0e8eeec8e7
upstream commit
...
add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
2016-05-02 20:39:32 +10:00
ffb1e7e896
upstream commit
...
Add a function to enable security-related malloc_options.
With and ok deraadt@, something similar has been in the snaps for a while.
Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
2016-02-16 10:44:00 +11:00
e72a8575ff
upstream commit
...
-c before -H, in SYNOPSIS and usage();
Upstream-ID: 25e8c58a69e1f37fcd54ac2cd1699370acb5e404
2015-11-09 14:25:41 +11:00
3a424cdd21
upstream commit
...
Add "ssh-keyscan -c ..." flag to allow fetching
certificates instead of plain keys; ok markus@
Upstream-ID: 0947e2177dba92339eced9e49d3c5bf7dda69f82
2015-11-09 14:25:40 +11:00
9ada37d360
upstream commit
...
fix keyscan output for multiple hosts/addrs on one line
when host hashing or a non standard port is in use; bz#2479 ok dtucker@
Upstream-ID: 5321dabfaeceba343da3c8a8b5754c6f4a0a307b
2015-10-25 11:42:07 +11:00
2c2cfe1a1c
upstream commit
...
include port number if a non-default one has been
specified; based on patch from Michael Handler
2015-04-13 14:37:18 +10:00
c265e2e6e9
upstream commit
...
Do not use int for sig_atomic_t; spotted by
christos@netbsd; ok markus@
2015-04-13 14:37:17 +10:00
f2004cd1ad
Repair for non-ECC OpenSSL.
...
Ifdef out the ECC parts when building with an OpenSSL that doesn't have
it.
2015-02-23 05:04:21 +11:00
802660cb70
upstream commit
...
set a timeout to prevent hangs when talking to busted
servers; ok markus@
2015-01-30 22:47:00 +11:00
4509b5d4a4
upstream commit
...
avoid more fatal/exit in the packet.c paths that
ssh-keyscan uses; feedback and "looks good" markus@
2015-01-30 12:18:59 +11:00
fae7bbe544
upstream commit
...
avoid fatal() calls in packet code makes ssh-keyscan more
reliable against server failures ok dtucker@ markus@
2015-01-29 09:08:07 +11:00
ade31d7b6f
these need active_state defined to link on OSX
...
temporary measure until active_state goes away entirely
2015-01-27 23:06:23 +11:00
087266ec33
upstream commit
...
Reduce use of <sys/param.h> and transition to <limits.h>
throughout. ok djm markus
2015-01-26 23:58:53 +11:00
3f79765374
upstream commit
...
switch ssh-keyscan from setjmp to multiple ssh transport
layer instances ok djm@
2015-01-20 09:24:11 +11:00
57d10cbe86
upstream commit
...
adapt kex to sshbuf and struct ssh; ok djm@
2015-01-20 09:19:39 +11:00
48b68ce19c
upstream commit
...
explicitly include sys/param.h in files that use the
howmany() macro; from portable
2014-12-11 19:20:29 +11:00
1f0311c7c7
- markus@cvs.openbsd.org 2014/04/29 18:01:49
...
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
[kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
[roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
make compiling against OpenSSL optional (make OPENSSL=no);
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm
2014-05-15 14:24:09 +10:00
9235a030ad
Three commits in one (since they touch the same heavily-diverged file
...
repeatedly):
- markus@cvs.openbsd.org 2014/03/25 09:40:03
[myproposal.h]
trimm default proposals.
This commit removes the weaker pre-SHA2 hashes, the broken ciphers
(arcfour), and the broken modes (CBC) from the default configuration
(the patch only changes the default, all the modes are still available
for the config files).
ok djm@, reminded by tedu@ & naddy@ and discussed with many
- deraadt@cvs.openbsd.org 2014/03/26 17:16:26
[myproposal.h]
The current sharing of myproposal[] between both client and server code
makes the previous diff highly unpallatable. We want to go in that
direction for the server, but not for the client. Sigh.
