Commit Graph

288 Commits

Author SHA1 Message Date
Darren Tucker cb0e1753c7 - stevesk@cvs.openbsd.org 2007/01/21 01:45:35
[readconf.c]
     spaces
2007-02-19 22:12:53 +11:00
Darren Tucker a52c5b6486 - dtucker@cvs.openbsd.org 2007/01/17 23:22:52
[readconf.c]
     Honour activep for times (eg ServerAliveInterval) while parsing
     ssh_config and ~/.ssh/config so they work properly with Host directives.
     From mario.lorenz@wincor-nixdorf.com via bz #1275.  ok markus@
2007-02-19 22:09:45 +11:00
Damien Miller ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
Damien Miller b8fe89c4d9 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
   [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
   [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
   [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
   [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
   [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
   [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
   [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
   [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
   make the portable tree compile again - sprinkle unistd.h and string.h
   back in. Don't redefine __unused, as it turned out to be used in
   headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-07-24 14:51:00 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller e6b3b610ec - stevesk@cvs.openbsd.org 2006/07/17 01:31:10
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h
2006-07-24 14:01:23 +10:00
Damien Miller be43ebf975 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
     move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
Darren Tucker 3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
2006-07-12 22:22:46 +10:00
Darren Tucker e7d4b19f75 - markus@cvs.openbsd.org 2006/07/11 18:50:48
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
     channels.h readconf.c]
     add ExitOnForwardFailure: terminate the connection if ssh(1)
     cannot set up all requested dynamic, local, and remote port
     forwardings. ok djm, dtucker, stevesk, jmc
2006-07-12 22:17:10 +10:00
Damien Miller 8ec8c3e98a - stevesk@cvs.openbsd.org 2006/07/05 02:42:09
[canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
     [serverloop.c sshconnect.c uuencode.c]
     move #include <netinet/in.h> out of includes.h; ok deraadt@
     (also ssh-rand-helper.c logintest.c loginrec.c)
2006-07-10 20:35:38 +10:00
Damien Miller 57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller 928b23684a - djm@cvs.openbsd.org 2006/03/19 02:24:05
[dh.c readconf.c servconf.c]
     potential NULL pointer dereferences detected by Coverity
     via elad AT netbsd.org; ok deraadt@
2006-03-26 13:53:32 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller c7b06369a8 - stevesk@cvs.openbsd.org 2006/02/22 00:04:45
[canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
     [sshconnect.c]
     move #include <ctype.h> out of includes.h; ok djm@
2006-03-15 11:53:45 +11:00
Damien Miller f17883e6a0 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
Damien Miller b59d4fe8b5 - djm@cvs.openbsd.org 2006/02/12 10:44:18
[readconf.c]
     raise error when the user specifies a RekeyLimit that is smaller than 16
     (the smallest of our cipher's blocksize) or big enough to cause integer
     wraparound; ok & feedback dtucker@
2006-03-15 11:30:38 +11:00
Damien Miller 7b58e80036 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
     [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
     two changes to the new ssh tunnel support. this breaks compatibility
     with the initial commit but is required for a portable approach.
     - make the tunnel id u_int and platform friendly, use predefined types.
     - support configuration of layer 2 (ethernet) or layer 3
     (point-to-point, default) modes. configuration is done using the
     Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
     restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
     in sshd_config(5).
     ok djm@, man page bits by jmc@
2005-12-13 19:33:19 +11:00
Damien Miller d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Damien Miller 43f6db64ff - djm@cvs.openbsd.org 2005/07/30 02:03:47
[readconf.c]
     listen_hosts initialisation here too; spotted greg AT y2005.nest.cx
2005-08-12 22:11:18 +10:00
Damien Miller 0dc1bef12d - djm@cvs.openbsd.org 2005/07/17 07:17:55
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
     [sshconnect.c sshconnect2.c]
     knf says that a 2nd level indent is four (not three or five) spaces
2005-07-17 17:22:45 +10:00
Damien Miller d14b1e731c - djm@cvs.openbsd.org 2005/06/08 11:25:09
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
     add ControlMaster=auto/autoask options to support opportunistic
     multiplexing; tested avsm@ and jakob@, ok markus@
2005-06-16 13:19:41 +10:00
Damien Miller 17b23d8657 - markus@cvs.openbsd.org 2005/05/16 15:30:51
[readconf.c servconf.c]
     check return value from strdelim() for NULL (AddressFamily); mpech
2005-05-26 12:11:56 +10:00
Darren Tucker 47eede77ed - deraadt@cvs.openbsd.org 2005/03/10 22:01:05
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
     monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
     readconf.c bufaux.c sftp.c]
     spacing
2005-03-14 23:08:12 +11:00
Darren Tucker 1d55ca748d - dtucker@cvs.openbsd.org 2005/03/10 10:15:02
[readconf.c]
     Check listen addresses for null, prevents xfree from dying during
     ClearAllForwardings (bz #996).  From  Craig Leres, ok markus@
2005-03-14 22:58:40 +11:00
Damien Miller f8e7accd01 - djm@cvs.openbsd.org 2005/03/04 08:48:06
[readconf.c]
     fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@
2005-03-05 11:22:50 +11:00
Damien Miller e1776155d1 - djm@cvs.openbsd.org 2005/03/01 10:40:27
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
     [sshconnect.c sshd.8]
     add support for hashing host names and addresses added to known_hosts
     files, to improve privacy of which hosts user have been visiting; ok
     markus@ deraadt@
2005-03-01 21:47:37 +11:00
Damien Miller f91ee4c3de - djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
     [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
     [sshd_config.5]
     bz#413: allow optional specification of bind address for port forwardings.
     Patch originally by Dan Astorian, but worked on by several people
     Adds GatewayPorts=clientspecified option on server to allow remote
     forwards to bind to client-specified ports.
