not hushlogin)
- markus@cvs.openbsd.org 2000/09/05 13:18:48
[authfile.c ssh-add.c]
enable ssh-add -d for DSA keys
- markus@cvs.openbsd.org 2000/09/05 13:20:49
[sftp-server.c]
cleanup
- markus@cvs.openbsd.org 2000/09/06 03:46:41
[authfile.h]
prototype
- deraadt@cvs.openbsd.org 2000/09/07 14:27:56
[ALL]
cleanup copyright notices on all files. I have attempted to be
accurate with the details. everything is now under Tatu's licence
(which I copied from his readme), and/or the core-sdi bsd-ish thing
for deattack, or various openbsd developers under a 2-term bsd
licence. We're not changing any rules, just being accurate.
- markus@cvs.openbsd.org 2000/09/07 14:40:30
[channels.c channels.h clientloop.c serverloop.c ssh.c]
cleanup window and packet sizes for ssh2 flow control; ok niels
- markus@cvs.openbsd.org 2000/09/07 14:53:00
[scp.c]
typo
- markus@cvs.openbsd.org 2000/09/07 15:13:37
[auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
[authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
[pty.c readconf.c]
some more Copyright fixes
- markus@cvs.openbsd.org 2000/09/08 03:02:51
[README.openssh2]
bye bye
- deraadt@cvs.openbsd.org 2000/09/11 18:38:33
[LICENCE cipher.c]
a few more comments about it being ARC4 not RC4
- markus@cvs.openbsd.org 2000/09/12 14:53:11
[log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
multiple debug levels
- markus@cvs.openbsd.org 2000/09/14 14:25:15
[clientloop.c]
typo
- deraadt@cvs.openbsd.org 2000/09/15 01:13:51
[ssh-agent.c]
check return value for setenv(3) for failure, and deal appropriately
|
|
- (djm) OpenBSD CVS updates:
- deraadt@cvs.openbsd.org 2000/08/18 20:07:23
[ssh.c]
accept remsh as a valid name as well; roman@buildpoint.com
- deraadt@cvs.openbsd.org 2000/08/18 20:17:13
[deattack.c crc32.c packet.c]
rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to
libz crc32 function yet, because it has ugly "long"'s in it;
oneill@cs.sfu.ca
- deraadt@cvs.openbsd.org 2000/08/18 20:26:08
[scp.1 scp.c]
-S prog support; tv@debian.org
- deraadt@cvs.openbsd.org 2000/08/18 20:50:07
[scp.c]
knf
- deraadt@cvs.openbsd.org 2000/08/18 20:57:33
[log-client.c]
shorten
- markus@cvs.openbsd.org 2000/08/19 12:48:11
[channels.c channels.h clientloop.c ssh.c ssh.h]
support for ~. in ssh2
- deraadt@cvs.openbsd.org 2000/08/19 15:29:40
[crc32.h]
proper prototype
- markus@cvs.openbsd.org 2000/08/19 15:34:44
[authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
[ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
[fingerprint.c fingerprint.h]
add SSH2/DSA support to the agent and some other DSA related cleanups.
(note that we cannot talk to ssh.com's ssh2 agents)
- markus@cvs.openbsd.org 2000/08/19 15:55:52
[channels.c channels.h clientloop.c]
more ~ support for ssh2
- markus@cvs.openbsd.org 2000/08/19 16:21:19
[clientloop.c]
oops
- millert@cvs.openbsd.org 2000/08/20 12:25:53
[session.c]
We have to stash the result of get_remote_name_or_ip() before we
close our socket or getpeername() will get EBADF and the process
will exit. Only a problem for "UseLogin yes".
- millert@cvs.openbsd.org 2000/08/20 12:30:59
[session.c]
Only check /etc/nologin if "UseLogin no" since login(1) may have its
own policy on determining who is allowed to login when /etc/nologin
is present. Also use the _PATH_NOLOGIN define.
