Commit Graph

497 Commits

Author SHA1 Message Date
Damien Miller 689b872842 - djm@cvs.openbsd.org 2010/03/04 23:27:25
[auth-options.c ssh-keygen.c]
     "force-command" is not spelled "forced-command"; spotted by
     imorgan AT nas.nasa.gov
2010-03-05 10:42:24 +11:00
Damien Miller f2b70cad75 - djm@cvs.openbsd.org 2010/03/04 20:35:08
[ssh-keygen.1 ssh-keygen.c]
     Add a -L flag to print the contents of a certificate; ok markus@
2010-03-05 07:39:35 +11:00
Damien Miller 1aed65eb27 - djm@cvs.openbsd.org 2010/03/04 10:36:03
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
     [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
     [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
     Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
     are trusted to authenticate users (in addition than doing it per-user
     in authorized_keys).

     Add a RevokedKeys option to sshd_config and a @revoked marker to
     known_hosts to allow keys to me revoked and banned for user or host
     authentication.

     feedback and ok markus@
2010-03-04 21:53:35 +11:00
Damien Miller 910f209c1d - (djm) [ssh-keygen.c] Use correct local variable, instead of
maybe-undefined global "optarg"
2010-03-04 14:17:22 +11:00
Damien Miller 2ca342b84b - djm@cvs.openbsd.org 2010/03/02 23:20:57
[ssh-keygen.c]
     POSIX strptime is stricter than OpenBSD's so do a little dance to
     appease it.
2010-03-03 12:14:15 +11:00
Damien Miller 0a80ca190a - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/02/26 20:29:54
     [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
     [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
     [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
     [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
     [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
     [sshconnect2.c sshd.8 sshd.c sshd_config.5]
     Add support for certificate key types for users and hosts.

     OpenSSH certificate key types are not X.509 certificates, but a much
     simpler format that encodes a public key, identity information and
     some validity constraints and signs it with a CA key. CA keys are
     regular SSH keys. This certificate style avoids the attack surface
     of X.509 certificates and is very easy to deploy.

     Certified host keys allow automatic acceptance of new host keys
     when a CA certificate is marked as sh/known_hosts.
     see VERIFYING HOST KEYS in ssh(1) for details.

     Certified user keys allow authentication of users when the signing
     CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
     FILE FORMAT" in sshd(8) for details.

     Certificates are minted using ssh-keygen(1), documentation is in
     the "CERTIFICATES" section of that manpage.

     Documentation on the format of certificates is in the file
     PROTOCOL.certkeys

     feedback and ok markus@
2010-02-27 07:55:05 +11:00
Damien Miller 86cbb44d47 - djm@cvs.openbsd.org 2010/02/09 00:50:59
[ssh-keygen.c]
     fix -Wall
2010-02-12 09:22:57 +11:00
Damien Miller 7ea845e48d - markus@cvs.openbsd.org 2010/02/08 10:50:20
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
     replace our obsolete smartcard code with PKCS#11.
        ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
     ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
     provider (shared library) while ssh-agent(1) delegates PKCS#11 to
     a forked a ssh-pkcs11-helper process.
     PKCS#11 is currently a compile time option.
     feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
2010-02-12 09:21:02 +11:00
Darren Tucker d04758dc4c - djm@cvs.openbsd.org 2010/01/11 10:51:07
[ssh-keygen.c]
     when converting keys, truncate key comments at 72 chars as per RFC4716;
     bz#1630 reported by tj AT castaglia.org; ok markus@
2010-01-12 19:41:57 +11:00
Darren Tucker 9bcd25b78b - djm@cvs.openbsd.org 2009/08/27 17:33:49
[ssh-keygen.c]
     force use of correct hash function for random-art signature display
     as it was inheriting the wrong one when bubblebabble signatures were
     activated; bz#1611 report and patch from fwojcik+openssh AT besh.com;
     ok markus@
2009-10-07 08:45:48 +11:00
Darren Tucker 821d3dbe36 - dtucker@cvs.openbsd.org 2009/06/22 05:39:28
[monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c]
     alphabetize includes; reduces diff vs portable and style(9).
     ok stevesk djm
     (Id sync only; these were already in order in -portable)
2009-06-22 16:11:06 +10:00
Damien Miller 9eab9564d5 - (djm) OpenBSD CVS Sync
- tobias@cvs.openbsd.org 2009/02/21 19:32:04
     [misc.c sftp-server-main.c ssh-keygen.c]
     Added missing newlines in error messages.
     ok dtucker
2009-02-22 08:47:02 +11:00
Darren Tucker e15fb09847 - stevesk@cvs.openbsd.org 2008/11/07 00:42:12
[ssh-keygen.c]
     spelling/typo in comment
2008-11-11 16:31:43 +11:00
Damien Miller 81dec0589a - sthen@cvs.openbsd.org 2008/07/13 21:22:52
[ssh-keygen.c]
     Change "ssh-keygen -F [host] -l" to not display random art unless
     -v is also specified, making it consistent with the manual and other
     uses of -l.
     ok grunk@
2008-07-14 11:28:29 +10:00
Darren Tucker b68fb4ad21 - grunk@cvs.openbsd.org 2008/06/12 21:14:46
[ssh-keygen.c]
     make ssh-keygen -lf show the key type just as ssh-add -l would do it
     ok djm@ markus@
2008-06-13 08:57:27 +10:00
Darren Tucker 35c45535ea - grunk@cvs.openbsd.org 2008/06/11 22:20:46
[ssh-keygen.c ssh-keygen.1]
     ssh-keygen would write fingerprints to STDOUT, and random art to STDERR,
     that is not how it was envisioned.
     Also correct manpage saying that -v is needed along with -l for it to work.
     spotted by naddy@
2008-06-13 04:43:15 +10:00
Darren Tucker a376a32e8e - grunk@cvs.openbsd.org 2008/06/11 21:38:25
[ssh-keygen.c]
     ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key.pub
     would not display you the random art as intended, spotted by canacar@
2008-06-13 04:42:14 +10:00
Darren Tucker 9c16ac9263 - grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
      sshconnect.c]
     Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
     graphical hash visualization schemes known as "random art", and by
     Dan Kaminsky's musings on the subject during a BlackOp talk at the
     23C3 in Berlin.
     Scientific publication (original paper):
     "Hash Visualization: a New Technique to improve Real-World Security",
     Perrig A. and Song D., 1999, International Workshop on Cryptographic
     Techniques and E-Commerce (CrypTEC '99)
     http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
     The algorithm used here is a worm crawling over a discrete plane,
     leaving a trace (augmenting the field) everywhere it goes.
     Movement is taken from dgst_raw 2bit-wise.  Bumping into walls
     makes the respective movement vector be ignored for this turn,
     thus switching to the other color of the chessboard.
     Graphs are not unambiguous for now, because circles in graphs can be
     walked in either direction.
     discussions with several people,
     help, corrections and ok markus@ djm@
2008-06-13 04:40:35 +10:00
Darren Tucker 0f7e910604 - djm@cvs.openbsd.org 2008/05/19 15:46:31
[ssh-keygen.c]
     support -l (print fingerprint) in combination with -F (find host) to
     search for a host in ~/.ssh/known_hosts and display its fingerprint;
     ok markus@
2008-06-08 12:54:29 +10:00
Darren Tucker bfaaf960a0 - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
   header to after OpenSSL headers, since some versions of OpenSSL have
   SSLeay_add_all_algorithms as a macro already.