2005-03-01 21:24:33 +11:00
Darren Tucker fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
2004-07-17 16:12:08 +10:00
Damien Miller 23f0770a1b - djm@cvs.openbsd.org 2004/06/17 15:10:14
[clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
     Add option for confirmation (ControlMaster=ask) via ssh-askpass before
     opening shared connections; ok markus@
2004-06-18 01:19:03 +10:00
Damien Miller 0e220dbfbc - djm@cvs.openbsd.org 2004/06/13 15:03:02
[channels.c channels.h clientloop.c clientloop.h includes.h readconf.c]
     [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5]
     implement session multiplexing in the client (the server has supported
     this since 2.0); ok markus@
2004-06-15 10:34:08 +10:00
Damien Miller 3379385060 - dtucker@cvs.openbsd.org 2004/05/27 00:50:13
[readconf.c]
     Kill dead code after fatal(); ok djm@
2004-06-15 10:27:55 +10:00
Darren Tucker 46bc075474 - djm@cvs.openbsd.org 2004/04/27 09:46:37
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
     ssh_config.5 sshd_config.5]
     bz #815: implement ability to pass specified environment variables from
     the client to the server; ok markus@
2004-05-02 22:11:30 +10:00
Damien Miller 57a4476a69 - djm@cvs.openbsd.org 2004/04/18 23:10:26
[readconf.c readconf.h ssh-keysign.c ssh.c]
     perform strict ownership and modes checks for ~/.ssh/config files,
     as these can be used to execute arbitrary programs; ok markus@
     NB. ssh will now exit when it detects a config with poor permissions
2004-04-20 20:11:57 +10:00
Damien Miller bd394c329b - markus@cvs.openbsd.org 2004/03/05 10:53:58
[readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c]
     add IdentitiesOnly; ok djm@, pb@
2004-03-08 23:12:36 +11:00
Damien Miller 509b0107f0 - markus@cvs.openbsd.org 2003/12/16 15:49:51
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
     [ssh.c ssh_config.5]
     application layer keep alive (ServerAliveInterval ServerAliveCountMax)
     for ssh(1), similar to the sshd(8) option; ok beck@; with help from
     jmc and dtucker@
2003-12-17 16:33:10 +11:00
Damien Miller 12c150e7e0 - markus@cvs.openbsd.org 2003/12/09 21:53:37
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
     rename keepalive to tcpkeepalive; the old name causes too much
     confusion; ok djm, dtucker; with help from jmc@
2003-12-17 16:31:10 +11:00
Damien Miller 150b55745b - jakob@cvs.openbsd.org 2003/11/12 16:39:58
[dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
     update SSHFP validation. ok markus@
2003-11-17 21:19:29 +11:00
Darren Tucker dda19d63ff - jakob@cvs.openbsd.org 2003/10/14 19:42:10
[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
     include SSHFP lookup code (not enabled by default). ok markus@
2003-10-15 16:00:47 +10:00
Darren Tucker 0a118da00e - markus@cvs.openbsd.org 2003/10/11 08:24:08
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
     remote x11 clients are now untrusted by default, uses xauth(8) to generate
     untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
     ok deraadt; feedback and ok djm/fries
2003-10-15 15:54:32 +10:00
Darren Tucker a044f47679 - markus@cvs.openbsd.org 2003/10/08 15:21:24
[readconf.c ssh_config.5]
     default GSS API to no in client, too; ok jakob, deraadt@
2003-10-15 15:52:03 +10:00
Damien Miller fb10e9abe8 - markus@cvs.openbsd.org 2003/09/01 18:15:50
[readconf.c readconf.h servconf.c servconf.h ssh.c]
     remove unused kerberos code; ok henning@
2003-09-02 22:58:22 +10:00
Damien Miller 84d03efdf7 - markus@cvs.openbsd.org 2003/09/01 12:50:46
[readconf.c]
     rm gssapidelegatecreds alias; never supported before
2003-09-02 22:57:27 +10:00
Damien Miller 1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker 0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Darren Tucker 1c52ee3e6f - markus@cvs.openbsd.org 2003/08/13 09:07:10
[readconf.c ssh.c]
     socks4->socks, since with support both 4 and 5; dtucker@zip.com.au
2003-08-13 20:38:36 +10:00
Darren Tucker ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker 6aaa58c470 - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/07/22 13:35:22
     [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
     monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
     ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
     remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
     test+ok henning@
 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.

I hope I got this right....
2003-08-02 22:24:49 +10:00
Darren Tucker 0a4f04b5b2 - djm@cvs.openbsd.org 2003/07/03 08:09:06
[readconf.c readconf.h ssh-keysign.c ssh.c]
     fix AddressFamily option in config file, from brent@graveland.net;
     ok markus@
2003-07-03 20:37:47 +10:00
Darren Tucker a99c1b77ab - markus@cvs.openbsd.org 2003/06/26 20:08:33
[readconf.c]
     do not dump core for 'ssh -o proxycommand host'; ok deraadt@
2003-06-28 12:40:12 +10:00
Damien Miller 20a8f97b03 - djm@cvs.openbsd.org 2003/05/16 03:27:12
[readconf.c ssh_config ssh_config.5 ssh-keysign.c]
     add AddressFamily option to ssh_config (like -4, -6 on commandline).
     Portable bug #534; ok markus@
2003-05-18 20:50:30 +10:00
Damien Miller b78d5eb6c5 - djm@cvs.openbsd.org 2003/05/15 14:55:25
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
     add a ConnectTimeout option to ssh, based on patch from
     Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
2003-05-16 11:39:04 +10:00
Damien Miller f9b3feb847 - jakob@cvs.openbsd.org 2003/05/15 14:02:47
[readconf.c servconf.c]
     warn for unsupported config option. ok markus@
2003-05-16 11:38:32 +10:00
Damien Miller d248b5bd1b - jakob@cvs.openbsd.org 2003/05/15 04:08:44
[readconf.c servconf.c]
     disable kerberos when not supported. ok markus@
2003-05-15 14:15:23 +10:00
Damien Miller 2aa0ab463f - jakob@cvs.openbsd.org 2003/05/15 01:48:10
[readconf.c readconf.h servconf.c servconf.h]
     always parse kerberos options. ok djm@ markus@
 - (djm) Always parse UsePAM
2003-05-15 12:05:28 +10:00
Damien Miller 37876e913a - jakob@cvs.openbsd.org 2003/05/14 18:16:20
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
     [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
     add experimental support for verifying hos keys using DNS as described
     in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
     ok markus@ and henning@
2003-05-15 10:19:46 +10:00
Damien Miller c652cac5f7 - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/04/09 12:00:37
     [readconf.c]
     strip trailing whitespace from config lines before parsing.
     Fixes bz 528; ok markus@
2003-05-14 13:40:54 +10:00
Damien Miller a5539d2698 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/04/02 09:48:07
     [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
     [readconf.h serverloop.c sshconnect2.c]
     reapply rekeying chage, tested by henning@, ok djm@
2003-04-09 20:50:06 +10:00
Damien Miller 2dc074ef4b - markus@cvs.openbsd.org 2003/04/01 10:10:23
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
     [readconf.h serverloop.c sshconnect2.c]
     rekeying bugfixes and automatic rekeying:
     * both client and server rekey _automatically_
           (a) after 2^31 packets, because after 2^32 packets
               the sequence number for packets wraps
           (b) after 2^(blocksize_in_bits/4) blocks
       (see: draft-ietf-secsh-newmodes-00.txt)
       (a) and (b) are _enabled_ by default, and only disabled for known
       openssh versions, that don't support rekeying properly.
