51bf11fcc9
- djm@cvs.openbsd.org 2003/11/17 09:45:39
...
[msg.c msg.h sshconnect2.c ssh-keysign.c]
return error on msg send/receive failure (rather than fatal); ok markus@
2003-11-17 21:20:47 +11:00
91c6aa4468
- markus@cvs.openbsd.org 2003/11/14 13:19:09
...
[sshconnect2.c]
cleanup and minor fixes for the client code; from Simon Wilkinson
2003-11-17 21:20:18 +11:00
655a5e0987
- markus@cvs.openbsd.org 2003/11/02 11:01:03
...
[auth2-gss.c compat.c compat.h sshconnect2.c]
remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
2003-11-03 20:09:03 +11:00
56afe145e0
- avsm@cvs.openbsd.org 2003/10/26 16:57:43
...
[sshconnect2.c]
rename 'supported' static var in userauth_gssapi() to 'gss_supported'
to avoid shadowing the global version. markus@ ok
2003-11-03 20:06:14 +11:00
d05b601895
- markus@cvs.openbsd.org 2003/10/11 08:26:43
...
[sshconnect2.c]
search keys in reverse order; fixes #684
2003-10-15 15:55:59 +10:00
796448276c
- deraadt@cvs.openbsd.org 2003/10/07 21:58:28
...
[sshconnect2.c]
set ptr to NULL after free
2003-10-08 17:37:58 +10:00
046dff2a07
- dtucker@cvs.openbsd.org 2003/10/07 01:47:27
...
[sshconnect2.c]
Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 & #707 .
ok markus@
2003-10-08 17:32:02 +10:00
08bbb2f69d
- djm@cvs.openbsd.org 2003/08/25 10:33:33
...
[sshconnect2.c]
fprintf->logit to silence login banner with "ssh -q"; ok markus@
2003-08-26 12:14:05 +10:00
600ad8de76
- deraadt@cvs.openbsd.org 2003/08/24 17:36:52
...
[monitor.c monitor_wrap.c sshconnect2.c]
64 bit cleanups; markus ok
2003-08-26 12:10:48 +10:00
be1a901f99
- markus@cvs.openbsd.org 2003/08/22 13:20:03
...
[sshconnect2.c]
remove support for "kerberos-2@ssh.com"
2003-08-26 12:04:31 +10:00
49aaf4ad52
- (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
...
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-26 11:58:16 +10:00
0efd155c3c
- markus@cvs.openbsd.org 2003/08/22 10:56:09
...
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
502d384b74
- markus@cvs.openbsd.org 2003/06/24 08:23:46
...
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
int -> u_int; ok djm@, deraadt@, mouring@
2003-06-28 12:38:01 +10:00
f842fcb296
- markus@cvs.openbsd.org 2003/05/15 00:28:28
...
[sshconnect2.c]
cleanup unregister of per-method packet handlers; ok djm@
2003-05-15 12:01:28 +10:00
4d99519535
- (djm) Avoid KrbV leak for MIT Kerberos
2003-05-14 19:23:56 +10:00
9c617693c2
- (djm) Make portable build with MIT krb5 (some issues remain)
2003-05-14 14:31:11 +10:00
3ab496b3dd
- markus@cvs.openbsd.org 2003/05/14 02:15:47
...
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
server interops with commercial client; ok jakob@ djm@
2003-05-14 13:47:37 +10:00
280ecfb6e4
- markus@cvs.openbsd.org 2003/05/12 16:55:37
...
[sshconnect2.c]
for pubkey authentication try the user keys in the following order:
1. agent keys that are found in the config file
2. other agent keys
3. keys that are only listed in the config file
this helps when an agent has many keys, where the server might
close the connection before the correct key is used. report & ok pb@
2003-05-14 13:46:00 +10:00
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
a5539d2698
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/04/02 09:48:07
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
reapply rekeying chage, tested by henning@, ok djm@
2003-04-09 20:50:06 +10:00
2dc074ef4b
- markus@cvs.openbsd.org 2003/04/01 10:10:23
...
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
- markus@cvs.openbsd.org 2003/04/01 10:22:21
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
backout rekeying changes (for 3.6.1)
2003-04-01 21:43:39 +10:00
0011138d47
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/03/05 22:33:43
[channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
[sftp-server.c ssh-add.c sshconnect2.c]
fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
2003-03-10 11:21:17 +11:00
8e7fb33523
- markus@cvs.openbsd.org 2003/02/16 17:09:57
...
