summaryrefslogtreecommitdiff
path: root/sshconnect2.c
AgeCommit message (Collapse)Author
2003-04-01 - markus@cvs.openbsd.org 2003/04/01 10:10:23Damien Miller
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] rekeying bugfixes and automatic rekeying: * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying - markus@cvs.openbsd.org 2003/04/01 10:22:21 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] backout rekeying changes (for 3.6.1)
2003-03-10- (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/03/05 22:33:43 [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c] [sftp-server.c ssh-add.c sshconnect2.c] fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
2003-02-24 - markus@cvs.openbsd.org 2003/02/16 17:09:57Damien Miller
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c] split kex into client and server code, no need to link server code into the client; ok provos@
2002-12-23 - (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs sinceBen Lindstrom
we already did s/msg_send/ssh_msg_send/
2002-12-23 - markus@cvs.openbsd.org 2002/12/13 10:03:15Ben Lindstrom
[channels.c misc.c sshconnect2.c] cleanup debug messages, more useful information for the client user.
2002-12-23 - markus@cvs.openbsd.org 2002/11/21 22:45:31Ben Lindstrom
[cipher.c kex.c packet.c sshconnect.c sshconnect2.c] debug->debug2, unify debug messages
2002-10-04 - (djm) Bug #406: s/msg_send/ssh_msg_send/ for Mac OS X 1.2Damien Miller
2002-07-04 - markus@cvs.openbsd.org 2002/07/01 19:48:46Ben Lindstrom
[sshconnect2.c] for compression=yes, we fallback to no-compression if the server does not support compression, vice versa for compression=no. ok mouring@
2002-07-04 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45Ben Lindstrom
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c sshconnect2.c sshd.c] minor KNF
2002-06-23 - deraadt@cvs.openbsd.org 2002/06/23 03:30:58Ben Lindstrom
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c sshpty.c] various KNF and %d for unsigned
2002-06-21 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55Ben Lindstrom
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c xmalloc.h] KNF done automatically while reading....
2002-06-06 - markus@cvs.openbsd.org 2002/05/31 10:30:33Ben Lindstrom
[sshconnect2.c] extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
2002-06-06 - markus@cvs.openbsd.org 2002/05/25 08:50:39Ben Lindstrom
[sshconnect2.c] execlp->execl; from stevesk
2002-06-06 - markus@cvs.openbsd.org 2002/05/24 08:45:14Ben Lindstrom
[sshconnect2.c] stat ssh-keysign first, print error if stat fails; some debug->error; fix comment
2002-06-06 - markus@cvs.openbsd.org 2002/05/23 19:24:30Ben Lindstrom
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in] add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys). Note: Makefile.in untested. Will test after merge is finished.
2002-03-31[sshconnect2.c] change uint32_t to u_int32_tTim Rice
2002-03-27 - markus@cvs.openbsd.org 2002/03/26 15:58:46Ben Lindstrom
[readpass.c readpass.h sshconnect2.c] client side support for PASSWD_CHANGEREQ
2002-03-22 - markus@cvs.openbsd.org 2002/03/19 10:49:35Ben Lindstrom
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c ttymodes.c] KNF whitespace
2002-02-26 - markus@cvs.openbsd.org 2002/02/25 16:33:27Ben Lindstrom
[ssh-keygen.c sshconnect2.c uuencode.c uuencode.h] more u_* fixes
2002-02-26 - markus@cvs.openbsd.org 2002/02/24 19:14:59Ben Lindstrom
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c] signed vs. unsigned: make size arguments u_int, ok stevesk@
2002-02-05 - markus@cvs.openbsd.org 2002/02/03 17:59:23Damien Miller
[sshconnect2.c] more cross checking if announced vs. used key type; ok stevesk@
2002-02-05 - markus@cvs.openbsd.org 2002/01/25 21:00:24Damien Miller
[sshconnect2.c] unused include
2002-01-22 - markus@cvs.openbsd.org 2002/01/13 17:57:37Damien Miller
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c] use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2002-01-22 - markus@cvs.openbsd.org 2001/12/28 15:06:00Damien Miller
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c] remove plen from the dispatch fn. it's no longer used.
2002-01-22 - markus@cvs.openbsd.org 2001/12/28 14:50:54Damien Miller
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c] packet_read* no longer return the packet length, since it's not used.
2002-01-22 - markus@cvs.openbsd.org 2001/12/27 20:39:58Damien Miller
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c] get rid of packet_integrity_check, use packet_done() instead.
