Commit Graph

35 Commits

Author SHA1 Message Date
djm@openbsd.org acaf34fd82 upstream commit
As promised in last release announcement: remove
support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@

Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222
2017-05-08 09:21:00 +10:00
jmc@openbsd.org 1a1b24f822 upstream commit
more protocol 1 bits removed; ok djm

Upstream-ID: b5b977eaf756915acb56aef3604a650e27f7c2b9
2017-05-08 09:18:05 +10:00
djm@openbsd.org 788ac799a6 upstream commit
remove SSHv1 configuration options and man pages bits

ok markus@

Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424
2017-05-01 10:05:00 +10:00
sobrado@openbsd.org 09d87d7974 upstream commit
set ssh(1) protocol version to 2 only.

ok djm@

Upstream-ID: e168daf9d27d7e392e3c9923826bd8e87b2b3a10
2016-02-23 12:44:19 +11:00
sobrado@openbsd.org 9262e07826 upstream commit
add missing ~/.ssh/id_ecdsa and ~/.ssh/id_ed25519 to
 IdentityFile.

ok djm@

Upstream-ID: 6ce99466312e4ae7708017c3665e3edb976f70cf
2016-02-23 12:44:19 +11:00
Darren Tucker ad92df7e5e - sthen@cvs.openbsd.org 2013/09/16 11:35:43
[ssh_config]
     Remove gssapi config parts from ssh_config, as was already done for
     sshd_config.  Req by/ok ajacoutot@
     ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
2013-10-10 10:24:11 +11:00
Darren Tucker c53c2af173 - dtucker@cvs.openbsd.org 2013/05/16 02:00:34
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
     ssh_config.5 packet.h]
     Add an optional second argument to RekeyLimit in the client to allow
     rekeying based on elapsed time in addition to amount of traffic.
     with djm@ jmc@, ok djm
2013-05-16 20:28:16 +10:00
Darren Tucker 7ad8dd21da - dtucker@cvs.openbsd.org 2010/01/11 01:39:46
[ssh_config channels.c ssh.1 channels.h ssh.c]
     Add a 'netcat mode' (ssh -W).  This connects stdio on the client to a
     single port forward on the server.  This allows, for example, using ssh as
     a ProxyCommand to route connections via intermediate servers.
     bz #1618, man page help from jmc@, ok markus@
2010-01-12 19:40:27 +11:00
Damien Miller e8001d4820 - djm@cvs.openbsd.org 2009/02/17 01:28:32
[ssh_config]
     sync with revised default ciphers; pointed out by dkrause@
2009-02-21 12:45:02 +11:00
Damien Miller 9f6fb56ab8 - grunk@cvs.openbsd.org 2008/07/25 06:56:35
[ssh_config]
     Add VisualHostKey to example file, ok djm@
2008-11-03 19:15:44 +11:00
Damien Miller 4de545a6fb - pvalchev@cvs.openbsd.org 2007/06/08 04:40:40
[ssh_config]
     Add a "MACs" line after "Ciphers" with the default MAC algorithms,
     to ease people who want to tweak both (eg. for performance reasons).
     ok deraadt@ djm@ dtucker@
2007-06-11 14:04:42 +10:00
Damien Miller 81a38928eb - dtucker@cvs.openbsd.org 2006/05/29 12:56:33
[ssh_config]
     Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample
     ssh_config.  ok markus@
2006-06-13 13:01:09 +10:00
Damien Miller d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Darren Tucker 3f166dfcb5 - dtucker@cvs.openbsd.org 2005/01/28 09:45:53
[ssh_config]
     Make it clear that the example entries in ssh_config are only some of the
     commonly-used options and refer the user to ssh_config(5) for more
     details; ok djm@
2005-02-09 09:46:47 +11:00
Darren Tucker ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Damien Miller 20a8f97b03 - djm@cvs.openbsd.org 2003/05/16 03:27:12
[readconf.c ssh_config ssh_config.5 ssh-keysign.c]
     add AddressFamily option to ssh_config (like -4, -6 on commandline).
     Portable bug #534; ok markus@
2003-05-18 20:50:30 +10:00
Damien Miller b78d5eb6c5 - djm@cvs.openbsd.org 2003/05/15 14:55:25
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
     add a ConnectTimeout option to ssh, based on patch from
     Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
2003-05-16 11:39:04 +10:00
Ben Lindstrom 5d35a2f582 - markus@cvs.openbsd.org 2002/07/03 14:21:05
[ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
     re-enable ssh-keysign's sbit, but make ssh-keysign read
     /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
     globally. based on discussions with deraadt, itojun and sommerfeld;
     ok itojun@
2002-07-04 00:19:40 +00:00
Ben Lindstrom 9721e92ba8 - stevesk@cvs.openbsd.org 2002/06/20 20:03:34
[ssh_config sshd_config]
     refer to config file man page
2002-06-21 01:06:03 +00:00
Ben Lindstrom 914d03758b - stevesk@cvs.openbsd.org 2002/06/10 21:21:10
[ssh_config]
     update defaults for RhostsRSAAuthentication and RhostsAuthentication
     here too (all options commented out with default value).
2002-06-11 15:55:01 +00:00
Ben Lindstrom 7a7483d72e - markus@cvs.openbsd.org 2002/06/08 05:41:18
[ssh_config]
     remove FallBackToRsh/UseRsh
2002-06-09 20:05:35 +00:00
Damien Miller c497e38ce6 - stevesk@cvs.openbsd.org 2002/01/16 17:55:33
[ssh_config]
     correct some commented defaults.  add Ciphers default.  ok markus@
2002-01-22 23:32:39 +11:00
Damien Miller 56ccf41de2 - stevesk@cvs.openbsd.org 2002/01/03 04:11:08