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
split kex into client and server code, no need to link
server code into the client; ok provos@
2003-02-24 12:03:03 +11:00
1b96cfb975
- (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs since
...
we already did s/msg_send/ssh_msg_send/
2002-12-23 02:58:17 +00:00
1d568f9fce
- markus@cvs.openbsd.org 2002/12/13 10:03:15
...
[channels.c misc.c sshconnect2.c]
cleanup debug messages, more useful information for the client user.
2002-12-23 02:44:36 +00:00
064496feaa
- markus@cvs.openbsd.org 2002/11/21 22:45:31
...
[cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
debug->debug2, unify debug messages
2002-12-23 02:04:22 +00:00
901119beab
- (djm) Bug #406 : s/msg_send/ssh_msg_send/ for Mac OS X 1.2
2002-10-04 11:10:04 +10:00
343010ad50
- markus@cvs.openbsd.org 2002/07/01 19:48:46
...
[sshconnect2.c]
for compression=yes, we fallback to no-compression if the server does
not support compression, vice versa for compression=no. ok mouring@
2002-07-04 00:16:25 +00:00
a962c2fb35
- deraadt@cvs.openbsd.org 2002/06/30 21:59:45
...
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
sshconnect2.c sshd.c]
minor KNF
2002-07-04 00:14:17 +00:00
5c3855210e
- deraadt@cvs.openbsd.org 2002/06/23 03:30:58
...
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
sshpty.c]
various KNF and %d for unsigned
2002-06-23 21:23:20 +00:00
cb72e4f6d2
- deraadt@cvs.openbsd.org 2002/06/19 00:27:55
...
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
xmalloc.h]
KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
cec2ea8d02
- markus@cvs.openbsd.org 2002/05/31 10:30:33
...
[sshconnect2.c]
extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@
2002-06-06 20:51:04 +00:00
4887da222b
- markus@cvs.openbsd.org 2002/05/25 08:50:39
...
[sshconnect2.c]
execlp->execl; from stevesk
2002-06-06 20:05:57 +00:00
5206b951c6
- markus@cvs.openbsd.org 2002/05/24 08:45:14
...
[sshconnect2.c]
stat ssh-keysign first, print error if stat fails;
some debug->error; fix comment
2002-06-06 19:59:29 +00:00
1bad256822
- markus@cvs.openbsd.org 2002/05/23 19:24:30
...
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
2002-06-06 19:57:33 +00:00
c85496222b
[sshconnect2.c] change uint32_t to u_int32_t
2002-03-31 12:49:38 -08:00
38a69e6b53
- markus@cvs.openbsd.org 2002/03/26 15:58:46
...
[readpass.c readpass.h sshconnect2.c]
client side support for PASSWD_CHANGEREQ
2002-03-27 17:28:46 +00:00
6328ab3989
- markus@cvs.openbsd.org 2002/03/19 10:49:35
...
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
ttymodes.c]
KNF whitespace
2002-03-22 02:54:23 +00:00
c58ab02e45
- markus@cvs.openbsd.org 2002/02/25 16:33:27
...
[ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
more u_* fixes
2002-02-26 18:15:09 +00:00
90fd814f90
- markus@cvs.openbsd.org 2002/02/24 19:14:59
...
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
signed vs. unsigned: make size arguments u_int, ok stevesk@
2002-02-26 18:09:42 +00:00
68f45983b2
- markus@cvs.openbsd.org 2002/02/03 17:59:23
...
[sshconnect2.c]
more cross checking if announced vs. used key type; ok stevesk@
2002-02-05 12:23:32 +11:00
3a8262ffcc
- markus@cvs.openbsd.org 2002/01/25 21:00:24
...
[sshconnect2.c]
unused include
2002-02-05 11:53:15 +11:00
0e3b87279c
- markus@cvs.openbsd.org 2002/01/13 17:57:37
...
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2002-01-22 23:26:38 +11:00
630d6f4479
- markus@cvs.openbsd.org 2001/12/28 15:06:00
...
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
remove plen from the dispatch fn. it's no longer used.
2002-01-22 23:17:30 +11:00
dff5099f13
- markus@cvs.openbsd.org 2001/12/28 14:50:54
...
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
48b03fc546
- markus@cvs.openbsd.org 2001/12/27 20:39:58
...
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
278f907a2d
- djm@cvs.openbsd.org 2001/12/20 22:50:24
...
