Damien Miller
3ab496b3dd
- markus@cvs.openbsd.org 2003/05/14 02:15:47
...
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
server interops with commercial client; ok jakob@ djm@
2003-05-14 13:47:37 +10:00
Damien Miller
280ecfb6e4
- markus@cvs.openbsd.org 2003/05/12 16:55:37
...
[sshconnect2.c]
for pubkey authentication try the user keys in the following order:
1. agent keys that are found in the config file
2. other agent keys
3. keys that are only listed in the config file
this helps when an agent has many keys, where the server might
close the connection before the correct key is used. report & ok pb@
2003-05-14 13:46:00 +10:00
Damien Miller
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
Damien Miller
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
Damien Miller
a5539d2698
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/04/02 09:48:07
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
reapply rekeying chage, tested by henning@, ok djm@
2003-04-09 20:50:06 +10:00
Damien Miller
2dc074ef4b
- markus@cvs.openbsd.org 2003/04/01 10:10:23
...
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
- markus@cvs.openbsd.org 2003/04/01 10:22:21
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
backout rekeying changes (for 3.6.1)
2003-04-01 21:43:39 +10:00
Damien Miller
0011138d47
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/03/05 22:33:43
[channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
[sftp-server.c ssh-add.c sshconnect2.c]
fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
2003-03-10 11:21:17 +11:00
Damien Miller
8e7fb33523
- markus@cvs.openbsd.org 2003/02/16 17:09:57
...
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
split kex into client and server code, no need to link
server code into the client; ok provos@
2003-02-24 12:03:03 +11:00
Ben Lindstrom
1b96cfb975
- (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs since
...
we already did s/msg_send/ssh_msg_send/
2002-12-23 02:58:17 +00:00
Ben Lindstrom
1d568f9fce
- markus@cvs.openbsd.org 2002/12/13 10:03:15
...
[channels.c misc.c sshconnect2.c]
cleanup debug messages, more useful information for the client user.
2002-12-23 02:44:36 +00:00
Ben Lindstrom
064496feaa
- markus@cvs.openbsd.org 2002/11/21 22:45:31
...
[cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
debug->debug2, unify debug messages
2002-12-23 02:04:22 +00:00
Damien Miller
901119beab
- (djm) Bug #406 : s/msg_send/ssh_msg_send/ for Mac OS X 1.2
2002-10-04 11:10:04 +10:00
Ben Lindstrom
343010ad50
- markus@cvs.openbsd.org 2002/07/01 19:48:46
...
[sshconnect2.c]
for compression=yes, we fallback to no-compression if the server does
not support compression, vice versa for compression=no. ok mouring@
2002-07-04 00:16:25 +00:00
Ben Lindstrom
a962c2fb35
- deraadt@cvs.openbsd.org 2002/06/30 21:59:45
...
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
sshconnect2.c sshd.c]
minor KNF
2002-07-04 00:14:17 +00:00
Ben Lindstrom
5c3855210e
- deraadt@cvs.openbsd.org 2002/06/23 03:30:58
...
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
sshpty.c]
various KNF and %d for unsigned
2002-06-23 21:23:20 +00:00
Ben Lindstrom
cb72e4f6d2
- deraadt@cvs.openbsd.org 2002/06/19 00:27:55
...
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
xmalloc.h]
KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
Ben Lindstrom
cec2ea8d02
- markus@cvs.openbsd.org 2002/05/31 10:30:33
...
[sshconnect2.c]
extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@
2002-06-06 20:51:04 +00:00
Ben Lindstrom
4887da222b
- markus@cvs.openbsd.org 2002/05/25 08:50:39
...
[sshconnect2.c]
execlp->execl; from stevesk
2002-06-06 20:05:57 +00:00
Ben Lindstrom
5206b951c6
- markus@cvs.openbsd.org 2002/05/24 08:45:14
...
[sshconnect2.c]
stat ssh-keysign first, print error if stat fails;
some debug->error; fix comment
2002-06-06 19:59:29 +00:00
Ben Lindstrom
1bad256822
- markus@cvs.openbsd.org 2002/05/23 19:24:30
...
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
2002-06-06 19:57:33 +00:00
Tim Rice
c85496222b
[sshconnect2.c] change uint32_t to u_int32_t
2002-03-31 12:49:38 -08:00
Ben Lindstrom
38a69e6b53
- markus@cvs.openbsd.org 2002/03/26 15:58:46
...
[readpass.c readpass.h sshconnect2.c]
client side support for PASSWD_CHANGEREQ
2002-03-27 17:28:46 +00:00
Ben Lindstrom
6328ab3989
- markus@cvs.openbsd.org 2002/03/19 10:49:35
...
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
ttymodes.c]
KNF whitespace
2002-03-22 02:54:23 +00:00
Ben Lindstrom
c58ab02e45
- markus@cvs.openbsd.org 2002/02/25 16:33:27
...
[ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
more u_* fixes
2002-02-26 18:15:09 +00:00
Ben Lindstrom
90fd814f90
- markus@cvs.openbsd.org 2002/02/24 19:14:59
...
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
signed vs. unsigned: make size arguments u_int, ok stevesk@
2002-02-26 18:09:42 +00:00
Damien Miller
68f45983b2
- markus@cvs.openbsd.org 2002/02/03 17:59:23
...
[sshconnect2.c]
more cross checking if announced vs. used key type; ok stevesk@
2002-02-05 12:23:32 +11:00
Damien Miller
3a8262ffcc
- markus@cvs.openbsd.org 2002/01/25 21:00:24
...
