summaryrefslogtreecommitdiff
path: root/ssh.1
AgeCommit message (Collapse)Author
2001-08-06 - jakob@cvs.openbsd.org 2001/07/31 09:28:44Ben Lindstrom
[readconf.c readconf.h ssh.1 ssh.c] add 'SmartcardDevice' client option to specify which smartcard device is used to access a smartcard used for storing the user's private RSA key. ok markus@.
2001-08-06 - markus@cvs.openbsd.org 2001/07/25 14:35:18Ben Lindstrom
[readconf.c ssh.1 ssh.c sshconnect.c] cleanup connect(); connection_attempts 4 -> 1; from eivind@freebsd.org
2001-08-06 - markus@cvs.openbsd.org 2001/07/23 12:47:05Ben Lindstrom
[ssh.1] sync PreferredAuthentications
2001-08-06 - markus@cvs.openbsd.org 2001/07/22 22:04:19Ben Lindstrom
[readconf.c ssh.1] enable challenge-response auth by default; ok millert@
2001-08-06 - pvalchev@cvs.openbsd.org 2001/07/22 21:32:42Ben Lindstrom
[ssh.1] There is no option "Compress", point to "Compression" instead; ok markus
2001-07-22 - stevesk@cvs.openbsd.org 2001/07/20 18:41:51Ben Lindstrom
[ssh.1] "the" command line
2001-07-22 - stevesk@cvs.openbsd.org 2001/07/19 00:41:44Ben Lindstrom
[ssh.1] escape chars are below now
2001-07-04 - markus@cvs.openbsd.org 2001/06/26 17:25:34Ben Lindstrom
[ssh.1] document SSH_ASKPASS; fubob@MIT.EDU
2001-06-25 - itojun@cvs.openbsd.org 2001/06/23 17:48:18Ben Lindstrom
[sftp.1 ssh.1 sshd.8 ssh-keyscan.1] kill whitespace at EOL.
2001-06-25 - markus@cvs.openbsd.org 2001/06/23 02:34:33Ben Lindstrom
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1 sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8] get rid of known_hosts2, use it for hostkey lookup, but do not modify.
2001-06-25 - markus@cvs.openbsd.org 2001/06/22 21:55:49Ben Lindstrom
[auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config ssh-keygen.1] merge authorized_keys2 into authorized_keys. authorized_keys2 is used for backward compat. (just append authorized_keys2 to authorized_keys).
2001-06-25 - mpech@cvs.openbsd.org 2001/06/22 10:17:51Ben Lindstrom
[ssh.1 sshd.8 ssh-keyscan.1] o) .Sh AUTHOR -> .Sh AUTHORS; o) remove unnecessary .Pp; o) better -mdoc style; o) typo; o) sort SEE ALSO; aaron@ ok
2001-06-05 - markus@cvs.openbsd.org 2001/05/19 16:46:19Ben Lindstrom
[ssh.1 sshd.8] document MACs defaults with .Dq
2001-06-05 - markus@cvs.openbsd.org 2001/05/19 16:32:16Ben Lindstrom
[ssh.1 sshconnect2.c] change preferredauthentication order to publickey,hostbased,password,keyboard-interactive document that hostbased defaults to no, document order
2001-06-05 - markus@cvs.openbsd.org 2001/05/17 21:34:15Ben Lindstrom
[ssh.1] no spaces in PreferredAuthentications; meixner@rbg.informatik.tu-darmstadt.de
2001-05-17 - deraadt@cvs.openbsd.org 2001/05/15 22:04:01Ben Lindstrom
[ssh.1] X11 forwarding details improved
2001-05-04 - stevesk@cvs.openbsd.org 2001/05/04 14:21:56Ben Lindstrom
[ssh.1 sshd.8] typos
2001-04-30 - markus@cvs.openbsd.org 2001/04/30 11:18:52Ben Lindstrom
[readconf.c readconf.h ssh.1 ssh.c sshconnect.c] implement 'ssh -b bind_address' like 'telnet -b'
2001-04-23 - markus@cvs.openbsd.org 2001/04/22 23:58:36Ben Lindstrom
[ssh-keygen.1 ssh.1 sshd.8] document hostbased and other cleanup
2001-04-22 - markus@cvs.openbsd.org 2001/04/22 13:32:27Ben Lindstrom
[sftp-server.8 sftp.1 ssh.1 sshd.8] xref draft-ietf-secsh-*
2001-04-22 - djm@cvs.openbsd.org 2001/04/22 08:13:30Ben Lindstrom