2008-02-28 19:13:52 +11:00
Damien Miller cb2fbb2407 - djm@cvs.openbsd.org 2008/01/19 22:37:19
[ssh-keygen.c]
     unbreak line numbering (broken in revision 1.164), fix error message
2008-02-10 22:24:55 +11:00
Damien Miller a8796f3fcc - djm@cvs.openbsd.org 2008/01/19 22:22:58
[ssh-keygen.c]
     when hashing individual hosts (ssh-keygen -Hf hostname), make sure we
     hash just the specified hostname and not the entire hostspec from the
     keyfile. It may be of the form "hostname,ipaddr", which would lead to
     a hash that never matches. report and fix from jp AT devnull.cz
2008-02-10 22:24:30 +11:00
Damien Miller 0f4ed693d6 - chl@cvs.openbsd.org 2007/10/02 17:49:58
[ssh-keygen.c]
     handles zero-sized strings that fgets can return
2007-10-26 14:26:32 +10:00
Damien Miller 14b017d6f2 - gilles@cvs.openbsd.org 2007/09/11 15:47:17
[session.c ssh-keygen.c sshlogin.c]
     use strcspn to properly overwrite '\n' in fgets returned buffer
     ok pyr@, ray@, millert@, moritz@, chl@
2007-09-17 16:09:15 +10:00
Damien Miller 5cbe7ca18d - sobrado@cvs.openbsd.org 2007/09/09 11:38:01
[ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
     sort synopsis and options in ssh-agent(1); usage is lowercase
     ok jmc@
2007-09-17 16:05:50 +10:00
Darren Tucker 82a3d2bc6f - stevesk@cvs.openbsd.org 2007/01/21 01:41:54
[auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
     spaces
2007-02-19 22:10:25 +11:00
Darren Tucker 26dc3e656a - jmc@cvs.openbsd.org 2007/01/12 20:20:41
[ssh-keygen.1 ssh-keygen.c]
     more secsh -> rfc 4716 updates;
     spotted by wiz@netbsd
     ok markus
2007-02-19 22:09:06 +11:00
Darren Tucker 9ac56e945b - (dtucker) [ssh-keygen.c] ac -> argv to match earlier sync. 2007-01-14 10:19:59 +11:00
Damien Miller 80163907ed - stevesk@cvs.openbsd.org 2007/01/03 03:01:40
[auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
     spaces
2007-01-05 16:30:16 +11:00
Damien Miller 6c7439f963 - stevesk@cvs.openbsd.org 2007/01/03 00:53:38
[ssh-keygen.c]
     remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan
2007-01-05 16:29:55 +11:00
Damien Miller df8b7db16e - (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2006/11/14 19:41:04
     [ssh-keygen.c]
     use argc and argv not some made up short form
2007-01-05 16:22:57 +11:00
Darren Tucker 0bc85579a9 - markus@cvs.openbsd.org 2006/11/06 21:25:28
[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
     ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
     add missing checks for openssl return codes; with & ok djm@
2006-11-07 23:14:41 +11:00
Damien Miller ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
Damien Miller e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
Damien Miller 8dbffe7904 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
     [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
     [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
     [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
     [uidswap.c xmalloc.c]
     move #include <sys/param.h> out of includes.h
2006-08-05 11:02:17 +10:00
Damien Miller b8fe89c4d9 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
   [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
   [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
   [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
   [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
   [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
   [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
   [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
   [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
   make the portable tree compile again - sprinkle unistd.h and string.h
   back in. Don't redefine __unused, as it turned out to be used in
   headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-07-24 14:51:00 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller e6b3b610ec - stevesk@cvs.openbsd.org 2006/07/17 01:31:10
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h
2006-07-24 14:01:23 +10:00
Damien Miller be43ebf975 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
     move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
Darren Tucker 3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
2006-07-12 22:22:46 +10:00
Darren Tucker 2ee50c5cce - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
openbsd-compat/daemon.c] Add includes needed by open(2).  Conditionally
   include paths.h.  Fixes build error on Solaris.
2006-07-11 18:55:05 +10:00
Damien Miller 57cf638577 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
     [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     [sshlogin.c sshpty.c]
     move #include <fcntl.h> out of includes.h
2006-07-10 21:13:46 +10:00
Damien Miller e3b60b524e - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
     [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
     move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:03 +10:00
Damien Miller 69996104fe - stevesk@cvs.openbsd.org 2006/07/06 16:22:39
[ssh-keygen.c]
     move #include "dns.h" up
2006-07-10 20:53:31 +10:00
Damien Miller 9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
Damien Miller 40b5985fe0 - markus@cvs.openbsd.org 2006/05/17 12:43:34
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
     fix leak; coverity via Kylene Jo Hall
2006-06-13 13:00:25 +10:00
Damien Miller e23209f434 - dtucker@cvs.openbsd.org 2006/03/30 11:05:17
[ssh-keygen.c]
     Correctly handle truncated files while converting keys; ok djm@
2006-03-31 23:13:35 +11:00
Damien Miller 5f340065fc - deraadt@cvs.openbsd.org 2006/03/25 18:40:14
[ssh-keygen.c]
     cast strtonum() result to right type
2006-03-26 14:27:57 +11:00
Damien Miller 57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller 9096740f6c - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
     [ssh-rsa.c ssh.c sshlogin.c]
     annoying spacing fixes getting in the way of real diffs
2006-03-26 14:07:26 +11:00
Damien Miller cb314828eb - OpenBSD CVS Sync
- jakob@cvs.openbsd.org 2006/03/15 08:46:44
     [ssh-keygen.c]
     if no key file are given when printing the DNS host record, use the
     host key file(s) as default. ok djm@
2006-03-26 13:48:01 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller 8056a9d46a - dtucker@cvs.openbsd.org 2006/03/13 08:43:16
[ssh-keygen.c]
     Make ssh-keygen handle CR and CRLF line termination when converting IETF
     format keys, in adition to vanilla LF.  mindrot #1157, tested by Chris
     Pepper, ok djm@
2006-03-15 12:05:40 +11:00
Damien Miller f17883e6a0 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
Darren Tucker 3af2ac56a2 - dtucker@cvs.openbsd.org 2005/11/29 02:04:55
[ssh-keygen.c]
     Populate default key sizes before checking them; from & ok tim@
2005-11-29 13:10:24 +11:00
Tim Rice 660c3405f9 - (tim) [ssh-keygen.c] Move DSA length test after setting default when
bits == 0.
2005-11-28 17:45:32 -08:00
Darren Tucker 9f647335d2 [ssh-keygen.1 ssh-keygen.c]
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
     increase minumum RSA key size to 768 bits and update man page to reflect
     these.  Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
     ok djm@, grudging ok deraadt@.
2005-11-28 16:41:46 +11:00
Damien Miller f14be5ce03 - djm@cvs.openbsd.org 2005/10/31 11:12:49
[ssh-keygen.1 ssh-keygen.c]
     generate a protocol 2 RSA key by default
2005-11-05 15:15:49 +11:00
Damien Miller 788f212aed - djm@cvs.openbsd.org 2005/10/30 08:52:18
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
     [ssh.c sshconnect.c sshconnect1.c sshd.c]
     no need to escape single quotes in comments, no binary change
2005-11-05 15:14:59 +11:00
Damien Miller 15d72a00a3 - stevesk@cvs.openbsd.org 2005/10/14 02:17:59
[ssh-keygen.c ssh.c sshconnect2.c]
     no trailing "\n" for log functions; ok djm@
2005-11-05 15:07:33 +11:00
Damien Miller 3f54a9f5b7 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2005/10/07 11:13:57
     [ssh-keygen.c]
     change DSA default back to 1024, as it's defined for 1024 bits only
     and this causes interop problems with other clients.  moreover,
     in order to improve the security of DSA you need to change more
     components of DSA key generation (e.g. the internal SHA1 hash);
     ok deraadt
2005-11-05 14:52:18 +11:00
Darren Tucker ce321d8a30 - djm@cvs.openbsd.org 2005/09/13 23:40:07
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
     ensure that stdio fds are attached; ok deraadt@
2005-10-03 18:11:24 +10:00
Damien Miller 0dc1bef12d - djm@cvs.openbsd.org 2005/07/17 07:17:55
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
     [sshconnect.c sshconnect2.c]
     knf says that a 2nd level indent is four (not three or five) spaces
2005-07-17 17:22:45 +10:00
Damien Miller ac7ef6a736 - djm@cvs.openbsd.org 2005/06/08 03:50:00
[ssh-keygen.1 ssh-keygen.c sshd.8]
     increase default rsa/dsa key length from 1024 to 2048 bits;
     ok markus@ deraadt@
2005-06-16 13:19:06 +10:00
Darren Tucker 2db8ae671e - dtucker@cvs.openbsd.org 2005/05/26 09:08:12
[ssh-keygen.c]
     uint32_t -> u_int32_t for consistency; ok djm@
2005-06-01 23:02:25 +10:00
Damien Miller 02e754f1f0 - avsm@cvs.openbsd.org 2005/05/24 02:05:09
[ssh-keygen.c]
     some style nits from dmiller@, and use a fatal() instead of a printf()/exit
2005-05-26 12:19:39 +10:00
Damien Miller b089fb5fe1 - avsm@cvs.openbsd.org 2005/05/23 22:44:01
[moduli.c ssh-keygen.c]
     - removes signed/unsigned comparisons in moduli generation
     - use strtonum instead of atoi where its easier
     - check some strlcpy overflow and fatal instead of truncate
2005-05-26 12:16:18 +10:00
Damien Miller 9278ffaf71 - (djm) OpenBSD CVS Sync
- otto@cvs.openbsd.org 2005/04/05 13:45:31
     [ssh-keygen.c]
2005-05-26 11:59:06 +10:00
Darren Tucker 9f438a9d63 - markus@cvs.openbsd.org 2005/03/11 14:59:06
[ssh-keygen.c]
     typo, missing \n; mpech
2005-03-14 23:09:18 +11:00
Darren Tucker 47eede77ed - deraadt@cvs.openbsd.org 2005/03/10 22:01:05
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
     monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
     readconf.c bufaux.c sftp.c]
     spacing
2005-03-14 23:08:12 +11:00
Damien Miller 89eac8010a - djm@cvs.openbsd.org 2005/03/02 01:27:41
[ssh-keygen.c]
     ignore hostnames with metachars when hashing; ok deraadt@
2005-03-02 12:33:04 +11:00
Damien Miller 4b42d7f195 - djm@cvs.openbsd.org 2005/03/01 10:42:49
[ssh-keygen.1 ssh-keygen.c ssh_config.5]
     add tools for managing known_hosts files with hashed hostnames, including
     hashing existing files and deleting hosts by name; ok markus@ deraadt@
2005-03-01 21:48:35 +11:00
Darren Tucker 7cfeecf670 - markus@cvs.openbsd.org 2004/12/23 17:38:07
[ssh-keygen.c]
     leak; from mpech
2005-01-20 10:56:31 +11:00
Darren Tucker fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
2004-07-17 16:12:08 +10:00
Darren Tucker ba6de952a0 - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
   openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c.  Reduces
   diff vs OpenBSD; ok mouring@, tested by tim@ too.
