Commit Graph

266 Commits

Author SHA1 Message Date
Damien Miller ac7ef6a736 - djm@cvs.openbsd.org 2005/06/08 03:50:00
[ssh-keygen.1 ssh-keygen.c sshd.8]
     increase default rsa/dsa key length from 1024 to 2048 bits;
     ok markus@ deraadt@
2005-06-16 13:19:06 +10:00
Damien Miller 167ea5d026 - djm@cvs.openbsd.org 2005/04/21 06:17:50
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
     [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
     variable, so don't say that we do (bz #623); ok deraadt@
2005-05-26 12:04:02 +10:00
Damien Miller 718fd4b9b8 - jmc@cvs.openbsd.org 2005/03/01 14:59:49
[sshd.8]
     new sentence, new line;
     whitespace;
2005-03-02 12:03:23 +11:00
Damien Miller e1776155d1 - djm@cvs.openbsd.org 2005/03/01 10:40:27
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
     [sshconnect.c sshd.8]
     add support for hashing host names and addresses added to known_hosts
     files, to improve privacy of which hosts user have been visiting; ok
     markus@ deraadt@
2005-03-01 21:47:37 +11:00
Damien Miller 70a908ec89 - jmc@cvs.openbsd.org 2005/02/25 10:55:13
[sshd.8]
     add /etc/motd and $HOME/.hushlogin to FILES;
     from michael knudsen;
2005-03-01 21:17:09 +11:00
Darren Tucker 22cc741096 - dtucker@cvs.openbsd.org 2004/12/06 11:41:03
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
     Discard over-length authorized_keys entries rather than complaining when
     they don't decode.  bz #884, with & ok djm@
2004-12-06 22:47:41 +11:00
Darren Tucker db69390817 - markus@cvs.openbsd.org 2004/08/26 16:00:55
[ssh.1 sshd.8]
     get rid of references to rhosts authentication; with jmc@
2004-08-29 16:37:24 +10:00
Darren Tucker 097e1e9a97 - dtucker@cvs.openbsd.org 2004/05/02 11:54:31
[sshd.8]
     Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk
     via Debian; ok djm@
2004-05-02 22:15:08 +10:00
Darren Tucker 1f20394e92 - jmc@cvs.openbsd.org 2003/10/08 08:27:36
[scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8]
     scp and sftp: add options list and sort options. options list requested
     by deraadt@
     sshd: use same format as ssh
     ssh: remove wrong option from list
     sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
     ok deraadt@ markus@
2003-10-15 15:50:42 +10:00
Darren Tucker e41bba5847 - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny
any access to locked accounts.  ok djm@
2003-08-25 11:51:19 +10:00
Darren Tucker ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Damien Miller f1ce505daf - jmc@cvs.openbsd.org 2003/06/10 09:12:11
[scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5]
     [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
     - section reorder
     - COMPATIBILITY merge
     - macro cleanup
     - kill whitespace at EOL
     - new sentence, new line
     ssh pages ok markus@
2003-06-11 22:04:39 +10:00
Damien Miller fbf486b4a6 - jmc@cvs.openbsd.org 2003/05/20 12:09:31
[ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
     new sentence, new line
2003-05-23 18:44:23 +10:00
Damien Miller 3155432cd9 - david@cvs.openbsd.org 2003/04/30 20:41:07
[sshd.8]
     fix invalid .Pf macro usage introduced in previous commit
     ok jmc@ mouring@
2003-05-14 13:44:58 +10:00
Damien Miller 049245d260 - mouring@cvs.openbsd.org 2003/04/30 01:16:20
[sshd.8 sshd_config.5]
     Escape ?, * and ! in .Ql for nroff compatibility.  OpenSSH Portable
     Bug #550 and * escaping suggested by jmc@.
2003-05-14 13:44:42 +10:00
Damien Miller ffadc583f6 - jmc@cvs.openbsd.org 2003/01/31 21:54:40
[sshd.8]
     typos; sshd(8): help and ok markus@
     help and ok millert@
2003-02-24 11:52:26 +11:00
Damien Miller dcbb6c2dc9 - todd@cvs.openbsd.org 2002/09/24 20:59:44
[sshd.8]
     tweak the example $HOME/.ssh/rc script to not show on any cmdline the
     sensitive data it handles. This fixes bug # 402 as reported by
     kolya@mit.edu (Nickolai Zeldovich).
     ok markus@ and stevesk@
2002-09-25 12:20:52 +10:00
Damien Miller 86247e2798 - stevesk@cvs.openbsd.org 2002/09/16 22:03:13
[sshd.8]
     reference moduli(5) in FILES /etc/moduli.
2002-09-19 11:51:53 +10:00
Damien Miller c13486300d - (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/09/04 18:52:42
     [servconf.c sshd.8 sshd_config.5]
     default LoginGraceTime to 2m; 1m may be too short for slow systems.
     ok markus@
2002-09-05 14:35:14 +10:00
Damien Miller f771ab75f0 - stevesk@cvs.openbsd.org 2002/08/21 19:38:06
[servconf.c sshd.8 sshd_config sshd_config.5]
     change LoginGraceTime default to 1 minute; ok mouring@ markus@
2002-09-04 16:25:52 +10:00
Damien Miller b83df8d505 - espie@cvs.openbsd.org 2002/08/21 11:20:59
[sshd.8]
     `RSA' updated to refer to `public key', where it matters.
     okay markus@
2002-09-04 16:24:55 +10:00
Ben Lindstrom bd9bf38b00 - stevesk@cvs.openbsd.org 2002/08/12 17:30:35
[ssh.1 sshd.8 sshd_config.5]
     more PermitUserEnvironment; ok markus@
2002-08-20 18:54:20 +00:00
Ben Lindstrom dc7adf2670 - marc@cvs.openbsd.org 2002/08/02 16:00:07
[ssh.1 sshd.8]
     note that .ssh/environment is only read when
     allowed (PermitUserEnvironment in sshd_config).
     OK markus@
2002-08-20 18:38:02 +00:00
Ben Lindstrom 959de99aa0 - stevesk@cvs.openbsd.org 2002/06/22 16:45:29
[ssh-agent.1 sshd.8 sshd_config.5]
     use process ID vs. pid/PID/process identifier
2002-06-23 00:35:25 +00:00
Ben Lindstrom 624e3f2065 - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
[sshd.8]
     add /var/empty in FILES section
2002-06-23 00:32:57 +00:00
Ben Lindstrom 9f04903c50 - stevesk@cvs.openbsd.org 2002/06/20 19:56:07
[ssh.1 sshd.8]
     move configuration file options from ssh.1/sshd.8 to
     ssh_config.5/sshd_config.5; ok deraadt@ millert@
2002-06-21 00:59:05 +00:00
Ben Lindstrom 20abb75f53 - stevesk@cvs.openbsd.org 2002/05/29 03:06:30
[ssh.1 sshd.8]
     spelling
2002-06-06 20:45:33 +00:00
Ben Lindstrom fb62a69488 - markus@cvs.openbsd.org 2002/05/15 21:56:38
[servconf.c sshd.8 sshd_config]
     re-enable privsep and disable setuid for post-3.2.2
2002-06-06 19:47:11 +00:00
Ben Lindstrom c5c15dde32 - markus@cvs.openbsd.org 2002/05/15 21:02:53
[servconf.c sshd.8 sshd_config]
     disable privsep and enable setuid for the 3.2.2 release
2002-05-15 21:37:34 +00:00
Ben Lindstrom c57bbf158d - millert@cvs.openbsd.org 2002/05/06 23:34:33
[ssh.1 sshd.8]
     Kill/adjust r(login|exec)d? references now that those are no longer in
     the tree.
