3269b13817
- djm@cvs.openbsd.org 2004/09/25 03:45:14
...
[sshd.c]
these printf args are no longer double; ok deraadt@ markus@
2004-11-05 20:20:59 +11:00
178fa66a64
- mickey@cvs.openbsd.org 2004/09/15 18:42:27
...
[sshd.c]
use less doubles in daemons; markus@ ok
2004-11-05 20:09:09 +11:00
2aa6d3cfce
- (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
...
banner. Suggested by deraadt@, ok mouring@, dtucker@
2004-09-12 16:53:04 +10:00
0f56ed16b8
- djm@cvs.openbsd.org 2004/08/28 01:01:48
...
[sshd.c]
don't erroneously close stdin for !reexec case, from Dave Johnson;
ok markus@
2004-08-29 16:38:41 +10:00
eb57862e7c
- (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling
...
messages generated before the postauth privsep split.
2004-08-12 23:08:14 +10:00
d8835934c4
- dtucker@cvs.openbsd.org 2004/08/11 11:50:09
...
[sshd.c]
Don't try to close startup_pipe if it's not open; ok djm@
2004-08-12 22:42:29 +10:00
6832b83744
- markus@cvs.openbsd.org 2004/07/28 08:56:22
...
[sshd.c]
call setsid() _before_ re-exec
2004-08-12 22:36:51 +10:00
8ae66a5032
- (dtucker) [sshd.c] Remove duplicate variable imported during sync.
2004-08-12 22:16:55 +10:00
0999174755
- dtucker@cvs.openbsd.org 2004/07/17 05:31:41
...
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
Move "Last logged in at.." message generation to the monitor, right
before recording the new login. Fixes missing lastlog message when
/var/log/lastlog is not world-readable and incorrect datestamp when
multiple sessions are used (bz #463 ); much assistance & ok markus@
2004-07-17 17:05:14 +10:00
fc9597034b
- deraadt@cvs.openbsd.org 2004/07/11 17:48:47
...
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
sshd.c ttymodes.h]
spaces
2004-07-17 16:12:08 +10:00
ba6de952a0
- (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
...
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces
diff vs OpenBSD; ok mouring@, tested by tim@ too.
2004-07-17 14:07:42 +10:00
386c6a2c70
- avsm@cvs.openbsd.org 2004/06/26 20:07:16
...
[sshd.c]
initialise some fd variables to -1, djm@ ok
2004-06-30 22:40:20 +10:00
035a5b47cc
- OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2004/06/25 18:43:36
[sshd.c]
fix broken fd handling in the re-exec fallback path, particularly when
/dev/crypto is in use; ok deraadt@ markus@
2004-06-26 08:16:31 +10:00
17c5d03ad3
- (dtucker) [sshd.c] add line missing from reexec sync.
2004-06-25 14:22:23 +10:00
586b0b98bf
- djm@cvs.openbsd.org 2004/06/25 01:16:09
...
[sshd.c]
only perform tcp wrappers checks when the incoming connection is on a
socket. silences useless warnings from regress tests that use
proxycommand="sshd -i". prompted by david@ ok markus@
2004-06-25 13:34:31 +10:00
645ab757bd
- djm@cvs.openbsd.org 2004/06/24 19:30:54
...
[servconf.c servconf.h sshd.c]
re-exec sshd on accept(); initial work, final debugging and ok markus@
2004-06-25 13:33:20 +10:00
232711f6db
- djm@cvs.openbsd.org 2004/06/14 01:44:39
...
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
[sshd.c]
set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
2004-06-15 10:35:30 +10:00
f675fc4948
- djm@cvs.openbsd.org 2004/06/13 12:53:24
...
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
[ssh-keyscan.c sshconnect2.c sshd.c]
implement diffie-hellman-group14-sha1 kex method (trivial extension to
existing diffie-hellman-group1-sha1); ok markus@
2004-06-15 10:30:09 +10:00
12984968fb
- (dtucker) [sshd.c] Fix typo in comment.
2004-05-24 13:37:13 +10:00
e14e005f41
- djm@cvs.openbsd.org 2004/05/09 01:19:28
...
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
sshd.c] removed: mpaux.c mpaux.h
kill some more tiny files; ok deraadt@
2004-05-13 16:30:44 +10:00
0c889cd9e9
- markus@cvs.openbsd.org 2004/03/11 10:21:17
...
[ssh.c sshd.c]
ssh, sshd: sync version output, ok djm
2004-03-22 09:36:00 +11:00
b408786db9
- markus@cvs.openbsd.org 2004/03/11 08:36:26
...
[sshd.c]
trim usage; ok deraadt
2004-03-22 09:35:21 +11:00
bfba354261
- (djm) [sshd.c] Drop supplemental groups if started as root
2004-03-22 09:29:57 +11:00
57aae982be
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2004/03/03 06:47:52
[sshd.c]
change proctiltle after accept(2); ok henning, deraadt, djm
2004-03-08 23:11:25 +11:00
86c093d289
- (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h
...
openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being
inherited by the child. ok djm@
2004-03-08 22:59:03 +11:00
112aaac0ce
- (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some
...
platforms (eg SCO, HP-UX) with logging in the wrong TZ.
2004-03-08 22:13:12 +11:00
d592048c36
- djm@cvs.openbsd.org 2004/02/25 00:22:45
...
[sshd.c]
typo in comment
2004-02-29 20:11:30 +11:00
efa3706f05
- markus@cvs.openbsd.org 2004/02/23 12:02:33
...
[sshd.c]
backout revision 1.279; set listen socket to non-block; ok henning.
2004-02-24 09:20:29 +11:00
a8be9e23d2
- dtucker@cvs.openbsd.org 2004/02/05 05:37:17
...
[monitor.c sshd.c]
Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
2004-02-06 16:40:27 +11:00
ecc9d46dc5
- (dtucker) [sshd.c] Bug #757 : Clear child's environment to prevent
...
accidentally inheriting from root's environment. ok djm@
2004-02-06 16:04:08 +11:00
12c150e7e0
- markus@cvs.openbsd.org 2003/12/09 21:53:37
...
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
2003-12-17 16:31:10 +11:00
b9997192a7
- markus@cvs.openbsd.org 2003/12/09 17:29:04
...
