summaryrefslogtreecommitdiff
path: root/readconf.c
AgeCommit message (Collapse)Author
2001-08-06 - markus@cvs.openbsd.org 2001/07/25 14:35:18Ben Lindstrom
[readconf.c ssh.1 ssh.c sshconnect.c] cleanup connect(); connection_attempts 4 -> 1; from eivind@freebsd.org
2001-08-06 - markus@cvs.openbsd.org 2001/07/22 22:04:19Ben Lindstrom
[readconf.c ssh.1] enable challenge-response auth by default; ok millert@
2001-08-06 - markus@cvs.openbsd.org 2001/07/22 21:32:27Ben Lindstrom
[sshpty.c] update comment
2001-07-04 - dugsong@cvs.openbsd.org 2001/06/26 16:15:25Ben Lindstrom
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h servconf.c servconf.h session.c sshconnect1.c sshd.c] Kerberos v5 support for SSH1, mostly from Assar Westerlund <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-06-25 - markus@cvs.openbsd.org 2001/06/23 02:34:33Ben Lindstrom
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1 sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8] get rid of known_hosts2, use it for hostkey lookup, but do not modify.
2001-06-09 - markus@cvs.openbsd.org 2001/06/08 15:25:40Ben Lindstrom
[includes.h pathnames.h readconf.c servconf.c] move the path for xauth to pathnames.h
2001-06-05 - stevesk@cvs.openbsd.org 2001/05/24 18:57:53Ben Lindstrom
[clientloop.c readconf.c ssh.c ssh.h] don't perform escape processing when ``EscapeChar none''; ok markus@
2001-06-05 - markus@cvs.openbsd.org 2001/05/18 14:13:29Ben Lindstrom
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] improved kbd-interactive support. work by per@appgate.com and me
2001-04-30 - markus@cvs.openbsd.org 2001/04/30 11:18:52Ben Lindstrom
[readconf.c readconf.h ssh.1 ssh.c sshconnect.c] implement 'ssh -b bind_address' like 'telnet -b'
2001-04-17 - markus@cvs.openbsd.org 2001/04/17 10:53:26Ben Lindstrom
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c] add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
2001-04-16 - stevesk@cvs.openbsd.org 2001/04/15 21:28:35Ben Lindstrom
[readconf.c servconf.c] use fatal() or error() vs. fprintf(); ok markus@
2001-04-12 - stevesk@cvs.openbsd.org 2001/04/12 20:09:38Ben Lindstrom
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c] robust port validation; ok markus@ jakob@
2001-04-12 - markus@cvs.openbsd.org 2001/04/12 19:39:27Ben Lindstrom
[readconf.c] typo
2001-04-12 - markus@cvs.openbsd.org 2001/04/12 19:15:26Ben Lindstrom
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd_config] implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
2001-04-08 - markus@cvs.openbsd.org 2001/04/07 08:55:18Ben Lindstrom
[buffer.c channels.c channels.h readconf.c ssh.c] allow the ssh client act as a SOCKS4 proxy (dynamic local portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me. thanks to Dan for this great patch: use 'ssh -D 1080 host' and make netscape use localhost:1080 as a socks proxy.
2001-04-02 - stevesk@cvs.openbsd.org 2001/04/02 14:20:23Ben Lindstrom
[readconf.c servconf.c] correct comment; ok markus@
2001-03-22 - OpenBSD CVS SyncBen Lindstrom
- markus@cvs.openbsd.org 2001/03/20 19:10:16 [readconf.c] default to SSH protocol version 2
2001-03-20 - markus@cvs.openbsd.org 2001/03/19 17:07:23Damien Miller
[auth.c readconf.c] undo /etc/shell and proto 2,1 change for openssh-2.5.2
2001-03-11 - markus@cvs.openbsd.org 2001/03/10 17:51:04Ben Lindstrom
[kex.c match.c match.h readconf.c readconf.h sshconnect2.c] add PreferredAuthentications
2001-03-10 - deraadt@cvs.openbsd.org 2001/03/10 12:53:51Ben Lindstrom
[readconf.c ssh_config] default to SSH2, now that m68k runs fast
2001-03-08 - OpenBSD CVS SyncBen Lindstrom
- markus@cvs.openbsd.org 2001/03/08 00:15:48 [readconf.c ssh.1] turn off useprivilegedports by default. only rhost-auth needs this. older sshd's may need this, too.
