20010107

- (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/06 11:23:27
     [ssh-rsa.c]
     remove unused
   - itojun@cvs.openbsd.org 2001/01/05 08:23:29
     [ssh-keyscan.1]
     missing .El
   - markus@cvs.openbsd.org 2001/01/04 22:41:03
     [session.c sshconnect.c]
     consistent use of _PATH_BSHELL; from stevesk@pobox.com
   - djm@cvs.openbsd.org 2001/01/04 22:35:32
     [ssh.1 sshd.8]
     Mention AES as available SSH2 Cipher; ok markus
   - markus@cvs.openbsd.org 2001/01/04 22:25:58
     [sshd.c]
     sync usage()/man with defaults; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/04 22:21:26
     [sshconnect2.c]
     handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
     that prints a banner (e.g. /etc/issue.net)

ChangeLog

@@ -1,3 +1,25 @@
+20010107
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/01/06 11:23:27
+     [ssh-rsa.c]
+     remove unused
+   - itojun@cvs.openbsd.org 2001/01/05 08:23:29
+     [ssh-keyscan.1]
+     missing .El
+   - markus@cvs.openbsd.org 2001/01/04 22:41:03
+     [session.c sshconnect.c]
+     consistent use of _PATH_BSHELL; from stevesk@pobox.com
+   - djm@cvs.openbsd.org 2001/01/04 22:35:32
+     [ssh.1 sshd.8]
+     Mention AES as available SSH2 Cipher; ok markus
+   - markus@cvs.openbsd.org 2001/01/04 22:25:58
+     [sshd.c]
+     sync usage()/man with defaults; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/04 22:21:26
+     [sshconnect2.c]
+     handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
+     that prints a banner (e.g. /etc/issue.net)
+ 
 20010105
  - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
  - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()

session.c

@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.45 2000/12/19 23:17:58 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.46 2001/01/04 22:41:03 markus Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -1336,7 +1336,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
 	if (!options.use_login) {
 		if (stat(SSH_USER_RC, &st) >= 0) {
 			if (debug_flag)
-				fprintf(stderr, "Running "_PATH_BSHELL" %s\n", SSH_USER_RC);
+				fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_USER_RC);
 
 			f = popen(_PATH_BSHELL " " SSH_USER_RC, "w");
 			if (f) {
@@ -1347,7 +1347,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
 				fprintf(stderr, "Could not run %s\n", SSH_USER_RC);
 		} else if (stat(SSH_SYSTEM_RC, &st) >= 0) {
 			if (debug_flag)
-				fprintf(stderr, "Running "_PATH_BSHELL" %s\n", SSH_SYSTEM_RC);
+				fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_SYSTEM_RC);
 
 			f = popen(_PATH_BSHELL " " SSH_SYSTEM_RC, "w");
 			if (f) {

ssh-keyscan.1

@@ -56,6 +56,7 @@ is supplied instead of a filename,
 will read hosts or 
 .Pa addrlist namelist
 pairs from the standard input.
+.El
 .Sh EXAMPLES
 .Pp
 Print the host key for machine

ssh-rsa.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.2 2000/12/19 23:17:58 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.3 2001/01/06 11:23:27 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -37,9 +37,6 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.2 2000/12/19 23:17:58 markus Exp $");
 
 #include "key.h"
 
-#define INTBLOB_LEN	20
-#define SIGBLOB_LEN	(2*INTBLOB_LEN)
-
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
 ssh_rsa_sign(

ssh.1

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.74 2000/12/27 12:30:20 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.75 2001/01/04 22:35:32 djm Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -664,7 +664,7 @@ Specifies the ciphers allowed for protocol version 2
 in order of preference.
 Multiple ciphers must be comma-separated.
 The default is
-.Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour .
+.Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc .
 .It Cm Compression
 Specifies whether to use compression.
 The argument must be

sshconnect.c

@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.88 2001/01/02 20:50:56 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.89 2001/01/04 22:41:03 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dsa.h>

sshconnect2.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.34 2000/12/27 12:34:50 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
@@ -467,6 +467,7 @@ struct Authmethod {
 
 void	input_userauth_success(int type, int plen, void *ctxt);
 void	input_userauth_failure(int type, int plen, void *ctxt);
+void	input_userauth_banner(int type, int plen, void *ctxt);
 void	input_userauth_error(int type, int plen, void *ctxt);
 void	input_userauth_info_req(int type, int plen, void *ctxt);
 
@@ -543,6 +544,7 @@ ssh_userauth2(const char *server_user, char *host)
 	dispatch_init(&input_userauth_error);
 	dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
 	dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
+	dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
 	dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt);	/* loop until success */
 
 	if (authctxt.agent != NULL)
@@ -553,7 +555,19 @@ ssh_userauth2(const char *server_user, char *host)
 void
 input_userauth_error(int type, int plen, void *ctxt)
 {
-	fatal("input_userauth_error: bad message during authentication");
+	fatal("input_userauth_error: bad message during authentication: "
+	   "type %d", type);
+}
+void
+input_userauth_banner(int type, int plen, void *ctxt)
+{
+	char *msg, *lang;
+	debug3("input_userauth_banner");
+	msg = packet_get_string(NULL);
+	lang = packet_get_string(NULL);
+	fprintf(stderr, "%s", msg);
+	xfree(msg);
+	xfree(lang);
 }
 void
 input_userauth_success(int type, int plen, void *ctxt)

sshd.8

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.76 2000/12/28 12:03:57 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.78 2001/01/04 22:35:32 djm Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -337,7 +337,7 @@ By default login is allowed regardless of the user name.
 Specifies the ciphers allowed for protocol version 2.
 Multiple ciphers must be comma-separated.
 The default is
-.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc .
+.Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc .
 .It Cm CheckMail
 Specifies whether
 .Nm

sshd.c

@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.144 2000/12/28 12:03:58 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.145 2001/01/04 22:25:58 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -657,7 +657,7 @@ main(int ac, char **av)
 			fprintf(stderr, "  -q         Quiet (no logging)\n");
 			fprintf(stderr, "  -p port    Listen on the specified port (default: 22)\n");
 			fprintf(stderr, "  -k seconds Regenerate server key every this many seconds (default: 3600)\n");
-			fprintf(stderr, "  -g seconds Grace period for authentication (default: 300)\n");
+			fprintf(stderr, "  -g seconds Grace period for authentication (default: 600)\n");
 			fprintf(stderr, "  -b bits    Size of server RSA key (default: 768 bits)\n");
 			fprintf(stderr, "  -h file    File from which to read host key (default: %s)\n",
 			    HOST_KEY_FILE);