[sshd.c]
fix -o and HUP; ok henning@
2003-12-17 16:29:22 +11:00
3175eb9a5a
- markus@cvs.openbsd.org 2003/12/02 17:01:15
...
[channels.c session.c ssh-agent.c ssh.h sshd.c]
use SSH_LISTEN_BACKLOG (=128) in listen(2).
2003-12-09 19:15:11 +11:00
a8e06cef35
- djm@cvs.openbsd.org 2003/11/21 11:57:03
...
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
f58b58ced1
- jakob@cvs.openbsd.org 2003/11/10 16:23:41
...
[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
[key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
[ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
constify. ok markus@ & djm@
2003-11-17 21:18:23 +11:00
4a2505445f
- markus@cvs.openbsd.org 2003/10/02 10:41:59
...
[sshd.c]
print openssl version, too, several requests; ok henning/djm.
2003-10-03 17:57:24 +10:00
8fca6b57b4
- markus@cvs.openbsd.org 2003/09/26 08:19:29
...
[sshd.c]
no need to set the listen sockets to non-block; ok deraadt@
2003-10-02 16:18:22 +10:00
3e33cecf71
- markus@cvs.openbsd.org 2003/09/23 20:17:11
...
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
aaa56cb804
- markus@cvs.openbsd.org 2003/09/19 11:33:09
...
[packet.c sshd.c]
do not call packet_close on fatal; ok deraadt
2003-09-22 21:13:59 +10:00
1a0c0b9621
- markus@cvs.openbsd.org 2003/08/28 12:54:34
...
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
5ade9abc37
- (bal) redo how we handle 'mysignal()'. Move it to
...
openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to
be our 'mysignal' by default. OK djm@
2003-08-25 01:16:21 +00:00
59d3d5b8b4
- (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
...
-lbroken; ok dtucker
2003-08-22 09:34:41 +10:00
ec960f2c93
- markus@cvs.openbsd.org 2003/08/13 08:46:31
...
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
6aaa58c470
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
2003-08-02 22:24:49 +10:00
e98dfa323e
- markus@cvs.openbsd.org 2003/07/16 10:34:53
...
[ssh.c sshd.c]
don't exit on multiple -v or -d; ok deraadt@
2003-07-19 19:54:31 +10:00
fe0078ae49
- markus@cvs.openbsd.org 2003/07/14 12:36:37
...
[sshd.c]
remove undocumented -V option. would be only useful if openssh is used
as ssh v1 server for ssh.com's ssh v2.
2003-07-19 19:52:28 +10:00
b9aa0a0baa
- (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
...
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
9f63f22aa0
- deraadt@cvs.openbsd.org 2003/06/28 16:23:06
...
[atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
sshd.c]
deal with typing of write vs read in atomicio
2003-07-03 13:46:56 +10:00
e53270481c
- djm@cvs.openbsd.org 2003/06/28 07:48:10
...
[sshd.c]
report pidfile creation errors, based on patch from Roumen Petrov; ok markus@
2003-07-03 13:40:44 +10:00
502d384b74
- markus@cvs.openbsd.org 2003/06/24 08:23:46
...
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
int -> u_int; ok djm@, deraadt@, mouring@
2003-06-28 12:38:01 +10:00
0cbb9dea05
- (djm) Always use mysignal() for SIGALRM
2003-06-04 22:56:15 +10:00
31b3a0a98f
- djm@cvs.openbsd.org 2003/06/04 10:23:48
...
[sshd.c]
remove duplicated group-dropping code; ok markus@
2003-06-04 20:32:12 +10:00
61d3680aca
- deraadt@cvs.openbsd.org 2003/05/29 16:58:45
...
[sshd.c uidswap.c]
seteuid and setegid; markus ok
2003-06-02 19:09:48 +10:00
5d5f054173
RCS ID sync
2003-06-02 19:08:25 +10:00
f2e3e9deba
- (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may
...
clobber
2003-06-02 12:15:54 +10:00
9155a681fd
- djm@cvs.openbsd.org 2003/05/24 09:30:40
...
[authfile.c monitor.c sftp-common.c sshpty.c]
cast some types for printing; ok markus@
(missed a hunk)
2003-05-26 21:34:36 +10:00
7e1bbc55af
- (djm) Remove IPv4 by default hack now that we can specify AF in config
2003-05-18 20:52:40 +10:00
04cb536054
- (djm) Bug #529 : sshd doesn't work correctly after SIGHUP (copy argv
...
correctly)
2003-05-15 21:29:10 +10:00
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
2372ace572
- markus@cvs.openbsd.org 2003/04/14 14:17:50
...
[channels.c sshconnect.c sshd.c ssh-keyscan.c]
avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
2003-05-14 13:42:23 +10:00
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
c437cda328
- (dtucker) Bug #536 : Test for and work around openpty/controlling tty
...
problem on Linux (fixes "could not set controlling tty" errors).
Also renames STREAMS_PUSH_ACQUIRES_CTTY to the more generic SSHD_ACQUIRES_CTTY
and moves the Solaris-specific comments to configure.ac.
2003-05-10 17:05:46 +10:00
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
933cc8fb9c
- (djm) Bug #245 : TTY problems on Solaris. Fix by stevesk@ and
...
dtucker@zip.com.au
2003-03-10 11:38:10 +11:00
8e7fb33523
- markus@cvs.openbsd.org 2003/02/16 17:09:57
...
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
split kex into client and server code, no need to link
server code into the client; ok provos@
2003-02-24 12:03:03 +11:00
180fc5b236
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/01/27 17:06:31
[sshd.c]
more specific error message when /var/empty has wrong permissions;
bug #46 , map@appgate.com ; ok henning@, provos@, stevesk@
2003-02-24 11:50:18 +11:00
a8ed44b79e
- (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More
...
systems may be added later.
2003-01-10 09:53:12 +11:00
c2faa4a504
- markus@cvs.openbsd.org 2002/11/07 16:28:47
...
[sshd.c]
log to stderr if -ie is given, bug #414 , prj@po.cwru.edu
2002-11-09 15:50:03 +00:00
e9264973ad
- (djm) OpenBSD CVS Sync
...