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
[dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
[sshconnect2.c]
Conformance fix: we should send failing packet sequence number when
responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
yakk@yakk.dot.net ; ok markus@
2001-12-21 15:00:19 +11:00
9f0f5c64bc
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
...
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
1c37c6a518
- deraadt@cvs.openbsd.org 2001/12/05 10:06:12
...
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
minor KNF
2001-12-06 18:00:18 +00:00
3c36bb29ca
- itojun@cvs.openbsd.org 2001/12/05 03:56:39
...
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
sshconnect2.c]
make it compile with more strict prototype checking
2001-12-06 17:55:26 +00:00
9f64390f41
- markus@cvs.openbsd.org 2001/11/07 16:03:17
...
[packet.c packet.h sshconnect2.c]
pad using the padding field from the ssh2 packet instead of sending
extra ignore messages. tested against several other ssh servers.
2001-11-12 11:02:52 +11:00
91c1847733
- markus@cvs.openbsd.org 2001/10/29 19:27:15
...
[sshconnect2.c]
hostbased: check for client hostkey before building chost
2001-11-12 11:02:03 +11:00
59d9fb9e55
- markus@cvs.openbsd.org 2001/10/06 11:18:19
...
[sshconnect1.c sshconnect2.c sshconnect.c]
unify hostkey check error messages, simplify prompt.
2001-10-10 15:03:11 +10:00
7d19996201
- markus@cvs.openbsd.org 2001/08/31 11:46:39
...
[sshconnect2.c]
disable kbd-interactive if we don't get
SSH2_MSG_USERAUTH_INFO_REQUEST messages
2001-09-12 18:29:00 +00:00
45350e8374
- markus@cvs.openbsd.org 2001/07/23 09:06:28
...
[sshconnect2.c]
reorder default sequence of userauth methods to match ssh behaviour:
hostbased,publickey,keyboard-interactive,password
2001-08-06 20:57:11 +00:00
c5b680018b
- markus@cvs.openbsd.org 2001/06/26 20:14:11
...
[key.c key.h ssh.c sshconnect1.c sshconnect2.c]
add smartcard support to the client, too (now you can use both
the agent and the client).
2001-07-04 04:52:03 +00:00
7907382299
- stevesk@cvs.openbsd.org 2001/06/25 20:26:37
...
[auth2.c sshconnect2.c]
prototype cleanup; ok markus@
2001-07-04 03:42:30 +00:00
126c56ad9e
- markus@cvs.openbsd.org 2001/06/24 05:47:13
...
[sshconnect2.c]
oops, missing format string
2001-06-25 05:22:53 +00:00
949974bbdb
- markus@cvs.openbsd.org 2001/06/24 05:35:33
...
[readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
switch to readpassphrase(3)
2.7/8-stable needs readpassphrase.[ch] from libc
2001-06-25 05:20:31 +00:00
bba81213b9
- itojun@cvs.openbsd.org 2001/06/23 15:12:20
...
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
readpass.c scp.c servconf.c serverloop.c session.c sftp.c
sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
ssh-keygen.c ssh-keyscan.c]
more strict prototypes. raise warning level in Makefile.inc.
markus ok'ed
TODO; cleanup headers
2001-06-25 05:01:22 +00:00
d6481ea49a
- markus@cvs.openbsd.org 2001/06/23 02:34:33
...
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
get rid of known_hosts2, use it for hostkey lookup, but do not
modify.
2001-06-25 04:37:41 +00:00
1bfe29151b
- markus@cvs.openbsd.org 2001/05/19 16:32:16
...
[ssh.1 sshconnect2.c]
change preferredauthentication order to
publickey,hostbased,password,keyboard-interactive
document that hostbased defaults to no, document order
2001-06-05 19:37:25 +00:00
551ea37576
- markus@cvs.openbsd.org 2001/05/18 14:13:29
...
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
improved kbd-interactive support. work by per@appgate.com and me
2001-06-05 18:56:16 +00:00
671388f233
- markus@cvs.openbsd.org 2001/04/18 23:43:26
...
[auth2.c compat.c sshconnect2.c]
more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
(however the 2.1.0 server seems to work only if debug is enabled...)
2001-04-19 20:40:45 +00:00
2bffd6fd1b
- markus@cvs.openbsd.org 2001/04/18 22:03:45
...
[auth2.c sshconnect2.c]
use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
2001-04-19 20:35:40 +00:00
982dbbcfda
- markus@cvs.openbsd.org 2001/04/17 10:53:26
...
