Commit Graph

506 Commits

Author SHA1 Message Date
Darren Tucker 8901fa9c88 - djm@cvs.openbsd.org 2008/06/10 22:15:23
[PROTOCOL ssh.c serverloop.c]
     Add a no-more-sessions@openssh.com global request extension that the
     client sends when it knows that it will never request another session
     (i.e. when session multiplexing is disabled). This allows a server to
     disallow further session requests and terminate the session.
     Why would a non-multiplexing client ever issue additional session
     requests? It could have been attacked with something like SSH'jack:
     http://www.storm.net.nz/projects/7
     feedback & ok markus
2008-06-11 09:34:01 +10:00
Damien Miller b3da593962 - djm@cvs.openbsd.org 2008/05/09 14:26:08
[ssh.c]
     dingo stole my diff hunk
2008-05-19 16:02:37 +10:00
Damien Miller b1cbfa25f1 - djm@cvs.openbsd.org 2008/05/09 14:18:44
[clientloop.c clientloop.h ssh.c mux.c]
     tidy up session multiplexing code, moving it into its own file and
     making the function names more consistent - making ssh.c and
     clientloop.c a fair bit more readable.
     ok markus@
2008-05-19 16:00:08 +10:00
Damien Miller 5771ed7d1b - djm@cvs.openbsd.org 2008/05/08 13:06:11
[clientloop.c clientloop.h ssh.c]
     Use new channel status confirmation callback system to properly deal
     with "important" channel requests that fail, in particular command exec,
     shell and subsystem requests. Previously we would optimistically assume
     that the requests would always succeed, which could cause hangs if they
     did not (e.g. when the server runs out of fds) or were unimplemented by
     the server (bz #1384)
     Also, properly report failing multiplex channel requests via the mux
     client stderr (subject to LogLevel in the mux master) - better than
     silently failing.
     most bits ok markus@ (as part of a larger diff)
2008-05-19 15:35:33 +10:00
Damien Miller b84886ba3e - djm@cvs.openbsd.org 2008/05/08 12:02:23
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
     [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
     [ssh.c sshd.c]
     Implement a channel success/failure status confirmation callback
     mechanism. Each channel maintains a queue of callbacks, which will
     be drained in order (RFC4253 guarantees confirm messages are not
     reordered within an channel).
     Also includes a abandonment callback to clean up if a channel is
     closed without sending confirmation messages. This probably
     shouldn't happen in compliant implementations, but it could be
     abused to leak memory.
     ok markus@ (as part of a larger diff)
2008-05-19 15:05:07 +10:00
Darren Tucker bfaaf960a0 - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
   header to after OpenSSL headers, since some versions of OpenSSL have
   SSLeay_add_all_algorithms as a macro already.
2008-02-28 19:13:52 +11:00
Damien Miller d39a3cffc9 - djm@cvs.openbsd.org 2008/01/19 20:51:26
[ssh.c]
     ignore SIGPIPE in multiplex client mode - we can receive this if the
     server runs out of fds on us midway. Report and patch from
     gregory_shively AT fanniemae.com
2008-02-10 22:23:18 +11:00
Darren Tucker 06321f5d1d - deraadt@cvs.openbsd.org 2007/11/03 02:03:49
[ssh.c]
     avoid errno trashing in signal handler; ok dtucker
2007-12-02 23:22:52 +11:00
Darren Tucker e143f062ba - dtucker@cvs.openbsd.org 2007/11/03 02:00:32
[ssh.c]
     Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@
2007-12-02 23:21:16 +11:00
Darren Tucker b4fbbc6850 - deraadt@cvs.openbsd.org 2007/11/03 01:24:06
[ssh.c]
     bz #1377: getpwuid results were being clobbered by another getpw* call
     inside tilde_expand_filename(); save the data we need carefully
     ok djm
2007-12-02 23:16:32 +11:00
Darren Tucker b776c856aa - dtucker@cvs.openbsd.org 2007/10/29 06:54:50
[ssh.c]
     Make LocalCommand work for Protocol 1 too; ok djm@
2007-12-02 23:06:35 +11:00
Darren Tucker 32e42c74a5 - dtucker@cvs.openbsd.org 2007/10/29 01:55:04
[ssh.c]
     Plug tiny mem leaks in ControlPath and ProxyCommand option processing;
     ok djm@
2007-12-02 23:01:03 +11:00
Damien Miller 67bd062b27 - djm@cvs.openbsd.org 2007/09/04 11:15:56
[ssh.c sshconnect.c sshconnect.h]
     make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
     SSH banner exchange (previously it just covered the TCP connection).
     This allows callers of ssh(1) to better detect and deal with stuck servers
     that accept a TCP connection but don't progress the protocol, and also
     makes ConnectTimeout useful for connections via a ProxyCommand;
     feedback and "looks ok" markus@
2007-09-17 12:06:57 +10:00
Damien Miller 54fd7cf2db - djm@cvs.openbsd.org 2007/09/04 03:21:03
[clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h]
     [monitor_wrap.c ssh.c]
     make file descriptor passing code return an error rather than call fatal()
     when it encounters problems, and use this to make session multiplexing
     masters survive slaves failing to pass all stdio FDs; ok markus@
2007-09-17 12:04:08 +10:00
Damien Miller b3ce9fec30 - djm@cvs.openbsd.org 2007/08/07 07:32:53
[clientloop.c clientloop.h ssh.c]
     bz#1232: ensure that any specified LocalCommand is executed after the
     tunnel device is opened. Also, make failures to open a tunnel device
     fatal when ExitOnForwardFailure is active.
     Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
2007-08-08 14:32:41 +10:00
Darren Tucker 132367f76f - djm@cvs.openbsd.org 2007/06/14 22:48:05
[ssh.c]
     when waiting for the multiplex exit status, read until the master end
     writes an entire int of data *and* closes the client_fd; fixes mux
     regression spotted by dtucker, ok dtucker@
2007-06-25 18:59:17 +10:00
Darren Tucker d989adadd3 - djm@cvs.openbsd.org 2007/06/14 21:43:25
[ssh.c]
     handle EINTR when waiting for mux exit status properly
2007-06-25 18:34:43 +10:00
Darren Tucker 2604749651 - djm@cvs.openbsd.org 2007/06/12 11:45:27
[ssh.c]
     improved exit message from multiplex slave sessions; bz #1262
     reported by alexandre.nunes AT gmail.com; ok dtucker@
2007-06-12 23:44:10 +10:00
Darren Tucker 415bddc1bd - djm@cvs.openbsd.org 2007/06/12 11:15:17
[ssh.c ssh.1]
     Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
     GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
     and is useful for hosts with /home on Kerberised NFS; bz #1312
     patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
2007-06-12 23:43:16 +10:00
Darren Tucker 2cbec749d7 - djm@cvs.openbsd.org 2007/06/12 11:11:08
[ssh.c]
     fix slave exit value when a control master goes away without passing the
     full exit status by ensuring that the slave reads a full int. bz#1261
     reported by frekko AT gmail.com; ok markus@ dtucker@
2007-06-12 23:41:33 +10:00
Damien Miller 80163907ed - stevesk@cvs.openbsd.org 2007/01/03 03:01:40
[auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
     spaces
2007-01-05 16:30:16 +11:00
Damien Miller 952dce6593 - djm@cvs.openbsd.org 2006/10/06 02:29:19
[ssh-agent.c ssh-keyscan.c ssh.c]
     sys/resource.h needs sys/time.h; prompted by brad@
     (NB. Id sync only for portable)
2006-10-24 03:01:16 +10:00
Darren Tucker 46aa3e0ce1 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c
openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
   openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
   for hton* and ntoh* macros.  Required on (at least) HP-UX since we define
   _XOPEN_SOURCE_EXTENDED.  Found by santhi.amirta at gmail com.
