summaryrefslogtreecommitdiff
path: root/sshd.c
AgeCommit message (Collapse)Author
2001-01-18NOTE: This update changes the RSA key generation. *NEW RSA KEYSBen Lindstrom
NEED TO BE GENERATED* =) Refer to to entry "2001/01/16 19:20:06" for more details. 20010118 - (bal) Super Sized OpenBSD Resync - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus [sshd.c] maxfd+1 - markus@cvs.openbsd.org 2001/01/13 17:59:18 [ssh-keygen.1] small ssh-keygen manpage cleanup; stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:03:07 [scp.c ssh-keygen.c sshd.c] getopt() returns -1 not EOF; stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:06:54 [ssh-keyscan.c] use SSH_DEFAULT_PORT; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:12:47 [ssh-keyscan.c] free() -> xfree(); fix memory leak; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:14:13 [ssh-add.c] typo, from stevesk@sweden.hp.com - markus@cvs.openbsd.org 2001/01/13 18:32:50 [packet.c session.c ssh.c sshconnect.c sshd.c] split out keepalive from packet_interactive (from dale@accentre.com) set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too. - markus@cvs.openbsd.org 2001/01/13 18:36:45 [packet.c packet.h] reorder, typo - markus@cvs.openbsd.org 2001/01/13 18:38:00 [auth-options.c] fix comment - markus@cvs.openbsd.org 2001/01/13 18:43:31 [session.c] Wall - markus@cvs.openbsd.org 2001/01/13 19:14:08 [clientloop.h clientloop.c ssh.c] move callback to headerfile - markus@cvs.openbsd.org 2001/01/15 21:40:10 [ssh.c] use log() instead of stderr - markus@cvs.openbsd.org 2001/01/15 21:43:51 [dh.c] use error() not stderr! - markus@cvs.openbsd.org 2001/01/15 21:45:29 [sftp-server.c] rename must fail if newpath exists, debug off by default - markus@cvs.openbsd.org 2001/01/15 21:46:38 [sftp-server.c] readable long listing for sftp-server, ok deraadt@ - markus@cvs.openbsd.org 2001/01/16 19:20:06 [key.c ssh-rsa.c] make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from galb@vandyke.com. note that you have to delete older ssh2-rsa keys, since they are in the wrong format, too. they must be removed from .ssh/authorized_keys2 and .ssh/known_hosts2, etc. (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2) additionally, we now check that BN_num_bits(rsa->n) >= 768. - markus@cvs.openbsd.org 2001/01/16 20:54:27 [sftp-server.c] remove some statics. simpler handles; idea from nisse@lysator.liu.se - deraadt@cvs.openbsd.org 2001/01/16 23:58:08 [bufaux.c radix.c sshconnect.h sshconnect1.c] indent - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may be missing such feature.
2001-01-1120010112Ben Lindstrom
- (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/10 22:56:22 [bufaux.h bufaux.c sftp-server.c sftp.h getput.h] cleanup sftp-server implementation: add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT parse SSH2_FILEXFER_ATTR_EXTENDED send SSH2_FX_EOF if readdir returns no more entries reply to SSH2_FXP_EXTENDED message use #defines from the draft move #definations to sftp.h more info: http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt - markus@cvs.openbsd.org 2001/01/10 19:43:20 [sshd.c] XXX - generate_empheral_server_key() is not safe against races, because it calls log() - markus@cvs.openbsd.org 2001/01/09 21:19:50 [packet.c] allow TCP_NDELAY for ipv6; from netbsd via itojun@
2001-01-0820010108Ben Lindstrom