- mickey@cvs.openbsd.org 2002/09/27 10:42:09
[compat.c compat.h sshd.c]
add a generic match for a prober, such as sie big brother;
idea from stevesk@; markus@ ok
2002-09-30 11:59:21 +10:00
d27a76de65
- markus@cvs.openbsd.org 2002/09/25 15:19:02
...
[sshd.c]
typo; pilot@monkey.org
2002-09-27 13:22:31 +10:00
81ed518b9b
Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
...
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
e1383cee9d
- stevesk@cvs.openbsd.org 2002/09/13 19:23:09
...
[channels.c sshconnect.c sshd.c]
remove use of SO_LINGER, it should not be needed. error check
SO_REUSEADDR. fixup comments. ok markus@
2002-09-19 11:49:37 +10:00
41daec7538
- stevesk@cvs.openbsd.org 2002/07/23 16:03:10
...
[sshd.c]
utmp_len is unsigned; display error consistent with other options.
ok markus@
2002-07-23 21:15:13 +00:00
264ee307a8
- markus@cvs.openbsd.org 2002/07/19 15:43:33
...
[log.c log.h session.c sshd.c]
remove fatal cleanups after fork; based on discussions with and code
from solar.
2002-07-23 21:01:56 +00:00
232ccf7754
- (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync
...
with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com .
2002-07-22 23:34:25 +00:00
9dd30817ef
[acconfig.h configure.ac sshd.c] s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/
2002-07-07 13:43:36 -07:00
a962c2fb35
- deraadt@cvs.openbsd.org 2002/06/30 21:59:45
...
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
sshconnect2.c sshd.c]
minor KNF
2002-07-04 00:14:17 +00:00
5a9d0eaba6
- deraadt@cvs.openbsd.org 2002/06/30 21:54:16
...
[auth2.c session.c sshd.c]
lint asks that we use names that do not overlap
2002-07-04 00:12:53 +00:00
810af968b8
- deraadt@cvs.openbsd.org 2002/06/28 23:05:06
...
[sshd.c]
gidset[2] -> gidset[1]; markus ok
2002-07-04 00:11:40 +00:00
fbbfa8422f
- deraadt@cvs.openbsd.org 2002/06/28 10:08:25
...
[sshd.c]
range check -u option at invocation
2002-07-04 00:10:34 +00:00
596273516c
- (bal) Cygwin uid0 fix by vinschen@redhat.com
2002-06-27 18:02:21 +00:00
fbcc3f71f2
- markus@cvs.openbsd.org 2002/06/25 18:51:04
...
[sshd.c]
lightweight do_setusercontext after chroot()
2002-06-25 23:24:18 +00:00
8eff319298
[acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
...
for Cygwin, Cray, & SCO
2002-06-25 15:35:15 -07:00
822b634099
- deraadt@cvs.openbsd.org 2002/06/23 10:29:52
...
[ssh-agent.c sshd.c]
some minor KNF and %u
2002-06-23 21:38:49 +00:00
5c3855210e
- deraadt@cvs.openbsd.org 2002/06/23 03:30:58
...
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
sshpty.c]
various KNF and %d for unsigned
2002-06-23 21:23:20 +00:00
57f08005d3
- stevesk@cvs.openbsd.org 2002/06/22 20:05:27
...
[sshd.c]
don't call setsid() if debugging or run from inetd; no "Operation not
permitted" errors now; ok millert@ markus@
2002-06-23 00:37:10 +00:00
2dfacb3d40
- stevesk@cvs.openbsd.org 2002/06/22 16:40:19
...
[sshd.c]
check /var/empty owner mode; ok provos@
2002-06-23 00:33:47 +00:00
23e0f667f8
- markus@cvs.openbsd.org 2002/06/20 23:05:56
...
[servconf.c servconf.h session.c sshd.c]
allow Compression=yes/no in sshd_config
2002-06-21 01:09:47 +00:00
837461bf9a
- (bal) Build noop setgroups() for cygwin to clean up code (For other
...
platforms without the setgroups() requirement, you MUST define
SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
2002-06-12 16:57:14 +00:00
ce0f634270
- mpech@cvs.openbsd.org 2002/06/11 05:46:20
...
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
pid_t cleanup. Markus need this now to keep hacking.
markus@, millert@ ok
2002-06-11 16:42:49 +00:00
a26ea63f8a
- markus@cvs.openbsd.org 2002/05/29 11:21:57
...
[sshd.c]
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
2002-06-06 20:46:25 +00:00
f666fec2d5
- deraadt@cvs.openbsd.org 2002/05/22 23:18:25
...
[ssh.c sshd.c]
spelling; abishoff@arc.nasa.gov
2002-06-06 19:51:58 +00:00
bc5bb55755
- (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()
2002-05-21 17:59:13 +00:00
c5041acef3
- (stevesk) [sshd.c] bug 245; disable setsid() for now
2002-05-21 17:50:21 +00:00
7339b2a278
- mouring@cvs.openbsd.org 2002/05/15 15:47:49
...
[kex.c monitor.c monitor_wrap.c sshd.c]
'monitor' variable clashes with at least one lame platform (NeXT). i
Renamed to 'pmonitor'. provos@
- (bal) Fixed up PAM case. I think.
2002-05-15 16:25:01 +00:00
17401b6b77
- millert@cvs.openbsd.org 2002/05/13 15:53:19
...
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
2002-05-15 16:17:56 +00:00
87aea25f1a
- (djm) Try to drop supplemental groups at daemon startup. Patch from
...
RedHat
2002-05-10 12:20:24 +10:00
0ea1d9d1f2
- (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
...
support. bug #184 . most from dcole@keysoftsys.com .
2002-04-25 18:17:04 +00:00
0150c65830
- djm@cvs.openbsd.org 2002/04/23 22:16:29
...
[sshd.c]
Improve error message; ok markus@ stevesk@
2002-04-24 09:49:09 +10:00
47fd8112b5
- markus@cvs.openbsd.org 2002/03/30 18:51:15
...
[monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
check waitpid for EINTR; based on patch from peter@ifm.liu.se
2002-04-02 20:48:19 +00:00
f90f58d846
- stevesk@cvs.openbsd.org 2002/03/23 20:57:26
...