2004-07-17 14:07:42 +10:00
Darren Tucker 3f9fdc7121 - avsm@cvs.openbsd.org 2004/06/21 17:36:31
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
     cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
     monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
     ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
     sshpty.c]
     make ssh -Wshadow clean, no functional changes
     markus@ ok

There are also some portable-specific -Wshadow warnings to be fixed in
monitor.c and montior_wrap.c.
2004-06-22 12:56:01 +10:00
Darren Tucker 770fc01078 - djm@cvs.openbsd.org 2004/05/09 00:06:47
[moduli.c ssh-keygen.c] removed: moduli.h
     zap another tiny header; ok deraadt@
2004-05-13 16:24:32 +10:00
Darren Tucker e608ca2965 - djm@cvs.openbsd.org 2004/05/08 00:21:31
[clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c
     sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h
     kill a tiny header; ok deraadt@
2004-05-13 16:15:47 +10:00
Darren Tucker 06930c70ad - djm@cvs.openbsd.org 2003/12/22 09:16:58
[moduli.c ssh-keygen.1 ssh-keygen.c]
     tidy up moduli generation debugging, add -v (verbose/debug) option to
     ssh-keygen; ok markus@
2003-12-31 11:34:51 +11:00
Damien Miller a4b33dfb6d - djm@cvs.openbsd.org 2003/11/23 23:18:45
[ssh-keygen.c]
     consistency PATH_MAX -> MAXPATHLEN; ok markus@
     (RCS ID sync only)
   - djm@cvs.openbsd.org 2003/11/23 23:21:21
     [scp.c]
     from portable: rename clashing variable limit-> limit_rate; ok markus@
     (RCS ID sync only)
2003-11-24 13:09:27 +11:00
Damien Miller 787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Darren Tucker dda19d63ff - jakob@cvs.openbsd.org 2003/10/14 19:42:10
[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
     include SSHFP lookup code (not enabled by default). ok markus@
2003-10-15 16:00:47 +10:00
Darren Tucker c0815c927e - miod@cvs.openbsd.org 2003/09/18 13:02:21
[authfd.c bufaux.c dh.c mac.c ssh-keygen.c]
     A few signedness fixes for harmless situations; markus@ ok
2003-09-22 21:05:50 +10:00
Tim Rice 2e0e38e310 [ssh-keygen.c] s/PATH_MAX/MAXPATHLEN/ ok mouring@ 2003-09-08 16:11:33 -07:00
Damien Miller 59d3d5b8b4 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
-lbroken; ok dtucker
2003-08-22 09:34:41 +10:00
Darren Tucker f4220e6cef - markus@cvs.openbsd.org 2003/08/14 16:08:58
[ssh-keygen.c]
     exit after primetest, ok djm@
2003-08-21 16:44:07 +10:00
Darren Tucker 019cefeaad - djm@cvs.openbsd.org 2003/07/28 09:49:56
[ssh-keygen.1 ssh-keygen.c]
     Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen.
     Based on code from Phil Karn, William Allen Simpson and Niels Provos.
     ok markus@, thanks jmc@
2003-08-02 22:40:07 +10:00
Damien Miller ed12a26f0d - djm@cvs.openbsd.org 2003/05/15 03:10:52
[ssh-keygen.c]
     avoid warning; ok jakob@
2003-05-15 13:37:43 +10:00
Damien Miller 37876e913a - jakob@cvs.openbsd.org 2003/05/14 18:16:20
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
     [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
     add experimental support for verifying hos keys using DNS as described
     in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
     ok markus@ and henning@
2003-05-15 10:19:46 +10:00
Damien Miller db2747259c - markus@cvs.openbsd.org 2003/05/11 16:56:48
[authfile.c ssh-keygen.c]
     change key_load_public to try to read a public from:
     rsa1 private or rsa1 public and ssh2 keys.
     this makes ssh-keygen -e fail for ssh1 keys more gracefully
     for example; report from itojun (netbsd pr 20550).
2003-05-14 13:45:22 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Ben Lindstrom e7ee7fe602 - wcobb@cvs.openbsd.org 2002/11/26 00:45:03
[scp.c ssh-keygen.c]
     Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default.
     ok markus@
2002-12-23 02:11:02 +00:00
Kevin Steves 3a8819102c - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng(). 2002-07-20 19:05:40 +00:00
Ben Lindstrom 58d3b7224f - deraadt@cvs.openbsd.org 2002/06/23 09:39:55
[ssh-keygen.c]
     u_int stuff
2002-06-23 21:28:13 +00:00
Ben Lindstrom cb72e4f6d2 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
      authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
      ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
      ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
      xmalloc.h]
     KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
Ben Lindstrom 05efee1092 - (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c,
sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand
   independant of them)
2002-06-09 20:20:58 +00:00
Ben Lindstrom 5a6abdae0f unexpand 2002-06-09 19:41:48 +00:00
Ben Lindstrom 155b981494 - markus@cvs.openbsd.org 2002/03/27 22:21:45
[ssh-keygen.c]
     try to import keys with extra trailing === (seen with ssh.com < 2.0.12)
2002-04-02 20:26:26 +00:00
Ben Lindstrom 0936a5bb72 - markus@cvs.openbsd.org 2002/03/25 17:34:27
[scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
     change sc_get_key to sc_get_keys and hide smartcard details in scard.c
2002-03-26 03:17:42 +00:00
Ben Lindstrom 266ec63eb3 - rees@cvs.openbsd.org 2002/03/21 21:54:34
[scard.c scard.h ssh-keygen.c]
     Add PIN-protection for secret key.
2002-03-22 03:47:38 +00:00
Ben Lindstrom 70e3ad8231 - markus@cvs.openbsd.org 2002/03/21 16:57:15
[scard.c]
     remove const
2002-03-22 03:33:43 +00:00
Damien Miller 4a10d2e90b - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 2002-03-11 22:53:29 +11:00
Ben Lindstrom c58ab02e45 - markus@cvs.openbsd.org 2002/02/25 16:33:27
[ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
     more u_* fixes
2002-02-26 18:15:09 +00:00
Ben Lindstrom 90fd814f90 - markus@cvs.openbsd.org 2002/02/24 19:14:59
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
      ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
     signed vs. unsigned: make size arguments u_int, ok stevesk@
2002-02-26 18:09:42 +00:00
Damien Miller 993dd55094 - stevesk@cvs.openbsd.org 2002/02/16 20:40:08
[ssh-keygen.c]
     default to rsa keyfile path for non key generation operations where
     keyfile not specified.  fixes core dump in those cases.  ok markus@
2002-02-19 15:22:47 +11:00
Damien Miller 8eb7141758 - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ 2002-01-30 09:37:06 +11:00
Damien Miller 4a8ed54361 - stevesk@cvs.openbsd.org 2002/01/18 18:14:17
[authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c]
     unneeded cast cleanup; ok markus@
2002-01-22 23:33:31 +11:00
Damien Miller a1db12bac4 - markus@cvs.openbsd.org 2002/01/09 13:49:27
[ssh-keygen.c]
     append \n only for public keys
2002-01-22 23:20:15 +11:00
Damien Miller 708d21c802 - stevesk@cvs.openbsd.org 2001/12/29 21:56:01
[authfile.c channels.c compress.c packet.c sftp-server.c ssh-agent.c ssh-keygen.c]
     remove unneeded casts and some char->u_char cleanup; ok markus@
2002-01-22 23:18:15 +11:00
Damien Miller 154dda73a8 - markus@cvs.openbsd.org 2001/12/27 18:10:29
[ssh-keygen.c]
     -t is only needed for key generation (unbreaks -i, -e, etc).