- (bal) Fixed another typo in cli.c - (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/07 21:26:55 [cli.c] typo - markus@cvs.openbsd.org 2001/01/07 21:26:55 [cli.c] missing free, stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/07 19:06:25 [auth1.c] missing free, stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/07 11:28:04 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h sshd.8 sshd.c] rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE syslog priority changes: fatal() LOG_ERR -> LOG_CRIT log() LOG_INFO -> LOG_NOTICE
2001-01-0620010107Ben Lindstrom
- (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/06 11:23:27 [ssh-rsa.c] remove unused - itojun@cvs.openbsd.org 2001/01/05 08:23:29 [ssh-keyscan.1] missing .El - markus@cvs.openbsd.org 2001/01/04 22:41:03 [session.c sshconnect.c] consistent use of _PATH_BSHELL; from stevesk@pobox.com - djm@cvs.openbsd.org 2001/01/04 22:35:32 [ssh.1 sshd.8] Mention AES as available SSH2 Cipher; ok markus - markus@cvs.openbsd.org 2001/01/04 22:25:58 [sshd.c] sync usage()/man with defaults; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/04 22:21:26 [sshconnect2.c] handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server that prints a banner (e.g. /etc/issue.net)
2000-12-28 - (bal) OpenBSD CVS UpdateBen Lindstrom
- markus@cvs.openbsd.org 2000/12/28 14:25:51 [auth.h auth2.c] count authentication failures only - markus@cvs.openbsd.org 2000/12/28 14:25:03 [sshconnect.c] fingerprint for MITM attacks, too. - markus@cvs.openbsd.org 2000/12/28 12:03:57 [sshd.8 sshd.c] document -D - markus@cvs.openbsd.org 2000/12/27 14:19:21 [serverloop.c] less chatty - markus@cvs.openbsd.org 2000/12/27 12:34 [auth1.c sshconnect2.c sshd.c] typo - markus@cvs.openbsd.org 2000/12/27 12:30:19 [readconf.c readconf.h ssh.1 sshconnect.c] new option: HostKeyAlias: allow the user to record the host key under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine. - markus@cvs.openbsd.org 2000/12/27 11:51:53 [ssh.1 ssh.c] multiple -t force pty allocation, document ORIGINAL_COMMAND - markus@cvs.openbsd.org 2000/12/27 11:41:31 [sshd.8] update for ssh-2
2000-12-22One way to massive patch. <sigh> It compiles and works under Linux..Ben Lindstrom
And I think I have all the bits right from the OpenBSD tree. 20001222 - Updated RCSID for pty.c - (bal) OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/12/21 15:10:16 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - markus@cvs.openbsd.org 2000/12/20 19:26:56 [authfile.c] allow ssh -i userkey for root - markus@cvs.openbsd.org 2000/12/20 19:37:21 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] fix prototypes; from stevesk@pobox.com - markus@cvs.openbsd.org 2000/12/20 19:32:08 [sshd.c] init pointer to NULL; report from Jan.Ivan@cern.ch - markus@cvs.openbsd.org 2000/12/19 23:17:54 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char unsigned' with u_char.
2000-12-15 - provos@cvs.openbsd.org 2000/12/15 10:30:15Kevin Steves
[kex.c kex.h sshconnect2.c sshd.c] compute diffie-hellman in parallel between server and client. okay markus@
2000-12-15 - markus@cvs.openbsd.org 2000/12/12 14:45:21Kevin Steves
[sshd.c] source port < 1024 is no longer required for rhosts-rsa since it adds no additional security. - markus@cvs.openbsd.org 2000/12/12 16:11:49 [ssh.1 ssh.c] rhosts-rsa is no longer automagically disabled if ssh is not privileged. UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers. these changes should not change the visible default behaviour of the ssh client.