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
add HostKeyAlgorithms; based on patch from res@shore.net ; ok provos@
2001-04-17 18:11:36 +00:00
206941fdd8
- markus@cvs.openbsd.org 2001/04/15 08:43:47
...
[dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
some unused variable and typos; from tomh@po.crl.go.jp
2001-04-15 14:27:16 +00:00
5eabda303a
- markus@cvs.openbsd.org 2001/04/12 19:15:26
...
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
sshconnect2.c sshd_config]
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)
2001-04-12 23:34:34 +00:00
a3700050ec
- markus@cvs.openbsd.org 2001/04/05 10:42:57
...
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
sshconnect2.c sshd.c]
fix whitespace: unexpand + trailing spaces.
2001-04-05 23:26:32 +00:00
be2cc43c3a
- markus@cvs.openbsd.org 2001/04/04 20:25:38
...
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
sshconnect2.c sshd.c]
more robust rekeying
don't send channel data after rekeying is started.
2001-04-04 23:46:07 +00:00
8ac9106c3d
- markus@cvs.openbsd.org 2001/04/04 14:34:58
...
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
enable server side rekeying + some rekey related clientup.
todo: we should not send any non-KEX messages after we send KEXINIT
2001-04-04 17:57:54 +00:00
238abf6a14
- markus@cvs.openbsd.org 2001/04/04 09:48:35
...
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
don't sent multiple kexinit-requests.
send newkeys, block while waiting for newkeys.
fix comments.
2001-04-04 17:52:53 +00:00
f28f634a3a
- markus@cvs.openbsd.org 2001/04/04 00:06:54
...
[clientloop.c sshconnect2.c]
enable client rekeying
(1) force rekeying with ~R, or
(2) if the server requests rekeying.
works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
2001-04-04 02:03:04 +00:00
2d90e00309
- markus@cvs.openbsd.org 2001/04/03 23:32:12
...
[kex.c kex.h packet.c sshconnect2.c sshd.c]
undo parts of recent my changes: main part of keyexchange does not
need dispatch-callbacks, since application data is delayed until
the keyexchange completes (if i understand the drafts correctly).
add some infrastructure for re-keying.
2001-04-04 02:00:54 +00:00
20d7c7b02c
- markus@cvs.openbsd.org 2001/04/03 19:53:29
...
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
move kex to kex*.c, used dispatch_set() callbacks for kex. should
make rekeying easier.
2001-04-04 01:56:17 +00:00
a0ff466d80
- OpenBSD CVS Sync
...
- stevesk@cvs.openbsd.org 2001/03/29 21:06:21
[sshconnect2.c sshd.c]
need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
2001-03-30 10:49:35 +10:00
653ae11c4a
- OpenBSD CVS Sync
...
- provos@cvs.openbsd.org 2001/03/29 14:24:59
[sshconnect2.c]
use recommended defaults
2001-03-30 10:49:05 +10:00
2557bfc5d7
- (djm) OpenBSD CVS Sync
...
- provos@cvs.openbsd.org 2001/03/28 21:59:41
[kex.c kex.h sshconnect2.c sshd.c]
forgot to include min and max params in hash, okay markus@
2001-03-30 10:47:14 +10:00
df221391e6
- provos@cvs.openbsd.org 2001/03/27 17:46:50
...
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
make dh group exchange more flexible, allow min and max group size,
okay markus@, deraadt@
2001-03-29 00:36:16 +00:00
d0fca423fc
- markus@cvs.openbsd.org 2001/03/26 08:07:09
...
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
simpler key load/save interface, see authfile.h
2001-03-26 13:44:06 +00:00
c8530c7f5c
- djm@cvs.openbsd.org 2001/03/23 11:04:07
...
[compat.c compat.h sshconnect2.c sshd.c]
Compat for OpenSSH with broken Rijndael/AES. ok markus@
2001-03-24 00:35:19 +00:00
cfccef96a3
- OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2001/03/12 22:02:02
[key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
remove old key_fingerprint interface, s/_ex//
2001-03-13 04:57:58 +00:00
b9be60a722
- markus@cvs.openbsd.org 2001/03/10 17:51:04
...
[kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
add PreferredAuthentications
2001-03-11 01:49:19 +00:00
329782e3db
- markus@cvs.openbsd.org 2001/03/10 12:48:27
...
[sshconnect2.c]
ignore nonexisting private keys; report rjmooney@mediaone.net
2001-03-10 17:08:59 +00:00
266dfdfd62
- markus@cvs.openbsd.org 2001/03/08 21:42:33
...