2006-09-02 15:32:40 +10:00
Damien Miller ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller 4dec5d75da - stevesk@cvs.openbsd.org 2006/08/01 23:36:12
[authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c]
     clean extra spaces
2006-08-05 11:38:40 +10:00
Damien Miller a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
Damien Miller e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
Damien Miller b8fe89c4d9 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
   [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
   [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
   [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
   [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
   [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
   [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
   [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
   [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
   make the portable tree compile again - sprinkle unistd.h and string.h
   back in. Don't redefine __unused, as it turned out to be used in
   headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-07-24 14:51:00 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller e6b3b610ec - stevesk@cvs.openbsd.org 2006/07/17 01:31:10
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h
2006-07-24 14:01:23 +10:00
Damien Miller 2d00e63cb8 - stevesk@cvs.openbsd.org 2006/07/12 22:42:32
[includes.h ssh.c ssh-rand-helper.c]
     move #include <stddef.h> out of includes.h
2006-07-24 13:53:19 +10:00
Damien Miller be43ebf975 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
     move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
Darren Tucker ba72405026 - stevesk@cvs.openbsd.org 2006/07/11 20:27:56
[authfile.c ssh.c]
     need <errno.h> here also (it's also included in <openssl/err.h>)
2006-07-12 22:24:22 +10:00
Darren Tucker 57f4224677 - stevesk@cvs.openbsd.org 2006/07/11 20:16:43
[ssh.c]
     cast asterisk field precision argument to int to remove warning;
     ok markus@
2006-07-12 22:23:35 +10:00
Darren Tucker e7d4b19f75 - markus@cvs.openbsd.org 2006/07/11 18:50:48
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
     channels.h readconf.c]
     add ExitOnForwardFailure: terminate the connection if ssh(1)
     cannot set up all requested dynamic, local, and remote port
     forwardings. ok djm, dtucker, stevesk, jmc
2006-07-12 22:17:10 +10:00
Darren Tucker 284706a755 - dtucker@cvs.openbsd.org 2006/07/11 10:12:07
[ssh.c]
     Only copy the part of environment variable that we actually use.  Prevents
     ssh bailing when SendEnv is used and an environment variable with a really
     long value exists.  ok djm@
2006-07-12 22:16:23 +10:00
Damien Miller 57cf638577 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
     [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     [sshlogin.c sshpty.c]
     move #include <fcntl.h> out of includes.h
2006-07-10 21:13:46 +10:00
Damien Miller e3b60b524e - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
     [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
     move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:03 +10:00
Damien Miller 9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
Damien Miller b757677d02 - stevesk@cvs.openbsd.org 2006/07/03 08:54:20
[includes.h ssh.c sshconnect.c sshd.c]
     move #include "version.h" out of includes.h; ok markus@
2006-07-10 20:23:39 +10:00
Damien Miller 991dba43e1 - stevesk@cvs.openbsd.org 2006/07/02 17:12:58
[ssh.1 ssh.c ssh_config.5 sshd_config.5]
     more details and clarity for tun(4) device forwarding; ok and help
     jmc@
2006-07-10 20:16:27 +10:00
Darren Tucker 232b76f9f8 - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
     Prevent ssh from trying to open private keys with bad permissions more than
     once or prompting for their passphrases (which it subsequently ignores
     anyway), similar to a previous change in ssh-add.  bz #1186, ok djm@
2006-05-06 17:41:51 +10:00
Damien Miller 6b1d53c2b0 - djm@cvs.openbsd.org 2006/03/30 10:41:25
[ssh.c ssh_config.5]
     add percent escape chars to the IdentityFile option, bz #1159 based
     on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
2006-03-31 23:13:21 +11:00
Damien Miller ddd63ab1d0 - deraadt@cvs.openbsd.org 2006/03/28 00:12:31
[README.tun ssh.c]
     spacing
2006-03-31 23:10:51 +11:00
Damien Miller 57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller 07d86bec5e - djm@cvs.openbsd.org 2006/03/25 00:05:41
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@
2006-03-26 14:19:21 +11:00
Damien Miller 1d2b6706ba - deraadt@cvs.openbsd.org 2006/03/20 18:42:27
[canohost.c match.c ssh.c sshconnect.c]
     be strict with tolower() casting
2006-03-26 14:09:54 +11:00
Damien Miller 9096740f6c - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
     [ssh-rsa.c ssh.c sshlogin.c]
     annoying spacing fixes getting in the way of real diffs
2006-03-26 14:07:26 +11:00
Damien Miller 71a7367130 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
[channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
     [ssh.c sshpty.c sshpty.h]
     sprinkle u_int throughout pty subsystem, ok markus
2006-03-26 14:04:36 +11:00
Damien Miller 4662d3492f - deraadt@cvs.openbsd.org 2006/03/19 18:59:30
[ssh.c]
     spacing
2006-03-26 13:59:59 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller 6645e7a70d - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
   [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/glob.c openbsd-compat/mktemp.c]
   [openbsd-compat/readpassphrase.c] Lots of include fixes for
   OpenSolaris
2006-03-15 14:42:54 +11:00
Damien Miller 2ecb6bd95d - djm@cvs.openbsd.org 2006/03/12 04:23:07
[ssh.c]
     knf nit
2006-03-15 12:03:53 +11:00
Damien Miller c7b06369a8 - stevesk@cvs.openbsd.org 2006/02/22 00:04:45
[canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
     [sshconnect.c]
     move #include <ctype.h> out of includes.h; ok djm@
2006-03-15 11:53:45 +11:00
Damien Miller 6ff3caddb6 oops, this commit is really:
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
     [clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@

the previous was:

   - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
     [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
     [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
     [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
     [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
     [sshconnect2.c sshd.c sshpty.c]
     move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 11:52:09 +11:00
Damien Miller f17883e6a0 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
Damien Miller 574c41fdb3 - stevesk@cvs.openbsd.org 2006/02/20 16:36:15
[authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
     move #include <sys/un.h> out of includes.h; ok djm@
2006-03-15 11:40:10 +11:00
Damien Miller 3ec54c7e58 - djm@cvs.openbsd.org 2006/02/12 06:45:34
[ssh.c ssh_config.5]
     add a %l expansion code to the ControlPath, which is filled in with the
     local hostname at runtime. Requested by henning@ to avoid some problems
     with /home on NFS; ok dtucker@
2006-03-15 11:30:13 +11:00
Damien Miller 17e91c0fb0 - stevesk@cvs.openbsd.org 2006/02/10 00:27:13
[channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c]
     [ssh.c sshd.c sshpty.c]
     move #include <sys/ioctl.h> out of includes.h; ok markus@
2006-03-15 11:28:34 +11:00
Damien Miller cd4223c245 - stevesk@cvs.openbsd.org 2006/02/08 14:31:30
[includes.h ssh-agent.c ssh-keyscan.c ssh.c]
     move #include <sys/resource.h> out of includes.h; ok markus@
2006-03-15 11:22:47 +11:00
Damien Miller 03e2003a23 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
     [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
     [sshd.c sshpty.c]
     move #include <paths.h> out of includes.h; ok markus@
2006-03-15 11:16:59 +11:00
Damien Miller 598bbc2d8f - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
[serverloop.c ssh.c openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
   compatability support for Linux, diff from reyk@
2005-12-31 16:33:36 +11:00
Darren Tucker e9a9b71c6b - dtucker@cvs.openbsd.org 2005/12/20 04:41:07
[ssh.c]
     exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
2005-12-20 16:15:51 +11:00
Damien Miller 7b58e80036 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
     [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
     two changes to the new ssh tunnel support. this breaks compatibility
     with the initial commit but is required for a portable approach.
     - make the tunnel id u_int and platform friendly, use predefined types.
