summaryrefslogtreecommitdiff
path: root/ssh.1
AgeCommit message (Collapse)Author
2001-01-0620010107Ben Lindstrom
- (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/06 11:23:27 [ssh-rsa.c] remove unused - itojun@cvs.openbsd.org 2001/01/05 08:23:29 [ssh-keyscan.1] missing .El - markus@cvs.openbsd.org 2001/01/04 22:41:03 [session.c sshconnect.c] consistent use of _PATH_BSHELL; from stevesk@pobox.com - djm@cvs.openbsd.org 2001/01/04 22:35:32 [ssh.1 sshd.8] Mention AES as available SSH2 Cipher; ok markus - markus@cvs.openbsd.org 2001/01/04 22:25:58 [sshd.c] sync usage()/man with defaults; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/04 22:21:26 [sshconnect2.c] handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server that prints a banner (e.g. /etc/issue.net)
2000-12-28 - (bal) OpenBSD CVS UpdateBen Lindstrom
- markus@cvs.openbsd.org 2000/12/28 14:25:51 [auth.h auth2.c] count authentication failures only - markus@cvs.openbsd.org 2000/12/28 14:25:03 [sshconnect.c] fingerprint for MITM attacks, too. - markus@cvs.openbsd.org 2000/12/28 12:03:57 [sshd.8 sshd.c] document -D - markus@cvs.openbsd.org 2000/12/27 14:19:21 [serverloop.c] less chatty - markus@cvs.openbsd.org 2000/12/27 12:34 [auth1.c sshconnect2.c sshd.c] typo - markus@cvs.openbsd.org 2000/12/27 12:30:19 [readconf.c readconf.h ssh.1 sshconnect.c] new option: HostKeyAlias: allow the user to record the host key under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine. - markus@cvs.openbsd.org 2000/12/27 11:51:53 [ssh.1 ssh.c] multiple -t force pty allocation, document ORIGINAL_COMMAND - markus@cvs.openbsd.org 2000/12/27 11:41:31 [sshd.8] update for ssh-2
2000-12-15 - markus@cvs.openbsd.org 2000/12/12 14:45:21Kevin Steves
[sshd.c] source port < 1024 is no longer required for rhosts-rsa since it adds no additional security. - markus@cvs.openbsd.org 2000/12/12 16:11:49 [ssh.1 ssh.c] rhosts-rsa is no longer automagically disabled if ssh is not privileged. UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers. these changes should not change the visible default behaviour of the ssh client.
2000-12-0920001209Ben Lindstrom
- (bal) OpenSSH CVS updates: - djm@cvs.openbsd.org 2000/12/07 4:24:59 [ssh.1] Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
2000-12-0220001203Ben Lindstrom
- (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/11/30 22:54:31 [channels.c] debug->warn if tried to do -R style fwd w/o client requesting this; ok neils@ - markus@cvs.openbsd.org 2000/11/29 20:39:17 [cipher.c] des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV - markus@cvs.openbsd.org 2000/11/30 18:33:05 [ssh-agent.c] agents must not dump core, ok niels@ - markus@cvs.openbsd.org 2000/11/30 07:04:02 [ssh.1] T is for both protocols - markus@cvs.openbsd.org 2000/12/01 00:00:51 [ssh.1] typo; from green@FreeBSD.org - markus@cvs.openbsd.org 2000/11/30 07:02:35 [ssh.c] check -T before isatty() - provos@cvs.openbsd.org 2000/11/29 13:51:27 [sshconnect.c] show IP address and hostname when new key is encountered. okay markus@ - markus@cvs.openbsd.org 2000/11/30 22:53:35 [sshconnect.c] disable agent/x11/port fwding if hostkey has changed; ok niels@ - marksu@cvs.openbsd.org 2000/11/29 21:11:59 [sshd.c] sshd -D, startup w/o deamon(), for monitoring scripts or inittab; from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
2000-11-13 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi - markus@cvs.openbsd.org 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - markus@cvs.openbsd.org 2000/11/09 18:04:40 [auth1.c] typo; from mouring@pconline.com - markus@cvs.openbsd.org 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - markus@cvs.openbsd.org 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version
2000-10-28 - (djm) Sync with OpenBSD:Damien Miller