2001-03-05 - millert@cvs.openbsd.org 2001/03/04 17:42:28Ben Lindstrom
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c ssh.c sshconnect.c sshd.c] log functions should not be passed strings that end in newline as they get passed on to syslog() and when logging to stderr, do_log() appends its own newline.
2001-03-05 - deraadt@cvs.openbsd.org 2001/02/24 10:37:55Ben Lindstrom
[readconf.c] look for id_rsa by default, before id_dsa
2001-02-15 - markus@cvs.openbsd.org 2001/02/11 12:59:25Ben Lindstrom
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c] 1) clean up the MAC support for SSH-2 2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@
2001-02-10 - deraadt@cvs.openbsd.org 2001/02/08 14:39:36Ben Lindstrom
[readconf.c] snprintf
2001-01-29 - stevesk@cvs.openbsd.or 2001/01/28 20:36:16Ben Lindstrom
[readconf.c] ``StrictHostKeyChecking ask'' documentation and small cleanup. ok markus@
2001-01-23 - markus@cvs.openbsd.org 2001/01/22 23:06:39Ben Lindstrom
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] rename skey -> challenge response. auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
2001-01-22Hopefully things did not get mixed around too much. It compiles underBen Lindstrom
Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.
2001-01-19Please grep through the source and look for 'ISSUE' comments and verifyBen Lindstrom
that I was able to get all the portable bits in the right location. As for the SKEY comment there is an email out to Markus as to how it should be resolved. Until then I just #ifdef SKEY/#endif out the whole block. - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/18 16:20:21 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h sshd.8 sshd.c] log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many systems - markus@cvs.openbsd.org 2001/01/18 16:59:59 [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c session.h sshconnect1.c] 1) removes fake skey from sshd, since this will be much harder with /usr/libexec/auth/login_XXX 2) share/unify code used in ssh-1 and ssh-2 authentication (server side) 3) make addition of BSD_AUTH and other challenge reponse methods easier. - markus@cvs.openbsd.org 2001/01/18 17:12:43 [auth-chall.c auth2-chall.c] rename *-skey.c *-chall.c since the files are not skey specific
2001-01-0820010108Ben Lindstrom
- (bal) Fixed another typo in cli.c - (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/07 21:26:55 [cli.c] typo - markus@cvs.openbsd.org 2001/01/07 21:26:55 [cli.c] missing free, stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/07 19:06:25 [auth1.c] missing free, stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/07 11:28:04 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h sshd.8 sshd.c] rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE syslog priority changes: fatal() LOG_ERR -> LOG_CRIT log() LOG_INFO -> LOG_NOTICE
2000-12-28 - (bal) OpenBSD CVS UpdateBen Lindstrom
- markus@cvs.openbsd.org 2000/12/28 14:25:51 [auth.h auth2.c] count authentication failures only - markus@cvs.openbsd.org 2000/12/28 14:25:03 [sshconnect.c] fingerprint for MITM attacks, too. - markus@cvs.openbsd.org 2000/12/28 12:03:57 [sshd.8 sshd.c] document -D - markus@cvs.openbsd.org 2000/12/27 14:19:21 [serverloop.c] less chatty - markus@cvs.openbsd.org 2000/12/27 12:34 [auth1.c sshconnect2.c sshd.c] typo - markus@cvs.openbsd.org 2000/12/27 12:30:19 [readconf.c readconf.h ssh.1 sshconnect.c] new option: HostKeyAlias: allow the user to record the host key under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine. - markus@cvs.openbsd.org 2000/12/27 11:51:53 [ssh.1 ssh.c] multiple -t force pty allocation, document ORIGINAL_COMMAND - markus@cvs.openbsd.org 2000/12/27 11:41:31 [sshd.8] update for ssh-2
2000-12-22One way to massive patch. <sigh> It compiles and works under Linux..Ben Lindstrom
And I think I have all the bits right from the OpenBSD tree. 20001222 - Updated RCSID for pty.c - (bal) OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/12/21 15:10:16 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - markus@cvs.openbsd.org 2000/12/20 19:26:56 [authfile.c] allow ssh -i userkey for root - markus@cvs.openbsd.org 2000/12/20 19:37:21 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] fix prototypes; from stevesk@pobox.com - markus@cvs.openbsd.org 2000/12/20 19:32:08 [sshd.c] init pointer to NULL; report from Jan.Ivan@cern.ch - markus@cvs.openbsd.org 2000/12/19 23:17:54 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char unsigned' with u_char.