     - support configuration of layer 2 (ethernet) or layer 3
     (point-to-point, default) modes. configuration is done using the
     Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
     restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
     in sshd_config(5).
     ok djm@, man page bits by jmc@
2005-12-13 19:33:19 +11:00
Damien Miller d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Damien Miller 788f212aed - djm@cvs.openbsd.org 2005/10/30 08:52:18
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
     [ssh.c sshconnect.c sshconnect1.c sshd.c]
     no need to escape single quotes in comments, no binary change
2005-11-05 15:14:59 +11:00
Damien Miller aa3bb10940 - djm@cvs.openbsd.org 2005/10/30 04:03:24
[ssh.c]
     fix misleading debug message; ok dtucker@
2005-11-05 15:12:59 +11:00
Damien Miller 15d72a00a3 - stevesk@cvs.openbsd.org 2005/10/14 02:17:59
[ssh-keygen.c ssh.c sshconnect2.c]
     no trailing "\n" for log functions; ok djm@
2005-11-05 15:07:33 +11:00
Darren Tucker 895d698515 - jmc@cvs.openbsd.org 2005/09/19 15:42:44
[ssh.c]
     update -D usage here too;
2005-10-03 18:18:05 +10:00
Darren Tucker ce321d8a30 - djm@cvs.openbsd.org 2005/09/13 23:40:07
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
     ensure that stdio fds are attached; ok deraadt@
2005-10-03 18:11:24 +10:00
Damien Miller be1045dc58 - djm@cvs.openbsd.org 2005/07/30 01:26:16
[ssh.c]
     fix -D listen_host initialisation, so it picks up gateway_ports setting
     correctly
2005-08-12 22:10:56 +10:00
Damien Miller 46d38de48b - djm@cvs.openbsd.org 2005/07/16 01:35:24
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
     [sshconnect.c]
     spacing
2005-07-17 17:02:09 +10:00
Damien Miller 1339002e8b - djm@cvs.openbsd.org 2005/07/04 00:58:43
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
     implement support for X11 and agent forwarding over multiplex slave
     connections. Because of protocol limitations, the slave connections inherit
     the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
     their own.
     ok dtucker@ "put it in" deraadt@
2005-07-06 09:44:19 +10:00
Damien Miller 7c71cc738c - djm@cvs.openbsd.org 2005/06/25 22:47:49
[ssh.c]
     do the default port filling code a few lines earlier, so it really
     does fix %p
2005-06-26 08:56:31 +10:00
Damien Miller 8f74c8fc32 - djm@cvs.openbsd.org 2005/06/18 04:30:36
[ssh.c ssh_config.5]
     allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
2005-06-26 08:56:03 +10:00
Damien Miller 9651fe690a - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2005/06/17 22:53:47
     [ssh.c sshconnect.c]
     Fix ControlPath's %p expanding to "0" for a default port,
     spotted dwmw2 AT infradead.org; ok markus@
2005-06-26 08:55:25 +10:00
Damien Miller 17e7ed0e75 - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2005/06/16 03:38:36
     [channels.c channels.h clientloop.c clientloop.h ssh.c]
     move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd
     easier later; ok deraadt@
2005-06-17 12:54:33 +10:00
Damien Miller d14b1e731c - djm@cvs.openbsd.org 2005/06/08 11:25:09
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
     add ControlMaster=auto/autoask options to support opportunistic
     multiplexing; tested avsm@ and jakob@, ok markus@
2005-06-16 13:19:41 +10:00
Damien Miller 6476cad9bb - djm@cvs.openbsd.org 2005/06/06 11:20:36
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
     introduce a generic %foo expansion function. replace existing % expansion
     and add expansion to ControlPath; ok markus@
2005-06-16 13:18:34 +10:00
Darren Tucker 0814d3136f - djm@cvs.openbsd.org 2005/05/27 08:30:37
[ssh.c]
     fix -O for cases where no ControlPath has been specified or socket at
     ControlPath is not contactable; spotted by and ok avsm@
2005-06-01 23:08:51 +10:00
Damien Miller 538c9b71ec - djm@cvs.openbsd.org 2005/05/10 10:30:43
[ssh.c]
     report real errors on fallback from ControlMaster=no to normal connect
2005-05-26 12:11:28 +10:00
Damien Miller 924c25a64e - djm@cvs.openbsd.org 2005/05/10 10:28:11
[ssh.c]
     print nice error message for EADDRINUSE as well (ID sync only)
2005-05-26 12:09:32 +10:00
Damien Miller dadfd4dd38 - jakob@cvs.openbsd.org 2005/04/26 13:08:37
[ssh.c ssh_config.5]
     fallback gracefully if client cannot connect to ControlPath. ok djm@
2005-05-26 12:07:13 +10:00
Damien Miller ddee575b98 - djm@cvs.openbsd.org 2005/04/21 11:47:19
[ssh.c]
     don't allocate a pty when -n flag (/dev/null stdin) is set, patch from
     ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@
2005-05-26 12:05:05 +10:00
Damien Miller 1b0de9a041 - dtucker@cvs.openbsd.org 2005/04/06 12:26:06
[ssh.c]
     Fix debug call for port forwards; patch from pete at seebeyond.com,
     ok djm@ (ID sync only - change already in portable)
2005-05-26 12:01:22 +10:00
Damien Miller 4f10e25684 - (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used
unix domain socket, so catch that too; from jakob@ ok dtucker@
2005-05-04 15:33:09 +10:00
Darren Tucker 73ba43798a - (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
message on some platforms.  Patch from pete at seebeyond.com via djm.
2005-03-31 21:51:54 +10:00
Darren Tucker 47eede77ed - deraadt@cvs.openbsd.org 2005/03/10 22:01:05
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
     monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
     readconf.c bufaux.c sftp.c]
     spacing
2005-03-14 23:08:12 +11:00
Damien Miller 02faeceb56 - jmc@cvs.openbsd.org 2005/03/01 17:22:06
[ssh.c]
     sync usage() w/ man SYNOPSIS;
     ok markus@
2005-03-02 12:04:32 +11:00
Damien Miller f91ee4c3de - djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
     [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
     [sshd_config.5]
     bz#413: allow optional specification of bind address for port forwardings.
     Patch originally by Dan Astorian, but worked on by several people
     Adds GatewayPorts=clientspecified option on server to allow remote
     forwards to bind to client-specified ports.
2005-03-01 21:24:33 +11:00
Damien Miller 3eb48b6245 - otto@cvs.openbsd.org 2005/02/16 09:56:44
[ssh.c]
     Better diagnostic if an identity file is not accesible. ok markus@ djm@
2005-03-01 21:15:46 +11:00
Darren Tucker 9c6bf325c0 - jmc@cvs.openbsd.org 2004/11/07 17:57:30
[ssh.c]
     usage():
     - add -O
     - sync -S w/ manpage
     - remove -h
2004-12-03 14:10:19 +11:00
Darren Tucker 7ebfc10884 - djm@cvs.openbsd.org 2004/11/07 00:01:46
[clientloop.c clientloop.h ssh.1 ssh.c]
     add basic control of a running multiplex master connection; including the
     ability to check its status and request it to exit; ok markus@
2004-11-07 20:06:19 +11:00
Darren Tucker 39207a46b4 - djm@cvs.openbsd.org 2004/09/23 13:00:04
[ssh.c]
     correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@
2004-11-05 20:19:51 +11:00
Darren Tucker e9bf98412e - deraadt@cvs.openbsd.org 2004/09/15 00:46:01
[ssh.c]
     /* fallthrough */ is something a programmer understands.  But
     /* FALLTHROUGH */ is also understood by lint, so that is better.