2000-12-13 - (stevesk) OpenSSH CVS update:Kevin Steves
- markus@cvs.openbsd.org 2000/12/12 15:30:02 [ssh-keyscan.c ssh.c sshd.c] consistently use __progname; from stevesk@pobox.com
2000-12-0620001206Ben Lindstrom
- (bal) OpenSSH CVS updates: - markus@cvs.openbsd.org 2000/12/05 20:34:09 [channels.c channels.h clientloop.c serverloop.c] async connects for -R/-L; ok deraadt@ - todd@cvs.openssh.org 2000/12/05 16:47:28 [sshd.c] tweak comment to reflect real location of pid file; ok provos@
2000-12-0220001203Ben Lindstrom
- (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/11/30 22:54:31 [channels.c] debug->warn if tried to do -R style fwd w/o client requesting this; ok neils@ - markus@cvs.openbsd.org 2000/11/29 20:39:17 [cipher.c] des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV - markus@cvs.openbsd.org 2000/11/30 18:33:05 [ssh-agent.c] agents must not dump core, ok niels@ - markus@cvs.openbsd.org 2000/11/30 07:04:02 [ssh.1] T is for both protocols - markus@cvs.openbsd.org 2000/12/01 00:00:51 [ssh.1] typo; from green@FreeBSD.org - markus@cvs.openbsd.org 2000/11/30 07:02:35 [ssh.c] check -T before isatty() - provos@cvs.openbsd.org 2000/11/29 13:51:27 [sshconnect.c] show IP address and hostname when new key is encountered. okay markus@ - markus@cvs.openbsd.org 2000/11/30 22:53:35 [sshconnect.c] disable agent/x11/port fwding if hostkey has changed; ok niels@ - marksu@cvs.openbsd.org 2000/11/29 21:11:59 [sshd.c] sshd -D, startup w/o deamon(), for monitoring scripts or inittab; from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
2000-11-17 - (stevek) Reworked progname support.Ben Lindstrom
- (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by Shinichi Maruyama <marya@st.jip.co.jp> I assume the progname patch was finished. I believe stevek is on vacation, but it passes compiling under Linux and NeXTStep.
2000-11-13 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi - markus@cvs.openbsd.org 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - markus@cvs.openbsd.org 2000/11/09 18:04:40 [auth1.c] typo; from mouring@pconline.com - markus@cvs.openbsd.org 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - markus@cvs.openbsd.org 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version
2000-10-14 - (djm) Big OpenBSD sync:Damien Miller
- markus@cvs.openbsd.org 2000/09/30 10:27:44 [log.c] allow loglevel debug - markus@cvs.openbsd.org 2000/10/03 11:59:57 [packet.c] hmac->mac - markus@cvs.openbsd.org 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - markus@cvs.openbsd.org 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - markus@cvs.openbsd.org 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private ssh.com DSA keys, too. - markus@cvs.openbsd.org 2000/10/09 15:32:34 auth-options.c clear options on every call. - markus@cvs.openbsd.org 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <res@shore.net> - markus@cvs.openbsd.org 2000/10/10 14:20:45 compat.c use rexexp for version string matching - provos@cvs.openbsd.org 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - markus@cvs.openbsd.org 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from mouring@pconline.com - markus@cvs.openbsd.org 2000/10/11 14:11:35 [dh.c] Wall - markus@cvs.openbsd.org 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me - markus@cvs.openbsd.org 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - markus@cvs.openbsd.org 2000/10/11 14:45:21 [cipher.c] remove DES - markus@cvs.openbsd.org 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - markus@cvs.openbsd.org 2000/10/12 08:21:13 [kex.h packet.c] remove unused - markus@cvs.openbsd.org 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se - markus@cvs.openbsd.org 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - markus@cvs.openbsd.org 2000/10/13 13:10:54 [sshd.8] more info about -V - markus@cvs.openbsd.org 2000/10/13 13:12:02 [myproposal.h] prefer no compression
2000-09-30 - (djm) Support in bsd-snprintf.c for long long conversions fromDamien Miller
Ben Lindstrom <mouring@pconline.com> - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
2000-09-29 - (djm) Merged big SCO portability patch from Tim RiceDamien Miller
<tim@multitalents.net>