Brought up by naddy.
- markus@cvs.openbsd.org 2014/03/27 23:01:27
[myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
disable weak proposals in sshd, but keep them in ssh; ok djm@
2014-04-20 13:17:20 +10:00
1c7ef4be83
- djm@cvs.openbsd.org 2014/03/12 04:44:58
...
[ssh-keyscan.c]
scan for Ed25519 keys by default too
2014-04-20 12:59:46 +10:00
5be9d9e3cb
- markus@cvs.openbsd.org 2013/12/06 13:39:49
...
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
[servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
[ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
[sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
[fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
support ed25519 keys (hostkeys and user identities) using the public
domain ed25519 reference code from SUPERCOP, see
http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@
2013-12-07 11:24:01 +11:00
1e1242604e
- markus@cvs.openbsd.org 2013/11/02 21:59:15
...
[kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
use curve25519 for default key exchange (curve25519-sha256@libssh.org );
initial patch from Aris Adamantiadis; ok djm@
2013-11-04 08:26:52 +11:00
a627d42e51
- djm@cvs.openbsd.org 2013/05/17 00:13:13
...
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
dns.c packet.c readpass.c authfd.c moduli.c]
bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
839f743464
- djm@cvs.openbsd.org 2012/04/11 13:34:17
...
[ssh-keyscan.1 ssh-keyscan.c]
now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
look for them by default; bz#1971
2012-04-22 11:24:21 +10:00
c5219e701e
- okan@cvs.openbsd.org 2011/03/15 10:36:02
...
[ssh-keyscan.c]
use timerclear macro
ok djm@
2011-05-05 14:05:12 +10:00
f22019bdbf
- (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
...
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
[ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
[regress/README.regress] Remove ssh-rand-helper and all its
tentacles. PRNGd seeding has been rolled into entropy.c directly.
Thanks to tim@ for testing on affected platforms.
2011-05-05 13:48:37 +10:00
8ad960b4ba
- otto@cvs.openbsd.org 2011/01/04 20:44:13
...
[ssh-keyscan.c]
handle ecdsa-sha2 with various key lengths; hint and ok djm@
2011-01-06 22:44:44 +11:00
eb8b60e320
- djm@cvs.openbsd.org 2010/08/31 11:54:45
...
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
[authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
[monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
[ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
[ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
[ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
[uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.
Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).
Certificate host and user keys using the new ECDSA key types are supported.
Note that this code has not been tested for interoperability and may be
subject to change.
feedback and ok markus@
2010-08-31 22:41:14 +10:00
0e76c5e502
- djm@cvs.openbsd.org 2010/06/22 04:54:30
...
[ssh-keyscan.c]
replace verbose and overflow-prone Linebuf code with read_keyfile_line()
based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
2010-06-26 09:39:59 +10:00
7bd98e7f74
- dtucker@cvs.openbsd.org 2010/01/09 23:04:13
...
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
Remove RoutingDomain from ssh since it's now not needed. It can be
replaced with "route exec" or "nc -V" as a proxycommand. "route exec"
also ensures that trafic such as DNS lookups stays withing the specified
routingdomain. For example (from reyk):
# route -T 2 exec /usr/sbin/sshd
or inherited from the parent process
$ route -T 2 exec sh
$ ssh 10.1.2.3
ok deraadt@ markus@ stevesk@ reyk@
2010-01-10 10:31:12 +11:00
8c65f646a9
- (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]
...
Remove hacks add for RoutingDomain in preparation for its removal.
2010-01-10 10:26:57 +11:00
1f5e3dc274
- (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Make
...
RoutingDomain an unsupported option on platforms that don't have it.
2010-01-08 19:53:52 +11:00
75456e8ab2
- stevesk@cvs.openbsd.org 2009/12/25 19:40:21
...
[readconf.c servconf.c misc.h ssh-keyscan.c misc.c]
validate routing domain is in range 0-RT_TABLEID_MAX.