2004-11-05 20:05:32 +11:00
Darren Tucker 07336dae94 - djm@cvs.openbsd.org 2004/09/07 23:41:30
[clientloop.c ssh.c]
     cleanup multiplex control socket on SIGHUP too, spotted by sturm@
     ok markus@ deraadt@
2004-11-05 20:02:16 +11:00
Damien Miller 2aa6d3cfce - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
banner. Suggested by deraadt@, ok mouring@, dtucker@
2004-09-12 16:53:04 +10:00
Darren Tucker 27a8f6b056 - dtucker@cvs.openbsd.org 2004/08/23 14:26:38
[ssh-keysign.c ssh.c]
     Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
     change in Portable; ok markus@ (CVS ID sync only)
2004-08-29 16:31:28 +10:00
Darren Tucker 25f60a7ee7 - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
it does the right thing on all platforms.  ok djm@
2004-08-15 17:23:34 +10:00
Darren Tucker 5cb30ad2ec - markus@cvs.openbsd.org 2004/07/28 09:40:29
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
     sshconnect1.c]
     more s/illegal/invalid/
2004-08-12 22:40:24 +10:00
Darren Tucker fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
2004-07-17 16:12:08 +10:00
Darren Tucker ba6de952a0 - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
   openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c.  Reduces
   diff vs OpenBSD; ok mouring@, tested by tim@ too.
2004-07-17 14:07:42 +10:00
Darren Tucker b5bc1a6393 - dtucker@cvs.openbsd.org 2004/06/23 14:31:01
[ssh.c]
     Fix counting in master/slave when passing environment variables; ok djm@
2004-06-24 00:34:53 +10:00
Darren Tucker 3f9fdc7121 - avsm@cvs.openbsd.org 2004/06/21 17:36:31
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
     cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
     monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
     ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
     sshpty.c]
     make ssh -Wshadow clean, no functional changes
     markus@ ok

There are also some portable-specific -Wshadow warnings to be fixed in
monitor.c and montior_wrap.c.
2004-06-22 12:56:01 +10:00
Darren Tucker 365433f883 - djm@cvs.openbsd.org 2004/06/20 17:36:59
[ssh.c]
     filter passed env vars at slave in connection sharing case; ok markus@
2004-06-22 12:29:23 +10:00
Damien Miller b8ea24868f - markus@cvs.openbsd.org 2004/06/18 10:55:43
[ssh.1 ssh.c]
     trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask'; ok djm
2004-06-18 22:21:55 +10:00
Damien Miller 0809e233a4 - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/18 10:40:19
     [ssh.c]
     delay signal handler setup until we have finished talking to the master.
     allow interrupting of setup (e.g. if master is stuck); ok markus@
2004-06-18 22:20:57 +10:00
Darren Tucker ba5c592126 - djm@cvs.openbsd.org 2004/06/17 23:56:57
[ssh.1 ssh.c]
     sync usage() and SYNPOSIS with connection sharing changes
2004-06-18 16:22:39 +10:00
Damien Miller 23f0770a1b - djm@cvs.openbsd.org 2004/06/17 15:10:14
[clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
     Add option for confirmation (ControlMaster=ask) via ssh-askpass before
     opening shared connections; ok markus@
2004-06-18 01:19:03 +10:00
Damien Miller 3756dcee24 - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/17 14:52:48
     [clientloop.c clientloop.h ssh.c]
     support environment passing over shared connections; ok markus@
2004-06-18 01:17:29 +10:00
Damien Miller 07b6ff12c4 - (djm) [ssh.c] Use separate var for address length 2004-06-15 11:14:45 +10:00
Damien Miller 0e220dbfbc - djm@cvs.openbsd.org 2004/06/13 15:03:02
[channels.c channels.h clientloop.c clientloop.h includes.h readconf.c]
     [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5]
     implement session multiplexing in the client (the server has supported
     this since 2.0); ok markus@
2004-06-15 10:34:08 +10:00
Darren Tucker 06f2bd8bde - deraadt@cvs.openbsd.org 2004/05/08 00:01:37
[auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c
     tildexpand.c], removed: sshtty.h tildexpand.h
     make two tiny header files go away; djm ok
2004-05-13 16:06:46 +10:00
Darren Tucker 46bc075474 - djm@cvs.openbsd.org 2004/04/27 09:46:37
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
     ssh_config.5 sshd_config.5]
     bz #815: implement ability to pass specified environment variables from
     the client to the server; ok markus@
2004-05-02 22:11:30 +10:00
Damien Miller 914420fe74 - djm@cvs.openbsd.org 2004/04/19 21:51:49
[ssh.c]
     fix idiot typo that i introduced in my last commit;
     spotted by cschneid AT cschneid.com
2004-04-20 20:14:07 +10:00
Damien Miller 57a4476a69 - djm@cvs.openbsd.org 2004/04/18 23:10:26
[readconf.c readconf.h ssh-keysign.c ssh.c]
     perform strict ownership and modes checks for ~/.ssh/config files,
     as these can be used to execute arbitrary programs; ok markus@
     NB. ssh will now exit when it detects a config with poor permissions
2004-04-20 20:11:57 +10:00
Damien Miller 0c889cd9e9 - markus@cvs.openbsd.org 2004/03/11 10:21:17
[ssh.c sshd.c]
     ssh, sshd: sync version output, ok djm
2004-03-22 09:36:00 +11:00
Damien Miller 5095510e5f - markus@cvs.openbsd.org 2004/03/10 09:45:06
[ssh.c]
     trim usage to match ssh(1) and look more like unix. ok djm@
2004-03-22 09:34:58 +11:00
Damien Miller 3df755e441 - markus@cvs.openbsd.org 2004/03/09 22:11:05
[ssh.c]
     increase x11 cookie lifetime to 20 minutes; ok djm
2004-03-22 09:34:26 +11:00
Damien Miller 509b0107f0 - markus@cvs.openbsd.org 2003/12/16 15:49:51
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
     [ssh.c ssh_config.5]
     application layer keep alive (ServerAliveInterval ServerAliveCountMax)
     for ssh(1), similar to the sshd(8) option; ok beck@; with help from
     jmc and dtucker@
2003-12-17 16:33:10 +11:00
Damien Miller 9836cf8d71 - markus@cvs.openbsd.org 2003/12/09 17:30:05
[ssh.c]
     don't modify argv for ssh -o; similar to sshd.c 1.283
2003-12-17 16:30:06 +11:00
Damien Miller e0113ccc08 - dtucker@cvs.openbsd.org 2003/11/24 00:16:35
[ssh.1 ssh.c]
     Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@
2003-11-24 13:10:09 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Darren Tucker 0a118da00e - markus@cvs.openbsd.org 2003/10/11 08:24:08
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
     remote x11 clients are now untrusted by default, uses xauth(8) to generate
     untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
     ok deraadt; feedback and ok djm/fries
2003-10-15 15:54:32 +10:00
Damien Miller fb10e9abe8 - markus@cvs.openbsd.org 2003/09/01 18:15:50
[readconf.c readconf.h servconf.c servconf.h ssh.c]
     remove unused kerberos code; ok henning@
2003-09-02 22:58:22 +10:00
Damien Miller 59d3d5b8b4 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
-lbroken; ok dtucker
2003-08-22 09:34:41 +10:00
Darren Tucker 1c52ee3e6f - markus@cvs.openbsd.org 2003/08/13 09:07:10
[readconf.c ssh.c]
     socks4->socks, since with support both 4 and 5; dtucker@zip.com.au
2003-08-13 20:38:36 +10:00
Darren Tucker ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker 6aaa58c470 - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/07/22 13:35:22
     [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
     monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
     ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
     remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
     test+ok henning@
 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.

I hope I got this right....