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
no need to do enter passphrase or do expensive sign operations if the
server does not accept key).
2001-03-09 00:12:22 +00:00
4c4f05e096
- markus@cvs.openbsd.org 2001/03/05 17:17:21
...
[kex.c kex.h sshconnect2.c sshd.c]
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
2001-03-06 01:09:20 +00:00
5699c5f9ac
- markus@cvs.openbsd.org 2001/02/28 09:57:07
...
[packet.c packet.h sshconnect2.c]
in ssh protocol v2 use ignore messages for padding (instead of
trailing \0).
2001-03-05 06:17:49 +00:00
79438cc030
- (djm) OpenBSD CVS:
...
- markus@cvs.openbsd.org 2001/02/15 16:19:59
[channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
[sshconnect1.c sshconnect2.c]
genericize password padding function for SSH1 and SSH2.
add stylized echo to 2, too.
- (djm) Add roundup() macro to defines.h
2001-02-16 12:34:57 +11:00
06b33aa0e8
- markus@cvs.openbsd.org 2001/02/11 12:59:25
...
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
1) clean up the MAC support for SSH-2
2) allow you to specify the MAC with 'ssh -m'
3) or the 'MACs' keyword in ssh(d)_config
4) add hmac-{md5,sha1}-96
ok stevesk@, provos@
2001-02-15 03:01:59 +00:00
03df5bde9c
- markus@cvs.openbsd.org 2001/02/06 22:26:17
...
[sshconnect2.c]
do not ask for passphrase in batch mode; report from ejb@ql.org
- itojun@cvs.opebsd.org 2001/02/08 10:47:05
[sshconnect2.c]
%.30s is too short for IPv6 numeric address. use %.128s for now.
markus ok
- markus@cvs.openbsd.org 2001/02/09 12:28:35
[sshconnect2.c]
do not free twice, thanks to /etc/malloc.conf
- markus@cvs.openbsd.org 2001/02/09 17:10:53
[sshconnect2.c]
partial success: debug->log; "Permission denied" if no more auth methods
- markus@cvs.openbsd.org 2001/02/10 12:09:21
[sshconnect2.c]
remove some lines
2001-02-10 22:16:41 +00:00
e27a5e05b3
- markus@cvs.openbsd.org 2001/01/31 13:48:09
...
[sshconnect2.c]
unused
2001-02-05 15:15:27 +00:00
ef4eea9bad
- stevesk@cvs.openbsd.org 2001/02/04 08:32:27
...
[many files; did this manually to our top-level source dir]
unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
95fb2dde77
- markus@cvs.openbsd.org 2001/01/22 23:06:39
...
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
sshconnect1.c sshconnect2.c sshd.c]
rename skey -> challenge response.
auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
2001-01-23 03:12:10 +00:00
b1985f7279
- (bal) OpenBSD Resync
...
- markus@cvs.openbsd.org 2001/01/22 8:15:00
[auth-krb4.c sshconnect1.c]
only AFS needs radix.[ch]
- markus@cvs.openbsd.org 2001/01/22 8:32:53
[auth2.c]
no need to include; from mouring@etoh.eviladmin.org
- stevesk@cvs.openbsd.org 2001/01/22 16:55:21
[key.c]
free() -> xfree(); ok markus@
- stevesk@cvs.openbsd.org 2001/01/22 17:22:28
[sshconnect2.c sshd.c]
fix memory leaks in SSH2 key exchange; ok markus@
2001-01-23 00:19:15 +00:00
226cfa0378
Hopefully things did not get mixed around too much. It compiles under
...