[ssh.1] typos spotted by stevesk@; ok deraadt@
2001-04-20 - djm@cvs.openbsd.org 2001/04/20 07:17:51Ben Lindstrom
[clientloop.c ssh.1] Split out and improve escape character documentation, mention ~R in ~? help text; ok markus@
2001-04-17 - markus@cvs.openbsd.org 2001/04/17 10:53:26Ben Lindstrom
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c] add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
2001-04-11 - itojun@cvs.openbsd.org 2001/04/10 09:13:22Ben Lindstrom
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] document id_rsa{.pub,}. markus ok
2001-04-05 - markus@cvs.openbsd.org 2001/04/05 15:45:43Ben Lindstrom
[ssh.1] ssh defaults to protocol v2; from quisar@quisar.ambre.net
2001-03-29 - stevesk@cvs.openbsd.org 2001/03/26 15:47:59Ben Lindstrom
[ssh.1] document more defaults; misc. cleanup. ok markus@
2001-03-19 - djm@cvs.openbsd.org 2001/03/19 05:49:52Damien Miller
[ssh.1] document PreferredAuthentications option; ok markus@
2001-03-08 - OpenBSD CVS SyncBen Lindstrom
- markus@cvs.openbsd.org 2001/03/08 00:15:48 [readconf.c ssh.1] turn off useprivilegedports by default. only rhost-auth needs this. older sshd's may need this, too.
2001-03-07 - deraadt@cvs.openbsd.org 2001/03/07 04:05:58Ben Lindstrom
[ssh.1] removed dated comment
2001-03-07 - deraadt@cvs.openbsd.org 2001/03/07 01:19:06Ben Lindstrom
[ssh.1 sshd.8] the name "secure shell" is boring, noone ever uses it
2001-03-06 - stevesk@cvs.openbsd.org 2001/03/05 17:40:48Ben Lindstrom
[ssh.1] more ssh_known_hosts2 documentation; ok markus@
2001-03-06 - deraadt@cvs.openbsd.org 2001/03/05 15:56:16Ben Lindstrom
[myproposal.h ssh.1] switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster; provos & markus ok
2001-03-05 - deraadt@cvs.openbsd.org 2001/03/02 18:54:31Ben Lindstrom
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8] make copyright lines the same format
2001-03-05 - markus@cvs.openbsd.org 2001/02/22 21:57:27Ben Lindstrom
[ssh.1 sshd.8] typos/grammar from matt@anzen.com
2001-02-15 - markus@cvs.openbsd.org 2001/02/11 12:59:25Ben Lindstrom
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c] 1) clean up the MAC support for SSH-2 2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@
2001-02-10 - (bal) Synced ssh.1 w/ OpenBSDBen Lindstrom
2001-02-05 - markus@cvs.openbsd.org 2001/02/04 08:10:44Kevin Steves
[ssh.1] typo; dpo@club-internet.fr
2001-02-04NB: big update - may break stuff. Please test!Damien Miller
- (djm) OpenBSD CVS sync: - markus@cvs.openbsd.org 2001/02/03 03:08:38 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c] [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8] [sshd_config] make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@ - markus@cvs.openbsd.org 2001/02/03 03:19:51 [ssh.1 sshd.8 sshd_config] Skey is now called ChallengeResponse - markus@cvs.openbsd.org 2001/02/03 03:43:09 [sshd.8] use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean channel. note from Erik.Anggard@cygate.se (pr/1659) - stevesk@cvs.openbsd.org 2001/02/03 10:03:06 [ssh.1] typos; ok markus@ - djm@cvs.openbsd.org 2001/02/04 04:11:56 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h] [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c] Basic interactive sftp client; ok theo@ - (djm) Update RPM specs for new sftp binary - (djm) Update several bits for new optional reverse lookup stuff. I think I got them all.