2002-05-15 21:36:45 +00:00
Ben Lindstrom bb2ce36d4d - deraadt@cvs.openbsd.org 2002/05/04 02:39:35
[servconf.c sshd.8 sshd_config]
     enable privsep by default; provos ok
(historical)
2002-05-15 21:35:43 +00:00
Damien Miller d7de14b6ad - markus@cvs.openbsd.org 2002/04/22 16:16:53
[servconf.c sshd.8 sshd_config]
     do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
2002-04-23 21:04:51 +10:00
Damien Miller 7a8558d3ea - stevesk@cvs.openbsd.org 2002/04/21 16:19:27
[sshd.8 sshd_config]
     document default AFSTokenPassing no; ok deraadt@
2002-04-23 20:51:15 +10:00
Ben Lindstrom a11e270115 - stevesk@cvs.openbsd.org 2002/04/05 20:56:21
[sshd.8]
     clarify sshrc some and handle X11UseLocalhost=yes; ok markus@
2002-04-05 22:18:48 +00:00
Ben Lindstrom 0d0be02a29 - stevesk@cvs.openbsd.org 2002/03/29 19:16:22
[sshd.8]
     RSA key modulus size minimum 768; ok markus@
2002-04-02 20:39:29 +00:00
Ben Lindstrom f181384a6b - markus@cvs.openbsd.org 2002/03/26 11:34:49
[ssh.1 sshd.8]
     update to recent drafts
2002-03-27 17:18:31 +00:00
Ben Lindstrom 85520a6705 - stevesk@cvs.openbsd.org 2002/03/19 05:23:08
[sshd.8]
     Banner has no default.
2002-03-22 02:44:40 +00:00
Ben Lindstrom 191c8e5eb9 - provos@cvs.openbsd.org 2002/03/18 17:59:09
[sshd.8]
     document UsePrivilegeSeparation
2002-03-22 02:37:50 +00:00
Ben Lindstrom 000dda5373 - provos@cvs.openbsd.org 2002/03/18 17:53:08
[sshd.8]
     credits for privsep
2002-03-22 02:33:12 +00:00
Ben Lindstrom ea03db9dbb - stevesk@cvs.openbsd.org 2002/02/28 20:46:10
[sshd.8]
     -u0 DNS for user@host
2002-03-05 01:38:57 +00:00
Ben Lindstrom 778bf55d89 - stevesk@cvs.openbsd.org 2002/02/28 20:36:42
[sshd.8]
     DenyUsers allows user@host pattern also
2002-03-05 01:37:12 +00:00
Damien Miller afcc22542e - deraadt@cvs.openbsd.org 2002/02/10 01:07:05
[readconf.h sshd.8]
     more /etc/ssh; openbsd@davidkrause.com
2002-02-10 18:32:55 +11:00
Damien Miller 05eda437a6 - (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/02/09 17:37:34
     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
     move ssh config files to /etc/ssh
 - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
2002-02-10 18:32:28 +11:00
Damien Miller 9749c0c972 - stevesk@cvs.openbsd.org 2002/02/03 22:35:57
[ssh.1 sshd.8]
     some KeepAlive cleanup/clarify; ok markus@
2002-02-05 12:23:58 +11:00
Damien Miller c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller 95c249ff47 - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
     add X11UseLocalhost; ok markus@
2002-02-05 12:11:34 +11:00
Damien Miller df64a682f1 - stevesk@cvs.openbsd.org 2002/01/18 20:46:34
[sshd.8]
     clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
     allard@oceanpark.com; ok markus@
2002-01-22 23:33:45 +11:00
Damien Miller 9c3f9505d9 - stevesk@cvs.openbsd.org 2002/01/18 17:14:16
[sshd.8]
     correct Ciphers default; paola.mannaro@ubs.com
2002-01-22 23:33:15 +11:00
Damien Miller 70972eb388 - stevesk@cvs.openbsd.org 2002/01/05 21:51:56
[ssh.1 sshd.8]
     some missing and misplaced periods
2002-01-22 23:19:55 +11:00
Damien Miller 7fc2373f17 - stevesk@cvs.openbsd.org 2002/01/04 18:14:16
[servconf.c sshd.8]
     protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
     /etc/ssh_host_dsa_key like we have in sshd_config.  ok markus@
2002-01-22 23:19:11 +11:00
Damien Miller dc9e067614 - stevesk@cvs.openbsd.org 2001/12/28 22:37:48
[ssh.1 sshd.8]
     document LogLevel DEBUG[123]; ok markus@
2002-01-22 23:17:51 +11:00
Damien Miller 7d1ded4972 - stevesk@cvs.openbsd.org 2001/12/27 18:22:53
[sshd.8]
     clarify -p; ok markus@
2002-01-22 23:09:41 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom ade03f6bad - markus@cvs.openbsd.org 2001/12/06 13:30:06
[servconf.c servconf.h sshd.8 sshd.c]
     add -o to sshd, too. ok deraadt@
 - (bal) Minor white space fix up in servconf.c
2001-12-06 18:22:17 +00:00
Ben Lindstrom 38b951cdb2 - markus@cvs.openbsd.org 2001/12/01 21:41:48
[session.c sshd.8]
     don't pass user defined variables to /usr/bin/login
2001-12-06 17:47:47 +00:00
Damien Miller 60d8aafcb1 - markus@cvs.openbsd.org 2001/11/07 22:12:01
[sshd.8]
     s/Keepalive/KeepAlive/; from openbsd@davidkrause.com
2001-11-12 11:04:05 +11:00
Ben Lindstrom 6149a6c57f - camield@cvs.openbsd.org 2001/09/27 17:53:24
[sshd.8]
     don't talk about compile-time options
     ok markus@
2001-10-03 17:15:32 +00:00
Ben Lindstrom 406b4f0f33 - stevesk@cvs.openbsd.org 2001/09/20 00:15:54
[sshd.8]
     fix ClientAliveCountMax
2001-09-20 23:09:16 +00:00
Ben Lindstrom 03598a1c23 - stevesk@cvs.openbsd.org 2001/09/19 21:41:57
[sshd.8]
     don't advertise -V in usage; ok markus@
2001-09-20 01:07:57 +00:00
Ben Lindstrom dfd1850398 - stevesk@cvs.openbsd.org 2001/09/19 21:04:53
[sshd.8]
     missing -t in usage
2001-09-20 01:06:08 +00:00
Ben Lindstrom 20daef753d - markus@cvs.openbsd.org 2001/09/19 10:08:51
[sshd.8]
     command=xxx applies to subsystem now, too
2001-09-20 00:54:01 +00:00
Ben Lindstrom 23124eab3b - markus@cvs.openbsd.org 2001/09/14
[sshd.c]
     typo
2001-09-14 23:14:25 +00:00
Ben Lindstrom 594e203894 - deraadt@cvs.openbsd.org 2001/09/05 06:23:07
[scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1]
     avoid first person in manual pages
2001-09-12 18:35:30 +00:00
Ben Lindstrom d71ba5771b - stevesk@cvs.openbsd.org 2001/08/30 20:36:34
[auth-options.c sshd.8]
     validate ports for permitopen key file option. add host/port
     alternative syntax for IPv6. ok markus@
2001-09-12 18:03:31 +00:00
Ben Lindstrom 60d82be9f3 - stevesk@cvs.openbsd.org 2001/08/29 23:39:40
[ssh.1 sshd.8]
     additional documentation for GatewayPorts; ok markus@
2001-09-12 17:58:15 +00:00