2002-01-22 23:08:16 +11:00
Damien Miller a41c8b15bd - djm@cvs.openbsd.org 2001/12/21 08:52:22
[ssh-keygen.1 ssh-keygen.c]
     Remove default (rsa1) key type; ok markus@
2002-01-22 23:05:08 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom 1c37c6a518 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
     minor KNF
2001-12-06 18:00:18 +00:00
Ben Lindstrom 65366a8c76 - stevesk@cvs.openbsd.org 2001/11/17 19:14:34
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
     enum/int type cleanup where it made sense to do so; ok markus@
2001-12-06 16:32:47 +00:00
Damien Miller eb5fec6494 - markus@cvs.openbsd.org 2001/10/25 21:14:32
[ssh-keygen.1 ssh-keygen.c]
     better docu for fingerprinting, ok deraadt@
2001-11-12 10:52:44 +11:00
Ben Lindstrom 1af4d3bb70 - djm@cvs.openbsd.org 2001/09/28 12:07:09
[ssh-keygen.c]
     bzero private key after loading to smartcard; ok markus@
2001-10-03 17:18:37 +00:00
Ben Lindstrom 99a30f11c2 - markus@cvs.openbsd.org 2001/09/17 20:50:22
[key.c ssh-keygen.c]
     better error handling if you try to export a bad key to ssh.com
2001-09-18 05:49:14 +00:00
Ben Lindstrom 9e0ddd4379 - stevesk@cvs.openbsd.org 2001/09/17 19:27:15
[kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-keygen.c ssh-rsa.c]
     u_char*/char* cleanup; ok markus
2001-09-18 05:41:19 +00:00
Ben Lindstrom bcc1808bf2 - jakob@cvs.openbsd.org 2001/08/02 16:14:05
[scard.c ssh-agent.c ssh.c ssh-keygen.c]
     clean up some /* SMARTCARD */. ok markus@
2001-08-06 21:59:25 +00:00
Ben Lindstrom ffce147638 - jakob@cvs.openbsd.org 2001/08/02 15:43:57
[ssh-agent.c ssh.c ssh-keygen.c]
     add /* SMARTCARD */ to #else/#endif. ok markus@
2001-08-06 21:57:31 +00:00
Ben Lindstrom 97be31e6ff - jakob@cvs.openbsd.org 2001/08/02 15:06:52
[ssh-keygen.c]
     more verbose usage(). ok markus@
2001-08-06 21:49:06 +00:00
Ben Lindstrom f19578c447 - jakob@cvs.openbsd.org 2001/08/02 08:58:35
[ssh-keygen.c]
     change -u (upload smartcard key) to -U. ok markus@
2001-08-06 21:46:54 +00:00
Ben Lindstrom 8282d6a82f - markus@cvs.openbsd.org 2001/08/02 00:10:17
[ssh-keygen.c]
     add -D readerid option (download, i.e. print public RSA key to stdout).
     check for card present when uploading keys.
     use strings instead of ints for smartcard reader ids, too.
2001-08-06 21:44:05 +00:00
Ben Lindstrom 6818bfbf30 - markus@cvs.openbsd.org 2001/08/01 23:33:09
[ssh-keygen.c]
     allow uploading RSA keys for non-default AUT0 (sha1 over passphrase
     like sectok).
2001-08-06 21:40:04 +00:00
Ben Lindstrom 60df8e4f7d - rees@cvs.openbsd.org 2001/07/26 20:04:27
[scard.c ssh-keygen.c]
     Inquire Cyberflex class for 0xf0 cards
     change aid to conform to 7816-5
     remove gratuitous fid selects
2001-08-06 21:10:52 +00:00
Ben Lindstrom 0047764526 - markus@cvs.openbsd.org 2001/07/02 22:40:18
[ssh-keygen.c]
     update for sectok.h interface changes.
2001-07-04 05:24:27 +00:00
Ben Lindstrom d6e049cd59 - markus@cvs.openbsd.org 2001/06/29 07:11:01
[ssh-keygen.c]
     initialize early
2001-07-04 05:08:39 +00:00
Ben Lindstrom 7feba35a47 - markus@cvs.openbsd.org 2001/06/29 07:06:34
[ssh-keygen.c]
     new error handling for cyberflex_*
2001-07-04 05:06:59 +00:00
Ben Lindstrom 511d69e6d7 - stevesk@cvs.openbsd.org 2001/06/28 19:57:35
[ssh-keygen.c]
     '\0' terminated data[] is ok; ok markus@
2001-07-04 05:05:27 +00:00
Ben Lindstrom f7297dd79d - markus@cvs.openbsd.org 2001/06/27 05:42:25
[rsa.c rsa.h ssh-agent.c ssh-keygen.c]
     s/generate_additional_parameters/rsa_generate_additional_parameters/
     http://www.humppa.com/
2001-07-04 05:02:23 +00:00
Ben Lindstrom 680b276aad - markus@cvs.openbsd.org 2001/06/27 05:35:42
[ssh-keygen.c]
     use cyberflex_inq_class to inquire class.
2001-07-04 05:00:11 +00:00
Ben Lindstrom cd392284ac - markus@cvs.openbsd.org 2001/06/26 02:47:07
[ssh-keygen.c]
     allow loading a private RSA key to a cyberflex card.
2001-07-04 03:44:03 +00:00
Ben Lindstrom 949974bbdb - markus@cvs.openbsd.org 2001/06/24 05:35:33
[readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
     switch to readpassphrase(3)
     2.7/8-stable needs readpassphrase.[ch] from libc
2001-06-25 05:20:31 +00:00
Ben Lindstrom e586c4ce3f - markus@cvs.openbsd.org 2001/06/23 17:05:22
[ssh-keygen.c]
     fix import for (broken?) ssh.com/f-secure private keys
     (i tested > 1000 RSA keys)
2001-06-25 05:04:58 +00:00
Ben Lindstrom bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
2001-06-25 05:01:22 +00:00
Ben Lindstrom 34f91883a6 - markus@cvs.openbsd.org 2001/06/23 06:41:10
[ssh-keygen.c]
     try to decode ssh-3.0.0 private rsa keys
     (allow migration to openssh, not vice versa), #910
2001-06-25 04:47:54 +00:00
Ben Lindstrom d78ae766de - markus@cvs.openbsd.org 2001/05/25 14:37:32
[ssh-keygen.c]
     use -P for -e and -y, too.
2001-06-05 20:35:09 +00:00
Ben Lindstrom 3035860f24 - markus@cvs.openbsd.org 2001/04/23 22:14:13
[ssh-keygen.c]
     remove debug
2001-04-24 16:59:28 +00:00
Ben Lindstrom 46c264f2ae - markus@cvs.openbsd.org 2001/04/23 21:57:07
[ssh-keygen.1 ssh-keygen.c]
     allow public key for -e, too
2001-04-24 16:56:58 +00:00
Ben Lindstrom 2857d9cf77 - markus@cvs.openbsd.org 2001/04/22 13:41:02
[ssh-keygen.1 ssh-keygen.c]
     style, noted by stevesk; sort flags in usage
2001-04-22 17:19:46 +00:00
Ben Lindstrom 5a70782576 - markus@cvs.openbsd.org 2001/04/22 13:25:37
[ssh-keygen.1 ssh-keygen.c]
     rename arguments -x -> -e (export key), -X -> -i (import key)
     xref draft-ietf-secsh-publickeyfile-01.txt
2001-04-22 17:15:46 +00:00
Ben Lindstrom 15f33866a6 - markus@cvs.openbsd.org 2001/04/15 16:58:03
[authfile.c ssh-keygen.c sshd.c]
     don't use errno for key_{load,save}_private; discussion w/ solar@openwall
2001-04-16 02:00:02 +00:00
Ben Lindstrom a3700050ec - markus@cvs.openbsd.org 2001/04/05 10:42:57
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
      mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
      sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
      sshconnect2.c sshd.c]
     fix whitespace: unexpand + trailing spaces.
2001-04-05 23:26:32 +00:00
Ben Lindstrom 86ebcb6cf5 - stevesk@cvs.openbsd.org 2001/04/03 13:56:11
[sftp-glob.c ssh-agent.c ssh-keygen.c]
     free() -> xfree()
2001-04-04 01:53:20 +00:00
Ben Lindstrom d09fcf5f6e - markus@cvs.openbsd.org 2001/03/26 23:23:24
[rsa.c rsa.h ssh-agent.c ssh-keygen.c]
     try to read private f-secure ssh v2 rsa keys.
2001-03-29 00:29:54 +00:00
Ben Lindstrom d0fca423fc - markus@cvs.openbsd.org 2001/03/26 08:07:09
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
      sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
     simpler key load/save interface, see authfile.h
2001-03-26 13:44:06 +00:00
Ben Lindstrom f1107f5ede - jakob@cvs.openbsd.org 2001/03/21 14:20:45
[ssh-keygen.c]
     add -B flag to usage
2001-03-22 02:05:32 +00:00
Damien Miller 60bc517356 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
do it implicitly.