     * client option 'RekeyLimit'
     * do not reply to requests during rekeying
   - markus@cvs.openbsd.org 2003/04/01 10:22:21
     [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
     [readconf.h serverloop.c sshconnect2.c]
     backout rekeying changes (for 3.6.1)
2003-04-01 21:43:39 +10:00
Damien Miller 61f08ac35a - markus@cvs.openbsd.org 2003/02/05 09:02:28
[readconf.c]
     simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@
2003-02-24 11:56:27 +11:00
Ben Lindstrom b6df73b06a - markus@cvs.openbsd.org 2002/11/07 22:08:07
[readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
     we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
     because HostbasedAuthentication might be enabled based on the
     target host and ssh-keysign(8) does not know the remote hostname
     and not trust ssh(1) about the hostname, so we add a new option
     EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
2002-11-09 15:52:31 +00:00
Ben Lindstrom 99a4e14fe0 - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms
lacking that concept can share it. Patch by vinschen@redhat.com
2002-07-09 14:06:40 +00:00
Ben Lindstrom cb72e4f6d2 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
      authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
      ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
      ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
      xmalloc.h]
     KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
Ben Lindstrom 2bf8276393 - stevesk@cvs.openbsd.org 2002/06/10 17:45:20
[readconf.c ssh.1]
     change RhostsRSAAuthentication and RhostsAuthentication default to no
     since ssh is no longer setuid root by default; ok markus@
2002-06-11 15:53:05 +00:00
Ben Lindstrom 2e17b08e48 - markus@cvs.openbsd.org 2002/06/08 12:46:14
[readconf.c]
     silently ignore deprecated options, since FallBackToRsh might be passed
     by remote scp commands.
2002-06-09 20:13:27 +00:00
Ben Lindstrom 1c2bafebb3 - markus@cvs.openbsd.org 2002/06/08 05:40:01
[readconf.c]
     just warn about Deprecated options for now
2002-06-09 20:04:50 +00:00
Ben Lindstrom 4daea86fd4 - markus@cvs.openbsd.org 2002/06/08 05:17:01
[readconf.c readconf.h ssh.1 ssh.c]
     deprecate FallBackToRsh and UseRsh; patch from djm@
2002-06-09 20:04:02 +00:00
Damien Miller fcd9320440 - markus@cvs.openbsd.org 2002/02/04 12:15:25
[log.c log.h readconf.c servconf.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
2002-02-05 12:26:34 +11:00
Damien Miller f51b0e1a30 - stevesk@cvs.openbsd.org 2002/01/04 17:59:17
[readconf.c servconf.c]
     remove #ifdef _PATH_XAUTH/#endif; ok markus@
2002-01-22 23:18:49 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom 65366a8c76 - stevesk@cvs.openbsd.org 2001/11/17 19:14:34
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
     enum/int type cleanup where it made sense to do so; ok markus@
2001-12-06 16:32:47 +00:00
Ben Lindstrom 3cecc9a41f - markus@cvs.openbsd.org 2001/10/01 21:51:16
[readconf.c readconf.h ssh.1 sshconnect.c]
     add NoHostAuthenticationForLocalhost; note that the hostkey is
     now check for localhost, too.
2001-10-03 17:39:38 +00:00
Ben Lindstrom 2b7a0e953e - stevesk@cvs.openbsd.org 2001/09/19 19:24:19
[readconf.c readconf.h scp.c sftp.c ssh.1]
     add ClearAllForwardings ssh option and set it in scp and sftp; ok
     markus@
2001-09-20 00:57:55 +00:00
Ben Lindstrom edc0cf26d1 - stevesk@cvs.openbsd.org 2001/09/03 20:58:33
[readconf.c readconf.h ssh.c]
     fatal() for nonexistent -Fssh_config. ok markus@
2001-09-12 18:32:20 +00:00
Ben Lindstrom 62c25a43db - stevesk@cvs.openbsd.org 2001/08/30 16:04:35
[readconf.c ssh.1]
     validate ports for LocalForward/RemoteForward.
     add host/port alternative syntax for IPv6 (like -L/-R).
     ok markus@
2001-09-12 18:01:59 +00:00
Ben Lindstrom 525a09389e - markus@cvs.openbsd.org 2001/08/28 09:51:26
[readconf.c]
     don't set DynamicForward unless Host matches
2001-09-12 17:35:27 +00:00
Ben Lindstrom d0ff40847d - (bal) Fixed stray code in readconf.c that went in by mistake. 2001-08-15 22:58:59 +00:00
Ben Lindstrom f7db3bb64c - markus@cvs.openbsd.org 2001/08/01 22:03:33
[authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c
      ssh-agent.c ssh.c]
     use strings instead of ints for smartcard reader ids
2001-08-06 21:35:51 +00:00
Ben Lindstrom ae996bf7d1 - jakob@cvs.openbsd.org 2001/07/31 09:28:44
[readconf.c readconf.h ssh.1 ssh.c]
     add 'SmartcardDevice' client option to specify which smartcard device
     is used to access a smartcard used for storing the user's private RSA
     key. ok markus@.
2001-08-06 21:27:53 +00:00
Ben Lindstrom f9cedb9ca0 - markus@cvs.openbsd.org 2001/07/25 14:35:18
[readconf.c ssh.1 ssh.c sshconnect.c]
     cleanup connect(); connection_attempts 4 -> 1; from
eivind@freebsd.org
2001-08-06 21:07:11 +00:00
Ben Lindstrom 0076d75c25 - markus@cvs.openbsd.org 2001/07/22 22:04:19
[readconf.c ssh.1]
     enable challenge-response auth by default; ok millert@
2001-08-06 20:53:26 +00:00
Ben Lindstrom c88785efc8 - markus@cvs.openbsd.org 2001/07/22 21:32:27
[sshpty.c]
     update comment
2001-08-06 20:47:23 +00:00
Ben Lindstrom ec95ed9b4c - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
      servconf.c servconf.h session.c sshconnect1.c sshd.c]
     Kerberos v5 support for SSH1, mostly from Assar Westerlund
     <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-07-04 04:21:14 +00:00
Ben Lindstrom d6481ea49a - markus@cvs.openbsd.org 2001/06/23 02:34:33
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
      sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
     get rid of known_hosts2, use it for hostkey lookup, but do not
     modify.
2001-06-25 04:37:41 +00:00
Ben Lindstrom 1bf11f6af7 - markus@cvs.openbsd.org 2001/06/08 15:25:40
[includes.h pathnames.h readconf.c servconf.c]
     move the path for xauth to pathnames.h
2001-06-09 01:48:01 +00:00
Ben Lindstrom 2b1f71baee - stevesk@cvs.openbsd.org 2001/05/24 18:57:53
[clientloop.c readconf.c ssh.c ssh.h]
     don't perform escape processing when ``EscapeChar none''; ok markus@
2001-06-05 20:32:21 +00:00
Ben Lindstrom 551ea37576 - markus@cvs.openbsd.org 2001/05/18 14:13:29
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
      readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
     improved kbd-interactive support. work by per@appgate.com and me
2001-06-05 18:56:16 +00:00
Ben Lindstrom e0f8804194 - markus@cvs.openbsd.org 2001/04/30 11:18:52
[readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
     implement 'ssh -b bind_address' like 'telnet -b'
2001-04-30 13:06:24 +00:00
Ben Lindstrom 982dbbcfda - markus@cvs.openbsd.org 2001/04/17 10:53:26
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
     add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
2001-04-17 18:11:36 +00:00
Ben Lindstrom b5cdc66438 - stevesk@cvs.openbsd.org 2001/04/15 21:28:35
[readconf.c servconf.c]
     use fatal() or error() vs. fprintf(); ok markus@
2001-04-16 02:13:26 +00:00
Ben Lindstrom 19066a112b - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
     robust port validation; ok markus@ jakob@
2001-04-12 23:39:26 +00:00
Ben Lindstrom d69dab3cde - markus@cvs.openbsd.org 2001/04/12 19:39:27
[readconf.c]
     typo
2001-04-12 23:36:05 +00:00
Ben Lindstrom 5eabda303a - markus@cvs.openbsd.org 2001/04/12 19:15:26
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
      compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
      servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
      sshconnect2.c sshd_config]
     implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
     similar to RhostRSAAuthentication unless you enable (the experimental)
     HostbasedUsesNameFromPacketOnly option.  please test. :)
2001-04-12 23:34:34 +00:00
Ben Lindstrom 3bb4f9da73 - markus@cvs.openbsd.org 2001/04/07 08:55:18
[buffer.c channels.c channels.h readconf.c ssh.c]
     allow the ssh client act as a SOCKS4 proxy (dynamic local
     portforwarding).  work by Dan Kaminsky <dankamin@cisco.com> and me.
     thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
     netscape use localhost:1080 as a socks proxy.