Ben Lindstrom 6f672c0954 - stevesk@cvs.openbsd.org 2001/08/29 23:02:21
[sshd.8]
     add text about -u0 preventing DNS requests; ok markus@
2001-09-12 17:51:55 +00:00
Ben Lindstrom 044274bcb0 - stevesk@cvs.openbsd.org 2001/08/22 16:30:02
[sshd.8]
     no rexd; ok markus@
2001-09-12 16:46:08 +00:00
Ben Lindstrom e59433da7a - stevesk@cvs.openbsd.org 2001/08/21 21:47:42
[ssh.1 sshd.8]
     minor typos and cleanup
2001-09-12 16:41:37 +00:00
Ben Lindstrom 1c0fd09d15 - stevesk@cvs.openbsd.org 2001/08/16 20:14:57
[ssh.1 sshd.8]
     document case sensitivity for ssh, sshd and key file
     options and arguments; ok markus@
2001-09-12 16:36:17 +00:00
Ben Lindstrom 91e9868e4f - jakob@cvs.openbsd.org 2001/08/16 19:18:34
[servconf.c servconf.h session.c sshd.8]
     deprecate CheckMail. ok markus@
2001-09-12 16:32:14 +00:00
Ben Lindstrom 020a8699a9 - markus@cvs.openbsd.org 2001/08/01 22:16:45
[ssh.1 sshd.8]
     refer to current ietf drafts for protocol v2
2001-08-06 21:38:10 +00:00
Ben Lindstrom 07d24dcbd8 - markus@cvs.openbsd.org 2001/07/28 09:21:15
[sshd.8]
     cleanup some RSA vs DSA vs SSH1 vs SSH2 notes
2001-08-06 21:18:57 +00:00
Ben Lindstrom 794325ac7a - stevesk@cvs.openbsd.org 2001/07/26 17:18:22
[sshd.8 sshd.c]
     add -t option to test configuration file and keys; pekkas@netcore.fi
     ok markus@
2001-08-06 21:09:07 +00:00
Ben Lindstrom c8e29ceb68 - markus@cvs.openbsd.org 2001/07/22 22:24:16
[sshd.8]
     Xr login.conf
2001-08-06 20:55:28 +00:00
Ben Lindstrom 60260022ee - markus@cvs.openbsd.org 2001/06/27 04:48:53
[auth.c match.c sshd.8]
     tridge@samba.org
2001-07-04 04:56:44 +00:00
Ben Lindstrom 88a6b7581b - mpech@cvs.openbsd.org 2001/06/26 05:48:07
[sshd.8]
     remove unnecessary .Pp between .It;
     millert@ ok
2001-07-04 03:55:21 +00:00
Ben Lindstrom 2464322d7e - itojun@cvs.openbsd.org 2001/06/23 17:48:18
[sftp.1 ssh.1 sshd.8 ssh-keyscan.1]
     kill whitespace at EOL.
2001-06-25 05:08:11 +00:00
Ben Lindstrom 3c798d4743 - markus@cvs.openbsd.org 2001/06/23 03:03:59
[sshd.8]
     draft-ietf-secsh-dh-group-exchange-01.txt
2001-06-25 04:39:22 +00:00
Ben Lindstrom d6481ea49a - markus@cvs.openbsd.org 2001/06/23 02:34:33
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
      sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
     get rid of known_hosts2, use it for hostkey lookup, but do not
     modify.
2001-06-25 04:37:41 +00:00
Ben Lindstrom f96704d4ef - markus@cvs.openbsd.org 2001/06/22 21:55:49
[auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
      ssh-keygen.1]
     merge authorized_keys2 into authorized_keys.
     authorized_keys2 is used for backward compat.
     (just append authorized_keys2 to authorized_keys).
2001-06-25 04:17:12 +00:00
Ben Lindstrom ae1c51c208 - provos@cvs.openbsd.org 2001/06/22 21:28:53
[sshd.8]
     document /etc/moduli
2001-06-25 04:14:59 +00:00
Ben Lindstrom d2bf0d64d9 - mpech@cvs.openbsd.org 2001/06/22 10:17:51
[ssh.1 sshd.8 ssh-keyscan.1]
     o) .Sh AUTHOR -> .Sh AUTHORS;
     o) remove unnecessary .Pp;
     o) better -mdoc style;
     o) typo;
     o) sort SEE ALSO;

     aaron@ ok
2001-06-25 04:10:54 +00:00
Ben Lindstrom 699776e9ec - markus@cvs.openbsd.org 2001/06/19 14:09:45
[session.c sshd.8]
     disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com
2001-06-21 03:14:49 +00:00
Ben Lindstrom 34a996877e - markus@cvs.openbsd.org 2001/06/11 16:04:38
[sshd.8]
     typo; bdubreuil@crrel.usace.army.mil
2001-06-12 00:23:12 +00:00
Ben Lindstrom bfb3a0e973 - markus@cvs.openbsd.org 2001/05/20 17:20:36
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
      sshd_config]
     configurable authorized_keys{,2} location; originally from peter@;
     ok djm@
2001-06-05 20:25:05 +00:00
Ben Lindstrom 1bda4c835e - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
[misc.c misc.h servconf.c sshd.8 sshd.c]
     sshd command-line arguments and configuration file options that
     specify time may be expressed using a sequence of the form:
     time[qualifier], where time is a positive integer value and qualifier
     is one of the following:
         <none>,s,m,h,d,w
     Examples:
         600     600 seconds (10 minutes)
         10m     10 minutes
         1h30m   1 hour 30 minutes (90 minutes)
     ok markus@
2001-06-05 19:59:08 +00:00
Ben Lindstrom bd0e2de8e5 - markus@cvs.openbsd.org 2001/05/19 16:46:19
[ssh.1 sshd.8]
     document MACs defaults with .Dq
2001-06-05 19:52:52 +00:00
Ben Lindstrom 608d1d1f9b - markus@cvs.openbsd.org 2001/05/19 16:08:43
[sshd.8]
     sort options; Matthew.Stier@fnc.fujitsu.com
2001-06-05 19:33:22 +00:00
Ben Lindstrom f0609f8bd3 - stevesk@cvs.openbsd.org 2001/05/04 14:21:56
[ssh.1 sshd.8]
     typos
2001-05-04 22:38:43 +00:00
Damien Miller f815442116 - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
(default: off), implies KbdInteractiveAuthentication. Suggestion from
   markus@
2001-04-25 22:44:14 +10:00
Ben Lindstrom c65e6a0fec - markus@cvs.openbsd.org 2001/04/22 23:58:36
[ssh-keygen.1 ssh.1 sshd.8]
     document hostbased and other cleanup
2001-04-23 13:02:16 +00:00
Ben Lindstrom 160ec62dce - markus@cvs.openbsd.org 2001/04/22 13:32:27
[sftp-server.8 sftp.1 ssh.1 sshd.8]
     xref draft-ietf-secsh-*
2001-04-22 17:17:46 +00:00
Ben Lindstrom bdc2beb678 - (bal) CVS ID fix up and slight manpage fix from OpenBSD tree. 2001-04-16 02:11:52 +00:00
Ben Lindstrom a8f3972ce6 - stevesk@cvs.openbsd.org 2001/04/15 19:41:21
[sshd.8]
     some ClientAlive cleanup; ok markus@
2001-04-16 02:03:49 +00:00
Ben Lindstrom 5744dc421d - beck@cvs.openbsd.org 2001/04/13 22:46:54
[channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
     Add options ClientAliveInterval and ClientAliveCountMax to sshd.