2003-08-02 22:24:49 +10:00
Darren Tucker e98dfa323e - markus@cvs.openbsd.org 2003/07/16 10:34:53
[ssh.c sshd.c]
     don't exit on multiple -v or -d; ok deraadt@
2003-07-19 19:54:31 +10:00
Darren Tucker 0a4f04b5b2 - djm@cvs.openbsd.org 2003/07/03 08:09:06
[readconf.c readconf.h ssh-keysign.c ssh.c]
     fix AddressFamily option in config file, from brent@graveland.net;
     ok markus@
2003-07-03 20:37:47 +10:00
Darren Tucker 3f521e21c0 - markus@cvs.openbsd.org 2003/07/02 20:37:48
[ssh.c]
     convert hostkeyalias to lowercase, otherwise uppercase aliases will
     not match at all; ok henning@
2003-07-03 16:20:42 +10:00
Damien Miller 56a0bb07c4 - markus@cvs.openbsd.org 2003/06/12 19:12:03
[scard.c scard.h ssh-agent.c ssh.c]
     add sc_get_key_label; larsch at trustcenter.de; bugzilla#591
2003-06-18 20:28:40 +10:00
Damien Miller 7e1bbc55af - (djm) Remove IPv4 by default hack now that we can specify AF in config 2003-05-18 20:52:40 +10:00
Damien Miller 6e80c36e2a - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/05/15 13:52:10
     [ssh.c]
     Make "ssh -V" print the OpenSSL version in a human readable form. Patch
     from Craig Leres (mindrot at ee.lbl.gov); ok markus@
2003-05-16 11:38:00 +10:00
Damien Miller 1ea7166019 - (djm) Bug #258: sscanf("[0-9]") -> sscanf("[0123456789]") for portability 2003-05-14 22:33:58 +10:00
Damien Miller b1ca8bb159 - markus@cvs.openbsd.org 2003/05/11 20:30:25
[channels.c clientloop.c serverloop.c session.c ssh.c]
     make channel_new() strdup the 'remote_name' (not the caller); ok theo
2003-05-14 13:45:42 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller 9f1e33a6b2 - markus@cvs.openbsd.org 2003/02/06 09:27:29
[ssh.c ssh_config.5]
     support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@
2003-02-24 11:57:32 +11:00
Ben Lindstrom b9fa691819 - millert@cvs.openbsd.org 2002/12/09 16:50:30
[ssh.c]
     Avoid setting optind to 0 as GNU getopt treats that like we do optreset.
     markus@ OK
2002-12-23 02:24:54 +00:00
Ben Lindstrom c276c1208e - markus@cvs.openbsd.org 2002/11/27 17:53:35
[scp.c sftp.c ssh.c]
     allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp;
     http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
2002-12-23 02:14:51 +00:00
Ben Lindstrom 604dc72890 - markus@cvs.openbsd.org 2002/11/21 23:04:33
[ssh.c]
     debug->debug2
2002-12-23 02:08:57 +00:00
Damien Miller 8c4e18a6ec - djm@cvs.openbsd.org 2002/09/19 01:58:18
[ssh.c sshconnect.c]
     bugzilla.mindrot.org #223 - ProxyCommands don't exit.
     Patch from dtucker@zip.com.au; ok markus@
2002-09-19 12:05:02 +10:00
Damien Miller 789e95dbe9 - stevesk@cvs.openbsd.org 2002/09/11 18:27:26
[authfd.c authfd.h ssh.c]
     don't connect to agent to test for presence if we've previously
     connected; ok markus@
2002-09-12 09:52:46 +10:00
Damien Miller 50b9a60082 - stevesk@cvs.openbsd.org 2002/08/29 19:49:42
[ssh.c]
     shrink initial privilege bracket for setuid case; ok markus@
2002-09-04 16:50:06 +10:00
Damien Miller 147bba3453 - stevesk@cvs.openbsd.org 2002/08/29 16:02:54
[ssh.1 ssh.c]
     deprecate -P as UsePrivilegedPort defaults to no now; ok markus@
2002-09-04 16:46:06 +10:00
Ben Lindstrom ee8d52d008 - stevesk@cvs.openbsd.org 2002/07/19 17:42:40
[ssh.c]
     display a warning from ssh when XAuthLocation does not exist or xauth
     returned no authentication data. ok markus@
2002-07-23 21:03:02 +00:00
Ben Lindstrom 5d35a2f582 - markus@cvs.openbsd.org 2002/07/03 14:21:05
[ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
     re-enable ssh-keysign's sbit, but make ssh-keysign read
     /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
     globally. based on discussions with deraadt, itojun and sommerfeld;
     ok itojun@
2002-07-04 00:19:40 +00:00
Ben Lindstrom a962c2fb35 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
      monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
      sshconnect2.c sshd.c]
     minor KNF
2002-07-04 00:14:17 +00:00
Ben Lindstrom da394cae04 - markus@cvs.openbsd.org 2002/06/12 01:09:52
[ssh.c]
     ssh_connect returns 0 on success
2002-06-12 16:11:12 +00:00
Ben Lindstrom 2415757253 - markus@cvs.openbsd.org 2002/06/11 23:03:54
[ssh.c]
     remove unused cruft.
2002-06-12 16:09:39 +00:00
Ben Lindstrom 1aa6427c0f - (bal) Cygwin fix up from swap uid clean up in ssh.c patch by
vinschen@redhat.com
2002-06-11 20:28:05 +00:00
Ben Lindstrom f9c4884c8e - markus@cvs.openbsd.org 2002/06/11 04:14:26
[ssh.c sshconnect.c sshconnect.h]
     no longer use uidswap.[ch] from the ssh client
     run less code with euid==0 if ssh is installed setuid root
     just switch the euid, don't switch the complete set of groups
     (this is only needed by sshd). ok provos@
2002-06-11 16:37:51 +00:00
Ben Lindstrom 4daea86fd4 - markus@cvs.openbsd.org 2002/06/08 05:17:01
[readconf.c readconf.h ssh.1 ssh.c]
     deprecate FallBackToRsh and UseRsh; patch from djm@
2002-06-09 20:04:02 +00:00
Ben Lindstrom ece420413b - markus@cvs.openbsd.org 2002/06/08 05:07:56
[ssh.c]
     nuke ptrace comment
2002-06-09 20:00:09 +00:00
Ben Lindstrom 9e5bb579f9 - markus@cvs.openbsd.org 2002/05/23 19:39:34
[ssh.c]
     add comment about ssh-keysign
2002-06-06 19:58:27 +00:00
Ben Lindstrom 1bad256822 - markus@cvs.openbsd.org 2002/05/23 19:24:30
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
     add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
     authentication in protocol v2 (needs to access the hostkeys).

Note: Makefile.in untested.  Will test after merge is finished.
2002-06-06 19:57:33 +00:00
Ben Lindstrom f666fec2d5 - deraadt@cvs.openbsd.org 2002/05/22 23:18:25
[ssh.c sshd.c]
     spelling; abishoff@arc.nasa.gov
2002-06-06 19:51:58 +00:00
Ben Lindstrom fac7769f64 - stevesk@cvs.openbsd.org 2002/05/16 22:09:59
[session.c ssh.c]
     don't limit xauth pathlen on client side and longer print length on
     server when debug; ok markus@
2002-06-06 19:49:54 +00:00
Damien Miller 2797f7f03a - markus@cvs.openbsd.org 2002/04/22 21:04:52
[channels.c clientloop.c clientloop.h ssh.c]
     request reply (success/failure) for -R style fwd in protocol v2,
     depends on ordered replies.
     fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@
2002-04-23 21:09:44 +10:00
Ben Lindstrom eb041dca1f - markus@cvs.openbsd.org 2002/03/26 11:37:05
[ssh.c]
     update Copyright
2002-03-27 17:20:38 +00:00
Ben Lindstrom 4f054607f0 - markus@cvs.openbsd.org 2002/03/25 21:04:02
[ssh.c]
     simplify num_identity_files handling
2002-03-26 03:23:00 +00:00
Ben Lindstrom 0936a5bb72 - markus@cvs.openbsd.org 2002/03/25 17:34:27
[scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
     change sc_get_key to sc_get_keys and hide smartcard details in scard.c
2002-03-26 03:17:42 +00:00
Ben Lindstrom ba72d30aa5 - rees@cvs.openbsd.org 2002/03/21 22:44:05
[authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
     Add PIN-protection for secret key.