2001-04-08 18:30:26 +00:00
Ben Lindstrom 3704c2612a - stevesk@cvs.openbsd.org 2001/04/02 14:20:23
[readconf.c servconf.c]
     correct comment; ok markus@
2001-04-02 18:20:03 +00:00
Ben Lindstrom 6b77643fd5 - OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/20 19:10:16
     [readconf.c]
     default to SSH protocol version 2
2001-03-22 01:24:04 +00:00
Damien Miller e7cf07c927 - markus@cvs.openbsd.org 2001/03/19 17:07:23
[auth.c readconf.c]
     undo /etc/shell and proto 2,1 change for openssh-2.5.2
2001-03-20 09:15:57 +11:00
Ben Lindstrom b9be60a722 - markus@cvs.openbsd.org 2001/03/10 17:51:04
[kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
     add PreferredAuthentications
2001-03-11 01:49:19 +00:00
Ben Lindstrom 068f3dce28 - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
[readconf.c ssh_config]
     default to SSH2, now that m68k runs fast
2001-03-10 17:15:39 +00:00
Ben Lindstrom cebc858ca2 - OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/08 00:15:48
     [readconf.c ssh.1]
     turn off useprivilegedports by default. only rhost-auth needs
     this. older sshd's may need this, too.
2001-03-08 03:39:10 +00:00
Ben Lindstrom 6df8ef4196 - millert@cvs.openbsd.org 2001/03/04 17:42:28
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
      ssh.c sshconnect.c sshd.c]
     log functions should not be passed strings that end in newline as they
     get passed on to syslog() and when logging to stderr, do_log() appends
     its own newline.
2001-03-05 07:47:23 +00:00
Ben Lindstrom b00d4fb142 - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
[readconf.c]
     look for id_rsa by default, before id_dsa
2001-03-05 06:03:03 +00:00
Ben Lindstrom 06b33aa0e8 - markus@cvs.openbsd.org 2001/02/11 12:59:25
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
     1) clean up the MAC support for SSH-2
     2) allow you to specify the MAC with 'ssh -m'
     3) or the 'MACs' keyword in ssh(d)_config
     4) add hmac-{md5,sha1}-96
             ok stevesk@, provos@
2001-02-15 03:01:59 +00:00
Ben Lindstrom 4f7a64a64f - deraadt@cvs.openbsd.org 2001/02/08 14:39:36
[readconf.c]
     snprintf
2001-02-10 22:50:09 +00:00
Ben Lindstrom 5ed8acd3e3 - stevesk@cvs.openbsd.or 2001/01/28 20:36:16
[readconf.c]
     ``StrictHostKeyChecking ask'' documentation and small cleanup.
     ok markus@
2001-01-29 08:00:54 +00:00
Ben Lindstrom 95fb2dde77 - markus@cvs.openbsd.org 2001/01/22 23:06:39
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
      sshconnect1.c sshconnect2.c sshd.c]
     rename skey -> challenge response.
     auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
2001-01-23 03:12:10 +00:00
Ben Lindstrom 226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Ben Lindstrom db65e8fded Please grep through the source and look for 'ISSUE' comments and verify
that I was able to get all the portable bits in the right location.  As for
the SKEY comment there is an email out to Markus as to how it should be
resolved.  Until then I just #ifdef SKEY/#endif out the whole block.

 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/18 16:20:21
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
      sshd.8 sshd.c]
     log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
     systems
   - markus@cvs.openbsd.org 2001/01/18 16:59:59
     [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
      session.h sshconnect1.c]
     1) removes fake skey from sshd, since this will be much
        harder with /usr/libexec/auth/login_XXX
     2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
     3) make addition of BSD_AUTH and other challenge reponse methods
        easier.
   - markus@cvs.openbsd.org 2001/01/18 17:12:43
     [auth-chall.c auth2-chall.c]
     rename *-skey.c *-chall.c since the files are not skey specific
2001-01-19 04:26:52 +00:00
Ben Lindstrom a383baac46 20010108
- (bal) Fixed another typo in cli.c
 - (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/07 21:26:55
     [cli.c]
     typo
   - markus@cvs.openbsd.org 2001/01/07 21:26:55
     [cli.c]
     missing free, stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/07 19:06:25
     [auth1.c]
     missing free, stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/07 11:28:04
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
      ssh.h sshd.8 sshd.c]
     rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
     syslog priority changes:
             fatal() LOG_ERR  -> LOG_CRIT
             log()   LOG_INFO -> LOG_NOTICE
2001-01-08 06:13:41 +00:00
Ben Lindstrom 4dccfa5fb7 - (bal) OpenBSD CVS Update
- markus@cvs.openbsd.org 2000/12/28 14:25:51
     [auth.h auth2.c]
     count authentication failures only
   - markus@cvs.openbsd.org 2000/12/28 14:25:03
     [sshconnect.c]
     fingerprint for MITM attacks, too.
   - markus@cvs.openbsd.org 2000/12/28 12:03:57
     [sshd.8 sshd.c]
     document -D
   - markus@cvs.openbsd.org 2000/12/27 14:19:21
     [serverloop.c]
     less chatty
   - markus@cvs.openbsd.org 2000/12/27 12:34
     [auth1.c sshconnect2.c sshd.c]
     typo
   - markus@cvs.openbsd.org 2000/12/27 12:30:19
     [readconf.c readconf.h ssh.1 sshconnect.c]
     new option: HostKeyAlias: allow the user to record the host key
     under a different name. This is useful for ssh tunneling over
     forwarded connections or if you run multiple sshd's on different
     ports on the same machine.
   - markus@cvs.openbsd.org 2000/12/27 11:51:53
     [ssh.1 ssh.c]
     multiple -t force pty allocation, document ORIGINAL_COMMAND
   - markus@cvs.openbsd.org 2000/12/27 11:41:31
     [sshd.8]
     update for ssh-2
2000-12-28 16:40:05 +00:00
Ben Lindstrom 46c162204b One way to massive patch. <sigh> It compiles and works under Linux..
And I think I have all the bits right from the OpenBSD tree.