- markus@cvs.openbsd.org 2000/10/16 15:46:32 [ssh.1] fixes from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/10/17 14:28:11 [atomicio.c] return number of characters processed; ok deraadt@ - markus@cvs.openbsd.org 2000/10/18 12:04:02 [atomicio.c] undo - markus@cvs.openbsd.org 2000/10/18 12:23:02 [scp.c] replace atomicio(read,...) with read(); ok deraadt@ - markus@cvs.openbsd.org 2000/10/18 12:42:00 [session.c] restore old record login behaviour - deraadt@cvs.openbsd.org 2000/10/19 10:41:13 [auth-skey.c] fmt string problem in unused code - provos@cvs.openbsd.org 2000/10/19 10:45:16 [sshconnect2.c] don't reference freed memory. okay deraadt@ - markus@cvs.openbsd.org 2000/10/21 11:04:23 [canohost.c] typo, eramore@era-t.ericsson.se; ok niels@ - markus@cvs.openbsd.org 2000/10/23 13:31:55 [cipher.c] non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd - markus@cvs.openbsd.org 2000/10/26 12:38:28 [compat.c] add older vandyke products - markus@cvs.openbsd.org 2000/10/27 01:32:19 [channels.c channels.h clientloop.c serverloop.c session.c] [ssh.c util.c] enable non-blocking IO on channels, and tty's (except for the client ttys). - markus@cvs.openbsd.org 2000/10/27 01:48:22 channels.c channels.h clientloop.c deny agent/x11 forwarding unless requested; thanks to jwl@pobox.com
2000-10-16 - (djm) Sync with OpenBSD:Damien Miller
- markus@cvs.openbsd.org 2000/10/14 04:01:15 [cipher.c] debug3 - markus@cvs.openbsd.org 2000/10/14 04:07:23 [scp.c] remove spaces from arguments; from djm@mindrot.org - markus@cvs.openbsd.org 2000/10/14 06:09:46 [ssh.1] Cipher is for SSH-1 only - markus@cvs.openbsd.org 2000/10/14 06:12:09 [servconf.c servconf.h serverloop.c session.c sshd.8] AllowTcpForwarding; from naddy@ - markus@cvs.openbsd.org 2000/10/14 06:16:56 [auth2.c compat.c compat.h sshconnect2.c version.h] OpenSSH_2.3; note that is is not complete, but the version number needs to be changed for interoperability reasons - markus@cvs.openbsd.org 2000/10/14 06:19:45 [auth-rsa.c] do not send RSA challenge if key is not allowed by key-options; from eivind@ThinkSec.com - markus@cvs.openbsd.org 2000/10/15 08:14:01 [rijndael.c session.c] typos; from stevesk@sweden.hp.com - markus@cvs.openbsd.org 2000/10/15 08:18:31 [rijndael.c] typo - Copy manpages back over from OpenBSD - too tedious to wade through diffs
2000-10-14 - (djm) Big OpenBSD sync:Damien Miller
- markus@cvs.openbsd.org 2000/09/30 10:27:44 [log.c] allow loglevel debug - markus@cvs.openbsd.org 2000/10/03 11:59:57 [packet.c] hmac->mac - markus@cvs.openbsd.org 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - markus@cvs.openbsd.org 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - markus@cvs.openbsd.org 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private ssh.com DSA keys, too. - markus@cvs.openbsd.org 2000/10/09 15:32:34 auth-options.c clear options on every call. - markus@cvs.openbsd.org 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <res@shore.net> - markus@cvs.openbsd.org 2000/10/10 14:20:45 compat.c use rexexp for version string matching - provos@cvs.openbsd.org 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - markus@cvs.openbsd.org 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from mouring@pconline.com - markus@cvs.openbsd.org 2000/10/11 14:11:35 [dh.c] Wall - markus@cvs.openbsd.org 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me - markus@cvs.openbsd.org 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - markus@cvs.openbsd.org 2000/10/11 14:45:21 [cipher.c] remove DES - markus@cvs.openbsd.org 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - markus@cvs.openbsd.org 2000/10/12 08:21:13 [kex.h packet.c] remove unused - markus@cvs.openbsd.org 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se - markus@cvs.openbsd.org 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - markus@cvs.openbsd.org 2000/10/13 13:10:54 [sshd.8] more info about -V - markus@cvs.openbsd.org 2000/10/13 13:12:02 [myproposal.h] prefer no compression