'Looks right' deraadt@
2010-01-08 18:55:58 +11:00
34e314da1b
- reyk@cvs.openbsd.org 2009/10/28 16:38:18
...
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
ok markus@
2010-01-08 17:03:46 +11:00
3dc71ad865
- djm@cvs.openbsd.org 2009/01/22 10:02:34
...
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
[serverloop.c ssh-keyscan.c ssh.c sshd.c]
make a2port() return -1 when it encounters an invalid port number
rather than 0, which it will now treat as valid (needed for future work)
adjust current consumers of a2port() to check its return value is <= 0,
which in turn required some things to be converted from u_short => int
make use of int vs. u_short consistent in some other places too
feedback & ok markus@
2009-01-28 16:31:22 +11:00
c1719f7f0d
- sobrado@cvs.openbsd.org 2008/11/01 11:14:36
...
[ssh-keyscan.1 ssh-keyscan.c]
the ellipsis is not an optional argument; while here, improve spacing.
2008-11-03 19:27:07 +11:00
d8968adb5f
- (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]
...
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
[sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
some platforms (HP nonstop) it is a distinct errno;
bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
2008-07-04 23:10:49 +10:00
bacb7fbd7e
- djm@cvs.openbsd.org 2008/04/30 10:14:03
...
[ssh-keyscan.1 ssh-keyscan.c]
default to rsa (protocol 2) keys, instead of rsa1 keys; spotted by
larsnooden AT openoffice.org
2008-05-19 14:56:33 +10:00
4abde771b7
- dtucker@cvs.openbsd.org 2007/12/27 14:22:08
...
[servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
sshd.c]
Add a small helper function to consistently handle the EAI_SYSTEM error
code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417 .
ok markus@ stevesk@
2007-12-29 02:43:51 +11:00
952dce6593
- djm@cvs.openbsd.org 2006/10/06 02:29:19
...
[ssh-agent.c ssh-keyscan.c ssh.c]
sys/resource.h needs sys/time.h; prompted by brad@
(NB. Id sync only for portable)
2006-10-24 03:01:16 +10:00
46aa3e0ce1
- (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c
...
openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
for hton* and ntoh* macros. Required on (at least) HP-UX since we define
_XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com.
2006-09-02 15:32:40 +10:00
d783435315
- deraadt@cvs.openbsd.org 2006/08/03 03:34:42
...
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
[auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
[buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
[groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
[key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
[monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
[readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
[serverloop.c session.c session.h sftp-client.c sftp-common.c]
[sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
[ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
[uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
[loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step
NB. portable commit contains everything *except* removing includes.h, as
that will take a fair bit more work as we move headers that are required
for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
a7a73ee35d
- stevesk@cvs.openbsd.org 2006/08/01 23:22:48
...
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
[auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
[channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
[kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
[monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
[servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
[uuencode.h xmalloc.c]
move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
e7a1e5cf63
- stevesk@cvs.openbsd.org 2006/07/26 13:57:17
...
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
[hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
[scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
[sshconnect1.c sshd.c xmalloc.c]
move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
9aec91948d
- stevesk@cvs.openbsd.org 2006/07/25 02:59:21
...
[channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
move #include <sys/time.h> out of includes.h
2006-08-05 10:57:45 +10:00
b8fe89c4d9
- (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
...
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
[gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
[servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
[ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
[openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
[openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
[openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
[openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
[openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
make the portable tree compile again - sprinkle unistd.h and string.h
back in. Don't redefine __unused, as it turned out to be used in
headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-07-24 14:51:00 +10:00
e3476ed03b
- stevesk@cvs.openbsd.org 2006/07/22 20:48:23
...
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
[auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
[authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
[cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
[compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
[includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
[progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
e6b3b610ec
- stevesk@cvs.openbsd.org 2006/07/17 01:31:10
...
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
[includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
[readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
[sshconnect.c sshlogin.c sshpty.c uidswap.c]
move #include <unistd.h> out of includes.h
2006-07-24 14:01:23 +10:00
be43ebf975
- stevesk@cvs.openbsd.org 2006/07/12 22:28:52
...