[sshd.c]
setproctitle() after preauth child; ok markus@
2002-03-26 01:53:03 +00:00
943481cc77
- markus@cvs.openbsd.org 2002/03/21 21:23:34
...
[sshd.c]
add privsep_preauth() and remove 1 goto; ok provos@
2002-03-22 03:43:46 +00:00
1ee9ec32a3
- markus@cvs.openbsd.org 2002/03/21 10:21:20
...
[ssh-add.c]
ignore errors for nonexisting default keys in ssh-add,
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
2002-03-22 03:14:45 +00:00
c743134191
- stevesk@cvs.openbsd.org 2002/03/20 19:12:25
...
[servconf.c servconf.h ssh.h sshd.c]
for unprivileged user, group do:
pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
2002-03-22 03:11:49 +00:00
6328ab3989
- markus@cvs.openbsd.org 2002/03/19 10:49:35
...
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
ttymodes.c]
KNF whitespace
2002-03-22 02:54:23 +00:00
08105192fd
- markus@cvs.openbsd.org 2002/03/19 10:35:39
...
[auth-options.c auth.h session.c session.h sshd.c]
clean up prototypes
2002-03-22 02:50:06 +00:00
7a7edf77ed
- stevesk@cvs.openbsd.org 2002/03/19 03:03:43
...
[pathnames.h servconf.c servconf.h sshd.c]
_PATH_PRIVSEP_CHROOT_DIR; ok provos@
2002-03-22 02:42:37 +00:00
7a2073c50b
- provos@cvs.openbsd.org 2002/03/18 17:50:31
...
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
2002-03-22 02:30:41 +00:00
73ab9ba45d
- provos@cvs.openbsd.org 2002/03/18 01:12:14
...
[auth.h auth1.c auth2.c sshd.c]
have the authentication functions return the authentication context
and then do_authenticated; okay millert@
2002-03-22 01:27:35 +00:00
abcb145b38
- markus@cvs.openbsd.org 2002/03/14 16:38:26
...
[sshd.c]
split out ssh1 session key decryption; ok provos@
2002-03-22 01:10:21 +00:00
3a5b023330
Stupid djm commits experimental code to head instead of branch
...
revert
2002-03-13 13:19:42 +11:00
646e7cf3d7
Import of Niels Provos' 20020312 ssh-complete.diff
...
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00
733a2351f5
- stevesk@cvs.openbsd.org 2002/02/27 21:23:13
...
[canohost.c channels.c packet.c sshd.c]
remove unneeded casts in [gs]etsockopt(); ok markus@
2002-03-05 01:31:28 +00:00
13c5d3b370
- stevesk@cvs.openbsd.org 2002/02/24 16:09:52
...
[sshd.c]
use u_char* here; ok markus@
2002-02-26 18:00:48 +00:00
6a47f30c55
- markus@cvs.openbsd.org 2002/02/11 16:19:39
...
[sshd.c]
include md5.h not hmac.h
2002-02-13 13:55:06 +11:00
654c03fd06
- markus@cvs.openbsd.org 2002/02/11 16:17:55
...
[sshd.c]
do not complain about port > 1024 if rhosts-auth is disabled
2002-02-13 13:54:44 +11:00
5aa5d78e40
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2002/02/04 12:15:25
[sshd.c]
add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
fixes arm/netbsd; based on patch from bjh21@netbsd.org ; ok djm@
2002-02-08 22:01:54 +11:00
0e3b87279c
- markus@cvs.openbsd.org 2002/01/13 17:57:37
...
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2002-01-22 23:26:38 +11:00
dff5099f13
- markus@cvs.openbsd.org 2001/12/28 14:50:54
...
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
d432ccf740
- markus@cvs.openbsd.org 2001/12/28 13:57:33
...
[auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
packet_get_bignum* no longer returns a size
2002-01-22 23:14:44 +11:00
48b03fc546
- markus@cvs.openbsd.org 2001/12/27 20:39:58
...
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
66823cddbe
- markus@cvs.openbsd.org 2001/12/27 20:39:58
...
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:38 +11:00
da7551677b
- markus@cvs.openbsd.org 2001/12/27 18:22:16
...
[auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
call fatal() for openssl allocation failures
2002-01-22 23:09:22 +11:00
9f0f5c64bc
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
...
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
72c336def6
- stevesk@cvs.openbsd.org 2001/12/10 16:45:04
...
[sshd.c]
possible fd leak on error; ok markus@
2001-12-21 12:44:28 +11:00
ade03f6bad
- markus@cvs.openbsd.org 2001/12/06 13:30:06
...
[servconf.c servconf.h sshd.8 sshd.c]
add -o to sshd, too. ok deraadt@
- (bal) Minor white space fix up in servconf.c
2001-12-06 18:22:17 +00:00
1c37c6a518
- deraadt@cvs.openbsd.org 2001/12/05 10:06:12
...
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
minor KNF
2001-12-06 18:00:18 +00:00
f8f065bc75
- itojun@cvs.openbsd.org 2001/12/05 03:50:01
...
[clientloop.c serverloop.c sshd.c]
deal with LP64 printf issue with sig_atomic_t. from thorpej
2001-12-06 17:52:16 +00:00
5e71c54b8c
- markus@cvs.openbsd.org 2001/11/22 12:34:22
...
[clientloop.c serverloop.c sshd.c]
volatile sig_atomic_t
2001-12-06 16:48:14 +00:00
d84df989db
- markus@cvs.openbsd.org 2001/11/19 11:20:21
...
[sshd.c]
fd leak on HUP; ok stevesk@
2001-12-06 16:35:40 +00:00
0795848def
- deraadt@cvs.openbsd.org 2001/11/14 20:45:08
...
[sshd.c]
errno saving wrapping in a signal handler
2001-12-06 16:19:01 +00:00
6a4a4b9290
- markus@cvs.openbsd.org 2001/11/10 13:19:45
...
[sshd.c]
cleanup libwrap support (remove bogus comment, bogus close(), add debug, etc).
2001-11-12 11:07:11 +11:00
e4a0ff4748
- markus@cvs.openbsd.org 2001/11/09 19:08:35
...
[sshd.c]
remove extra trailing dot from log message; pilot@naughty.monkey.org
2001-11-12 11:06:54 +11:00
00b61645eb
- markus@cvs.openbsd.org 2001/10/24 08:41:41
...