     This gives the ability to do a "keepalive" via the encrypted channel
     which can't be spoofed (unlike TCP keepalives). Useful for when you want
     to use ssh connections to authenticate people for something, and know
     relatively quickly when they are no longer authenticated. Disabled
     by default (of course). ok markus@
2001-04-13 23:28:01 +00:00
Ben Lindstrom 9fce9f02e8 - lebel@cvs.openbsd.org 2001/04/11 16:25:30
[sshd.8 sshd.c]
     implement the -e option into sshd:
      -e      When this option is specified, sshd will send the output to the
              standard error instead of the system log.
     markus@ OK.
2001-04-11 23:10:09 +00:00
Ben Lindstrom 18a82ac029 - itojun@cvs.openbsd.org 2001/04/10 09:13:22
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
     document id_rsa{.pub,}.  markus ok
2001-04-11 15:59:35 +00:00
Ben Lindstrom 1a598a4597 - stevesk@cvs.openbsd.org 2001/04/09 18:00:15
[sshd.8]
     ListenAddress mandoc from aaron@
2001-04-10 02:48:50 +00:00
Ben Lindstrom 4b3564e6f2 - stevesk@cvs.openbsd.org 2001/04/08 23:28:27
[sshd.8]
     spelling
2001-04-10 02:41:56 +00:00
Ben Lindstrom 49e57a871a - stevesk@cvs.openbsd.org 2001/04/08 16:01:36
[sshd.8]
     document ListenAddress addr:port
2001-04-08 18:02:43 +00:00
Ben Lindstrom 55b99e35c7 - stevesk@cvs.openbsd.org 2001/04/02 14:15:31
[sshd.8]
     typo; ok markus@
2001-04-02 18:18:21 +00:00
Ben Lindstrom 7bfff36ca3 - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
[servconf.c servconf.h session.c sshd.8 sshd_config]
     PrintLastLog option; from chip@valinux.com with some minor
     changes by me.  ok markus@
2001-03-26 05:45:53 +00:00
Damien Miller a243fde477 - djm@cvs.openbsd.org 2001/03/19 12:10:17
[sshd.8]
     Document permitopen authorized_keys option; ok markus@
2001-03-19 23:16:08 +11:00
Ben Lindstrom d58eb5f50e - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
[ssh.1 sshd.8]
     the name "secure shell" is boring, noone ever uses it
2001-03-07 06:07:22 +00:00
Ben Lindstrom c78a187b17 - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
[sshd.8]
     detail default hmac setup too
2001-03-06 01:06:58 +00:00
Ben Lindstrom ff8b4940ab - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
[sshd.8]
     alpha order; jcs@rt.fm
2001-03-06 01:00:03 +00:00
Ben Lindstrom fd2e05b95e - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
[sshd.8]
     list SSH2 ciphers
2001-03-05 07:48:45 +00:00
Ben Lindstrom fafea18d68 - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
[sshd.8]
     spelling
2001-03-05 07:43:27 +00:00
Ben Lindstrom d9cae22d1a - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
[servconf.c sshd.8]
     kill obsolete RandomSeed; ok markus@ deraadt@
2001-03-05 07:42:03 +00:00
Ben Lindstrom 323c98f4a7 - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
[sshd.8]
     small cleanup and clarify for PermitRootLogin; ok markus@
2001-03-05 07:40:40 +00:00
Ben Lindstrom 92a2e38f8e - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
     make copyright lines the same format
2001-03-05 06:59:27 +00:00
Ben Lindstrom d7f5b517d5 - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
[sshd.8]
     doc the dsa/rsa key pair files
2001-03-05 06:57:23 +00:00
Ben Lindstrom 49a098d1b2 - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
[sshd.8]
     explain SIGHUP better
2001-03-05 06:55:18 +00:00
Ben Lindstrom ebd888d919 - markus@cvs.openbsd.org 2001/02/22 21:57:27
[ssh.1 sshd.8]
     typos/grammar from matt@anzen.com
2001-03-05 05:49:29 +00:00
Ben Lindstrom 53992c7cd5 - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
[sshd.8]
     it's the OpenSSH one
2001-03-05 04:47:55 +00:00
Damien Miller 1d66c1602e - Document PAM ChallengeResponseAuthentication in sshd.8
- Disable and comment ChallengeResponseAuthentication in sshd_config
2001-03-04 00:16:20 +11:00
Ben Lindstrom d8a9021f36 - markus@cvs.openbsd.org 2001/02/12 16:16:23
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
      ssh-keygen.c sshd.8]
     PermitRootLogin={yes,without-password,forced-commands-only,no}
     (before this change, root could login even if PermitRootLogin==no)
2001-02-15 03:08:27 +00:00
Ben Lindstrom 06b33aa0e8 - markus@cvs.openbsd.org 2001/02/11 12:59:25
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
     1) clean up the MAC support for SSH-2
     2) allow you to specify the MAC with 'ssh -m'
     3) or the 'MACs' keyword in ssh(d)_config
     4) add hmac-{md5,sha1}-96
             ok stevesk@, provos@
2001-02-15 03:01:59 +00:00
Ben Lindstrom a1ebd89d24 Sync w/ OpenBSD 2001-02-10 22:19:23 +00:00
Damien Miller 3380426358 NB: big update - may break stuff. Please test!
