Age | Commit message (Collapse) | Author |
|
being propogated to random PAM modules. Based on patch from Redhat via
Pekka Savola <pekkas@netcore.fi>
|
|
[sshd.c]
end request with 0, not NULL
ok markus@
|
|
Patches by William L. Jones <jones@mail.utexas.edu>
|
|
[sshd.8 sshd.c]
add -t option to test configuration file and keys; pekkas@netcore.fi
ok markus@
|
|
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
servconf.c servconf.h session.c sshconnect1.c sshd.c]
Kerberos v5 support for SSH1, mostly from Assar Westerlund
<assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
|
|
[sshd.c]
pidfile/sigterm race; bbraun@synack.net
|
|
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
readpass.c scp.c servconf.c serverloop.c session.c sftp.c
sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
ssh-keygen.c ssh-keyscan.c]
more strict prototypes. raise warning level in Makefile.inc.
markus ok'ed
TODO; cleanup headers
|
|
[clientloop.c serverloop.c sshd.c]
set flags in the signal handlers, do real work in the main loop,
ok provos@
|
|
[packet.c packet.h sshconnect.c sshd.c]
remove some lines, simplify.
|
|
[misc.c misc.h servconf.c sshd.8 sshd.c]
sshd command-line arguments and configuration file options that
specify time may be expressed using a sequence of the form:
time[qualifier], where time is a positive integer value and qualifier
is one of the following:
<none>,s,m,h,d,w
Examples:
600 600 seconds (10 minutes)
10m 10 minutes
1h30m 1 hour 30 minutes (90 minutes)
ok markus@
|
|
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
improved kbd-interactive support. work by per@appgate.com and me
|
|
[authfile.c ssh-keygen.c sshd.c]
don't use errno for key_{load,save}_private; discussion w/ solar@openwall
|
|
[dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
some unused variable and typos; from tomh@po.crl.go.jp
|
|
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
robust port validation; ok markus@ jakob@
|
|
[sshd.8 sshd.c]
implement the -e option into sshd:
-e When this option is specified, sshd will send the output to the
standard error instead of the system log.
markus@ OK.
|
|
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
sshconnect2.c sshd.c]
fix whitespace: unexpand + trailing spaces.
|
|
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
sshconnect2.c sshd.c]
more robust rekeying
don't send channel data after rekeying is started.
|
|
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
enable server side rekeying + some rekey related clientup.
todo: we should not send any non-KEX messages after we send KEXINIT
|
|
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
don't sent multiple kexinit-requests.
send newkeys, block while waiting for newkeys.
fix comments.
|
|
[kex.c kex.h packet.c sshconnect2.c sshd.c]
undo parts of recent my changes: main part of keyexchange does not
need dispatch-callbacks, since application data is delayed until
the keyexchange completes (if i understand the drafts correctly).
add some infrastructure for re-keying.
|
|
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
move kex to kex*.c, used dispatch_set() callbacks for kex. should
make rekeying easier.
|
|
- djm@cvs.openbsd.org 2001/03/29 23:42:01
[sshd.c]
Protocol 1 key regeneration log => verbose, some KNF; ok markus@
|
|
- stevesk@cvs.openbsd.org 2001/03/29 21:06:21
[sshconnect2.c sshd.c]
need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
|
|
- provos@cvs.openbsd.org 2001/03/28 21:59:41
[kex.c kex.h sshconnect2.c sshd.c]
forgot to include min and max params in hash, okay markus@
|
|
[sshd.c]
call refuse() before close(); from olemx@ans.pl
|
|
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
make dh group exchange more flexible, allow min and max group size,
okay markus@, deraadt@
|
|
[ssh-rsa.c sshd.c]
use EVP_get_digestbynid, reorder some calls and fix missing free.
|
|
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
simpler key load/save interface, see authfile.h
|
|
[session.c sshd.c]
ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
|
|
[compat.c compat.h sshconnect2.c sshd.c]
Compat for OpenSSH with broken Rijndael/AES. ok markus@
|
|
[sshd.c]
do not place linefeeds in buffer
|
|
[compat.c compat.h sshd.c]
specifically version match on ssh scanners. do not log scan
information to the console
|
|
do it implicitly.
|
|
[sshd.c]
typo; slade@shore.net
|
|
[kex.c kex.h sshconnect2.c sshd.c]
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
|
|
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
ssh.c sshconnect.c sshd.c]
log functions should not be passed strings that end in newline as they
get passed on to syslog() and when logging to stderr, do_log() appends
its own newline.
|
|
|
|
[sshd.c]
generate a fake session id, too
|
|
[sshd.c]
the random session key depends now on the session_key_int
sent by the 'attacker'
dig1 = md5(cookie|session_key_int);
dig2 = md5(dig1|cookie|session_key_int);
fake_session_key = dig1|dig2;
this change is caused by a mail from anakin@pobox.com
patch based on discussions with my german advisor niels@openbsd.org
|
|
[sshd.c]
clarify message to make it not mention "ident"
|
|
pty.[ch] -> sshpty.[ch]
|
|
Miskiewicz <misiek@pld.ORG.PL>
|
|
[sshd.c]
missing memset; from solar@openwall.com
|
|
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
1) clean up the MAC support for SSH-2
2) allow you to specify the MAC with 'ssh -m'
3) or the 'MACs' keyword in ssh(d)_config
4) add hmac-{md5,sha1}-96
ok stevesk@, provos@
|
|
[auth1.c auth2.c sshd.c]
move k_setpag() to a central place; ok dugsong@
|
|
sync with netbsd tree changes.
- more strict prototypes, include necessary headers
- use paths.h/pathnames.h decls
- size_t typecase to int -> u_long
|
|
[scp.c sshd.c]
alpha happiness
- stevesk@cvs.openbsd.org 2001/02/04 15:12:17
[sshd.c]
precedence; ok markus@
- deraadt@cvs.openbsd.org 2001/02/04 08:14:15
[ssh.c sshd.c]
make the alpha happy
|
|
[many files; did this manually to our top-level source dir]
unexpand and remove end-of-line whitespace; ok markus@
|
|
- markus@cvs.openbsd.org 2001/01/29 12:47:32
[rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
handle rsa_private_decrypt failures; helps against the Bleichenbacher
pkcs#1 attack
|
|
[sshd.c]
remove -Q, no longer needed
|