2001-01-30 - djm@cvs.openbsd.org 2001/01/29 05:36:11Damien Miller
[ssh.1 ssh.c] Allow invocation of sybsystem by commandline (-s); ok markus@
2001-01-29 - stevesk@cvs.openbsd.org 2001/01/28 20:36:16Ben Lindstrom
[readconf.c ssh.1] ``StrictHostKeyChecking ask'' documentation and small cleanup. ok markus@
2001-01-29 - markus@cvs.openbsd.org 2001/01/28 10:24:04Ben Lindstrom
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1] cleanup AUTHORS sections
2001-01-19Please grep through the source and look for 'ISSUE' comments and verifyBen Lindstrom
that I was able to get all the portable bits in the right location. As for the SKEY comment there is an email out to Markus as to how it should be resolved. Until then I just #ifdef SKEY/#endif out the whole block. - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/18 16:20:21 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h sshd.8 sshd.c] log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many systems - markus@cvs.openbsd.org 2001/01/18 16:59:59 [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c session.h sshconnect1.c] 1) removes fake skey from sshd, since this will be much harder with /usr/libexec/auth/login_XXX 2) share/unify code used in ssh-1 and ssh-2 authentication (server side) 3) make addition of BSD_AUTH and other challenge reponse methods easier. - markus@cvs.openbsd.org 2001/01/18 17:12:43 [auth-chall.c auth2-chall.c] rename *-skey.c *-chall.c since the files are not skey specific
2001-01-0820010108Ben Lindstrom
- (bal) Fixed another typo in cli.c - (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/07 21:26:55 [cli.c] typo - markus@cvs.openbsd.org 2001/01/07 21:26:55 [cli.c] missing free, stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/07 19:06:25 [auth1.c] missing free, stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/07 11:28:04 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h sshd.8 sshd.c] rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE syslog priority changes: fatal() LOG_ERR -> LOG_CRIT log() LOG_INFO -> LOG_NOTICE
2001-01-0620010107Ben Lindstrom
- (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/06 11:23:27 [ssh-rsa.c] remove unused - itojun@cvs.openbsd.org 2001/01/05 08:23:29 [ssh-keyscan.1] missing .El - markus@cvs.openbsd.org 2001/01/04 22:41:03 [session.c sshconnect.c] consistent use of _PATH_BSHELL; from stevesk@pobox.com - djm@cvs.openbsd.org 2001/01/04 22:35:32 [ssh.1 sshd.8] Mention AES as available SSH2 Cipher; ok markus - markus@cvs.openbsd.org 2001/01/04 22:25:58 [sshd.c] sync usage()/man with defaults; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/04 22:21:26 [sshconnect2.c] handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server that prints a banner (e.g. /etc/issue.net)
2000-12-28 - (bal) OpenBSD CVS UpdateBen Lindstrom
- markus@cvs.openbsd.org 2000/12/28 14:25:51 [auth.h auth2.c] count authentication failures only - markus@cvs.openbsd.org 2000/12/28 14:25:03 [sshconnect.c] fingerprint for MITM attacks, too. - markus@cvs.openbsd.org 2000/12/28 12:03:57 [sshd.8 sshd.c] document -D - markus@cvs.openbsd.org 2000/12/27 14:19:21 [serverloop.c] less chatty - markus@cvs.openbsd.org 2000/12/27 12:34 [auth1.c sshconnect2.c sshd.c] typo - markus@cvs.openbsd.org 2000/12/27 12:30:19 [readconf.c readconf.h ssh.1 sshconnect.c] new option: HostKeyAlias: allow the user to record the host key under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine. - markus@cvs.openbsd.org 2000/12/27 11:51:53 [ssh.1 ssh.c] multiple -t force pty allocation, document ORIGINAL_COMMAND - markus@cvs.openbsd.org 2000/12/27 11:41:31 [sshd.8] update for ssh-2
2000-12-15 - markus@cvs.openbsd.org 2000/12/12 14:45:21Kevin Steves
[sshd.c] source port < 1024 is no longer required for rhosts-rsa since it adds no additional security. - markus@cvs.openbsd.org 2000/12/12 16:11:49 [ssh.1 ssh.c] rhosts-rsa is no longer automagically disabled if ssh is not privileged. UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers. these changes should not change the visible default behaviour of the ssh client.