- (djm) OpenBSD CVS sync:
   - markus@cvs.openbsd.org  2001/02/03 03:08:38
     [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
     [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
     [sshd_config]
     make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
   - markus@cvs.openbsd.org  2001/02/03 03:19:51
     [ssh.1 sshd.8 sshd_config]
     Skey is now called ChallengeResponse
   - markus@cvs.openbsd.org  2001/02/03 03:43:09
     [sshd.8]
     use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
     channel. note from Erik.Anggard@cygate.se (pr/1659)
   - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
     [ssh.1]
     typos; ok markus@
   - djm@cvs.openbsd.org     2001/02/04 04:11:56
     [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
     [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
     Basic interactive sftp client; ok theo@
 - (djm) Update RPM specs for new sftp binary
 - (djm) Update several bits for new optional reverse lookup stuff. I
   think I got them all.
2001-02-04 23:20:18 +11:00
Ben Lindstrom a73335004e - stevesk@cvs.openbsd.org 2001/01/28 20:43:25
[sshd.8]
     spelling.  ok markus@
2001-01-29 08:44:03 +00:00
Ben Lindstrom c12a6b7066 - markus@cvs.openbsd.org 2001/01/28 10:37:26
[sshd.c sshd.8]
     remove -Q, no longer needed
2001-01-29 08:41:05 +00:00
Ben Lindstrom 8eec2c8f06 - markus@cvs.openbsd.org 2001/01/28 10:24:04
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
     cleanup AUTHORS sections
2001-01-29 08:39:16 +00:00
Ben Lindstrom 226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Ben Lindstrom db65e8fded Please grep through the source and look for 'ISSUE' comments and verify
that I was able to get all the portable bits in the right location.  As for
the SKEY comment there is an email out to Markus as to how it should be
resolved.  Until then I just #ifdef SKEY/#endif out the whole block.

 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/18 16:20:21
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
      sshd.8 sshd.c]
     log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
     systems
   - markus@cvs.openbsd.org 2001/01/18 16:59:59
     [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
      session.h sshconnect1.c]
     1) removes fake skey from sshd, since this will be much
        harder with /usr/libexec/auth/login_XXX
     2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
     3) make addition of BSD_AUTH and other challenge reponse methods
        easier.
   - markus@cvs.openbsd.org 2001/01/18 17:12:43
     [auth-chall.c auth2-chall.c]
     rename *-skey.c *-chall.c since the files are not skey specific
2001-01-19 04:26:52 +00:00
Kevin Steves 7b61cfa1ec - (stevesk) complete:
- markus@cvs.openbsd.org  2001/01/13 11:56:48
     [auth.c sshd.8]
     support supplementary group in {Allow,Deny}Groups
     from stevesk@pobox.com
2001-01-14 19:11:00 +00:00
Ben Lindstrom 48bd7c118a - (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/08 22:29:05
     [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
      sshd_config version.h]
     implement option 'Banner /etc/issue.net' for ssh2, move version to
     2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
     is enabled).
   - markus@cvs.openbsd.org 2001/01/08 22:03:23
     [channels.c ssh-keyscan.c]
     O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/08 21:55:41
     [sshconnect1.c]
     more cleanups and fixes from stevesk@pobox.com:
     1) try_agent_authentication() for loop will overwrite key just
        allocated with key_new(); don't alloc
     2) call ssh_close_authentication_connection() before exit
        try_agent_authentication()
     3) free mem on bad passphrase in try_rsa_authentication()
   - markus@cvs.openbsd.org 2001/01/08 21:48:17
     [kex.c]
     missing free; thanks stevesk@pobox.com
2001-01-09 00:35:42 +00:00
Ben Lindstrom a383baac46 20010108
- (bal) Fixed another typo in cli.c
 - (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/07 21:26:55
     [cli.c]
     typo
   - markus@cvs.openbsd.org 2001/01/07 21:26:55
     [cli.c]
     missing free, stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/07 19:06:25
     [auth1.c]
     missing free, stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/07 11:28:04
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
      ssh.h sshd.8 sshd.c]
     rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
     syslog priority changes:
             fatal() LOG_ERR  -> LOG_CRIT
             log()   LOG_INFO -> LOG_NOTICE
2001-01-08 06:13:41 +00:00
Kevin Steves 9ce907c3d6 complete sshd -g manpage default merge 2001-01-07 11:53:40 +00:00
Ben Lindstrom d26dcf3371 20010107
- (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/06 11:23:27
     [ssh-rsa.c]
     remove unused
   - itojun@cvs.openbsd.org 2001/01/05 08:23:29
     [ssh-keyscan.1]
     missing .El
   - markus@cvs.openbsd.org 2001/01/04 22:41:03
     [session.c sshconnect.c]
     consistent use of _PATH_BSHELL; from stevesk@pobox.com
   - djm@cvs.openbsd.org 2001/01/04 22:35:32
     [ssh.1 sshd.8]
     Mention AES as available SSH2 Cipher; ok markus
   - markus@cvs.openbsd.org 2001/01/04 22:25:58
     [sshd.c]
     sync usage()/man with defaults; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/04 22:21:26
     [sshconnect2.c]
     handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
     that prints a banner (e.g. /etc/issue.net)
2001-01-06 15:18:16 +00:00
Ben Lindstrom 4dccfa5fb7 - (bal) OpenBSD CVS Update
- markus@cvs.openbsd.org 2000/12/28 14:25:51
     [auth.h auth2.c]
     count authentication failures only
   - markus@cvs.openbsd.org 2000/12/28 14:25:03
     [sshconnect.c]
     fingerprint for MITM attacks, too.
   - markus@cvs.openbsd.org 2000/12/28 12:03:57
     [sshd.8 sshd.c]
     document -D
   - markus@cvs.openbsd.org 2000/12/27 14:19:21
     [serverloop.c]
     less chatty
   - markus@cvs.openbsd.org 2000/12/27 12:34
     [auth1.c sshconnect2.c sshd.c]
     typo
   - markus@cvs.openbsd.org 2000/12/27 12:30:19
     [readconf.c readconf.h ssh.1 sshconnect.c]
     new option: HostKeyAlias: allow the user to record the host key
     under a different name. This is useful for ssh tunneling over
     forwarded connections or if you run multiple sshd's on different
     ports on the same machine.
   - markus@cvs.openbsd.org 2000/12/27 11:51:53
     [ssh.1 ssh.c]
     multiple -t force pty allocation, document ORIGINAL_COMMAND
   - markus@cvs.openbsd.org 2000/12/27 11:41:31
     [sshd.8]
     update for ssh-2
2000-12-28 16:40:05 +00:00
Damien Miller e39cacc579 - (djm) OpenBSD CVS updates:
- provos@cvs.openbsd.org  2000/11/22 08:38:31
     [sshd.8]
     talk about /etc/primes, okay markus@
   - markus@cvs.openbsd.org  2000/11/23 14:03:48
     [ssh.c sshconnect1.c sshconnect2.c]
     complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
     defaults
   - markus@cvs.openbsd.org  2000/11/25 09:42:53
     [sshconnect1.c]
     reorder check for illegal ciphers, bugreport from espie@
   - markus@cvs.openbsd.org  2000/11/25 10:19:34
     [ssh-keygen.c ssh.h]
     print keytype when generating a key.
     reasonable defaults for RSA1/RSA/DSA keys.