2000-09-23 - (djm) OpenBSD CVS sync:Damien Miller
- markus@cvs.openbsd.org 2000/09/17 09:38:59 [sshconnect2.c sshd.c] fix DEBUG_KEXDH - markus@cvs.openbsd.org 2000/09/17 09:52:51 [sshconnect.c] yes no; ok niels@ - markus@cvs.openbsd.org 2000/09/21 04:55:11 [sshd.8] typo - markus@cvs.openbsd.org 2000/09/21 05:03:54 [serverloop.c] typo - markus@cvs.openbsd.org 2000/09/21 05:11:42 scp.c utime() to utimes(); mouring@pconline.com - markus@cvs.openbsd.org 2000/09/21 05:25:08 sshconnect2.c change login logic in ssh2, allows plugin of other auth methods - markus@cvs.openbsd.org 2000/09/21 05:25:35 [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h] [serverloop.c] add context to dispatch_run - markus@cvs.openbsd.org 2000/09/21 05:07:52 authfd.c authfd.h ssh-agent.c bug compat for old ssh.com software
2000-09-16 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - markus@cvs.openbsd.org 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - markus@cvs.openbsd.org 2000/09/05 13:20:49 [sftp-server.c] cleanup - markus@cvs.openbsd.org 2000/09/06 03:46:41 [authfile.h] prototype - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - markus@cvs.openbsd.org 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - markus@cvs.openbsd.org 2000/09/07 14:53:00 [scp.c] typo - markus@cvs.openbsd.org 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - markus@cvs.openbsd.org 2000/09/08 03:02:51 [README.openssh2] bye bye - deraadt@cvs.openbsd.org 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - markus@cvs.openbsd.org 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - markus@cvs.openbsd.org 2000/09/14 14:25:15 [clientloop.c] typo - deraadt@cvs.openbsd.org 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately
2000-09-05 - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>Damien Miller
2000-08-29 - (djm) Fix ^C ignored issue on Solaris. Diagnosis from GertDamien Miller
Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and Garrick James <garrick@james.net>
2000-08-18 - (djm) OpenBSD CVS changes:Damien Miller
- markus@cvs.openbsd.org 2000/07/22 03:14:37 [servconf.c servconf.h sshd.8 sshd.c sshd_config] random early drop; ok theo, niels - deraadt@cvs.openbsd.org 2000/07/26 11:46:51 [ssh.1] typo - deraadt@cvs.openbsd.org 2000/08/01 11:46:11 [sshd.8] many fixes from pepper@mail.reppep.com - provos@cvs.openbsd.org 2000/08/01 13:01:42 [Makefile.in util.c aux.c] rename aux.c to util.c to help with cygwin port - deraadt@cvs.openbsd.org 2000/08/02 00:23:31 [authfd.c] correct sun_len; Alexander@Leidinger.net - provos@cvs.openbsd.org 2000/08/02 10:27:17 [readconf.c sshd.8] disable kerberos authentication by default - provos@cvs.openbsd.org 2000/08/02 11:27:05 [sshd.8 readconf.c auth-krb4.c] disallow kerberos authentication if we can't verify the TGT; from dugsong@ kerberos authentication is on by default only if you have a srvtab. - markus@cvs.openbsd.org 2000/08/04 14:30:07 [auth.c] unused - markus@cvs.openbsd.org 2000/08/04 14:30:35 [sshd_config] MaxStartups - markus@cvs.openbsd.org 2000/08/15 13:20:46 [authfd.c] cleanup; ok niels@ - markus@cvs.openbsd.org 2000/08/17 14:05:10 [session.c] cleanup login(1)-like jobs, no duplicate utmp entries - markus@cvs.openbsd.org 2000/08/17 14:06:34 [session.c sshd.8 sshd.c] sshd -u len, similar to telnetd
2000-07-21 - (djm) OpenBSD CVS updates:Damien Miller
- markus@cvs.openbsd.org 2000/07/16 02:27:22 [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c] make ssh-add accept dsa keys (the agent does not) - djm@cvs.openbsd.org 2000/07/17 19:25:02 [sshd.c] Another closing of stdin; ok deraadt - markus@cvs.openbsd.org 2000/07/19 18:33:12 [dsa.c] missing free, reorder - markus@cvs.openbsd.org 2000/07/20 16:23:14 [ssh-keygen.1] document input and output files
2000-07-12 - (djm) OpenBSD CVS Updates:Damien Miller
- deraadt@cvs.openbsd.org 2000/07/11 02:11:34 [session.c sshd.c ] make MaxStartups code still work with -d; djm - deraadt@cvs.openbsd.org 2000/07/11 13:17:45 [readconf.c ssh_config] disable FallBackToRsh by default
2000-07-11 - (djm) Fix problem with debug mode and MaxStartupsDamien Miller
2000-07-11 - (djm) OpenBSD CVS updates:Damien Miller