2001-03-19 09:38:15 +11:00
Ben Lindstrom cfccef96a3 - OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/12 22:02:02
     [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
     remove old key_fingerprint interface, s/_ex//
2001-03-13 04:57:58 +00:00
Ben Lindstrom 8fd372b194 - markus@cvs.openbsd.org 2001/03/11 22:33:24
[ssh-keygen.1 ssh-keygen.c]
     remove -v again. use -B instead for bubblebabble. make -B consistent
     with -l and make -B work with /path/to/known_hosts. ok deraadt@
2001-03-12 03:02:17 +00:00
Ben Lindstrom ca0bf57f2f - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
[ssh-keygen.c]
     KNF, and SHA1 binary output is just creeping featurism
2001-03-11 20:08:29 +00:00
Ben Lindstrom a8a73e62ed - jakob@cvs.openbsd.org 2001/03/11 15:04:16
[ssh-keygen.1 ssh-keygen.c]
     print both md5, sha1 and bubblebabble fingerprints when using
     ssh-keygen -l -v. ok markus@.
2001-03-11 20:05:19 +00:00
Ben Lindstrom 5fc6270fe9 - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
[ssh-keygen.c]
     create *.pub files with umask 0644, so that you can mv them to
     authorized_keys
2001-03-09 18:19:24 +00:00
Ben Lindstrom 7ab5117367 - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
[ssh-keygen.1 ssh-keygen.c]
     bye bye -d
2001-03-05 05:13:38 +00:00
Ben Lindstrom b7c9232da1 - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
[ssh-keygen.1 ssh-keygen.c]
     document -d, and -t defaults to rsa1
2001-03-05 05:10:52 +00:00
Ben Lindstrom d8a9021f36 - markus@cvs.openbsd.org 2001/02/12 16:16:23
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
      ssh-keygen.c sshd.8]
     PermitRootLogin={yes,without-password,forced-commands-only,no}
     (before this change, root could login even if PermitRootLogin==no)
2001-02-15 03:08:27 +00:00
Kevin Steves 28a7f26d03 RCSID; whitespace 2001-02-05 15:43:59 +00:00
Kevin Steves ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
Ben Lindstrom 226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Ben Lindstrom bf555ba621 NOTE: This update changes the RSA key generation. *NEW RSA KEYS
NEED TO BE GENERATED*  =)  Refer to to entry "2001/01/16 19:20:06"
      for more details.

20010118
 - (bal) Super Sized OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
     [sshd.c]
     maxfd+1
   - markus@cvs.openbsd.org 2001/01/13 17:59:18
     [ssh-keygen.1]
     small ssh-keygen manpage cleanup; stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:03:07
     [scp.c ssh-keygen.c sshd.c]
     getopt() returns -1 not EOF; stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:06:54
     [ssh-keyscan.c]
     use SSH_DEFAULT_PORT; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:12:47
     [ssh-keyscan.c]
     free() -> xfree(); fix memory leak; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:14:13
     [ssh-add.c]
     typo, from stevesk@sweden.hp.com
   - markus@cvs.openbsd.org 2001/01/13 18:32:50
     [packet.c session.c ssh.c sshconnect.c sshd.c]
     split out keepalive from packet_interactive (from dale@accentre.com)
     set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
   - markus@cvs.openbsd.org 2001/01/13 18:36:45
     [packet.c packet.h]
     reorder, typo
   - markus@cvs.openbsd.org 2001/01/13 18:38:00
     [auth-options.c]
     fix comment
   - markus@cvs.openbsd.org 2001/01/13 18:43:31
     [session.c]
     Wall
   - markus@cvs.openbsd.org 2001/01/13 19:14:08
     [clientloop.h clientloop.c ssh.c]
     move callback to headerfile
   - markus@cvs.openbsd.org 2001/01/15 21:40:10
     [ssh.c]
     use log() instead of stderr
   - markus@cvs.openbsd.org 2001/01/15 21:43:51
     [dh.c]
     use error() not stderr!
   - markus@cvs.openbsd.org 2001/01/15 21:45:29
     [sftp-server.c]
     rename must fail if newpath exists, debug off by default
   - markus@cvs.openbsd.org 2001/01/15 21:46:38
     [sftp-server.c]
     readable long listing for sftp-server, ok deraadt@
   - markus@cvs.openbsd.org 2001/01/16 19:20:06
     [key.c ssh-rsa.c]
     make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
     galb@vandyke.com.  note that you have to delete older ssh2-rsa keys,
     since they are in the wrong format, too. they must be removed from
     .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
     (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
     .ssh/authorized_keys2) additionally, we now check that
     BN_num_bits(rsa->n) >= 768.
   - markus@cvs.openbsd.org 2001/01/16 20:54:27
     [sftp-server.c]
     remove some statics. simpler handles; idea from nisse@lysator.liu.se
   - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
     [bufaux.c radix.c sshconnect.h sshconnect1.c]
     indent
 - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
   be missing such feature.
2001-01-18 02:04:35 +00:00
Ben Lindstrom 2941f119e6 20001230
- (bal) OpenBSD CVS Update
   - markus@cvs.openbsd.org 2000/12/28 18:58:30
     [ssh-keygen.c]
     enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
 - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
2000-12-29 16:50:13 +00:00
Ben Lindstrom 3deda8b091 20001223
- (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
   if a change to config.h has occurred.  Suggested by Gert Doering
   <gert@greenie.muc.de>
 - (bal) OpenBSD CVS Update:
   - markus@cvs.openbsd.org 2000/12/22 16:49:40
     [ssh-keygen.c]
     fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
2000-12-22 20:27:43 +00:00
Ben Lindstrom 46c162204b One way to massive patch. <sigh> It compiles and works under Linux..
And I think I have all the bits right from the OpenBSD tree.
20001222
 - Updated RCSID for pty.c
 - (bal) OpenBSD CVS Updates:
  - markus@cvs.openbsd.org 2000/12/21 15:10:16
    [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
    print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
  - markus@cvs.openbsd.org 2000/12/20 19:26:56
    [authfile.c]
    allow ssh -i userkey for root
  - markus@cvs.openbsd.org 2000/12/20 19:37:21
    [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
    fix prototypes; from stevesk@pobox.com
  - markus@cvs.openbsd.org 2000/12/20 19:32:08
    [sshd.c]
    init pointer to NULL; report from Jan.Ivan@cern.ch
  - markus@cvs.openbsd.org 2000/12/19 23:17:54
    [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
     auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
     bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
     crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
     key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
     packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
     serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
     ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h  uuencode.c
     uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
    replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
    unsigned' with u_char.
2000-12-22 01:43:59 +00:00
Damien Miller e39cacc579 - (djm) OpenBSD CVS updates:
- provos@cvs.openbsd.org  2000/11/22 08:38:31
     [sshd.8]
     talk about /etc/primes, okay markus@
   - markus@cvs.openbsd.org  2000/11/23 14:03:48
     [ssh.c sshconnect1.c sshconnect2.c]
     complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
     defaults
   - markus@cvs.openbsd.org  2000/11/25 09:42:53
     [sshconnect1.c]
     reorder check for illegal ciphers, bugreport from espie@
   - markus@cvs.openbsd.org  2000/11/25 10:19:34
     [ssh-keygen.c ssh.h]
     print keytype when generating a key.
     reasonable defaults for RSA1/RSA/DSA keys.
2000-11-29 12:18:44 +11:00
Ben Lindstrom 1492029371 20001123
- (bal) Merge OpenBSD changes:
   - markus@cvs.openbsd.org  2000/11/15 22:31:36
     [auth-options.c]
     case insensitive key options; from stevesk@sweeden.hp.com
   - markus@cvs.openbsd.org  2000/11/16 17:55:43
     [dh.c]
     do not use perror() in sshd, after child is forked()
   - markus@cvs.openbsd.org  2000/11/14 23:42:40
     [auth-rsa.c]
     parse option only if key matches; fix some confusing seen by the client
   - markus@cvs.openbsd.org  2000/11/14 23:44:19
     [session.c]
     check no_agent_forward_flag for ssh-2, too
   - markus@cvs.openbsd.org  2000/11/15
     [ssh-agent.1]
     reorder SYNOPSIS; typo, use .It
   - markus@cvs.openbsd.org  2000/11/14 23:48:55
     [ssh-agent.c]
     do not reorder keys if a key is removed
   - markus@cvs.openbsd.org  2000/11/15 19:58:08
     [ssh.c]
     just ignore non existing user keys
   - millert@cvs.openbsd.org  200/11/15 20:24:43
     [ssh-keygen.c]
     Add missing \n at end of error message.