2000-11-29 12:18:44 +11:00
Damien Miller 0bc1bd814e - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/11/06 16:04:56
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c ssh.c]
     agent forwarding and -R for ssh2, based on work from
     jhuuskon@messi.uku.fi
   - markus@cvs.openbsd.org  2000/11/06 16:13:27
     [ssh.c sshconnect.c sshd.c]
     do not disabled rhosts(rsa) if server port > 1024; from
     pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/11/06 16:16:35
     [sshconnect.c]
     downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
   - markus@cvs.openbsd.org  2000/11/09 18:04:40
     [auth1.c]
     typo; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/11/12 12:03:28
     [ssh-agent.c]
     off-by-one when removing a key from the agent
   - markus@cvs.openbsd.org  2000/11/12 12:50:39
     [auth-rh-rsa.c auth2.c authfd.c authfd.h]
     [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
     [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
     [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
     [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
     add support for RSA to SSH2.  please test.
     there are now 3 types of keys: RSA1 is used by ssh-1 only,
     RSA and DSA are used by SSH2.
     you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
     keys for SSH2 and use the RSA keys for hostkeys or for user keys.
     SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
 - (djm) Change to interim version
2000-11-13 22:57:25 +11:00
Damien Miller 389edc4ce4 - (djm) Manually fix up missed diff hunks (mainly RCS idents) 2000-11-06 12:39:34 +11:00
Damien Miller 50a41ed079 - (djm) Sync with OpenBSD:
- markus@cvs.openbsd.org  2000/10/14 04:01:15
     [cipher.c]
     debug3
   - markus@cvs.openbsd.org  2000/10/14 04:07:23
     [scp.c]
     remove spaces from arguments; from djm@mindrot.org
   - markus@cvs.openbsd.org  2000/10/14 06:09:46
     [ssh.1]
     Cipher is for SSH-1 only
   - markus@cvs.openbsd.org  2000/10/14 06:12:09
     [servconf.c servconf.h serverloop.c session.c sshd.8]
     AllowTcpForwarding; from naddy@
   - markus@cvs.openbsd.org  2000/10/14 06:16:56
     [auth2.c compat.c compat.h sshconnect2.c version.h]
     OpenSSH_2.3; note that is is not complete, but the version number
     needs to be changed for interoperability reasons
   - markus@cvs.openbsd.org  2000/10/14 06:19:45
     [auth-rsa.c]
     do not send RSA challenge if key is not allowed by key-options; from
     eivind@ThinkSec.com
   - markus@cvs.openbsd.org  2000/10/15 08:14:01
     [rijndael.c session.c]
     typos; from stevesk@sweden.hp.com
   - markus@cvs.openbsd.org  2000/10/15 08:18:31
     [rijndael.c]
     typo
 - Copy manpages back over from OpenBSD - too tedious to wade through diffs
2000-10-16 12:14:42 +11:00
Damien Miller 874d77bb13 - (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org  2000/09/30 10:27:44
     [log.c]
     allow loglevel debug
   - markus@cvs.openbsd.org  2000/10/03 11:59:57
     [packet.c]
     hmac->mac
   - markus@cvs.openbsd.org  2000/10/03 12:03:03
     [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
     move fake-auth from auth1.c to individual auth methods, disables s/key in
     debug-msg
   - markus@cvs.openbsd.org  2000/10/03 12:16:48
     ssh.c
     do not resolve canonname, i have no idea why this was added oin ossh
   - markus@cvs.openbsd.org  2000/10/09 15:30:44
     ssh-keygen.1 ssh-keygen.c
     -X now reads private ssh.com DSA keys, too.
   - markus@cvs.openbsd.org  2000/10/09 15:32:34
     auth-options.c
     clear options on every call.
   - markus@cvs.openbsd.org  2000/10/09 15:51:00
     authfd.c authfd.h
     interop with ssh-agent2, from <res@shore.net>
   - markus@cvs.openbsd.org  2000/10/10 14:20:45
     compat.c
     use rexexp for version string matching
   - provos@cvs.openbsd.org  2000/10/10 22:02:18
     [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
     First rough implementation of the diffie-hellman group exchange.  The
     client can ask the server for bigger groups to perform the diffie-hellman
     in, thus increasing the attack complexity when using ciphers with longer
     keys.  University of Windsor provided network, T the company.
   - markus@cvs.openbsd.org  2000/10/11 13:59:52
     [auth-rsa.c auth2.c]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:00:27
     [auth-options.h]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:03:27
     [scp.1 scp.c]
     support 'scp -o' with help from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/10/11 14:11:35
     [dh.c]
     Wall
   - markus@cvs.openbsd.org  2000/10/11 14:14:40
     [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
     [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
     add support for s/key (kbd-interactive) to ssh2, based on work by
     mkiernan@avantgo.com and me
   - markus@cvs.openbsd.org  2000/10/11 14:27:24
     [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
     [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
     [sshconnect2.c sshd.c]
     new cipher framework
   - markus@cvs.openbsd.org  2000/10/11 14:45:21
     [cipher.c]
     remove DES
   - markus@cvs.openbsd.org  2000/10/12 03:59:20
     [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
     enable DES in SSH-1 clients only
   - markus@cvs.openbsd.org  2000/10/12 08:21:13
     [kex.h packet.c]
     remove unused
   - markus@cvs.openbsd.org  2000/10/13 12:34:46
     [sshd.c]
     Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
   - markus@cvs.openbsd.org  2000/10/13 12:59:15
     [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
     rijndael/aes support
   - markus@cvs.openbsd.org  2000/10/13 13:10:54
     [sshd.8]
     more info about -V
   - markus@cvs.openbsd.org  2000/10/13 13:12:02
     [myproposal.h]
     prefer no compression
2000-10-14 16:23:11 +11:00
Damien Miller 62cee00753 - (djm) OpenBSD CVS sync:
- markus@cvs.openbsd.org  2000/09/17 09:38:59
     [sshconnect2.c sshd.c]
     fix DEBUG_KEXDH
   - markus@cvs.openbsd.org  2000/09/17 09:52:51
     [sshconnect.c]
     yes no; ok niels@
   - markus@cvs.openbsd.org  2000/09/21 04:55:11
     [sshd.8]
     typo
   - markus@cvs.openbsd.org  2000/09/21 05:03:54
     [serverloop.c]
     typo
   - markus@cvs.openbsd.org  2000/09/21 05:11:42
     scp.c
     utime() to utimes(); mouring@pconline.com
   - markus@cvs.openbsd.org  2000/09/21 05:25:08
     sshconnect2.c
     change login logic in ssh2, allows plugin of other auth methods
   - markus@cvs.openbsd.org  2000/09/21 05:25:35
     [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
     [serverloop.c]
     add context to dispatch_run
   - markus@cvs.openbsd.org  2000/09/21 05:07:52
     authfd.c authfd.h ssh-agent.c
     bug compat for old ssh.com software
2000-09-23 17:15:56 +11:00
Damien Miller e4340be5b3 - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/09/05 02:59:57
     [session.c]
     print hostname (not hushlogin)
   - markus@cvs.openbsd.org  2000/09/05 13:18:48
     [authfile.c ssh-add.c]
     enable ssh-add -d for DSA keys
   - markus@cvs.openbsd.org  2000/09/05 13:20:49
     [sftp-server.c]
     cleanup
   - markus@cvs.openbsd.org  2000/09/06 03:46:41
     [authfile.h]
     prototype
   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
     [ALL]
     cleanup copyright notices on all files.  I have attempted to be
     accurate with the details.  everything is now under Tatu's licence
     (which I copied from his readme), and/or the core-sdi bsd-ish thing
     for deattack, or various openbsd developers under a 2-term bsd
     licence.  We're not changing any rules, just being accurate.