Linux and works. So that is at least a good sign. =)
20010122
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
[servconf.c ssh.h sshd.c]
only auth-chall.c needs #ifdef SKEY
- markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
[auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
ssh1.h sshconnect1.c sshd.c ttymodes.c]
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
- markus@cvs.openbsd.org 2001/01/19 16:48:14
[sshd.8]
fix typo; from stevesk@
- markus@cvs.openbsd.org 2001/01/19 16:50:58
[ssh-dss.c]
clear and free digest, make consistent with other code (use dlen); from
stevesk@
- markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
[auth-options.c auth-options.h auth-rsa.c auth2.c]
pass the filename to auth_parse_options()
- markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
[readconf.c]
fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
- stevesk@cvs.openbsd.org 2001/01/20 18:20:29
[sshconnect2.c]
dh_new_group() does not return NULL. ok markus@
- markus@cvs.openbsd.org 2001/01/20 21:33:42
[ssh-add.c]
do not loop forever if askpass does not exist; from
andrew@pimlott.ne.mediaone.net
- djm@cvs.openbsd.org 2001/01/20 23:00:56
[servconf.c]
Check for NULL return from strdelim; ok markus
- djm@cvs.openbsd.org 2001/01/20 23:02:07
[readconf.c]
KNF; ok markus
- jakob@cvs.openbsd.org 2001/01/21 9:00:33
[ssh-keygen.1]
remove -R flag; ok markus@
- markus@cvs.openbsd.org 2001/01/21 19:05:40
[atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
key.c key.h log-client.c log-server.c log.c log.h login.c login.h
match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
ttysmodes.c uidswap.c xmalloc.c]
split ssh.h and try to cleanup the #include mess. remove unnecessary
#includes. rename util.[ch] -> misc.[ch]
- (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
- (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
conflict when compiling for non-kerb install
- (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
on 1/19.
2001-01-22 05:34:40 +00:00
d26dcf3371
20010107
...
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/06 11:23:27
[ssh-rsa.c]
remove unused
- itojun@cvs.openbsd.org 2001/01/05 08:23:29
[ssh-keyscan.1]
missing .El
- markus@cvs.openbsd.org 2001/01/04 22:41:03
[session.c sshconnect.c]
consistent use of _PATH_BSHELL; from stevesk@pobox.com
- djm@cvs.openbsd.org 2001/01/04 22:35:32
[ssh.1 sshd.8]
Mention AES as available SSH2 Cipher; ok markus
- markus@cvs.openbsd.org 2001/01/04 22:25:58
[sshd.c]
sync usage()/man with defaults; from stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/04 22:21:26
[sshconnect2.c]
handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
that prints a banner (e.g. /etc/issue.net)
2001-01-06 15:18:16 +00:00
4dccfa5fb7
- (bal) OpenBSD CVS Update
...
- markus@cvs.openbsd.org 2000/12/28 14:25:51
[auth.h auth2.c]
count authentication failures only
- markus@cvs.openbsd.org 2000/12/28 14:25:03
[sshconnect.c]
fingerprint for MITM attacks, too.
- markus@cvs.openbsd.org 2000/12/28 12:03:57
[sshd.8 sshd.c]
document -D
- markus@cvs.openbsd.org 2000/12/27 14:19:21
[serverloop.c]
less chatty
- markus@cvs.openbsd.org 2000/12/27 12:34
[auth1.c sshconnect2.c sshd.c]
typo
- markus@cvs.openbsd.org 2000/12/27 12:30:19
[readconf.c readconf.h ssh.1 sshconnect.c]
new option: HostKeyAlias: allow the user to record the host key
under a different name. This is useful for ssh tunneling over
forwarded connections or if you run multiple sshd's on different
ports on the same machine.
- markus@cvs.openbsd.org 2000/12/27 11:51:53
[ssh.1 ssh.c]
multiple -t force pty allocation, document ORIGINAL_COMMAND
- markus@cvs.openbsd.org 2000/12/27 11:41:31
[sshd.8]
update for ssh-2
2000-12-28 16:40:05 +00:00
46c162204b
One way to massive patch. <sigh> It compiles and works under Linux..
...
And I think I have all the bits right from the OpenBSD tree.
20001222
- Updated RCSID for pty.c
- (bal) OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/12/21 15:10:16
[auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
- markus@cvs.openbsd.org 2000/12/20 19:26:56
[authfile.c]
allow ssh -i userkey for root
- markus@cvs.openbsd.org 2000/12/20 19:37:21
[authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
fix prototypes; from stevesk@pobox.com
- markus@cvs.openbsd.org 2000/12/20 19:32:08
[sshd.c]
init pointer to NULL; report from Jan.Ivan@cern.ch
- markus@cvs.openbsd.org 2000/12/19 23:17:54
[auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
unsigned' with u_char.
2000-12-22 01:43:59 +00:00
6b87586965
- provos@cvs.openbsd.org 2000/12/15 10:30:15
...
[kex.c kex.h sshconnect2.c sshd.c]
compute diffie-hellman in parallel between server and client. okay markus@
2000-12-15 23:31:01 +00:00
Damien Miller
Darren Tucker
Ben Lindstrom
Tim Rice
Kevin Steves