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
deecec98c7
- (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too.
2006-07-12 22:44:34 +10:00
5d19626a04
- stevesk@cvs.openbsd.org 2006/07/10 16:37:36
...
[readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
auth.c packet.c log.c]
move #include <stdarg.h> out of includes.h; ok markus@
2006-07-12 22:15:16 +10:00
e3b60b524e
- stevesk@cvs.openbsd.org 2006/07/08 21:47:12
...
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
[monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
[ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:03 +10:00
57c30117c1
- djm@cvs.openbsd.org 2006/03/25 13:17:03
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
[buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
[cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
[deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
[kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
[readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
[sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c]
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
07d86bec5e
- djm@cvs.openbsd.org 2006/03/25 00:05:41
...
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
[clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
[monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
[ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
[xmalloc.c xmalloc.h]
introduce xcalloc() and xasprintf() failure-checked allocations
functions and use them throughout openssh
xcalloc is particularly important because malloc(nmemb * size) is a
dangerous idiom (subject to integer overflow) and it is time for it
to die
feedback and ok deraadt@
2006-03-26 14:19:21 +11:00
3bbaba6075
- deraadt@cvs.openbsd.org 2006/03/19 18:59:49
...
[ssh-keyscan.c]
please lint
2006-03-26 13:59:38 +11:00
b0fb6872ed
- deraadt@cvs.openbsd.org 2006/03/19 18:51:18
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die
2006-03-26 00:03:21 +11:00
a63128d1a8
- djm@cvs.openbsd.org 2006/03/07 09:07:40
...
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
Implement the diffie-hellman-group-exchange-sha256 key exchange method
using the SHA256 code in libc (and wrapper to make it into an OpenSSL
EVP), interop tested against CVS PuTTY
NB. no portability bits committed yet
2006-03-15 12:08:28 +11:00
cd4223c245
- stevesk@cvs.openbsd.org 2006/02/08 14:31:30
...
[includes.h ssh-agent.c ssh-keyscan.c ssh.c]
move #include <sys/resource.h> out of includes.h; ok markus@
2006-03-15 11:22:47 +11:00
2eb6340ddd
- stevesk@cvs.openbsd.org 2006/02/07 01:18:09
...
[includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c]
move #include <sys/queue.h> out of includes.h; ok markus@
2006-03-15 11:09:42 +11:00
4bbacb706b
- djm@cvs.openbsd.org 2005/10/30 04:01:03
...
[ssh-keyscan.c]
make ssh-keygen discard junk from server before SSH- ident, spotted by
dave AT cirt.net; ok dtucker@
2005-11-05 15:12:28 +11:00
ce321d8a30
- djm@cvs.openbsd.org 2005/09/13 23:40:07
...
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
ensure that stdio fds are attached; ok deraadt@
2005-10-03 18:11:24 +10:00
eccb9de72a
- djm@cvs.openbsd.org 2005/06/17 02:44:33
...
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
[bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
[kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
[servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
[ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
make this -Wsign-compare clean; ok avsm@ markus@
NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
NB2. more work may be needed to make portable Wsign-compare clean
2005-06-17 12:59:34 +10:00
b253cc4213
- avsm@cvs.openbsd.org 2005/05/24 17:32:44
...
[atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c]
[ssh-keyscan.c sshconnect.c]
Switch atomicio to use a simpler interface; it now returns a size_t
(containing number of bytes read/written), and indicates error by
returning 0. EOF is signalled by errno==EPIPE.
Typical use now becomes:
if (atomicio(read, ..., len) != len)
err(1,"read");
ok deraadt@, cloder@, djm@
2005-05-26 12:23:44 +10:00
41bfc29ea5
- moritz@cvs.openbsd.org 2005/04/28 10:17:56
...