   - markus@cvs.openbsd.org  2000/09/07 14:40:30
     [channels.c channels.h clientloop.c serverloop.c ssh.c]
     cleanup window and packet sizes for ssh2 flow control; ok niels
   - markus@cvs.openbsd.org  2000/09/07 14:53:00
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/09/07 15:13:37
     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
     [pty.c readconf.c]
     some more Copyright fixes
   - markus@cvs.openbsd.org  2000/09/08 03:02:51
     [README.openssh2]
     bye bye
   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
     [LICENCE cipher.c]
     a few more comments about it being ARC4 not RC4
   - markus@cvs.openbsd.org  2000/09/12 14:53:11
     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
     multiple debug levels
   - markus@cvs.openbsd.org  2000/09/14 14:25:15
     [clientloop.c]
     typo
   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
     [ssh-agent.c]
     check return value for setenv(3) for failure, and deal appropriately
2000-09-16 13:29:08 +11:00
Damien Miller 7b28dc5eb0 20000905
- (djm) Import OpenBSD CVS changes
   - markus@cvs.openbsd.org  2000/08/31 15:52:24
     [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
     implement a SFTP server. interops with sftp2, scp2 and the windows
     client from ssh.com
   - markus@cvs.openbsd.org  2000/08/31 15:56:03
     [README.openssh2]
     sync
   - markus@cvs.openbsd.org  2000/08/31 16:05:42
     [session.c]
     Wall
   - markus@cvs.openbsd.org  2000/08/31 16:09:34
     [authfd.c ssh-agent.c]
     add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
   - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
     [scp.1 scp.c]
     cleanup and fix -S support; stevesk@sweden.hp.com
   - markus@cvs.openbsd.org  2000/09/01 16:29:32
     [sftp-server.c]
     portability fixes
   - markus@cvs.openbsd.org  2000/09/01 16:32:41
     [sftp-server.c]
     fix cast; mouring@pconline.com
   - itojun@cvs.openbsd.org  2000/09/03 09:23:28
     [ssh-add.1 ssh.1]
     add missing .El against .Bl.
   - markus@cvs.openbsd.org  2000/09/04 13:03:41
     [session.c]
     missing close; ok theo
   - markus@cvs.openbsd.org  2000/09/04 13:07:21
     [session.c]
     fix get_last_login_time order; from andre@van-veen.de
   - markus@cvs.openbsd.org  2000/09/04 13:10:09
     [sftp-server.c]
     more cast fixes; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/09/04 13:06:04
     [session.c]
     set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
 - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
2000-09-05 13:34:53 +11:00
Damien Miller caf6dd6d21 - More OpenBSD updates:
- deraadt@cvs.openbsd.org 2000/08/24 15:46:59
     [scp.c]
     off_t in sink, to fix files > 2GB, i think, test is still running ;-)
   - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
     [session.c]
     Wall
   - markus@cvs.openbsd.org  2000/08/26 04:33:43
     [compat.c]
     ssh.com-2.3.0
   - markus@cvs.openbsd.org  2000/08/27 12:18:05
     [compat.c]
     compatibility with future ssh.com versions
   - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
     [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
     print uid/gid as unsigned
   - markus@cvs.openbsd.org  2000/08/28 13:51:00
     [ssh.c]
     enable -n and -f for ssh2
   - markus@cvs.openbsd.org  2000/08/28 14:19:53
     [ssh.c]
     allow combination of -N and -f
   - markus@cvs.openbsd.org  2000/08/28 14:20:56
     [util.c]
     util.c
   - markus@cvs.openbsd.org  2000/08/28 14:22:02
     [util.c]
     undo
   - markus@cvs.openbsd.org  2000/08/28 14:23:38
     [util.c]
     don't complain if setting NONBLOCK fails with ENODEV
2000-08-29 11:33:50 +11:00
Damien Miller 942da039d2 - (djm) OpenBSD CVS changes:
- markus@cvs.openbsd.org  2000/07/22 03:14:37
     [servconf.c servconf.h sshd.8 sshd.c sshd_config]
     random early drop; ok theo, niels
   - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
     [ssh.1]
     typo
   - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
     [sshd.8]
     many fixes from pepper@mail.reppep.com
   - provos@cvs.openbsd.org  2000/08/01 13:01:42
     [Makefile.in util.c aux.c]
     rename aux.c to util.c to help with cygwin port
   - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
     [authfd.c]
     correct sun_len; Alexander@Leidinger.net
   - provos@cvs.openbsd.org  2000/08/02 10:27:17
     [readconf.c sshd.8]
     disable kerberos authentication by default
   - provos@cvs.openbsd.org  2000/08/02 11:27:05
     [sshd.8 readconf.c auth-krb4.c]
     disallow kerberos authentication if we can't verify the TGT; from
     dugsong@
     kerberos authentication is on by default only if you have a srvtab.
   - markus@cvs.openbsd.org  2000/08/04 14:30:07
     [auth.c]
     unused
   - markus@cvs.openbsd.org  2000/08/04 14:30:35
     [sshd_config]
     MaxStartups
   - markus@cvs.openbsd.org  2000/08/15 13:20:46
     [authfd.c]
     cleanup; ok niels@
   - markus@cvs.openbsd.org  2000/08/17 14:05:10
     [session.c]
     cleanup login(1)-like jobs, no duplicate utmp entries
   - markus@cvs.openbsd.org  2000/08/17 14:06:34
     [session.c sshd.8 sshd.c]
      sshd -u len, similar to telnetd
2000-08-18 13:59:06 +10:00
Damien Miller 3702396526 - (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org  2000/06/26 03:22:29
     [authfd.c]
     cleanup, less cut&paste
   - markus@cvs.openbsd.org  2000/06/26 15:59:19
     [servconf.c servconf.h session.c sshd.8 sshd.c]
     MaxStartups: limit number of unauthenticated connections, work by
     theo and me
   - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
     [session.c]
     use no_x11_forwarding_flag correctly; provos ok
   - provos@cvs.openbsd.org  2000/07/05 15:35:57
     [sshd.c]
     typo
   - aaron@cvs.openbsd.org   2000/07/05 22:06:58
     [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
     Insert more missing .El directives. Our troff really should identify
     these and spit out a warning.
   - todd@cvs.openbsd.org    2000/07/06 21:55:04
     [auth-rsa.c auth2.c ssh-keygen.c]
     clean code is good code
   - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
     [serverloop.c]
     sense of port forwarding flag test was backwards
   - provos@cvs.openbsd.org  2000/07/08 17:17:31
     [compat.c readconf.c]
     replace strtok with strsep; from David Young <dyoung@onthejob.net>
   - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
     [auth.h]
     KNF
   - ho@cvs.openbsd.org      2000/07/08 19:27:33
     [compat.c readconf.c]
     Better conditions for strsep() ending.