20001222
 - Updated RCSID for pty.c
 - (bal) OpenBSD CVS Updates:
  - markus@cvs.openbsd.org 2000/12/21 15:10:16
    [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
    print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
  - markus@cvs.openbsd.org 2000/12/20 19:26:56
    [authfile.c]
    allow ssh -i userkey for root
  - markus@cvs.openbsd.org 2000/12/20 19:37:21
    [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
    fix prototypes; from stevesk@pobox.com
  - markus@cvs.openbsd.org 2000/12/20 19:32:08
    [sshd.c]
    init pointer to NULL; report from Jan.Ivan@cern.ch
  - markus@cvs.openbsd.org 2000/12/19 23:17:54
    [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
     auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
     bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
     crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
     key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
     packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
     serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
     ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h  uuencode.c
     uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
    replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
    unsigned' with u_char.
2000-12-22 01:43:59 +00:00
Damien Miller 0bc1bd814e - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/11/06 16:04:56
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c ssh.c]
     agent forwarding and -R for ssh2, based on work from
     jhuuskon@messi.uku.fi
   - markus@cvs.openbsd.org  2000/11/06 16:13:27
     [ssh.c sshconnect.c sshd.c]
     do not disabled rhosts(rsa) if server port > 1024; from
     pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/11/06 16:16:35
     [sshconnect.c]
     downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
   - markus@cvs.openbsd.org  2000/11/09 18:04:40
     [auth1.c]
     typo; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/11/12 12:03:28
     [ssh-agent.c]
     off-by-one when removing a key from the agent
   - markus@cvs.openbsd.org  2000/11/12 12:50:39
     [auth-rh-rsa.c auth2.c authfd.c authfd.h]
     [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
     [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
     [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
     [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
     add support for RSA to SSH2.  please test.
     there are now 3 types of keys: RSA1 is used by ssh-1 only,
     RSA and DSA are used by SSH2.
     you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
     keys for SSH2 and use the RSA keys for hostkeys or for user keys.
     SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
 - (djm) Change to interim version
2000-11-13 22:57:25 +11:00
Damien Miller 874d77bb13 - (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org  2000/09/30 10:27:44
     [log.c]
     allow loglevel debug
   - markus@cvs.openbsd.org  2000/10/03 11:59:57
     [packet.c]
     hmac->mac
   - markus@cvs.openbsd.org  2000/10/03 12:03:03
     [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
     move fake-auth from auth1.c to individual auth methods, disables s/key in
     debug-msg
   - markus@cvs.openbsd.org  2000/10/03 12:16:48
     ssh.c
     do not resolve canonname, i have no idea why this was added oin ossh
   - markus@cvs.openbsd.org  2000/10/09 15:30:44
     ssh-keygen.1 ssh-keygen.c
     -X now reads private ssh.com DSA keys, too.
   - markus@cvs.openbsd.org  2000/10/09 15:32:34
     auth-options.c
     clear options on every call.
   - markus@cvs.openbsd.org  2000/10/09 15:51:00
     authfd.c authfd.h
     interop with ssh-agent2, from <res@shore.net>
   - markus@cvs.openbsd.org  2000/10/10 14:20:45
     compat.c
     use rexexp for version string matching
   - provos@cvs.openbsd.org  2000/10/10 22:02:18
     [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
     First rough implementation of the diffie-hellman group exchange.  The
     client can ask the server for bigger groups to perform the diffie-hellman
     in, thus increasing the attack complexity when using ciphers with longer
     keys.  University of Windsor provided network, T the company.
   - markus@cvs.openbsd.org  2000/10/11 13:59:52
     [auth-rsa.c auth2.c]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:00:27
     [auth-options.h]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:03:27
     [scp.1 scp.c]
     support 'scp -o' with help from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/10/11 14:11:35
     [dh.c]
     Wall
   - markus@cvs.openbsd.org  2000/10/11 14:14:40
     [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
     [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
     add support for s/key (kbd-interactive) to ssh2, based on work by
     mkiernan@avantgo.com and me
   - markus@cvs.openbsd.org  2000/10/11 14:27:24
     [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
     [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
     [sshconnect2.c sshd.c]
     new cipher framework
   - markus@cvs.openbsd.org  2000/10/11 14:45:21
     [cipher.c]
     remove DES
   - markus@cvs.openbsd.org  2000/10/12 03:59:20
     [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
     enable DES in SSH-1 clients only
   - markus@cvs.openbsd.org  2000/10/12 08:21:13
     [kex.h packet.c]
     remove unused
   - markus@cvs.openbsd.org  2000/10/13 12:34:46
     [sshd.c]
     Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
   - markus@cvs.openbsd.org  2000/10/13 12:59:15
     [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
     rijndael/aes support
   - markus@cvs.openbsd.org  2000/10/13 13:10:54
     [sshd.8]
     more info about -V
   - markus@cvs.openbsd.org  2000/10/13 13:12:02
     [myproposal.h]
     prefer no compression
2000-10-14 16:23:11 +11:00
Damien Miller e4340be5b3 - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/09/05 02:59:57
     [session.c]
     print hostname (not hushlogin)
   - markus@cvs.openbsd.org  2000/09/05 13:18:48
     [authfile.c ssh-add.c]
     enable ssh-add -d for DSA keys
   - markus@cvs.openbsd.org  2000/09/05 13:20:49
     [sftp-server.c]
     cleanup
   - markus@cvs.openbsd.org  2000/09/06 03:46:41
     [authfile.h]
     prototype
   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
     [ALL]
     cleanup copyright notices on all files.  I have attempted to be
     accurate with the details.  everything is now under Tatu's licence
     (which I copied from his readme), and/or the core-sdi bsd-ish thing
     for deattack, or various openbsd developers under a 2-term bsd
     licence.  We're not changing any rules, just being accurate.
   - markus@cvs.openbsd.org  2000/09/07 14:40:30
     [channels.c channels.h clientloop.c serverloop.c ssh.c]
     cleanup window and packet sizes for ssh2 flow control; ok niels
   - markus@cvs.openbsd.org  2000/09/07 14:53:00
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/09/07 15:13:37
     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
     [pty.c readconf.c]
     some more Copyright fixes
   - markus@cvs.openbsd.org  2000/09/08 03:02:51
     [README.openssh2]
     bye bye
   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
     [LICENCE cipher.c]
     a few more comments about it being ARC4 not RC4
   - markus@cvs.openbsd.org  2000/09/12 14:53:11
     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
     multiple debug levels
   - markus@cvs.openbsd.org  2000/09/14 14:25:15
     [clientloop.c]
     typo
   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
     [ssh-agent.c]
     check return value for setenv(3) for failure, and deal appropriately
2000-09-16 13:29:08 +11:00
Damien Miller bac2d8aa5e - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com> 2000-09-05 16:13:06 +11:00
Damien Miller 942da039d2 - (djm) OpenBSD CVS changes:
- markus@cvs.openbsd.org  2000/07/22 03:14:37
     [servconf.c servconf.h sshd.8 sshd.c sshd_config]
     random early drop; ok theo, niels
   - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
     [ssh.1]
     typo
   - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
     [sshd.8]
     many fixes from pepper@mail.reppep.com
   - provos@cvs.openbsd.org  2000/08/01 13:01:42
     [Makefile.in util.c aux.c]
     rename aux.c to util.c to help with cygwin port
   - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
     [authfd.c]
     correct sun_len; Alexander@Leidinger.net
   - provos@cvs.openbsd.org  2000/08/02 10:27:17
     [readconf.c sshd.8]
     disable kerberos authentication by default
   - provos@cvs.openbsd.org  2000/08/02 11:27:05
     [sshd.8 readconf.c auth-krb4.c]
     disallow kerberos authentication if we can't verify the TGT; from
     dugsong@
     kerberos authentication is on by default only if you have a srvtab.