2002-03-22 03:51:06 +00:00
Ben Lindstrom 6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
2002-03-22 02:54:23 +00:00
Damien Miller 19a5945105 - markus@cvs.openbsd.org 2002/02/14 23:28:00
[channels.h session.c ssh.c]
     increase the SSH v2 window size to 4 packets. comsumes a little
     bit more memory for slow receivers but increases througput.
2002-02-19 15:20:57 +11:00
Damien Miller 4860650842 - markus@cvs.openbsd.org 2002/02/07 09:35:39
[ssh.c]
     remove bogus comments
2002-02-08 22:07:33 +11:00
Damien Miller 699d003e3a - markus@cvs.openbsd.org 2002/02/06 14:55:16
[channels.c clientloop.c serverloop.c ssh.c]
     channel_new never returns NULL, mouring@; ok djm@
2002-02-08 22:07:16 +11:00
Damien Miller a500cd608e - markus@cvs.openbsd.org 2002/02/05 14:32:55
[channels.c channels.h ssh.c]
     merge channel_request() into channel_request_start()
2002-02-08 22:04:26 +11:00
Damien Miller 67f0bc043c - markus@cvs.openbsd.org 2002/02/03 17:58:21
[channels.c channels.h ssh.c]
     generic callbacks are not really used, remove and
     add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
     ok djm@
2002-02-05 12:23:08 +11:00
Damien Miller 35b13d633b - stevesk@cvs.openbsd.org 2002/01/27 18:08:17
[ssh.c]
     handle simple case to identify FamilyLocal display; ok markus@
2002-02-05 12:12:09 +11:00
Damien Miller b16461ce45 - markus@cvs.openbsd.org 2002/01/16 13:17:51
[channels.c channels.h serverloop.c ssh.c]
     wrapper for channel_setup_fwd_listener
2002-01-22 23:29:22 +11:00
Damien Miller 630d6f4479 - markus@cvs.openbsd.org 2001/12/28 15:06:00
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
     remove plen from the dispatch fn. it's no longer used.
2002-01-22 23:17:30 +11:00
Damien Miller dff5099f13 - markus@cvs.openbsd.org 2001/12/28 14:50:54
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
Damien Miller 48b03fc546 - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
Damien Miller 66823cddbe - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:38 +11:00
Damien Miller 278f907a2d - djm@cvs.openbsd.org 2001/12/20 22:50:24
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
     [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
     [sshconnect2.c]
     Conformance fix: we should send failing packet sequence number when
     responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
     yakk@yakk.dot.net; ok markus@
2001-12-21 15:00:19 +11:00
Damien Miller 5a6b4fe225 - stevesk@cvs.openbsd.org 2001/12/19 17:16:13
[authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c]
     change the buffer/packet interface to use void* vs. char*; ok markus@
2001-12-21 14:56:54 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom 4a4bd719ea - stevesk@cvs.openbsd.org 2001/11/30 20:39:28
[ssh.c]
     sscanf() length dependencies are clearer now; can also shrink proto
     and data if desired, but i have not done that.  ok markus@
2001-12-06 17:45:19 +00:00
Damien Miller 07cd5897f9 - markus@cvs.openbsd.org 2001/10/24 08:51:35
[clientloop.c ssh.c]
     ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
2001-11-12 10:52:03 +11:00
Damien Miller 595bb4f572 - markus@cvs.openbsd.org 2001/10/24 08:41:20
[ssh.c]
     remove unused
2001-11-12 10:51:40 +11:00
Damien Miller 139d4cd908 - markus@cvs.openbsd.org 2001/10/09 10:12:08
[session.c]
     chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
2001-10-10 15:07:44 +10:00
Ben Lindstrom 908afed17f - markus@cvs.openbsd.org 2001/10/01 21:38:53
[channels.c channels.h ssh.c sshd.c]
     remove ugliness; vp@drexel.edu via angelos
2001-10-03 17:34:59 +00:00
Ben Lindstrom 83f07d1954 - markus@cvs.openbsd.org 2001/09/28 15:46:29
[ssh.c]
     bug: read user config first; report kaukasoi@elektroni.ee.tut.fi
2001-10-03 17:22:29 +00:00
Ben Lindstrom 40a0d20913 - (bal) Removed 'extern int optopt;' since it is dead wood. 2001-09-24 22:04:02 +00:00
Ben Lindstrom 5ccf63a974 - (bal) updated ssh.c to mirror minor getopts 'extern int' formating done
by stevesk@
2001-09-24 20:00:10 +00:00
Ben Lindstrom f558cf6580 - markus@cvs.openbsd.org 2001/09/20 13:50:40
[compat.c compat.h ssh.c]
     bug compat: request a dummy channel for -N (no shell) sessions +
     cleanup; vinschen@redhat.com
2001-09-20 23:13:49 +00:00
Ben Lindstrom edc0cf26d1 - stevesk@cvs.openbsd.org 2001/09/03 20:58:33
[readconf.c readconf.h ssh.c]
     fatal() for nonexistent -Fssh_config. ok markus@
2001-09-12 18:32:20 +00:00
Ben Lindstrom 1a1747172e - stevesk@cvs.openbsd.org 2001/08/29 23:27:23
[ssh.c]
     validate ports for -L/-R; ok markus@
2001-09-12 17:56:15 +00:00
Ben Lindstrom 19ceb17040 - stevesk@cvs.openbsd.org 2001/08/29 23:13:10
[ssh.1 ssh.c]
     document -D and DynamicForward; ok markus
2001-09-12 17:54:24 +00:00
Ben Lindstrom 14f31ab947 - markus@cvs.openbsd.org 2001/08/28 15:39:48
[ssh.1 ssh.c]
     allow: ssh -F configfile host
2001-09-12 17:48:04 +00:00
Ben Lindstrom 930b14a28e - jakob@cvs.openbsd.org 2001/08/11 22:51:27
[ssh.c tildexpand.c]
     fix more paths beginning with "//"; <bradshaw@staff.crosswalk.com>.
     ok markus@
2001-08-15 23:19:21 +00:00
Ben Lindstrom bcc1808bf2 - jakob@cvs.openbsd.org 2001/08/02 16:14:05
[scard.c ssh-agent.c ssh.c ssh-keygen.c]
     clean up some /* SMARTCARD */. ok markus@
2001-08-06 21:59:25 +00:00
Ben Lindstrom ffce147638 - jakob@cvs.openbsd.org 2001/08/02 15:43:57
[ssh-agent.c ssh.c ssh-keygen.c]
     add /* SMARTCARD */ to #else/#endif. ok markus@
2001-08-06 21:57:31 +00:00
Ben Lindstrom 61eb9568b3 - jakob@cvs.openbsd.org 2001/08/02 15:32:10
[ssh.c]
     add smartcard to usage(). ok markus@
2001-08-06 21:53:42 +00:00
Ben Lindstrom a6c8a8d4d5 - markus@cvs.openbsd.org 2001/08/01 23:38:45
[scard.c ssh.c]
     support finish rsa keys.
     free public keys after login -> call finish -> close smartcard.
2001-08-06 21:42:00 +00:00
Ben Lindstrom f7db3bb64c - markus@cvs.openbsd.org 2001/08/01 22:03:33
[authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c
      ssh-agent.c ssh.c]
     use strings instead of ints for smartcard reader ids
2001-08-06 21:35:51 +00:00
Ben Lindstrom ae996bf7d1 - jakob@cvs.openbsd.org 2001/07/31 09:28:44
[readconf.c readconf.h ssh.1 ssh.c]
     add 'SmartcardDevice' client option to specify which smartcard device
     is used to access a smartcard used for storing the user's private RSA
     key. ok markus@.