[sshd.c]
mention remote port in debug message
2001-11-12 10:51:23 +11:00
1bae404457
- stevesk@cvs.openbsd.org 2001/10/02 22:56:09
...
[sshd.c]
#include "channels.h" for channel_set_af()
2001-10-03 17:46:39 +00:00
908afed17f
- markus@cvs.openbsd.org 2001/10/01 21:38:53
...
[channels.c channels.h ssh.c sshd.c]
remove ugliness; vp@drexel.edu via angelos
2001-10-03 17:34:59 +00:00
ffbe69890d
- (djm) Revert setgroups call, it causes problems on OS-X
2001-09-18 14:03:03 +10:00
ebf989e601
- (djm) Clear supplemental groups at sshd start to prevent them from
...
being propogated to random PAM modules. Based on patch from Redhat via
Pekka Savola <pekkas@netcore.fi>
2001-09-15 21:12:49 +10:00
ce89dacda8
- camield@cvs.openbsd.org 2001/08/23 17:59:31
...
[sshd.c]
end request with 0, not NULL
ok markus@
2001-09-12 16:58:04 +00:00
6db66ff387
- (bal) Second around of UNICOS patches. A few other things left.
...
Patches by William L. Jones <jones@mail.utexas.edu>
2001-08-06 23:29:16 +00:00
794325ac7a
- stevesk@cvs.openbsd.org 2001/07/26 17:18:22
...
[sshd.8 sshd.c]
add -t option to test configuration file and keys; pekkas@netcore.fi
ok markus@
2001-08-06 21:09:07 +00:00
ec95ed9b4c
- dugsong@cvs.openbsd.org 2001/06/26 16:15:25
...
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
servconf.c servconf.h session.c sshconnect1.c sshd.c]
Kerberos v5 support for SSH1, mostly from Assar Westerlund
<assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-07-04 04:21:14 +00:00
980978639c
- markus@cvs.openbsd.org 2001/06/23 19:12:43
...
[sshd.c]
pidfile/sigterm race; bbraun@synack.net
2001-06-25 05:10:20 +00:00
bba81213b9
- itojun@cvs.openbsd.org 2001/06/23 15:12:20
...
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
readpass.c scp.c servconf.c serverloop.c session.c sftp.c
sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
ssh-keygen.c ssh-keyscan.c]
more strict prototypes. raise warning level in Makefile.inc.
markus ok'ed
TODO; cleanup headers
2001-06-25 05:01:22 +00:00
ec46e0b5fd
- markus@cvs.openbsd.org 2001/06/04 23:07:21
...
[clientloop.c serverloop.c sshd.c]
set flags in the signal handlers, do real work in the main loop,
ok provos@
2001-06-09 01:27:31 +00:00
80c6d77085
- markus@cvs.openbsd.org 2001/05/28 23:58:35
...
[packet.c packet.h sshconnect.c sshd.c]
remove some lines, simplify.
2001-06-05 21:09:18 +00:00
1bda4c835e
- stevesk@cvs.openbsd.org 2001/05/19 19:43:57
...
[misc.c misc.h servconf.c sshd.8 sshd.c]
sshd command-line arguments and configuration file options that
specify time may be expressed using a sequence of the form:
time[qualifier], where time is a positive integer value and qualifier
is one of the following:
<none>,s,m,h,d,w
Examples:
600 600 seconds (10 minutes)
10m 10 minutes
1h30m 1 hour 30 minutes (90 minutes)
ok markus@
2001-06-05 19:59:08 +00:00
551ea37576
- markus@cvs.openbsd.org 2001/05/18 14:13:29
...
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
improved kbd-interactive support. work by per@appgate.com and me
2001-06-05 18:56:16 +00:00
15f33866a6
- markus@cvs.openbsd.org 2001/04/15 16:58:03
...
[authfile.c ssh-keygen.c sshd.c]
don't use errno for key_{load,save}_private; discussion w/ solar@openwall
2001-04-16 02:00:02 +00:00
206941fdd8
- markus@cvs.openbsd.org 2001/04/15 08:43:47
...
[dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
some unused variable and typos; from tomh@po.crl.go.jp
2001-04-15 14:27:16 +00:00
19066a112b
- stevesk@cvs.openbsd.org 2001/04/12 20:09:38
...
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
robust port validation; ok markus@ jakob@
2001-04-12 23:39:26 +00:00
9fce9f02e8
- lebel@cvs.openbsd.org 2001/04/11 16:25:30
...
[sshd.8 sshd.c]
implement the -e option into sshd:
-e When this option is specified, sshd will send the output to the
standard error instead of the system log.
markus@ OK.
2001-04-11 23:10:09 +00:00
a3700050ec
- markus@cvs.openbsd.org 2001/04/05 10:42:57
...
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
sshconnect2.c sshd.c]
fix whitespace: unexpand + trailing spaces.
2001-04-05 23:26:32 +00:00
be2cc43c3a
- markus@cvs.openbsd.org 2001/04/04 20:25:38
...
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
sshconnect2.c sshd.c]
more robust rekeying
don't send channel data after rekeying is started.
2001-04-04 23:46:07 +00:00
8ac9106c3d
- markus@cvs.openbsd.org 2001/04/04 14:34:58
...
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
enable server side rekeying + some rekey related clientup.
todo: we should not send any non-KEX messages after we send KEXINIT
2001-04-04 17:57:54 +00:00
238abf6a14
- markus@cvs.openbsd.org 2001/04/04 09:48:35
...
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
don't sent multiple kexinit-requests.
send newkeys, block while waiting for newkeys.
fix comments.
2001-04-04 17:52:53 +00:00
2d90e00309
- markus@cvs.openbsd.org 2001/04/03 23:32:12
...
[kex.c kex.h packet.c sshconnect2.c sshd.c]
undo parts of recent my changes: main part of keyexchange does not
need dispatch-callbacks, since application data is delayed until
the keyexchange completes (if i understand the drafts correctly).
add some infrastructure for re-keying.
2001-04-04 02:00:54 +00:00
20d7c7b02c
- markus@cvs.openbsd.org 2001/04/03 19:53:29
...
