Commit Graph

341 Commits

Author SHA1 Message Date
Damien Miller 4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
2003-05-14 15:11:48 +10:00
Damien Miller 2372ace572 - markus@cvs.openbsd.org 2003/04/14 14:17:50
[channels.c sshconnect.c sshd.c ssh-keyscan.c]
     avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
2003-05-14 13:42:23 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Darren Tucker c437cda328 - (dtucker) Bug #536: Test for and work around openpty/controlling tty
problem on Linux (fixes "could not set controlling tty" errors).

Also renames STREAMS_PUSH_ACQUIRES_CTTY to the more generic SSHD_ACQUIRES_CTTY
and moves the Solaris-specific comments to configure.ac.
2003-05-10 17:05:46 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller 933cc8fb9c - (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and
dtucker@zip.com.au
2003-03-10 11:38:10 +11:00
Damien Miller 8e7fb33523 - markus@cvs.openbsd.org 2003/02/16 17:09:57
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
     split kex into client and server code, no need to link
     server code into the client; ok provos@
2003-02-24 12:03:03 +11:00
Damien Miller 180fc5b236 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/01/27 17:06:31
     [sshd.c]
     more specific error message when /var/empty has wrong permissions;
     bug #46, map@appgate.com; ok henning@, provos@, stevesk@
2003-02-24 11:50:18 +11:00
Damien Miller a8ed44b79e - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More
systems may be added later.
2003-01-10 09:53:12 +11:00
Ben Lindstrom c2faa4a504 - markus@cvs.openbsd.org 2002/11/07 16:28:47
[sshd.c]
     log to stderr if -ie is given, bug #414, prj@po.cwru.edu
2002-11-09 15:50:03 +00:00
Damien Miller e9264973ad - (djm) OpenBSD CVS Sync
- mickey@cvs.openbsd.org 2002/09/27 10:42:09
     [compat.c compat.h sshd.c]
     add a generic match for a prober, such as sie big brother;
     idea from stevesk@; markus@ ok
2002-09-30 11:59:21 +10:00
Damien Miller d27a76de65 - markus@cvs.openbsd.org 2002/09/25 15:19:02
[sshd.c]
     typo; pilot@monkey.org
2002-09-27 13:22:31 +10:00
Tim Rice 81ed518b9b Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
Damien Miller e1383cee9d - stevesk@cvs.openbsd.org 2002/09/13 19:23:09
[channels.c sshconnect.c sshd.c]
     remove use of SO_LINGER, it should not be needed. error check
     SO_REUSEADDR. fixup comments. ok markus@
2002-09-19 11:49:37 +10:00
Ben Lindstrom 41daec7538 - stevesk@cvs.openbsd.org 2002/07/23 16:03:10
[sshd.c]
     utmp_len is unsigned; display error consistent with other options.
     ok markus@
2002-07-23 21:15:13 +00:00
Ben Lindstrom 264ee307a8 - markus@cvs.openbsd.org 2002/07/19 15:43:33
[log.c log.h session.c sshd.c]
     remove fatal cleanups after fork; based on discussions with and code
     from solar.
2002-07-23 21:01:56 +00:00
Ben Lindstrom 232ccf7754 - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync
with Cray (mostly #ifdef renaming).  Patch by wendyp@cray.com.
2002-07-22 23:34:25 +00:00
Tim Rice 9dd30817ef [acconfig.h configure.ac sshd.c] s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/ 2002-07-07 13:43:36 -07:00
Ben Lindstrom a962c2fb35 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
      monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
      sshconnect2.c sshd.c]
     minor KNF
2002-07-04 00:14:17 +00:00
Ben Lindstrom 5a9d0eaba6 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16
[auth2.c session.c sshd.c]
     lint asks that we use names that do not overlap
2002-07-04 00:12:53 +00:00
Ben Lindstrom 810af968b8 - deraadt@cvs.openbsd.org 2002/06/28 23:05:06
[sshd.c]
     gidset[2] -> gidset[1]; markus ok
2002-07-04 00:11:40 +00:00
Ben Lindstrom fbbfa8422f - deraadt@cvs.openbsd.org 2002/06/28 10:08:25
[sshd.c]
     range check -u option at invocation
2002-07-04 00:10:34 +00:00
Ben Lindstrom 596273516c - (bal) Cygwin uid0 fix by vinschen@redhat.com 2002-06-27 18:02:21 +00:00
Ben Lindstrom fbcc3f71f2 - markus@cvs.openbsd.org 2002/06/25 18:51:04
[sshd.c]
     lightweight do_setusercontext after chroot()
2002-06-25 23:24:18 +00:00
Tim Rice 8eff319298 [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
for Cygwin, Cray, & SCO
2002-06-25 15:35:15 -07:00
Ben Lindstrom 822b634099 - deraadt@cvs.openbsd.org 2002/06/23 10:29:52
[ssh-agent.c sshd.c]
     some minor KNF and %u
2002-06-23 21:38:49 +00:00
Ben Lindstrom 5c3855210e - deraadt@cvs.openbsd.org 2002/06/23 03:30:58
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