2000-11-13 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi - markus@cvs.openbsd.org 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - markus@cvs.openbsd.org 2000/11/09 18:04:40 [auth1.c] typo; from mouring@pconline.com - markus@cvs.openbsd.org 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - markus@cvs.openbsd.org 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version
2000-10-14 - (djm) Big OpenBSD sync:Damien Miller
- markus@cvs.openbsd.org 2000/09/30 10:27:44 [log.c] allow loglevel debug - markus@cvs.openbsd.org 2000/10/03 11:59:57 [packet.c] hmac->mac - markus@cvs.openbsd.org 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - markus@cvs.openbsd.org 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - markus@cvs.openbsd.org 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private ssh.com DSA keys, too. - markus@cvs.openbsd.org 2000/10/09 15:32:34 auth-options.c clear options on every call. - markus@cvs.openbsd.org 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <res@shore.net> - markus@cvs.openbsd.org 2000/10/10 14:20:45 compat.c use rexexp for version string matching - provos@cvs.openbsd.org 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - markus@cvs.openbsd.org 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from mouring@pconline.com - markus@cvs.openbsd.org 2000/10/11 14:11:35 [dh.c] Wall - markus@cvs.openbsd.org 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me - markus@cvs.openbsd.org 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - markus@cvs.openbsd.org 2000/10/11 14:45:21 [cipher.c] remove DES - markus@cvs.openbsd.org 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - markus@cvs.openbsd.org 2000/10/12 08:21:13 [kex.h packet.c] remove unused - markus@cvs.openbsd.org 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se - markus@cvs.openbsd.org 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - markus@cvs.openbsd.org 2000/10/13 13:10:54 [sshd.8] more info about -V - markus@cvs.openbsd.org 2000/10/13 13:12:02 [myproposal.h] prefer no compression
2000-09-16 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - markus@cvs.openbsd.org 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - markus@cvs.openbsd.org 2000/09/05 13:20:49 [sftp-server.c] cleanup - markus@cvs.openbsd.org 2000/09/06 03:46:41 [authfile.h] prototype - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - markus@cvs.openbsd.org 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - markus@cvs.openbsd.org 2000/09/07 14:53:00 [scp.c] typo - markus@cvs.openbsd.org 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - markus@cvs.openbsd.org 2000/09/08 03:02:51 [README.openssh2] bye bye - deraadt@cvs.openbsd.org 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - markus@cvs.openbsd.org 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - markus@cvs.openbsd.org 2000/09/14 14:25:15 [clientloop.c] typo - deraadt@cvs.openbsd.org 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately
2000-09-05 - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>Damien Miller
2000-08-18 - (djm) OpenBSD CVS changes:Damien Miller
- markus@cvs.openbsd.org 2000/07/22 03:14:37 [servconf.c servconf.h sshd.8 sshd.c sshd_config] random early drop; ok theo, niels - deraadt@cvs.openbsd.org 2000/07/26 11:46:51 [ssh.1] typo - deraadt@cvs.openbsd.org 2000/08/01 11:46:11 [sshd.8] many fixes from pepper@mail.reppep.com - provos@cvs.openbsd.org 2000/08/01 13:01:42 [Makefile.in util.c aux.c] rename aux.c to util.c to help with cygwin port - deraadt@cvs.openbsd.org 2000/08/02 00:23:31 [authfd.c] correct sun_len; Alexander@Leidinger.net - provos@cvs.openbsd.org 2000/08/02 10:27:17 [readconf.c sshd.8] disable kerberos authentication by default - provos@cvs.openbsd.org 2000/08/02 11:27:05 [sshd.8 readconf.c