[progressmeter.c ssh-keyscan.c]
add snprintf checks. ok djm@ markus@
2005-05-26 12:07:32 +10:00
9a2fdbd0d6
- jmc@cvs.openbsd.org 2005/03/01 15:47:14
...
[ssh-keyscan.1 ssh-keyscan.c]
sort options and sync usage();
2005-03-02 12:04:01 +11:00
db7b8171ee
- djm@cvs.openbsd.org 2005/03/01 10:41:28
...
[ssh-keyscan.1 ssh-keyscan.c]
option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@
2005-03-01 21:48:03 +11:00
fe6649da0c
- avsm@cvs.openbsd.org 2004/08/11 21:44:32
...
[authfd.c scp.c ssh-keyscan.c]
use atomicio instead of homegrown equivalents or read/write.
markus@ ok
2004-08-13 21:19:37 +10:00
ba6de952a0
- (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
...
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces
diff vs OpenBSD; ok mouring@, tested by tim@ too.
2004-07-17 14:07:42 +10:00
232711f6db
- djm@cvs.openbsd.org 2004/06/14 01:44:39
...
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
[sshd.c]
set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
2004-06-15 10:35:30 +10:00
f675fc4948
- djm@cvs.openbsd.org 2004/06/13 12:53:24
...
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
[ssh-keyscan.c sshconnect2.c sshd.c]
implement diffie-hellman-group14-sha1 kex method (trivial extension to
existing diffie-hellman-group1-sha1); ok markus@
2004-06-15 10:30:09 +10:00
3b51301a4b
- djm@cvs.openbsd.org 2004/03/08 09:38:05
...
[ssh-keyscan.c]
explicitly initialise remote_major and remote_minor.
from cjwatson AT debian.org; ok markus@
2004-03-08 23:13:00 +11:00
a615314d3b
- (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below.
2003-12-10 00:52:37 +11:00
e00074a726
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2003/11/23 23:17:34
[ssh-keyscan.c]
from portable - use sysconf to detect fd limit; ok markus@
(tidy diff by adding SSH_SSFDMAX macro to defines.h)
2003-11-24 13:07:45 +11:00
3d32622171
- markus@cvs.openbsd.org 2003/09/19 11:30:39
...
[ssh-keyscan.c]
avoid fatal_cleanup, just call exit(); ok deraadt
2003-09-22 21:11:20 +10:00
59d3d5b8b4
- (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
...
-lbroken; ok dtucker
2003-08-22 09:34:41 +10:00
9f63f22aa0
- deraadt@cvs.openbsd.org 2003/06/28 16:23:06
...
[atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
sshd.c]
deal with typing of write vs read in atomicio
2003-07-03 13:46:56 +10:00
7e1bbc55af
- (djm) Remove IPv4 by default hack now that we can specify AF in config
2003-05-18 20:52:40 +10:00
ea5ade28fb
- deraadt@cvs.openbsd.org 2003/04/26 04:29:49
...
[ssh-keyscan.c]
-t in usage(); rogier@quaak.org
2003-05-14 13:43:53 +10:00
2372ace572
- markus@cvs.openbsd.org 2003/04/14 14:17:50
...
[channels.c sshconnect.c sshd.c ssh-keyscan.c]
avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
2003-05-14 13:42:23 +10:00
8e7fb33523
- markus@cvs.openbsd.org 2003/02/16 17:09:57
...
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
split kex into client and server code, no need to link
server code into the client; ok provos@
2003-02-24 12:03:03 +11:00
9b481510bb
- (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and
...
fake-queue.h to sys-tree.h and sys-queue.h
2002-09-12 10:43:29 +10:00
5c98db50bf
- (bal) Minor KNF on ssh-keyscan.c
...
This is really from Theo's patch. I missed it by looking at the wrong
function call.
2002-07-07 22:25:29 +00:00
6a9fbc96c0
- stevesk@cvs.openbsd.org 2002/07/06 17:47:58
...
[ssh-keyscan.c]
unused variable
2002-07-07 22:19:13 +00:00
965710f66e
- deraadt@cvs.openbsd.org 2002/07/06 01:01:26
...