2001-12-21 - djm@cvs.openbsd.org 2001/12/20 22:50:24Damien Miller
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c] [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c] [sshconnect2.c] Conformance fix: we should send failing packet sequence number when responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by yakk@yakk.dot.net; ok markus@
2001-12-21 - deraadt@cvs.openbsd.org 2001/12/19 07:18:56Damien Miller
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else
2001-12-06 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12Ben Lindstrom
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c] minor KNF
2001-12-06 - itojun@cvs.openbsd.org 2001/12/05 03:56:39Ben Lindstrom
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c sshconnect2.c] make it compile with more strict prototype checking
2001-11-12 - markus@cvs.openbsd.org 2001/11/07 16:03:17Damien Miller
[packet.c packet.h sshconnect2.c] pad using the padding field from the ssh2 packet instead of sending extra ignore messages. tested against several other ssh servers.
2001-11-12 - markus@cvs.openbsd.org 2001/10/29 19:27:15Damien Miller
[sshconnect2.c] hostbased: check for client hostkey before building chost
2001-10-10 - markus@cvs.openbsd.org 2001/10/06 11:18:19Damien Miller
[sshconnect1.c sshconnect2.c sshconnect.c] unify hostkey check error messages, simplify prompt.
2001-09-12 - markus@cvs.openbsd.org 2001/08/31 11:46:39Ben Lindstrom
[sshconnect2.c] disable kbd-interactive if we don't get SSH2_MSG_USERAUTH_INFO_REQUEST messages
2001-08-06 - markus@cvs.openbsd.org 2001/07/23 09:06:28Ben Lindstrom
[sshconnect2.c] reorder default sequence of userauth methods to match ssh behaviour: hostbased,publickey,keyboard-interactive,password
2001-07-04 - markus@cvs.openbsd.org 2001/06/26 20:14:11Ben Lindstrom
[key.c key.h ssh.c sshconnect1.c sshconnect2.c] add smartcard support to the client, too (now you can use both the agent and the client).
2001-07-04 - stevesk@cvs.openbsd.org 2001/06/25 20:26:37Ben Lindstrom
[auth2.c sshconnect2.c] prototype cleanup; ok markus@
2001-06-25 - markus@cvs.openbsd.org 2001/06/24 05:47:13Ben Lindstrom
[sshconnect2.c] oops, missing format string
2001-06-25 - markus@cvs.openbsd.org 2001/06/24 05:35:33Ben Lindstrom
[readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c] switch to readpassphrase(3) 2.7/8-stable needs readpassphrase.[ch] from libc
2001-06-25 - itojun@cvs.openbsd.org 2001/06/23 15:12:20Ben Lindstrom
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c canohost.c channels.c cipher.c clientloop.c deattack.c dh.c hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c readpass.c scp.c servconf.c serverloop.c session.c sftp.c sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c ssh-keygen.c ssh-keyscan.c] more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
2001-06-25 - markus@cvs.openbsd.org 2001/06/23 02:34:33Ben Lindstrom
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1 sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8] get rid of known_hosts2, use it for hostkey lookup, but do not modify.
2001-06-05 - markus@cvs.openbsd.org 2001/05/19 16:32:16Ben Lindstrom
[ssh.1 sshconnect2.c] change preferredauthentication order to publickey,hostbased,password,keyboard-interactive document that hostbased defaults to no, document order
2001-06-05 - markus@cvs.openbsd.org 2001/05/18 14:13:29Ben Lindstrom
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] improved kbd-interactive support. work by per@appgate.com and me
2001-04-19 - markus@cvs.openbsd.org 2001/04/18 23:43:26Ben Lindstrom
[auth2.c compat.c sshconnect2.c] more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now (however the 2.1.0 server seems to work only if debug is enabled...)
2001-04-19 - markus@cvs.openbsd.org 2001/04/18 22:03:45Ben Lindstrom
[auth2.c sshconnect2.c] use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
2001-04-17 - markus@cvs.openbsd.org 2001/04/17 10:53:26Ben Lindstrom
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c] add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
2001-04-15 - markus@cvs.openbsd.org 2001/04/15 08:43:47Ben Lindstrom
[dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c] some unused variable and typos; from tomh@po.crl.go.jp
2001-04-12 - markus@cvs.openbsd.org 2001/04/12 19:15:26Ben Lindstrom
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd_config] implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
2001-04-05 - markus@cvs.openbsd.org 2001/04/05 10:42:57Ben Lindstrom
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c sshconnect2.c sshd.c] fix whitespace: unexpand + trailing spaces.
2001-04-04 - markus@cvs.openbsd.org 2001/04/04 20:25:38Ben Lindstrom
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c] more robust rekeying don't send channel data after rekeying is started.