2000-09-16 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - markus@cvs.openbsd.org 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - markus@cvs.openbsd.org 2000/09/05 13:20:49 [sftp-server.c] cleanup - markus@cvs.openbsd.org 2000/09/06 03:46:41 [authfile.h] prototype - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - markus@cvs.openbsd.org 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - markus@cvs.openbsd.org 2000/09/07 14:53:00 [scp.c] typo - markus@cvs.openbsd.org 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - markus@cvs.openbsd.org 2000/09/08 03:02:51 [README.openssh2] bye bye - deraadt@cvs.openbsd.org 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - markus@cvs.openbsd.org 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - markus@cvs.openbsd.org 2000/09/14 14:25:15 [clientloop.c] typo - deraadt@cvs.openbsd.org 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately
2000-09-0520000905Damien Miller
- (djm) Import OpenBSD CVS changes - markus@cvs.openbsd.org 2000/08/31 15:52:24 [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c] implement a SFTP server. interops with sftp2, scp2 and the windows client from ssh.com - markus@cvs.openbsd.org 2000/08/31 15:56:03 [README.openssh2] sync - markus@cvs.openbsd.org 2000/08/31 16:05:42 [session.c] Wall - markus@cvs.openbsd.org 2000/08/31 16:09:34 [authfd.c ssh-agent.c] add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions - deraadt@cvs.openbsd.org 2000/09/01 09:25:13 [scp.1 scp.c] cleanup and fix -S support; stevesk@sweden.hp.com - markus@cvs.openbsd.org 2000/09/01 16:29:32 [sftp-server.c] portability fixes - markus@cvs.openbsd.org 2000/09/01 16:32:41 [sftp-server.c] fix cast; mouring@pconline.com - itojun@cvs.openbsd.org 2000/09/03 09:23:28 [ssh-add.1 ssh.1] add missing .El against .Bl. - markus@cvs.openbsd.org 2000/09/04 13:03:41 [session.c] missing close; ok theo - markus@cvs.openbsd.org 2000/09/04 13:07:21 [session.c] fix get_last_login_time order; from andre@van-veen.de - markus@cvs.openbsd.org 2000/09/04 13:10:09 [sftp-server.c] more cast fixes; from mouring@pconline.com - markus@cvs.openbsd.org 2000/09/04 13:06:04 [session.c] set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
2000-08-29 - More OpenBSD updates:Damien Miller
- deraadt@cvs.openbsd.org 2000/08/24 15:46:59 [scp.c] off_t in sink, to fix files > 2GB, i think, test is still running ;-) - deraadt@cvs.openbsd.org 2000/08/25 10:10:06 [session.c] Wall - markus@cvs.openbsd.org 2000/08/26 04:33:43 [compat.c] ssh.com-2.3.0 - markus@cvs.openbsd.org 2000/08/27 12:18:05 [compat.c] compatibility with future ssh.com versions - deraadt@cvs.openbsd.org 2000/08/27 21:50:55 [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c] print uid/gid as unsigned - markus@cvs.openbsd.org 2000/08/28 13:51:00 [ssh.c] enable -n and -f for ssh2 - markus@cvs.openbsd.org 2000/08/28 14:19:53 [ssh.c] allow combination of -N and -f - markus@cvs.openbsd.org 2000/08/28 14:20:56 [util.c] util.c - markus@cvs.openbsd.org 2000/08/28 14:22:02 [util.c] undo - markus@cvs.openbsd.org 2000/08/28 14:23:38 [util.c] don't complain if setting NONBLOCK fails with ENODEV
2000-08-18 - (djm) OpenBSD CVS changes:Damien Miller
- markus@cvs.openbsd.org 2000/07/22 03:14:37 [servconf.c servconf.h sshd.8 sshd.c sshd_config] random early drop; ok theo, niels - deraadt@cvs.openbsd.org 2000/07/26 11:46:51 [ssh.1] typo - deraadt@cvs.openbsd.org 2000/08/01 11:46:11 [sshd.8] many fixes from pepper@mail.reppep.com - provos@cvs.openbsd.org 2000/08/01 13:01:42 [Makefile.in util.c aux.c] rename aux.c to util.c to help with cygwin port - deraadt@cvs.openbsd.org 2000/08/02 00:23:31 [authfd.c] correct sun_len; Alexander@Leidinger.net - provos@cvs.openbsd.org 2000/08/02 10:27:17 [readconf.c sshd.8] disable kerberos authentication by default - provos@cvs.openbsd.org 2000/08/02 11:27:05 [sshd.8 readconf.c auth-krb4.c] disallow kerberos authentication if we can't verify the TGT; from dugsong@ kerberos authentication is on by default only if you have a srvtab. - markus@cvs.openbsd.org 2000/08/04 14:30:07 [auth.c] unused - markus@cvs.openbsd.org 2000/08/04 14:30:35 [sshd_config] MaxStartups - markus@cvs.openbsd.org 2000/08/15 13:20:46 [authfd.c] cleanup; ok niels@ - markus@cvs.openbsd.org 2000/08/17 14:05:10 [session.c] cleanup login(1)-like jobs, no duplicate utmp entries - markus@cvs.openbsd.org 2000/08/17 14:06:34 [session.c sshd.8 sshd.c] sshd -u len, similar to telnetd