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
move kex to kex*.c, used dispatch_set() callbacks for kex. should
make rekeying easier.
2001-04-04 01:56:17 +00:00
ff75ac4d68
- OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2001/03/29 23:42:01
[sshd.c]
Protocol 1 key regeneration log => verbose, some KNF; ok markus@
2001-03-30 10:50:32 +10:00
a0ff466d80
- OpenBSD CVS Sync
...
- stevesk@cvs.openbsd.org 2001/03/29 21:06:21
[sshconnect2.c sshd.c]
need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
2001-03-30 10:49:35 +10:00
2557bfc5d7
- (djm) OpenBSD CVS Sync
...
- provos@cvs.openbsd.org 2001/03/28 21:59:41
[kex.c kex.h sshconnect2.c sshd.c]
forgot to include min and max params in hash, okay markus@
2001-03-30 10:47:14 +10:00
7de696e798
- markus@cvs.openbsd.org 2001/03/28 20:50:45
...
[sshd.c]
call refuse() before close(); from olemx@ans.pl
2001-03-29 00:45:12 +00:00
df221391e6
- provos@cvs.openbsd.org 2001/03/27 17:46:50
...
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
make dh group exchange more flexible, allow min and max group size,
okay markus@, deraadt@
2001-03-29 00:36:16 +00:00
425fb02f20
- markus@cvs.openbsd.org 2001/03/27 10:34:08
...
[ssh-rsa.c sshd.c]
use EVP_get_digestbynid, reorder some calls and fix missing free.
2001-03-29 00:31:20 +00:00
d0fca423fc
- markus@cvs.openbsd.org 2001/03/26 08:07:09
...
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
simpler key load/save interface, see authfile.h
2001-03-26 13:44:06 +00:00
de71cda078
- markus@cvs.openbsd.org 2001/03/23 14:28:32
...
[session.c sshd.c]
ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
2001-03-24 00:43:26 +00:00
c8530c7f5c
- djm@cvs.openbsd.org 2001/03/23 11:04:07
...
[compat.c compat.h sshconnect2.c sshd.c]
Compat for OpenSSH with broken Rijndael/AES. ok markus@
2001-03-24 00:35:19 +00:00
69d8c077d4
- deraadt@cvs.openbsd.org 2001/03/22 20:22:55
...
[sshd.c]
do not place linefeeds in buffer
2001-03-22 22:45:33 +00:00
27dbe6f37e
- deraadt@cvs.openbsd.org 2001/03/18 23:30:55
...
[compat.c compat.h sshd.c]
specifically version match on ssh scanners. do not log scan
information to the console
2001-03-19 22:36:20 +11:00
60bc517356
- (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
...
do it implicitly.
2001-03-19 09:38:15 +11:00
ca42d5fb7f
- deraadt@cvs.openbsd.org 2001/03/09 12:30:29
...
[sshd.c]
typo; slade@shore.net
2001-03-09 18:25:32 +00:00
4c4f05e096
- markus@cvs.openbsd.org 2001/03/05 17:17:21
...
[kex.c kex.h sshconnect2.c sshd.c]
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
2001-03-06 01:09:20 +00:00
6df8ef4196
- millert@cvs.openbsd.org 2001/03/04 17:42:28
...
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
ssh.c sshconnect.c sshd.c]
log functions should not be passed strings that end in newline as they
get passed on to syslog() and when logging to stderr, do_log() appends
its own newline.
2001-03-05 07:47:23 +00:00
9c5324422e
- (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
2001-03-05 07:33:14 +00:00
941ac82e16
- markus@cvs.openbsd.org 2001/02/28 21:21:41
...
[sshd.c]
generate a fake session id, too
2001-03-05 06:25:23 +00:00
eb648a749b
- markus@cvs.openbsd.org 2001/02/23 18:15:13
...
[sshd.c]
the random session key depends now on the session_key_int
sent by the 'attacker'
dig1 = md5(cookie|session_key_int);
dig2 = md5(dig1|cookie|session_key_int);
fake_session_key = dig1|dig2;
this change is caused by a mail from anakin@pobox.com
patch based on discussions with my german advisor niels@openbsd.org
2001-03-05 06:00:29 +00:00
a9a29e1bed
- deraadt@cvs.openbsd.org 2001/02/19 23:09:05
...
[sshd.c]
clarify message to make it not mention "ident"
2001-02-20 01:20:47 +00:00
d95c09cc83
- (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
...
pty.[ch] -> sshpty.[ch]
2001-02-18 19:13:33 +00:00
0a4e27d583
- (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
...
Miskiewicz <misiek@pld.ORG.PL>
2001-02-18 12:36:39 +11:00
5393f9360d
- markus@cvs.openbsd.org 2001/02/12 23:26:20
...
[sshd.c]
missing memset; from solar@openwall.com
2001-02-15 03:17:13 +00:00
06b33aa0e8
- markus@cvs.openbsd.org 2001/02/11 12:59:25
...
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
1) clean up the MAC support for SSH-2
2) allow you to specify the MAC with 'ssh -m'
3) or the 'MACs' keyword in ssh(d)_config
4) add hmac-{md5,sha1}-96
ok stevesk@, provos@
2001-02-15 03:01:59 +00:00
f79aeffe3b
- markus@cvs.openbsd.org 2001/02/07 22:35:46
...
[auth1.c auth2.c sshd.c]
move k_setpag() to a central place; ok dugsong@
2001-02-10 21:27:11 +00:00
31ca54aa86
- itojun@cvs.openbsd.org 2001/02/08 19:30:52
...
sync with netbsd tree changes.
- more strict prototypes, include necessary headers
- use paths.h/pathnames.h decls
- size_t typecase to int -> u_long
2001-02-09 02:11:24 +00:00
adf74cdeca
- deraadt@cvs.openbsd.org 2001/02/04 16:56:23
...
[scp.c sshd.c]
alpha happiness
- stevesk@cvs.openbsd.org 2001/02/04 15:12:17
[sshd.c]
precedence; ok markus@
- deraadt@cvs.openbsd.org 2001/02/04 08:14:15
[ssh.c sshd.c]
make the alpha happy
2001-02-05 14:22:50 +00:00
ef4eea9bad
- stevesk@cvs.openbsd.org 2001/02/04 08:32:27
...