2000-11-21 21:24:55 +00:00
Ben Lindstrom 49a79c0976 - (stevek) Reworked progname support.
- (bal) Misplaced #include "includes.h" in bsd-setproctitle.c.  Patch by
   Shinichi Maruyama <marya@st.jip.co.jp>

I assume the progname patch was finished.  I believe stevek is on vacation,
but it passes compiling under Linux and NeXTStep.
2000-11-17 03:47:20 +00:00
Damien Miller 0bc1bd814e - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/11/06 16:04:56
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c ssh.c]
     agent forwarding and -R for ssh2, based on work from
     jhuuskon@messi.uku.fi
   - markus@cvs.openbsd.org  2000/11/06 16:13:27
     [ssh.c sshconnect.c sshd.c]
     do not disabled rhosts(rsa) if server port > 1024; from
     pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/11/06 16:16:35
     [sshconnect.c]
     downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
   - markus@cvs.openbsd.org  2000/11/09 18:04:40
     [auth1.c]
     typo; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/11/12 12:03:28
     [ssh-agent.c]
     off-by-one when removing a key from the agent
   - markus@cvs.openbsd.org  2000/11/12 12:50:39
     [auth-rh-rsa.c auth2.c authfd.c authfd.h]
     [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
     [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
     [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
     [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
     add support for RSA to SSH2.  please test.
     there are now 3 types of keys: RSA1 is used by ssh-1 only,
     RSA and DSA are used by SSH2.
     you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
     keys for SSH2 and use the RSA keys for hostkeys or for user keys.
     SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
 - (djm) Change to interim version
2000-11-13 22:57:25 +11:00
Damien Miller 874d77bb13 - (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org  2000/09/30 10:27:44
     [log.c]
     allow loglevel debug
   - markus@cvs.openbsd.org  2000/10/03 11:59:57
     [packet.c]
     hmac->mac
   - markus@cvs.openbsd.org  2000/10/03 12:03:03
     [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
     move fake-auth from auth1.c to individual auth methods, disables s/key in
     debug-msg
   - markus@cvs.openbsd.org  2000/10/03 12:16:48
     ssh.c
     do not resolve canonname, i have no idea why this was added oin ossh
   - markus@cvs.openbsd.org  2000/10/09 15:30:44
     ssh-keygen.1 ssh-keygen.c
     -X now reads private ssh.com DSA keys, too.
   - markus@cvs.openbsd.org  2000/10/09 15:32:34
     auth-options.c
     clear options on every call.
   - markus@cvs.openbsd.org  2000/10/09 15:51:00
     authfd.c authfd.h
     interop with ssh-agent2, from <res@shore.net>
   - markus@cvs.openbsd.org  2000/10/10 14:20:45
     compat.c
     use rexexp for version string matching
   - provos@cvs.openbsd.org  2000/10/10 22:02:18
     [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
     First rough implementation of the diffie-hellman group exchange.  The
     client can ask the server for bigger groups to perform the diffie-hellman
     in, thus increasing the attack complexity when using ciphers with longer
     keys.  University of Windsor provided network, T the company.
   - markus@cvs.openbsd.org  2000/10/11 13:59:52
     [auth-rsa.c auth2.c]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:00:27
     [auth-options.h]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:03:27
     [scp.1 scp.c]
     support 'scp -o' with help from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/10/11 14:11:35
     [dh.c]
     Wall
   - markus@cvs.openbsd.org  2000/10/11 14:14:40
     [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
     [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
     add support for s/key (kbd-interactive) to ssh2, based on work by
     mkiernan@avantgo.com and me
   - markus@cvs.openbsd.org  2000/10/11 14:27:24
     [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
     [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
     [sshconnect2.c sshd.c]
     new cipher framework
   - markus@cvs.openbsd.org  2000/10/11 14:45:21
     [cipher.c]
     remove DES
   - markus@cvs.openbsd.org  2000/10/12 03:59:20
     [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
     enable DES in SSH-1 clients only
   - markus@cvs.openbsd.org  2000/10/12 08:21:13
     [kex.h packet.c]
     remove unused
   - markus@cvs.openbsd.org  2000/10/13 12:34:46
     [sshd.c]
     Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
   - markus@cvs.openbsd.org  2000/10/13 12:59:15
     [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
     rijndael/aes support
   - markus@cvs.openbsd.org  2000/10/13 13:10:54
     [sshd.8]
     more info about -V
   - markus@cvs.openbsd.org  2000/10/13 13:12:02
     [myproposal.h]
     prefer no compression
2000-10-14 16:23:11 +11:00
Damien Miller e4340be5b3 - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/09/05 02:59:57
     [session.c]
     print hostname (not hushlogin)
   - markus@cvs.openbsd.org  2000/09/05 13:18:48
     [authfile.c ssh-add.c]
     enable ssh-add -d for DSA keys
   - markus@cvs.openbsd.org  2000/09/05 13:20:49
     [sftp-server.c]
     cleanup
   - markus@cvs.openbsd.org  2000/09/06 03:46:41
     [authfile.h]
     prototype
   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
     [ALL]
     cleanup copyright notices on all files.  I have attempted to be
     accurate with the details.  everything is now under Tatu's licence
     (which I copied from his readme), and/or the core-sdi bsd-ish thing
     for deattack, or various openbsd developers under a 2-term bsd
     licence.  We're not changing any rules, just being accurate.
   - markus@cvs.openbsd.org  2000/09/07 14:40:30
     [channels.c channels.h clientloop.c serverloop.c ssh.c]
     cleanup window and packet sizes for ssh2 flow control; ok niels
   - markus@cvs.openbsd.org  2000/09/07 14:53:00
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/09/07 15:13:37
     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
     [pty.c readconf.c]
     some more Copyright fixes
   - markus@cvs.openbsd.org  2000/09/08 03:02:51
     [README.openssh2]
     bye bye
   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
     [LICENCE cipher.c]
     a few more comments about it being ARC4 not RC4
   - markus@cvs.openbsd.org  2000/09/12 14:53:11
     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
     multiple debug levels
   - markus@cvs.openbsd.org  2000/09/14 14:25:15
     [clientloop.c]
     typo
   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
     [ssh-agent.c]
     check return value for setenv(3) for failure, and deal appropriately
2000-09-16 13:29:08 +11:00
Damien Miller ad833b3e65 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
- (djm) OpenBSD CVS updates:
   - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
     [ssh.c]
     accept remsh as a valid name as well; roman@buildpoint.com
   - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
     [deattack.c crc32.c packet.c]
     rename crc32() to ssh_crc32() to avoid zlib name clash.  do not move to
     libz crc32 function yet, because it has ugly "long"'s in it;
     oneill@cs.sfu.ca
   - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
     [scp.1 scp.c]
     -S prog support; tv@debian.org
   - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
     [scp.c]
     knf
   - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
     [log-client.c]
     shorten
   - markus@cvs.openbsd.org  2000/08/19 12:48:11
     [channels.c channels.h clientloop.c ssh.c ssh.h]
     support for ~. in ssh2
   - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
     [crc32.h]
     proper prototype
   - markus@cvs.openbsd.org  2000/08/19 15:34:44
     [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
     [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
     [fingerprint.c fingerprint.h]
     add SSH2/DSA support to the agent and some other DSA related cleanups.
     (note that we cannot talk to ssh.com's ssh2 agents)
   - markus@cvs.openbsd.org  2000/08/19 15:55:52
     [channels.c channels.h clientloop.c]
     more ~ support for ssh2
   - markus@cvs.openbsd.org  2000/08/19 16:21:19
     [clientloop.c]
     oops
   - millert@cvs.openbsd.org 2000/08/20 12:25:53
     [session.c]
     We have to stash the result of get_remote_name_or_ip() before we
     close our socket or getpeername() will get EBADF and the process
     will exit.  Only a problem for "UseLogin yes".
   - millert@cvs.openbsd.org 2000/08/20 12:30:59
     [session.c]
     Only check /etc/nologin if "UseLogin no" since login(1) may have its
     own policy on determining who is allowed to login when /etc/nologin
     is present.  Also use the _PATH_NOLOGIN define.
   - millert@cvs.openbsd.org 2000/08/20 12:42:43
     [auth1.c auth2.c session.c ssh.c]
     Add calls to setusercontext() and login_get*().  We basically call
     setusercontext() in most places where previously we did a setlogin().
     Add default login.conf file and put root in the "daemon" login class.
   - millert@cvs.openbsd.org 2000/08/21 10:23:31
     [session.c]
     Fix incorrect PATH setting; noted by Markus.