- markus@cvs.openbsd.org 2000/06/26 03:22:29 [authfd.c] cleanup, less cut&paste - markus@cvs.openbsd.org 2000/06/26 15:59:19 [servconf.c servconf.h session.c sshd.8 sshd.c] MaxStartups: limit number of unauthenticated connections, work by theo and me - deraadt@cvs.openbsd.org 2000/07/05 14:18:07 [session.c] use no_x11_forwarding_flag correctly; provos ok - provos@cvs.openbsd.org 2000/07/05 15:35:57 [sshd.c] typo - aaron@cvs.openbsd.org 2000/07/05 22:06:58 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8] Insert more missing .El directives. Our troff really should identify these and spit out a warning. - todd@cvs.openbsd.org 2000/07/06 21:55:04 [auth-rsa.c auth2.c ssh-keygen.c] clean code is good code - deraadt@cvs.openbsd.org 2000/07/07 02:14:29 [serverloop.c] sense of port forwarding flag test was backwards - provos@cvs.openbsd.org 2000/07/08 17:17:31 [compat.c readconf.c] replace strtok with strsep; from David Young <dyoung@onthejob.net> - deraadt@cvs.openbsd.org 2000/07/08 19:21:15 [auth.h] KNF - ho@cvs.openbsd.org 2000/07/08 19:27:33 [compat.c readconf.c] Better conditions for strsep() ending. - ho@cvs.openbsd.org 2000/07/10 10:27:05 [readconf.c] Get the correct message on errors. (niels@ ok) - ho@cvs.openbsd.org 2000/07/10 10:30:25 [cipher.c kex.c servconf.c] strtok() --> strsep(). (niels@ ok)
2000-07-09 - (djm) Fix pam sprintf fixDamien Miller
- (djm) Cleanup entropy collection code a little more. Split initialisation from seeding, perform intialisation immediatly at start, be careful with uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
2000-06-28 - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIADamien Miller
support. Enable using "USE_SIA=1 ./configure [options]"
2000-06-23 - OpenBSD CVS Updates:Damien Miller
- markus@cvs.openbsd.org 2000/06/22 10:32:27 [sshd.c] missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL - djm@cvs.openbsd.org 2000/06/22 17:55:00 [auth-krb4.c key.c radix.c uuencode.c] Missing CVS idents; ok markus
2000-05-30 - OpenBSD CVS updates:Damien Miller
- markus@cvs.openbsd.org [session.c] make x11-fwd work w/ localhost (xauth add host/unix:11) [cipher.c compat.c readconf.c servconf.c] check strtok() != NULL; ok niels@ [key.c] fix key_read() for uuencoded keys w/o '=' [serverloop.c] group ssh1 vs. ssh2 in serverloop [kex.c kex.h myproposal.h sshconnect2.c sshd.c] split kexinit/kexdh, factor out common code [readconf.c ssh.1 ssh.c] forwardagent defaults to no, add ssh -A - theo@cvs.openbsd.org [session.c] just some line shortening
2000-05-20 - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>Damien Miller
2000-05-17 - RSAless operation patch from kevin_oconnor@standardandpoors.comDamien Miller
2000-05-17 - OpenBSD CVS update:Damien Miller
- markus@cvs.openbsd.org [ssh.c] fix usage() [ssh2.h] draft-ietf-secsh-architecture-05.txt [ssh.1] document ssh -T -N (ssh2 only) [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c] enable nonblocking IO for sshd w/ proto 1, too; split out common code [aux.c] missing include
2000-05-07 - Remove references to SSLeay.Damien Miller
- Big OpenBSD CVS update - markus@cvs.openbsd.org [clientloop.c] - typo [session.c] - update proctitle on pty alloc/dealloc, e.g. w/ windows client [session.c] - update proctitle for proto 1, too [channels.h nchan.c serverloop.c session.c sshd.c] - use c-style comments - deraadt@cvs.openbsd.org [scp.c] - more atomicio - markus@cvs.openbsd.org [channels.c] - set O_NONBLOCK [ssh.1] - update AUTHOR [readconf.c ssh-keygen.c ssh.h] - default DSA key file ~/.ssh/id_dsa [clientloop.c] - typo, rm verbose debug - deraadt@cvs.openbsd.org [ssh-keygen.1] - document DSA use of ssh-keygen [sshd.8] - a start at describing what i understand of the DSA side [ssh-keygen.1] - document -X and -x [ssh-keygen.c] - simplify usage - markus@cvs.openbsd.org [sshd.8] - there is no rhosts_dsa [ssh-keygen.1] - document -y, update -X,-x [nchan.c] - fix close for non-open ssh1 channels [servconf.c servconf.h ssh.h sshd.8 sshd.c ] - s/DsaKey/HostDSAKey/, document option [sshconnect2.c] - respect number_of_password_prompts [channels.c channels.h servconf.c servconf.h session.c sshd.8] - GatewayPorts for sshd, ok deraadt@ [ssh-add.1 ssh-agent.1 