2000-12-0920001209Ben Lindstrom
- (bal) OpenSSH CVS updates: - djm@cvs.openbsd.org 2000/12/07 4:24:59 [ssh.1] Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
2000-12-0220001203Ben Lindstrom
- (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/11/30 22:54:31 [channels.c] debug->warn if tried to do -R style fwd w/o client requesting this; ok neils@ - markus@cvs.openbsd.org 2000/11/29 20:39:17 [cipher.c] des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV - markus@cvs.openbsd.org 2000/11/30 18:33:05 [ssh-agent.c] agents must not dump core, ok niels@ - markus@cvs.openbsd.org 2000/11/30 07:04:02 [ssh.1] T is for both protocols - markus@cvs.openbsd.org 2000/12/01 00:00:51 [ssh.1] typo; from green@FreeBSD.org - markus@cvs.openbsd.org 2000/11/30 07:02:35 [ssh.c] check -T before isatty() - provos@cvs.openbsd.org 2000/11/29 13:51:27 [sshconnect.c] show IP address and hostname when new key is encountered. okay markus@ - markus@cvs.openbsd.org 2000/11/30 22:53:35 [sshconnect.c] disable agent/x11/port fwding if hostkey has changed; ok niels@ - marksu@cvs.openbsd.org 2000/11/29 21:11:59 [sshd.c] sshd -D, startup w/o deamon(), for monitoring scripts or inittab; from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
2000-11-13 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi - markus@cvs.openbsd.org 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - markus@cvs.openbsd.org 2000/11/09 18:04:40 [auth1.c] typo; from mouring@pconline.com - markus@cvs.openbsd.org 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - markus@cvs.openbsd.org 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version
2000-10-28 - (djm) Sync with OpenBSD:Damien Miller
- markus@cvs.openbsd.org 2000/10/16 15:46:32 [ssh.1] fixes from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/10/17 14:28:11 [atomicio.c] return number of characters processed; ok deraadt@ - markus@cvs.openbsd.org 2000/10/18 12:04:02 [atomicio.c] undo - markus@cvs.openbsd.org 2000/10/18 12:23:02 [scp.c] replace atomicio(read,...) with read(); ok deraadt@ - markus@cvs.openbsd.org 2000/10/18 12:42:00 [session.c] restore old record login behaviour - deraadt@cvs.openbsd.org 2000/10/19 10:41:13 [auth-skey.c] fmt string problem in unused code - provos@cvs.openbsd.org 2000/10/19 10:45:16 [sshconnect2.c] don't reference freed memory. okay deraadt@ - markus@cvs.openbsd.org 2000/10/21 11:04:23 [canohost.c] typo, eramore@era-t.ericsson.se; ok niels@ - markus@cvs.openbsd.org 2000/10/23 13:31:55 [cipher.c] non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd - markus@cvs.openbsd.org 2000/10/26 12:38:28 [compat.c] add older vandyke products - markus@cvs.openbsd.org 2000/10/27 01:32:19 [channels.c channels.h clientloop.c serverloop.c session.c] [ssh.c util.c] enable non-blocking IO on channels, and tty's (except for the client ttys). - markus@cvs.openbsd.org 2000/10/27 01:48:22 channels.c channels.h clientloop.c deny agent/x11 forwarding unless requested; thanks to jwl@pobox.com