auth-krb4.c] disallow kerberos authentication if we can't verify the TGT; from dugsong@ kerberos authentication is on by default only if you have a srvtab. - markus@cvs.openbsd.org 2000/08/04 14:30:07 [auth.c] unused - markus@cvs.openbsd.org 2000/08/04 14:30:35 [sshd_config] MaxStartups - markus@cvs.openbsd.org 2000/08/15 13:20:46 [authfd.c] cleanup; ok niels@ - markus@cvs.openbsd.org 2000/08/17 14:05:10 [session.c] cleanup login(1)-like jobs, no duplicate utmp entries - markus@cvs.openbsd.org 2000/08/17 14:06:34 [session.c sshd.8 sshd.c] sshd -u len, similar to telnetd
2000-07-15 - (djm) OpenBSD CVS updatesDamien Miller
- provos@cvs.openbsd.org 2000/07/13 16:53:22 [aux.c readconf.c servconf.c ssh.h] allow multiple whitespace but only one '=' between tokens, bug report from Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@ - provos@cvs.openbsd.org 2000/07/13 17:14:09 [clientloop.c] typo; todd@fries.net - provos@cvs.openbsd.org 2000/07/13 17:19:31 [scp.c] close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu> - markus@cvs.openbsd.org 2000/07/14 16:59:46 [readconf.c servconf.c] allow leading whitespace. ok niels - djm@cvs.openbsd.org 2000/07/14 22:01:38 [ssh-keygen.c ssh.c] Always create ~/.ssh with mode 700; ok Markus
2000-07-12 - (djm) OpenBSD CVS Updates:Damien Miller
- deraadt@cvs.openbsd.org 2000/07/11 02:11:34 [session.c sshd.c ] make MaxStartups code still work with -d; djm - deraadt@cvs.openbsd.org 2000/07/11 13:17:45 [readconf.c ssh_config] disable FallBackToRsh by default
2000-07-11 - (djm) OpenBSD CVS updates:Damien Miller
- markus@cvs.openbsd.org 2000/06/26 03:22:29 [authfd.c] cleanup, less cut&paste - markus@cvs.openbsd.org 2000/06/26 15:59:19 [servconf.c servconf.h session.c sshd.8 sshd.c] MaxStartups: limit number of unauthenticated connections, work by theo and me - deraadt@cvs.openbsd.org 2000/07/05 14:18:07 [session.c] use no_x11_forwarding_flag correctly; provos ok - provos@cvs.openbsd.org 2000/07/05 15:35:57 [sshd.c] typo - aaron@cvs.openbsd.org 2000/07/05 22:06:58 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8] Insert more missing .El directives. Our troff really should identify these and spit out a warning. - todd@cvs.openbsd.org 2000/07/06 21:55:04 [auth-rsa.c auth2.c ssh-keygen.c] clean code is good code - deraadt@cvs.openbsd.org 2000/07/07 02:14:29 [serverloop.c] sense of port forwarding flag test was backwards - provos@cvs.openbsd.org 2000/07/08 17:17:31 [compat.c readconf.c] replace strtok with strsep; from David Young <dyoung@onthejob.net> - deraadt@cvs.openbsd.org 2000/07/08 19:21:15 [auth.h] KNF - ho@cvs.openbsd.org 2000/07/08 19:27:33 [compat.c readconf.c] Better conditions for strsep() ending. - ho@cvs.openbsd.org 2000/07/10 10:27:05 [readconf.c] Get the correct message on errors. (niels@ ok) - ho@cvs.openbsd.org 2000/07/10 10:30:25 [cipher.c kex.c servconf.c] strtok() --> strsep(). (niels@ ok)
2000-06-22 - OpenBSD CVS Updates:Damien Miller
- markus@cvs.openbsd.org 2000/06/18 18:50:11 [auth2.c compat.c compat.h sshconnect2.c] make userauth+pubkey interop with ssh.com-2.2.0 - markus@cvs.openbsd.org 2000/06/18 20:56:17 [dsa.c] mem leak + be more paranoid in dsa_verify. - markus@cvs.openbsd.org 2000/06/18 21:29:50 [key.c] cleanup fingerprinting, less hardcoded sizes - markus@cvs.openbsd.org 2000/06/19 19:39:45 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] OpenBSD tag - markus@cvs.openbsd.org 2000/06/21 10:46:10 sshconnect2.c missing free; nuke old comment
2000-06-18 - OpenBSD CVS updates:Damien Miller