2001-08-06 21:27:53 +00:00
Ben Lindstrom 711b04a56a - millert@cvs.openbsd.org 2001/07/27 14:50:45
[ssh.c]
     If smart card support is compiled in and a smart card is being used
     for authentication, make it the first method used.  markus@ OK
2001-08-06 21:12:42 +00:00
Ben Lindstrom f9cedb9ca0 - markus@cvs.openbsd.org 2001/07/25 14:35:18
[readconf.c ssh.1 ssh.c sshconnect.c]
     cleanup connect(); connection_attempts 4 -> 1; from
eivind@freebsd.org
2001-08-06 21:07:11 +00:00
Damien Miller 4f8e66929b - (djm) Pull in getopt(3) from OpenBSD libc for the optreset extension. 2001-07-14 13:22:53 +10:00
Damien Miller 1b73448d6d - markus@cvs.openbsd.org 2001/07/11 16:29:59
[ssh.c]
     sort options string, fix -p, add -k
2001-07-14 12:21:07 +10:00
Damien Miller f4614450d1 - OpenBSD CVS Sync
- fgsch@cvs.openbsd.org 2001/07/09 05:58:47
     [ssh.c]
     Use getopt(3); markus@ ok.
2001-07-14 12:18:10 +10:00
Kevin Steves 08ccf9d08c whitespace sync 2001-07-04 17:52:01 +00:00
Ben Lindstrom c5b680018b - markus@cvs.openbsd.org 2001/06/26 20:14:11
[key.c key.h ssh.c sshconnect1.c sshconnect2.c]
     add smartcard support to the client, too (now you can use both
     the agent and the client).
2001-07-04 04:52:03 +00:00
Ben Lindstrom bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
2001-06-25 05:01:22 +00:00
Ben Lindstrom 6ab6486273 - markus@cvs.openbsd.org 2001/06/22 23:35:21
[ssh.c]
     don't overwrite argv (fixes ssh user@host in 'ps'), report by ericj@
2001-06-25 04:26:55 +00:00
Ben Lindstrom 664408d2a7 - markus@cvs.openbsd.org 2001/06/07 20:23:05
[authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c
      sshconnect.c sshconnect1.c]
     use xxx_put_cstring()
2001-06-09 01:42:01 +00:00
Ben Lindstrom c763767f18 [NOTE: Next patch will sync nchan.c, channels.c and channels.h and all this
pain will be over.]
   - markus@cvs.openbsd.org 2001/05/31 10:30:17
     [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
      packet.c serverloop.c session.c ssh.c]
     undo the .c file split, just merge the header and keep the cvs
     history
2001-06-09 00:36:26 +00:00
Ben Lindstrom 5ec2645a2d - markus@cvs.openbsd.org 2001/05/30 15:20:10
[ssh.c]
     merge functions, simplify.
2001-06-09 00:18:51 +00:00
Ben Lindstrom e6455aee8f [NOTE: File split is was not done in Portabl Tree]
- markus@cvs.openbsd.org 2001/05/30 12:55:13
     [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
      packet.c serverloop.c session.c ssh.c ssh1.h]
     channel layer cleanup: merge header files and split .c files
2001-06-09 00:17:10 +00:00
Ben Lindstrom 3b89c5ef89 - markus@cvs.openbsd.org 2001/05/28 08:04:39
[ssh.c]
     fix usage()
2001-06-05 20:44:16 +00:00
Ben Lindstrom 2b1f71baee - stevesk@cvs.openbsd.org 2001/05/24 18:57:53
[clientloop.c readconf.c ssh.c ssh.h]
     don't perform escape processing when ``EscapeChar none''; ok markus@
2001-06-05 20:32:21 +00:00
Ben Lindstrom 99c73b377a - markus@cvs.openbsd.org 2001/05/04 23:47:34
[channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
     move to Channel **channels (instead of Channel *channels), fixes realloc
     problems.  channel_new now returns a Channel *, favour Channel * over
     channel id.  remove old channel_allocate interface.
2001-05-05 04:09:47 +00:00
Ben Lindstrom e0f8804194 - markus@cvs.openbsd.org 2001/04/30 11:18:52
[readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
     implement 'ssh -b bind_address' like 'telnet -b'
2001-04-30 13:06:24 +00:00
Ben Lindstrom 2b261b9035 - markus@cvs.openbsd.org 2001/04/17 12:55:04
[channels.c ssh.c]
     undo socks5 and https support since they are not really used and
     only bloat ssh.  remove -D from usage(), since '-D' is experimental.
2001-04-17 18:14:34 +00:00
Ben Lindstrom ae8e2d30db - stevesk@cvs.openbsd.org 2001/04/14 16:33:20
[clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h]
     protocol 2 tty modes support; ok markus@
2001-04-14 23:13:02 +00:00
Ben Lindstrom 92d4a02001 - stevesk@cvs.openbsd.org 2001/04/13 01:26:17
[ssh.c]
     missing \n in error message
2001-04-13 04:44:37 +00:00
Ben Lindstrom 19066a112b - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
     robust port validation; ok markus@ jakob@
2001-04-12 23:39:26 +00:00
Ben Lindstrom 5eabda303a - markus@cvs.openbsd.org 2001/04/12 19:15:26
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
      compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
      servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
      sshconnect2.c sshd_config]
     implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
     similar to RhostRSAAuthentication unless you enable (the experimental)
     HostbasedUsesNameFromPacketOnly option.  please test. :)
2001-04-12 23:34:34 +00:00
Ben Lindstrom 2b646528cb - markus@cvs.openbsd.org 2001/04/12 14:29:09
[ssh.c]
     show debug output during option processing, report from
     pekkas@netcore.fi
2001-04-12 16:16:57 +00:00
Ben Lindstrom 6fa9d10ed5 - markus@cvs.openbsd.org 2001/04/11 13:56:13
[channels.c ssh.c]
     https-connect and socks5 support. i feel so bad.
2001-04-11 23:08:17 +00:00
Ben Lindstrom 146edb9832 - markus@cvs.openbsd.org 2001/04/11 10:59:01
[ssh.c]
     use strtol() for ports, thanks jakob@
2001-04-11 23:06:28 +00:00
Ben Lindstrom 3bb4f9da73 - markus@cvs.openbsd.org 2001/04/07 08:55:18
[buffer.c channels.c channels.h readconf.c ssh.c]
     allow the ssh client act as a SOCKS4 proxy (dynamic local
     portforwarding).  work by Dan Kaminsky <dankamin@cisco.com> and me.
     thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
     netscape use localhost:1080 as a socks proxy.
2001-04-08 18:30:26 +00:00
Ben Lindstrom 3fcf1a22b5 - markus@cvs.openbsd.org 2001/04/06 21:00:17
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
      ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
     do gid/groups-swap in addition to uid-swap, should help if /home/group
     is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
     to olar@openwall.com is comments.  we had many requests for this.
2001-04-08 18:26:59 +00:00
Ben Lindstrom 4c3f77dd3b - markus@cvs.openbsd.org 2001/04/05 21:05:24
[clientloop.c ssh.c]
     don't request a session for 'ssh -N', pointed out slade@shore.net
2001-04-05 23:37:36 +00:00
Ben Lindstrom d0fca423fc - markus@cvs.openbsd.org 2001/03/26 08:07:09
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
      sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
     simpler key load/save interface, see authfile.h
2001-03-26 13:44:06 +00:00
Damien Miller 60bc517356 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
do it implicitly.
2001-03-19 09:38:15 +11:00
Ben Lindstrom 266dfdfd62 - markus@cvs.openbsd.org 2001/03/08 21:42:33
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
     implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
     no need to do enter passphrase or do expensive sign operations if the
     server does not accept key).