   - markus@cvs.openbsd.org  2000/08/04 14:30:07
     [auth.c]
     unused
   - markus@cvs.openbsd.org  2000/08/04 14:30:35
     [sshd_config]
     MaxStartups
   - markus@cvs.openbsd.org  2000/08/15 13:20:46
     [authfd.c]
     cleanup; ok niels@
   - markus@cvs.openbsd.org  2000/08/17 14:05:10
     [session.c]
     cleanup login(1)-like jobs, no duplicate utmp entries
   - markus@cvs.openbsd.org  2000/08/17 14:06:34
     [session.c sshd.8 sshd.c]
      sshd -u len, similar to telnetd
2000-08-18 13:59:06 +10:00
Damien Miller be484b5d98 - (djm) OpenBSD CVS updates
- provos@cvs.openbsd.org  2000/07/13 16:53:22
     [aux.c readconf.c servconf.c ssh.h]
     allow multiple whitespace but only one '=' between tokens, bug report from
     Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
   - provos@cvs.openbsd.org  2000/07/13 17:14:09
     [clientloop.c]
     typo; todd@fries.net
   - provos@cvs.openbsd.org  2000/07/13 17:19:31
     [scp.c]
     close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
   - markus@cvs.openbsd.org  2000/07/14 16:59:46
     [readconf.c servconf.c]
     allow leading whitespace. ok niels
   - djm@cvs.openbsd.org     2000/07/14 22:01:38
     [ssh-keygen.c ssh.c]
     Always create ~/.ssh with mode 700; ok Markus
2000-07-15 14:14:16 +10:00
Damien Miller 182ee6e6d9 - (djm) OpenBSD CVS Updates:
- deraadt@cvs.openbsd.org 2000/07/11 02:11:34
     [session.c sshd.c ]
     make MaxStartups code still work with -d; djm
   - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
     [readconf.c ssh_config]
     disable FallBackToRsh by default
2000-07-12 09:45:27 +10:00
Damien Miller 3702396526 - (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org  2000/06/26 03:22:29
     [authfd.c]
     cleanup, less cut&paste
   - markus@cvs.openbsd.org  2000/06/26 15:59:19
     [servconf.c servconf.h session.c sshd.8 sshd.c]
     MaxStartups: limit number of unauthenticated connections, work by
     theo and me
   - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
     [session.c]
     use no_x11_forwarding_flag correctly; provos ok
   - provos@cvs.openbsd.org  2000/07/05 15:35:57
     [sshd.c]
     typo
   - aaron@cvs.openbsd.org   2000/07/05 22:06:58
     [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
     Insert more missing .El directives. Our troff really should identify
     these and spit out a warning.
   - todd@cvs.openbsd.org    2000/07/06 21:55:04
     [auth-rsa.c auth2.c ssh-keygen.c]
     clean code is good code
   - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
     [serverloop.c]
     sense of port forwarding flag test was backwards
   - provos@cvs.openbsd.org  2000/07/08 17:17:31
     [compat.c readconf.c]
     replace strtok with strsep; from David Young <dyoung@onthejob.net>
   - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
     [auth.h]
     KNF
   - ho@cvs.openbsd.org      2000/07/08 19:27:33
     [compat.c readconf.c]
     Better conditions for strsep() ending.
   - ho@cvs.openbsd.org      2000/07/10 10:27:05
     [readconf.c]
     Get the correct message on errors. (niels@ ok)
   - ho@cvs.openbsd.org      2000/07/10 10:30:25
     [cipher.c kex.c servconf.c]
     strtok() --> strsep(). (niels@ ok)
2000-07-11 17:31:38 +10:00
Damien Miller 6536c7d3c9 - OpenBSD CVS Updates:
- markus@cvs.openbsd.org  2000/06/18 18:50:11
     [auth2.c compat.c compat.h sshconnect2.c]
     make userauth+pubkey interop with ssh.com-2.2.0
   - markus@cvs.openbsd.org  2000/06/18 20:56:17
     [dsa.c]
     mem leak + be more paranoid in dsa_verify.
   - markus@cvs.openbsd.org  2000/06/18 21:29:50
     [key.c]
     cleanup fingerprinting, less hardcoded sizes
   - markus@cvs.openbsd.org  2000/06/19 19:39:45
     [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
     [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
     [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
     [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
     [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
     [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
     [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
     OpenBSD tag
   - markus@cvs.openbsd.org  2000/06/21 10:46:10
     sshconnect2.c missing free; nuke old comment
2000-06-22 21:32:31 +10:00
Damien Miller f6d9e22189 - OpenBSD CVS updates:
- deraadt@cvs.openbsd.org 2000/06/17 09:58:46
     [channels.c]
     everyone says "nix it" (remove protocol 2 debugging message)
   - markus@cvs.openbsd.org  2000/06/17 13:24:34
     [sshconnect.c]
     allow extended server banners
   - markus@cvs.openbsd.org  2000/06/17 14:30:10
     [sshconnect.c]
     missing atomicio, typo
   - jakob@cvs.openbsd.org   2000/06/17 16:52:34
     [servconf.c servconf.h session.c sshd.8 sshd_config]
     add support for ssh v2 subsystems. ok markus@.
   - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
     [readconf.c servconf.c]
     include = in WHITESPACE; markus ok
   - markus@cvs.openbsd.org  2000/06/17 19:09:10
     [auth2.c]
     implement bug compatibility with ssh-2.0.13 pubkey, server side
   - markus@cvs.openbsd.org  2000/06/17 21:00:28
     [compat.c]
     initial support for ssh.com's 2.2.0
   - markus@cvs.openbsd.org  2000/06/17 21:16:09
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/06/17 22:05:02
     [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
     split auth-rsa option parsing into auth-options
     add options support to authorized_keys2
   - markus@cvs.openbsd.org  2000/06/17 22:42:54
     [session.c]
     typo
2000-06-18 14:50:44 +10:00
Damien Miller d3a185709d - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
<tibbs@math.uh.edu>
 - (djm) OpenBSD CVS updates:
  - todd@cvs.openbsd.org
    [sshconnect2.c]
    teach protocol v2 to count login failures properly and also enable an
    explanation of why the password prompt comes up again like v1; this is NOT
    crypto
  - markus@cvs.openbsd.org
    [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
    xauth_location support; pr 1234
    [readconf.c sshconnect2.c]
    typo, unused
    [session.c]
    allow use_login only for login sessions, otherwise remote commands are
    execed with uid==0
    [sshd.8]
    document UseLogin better
    [version.h]
    OpenSSH 2.1.1
    [auth-rsa.c]
    fix match_hostname() logic for auth-rsa: deny access if we have a
    negative match or no match at all
    [channels.c hostfile.c match.c]
    don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
    kris@FreeBSD.org
2000-06-07 19:55:44 +10:00
Damien Miller b1715dc0cf - OpenBSD CVS updates:
- markus@cvs.openbsd.org
    [session.c]
    make x11-fwd work w/ localhost (xauth add host/unix:11)
    [cipher.c compat.c readconf.c servconf.c]
    check strtok() != NULL; ok niels@
    [key.c]
    fix key_read() for uuencoded keys w/o '='
    [serverloop.c]
    group ssh1 vs. ssh2 in serverloop
    [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
    split kexinit/kexdh, factor out common code
    [readconf.c ssh.1 ssh.c]
    forwardagent defaults to no, add ssh -A
  - theo@cvs.openbsd.org
    [session.c]
    just some line shortening
2000-05-30 13:44:51 +10:00
Damien Miller 30c3d42930 - OpenBSD CVS update
- markus@cvs.openbsd.org
    [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
    [ssh.h sshconnect1.c sshconnect2.c sshd.8]
    - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
  - hugh@cvs.openbsd.org
    [ssh.1]
    - zap typo
    [ssh-keygen.1]
    - One last nit fix. (markus approved)
    [sshd.8]
    - some markus certified spelling adjustments
  - markus@cvs.openbsd.org
    [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
    [sshconnect2.c ]
    - bug compat w/ ssh-2.0.13 x11, split out bugs
    [nchan.c]
    - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
    [ssh-keygen.c]
    - handle escapes in real and original key format, ok millert@
    [version.h]
    - OpenSSH-2.1
2000-05-09 11:02:59 +10:00
Damien Miller e247cc402b - Remove references to SSLeay.
- Big OpenBSD CVS update
  - markus@cvs.openbsd.org
    [clientloop.c]
    - typo
    [session.c]
    - update proctitle on pty alloc/dealloc, e.g. w/ windows client
    [session.c]
    - update proctitle for proto 1, too
    [channels.h nchan.c serverloop.c session.c sshd.c]
    - use c-style comments
  - deraadt@cvs.openbsd.org
    [scp.c]
    - more atomicio
  - markus@cvs.openbsd.org
    [channels.c]
    - set O_NONBLOCK
    [ssh.1]
    - update AUTHOR
    [readconf.c ssh-keygen.c ssh.h]
    - default DSA key file ~/.ssh/id_dsa
    [clientloop.c]
    - typo, rm verbose debug
  - deraadt@cvs.openbsd.org
    [ssh-keygen.1]
    - document DSA use of ssh-keygen
    [sshd.8]
    - a start at describing what i understand of the DSA side
    [ssh-keygen.1]
    - document -X and -x
    [ssh-keygen.c]
    - simplify usage
  - markus@cvs.openbsd.org
    [sshd.8]
    - there is no rhosts_dsa
    [ssh-keygen.1]
    - document -y, update -X,-x
    [nchan.c]
    - fix close for non-open ssh1 channels
    [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
    - s/DsaKey/HostDSAKey/, document option
    [sshconnect2.c]
    - respect number_of_password_prompts
    [channels.c channels.h servconf.c servconf.h session.c sshd.8]
    - GatewayPorts for sshd, ok deraadt@
    [ssh-add.1 ssh-agent.1 ssh.1]
    - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
    [ssh.1]
    - more info on proto 2
    [sshd.8]
    - sync AUTHOR w/ ssh.1
    [key.c key.h sshconnect.c]
    - print key type when talking about host keys
    [packet.c]
    - clear padding in ssh2
    [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
    - replace broken uuencode w/ libc b64_ntop
    [auth2.c]
    - log failure before sending the reply
    [key.c radix.c uuencode.c]
    - remote trailing comments before calling __b64_pton
    [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
    [sshconnect2.c sshd.8]
    - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 12:03:14 +10:00
Damien Miller eba71bab9b - Merge big update to OpenSSH-2.0 from OpenBSD CVS
[README.openssh2]
   - interop w/ F-secure windows client
   - sync documentation
   - ssh_host_dsa_key not ssh_dsa_key
   [auth-rsa.c]
   - missing fclose
   [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
   [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
   [sshd.c uuencode.c uuencode.h authfile.h]
   - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
     for trading keys with the real and the original SSH, directly from the
     people who invented the SSH protocol.
   [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
   [sshconnect1.c sshconnect2.c]
   - split auth/sshconnect in one file per protocol version
   [sshconnect2.c]
   - remove debug
   [uuencode.c]
   - add trailing =
   [version.h]
   - OpenSSH-2.0
   [ssh-keygen.1 ssh-keygen.c]
   - add -R flag: exit code indicates if RSA is alive
   [sshd.c]
   - remove unused
     silent if -Q is specified
   [ssh.h]
   - host key becomes /etc/ssh_host_dsa_key
   [readconf.c servconf.c ]
   - ssh/sshd default to proto 1 and 2
   [uuencode.c]
   - remove debug
   [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
   - xfree DSA blobs
   [auth2.c serverloop.c session.c]
   - cleanup logging for sshd/2, respect PasswordAuth no
   [sshconnect2.c]
   - less debug, respect .ssh/config
   [README.openssh2 channels.c channels.h]
   - clientloop.c session.c ssh.c
   - support for x11-fwding, client+server
2000-04-29 23:57:08 +10:00
Damien Miller 4af51306d9 - OpenBSD CVS updates.
[ssh.1 ssh.c]
   - ssh -2
   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
   [session.c sshconnect.c]
   - check payload for (illegal) extra data
   [ALL]
   - whitespace cleanup
2000-04-16 11:18:38 +10:00
Damien Miller 78928793fb - OpenBSD CVS updates:
- [channels.c]
     repair x11-fwd
   - [sshconnect.c]
     fix passwd prompt for ssh2, less debugging output.
   - [clientloop.c compat.c dsa.c kex.c sshd.c]
     less debugging output
   - [kex.c kex.h sshconnect.c sshd.c]
     check for reasonable public DH values
   - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
     [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
     add Cipher and Protocol options to ssh/sshd, e.g.:
     ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
     arcfour,3des-cbc'
   - [sshd.c]
     print 1.99 only if server supports both
2000-04-12 20:17:38 +10:00
Damien Miller b38eff8e4f - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
- [auth.c session.c sshd.c auth.h]
     split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
   - [bufaux.c bufaux.h]
     support ssh2 bignums
   - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
     [readconf.c ssh.c ssh.h serverloop.c]
     replace big switch() with function tables (prepare for ssh2)
   - [ssh2.h]
     ssh2 message type codes
   - [sshd.8]
     reorder Xr to avoid cutting
   - [serverloop.c]
     close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
   - [channels.c]
     missing close
     allow bigger packets
   - [cipher.c cipher.h]
     support ssh2 ciphers
   - [compress.c]
     cleanup, less code
   - [dispatch.c dispatch.h]
     function tables for different message types
   - [log-server.c]
     do not log() if debuggin to stderr
     rename a cpp symbol, to avoid param.h collision
   - [mpaux.c]
     KNF
   - [nchan.c]
     sync w/ channels.c
2000-04-01 11:09:21 +10:00
Damien Miller 98c7ad60ec - OpenBSD CVS updates to v1.2.3
[ssh.h atomicio.c]
	 - int atomicio -> ssize_t (for alpha). ok deraadt@
	[auth-rsa.c]
	 - delay MD5 computation until client sends response, free() early, cleanup.