[ssh_config]
     grammar in comment
2002-01-22 23:18:32 +11:00
Ben Lindstrom 9323d96479 - todd@cvs.openbsd.org 2001/04/03 21:19:38
[ssh_config]
     id_rsa1/2 -> id_rsa; ok markus@
2001-04-04 01:58:48 +00:00
Ben Lindstrom 068f3dce28 - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
[readconf.c ssh_config]
     default to SSH2, now that m68k runs fast
2001-03-10 17:15:39 +00:00
Damien Miller 3380426358 NB: big update - may break stuff. Please test!
- (djm) OpenBSD CVS sync:
   - markus@cvs.openbsd.org  2001/02/03 03:08:38
     [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
     [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
     [sshd_config]
     make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
   - markus@cvs.openbsd.org  2001/02/03 03:19:51
     [ssh.1 sshd.8 sshd_config]
     Skey is now called ChallengeResponse
   - markus@cvs.openbsd.org  2001/02/03 03:43:09
     [sshd.8]
     use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
     channel. note from Erik.Anggard@cygate.se (pr/1659)
   - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
     [ssh.1]
     typos; ok markus@
   - djm@cvs.openbsd.org     2001/02/04 04:11:56
     [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
     [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
     Basic interactive sftp client; ok theo@
 - (djm) Update RPM specs for new sftp binary
 - (djm) Update several bits for new optional reverse lookup stuff. I
   think I got them all.
2001-02-04 23:20:18 +11:00
Ben Lindstrom 36579d3daa - niklas@cvs.openbsd.org 2001/01/2001
[atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
      groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
      key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
      radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
      ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
      sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
     $OpenBSD$
2001-01-29 07:39:26 +00:00
Damien Miller 0bc1bd814e - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/11/06 16:04:56
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c ssh.c]
     agent forwarding and -R for ssh2, based on work from
     jhuuskon@messi.uku.fi
   - markus@cvs.openbsd.org  2000/11/06 16:13:27
     [ssh.c sshconnect.c sshd.c]
     do not disabled rhosts(rsa) if server port > 1024; from
     pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/11/06 16:16:35
     [sshconnect.c]
     downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
   - markus@cvs.openbsd.org  2000/11/09 18:04:40
     [auth1.c]
     typo; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/11/12 12:03:28
     [ssh-agent.c]
     off-by-one when removing a key from the agent
   - markus@cvs.openbsd.org  2000/11/12 12:50:39
     [auth-rh-rsa.c auth2.c authfd.c authfd.h]
     [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
     [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
     [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
     [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
     add support for RSA to SSH2.  please test.
     there are now 3 types of keys: RSA1 is used by ssh-1 only,
     RSA and DSA are used by SSH2.
     you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
     keys for SSH2 and use the RSA keys for hostkeys or for user keys.
     SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
 - (djm) Change to interim version
2000-11-13 22:57:25 +11:00
Damien Miller c30d35ce32 - (djm) Periodically rekey arc4random
- (djm) Clean up diff against OpenBSD.
2000-08-30 09:40:09 +11:00
Damien Miller 182ee6e6d9 - (djm) OpenBSD CVS Updates:
- deraadt@cvs.openbsd.org 2000/07/11 02:11:34
     [session.c sshd.c ]
     make MaxStartups code still work with -d; djm
   - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
     [readconf.c ssh_config]
     disable FallBackToRsh by default
2000-07-12 09:45:27 +10:00
Damien Miller f3a3fee942 - Debian bug #58031 - ssh_config lies about default cipher 2000-04-20 23:32:48 +10:00
Damien Miller 8bb73be04e - OpenBSD CVS updates
[channels.c]
   - fix pr 1196, listen_port and port_to_connect interchanged
   [scp.c]
   - after completion, replace the progress bar ETA counter with a final
     elapsed time; my idea, aaron wrote the patch
   [ssh_config sshd_config]
   - show 'Protocol' as an example, ok markus@
   [sshd.c]
   - missing xfree()
 - Add missing header to bsd-misc.c
2000-04-19 16:26:12 +10:00
Damien Miller 886c63a2c5 - Big manpage and config file cleanup from Andre Lucas
<andre.lucas@dial.pipex.com>
   - Re-added latest (unmodified) OpenBSD manpages
2000-01-20 23:13:36 +11:00
Damien Miller c0d7390398 - Automatically correct paths in manpages and configuration files. Patch
and script from Andre Lucas <andre.lucas@dial.pipex.com>
 - Removed credits from README to CREDITS file, updated.
1999-12-27 09:23:58 +11:00
Damien Miller d4a8b7e34d Initial revision 1999-10-27 13:42:43 +10:00