Age | Commit message (Collapse) | Author |
|
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
|
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
xmalloc.h]
KNF done automatically while reading....
|
|
[ssh.c sshconnect.c sshconnect.h]
no longer use uidswap.[ch] from the ssh client
run less code with euid==0 if ssh is installed setuid root
just switch the euid, don't switch the complete set of groups
(this is only needed by sshd). ok provos@
|
|
sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand
independant of them)
|
|
|
|
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
|
|
[session.c]
chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
|
|
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
canohost.h channels.h cipher.h clientloop.h compat.h compress.h
crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
tildexpand.h uidswap.h uuencode.h xmalloc.h]
remove comments from .h, since they are cut&paste from the .c files
and out of sync
|
|
[servconf.h serverloop.h session.h sftp-client.h sftp-common.h
sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h
ssh-rsa.h tildexpand.h uidswap.h uuencode.h xmalloc.h]
prototype pedant. not very creative...
- () -> (void)
- no variable names
|
|
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
get rid of known_hosts2, use it for hostkey lookup, but do not
modify.
|
|
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
sshconnect2.c sshd_config]
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)
|
|
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
do gid/groups-swap in addition to uid-swap, should help if /home/group
is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
to olar@openwall.com is comments. we had many requests for this.
|
|
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
simpler key load/save interface, see authfile.h
|
|
- markus@cvs.openbsd.org 2001/02/15 16:19:59
[channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
[sshconnect1.c sshconnect2.c]
genericize password padding function for SSH1 and SSH2.
add stylized echo to 2, too.
- (djm) Add roundup() macro to defines.h
|
|
[atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
$OpenBSD$
|
|
Linux and works. So that is at least a good sign. =)
20010122
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
[servconf.c ssh.h sshd.c]
only auth-chall.c needs #ifdef SKEY
- markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
[auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
ssh1.h sshconnect1.c sshd.c ttymodes.c]
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
- markus@cvs.openbsd.org 2001/01/19 16:48:14
[sshd.8]
fix typo; from stevesk@
- markus@cvs.openbsd.org 2001/01/19 16:50:58
[ssh-dss.c]
clear and free digest, make consistent with other code (use dlen); from
stevesk@
- markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
[auth-options.c auth-options.h auth-rsa.c auth2.c]
pass the filename to auth_parse_options()
- markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
[readconf.c]
fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
- stevesk@cvs.openbsd.org 2001/01/20 18:20:29
[sshconnect2.c]
dh_new_group() does not return NULL. ok markus@
- markus@cvs.openbsd.org 2001/01/20 21:33:42
[ssh-add.c]
do not loop forever if askpass does not exist; from
andrew@pimlott.ne.mediaone.net
- djm@cvs.openbsd.org 2001/01/20 23:00:56
[servconf.c]
Check for NULL return from strdelim; ok markus
- djm@cvs.openbsd.org 2001/01/20 23:02:07
[readconf.c]
KNF; ok markus
- jakob@cvs.openbsd.org 2001/01/21 9:00:33
[ssh-keygen.1]
remove -R flag; ok markus@
- markus@cvs.openbsd.org 2001/01/21 19:05:40
[atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
key.c key.h log-client.c log-server.c log.c log.h login.c login.h
match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
ttysmodes.c uidswap.c xmalloc.c]
split ssh.h and try to cleanup the #include mess. remove unnecessary
#includes. rename util.[ch] -> misc.[ch]
- (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
- (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
conflict when compiling for non-kerb install
- (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
on 1/19.
|
|
NEED TO BE GENERATED* =) Refer to to entry "2001/01/16 19:20:06"
for more details.
20010118
- (bal) Super Sized OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
[sshd.c]
maxfd+1
- markus@cvs.openbsd.org 2001/01/13 17:59:18
[ssh-keygen.1]
small ssh-keygen manpage cleanup; stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:03:07
[scp.c ssh-keygen.c sshd.c]
getopt() returns -1 not EOF; stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:06:54
[ssh-keyscan.c]
use SSH_DEFAULT_PORT; from stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:12:47
[ssh-keyscan.c]
free() -> xfree(); fix memory leak; from stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:14:13
[ssh-add.c]
typo, from stevesk@sweden.hp.com
- markus@cvs.openbsd.org 2001/01/13 18:32:50
[packet.c session.c ssh.c sshconnect.c sshd.c]
split out keepalive from packet_interactive (from dale@accentre.com)
set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
- markus@cvs.openbsd.org 2001/01/13 18:36:45
[packet.c packet.h]
reorder, typo
- markus@cvs.openbsd.org 2001/01/13 18:38:00
[auth-options.c]
fix comment
- markus@cvs.openbsd.org 2001/01/13 18:43:31
[session.c]
Wall
- markus@cvs.openbsd.org 2001/01/13 19:14:08
[clientloop.h clientloop.c ssh.c]
move callback to headerfile
- markus@cvs.openbsd.org 2001/01/15 21:40:10
[ssh.c]
use log() instead of stderr
- markus@cvs.openbsd.org 2001/01/15 21:43:51
[dh.c]
use error() not stderr!