- millert@cvs.openbsd.org 2000/08/20 12:42:43
[auth1.c auth2.c session.c ssh.c]
Add calls to setusercontext() and login_get*(). We basically call
setusercontext() in most places where previously we did a setlogin().
Add default login.conf file and put root in the "daemon" login class.
- millert@cvs.openbsd.org 2000/08/21 10:23:31
[session.c]
Fix incorrect PATH setting; noted by Markus.
|
|
- markus@cvs.openbsd.org 2000/07/16 02:27:22
[authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c]
make ssh-add accept dsa keys (the agent does not)
- djm@cvs.openbsd.org 2000/07/17 19:25:02
[sshd.c]
Another closing of stdin; ok deraadt
- markus@cvs.openbsd.org 2000/07/19 18:33:12
[dsa.c]
missing free, reorder
- markus@cvs.openbsd.org 2000/07/20 16:23:14
[ssh-keygen.1]
document input and output files
|
|
- markus@cvs.openbsd.org 2000/06/18 18:50:11
[auth2.c compat.c compat.h sshconnect2.c]
make userauth+pubkey interop with ssh.com-2.2.0
- markus@cvs.openbsd.org 2000/06/18 20:56:17
[dsa.c]
mem leak + be more paranoid in dsa_verify.
- markus@cvs.openbsd.org 2000/06/18 21:29:50
[key.c]
cleanup fingerprinting, less hardcoded sizes
- markus@cvs.openbsd.org 2000/06/19 19:39:45
[atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
[buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
[clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
[deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
[kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
[nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
[rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
[ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
OpenBSD tag
- markus@cvs.openbsd.org 2000/06/21 10:46:10
sshconnect2.c missing free; nuke old comment
|
|
[ssh.1 ssh.c]
- ssh -2
[auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
[session.c sshconnect.c]
- check payload for (illegal) extra data
[ALL]
- whitespace cleanup
|
|
- Merged OpenBSD CVS changes:
- [channels.c]
report from mrwizard@psu.edu via djm@ibs.com.au
- [channels.c]
set SO_REUSEADDR and SO_LINGER for forwarded ports.
chip@valinux.com via damien@ibs.com.au
- [nchan.c]
it's not an error() if shutdown_write failes in nchan.
- [readconf.c]
remove dead #ifdef-0-code
- [readconf.c servconf.c]
strcasecmp instead of tolower
- [scp.c]
progress meter overflow fix from damien@ibs.com.au
- [ssh-add.1 ssh-add.c]
SSH_ASKPASS support
- [ssh.1 ssh.c]
postpone fork_after_authentication until command execution,
request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
plus: use daemon() for backgrounding
|
|
- OpenBSD CVS updates
- [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
[ssh.h sshd.8 sshd.c]
syslog changes:
* Unified Logmessage for all auth-types, for success and for failed
* Standard connections get only ONE line in the LOG when level==LOG:
Auth-attempts are logged only, if authentication is:
a) successfull or
b) with passwd or
c) we had more than AUTH_FAIL_LOG failues
* many log() became verbose()
* old behaviour with level=VERBOSE
- [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
messages. allows use of s/key in windows (ttssh, securecrt) and
ssh-1.2.27 clients without 'ssh -v', ok: niels@
- [sshd.8]
-V, for fallback to openssh in SSH2 compatibility mode
- [sshd.c]
fix sigchld race; cjc5@po.cwru.edu
|
|
- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
[mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
the keysize of rsa-parameter 'n' is passed implizit,
a few more checks and warnings about 'pretended' keysizes.
- [cipher.c cipher.h packet.c packet.h sshd.c]
remove support for cipher RC4
- [ssh.c]
a note for legay systems about secuity issues with permanently_set_uid(),
the private hostkey and ptrace()
- [sshconnect.c]
more detailed messages about adding and checking hostkeys
|
|
|