2001-03-09 00:12:22 +00:00
Ben Lindstrom 6df8ef4196 - millert@cvs.openbsd.org 2001/03/04 17:42:28
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
      ssh.c sshconnect.c sshd.c]
     log functions should not be passed strings that end in newline as they
     get passed on to syslog() and when logging to stderr, do_log() appends
     its own newline.
2001-03-05 07:47:23 +00:00
Ben Lindstrom 3d73a34931 - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
[ssh.c]
     add -m to usage; ok markus@
2001-03-05 07:39:01 +00:00
Ben Lindstrom 8a432f5fe0 - markus@cvs.openbsd.org 2001/03/03 23:59:34
[log.c ssh.c]
     log*.c -> log.c
2001-03-05 07:24:46 +00:00
Ben Lindstrom 4040fe10a9 - markus@cvs.openbsd.org 2001/03/01 22:46:37
[ssh.c]
     don't truncate remote ssh-2 commands; from mkubita@securities.cz
     use min, not max for logging, fixes overflow.
2001-03-05 06:52:57 +00:00
Ben Lindstrom 0ab2a01079 - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
[ssh.c]
     shorten usage by a line
2001-03-05 06:45:21 +00:00
Ben Lindstrom 086cf214cf - markus@cvs.openbsd.org 2001/02/22 21:59:44
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
     use pwcopy in ssh.c, too
2001-03-05 05:56:40 +00:00
Ben Lindstrom 87af95b3e7 - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
[ssh.c]
     -i supports DSA identities now; ok markus@
2001-03-05 05:04:57 +00:00
Damien Miller 225736c73a - OpenBSD CVS Sync:
- reinhard@cvs.openbsd.org        2001/02/17 08:24:40
     [sftp.1]
     typo
   - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
     [ssh.c]
     cleanup -V output; noted by millert
   - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
     [sshd.8]
     it's the OpenSSH one
   - markus@cvs.openbsd.org  2001/02/18 11:33:54
     [dispatch.c]
     typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
   - markus@cvs.openbsd.org  2001/02/19 02:53:32
     [compat.c compat.h serverloop.c]
     ssh-1.2.{18-22} has broken handling of ignore messages; report from
     itojun@
   - markus@cvs.openbsd.org  2001/02/19 03:35:23
     [version.h]
     OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
   - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
     [scp.c]
     np is changed by recursion; vinschen@redhat.com
2001-02-19 21:51:08 +11:00
Ben Lindstrom 06b33aa0e8 - markus@cvs.openbsd.org 2001/02/11 12:59:25
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
     1) clean up the MAC support for SSH-2
     2) allow you to specify the MAC with 'ssh -m'
     3) or the 'MACs' keyword in ssh(d)_config
     4) add hmac-{md5,sha1}-96
             ok stevesk@, provos@
2001-02-15 03:01:59 +00:00
Ben Lindstrom 8fd10b0f13 - markus@cvs.openbsd.org 2001/02/10 1:46:28
[ssh.c]
     remove mapping of argv[0] -> hostname
2001-02-10 22:11:13 +00:00
Ben Lindstrom 1e7d30611b - markus@cvs.openbsd.org 2001/02/06 22:07:42
[ssh.c]
     fatal() if subsystem fails
   - markus@cvs.openbsd.org 2001/02/06 22:43:02
     [ssh.c]
     remove confusing callback code
   - jakob@cvs.openbsd.org 2001/02/06 23:03:24
     [ssh.c]
     add -1 option (force protocol version 1). ok markus@
   - jakob@cvs.openbsd.org 2001/02/06 23:06:21
     [ssh.c]
     reorder -{1,2,4,6} options. ok markus@
2001-02-09 02:36:43 +00:00
Ben Lindstrom 31ca54aa86 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
sync with netbsd tree changes.
     - more strict prototypes, include necessary headers
     - use paths.h/pathnames.h decls
     - size_t typecase to int -> u_long
2001-02-09 02:11:24 +00:00
Kevin Steves 12057500cc - markus@cvs.openbsd.org 2001/01/31 13:37:24
[channels.c channels.h serverloop.c ssh.c]
     do not disconnect if local port forwarding fails, e.g. if port is already in
     use
   - markus@cvs.openbsd.org  2001/02/01 14:58:09
     [channels.c]
     use ipaddr in channel messages, ietf-secsh wants this
   - markus@cvs.openbsd.org  2001/01/31 12:26:20
     [channels.c]
     ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE messages;
     bug report from edmundo@rano.org
2001-02-05 14:54:34 +00:00
Kevin Steves adf74cdeca - deraadt@cvs.openbsd.org 2001/02/04 16:56:23
[scp.c sshd.c]
     alpha happiness
   - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
     [sshd.c]
     precedence; ok markus@
    - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
     [ssh.c sshd.c]
     make the alpha happy
2001-02-05 14:22:50 +00:00
Kevin Steves ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
Damien Miller 832562e9ba - djm@cvs.openbsd.org 2001/01/29 05:36:11
[ssh.1 ssh.c]
     Allow invocation of sybsystem by commandline (-s); ok markus@
2001-01-30 09:30:01 +11:00
Ben Lindstrom 226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Ben Lindstrom bf555ba621 NOTE: This update changes the RSA key generation. *NEW RSA KEYS
NEED TO BE GENERATED*  =)  Refer to to entry "2001/01/16 19:20:06"
      for more details.

20010118
 - (bal) Super Sized OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
     [sshd.c]
     maxfd+1
   - markus@cvs.openbsd.org 2001/01/13 17:59:18
     [ssh-keygen.1]
     small ssh-keygen manpage cleanup; stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:03:07
     [scp.c ssh-keygen.c sshd.c]
     getopt() returns -1 not EOF; stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:06:54
     [ssh-keyscan.c]
     use SSH_DEFAULT_PORT; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:12:47
     [ssh-keyscan.c]
     free() -> xfree(); fix memory leak; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:14:13
     [ssh-add.c]
     typo, from stevesk@sweden.hp.com
   - markus@cvs.openbsd.org 2001/01/13 18:32:50
     [packet.c session.c ssh.c sshconnect.c sshd.c]
     split out keepalive from packet_interactive (from dale@accentre.com)
     set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
   - markus@cvs.openbsd.org 2001/01/13 18:36:45
     [packet.c packet.h]
     reorder, typo
   - markus@cvs.openbsd.org 2001/01/13 18:38:00
     [auth-options.c]
     fix comment
   - markus@cvs.openbsd.org 2001/01/13 18:43:31
     [session.c]
     Wall
   - markus@cvs.openbsd.org 2001/01/13 19:14:08
     [clientloop.h clientloop.c ssh.c]
     move callback to headerfile
   - markus@cvs.openbsd.org 2001/01/15 21:40:10
     [ssh.c]
     use log() instead of stderr
   - markus@cvs.openbsd.org 2001/01/15 21:43:51
     [dh.c]
     use error() not stderr!
   - markus@cvs.openbsd.org 2001/01/15 21:45:29
     [sftp-server.c]
     rename must fail if newpath exists, debug off by default
   - markus@cvs.openbsd.org 2001/01/15 21:46:38
     [sftp-server.c]
     readable long listing for sftp-server, ok deraadt@
   - markus@cvs.openbsd.org 2001/01/16 19:20:06
     [key.c ssh-rsa.c]
     make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
     galb@vandyke.com.  note that you have to delete older ssh2-rsa keys,
     since they are in the wrong format, too. they must be removed from
     .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
     (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
     .ssh/authorized_keys2) additionally, we now check that
     BN_num_bits(rsa->n) >= 768.
   - markus@cvs.openbsd.org 2001/01/16 20:54:27
     [sftp-server.c]
     remove some statics. simpler handles; idea from nisse@lysator.liu.se
   - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
     [bufaux.c radix.c sshconnect.h sshconnect1.c]
     indent
 - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
   be missing such feature.
2001-01-18 02:04:35 +00:00