2000-06-07 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts IIIDamien Miller
<tibbs@math.uh.edu> - (djm) OpenBSD CVS updates: - todd@cvs.openbsd.org [sshconnect2.c] teach protocol v2 to count login failures properly and also enable an explanation of why the password prompt comes up again like v1; this is NOT crypto - markus@cvs.openbsd.org [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] xauth_location support; pr 1234 [readconf.c sshconnect2.c] typo, unused [session.c] allow use_login only for login sessions, otherwise remote commands are execed with uid==0 [sshd.8] document UseLogin better [version.h] OpenSSH 2.1.1 [auth-rsa.c] fix match_hostname() logic for auth-rsa: deny access if we have a negative match or no match at all [channels.c hostfile.c match.c] don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via kris@FreeBSD.org
2000-05-30 - OpenBSD CVS updates:Damien Miller
- markus@cvs.openbsd.org [session.c] make x11-fwd work w/ localhost (xauth add host/unix:11) [cipher.c compat.c readconf.c servconf.c] check strtok() != NULL; ok niels@ [key.c] fix key_read() for uuencoded keys w/o '=' [serverloop.c] group ssh1 vs. ssh2 in serverloop [kex.c kex.h myproposal.h sshconnect2.c sshd.c] split kexinit/kexdh, factor out common code [readconf.c ssh.1 ssh.c] forwardagent defaults to no, add ssh -A - theo@cvs.openbsd.org [session.c] just some line shortening
2000-05-17 - OpenBSD CVS update:Damien Miller
- markus@cvs.openbsd.org [ssh.c] fix usage() [ssh2.h] draft-ietf-secsh-architecture-05.txt [ssh.1] document ssh -T -N (ssh2 only) [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c] enable nonblocking IO for sshd w/ proto 1, too; split out common code [aux.c] missing include
2000-05-09 - OpenBSD CVS updateDamien Miller
- markus@cvs.openbsd.org [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c] [ssh.h sshconnect1.c sshconnect2.c sshd.8] - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only) - hugh@cvs.openbsd.org [ssh.1] - zap typo [ssh-keygen.1] - One last nit fix. (markus approved) [sshd.8] - some markus certified spelling adjustments - markus@cvs.openbsd.org [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c] [sshconnect2.c ] - bug compat w/ ssh-2.0.13 x11, split out bugs [nchan.c] - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@ [ssh-keygen.c] - handle escapes in real and original key format, ok millert@ [version.h] - OpenSSH-2.1
2000-05-07 - Remove references to SSLeay.Damien Miller
- Big OpenBSD CVS update - markus@cvs.openbsd.org [clientloop.c] - typo [session.c] - update proctitle on pty alloc/dealloc, e.g. w/ windows client [session.c] - update proctitle for proto 1, too [channels.h nchan.c serverloop.c session.c sshd.c] - use c-style comments - deraadt@cvs.openbsd.org [scp.c] - more atomicio - markus@cvs.openbsd.org [channels.c] - set O_NONBLOCK [ssh.1] - update AUTHOR [readconf.c ssh-keygen.c ssh.h] - default DSA key file ~/.ssh/id_dsa [clientloop.c] - typo, rm verbose debug - deraadt@cvs.openbsd.org [ssh-keygen.1] - document DSA use of ssh-keygen [sshd.8] - a start at describing what i understand of the DSA side [ssh-keygen.1] - document -X and -x [ssh-keygen.c] - simplify usage - markus@cvs.openbsd.org [sshd.8] - there is no rhosts_dsa [ssh-keygen.1] - document -y, update -X,-x [nchan.c] - fix close for non-open ssh1 channels [servconf.c servconf.h ssh.h sshd.8 sshd.c ] - s/DsaKey/HostDSAKey/, document option [sshconnect2.c] - respect number_of_password_prompts [channels.c channels.h servconf.c servconf.h session.c sshd.8] - GatewayPorts for sshd, ok deraadt@ [ssh-add.1 ssh-agent.1 