[sshconnect2.c]
unused include
2002-02-05 11:53:15 +11:00
Damien Miller
0e3b87279c
- markus@cvs.openbsd.org 2002/01/13 17:57:37
...
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2002-01-22 23:26:38 +11:00
Damien Miller
630d6f4479
- markus@cvs.openbsd.org 2001/12/28 15:06:00
...
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
remove plen from the dispatch fn. it's no longer used.
2002-01-22 23:17:30 +11:00
Damien Miller
dff5099f13
- markus@cvs.openbsd.org 2001/12/28 14:50:54
...
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
Damien Miller
48b03fc546
- markus@cvs.openbsd.org 2001/12/27 20:39:58
...
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
Damien Miller
278f907a2d
- djm@cvs.openbsd.org 2001/12/20 22:50:24
...
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
[dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
[sshconnect2.c]
Conformance fix: we should send failing packet sequence number when
responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
yakk@yakk.dot.net ; ok markus@
2001-12-21 15:00:19 +11:00
Damien Miller
9f0f5c64bc
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
...
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom
1c37c6a518
- deraadt@cvs.openbsd.org 2001/12/05 10:06:12
...
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
minor KNF
2001-12-06 18:00:18 +00:00
Ben Lindstrom
3c36bb29ca
- itojun@cvs.openbsd.org 2001/12/05 03:56:39
...
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
sshconnect2.c]
make it compile with more strict prototype checking
2001-12-06 17:55:26 +00:00
Damien Miller
9f64390f41
- markus@cvs.openbsd.org 2001/11/07 16:03:17
...
[packet.c packet.h sshconnect2.c]
pad using the padding field from the ssh2 packet instead of sending
extra ignore messages. tested against several other ssh servers.
2001-11-12 11:02:52 +11:00
Damien Miller
91c1847733
- markus@cvs.openbsd.org 2001/10/29 19:27:15
...
[sshconnect2.c]
hostbased: check for client hostkey before building chost
2001-11-12 11:02:03 +11:00
Damien Miller
59d9fb9e55
- markus@cvs.openbsd.org 2001/10/06 11:18:19
...
[sshconnect1.c sshconnect2.c sshconnect.c]
unify hostkey check error messages, simplify prompt.
2001-10-10 15:03:11 +10:00
Ben Lindstrom
7d19996201
- markus@cvs.openbsd.org 2001/08/31 11:46:39
...
[sshconnect2.c]
disable kbd-interactive if we don't get
SSH2_MSG_USERAUTH_INFO_REQUEST messages
2001-09-12 18:29:00 +00:00
Ben Lindstrom
45350e8374
- markus@cvs.openbsd.org 2001/07/23 09:06:28
...
[sshconnect2.c]
reorder default sequence of userauth methods to match ssh behaviour:
hostbased,publickey,keyboard-interactive,password
2001-08-06 20:57:11 +00:00
Ben Lindstrom
c5b680018b
- markus@cvs.openbsd.org 2001/06/26 20:14:11
...
[key.c key.h ssh.c sshconnect1.c sshconnect2.c]
add smartcard support to the client, too (now you can use both
the agent and the client).
2001-07-04 04:52:03 +00:00
Ben Lindstrom
7907382299
- stevesk@cvs.openbsd.org 2001/06/25 20:26:37
...
[auth2.c sshconnect2.c]
prototype cleanup; ok markus@
2001-07-04 03:42:30 +00:00
Ben Lindstrom
126c56ad9e
- markus@cvs.openbsd.org 2001/06/24 05:47:13
...
[sshconnect2.c]
oops, missing format string
2001-06-25 05:22:53 +00:00
Ben Lindstrom
949974bbdb
- markus@cvs.openbsd.org 2001/06/24 05:35:33
...
[readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
switch to readpassphrase(3)
2.7/8-stable needs readpassphrase.[ch] from libc
2001-06-25 05:20:31 +00:00
Ben Lindstrom
bba81213b9
- itojun@cvs.openbsd.org 2001/06/23 15:12:20
...
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
readpass.c scp.c servconf.c serverloop.c session.c sftp.c
sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
ssh-keygen.c ssh-keyscan.c]
more strict prototypes. raise warning level in Makefile.inc.
markus ok'ed
TODO; cleanup headers
2001-06-25 05:01:22 +00:00
Ben Lindstrom
d6481ea49a
- markus@cvs.openbsd.org 2001/06/23 02:34:33
...
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
get rid of known_hosts2, use it for hostkey lookup, but do not
modify.
2001-06-25 04:37:41 +00:00
Ben Lindstrom
1bfe29151b
- markus@cvs.openbsd.org 2001/05/19 16:32:16
...
[ssh.1 sshconnect2.c]
change preferredauthentication order to
publickey,hostbased,password,keyboard-interactive
document that hostbased defaults to no, document order
2001-06-05 19:37:25 +00:00
Ben Lindstrom
551ea37576
- markus@cvs.openbsd.org 2001/05/18 14:13:29
...
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
improved kbd-interactive support. work by per@appgate.com and me
2001-06-05 18:56:16 +00:00
Ben Lindstrom
671388f233
- markus@cvs.openbsd.org 2001/04/18 23:43:26
...
[auth2.c compat.c sshconnect2.c]
more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
(however the 2.1.0 server seems to work only if debug is enabled...)
2001-04-19 20:40:45 +00:00
Ben Lindstrom
2bffd6fd1b
- markus@cvs.openbsd.org 2001/04/18 22:03:45
...
[auth2.c sshconnect2.c]
use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
2001-04-19 20:35:40 +00:00