	[cipher.c]
	 - void* -> unsigned char*, ok niels@
	[hostfile.c]
	 - remove unused variable 'len'. fix comments.
	 - remove unused variable
	[log-client.c log-server.c]
	 - rename a cpp symbol, to avoid param.h collision
	[packet.c]
	 - missing xfree()
	 - getsockname() requires initialized tolen; andy@guildsoftware.com
	 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
	from Holger.Trapp@Informatik.TU-Chemnitz.DE
	[pty.c pty.h]
	 - register cleanup for pty earlier. move code for pty-owner handling to
   	pty.c ok provos@, dugsong@
	[readconf.c]
	 - turn off x11-fwd for the client, too.
	[rsa.c]
	 - PKCS#1 padding
	[scp.c]
	 - allow '.' in usernames; from jedgar@fxp.org
	[servconf.c]
	 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
	 - sync with sshd_config
	[ssh-keygen.c]
	 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
	[ssh.1]
	 - Change invalid 'CHAT' loglevel to 'VERBOSE'
	[ssh.c]
	 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
	 - turn off x11-fwd for the client, too.
	[sshconnect.c]
	 - missing xfree()
	 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
	 - read error vs. "Connection closed by remote host"
	[sshd.8]
	 - ie. -> i.e.,
	 - do not link to a commercial page..
	 - sync with sshd_config
	[sshd.c]
	 - no need for poll.h; from bright@wintelcom.net
	 - log with level log() not fatal() if peer behaves badly.
	 - don't panic if client behaves strange. ok deraadt@
	 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
	 - delay close() of pty until the pty has been chowned back to root
	 - oops, fix comment, too.
	 - missing xfree()
	 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
   	(http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
	 - register cleanup for pty earlier. move code for pty-owner handling to
      pty.c ok provos@, dugsong@
	 - create x11 cookie file
	 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
	 - version 1.2.3
 - Cleaned up
2000-03-09 21:27:49 +11:00
Damien Miller aae6c614da - Merged OpenBSD CVS changes:
- [auth-krb4.c auth-passwd.c auth-skey.c ssh.
     move skey-auth from auth-passwd.c to auth-s
   - [auth-rsa.c]
     warn only about mismatch if key is _used_
     warn about keysize-mismatch with log() not
     channels.c readconf.c readconf.h ssh.c ssh.
     ports are u_short
   - [hostfile.c]
     indent, shorter warning
   - [nchan.c]
     use error() for internal errors
   - [packet.c]
     set loglevel for SSH_MSG_DISCONNECT to log(
     serverloop.c
     indent
   - [ssh-add.1 ssh-add.c ssh.h]
     document , reasonable default
   - [ssh.1]
     CheckHostIP is not available for connects v
   - [sshconnect.c]
     typo
     easier to read client code for passwd and s
     turn of checkhostip for proxy connects, sin
1999-12-06 11:47:28 +11:00
Damien Miller 5428f646ad - More reformatting merged from OpenBSD CVS
- Merged OpenBSD CVS changes:
   - [channels.c]
     report from mrwizard@psu.edu via djm@ibs.com.au
   - [channels.c]
     set SO_REUSEADDR and SO_LINGER for forwarded ports.
     chip@valinux.com via damien@ibs.com.au
   - [nchan.c]
     it's not an error() if shutdown_write failes in nchan.
   - [readconf.c]
     remove dead #ifdef-0-code
   - [readconf.c servconf.c]
     strcasecmp instead of tolower
   - [scp.c]
     progress meter overflow fix from damien@ibs.com.au
   - [ssh-add.1 ssh-add.c]
     SSH_ASKPASS support
   - [ssh.1 ssh.c]
     postpone fork_after_authentication until command execution,
     request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
     plus: use daemon() for backgrounding
1999-11-25 11:54:57 +11:00
Damien Miller 95def09838 - Merged very large OpenBSD source code reformat
- OpenBSD CVS updates
   - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
     [ssh.h sshd.8 sshd.c]
     syslog changes:
     * Unified Logmessage for all auth-types, for success and for failed
     * Standard connections get only ONE line in the LOG when level==LOG:
       Auth-attempts are logged only, if authentication is:
          a) successfull or
          b) with passwd or
          c) we had more than AUTH_FAIL_LOG failues
     * many log() became verbose()
     * old behaviour with level=VERBOSE
   - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
     tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
     messages. allows use of s/key in windows (ttssh, securecrt) and
     ssh-1.2.27 clients without 'ssh -v', ok: niels@
   - [sshd.8]
     -V, for fallback to openssh in SSH2 compatibility mode
   - [sshd.c]
     fix sigchld race; cjc5@po.cwru.edu
1999-11-25 00:26:21 +11:00
Damien Miller 6162d1215b - OpenBSD CVS Changes
- [channels.c]
      make this compile, bad markus
    - [log.c readconf.c servconf.c ssh.h]
      bugfix: loglevels are per host in clientconfig,
      factor out common log-level parsing code.
    - [servconf.c]
      remove unused index (-Wall)
    - [ssh-agent.c]
      only one 'extern char *__progname'
    - [sshd.8]
      document SIGHUP, -Q to synopsis
    - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
      [channels.c clientloop.c]
      SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
      [hope this time my ISP stays alive during commit]
1999-11-21 13:23:52 +11:00
Damien Miller 2ccf661cbe - Merged more OpenBSD CVS changes:
[auth-krb4.c]
          - disconnect if getpeername() fails
          - missing xfree(*client)
        [canohost.c]
          - disconnect if getpeername() fails
          - fix comment: we _do_ disconnect if ip-options are set
        [sshd.c]
          - disconnect if getpeername() fails
          - move checking of remote port to central place
        [auth-rhosts.c] move checking of remote port to central place
        [log-server.c] avoid extra fd per sshd, from millert@
        [readconf.c] print _all_ bad config-options in ssh(1), too
        [readconf.h] print _all_ bad config-options in ssh(1), too
        [ssh.c] print _all_ bad config-options in ssh(1), too
        [sshconnect.c] disconnect if getpeername() fails
 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
1999-11-15 15:25:10 +11:00
Damien Miller 5ce662a920 - Merged more OpenBSD CVS changes:
- [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
     + krb-cleanup cleanup
   - [clientloop.c log-client.c log-server.c ]
     [readconf.c readconf.h servconf.c servconf.h ]
     [ssh.1 ssh.c ssh.h sshd.8]
     add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
     obsoletes QuietMode and FascistLogging in sshd.
1999-11-11 17:57:39 +11:00
Damien Miller d4a8b7e34d Initial revision 1999-10-27 13:42:43 +10:00