ssh.1] - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2 [ssh.1] - more info on proto 2 [sshd.8] - sync AUTHOR w/ ssh.1 [key.c key.h sshconnect.c] - print key type when talking about host keys [packet.c] - clear padding in ssh2 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h] - replace broken uuencode w/ libc b64_ntop [auth2.c] - log failure before sending the reply [key.c radix.c uuencode.c] - remote trailing comments before calling __b64_pton [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1] [sshconnect2.c sshd.8] - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-04-20 - Debian bug #55910 - remove references to ssl(8) manpagesDamien Miller
2000-04-16 - OpenBSD CVS updates.Damien Miller
[ssh.1 ssh.c] - ssh -2 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] [session.c sshconnect.c] - check payload for (illegal) extra data [ALL] - whitespace cleanup
2000-04-13 - Merged OpenBSD updates to include paths.Damien Miller
2000-03-26 - OpenBSD CVS updateDamien Miller
- [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
2000-03-17 - OpenBSD CVS updates:Damien Miller
- [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c] [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c] [sshd.c] pedantic: signed vs. unsigned, void*-arithm, etc - [ssh.1 sshd.8] Various cleanups and standardizations.
2000-03-09 - OpenBSD CVS updates to v1.2.3Damien Miller
[ssh.h atomicio.c] - int atomicio -> ssize_t (for alpha). ok deraadt@ [auth-rsa.c] - delay MD5 computation until client sends response, free() early, cleanup. [cipher.c] - void* -> unsigned char*, ok niels@ [hostfile.c] - remove unused variable 'len'. fix comments. - remove unused variable [log-client.c log-server.c] - rename a cpp symbol, to avoid param.h collision [packet.c] - missing xfree() - getsockname() requires initialized tolen; andy@guildsoftware.com - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; from Holger.Trapp@Informatik.TU-Chemnitz.DE [pty.c pty.h] - register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@ [readconf.c] - turn off x11-fwd for the client, too. [rsa.c] - PKCS#1 padding [scp.c] - allow '.' in usernames; from jedgar@fxp.org [servconf.c] - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de - sync with sshd_config [ssh-keygen.c] - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@ [ssh.1] - Change invalid 'CHAT' loglevel to 'VERBOSE' [ssh.c] - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp - turn off x11-fwd for the client, too. [sshconnect.c] - missing xfree() - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp. - read error vs. "Connection closed by remote host" [sshd.8] - ie. -> i.e., - do not link to a commercial page.. - sync with sshd_config [sshd.c] - no need for poll.h; from bright@wintelcom.net - log with level log() not fatal() if peer behaves badly. - don't panic if client behaves strange. ok deraadt@ - make no-port-forwarding for RSA keys deny both -L and -R style fwding - delay close() of pty until the pty has been chowned back to root - oops, fix comment, too. - missing xfree() - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too. (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907) - register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@ - create x11 cookie file - fix pr 1113, fclose() -> pclose(), todo: remote popen() - version 1.2.3 - Cleaned up
2000-03-03 - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>Damien Miller
- Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
2000-01-22 - OpenBSD CVS updates:Damien Miller
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] ie. -> i.e.,
2000-01-20 - Big manpage and config file cleanup from Andre LucasDamien Miller
<andre.lucas@dial.pipex.com> - Re-added latest (unmodified) OpenBSD manpages
1999-12-27 - Automatically correct paths in manpages and configuration files. PatchDamien Miller
and script from Andre Lucas <andre.lucas@dial.pipex.com> - Removed credits from README to CREDITS file, updated.