- markus@cvs.openbsd.org 2001/01/15 21:45:29
[sftp-server.c]
rename must fail if newpath exists, debug off by default
- markus@cvs.openbsd.org 2001/01/15 21:46:38
[sftp-server.c]
readable long listing for sftp-server, ok deraadt@
- markus@cvs.openbsd.org 2001/01/16 19:20:06
[key.c ssh-rsa.c]
make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
since they are in the wrong format, too. they must be removed from
.ssh/authorized_keys2 and .ssh/known_hosts2, etc.
(cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
.ssh/authorized_keys2) additionally, we now check that
BN_num_bits(rsa->n) >= 768.
- markus@cvs.openbsd.org 2001/01/16 20:54:27
[sftp-server.c]
remove some statics. simpler handles; idea from nisse@lysator.liu.se
- deraadt@cvs.openbsd.org 2001/01/16 23:58:08
[bufaux.c radix.c sshconnect.h sshconnect1.c]
indent
- (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
be missing such feature.
|
|
- markus@cvs.openbsd.org 2000/09/05 02:59:57
[session.c]
print hostname (not hushlogin)
- markus@cvs.openbsd.org 2000/09/05 13:18:48
[authfile.c ssh-add.c]
enable ssh-add -d for DSA keys
- markus@cvs.openbsd.org 2000/09/05 13:20:49
[sftp-server.c]
cleanup
- markus@cvs.openbsd.org 2000/09/06 03:46:41
[authfile.h]
prototype
- deraadt@cvs.openbsd.org 2000/09/07 14:27:56
[ALL]
cleanup copyright notices on all files. I have attempted to be
accurate with the details. everything is now under Tatu's licence
(which I copied from his readme), and/or the core-sdi bsd-ish thing
for deattack, or various openbsd developers under a 2-term bsd
licence. We're not changing any rules, just being accurate.
- markus@cvs.openbsd.org 2000/09/07 14:40:30
[channels.c channels.h clientloop.c serverloop.c ssh.c]
cleanup window and packet sizes for ssh2 flow control; ok niels
- markus@cvs.openbsd.org 2000/09/07 14:53:00
[scp.c]
typo
- markus@cvs.openbsd.org 2000/09/07 15:13:37
[auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
[authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
[pty.c readconf.c]
some more Copyright fixes
- markus@cvs.openbsd.org 2000/09/08 03:02:51
[README.openssh2]
bye bye
- deraadt@cvs.openbsd.org 2000/09/11 18:38:33
[LICENCE cipher.c]
a few more comments about it being ARC4 not RC4
- markus@cvs.openbsd.org 2000/09/12 14:53:11
[log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
multiple debug levels
- markus@cvs.openbsd.org 2000/09/14 14:25:15
[clientloop.c]
typo
- deraadt@cvs.openbsd.org 2000/09/15 01:13:51
[ssh-agent.c]
check return value for setenv(3) for failure, and deal appropriately
|
|
[README.openssh2]
- interop w/ F-secure windows client
- sync documentation
- ssh_host_dsa_key not ssh_dsa_key
[auth-rsa.c]
- missing fclose
[auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
[readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
[sshd.c uuencode.c uuencode.h authfile.h]
- add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
for trading keys with the real and the original SSH, directly from the
people who invented the SSH protocol.
[auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
[sshconnect1.c sshconnect2.c]
- split auth/sshconnect in one file per protocol version
[sshconnect2.c]
- remove debug
[uuencode.c]
- add trailing =
[version.h]
- OpenSSH-2.0
[ssh-keygen.1 ssh-keygen.c]
- add -R flag: exit code indicates if RSA is alive
[sshd.c]
- remove unused
silent if -Q is specified
[ssh.h]
- host key becomes /etc/ssh_host_dsa_key
[readconf.c servconf.c ]
- ssh/sshd default to proto 1 and 2
[uuencode.c]
- remove debug
[auth2.c ssh-keygen.c sshconnect2.c sshd.c]
- xfree DSA blobs
[auth2.c serverloop.c session.c]
- cleanup logging for sshd/2, respect PasswordAuth no
[sshconnect2.c]
- less debug, respect .ssh/config
[README.openssh2 channels.c channels.h]
- clientloop.c session.c ssh.c
- support for x11-fwding, client+server
|