2000-08-23 10:46:23 +10:00
Damien Miller be484b5d98 - (djm) OpenBSD CVS updates
- provos@cvs.openbsd.org  2000/07/13 16:53:22
     [aux.c readconf.c servconf.c ssh.h]
     allow multiple whitespace but only one '=' between tokens, bug report from
     Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
   - provos@cvs.openbsd.org  2000/07/13 17:14:09
     [clientloop.c]
     typo; todd@fries.net
   - provos@cvs.openbsd.org  2000/07/13 17:19:31
     [scp.c]
     close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
   - markus@cvs.openbsd.org  2000/07/14 16:59:46
     [readconf.c servconf.c]
     allow leading whitespace. ok niels
   - djm@cvs.openbsd.org     2000/07/14 22:01:38
     [ssh-keygen.c ssh.c]
     Always create ~/.ssh with mode 700; ok Markus
2000-07-15 14:14:16 +10:00
Damien Miller 3702396526 - (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org  2000/06/26 03:22:29
     [authfd.c]
     cleanup, less cut&paste
   - markus@cvs.openbsd.org  2000/06/26 15:59:19
     [servconf.c servconf.h session.c sshd.8 sshd.c]
     MaxStartups: limit number of unauthenticated connections, work by
     theo and me
   - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
     [session.c]
     use no_x11_forwarding_flag correctly; provos ok
   - provos@cvs.openbsd.org  2000/07/05 15:35:57
     [sshd.c]
     typo
   - aaron@cvs.openbsd.org   2000/07/05 22:06:58
     [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
     Insert more missing .El directives. Our troff really should identify
     these and spit out a warning.
   - todd@cvs.openbsd.org    2000/07/06 21:55:04
     [auth-rsa.c auth2.c ssh-keygen.c]
     clean code is good code
   - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
     [serverloop.c]
     sense of port forwarding flag test was backwards
   - provos@cvs.openbsd.org  2000/07/08 17:17:31
     [compat.c readconf.c]
     replace strtok with strsep; from David Young <dyoung@onthejob.net>
   - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
     [auth.h]
     KNF
   - ho@cvs.openbsd.org      2000/07/08 19:27:33
     [compat.c readconf.c]
     Better conditions for strsep() ending.
   - ho@cvs.openbsd.org      2000/07/10 10:27:05
     [readconf.c]
     Get the correct message on errors. (niels@ ok)
   - ho@cvs.openbsd.org      2000/07/10 10:30:25
     [cipher.c kex.c servconf.c]
     strtok() --> strsep(). (niels@ ok)
2000-07-11 17:31:38 +10:00
Damien Miller f9b625c36e - (djm) Fix pam sprintf fix
- (djm) Cleanup entropy collection code a little more. Split initialisation
   from seeding, perform intialisation immediatly at start, be careful with
   uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
2000-07-09 22:42:32 +10:00
Damien Miller 6536c7d3c9 - OpenBSD CVS Updates:
- markus@cvs.openbsd.org  2000/06/18 18:50:11
     [auth2.c compat.c compat.h sshconnect2.c]
     make userauth+pubkey interop with ssh.com-2.2.0
   - markus@cvs.openbsd.org  2000/06/18 20:56:17
     [dsa.c]
     mem leak + be more paranoid in dsa_verify.
   - markus@cvs.openbsd.org  2000/06/18 21:29:50
     [key.c]
     cleanup fingerprinting, less hardcoded sizes
   - markus@cvs.openbsd.org  2000/06/19 19:39:45
     [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
     [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
     [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
     [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
     [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
     [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
     [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
     OpenBSD tag
   - markus@cvs.openbsd.org  2000/06/21 10:46:10
     sshconnect2.c missing free; nuke old comment
2000-06-22 21:32:31 +10:00
Damien Miller d3a185709d - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
<tibbs@math.uh.edu>
 - (djm) OpenBSD CVS updates:
  - todd@cvs.openbsd.org
    [sshconnect2.c]
    teach protocol v2 to count login failures properly and also enable an
    explanation of why the password prompt comes up again like v1; this is NOT
    crypto
  - markus@cvs.openbsd.org
    [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
    xauth_location support; pr 1234
    [readconf.c sshconnect2.c]
    typo, unused
    [session.c]
    allow use_login only for login sessions, otherwise remote commands are
    execed with uid==0
    [sshd.8]
    document UseLogin better
    [version.h]
    OpenSSH 2.1.1
    [auth-rsa.c]
    fix match_hostname() logic for auth-rsa: deny access if we have a
    negative match or no match at all
    [channels.c hostfile.c match.c]
    don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
    kris@FreeBSD.org
2000-06-07 19:55:44 +10:00
Damien Miller 30c3d42930 - OpenBSD CVS update
- markus@cvs.openbsd.org
    [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
    [ssh.h sshconnect1.c sshconnect2.c sshd.8]
    - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
  - hugh@cvs.openbsd.org
    [ssh.1]
    - zap typo
    [ssh-keygen.1]
    - One last nit fix. (markus approved)
    [sshd.8]
    - some markus certified spelling adjustments
  - markus@cvs.openbsd.org
    [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
    [sshconnect2.c ]
    - bug compat w/ ssh-2.0.13 x11, split out bugs
    [nchan.c]
    - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
    [ssh-keygen.c]
    - handle escapes in real and original key format, ok millert@
    [version.h]
    - OpenSSH-2.1
2000-05-09 11:02:59 +10:00
Damien Miller e247cc402b - Remove references to SSLeay.
- Big OpenBSD CVS update
  - markus@cvs.openbsd.org
    [clientloop.c]
    - typo
    [session.c]
    - update proctitle on pty alloc/dealloc, e.g. w/ windows client
    [session.c]
    - update proctitle for proto 1, too
    [channels.h nchan.c serverloop.c session.c sshd.c]
    - use c-style comments
  - deraadt@cvs.openbsd.org
    [scp.c]
    - more atomicio
  - markus@cvs.openbsd.org
    [channels.c]
    - set O_NONBLOCK
    [ssh.1]
    - update AUTHOR
    [readconf.c ssh-keygen.c ssh.h]
    - default DSA key file ~/.ssh/id_dsa
    [clientloop.c]
    - typo, rm verbose debug
  - deraadt@cvs.openbsd.org
    [ssh-keygen.1]
    - document DSA use of ssh-keygen
    [sshd.8]
    - a start at describing what i understand of the DSA side
    [ssh-keygen.1]
    - document -X and -x
    [ssh-keygen.c]
    - simplify usage
  - markus@cvs.openbsd.org
    [sshd.8]
    - there is no rhosts_dsa
    [ssh-keygen.1]
    - document -y, update -X,-x
    [nchan.c]
    - fix close for non-open ssh1 channels
    [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
    - s/DsaKey/HostDSAKey/, document option
    [sshconnect2.c]
    - respect number_of_password_prompts
    [channels.c channels.h servconf.c servconf.h session.c sshd.8]
    - GatewayPorts for sshd, ok deraadt@
    [ssh-add.1 ssh-agent.1 ssh.1]
    - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
    [ssh.1]
    - more info on proto 2
    [sshd.8]
    - sync AUTHOR w/ ssh.1
    [key.c key.h sshconnect.c]
    - print key type when talking about host keys
    [packet.c]
    - clear padding in ssh2
    [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
    - replace broken uuencode w/ libc b64_ntop
    [auth2.c]
    - log failure before sending the reply
    [key.c radix.c uuencode.c]
    - remote trailing comments before calling __b64_pton
    [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
    [sshconnect2.c sshd.8]
    - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 12:03:14 +10:00
Damien Miller 35dabd0398 [scp.c]
- fix very rare EAGAIN/EINTR issues; based on work by djm
   [packet.c]
   - less debug, rm unused
   [auth2.c]
   - disable kerb,s/key in ssh2
   [sshd.8]
   - Minor tweaks and typo fixes.
   [ssh-keygen.c]
   - Put -d into usage and reorder. markus ok.
2000-05-01 21:10:33 +10:00
Damien Miller 70fb671d21 - Fixed __progname symbol collisions reported by Andre Lucas
<andre.lucas@dial.pipex.com>
2000-05-01 20:59:50 +10:00
Damien Miller eba71bab9b - Merge big update to OpenSSH-2.0 from OpenBSD CVS
[README.openssh2]
   - interop w/ F-secure windows client
   - sync documentation
   - ssh_host_dsa_key not ssh_dsa_key
   [auth-rsa.c]
   - missing fclose
   [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
   [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
   [sshd.c uuencode.c uuencode.h authfile.h]
   - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
     for trading keys with the real and the original SSH, directly from the
     people who invented the SSH protocol.