1999-12-26 - OpenBSD CVS update:Damien Miller
- [ssh-keygen.1 ssh.1] remove ref to .ssh/random_seed, mention .ssh/environment in .Sh FILES, too
1999-12-14 - OpenBSD CVS ChangesDamien Miller
- [canohost.c] fix get_remote_port() and friends for sshd -i; Holger.Trapp@Informatik.TU-Chemnitz.DE - [mpaux.c] make code simpler. no need for memcpy. niels@ ok - [pty.c] namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org fix proto; markus - [ssh.1] typo; mark.baushke@solipsa.com - [channels.c ssh.c ssh.h sshd.c] type conflict for 'extern Type *options' in channels.c; dot@dotat.at - [sshconnect.c] move checking of hostkey into own function. - [version.h] OpenSSH-1.2.1
1999-12-06 - Merged OpenBSD CVS changes:Damien Miller
- [auth-krb4.c auth-passwd.c auth-skey.c ssh. move skey-auth from auth-passwd.c to auth-s - [auth-rsa.c] warn only about mismatch if key is _used_ warn about keysize-mismatch with log() not channels.c readconf.c readconf.h ssh.c ssh. ports are u_short - [hostfile.c] indent, shorter warning - [nchan.c] use error() for internal errors - [packet.c] set loglevel for SSH_MSG_DISCONNECT to log( serverloop.c indent - [ssh-add.1 ssh-add.c ssh.h] document , reasonable default - [ssh.1] CheckHostIP is not available for connects v - [sshconnect.c] typo easier to read client code for passwd and s turn of checkhostip for proxy connects, sin
1999-11-25 - More reformatting merged from OpenBSD CVSDamien Miller
- Merged OpenBSD CVS changes: - [channels.c] report from mrwizard@psu.edu via djm@ibs.com.au - [channels.c] set SO_REUSEADDR and SO_LINGER for forwarded ports. chip@valinux.com via damien@ibs.com.au - [nchan.c] it's not an error() if shutdown_write failes in nchan. - [readconf.c] remove dead #ifdef-0-code - [readconf.c servconf.c] strcasecmp instead of tolower - [scp.c] progress meter overflow fix from damien@ibs.com.au - [ssh-add.1 ssh-add.c] SSH_ASKPASS support - [ssh.1 ssh.c] postpone fork_after_authentication until command execution, request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au plus: use daemon() for backgrounding
1999-11-25 - Merged very large OpenBSD source code reformatDamien Miller
- OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-18TypoDamien Miller
1999-11-17 - Merged OpenBSD CVS changesDamien Miller
- [ChangeLog.Ylonen] noone needs this anymore - [authfd.c] close-on-exec for auth-socket, ok deraadt - [hostfile.c] in known_hosts key lookup the entry for the bits does not need to match, all the information is contained in n and e. This solves the problem with buggy servers announcing the wrong modulus length. markus and me. - [serverloop.c] bugfix: check for space if child has terminated, from: iedowse@maths.tcd.ie - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c] [fingerprint.c fingerprint.h] rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se> - [ssh-agent.1] typo - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@ - [sshd.c] force logging to stderr while loading private key file (lost while converting to new log-levels)
1999-11-11 - Merged more OpenBSD CVS changes:Damien Miller
- [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal() + krb-cleanup cleanup - [clientloop.c log-client.c log-server.c ] [readconf.c readconf.h servconf.c servconf.h ] [ssh.1 ssh.c ssh.h sshd.8] add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd, obsoletes QuietMode and FascistLogging in sshd.
1999-11-11 - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, tooDamien Miller
- [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
1999-10-29Path fix /etc -> /etc/sshDamien Miller
1999-10-29Re-imported OpenBSD manpagesDamien Miller
1999-10-28Big rename ssh* -> openssh*Damien Miller
1999-10-27Initial revisionDamien Miller