- deraadt@cvs.openbsd.org 2000/06/17 09:58:46 [channels.c] everyone says "nix it" (remove protocol 2 debugging message) - markus@cvs.openbsd.org 2000/06/17 13:24:34 [sshconnect.c] allow extended server banners - markus@cvs.openbsd.org 2000/06/17 14:30:10 [sshconnect.c] missing atomicio, typo - jakob@cvs.openbsd.org 2000/06/17 16:52:34 [servconf.c servconf.h session.c sshd.8 sshd_config] add support for ssh v2 subsystems. ok markus@. - deraadt@cvs.openbsd.org 2000/06/17 18:57:48 [readconf.c servconf.c] include = in WHITESPACE; markus ok - markus@cvs.openbsd.org 2000/06/17 19:09:10 [auth2.c] implement bug compatibility with ssh-2.0.13 pubkey, server side - markus@cvs.openbsd.org 2000/06/17 21:00:28 [compat.c] initial support for ssh.com's 2.2.0 - markus@cvs.openbsd.org 2000/06/17 21:16:09 [scp.c] typo - markus@cvs.openbsd.org 2000/06/17 22:05:02 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h] split auth-rsa option parsing into auth-options add options support to authorized_keys2 - markus@cvs.openbsd.org 2000/06/17 22:42:54 [session.c] typo
2000-06-07 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts IIIDamien Miller
<tibbs@math.uh.edu> - (djm) OpenBSD CVS updates: - todd@cvs.openbsd.org [sshconnect2.c] teach protocol v2 to count login failures properly and also enable an explanation of why the password prompt comes up again like v1; this is NOT crypto - markus@cvs.openbsd.org [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] xauth_location support; pr 1234 [readconf.c sshconnect2.c] typo, unused [session.c] allow use_login only for login sessions, otherwise remote commands are execed with uid==0 [sshd.8] document UseLogin better [version.h] OpenSSH 2.1.1 [auth-rsa.c] fix match_hostname() logic for auth-rsa: deny access if we have a negative match or no match at all [channels.c hostfile.c match.c] don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via kris@FreeBSD.org
2000-05-30 - OpenBSD CVS updates:Damien Miller
- markus@cvs.openbsd.org [session.c] make x11-fwd work w/ localhost (xauth add host/unix:11) [cipher.c compat.c readconf.c servconf.c] check strtok() != NULL; ok niels@ [key.c] fix key_read() for uuencoded keys w/o '=' [serverloop.c] group ssh1 vs. ssh2 in serverloop [kex.c kex.h myproposal.h sshconnect2.c sshd.c] split kexinit/kexdh, factor out common code [readconf.c ssh.1 ssh.c] forwardagent defaults to no, add ssh -A - theo@cvs.openbsd.org [session.c] just some line shortening
2000-05-09 - OpenBSD CVS updateDamien Miller
- markus@cvs.openbsd.org [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c] [ssh.h sshconnect1.c sshconnect2.c sshd.8] - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only) - hugh@cvs.openbsd.org [ssh.1] - zap typo [ssh-keygen.1] - One last nit fix. (markus approved) [sshd.8] - some markus certified spelling adjustments - markus@cvs.openbsd.org [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c] [sshconnect2.c ] - bug compat w/ ssh-2.0.13 x11, split out bugs [nchan.c] - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@ [ssh-keygen.c] - handle escapes in real and original key format, ok millert@ [version.h] - OpenSSH-2.1
2000-05-07 - Remove references to SSLeay.Damien Miller
- Big OpenBSD CVS update - markus@cvs.openbsd.org [clientloop.c] - typo [session.c] - update proctitle on pty alloc/dealloc, e.g. w/ windows client [session.c] - update proctitle for proto 1, too [channels.h nchan.c serverloop.c session.c sshd.c] - use c-style comments - deraadt@cvs.openbsd.org [scp.c] - more atomicio - markus@cvs.openbsd.org [channels.c] - set O_NONBLOCK [ssh.1] - update AUTHOR [readconf.c ssh-keygen.c ssh.h] - default DSA key file ~/.ssh/id_dsa [clientloop.c] - typo, rm verbose debug - deraadt@cvs.openbsd.org [ssh-keygen.1] - document DSA use of ssh-keygen [sshd.8] - a start at describing what i understand of the DSA side [ssh-keygen.1] - document -X and -x [ssh-keygen.c] - simplify usage - markus@cvs.openbsd.org [sshd.8] - there is no rhosts_dsa [ssh-keygen.1] - document -y, update -X,-x [nchan.c] - fix close for non-open ssh1 channels [servconf.c servconf.h ssh.h sshd.8 sshd.c ] - s/DsaKey/HostDSAKey/, document option [sshconnect2.c] - respect number_of_password_prompts [channels.c channels.h servconf.c servconf.h session.c sshd.8] - GatewayPorts for sshd, ok deraadt@ [ssh-add.1 ssh-agent.1 ssh.1] - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2 [ssh.1] - more info on proto 2 [sshd.8] - sync AUTHOR w/ ssh.1 [key.c key.h sshconnect.c] - print key type when talking about host keys [packet.c] - clear padding in ssh2 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h] - replace broken uuencode w/ libc b64_ntop [auth2.c] - log failure before sending the reply [key.c radix.c uuencode.c] - remote trailing comments before calling __b64_pton [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1] [sshconnect2.c sshd.8] - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-04-29 - Merge big update to OpenSSH-2.0 from OpenBSD CVSDamien Miller
[README.openssh2] - interop w/ F-secure windows client - sync documentation - ssh_host_dsa_key not ssh_dsa_key [auth-rsa.c] - missing fclose [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c] [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c] [sshd.c uuencode.c uuencode.h authfile.h] - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX] for trading keys with the real and the original SSH, directly from the people who invented the SSH protocol. [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h] [sshconnect1.c sshconnect2.c] - split auth/sshconnect in one file per protocol version [sshconnect2.c] - remove debug [uuencode.c] - add trailing = [version.h] - OpenSSH-2.0 [ssh-keygen.1 ssh-keygen.c] - add -R flag: exit code indicates if RSA is alive [sshd.c] - remove unused silent if -Q is specified [ssh.h] - host key becomes /etc/ssh_host_dsa_key [readconf.c servconf.c ] - ssh/sshd default to proto 1 and 2 [uuencode.c] - remove debug [auth2.c ssh-keygen.c sshconnect2.c sshd.c] - xfree DSA blobs [auth2.c serverloop.c session.c] - cleanup logging for sshd/2, respect PasswordAuth no [sshconnect2.c] - less debug, respect .ssh/config [README.openssh2 channels.c channels.h] - clientloop.c session.c ssh.c - support for x11-fwding, client+server
2000-04-16 - OpenBSD CVS updates.Damien Miller
[ssh.1 ssh.c] - ssh -2 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] [session.c sshconnect.c] - check payload for (illegal) extra data [ALL] - whitespace cleanup
2000-04-12 - OpenBSD CVS updates:Damien Miller
- [channels.c] repair x11-fwd - [sshconnect.c] fix passwd prompt for ssh2, less debugging output. - [clientloop.c compat.c dsa.c kex.c sshd.c] less debugging output - [kex.c kex.h sshconnect.c sshd.c] check for reasonable public DH values - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c] [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c] add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc' - [sshd.c] print 1.99 only if server supports both
2000-04-01 - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)Damien Miller
- [auth.c session.c sshd.c auth.h] split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal - [bufaux.c bufaux.h] support ssh2 bignums - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c] [readconf.c ssh.c ssh.h serverloop.c] replace big switch() with function tables (prepare for ssh2) - [ssh2.h] ssh2 message type codes - [sshd.8] reorder Xr to avoid cutting - [serverloop.c] close(fdin) if fdin != fdout, shutdown otherwise, ok theo@ - [channels.c] missing close allow bigger packets - [cipher.c cipher.h] support ssh2 ciphers - [compress.c] cleanup, less code - [dispatch.c dispatch.h] function tables for different message types - [log-server.c] do not log() if debuggin to stderr rename a cpp symbol, to avoid param.h collision - [mpaux.c] KNF - [nchan.c] sync w/ channels.c