   - ho@cvs.openbsd.org      2000/07/10 10:27:05
     [readconf.c]
     Get the correct message on errors. (niels@ ok)
   - ho@cvs.openbsd.org      2000/07/10 10:30:25
     [cipher.c kex.c servconf.c]
     strtok() --> strsep(). (niels@ ok)
2000-07-11 17:31:38 +10:00
Damien Miller f6d9e22189 - OpenBSD CVS updates:
- deraadt@cvs.openbsd.org 2000/06/17 09:58:46
     [channels.c]
     everyone says "nix it" (remove protocol 2 debugging message)
   - markus@cvs.openbsd.org  2000/06/17 13:24:34
     [sshconnect.c]
     allow extended server banners
   - markus@cvs.openbsd.org  2000/06/17 14:30:10
     [sshconnect.c]
     missing atomicio, typo
   - jakob@cvs.openbsd.org   2000/06/17 16:52:34
     [servconf.c servconf.h session.c sshd.8 sshd_config]
     add support for ssh v2 subsystems. ok markus@.
   - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
     [readconf.c servconf.c]
     include = in WHITESPACE; markus ok
   - markus@cvs.openbsd.org  2000/06/17 19:09:10
     [auth2.c]
     implement bug compatibility with ssh-2.0.13 pubkey, server side
   - markus@cvs.openbsd.org  2000/06/17 21:00:28
     [compat.c]
     initial support for ssh.com's 2.2.0
   - markus@cvs.openbsd.org  2000/06/17 21:16:09
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/06/17 22:05:02
     [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
     split auth-rsa option parsing into auth-options
     add options support to authorized_keys2
   - markus@cvs.openbsd.org  2000/06/17 22:42:54
     [session.c]
     typo
2000-06-18 14:50:44 +10:00
Damien Miller d3a185709d - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
<tibbs@math.uh.edu>
 - (djm) OpenBSD CVS updates:
  - todd@cvs.openbsd.org
    [sshconnect2.c]
    teach protocol v2 to count login failures properly and also enable an
    explanation of why the password prompt comes up again like v1; this is NOT
    crypto
  - markus@cvs.openbsd.org
    [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
    xauth_location support; pr 1234
    [readconf.c sshconnect2.c]
    typo, unused
    [session.c]
    allow use_login only for login sessions, otherwise remote commands are
    execed with uid==0
    [sshd.8]
    document UseLogin better
    [version.h]
    OpenSSH 2.1.1
    [auth-rsa.c]
    fix match_hostname() logic for auth-rsa: deny access if we have a
    negative match or no match at all
    [channels.c hostfile.c match.c]
    don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
    kris@FreeBSD.org
2000-06-07 19:55:44 +10:00
Damien Miller 30c3d42930 - OpenBSD CVS update
- markus@cvs.openbsd.org
    [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
    [ssh.h sshconnect1.c sshconnect2.c sshd.8]
    - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
  - hugh@cvs.openbsd.org
    [ssh.1]
    - zap typo
    [ssh-keygen.1]
    - One last nit fix. (markus approved)
    [sshd.8]
    - some markus certified spelling adjustments
  - markus@cvs.openbsd.org
    [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
    [sshconnect2.c ]
    - bug compat w/ ssh-2.0.13 x11, split out bugs
    [nchan.c]
    - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
    [ssh-keygen.c]
    - handle escapes in real and original key format, ok millert@
    [version.h]
    - OpenSSH-2.1
2000-05-09 11:02:59 +10:00
Damien Miller e247cc402b - Remove references to SSLeay.
- Big OpenBSD CVS update
  - markus@cvs.openbsd.org
    [clientloop.c]
    - typo
    [session.c]
    - update proctitle on pty alloc/dealloc, e.g. w/ windows client
    [session.c]
    - update proctitle for proto 1, too
    [channels.h nchan.c serverloop.c session.c sshd.c]
    - use c-style comments
  - deraadt@cvs.openbsd.org
    [scp.c]
    - more atomicio
  - markus@cvs.openbsd.org
    [channels.c]
    - set O_NONBLOCK
    [ssh.1]
    - update AUTHOR
    [readconf.c ssh-keygen.c ssh.h]
    - default DSA key file ~/.ssh/id_dsa
    [clientloop.c]
    - typo, rm verbose debug
  - deraadt@cvs.openbsd.org
    [ssh-keygen.1]
    - document DSA use of ssh-keygen
    [sshd.8]
    - a start at describing what i understand of the DSA side
    [ssh-keygen.1]
    - document -X and -x
    [ssh-keygen.c]
    - simplify usage
  - markus@cvs.openbsd.org
    [sshd.8]
    - there is no rhosts_dsa
    [ssh-keygen.1]
    - document -y, update -X,-x
    [nchan.c]
    - fix close for non-open ssh1 channels
    [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
    - s/DsaKey/HostDSAKey/, document option
    [sshconnect2.c]
    - respect number_of_password_prompts
    [channels.c channels.h servconf.c servconf.h session.c sshd.8]
    - GatewayPorts for sshd, ok deraadt@
    [ssh-add.1 ssh-agent.1 ssh.1]
    - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
    [ssh.1]
    - more info on proto 2
    [sshd.8]
    - sync AUTHOR w/ ssh.1
    [key.c key.h sshconnect.c]
    - print key type when talking about host keys
    [packet.c]
    - clear padding in ssh2
    [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
    - replace broken uuencode w/ libc b64_ntop
    [auth2.c]
    - log failure before sending the reply
    [key.c radix.c uuencode.c]
    - remote trailing comments before calling __b64_pton
    [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
    [sshconnect2.c sshd.8]
    - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 12:03:14 +10:00
Damien Miller 6f83b8e34d - OpenBSD CVS update
[channels.c]
   - init all fds, close all fds.
   [sshconnect2.c]
   - check whether file exists before asking for passphrase
   [servconf.c servconf.h sshd.8 sshd.c]
   - PidFile, pr 1210
   [channels.c]
   - EINTR
   [channels.c]
   - unbreak, ok niels@
   [sshd.c]
   - unlink pid file, ok niels@
   [auth2.c]
   - Add missing #ifdefs; ok - markus
2000-05-02 09:23:45 +10:00
Damien Miller 35dabd0398 [scp.c]
- fix very rare EAGAIN/EINTR issues; based on work by djm
   [packet.c]
   - less debug, rm unused
   [auth2.c]
   - disable kerb,s/key in ssh2
   [sshd.8]
   - Minor tweaks and typo fixes.
   [ssh-keygen.c]
   - Put -d into usage and reorder. markus ok.
2000-05-01 21:10:33 +10:00
Damien Miller cfabe86720 - Debian bug #55910 - remove references to ssl(8) manpages 2000-04-20 23:27:27 +10:00
Damien Miller 22c772609a - Merged OpenBSD updates to include paths. 2000-04-13 12:26:34 +10:00