ssh.1] - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2 [ssh.1] - more info on proto 2 [sshd.8] - sync AUTHOR w/ ssh.1 [key.c key.h sshconnect.c] - print key type when talking about host keys [packet.c] - clear padding in ssh2 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h] - replace broken uuencode w/ libc b64_ntop [auth2.c] - log failure before sending the reply [key.c radix.c uuencode.c] - remote trailing comments before calling __b64_pton [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1] [sshconnect2.c sshd.8] - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-02 - OpenBSD CVS updateDamien Miller
[channels.c] - init all fds, close all fds. [sshconnect2.c] - check whether file exists before asking for passphrase [servconf.c servconf.h sshd.8 sshd.c] - PidFile, pr 1210 [channels.c] - EINTR [channels.c] - unbreak, ok niels@ [sshd.c] - unlink pid file, ok niels@ [auth2.c] - Add missing #ifdefs; ok - markus
2000-04-29 - Merge big update to OpenSSH-2.0 from OpenBSD CVSDamien Miller
[README.openssh2] - interop w/ F-secure windows client - sync documentation - ssh_host_dsa_key not ssh_dsa_key [auth-rsa.c] - missing fclose [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c] [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c] [sshd.c uuencode.c uuencode.h authfile.h] - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX] for trading keys with the real and the original SSH, directly from the people who invented the SSH protocol. [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h] [sshconnect1.c sshconnect2.c] - split auth/sshconnect in one file per protocol version [sshconnect2.c] - remove debug [uuencode.c] - add trailing = [version.h] - OpenSSH-2.0 [ssh-keygen.1 ssh-keygen.c] - add -R flag: exit code indicates if RSA is alive [sshd.c] - remove unused silent if -Q is specified [ssh.h] - host key becomes /etc/ssh_host_dsa_key [readconf.c servconf.c ] - ssh/sshd default to proto 1 and 2 [uuencode.c] - remove debug [auth2.c ssh-keygen.c sshconnect2.c sshd.c] - xfree DSA blobs [auth2.c serverloop.c session.c] - cleanup logging for sshd/2, respect PasswordAuth no [sshconnect2.c] - less debug, respect .ssh/config [README.openssh2 channels.c channels.h] - clientloop.c session.c ssh.c - support for x11-fwding, client+server
2000-04-20 - Sync with OpenBSD CVS:Damien Miller
[clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c] - pid_t [session.c] - remove bogus chan_read_failed. this could cause data corruption (missing data) at end of a SSH2 session.
2000-04-19 - OpenBSD CVS updatesDamien Miller
[channels.c] - fix pr 1196, listen_port and port_to_connect interchanged [scp.c] - after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch [ssh_config sshd_config] - show 'Protocol' as an example, ok markus@ [sshd.c] - missing xfree() - Add missing header to bsd-misc.c
2000-04-16 - Reduce diff against OpenBSD sourceDamien Miller
- All OpenSSL includes are now unconditionally referenced as openssl/foo.h - Pick up formatting changes - Other minor changed (typecasts, etc) that I missed
2000-04-16 - OpenBSD CVS updates.Damien Miller
[ssh.1 ssh.c] - ssh -2 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] [session.c sshconnect.c] - check payload for (illegal) extra data [ALL] - whitespace cleanup
2000-04-13 - Merged OpenBSD updates to include paths.Damien Miller
2000-04-12 - OpenBSD CVS updates:Damien Miller
- [channels.c] repair x11-fwd - [sshconnect.c] fix passwd prompt for ssh2, less debugging output. - [clientloop.c compat.c dsa.c kex.c sshd.c] less debugging output - [kex.c kex.h sshconnect.c sshd.c] check for reasonable public DH values - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c] [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c] add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc' - [sshd.c] print 1.99 only if server supports both
2000-04-12 - More large OpenBSD CVS updates:Damien Miller
- [auth.c auth.h servconf.c servconf.h serverloop.c session.c] [session.h ssh.h sshd.c README.openssh2] ssh2 server side, see README.openssh2; enable with 'sshd -2' - [channels.c] no adjust after close - [sshd.c compat.c ] interop w/ latest ssh.com windows client.