[ssh-keyscan.c]
KNF, realloc fix, and clean usage
2002-07-07 22:17:22 +00:00
edd098b196
- stevesk@cvs.openbsd.org 2002/06/27 19:49:08
...
[ssh-keyscan.c]
use convtime(); ok markus@
2002-07-04 00:07:13 +00:00
04f9af7dfc
- markus@cvs.openbsd.org 2002/06/27 08:49:44
...
[dh.c ssh-keyscan.c sshconnect.c]
more checks for NULL pointers; from grendel@zeitbombe.org ; ok deraadt@
2002-07-04 00:03:56 +00:00
61c183bea3
- itojun@cvs.openbsd.org 2002/06/16 21:30:58
...
[ssh-keyscan.c]
use TAILQ_xx macro. from lukem@netbsd. markus ok
2002-06-21 00:09:54 +00:00
924144e650
- (bal) Too many <sys/queue.h> issues. Remove all workarounds and
...
using internal version only.
2002-04-05 20:23:35 +00:00
6b28c35a04
- stevesk@cvs.openbsd.org 2002/03/04 18:30:23
...
[ssh-keyscan.c]
handle connection close during read of protocol version string.
fixes erroneous "bad greeting". ok markus@
2002-03-05 01:54:52 +00:00
9c8edc96fc
- markus@cvs.openbsd.org 2002/02/22 12:20:34
...
[log.c log.h ssh-keyscan.c]
overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@
2002-02-26 17:52:14 +00:00
83c02ef623
- markus@cvs.openbsd.org 2001/12/10 20:34:31
...
[ssh-keyscan.c]
check that server supports v1 for -t rsa1, report from wirth@dfki.de
2001-12-21 12:45:43 +11:00
28c603bf43
- stevesk@cvs.openbsd.org 2001/11/22 05:27:29
...
[ssh-keyscan.c]
don't use "\n" in fatal()
2001-12-06 16:45:10 +00:00
eaffb9d6b6
- markus@cvs.openbsd.org 2001/11/16 12:46:13
...
[ssh-keyscan.c]
handle empty lines instead of dumping core; report from sha@sha-1.net
2001-12-06 16:28:19 +00:00
efdc1f179d
- (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
...
<djast@cs.toronto.edu> Fix from markus@
2001-11-15 08:40:45 +11:00
4e088e4de0
- (bal) seed_init() and seed_rng() required in ssh-keyscan.c
2001-10-10 20:45:43 +00:00
139d4cd908
- markus@cvs.openbsd.org 2001/10/09 10:12:08
...
[session.c]
chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
2001-10-10 15:07:44 +10:00
76e7d9b630
whitespace sync
2001-09-20 20:30:09 +00:00
520b55c8c4
- markus@cvs.openbsd.org 2001/08/30 22:22:32
...
[ssh-keyscan.c]
do not pass pointers to longjmp; fix from wayne@blorf.net
2001-09-12 18:05:05 +00:00
78bbd9ebe3
- danh@cvs.openbsd.org 2001/08/27 22:02:13
...
[ssh-keyscan.c]
fix memory fault if non-existent filename is given to the -f option
ok markus@
2001-09-12 17:10:40 +00:00
de8fc6fadc
- markus@cvs.openbsd.org 2001/08/05 23:29:58
...
[ssh-keyscan.c]
make -t dsa work with commercial servers, too
2001-08-06 22:43:50 +00:00
325e70c90f
- markus@cvs.openbsd.org 2001/08/05 23:18:20
...
[ssh-keyscan.1 ssh-keyscan.c]
ssh 2 support; from wayned@users.sourceforge.net
2001-08-06 22:41:30 +00:00
djm@openbsd.org
dtucker@openbsd.org
jmc@openbsd.org
miod@openbsd.org
Darren Tucker
Damien Miller
deraadt@openbsd.org
markus@openbsd.org
Ben Lindstrom
Kevin Steves