[many files; did this manually to our top-level source dir]
unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
7650bc6842
- (djm) OpenBSD CVS Sync:
...
- markus@cvs.openbsd.org 2001/01/29 12:47:32
[rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
handle rsa_private_decrypt failures; helps against the Bleichenbacher
pkcs#1 attack
2001-01-30 09:27:26 +11:00
d53902049e
- markus@cvs.openbsd.org 2001/01/28 10:37:26
...
[sshd.c]
remove -Q, no longer needed
2001-01-29 08:07:43 +00:00
95fb2dde77
- markus@cvs.openbsd.org 2001/01/22 23:06:39
...
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
sshconnect1.c sshconnect2.c sshd.c]
rename skey -> challenge response.
auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
2001-01-23 03:12:10 +00:00
b1985f7279
- (bal) OpenBSD Resync
...
- markus@cvs.openbsd.org 2001/01/22 8:15:00
[auth-krb4.c sshconnect1.c]
only AFS needs radix.[ch]
- markus@cvs.openbsd.org 2001/01/22 8:32:53
[auth2.c]
no need to include; from mouring@etoh.eviladmin.org
- stevesk@cvs.openbsd.org 2001/01/22 16:55:21
[key.c]
free() -> xfree(); ok markus@
- stevesk@cvs.openbsd.org 2001/01/22 17:22:28
[sshconnect2.c sshd.c]
fix memory leaks in SSH2 key exchange; ok markus@
2001-01-23 00:19:15 +00:00
226cfa0378
Hopefully things did not get mixed around too much. It compiles under
...
Linux and works. So that is at least a good sign. =)
20010122
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
[servconf.c ssh.h sshd.c]
only auth-chall.c needs #ifdef SKEY
- markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
[auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
ssh1.h sshconnect1.c sshd.c ttymodes.c]
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
- markus@cvs.openbsd.org 2001/01/19 16:48:14
[sshd.8]
fix typo; from stevesk@
- markus@cvs.openbsd.org 2001/01/19 16:50:58
[ssh-dss.c]
clear and free digest, make consistent with other code (use dlen); from
stevesk@
- markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
[auth-options.c auth-options.h auth-rsa.c auth2.c]
pass the filename to auth_parse_options()
- markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
[readconf.c]
fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
- stevesk@cvs.openbsd.org 2001/01/20 18:20:29
[sshconnect2.c]
dh_new_group() does not return NULL. ok markus@
- markus@cvs.openbsd.org 2001/01/20 21:33:42
[ssh-add.c]
do not loop forever if askpass does not exist; from
andrew@pimlott.ne.mediaone.net
- djm@cvs.openbsd.org 2001/01/20 23:00:56
[servconf.c]
Check for NULL return from strdelim; ok markus
- djm@cvs.openbsd.org 2001/01/20 23:02:07
[readconf.c]
KNF; ok markus
- jakob@cvs.openbsd.org 2001/01/21 9:00:33
[ssh-keygen.1]
remove -R flag; ok markus@
- markus@cvs.openbsd.org 2001/01/21 19:05:40
[atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
key.c key.h log-client.c log-server.c log.c log.h login.c login.h
match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
ttysmodes.c uidswap.c xmalloc.c]
split ssh.h and try to cleanup the #include mess. remove unnecessary
#includes. rename util.[ch] -> misc.[ch]
- (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
- (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
conflict when compiling for non-kerb install
- (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
on 1/19.
2001-01-22 05:34:40 +00:00
cf0809d644
Removed one more 'ISSUE' comment in auth1.c
...
20010120
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26
[ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
only auth-chall.c needs #ifdef SKEY
2001-01-19 15:44:10 +00:00
db65e8fded
Please grep through the source and look for 'ISSUE' comments and verify
...
that I was able to get all the portable bits in the right location. As for
the SKEY comment there is an email out to Markus as to how it should be
resolved. Until then I just #ifdef SKEY/#endif out the whole block.
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/18 16:20:21
[log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
sshd.8 sshd.c]
log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
systems
- markus@cvs.openbsd.org 2001/01/18 16:59:59
[auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
session.h sshconnect1.c]
1) removes fake skey from sshd, since this will be much
harder with /usr/libexec/auth/login_XXX
2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
3) make addition of BSD_AUTH and other challenge reponse methods
easier.
- markus@cvs.openbsd.org 2001/01/18 17:12:43
[auth-chall.c auth2-chall.c]
rename *-skey.c *-chall.c since the files are not skey specific
2001-01-19 04:26:52 +00:00
bf555ba621
NOTE: This update changes the RSA key generation. *NEW RSA KEYS
...
NEED TO BE GENERATED* =) Refer to to entry "2001/01/16 19:20:06"
for more details.
20010118
- (bal) Super Sized OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
[sshd.c]
maxfd+1
- markus@cvs.openbsd.org 2001/01/13 17:59:18
[ssh-keygen.1]
small ssh-keygen manpage cleanup; stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:03:07
[scp.c ssh-keygen.c sshd.c]
getopt() returns -1 not EOF; stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:06:54
[ssh-keyscan.c]
use SSH_DEFAULT_PORT; from stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:12:47
[ssh-keyscan.c]
free() -> xfree(); fix memory leak; from stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:14:13
[ssh-add.c]
typo, from stevesk@sweden.hp.com
- markus@cvs.openbsd.org 2001/01/13 18:32:50
[packet.c session.c ssh.c sshconnect.c sshd.c]
split out keepalive from packet_interactive (from dale@accentre.com )
set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
- markus@cvs.openbsd.org 2001/01/13 18:36:45
[packet.c packet.h]
reorder, typo
- markus@cvs.openbsd.org 2001/01/13 18:38:00
[auth-options.c]
fix comment
- markus@cvs.openbsd.org 2001/01/13 18:43:31
[session.c]
Wall
- markus@cvs.openbsd.org 2001/01/13 19:14:08
[clientloop.h clientloop.c ssh.c]
move callback to headerfile
- markus@cvs.openbsd.org 2001/01/15 21:40:10
[ssh.c]
use log() instead of stderr
- markus@cvs.openbsd.org 2001/01/15 21:43:51
[dh.c]
use error() not stderr!