2000-04-06 - OpenBSD CVS update:Damien Miller
- [channels.c] close efd on eof - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h] ssh2 client implementation, interops w/ ssh.com and lsh servers. - [sshconnect.c] missing free. - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c] remove unused argument, split cipher_mask() - [clientloop.c] re-order: group ssh1 vs. ssh2 - Make Redhat spec require openssl >= 0.9.5a
2000-04-01 - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)Damien Miller
- [auth.c session.c sshd.c auth.h] split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal - [bufaux.c bufaux.h] support ssh2 bignums - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c] [readconf.c ssh.c ssh.h serverloop.c] replace big switch() with function tables (prepare for ssh2) - [ssh2.h] ssh2 message type codes - [sshd.8] reorder Xr to avoid cutting - [serverloop.c] close(fdin) if fdin != fdout, shutdown otherwise, ok theo@ - [channels.c] missing close allow bigger packets - [cipher.c cipher.h] support ssh2 ciphers - [compress.c] cleanup, less code - [dispatch.c dispatch.h] function tables for different message types - [log-server.c] do not log() if debuggin to stderr rename a cpp symbol, to avoid param.h collision - [mpaux.c] KNF - [nchan.c] sync w/ channels.c
2000-03-26 - OpenBSD CVS updateDamien Miller
- [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
2000-03-17 - OpenBSD CVS updates:Damien Miller
- [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c] [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c] [sshd.c] pedantic: signed vs. unsigned, void*-arithm, etc - [ssh.1 sshd.8] Various cleanups and standardizations.
2000-03-11 - OpenBSD CVS changeDamien Miller
[sshd.c] - disallow guessing of root password
2000-03-09 - OpenBSD CVS updates to v1.2.3Damien Miller
[ssh.h atomicio.c] - int atomicio -> ssize_t (for alpha). ok deraadt@ [auth-rsa.c] - delay MD5 computation until client sends response, free() early, cleanup. [cipher.c] - void* -> unsigned char*, ok niels@ [hostfile.c] - remove unused variable 'len'. fix comments. - remove unused variable [log-client.c log-server.c] - rename a cpp symbol, to avoid param.h collision [packet.c] - missing xfree() - getsockname() requires initialized tolen; andy@guildsoftware.com - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; from Holger.Trapp@Informatik.TU-Chemnitz.DE [pty.c pty.h] - register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@ [readconf.c] - turn off x11-fwd for the client, too. [rsa.c] - PKCS#1 padding [scp.c] - allow '.' in usernames; from jedgar@fxp.org [servconf.c] - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de - sync with sshd_config [ssh-keygen.c] - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@ [ssh.1] - Change invalid 'CHAT' loglevel to 'VERBOSE' [ssh.c] - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp - turn off x11-fwd for the client, too. [sshconnect.c] - missing xfree() - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp. - read error vs. "Connection closed by remote host" [sshd.8] - ie. -> i.e., - do not link to a commercial page.. - sync with sshd_config [sshd.c] - no need for poll.h; from bright@wintelcom.net - log with level log() not fatal() if peer behaves badly. - don't panic if client behaves strange. ok deraadt@ - make no-port-forwarding for RSA keys deny both -L and -R style fwding - delay close() of pty until the pty has been chowned back to root - oops, fix comment, too. - missing xfree() - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too. (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907) - register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@ - create x11 cookie file - fix pr 1113, fclose() -> pclose(), todo: remote popen() - version 1.2.3 - Cleaned up
2000-03-03 - Don't permanently fail on bind() if getaddrinfo has more choices left forDamien Miller
us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz Miskiewicz <misiek@pld.org.pl>
2000-03-02 - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.deDamien Miller