   [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
   [sshconnect1.c sshconnect2.c]
   - split auth/sshconnect in one file per protocol version
   [sshconnect2.c]
   - remove debug
   [uuencode.c]
   - add trailing =
   [version.h]
   - OpenSSH-2.0
   [ssh-keygen.1 ssh-keygen.c]
   - add -R flag: exit code indicates if RSA is alive
   [sshd.c]
   - remove unused
     silent if -Q is specified
   [ssh.h]
   - host key becomes /etc/ssh_host_dsa_key
   [readconf.c servconf.c ]
   - ssh/sshd default to proto 1 and 2
   [uuencode.c]
   - remove debug
   [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
   - xfree DSA blobs
   [auth2.c serverloop.c session.c]
   - cleanup logging for sshd/2, respect PasswordAuth no
   [sshconnect2.c]
   - less debug, respect .ssh/config
   [README.openssh2 channels.c channels.h]
   - clientloop.c session.c ssh.c
   - support for x11-fwding, client+server
2000-04-29 23:57:08 +10:00
Damien Miller 4af51306d9 - OpenBSD CVS updates.
[ssh.1 ssh.c]
   - ssh -2
   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
   [session.c sshconnect.c]
   - check payload for (illegal) extra data
   [ALL]
   - whitespace cleanup
2000-04-16 11:18:38 +10:00
Damien Miller 7684ee17ee - OpenBSD CVS updates:
- [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
     [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
     [sshd.c]
     pedantic: signed vs. unsigned, void*-arithm, etc
   - [ssh.1 sshd.8]
     Various cleanups and standardizations.
2000-03-17 23:40:15 +11:00
Damien Miller 98c7ad60ec - OpenBSD CVS updates to v1.2.3
[ssh.h atomicio.c]
	 - int atomicio -> ssize_t (for alpha). ok deraadt@
	[auth-rsa.c]
	 - delay MD5 computation until client sends response, free() early, cleanup.
	[cipher.c]
	 - void* -> unsigned char*, ok niels@
	[hostfile.c]
	 - remove unused variable 'len'. fix comments.
	 - remove unused variable
	[log-client.c log-server.c]
	 - rename a cpp symbol, to avoid param.h collision
	[packet.c]
	 - missing xfree()
	 - getsockname() requires initialized tolen; andy@guildsoftware.com
	 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
	from Holger.Trapp@Informatik.TU-Chemnitz.DE
	[pty.c pty.h]
	 - register cleanup for pty earlier. move code for pty-owner handling to
   	pty.c ok provos@, dugsong@
	[readconf.c]
	 - turn off x11-fwd for the client, too.
	[rsa.c]
	 - PKCS#1 padding
	[scp.c]
	 - allow '.' in usernames; from jedgar@fxp.org
	[servconf.c]
	 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
	 - sync with sshd_config
	[ssh-keygen.c]
	 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
	[ssh.1]
	 - Change invalid 'CHAT' loglevel to 'VERBOSE'
	[ssh.c]
	 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
	 - turn off x11-fwd for the client, too.
	[sshconnect.c]
	 - missing xfree()
	 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
	 - read error vs. "Connection closed by remote host"
	[sshd.8]
	 - ie. -> i.e.,
	 - do not link to a commercial page..
	 - sync with sshd_config
	[sshd.c]
	 - no need for poll.h; from bright@wintelcom.net
	 - log with level log() not fatal() if peer behaves badly.
	 - don't panic if client behaves strange. ok deraadt@
	 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
	 - delay close() of pty until the pty has been chowned back to root
	 - oops, fix comment, too.
	 - missing xfree()
	 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
   	(http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
	 - register cleanup for pty earlier. move code for pty-owner handling to
      pty.c ok provos@, dugsong@
	 - create x11 cookie file
	 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
	 - version 1.2.3
 - Cleaned up
2000-03-09 21:27:49 +11:00
Damien Miller 5428f646ad - More reformatting merged from OpenBSD CVS
- Merged OpenBSD CVS changes:
   - [channels.c]
     report from mrwizard@psu.edu via djm@ibs.com.au
   - [channels.c]
     set SO_REUSEADDR and SO_LINGER for forwarded ports.
     chip@valinux.com via damien@ibs.com.au
   - [nchan.c]
     it's not an error() if shutdown_write failes in nchan.
   - [readconf.c]
     remove dead #ifdef-0-code
   - [readconf.c servconf.c]
     strcasecmp instead of tolower
   - [scp.c]
     progress meter overflow fix from damien@ibs.com.au
   - [ssh-add.1 ssh-add.c]
     SSH_ASKPASS support
   - [ssh.1 ssh.c]
     postpone fork_after_authentication until command execution,
     request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
     plus: use daemon() for backgrounding
1999-11-25 11:54:57 +11:00
Damien Miller 95def09838 - Merged very large OpenBSD source code reformat
- OpenBSD CVS updates
   - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
     [ssh.h sshd.8 sshd.c]
     syslog changes:
     * Unified Logmessage for all auth-types, for success and for failed
     * Standard connections get only ONE line in the LOG when level==LOG:
       Auth-attempts are logged only, if authentication is:
          a) successfull or
          b) with passwd or
          c) we had more than AUTH_FAIL_LOG failues
     * many log() became verbose()
     * old behaviour with level=VERBOSE
   - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
     tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
     messages. allows use of s/key in windows (ttssh, securecrt) and
     ssh-1.2.27 clients without 'ssh -v', ok: niels@
   - [sshd.8]
     -V, for fallback to openssh in SSH2 compatibility mode
   - [sshd.c]
     fix sigchld race; cjc5@po.cwru.edu
1999-11-25 00:26:21 +11:00
Damien Miller 83df069333 - OpenBSD CVS Changes
- [ssh-keygen.c]
     don't create ~/.ssh only if the user wants to store the private
     key there. show fingerprint instead of public-key after
     keygeneration. ok niels@
1999-11-22 13:22:29 +11:00
Damien Miller 431f66b68c - [OVERVIEW README] typos; green@freebsd
- [ssh-keygen.c]
      replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
      exit if writing the key fails (no infinit loop)
      print usage() everytime we get bad options
    - [ssh-keygen.c] overflow, djm@mindrot.org
    - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-21 18:31:57 +11:00
Damien Miller f58db38f8d Fix segfault 1999-11-20 17:02:56 +11:00
Damien Miller 10f6f6ba9e - Merged OpenBSD CVS changes
- [ChangeLog.Ylonen] noone needs this anymore
   - [authfd.c] close-on-exec for auth-socket, ok deraadt
   - [hostfile.c]
     in known_hosts key lookup the entry for the bits does not need
     to match, all the information is contained in n and e. This
     solves the problem with buggy servers announcing the wrong
     modulus length.  markus and me.
   - [serverloop.c]
     bugfix: check for space if child has terminated, from:
     iedowse@maths.tcd.ie
   - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
     [fingerprint.c fingerprint.h]
     rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
   - [ssh-agent.1] typo
   - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
   - [sshd.c]
     force logging to stderr while loading private key file
     (lost while converting to new log-levels)
1999-11-17 17:29:08 +11:00
Damien Miller 3f905872b0 - Merged more Solaris compability from Marc G. Fournier
<marc.fournier@acadiau.ca>
 - Wrote autoconf tests for __progname symbol
1999-11-15 17:10:57 +11:00
Damien Miller 6d7b2cd1a3 - Merged yet more changes from OpenBSD CVS
- [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
     [ssh.c ssh.h sshconnect.c sshd.c]
     make all access to options via 'extern Options options'
     and 'extern ServerOptions options' respectively;
     options are no longer passed as arguments:
      * make options handling more consistent
      * remove #include "readconf.h" from ssh.h
      * readconf.h is only included if necessary
   - [mpaux.c] clear temp buffer
   - [servconf.c] print _all_ bad options found in configfile
1999-11-12 15:19:27 +11:00
Damien Miller 356a0b004a Lots of changes:
- Removed lots of unnecessary checks from autoconf
 - Added support and autoconf test for openpty() function (Unix98 pty support)
 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
 - Added TODO file
 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
   - Added ssh-askpass program
   - Added ssh-askpass support to ssh-add.c
   - Create symlinks for slogin on install
   - Fix "distclean" target in makefile
   - Added example for ssh-agent to manpage
   - Added support for PAM_TEXT_INFO messages
   - Disable internal /etc/nologin support if PAM enabled
 - Merged latest OpenBSD CVS changes:
   - [sshd.c] don't send fail-msg but disconnect if too many authentication
     failures
   - [sshd.c] replace assert() with error, fatal or packet_disconnect
   - [sshd.c] remove unused argument. ok dugsong
   - [sshd.c] typo
   - [rsa.c] clear buffers used for encryption. ok: niels
   - [rsa.c] replace assert() with error, fatal or packet_disconnect
 - Fixed coredump after merge of OpenBSD rsa.c patch
1999-11-08 15:30:59 +11:00
Damien Miller d4a8b7e34d Initial revision 1999-10-27 13:42:43 +10:00