- markus@cvs.openbsd.org 2001/01/15 21:45:29
[sftp-server.c]
rename must fail if newpath exists, debug off by default
- markus@cvs.openbsd.org 2001/01/15 21:46:38
[sftp-server.c]
readable long listing for sftp-server, ok deraadt@
- markus@cvs.openbsd.org 2001/01/16 19:20:06
[key.c ssh-rsa.c]
make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
galb@vandyke.com . note that you have to delete older ssh2-rsa keys,
since they are in the wrong format, too. they must be removed from
.ssh/authorized_keys2 and .ssh/known_hosts2, etc.
(cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
.ssh/authorized_keys2) additionally, we now check that
BN_num_bits(rsa->n) >= 768.
- markus@cvs.openbsd.org 2001/01/16 20:54:27
[sftp-server.c]
remove some statics. simpler handles; idea from nisse@lysator.liu.se
- deraadt@cvs.openbsd.org 2001/01/16 23:58:08
[bufaux.c radix.c sshconnect.h sshconnect1.c]
indent
- (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
be missing such feature.
2001-01-18 02:04:35 +00:00
2f959b4cd1
20010112
...
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/10 22:56:22
[bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
cleanup sftp-server implementation:
add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
parse SSH2_FILEXFER_ATTR_EXTENDED
send SSH2_FX_EOF if readdir returns no more entries
reply to SSH2_FXP_EXTENDED message
use #defines from the draft
move #definations to sftp.h
more info:
http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
- markus@cvs.openbsd.org 2001/01/10 19:43:20
[sshd.c]
XXX - generate_empheral_server_key() is not safe against races,
because it calls log()
- markus@cvs.openbsd.org 2001/01/09 21:19:50
[packet.c]
allow TCP_NDELAY for ipv6; from netbsd via itojun@
2001-01-11 06:20:23 +00:00
a383baac46
20010108
...
- (bal) Fixed another typo in cli.c
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/07 21:26:55
[cli.c]
typo
- markus@cvs.openbsd.org 2001/01/07 21:26:55
[cli.c]
missing free, stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/07 19:06:25
[auth1.c]
missing free, stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/07 11:28:04
[log-client.c log-server.c log.c readconf.c servconf.c ssh.1
ssh.h sshd.8 sshd.c]
rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
syslog priority changes:
fatal() LOG_ERR -> LOG_CRIT
log() LOG_INFO -> LOG_NOTICE
2001-01-08 06:13:41 +00:00
d26dcf3371
20010107
...
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/06 11:23:27
[ssh-rsa.c]
remove unused
- itojun@cvs.openbsd.org 2001/01/05 08:23:29
[ssh-keyscan.1]
missing .El
- markus@cvs.openbsd.org 2001/01/04 22:41:03
[session.c sshconnect.c]
consistent use of _PATH_BSHELL; from stevesk@pobox.com
- djm@cvs.openbsd.org 2001/01/04 22:35:32
[ssh.1 sshd.8]
Mention AES as available SSH2 Cipher; ok markus
- markus@cvs.openbsd.org 2001/01/04 22:25:58
[sshd.c]
sync usage()/man with defaults; from stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/04 22:21:26
[sshconnect2.c]
handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
that prints a banner (e.g. /etc/issue.net)
2001-01-06 15:18:16 +00:00
4dccfa5fb7
- (bal) OpenBSD CVS Update
...
- markus@cvs.openbsd.org 2000/12/28 14:25:51
[auth.h auth2.c]
count authentication failures only
- markus@cvs.openbsd.org 2000/12/28 14:25:03
[sshconnect.c]
fingerprint for MITM attacks, too.
- markus@cvs.openbsd.org 2000/12/28 12:03:57
[sshd.8 sshd.c]
document -D
- markus@cvs.openbsd.org 2000/12/27 14:19:21
[serverloop.c]
less chatty
- markus@cvs.openbsd.org 2000/12/27 12:34
[auth1.c sshconnect2.c sshd.c]
typo
- markus@cvs.openbsd.org 2000/12/27 12:30:19
[readconf.c readconf.h ssh.1 sshconnect.c]
new option: HostKeyAlias: allow the user to record the host key
under a different name. This is useful for ssh tunneling over
forwarded connections or if you run multiple sshd's on different
ports on the same machine.
- markus@cvs.openbsd.org 2000/12/27 11:51:53
[ssh.1 ssh.c]
multiple -t force pty allocation, document ORIGINAL_COMMAND
- markus@cvs.openbsd.org 2000/12/27 11:41:31
[sshd.8]
update for ssh-2
2000-12-28 16:40:05 +00:00
46c162204b
One way to massive patch. <sigh> It compiles and works under Linux..
...
And I think I have all the bits right from the OpenBSD tree.
20001222
- Updated RCSID for pty.c
- (bal) OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/12/21 15:10:16
[auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
- markus@cvs.openbsd.org 2000/12/20 19:26:56
[authfile.c]
allow ssh -i userkey for root
- markus@cvs.openbsd.org 2000/12/20 19:37:21
[authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
fix prototypes; from stevesk@pobox.com
- markus@cvs.openbsd.org 2000/12/20 19:32:08
[sshd.c]
init pointer to NULL; report from Jan.Ivan@cern.ch
- markus@cvs.openbsd.org 2000/12/19 23:17:54
[auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
unsigned' with u_char.
2000-12-22 01:43:59 +00:00
6b87586965
- provos@cvs.openbsd.org 2000/12/15 10:30:15
...
[kex.c kex.h sshconnect2.c sshd.c]
compute diffie-hellman in parallel between server and client. okay markus@
2000-12-15 23:31:01 +00:00
fcec7f82bb
- markus@cvs.openbsd.org 2000/12/12 14:45:21
...
[sshd.c]
source port < 1024 is no longer required for rhosts-rsa since it
adds no additional security.
- markus@cvs.openbsd.org 2000/12/12 16:11:49
[ssh.1 ssh.c]
rhosts-rsa is no longer automagically disabled if ssh is not privileged.
UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
these changes should not change the visible default behaviour of the ssh client.
2000-12-15 19:55:48 +00:00
Darren Tucker
Damien Miller
Ben Lindstrom
Tim Rice
Kevin Steves