      sshpty.c]
     various KNF and %d for unsigned
2002-06-23 21:23:20 +00:00
Ben Lindstrom 57f08005d3 - stevesk@cvs.openbsd.org 2002/06/22 20:05:27
[sshd.c]
     don't call setsid() if debugging or run from inetd; no "Operation not
     permitted" errors now; ok millert@ markus@
2002-06-23 00:37:10 +00:00
Ben Lindstrom 2dfacb3d40 - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
[sshd.c]
     check /var/empty owner mode; ok provos@
2002-06-23 00:33:47 +00:00
Ben Lindstrom 23e0f667f8 - markus@cvs.openbsd.org 2002/06/20 23:05:56
[servconf.c servconf.h session.c sshd.c]
     allow Compression=yes/no in sshd_config
2002-06-21 01:09:47 +00:00
Ben Lindstrom 837461bf9a - (bal) Build noop setgroups() for cygwin to clean up code (For other
platforms without the setgroups() requirement, you MUST define
   SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
2002-06-12 16:57:14 +00:00
Ben Lindstrom ce0f634270 - mpech@cvs.openbsd.org 2002/06/11 05:46:20
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
     pid_t cleanup. Markus need this now to keep hacking.
     markus@, millert@ ok
2002-06-11 16:42:49 +00:00
Ben Lindstrom a26ea63f8a - markus@cvs.openbsd.org 2002/05/29 11:21:57
[sshd.c]
     don't start if privsep is enabled and SSH_PRIVSEP_USER or
     _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
2002-06-06 20:46:25 +00:00
Ben Lindstrom f666fec2d5 - deraadt@cvs.openbsd.org 2002/05/22 23:18:25
[ssh.c sshd.c]
     spelling; abishoff@arc.nasa.gov
2002-06-06 19:51:58 +00:00
Kevin Steves bc5bb55755 - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups() 2002-05-21 17:59:13 +00:00
Kevin Steves c5041acef3 - (stevesk) [sshd.c] bug 245; disable setsid() for now 2002-05-21 17:50:21 +00:00
Ben Lindstrom 7339b2a278 - mouring@cvs.openbsd.org 2002/05/15 15:47:49
[kex.c monitor.c monitor_wrap.c sshd.c]
     'monitor' variable clashes with at least one lame platform (NeXT).  i
     Renamed to 'pmonitor'.  provos@
 - (bal) Fixed up PAM case.  I think.
2002-05-15 16:25:01 +00:00
Ben Lindstrom 17401b6b77 - millert@cvs.openbsd.org 2002/05/13 15:53:19
[sshd.c]
     Call setsid() in the child after sshd accepts the connection and forks.
     This is needed for privsep which calls setlogin() when it changes uids.
     Without this, there is a race where the login name of an existing
     connection, as returned by getlogin(), may be changed to the privsep
     user (sshd).  markus@ OK
2002-05-15 16:17:56 +00:00
Damien Miller 87aea25f1a - (djm) Try to drop supplemental groups at daemon startup. Patch from
RedHat
2002-05-10 12:20:24 +10:00
Kevin Steves 0ea1d9d1f2 - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
support.  bug #184.  most from dcole@keysoftsys.com.
2002-04-25 18:17:04 +00:00
Damien Miller 0150c65830 - djm@cvs.openbsd.org 2002/04/23 22:16:29
[sshd.c]
     Improve error message; ok markus@ stevesk@
2002-04-24 09:49:09 +10:00
Ben Lindstrom 47fd8112b5 - markus@cvs.openbsd.org 2002/03/30 18:51:15
[monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
     check waitpid for EINTR; based on patch from peter@ifm.liu.se
2002-04-02 20:48:19 +00:00
Ben Lindstrom f90f58d846 - stevesk@cvs.openbsd.org 2002/03/23 20:57:26
[sshd.c]
     setproctitle() after preauth child; ok markus@
2002-03-26 01:53:03 +00:00
Ben Lindstrom 943481cc77 - markus@cvs.openbsd.org 2002/03/21 21:23:34
[sshd.c]
     add privsep_preauth() and remove 1 goto; ok provos@
2002-03-22 03:43:46 +00:00
Ben Lindstrom 1ee9ec32a3 - markus@cvs.openbsd.org 2002/03/21 10:21:20
[ssh-add.c]
     ignore errors for nonexisting default keys in ssh-add,
     fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
2002-03-22 03:14:45 +00:00
Ben Lindstrom c743134191 - stevesk@cvs.openbsd.org 2002/03/20 19:12:25
[servconf.c servconf.h ssh.h sshd.c]
     for unprivileged user, group do:
     pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw).  ok provos@
2002-03-22 03:11:49 +00:00
Ben Lindstrom 6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
2002-03-22 02:54:23 +00:00
Ben Lindstrom 08105192fd - markus@cvs.openbsd.org 2002/03/19 10:35:39
[auth-options.c auth.h session.c session.h sshd.c]
     clean up prototypes
2002-03-22 02:50:06 +00:00
Ben Lindstrom 7a7edf77ed - stevesk@cvs.openbsd.org 2002/03/19 03:03:43
[pathnames.h servconf.c servconf.h sshd.c]
     _PATH_PRIVSEP_CHROOT_DIR; ok provos@
2002-03-22 02:42:37 +00:00
Ben Lindstrom 7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
2002-03-22 02:30:41 +00:00
Ben Lindstrom 73ab9ba45d - provos@cvs.openbsd.org 2002/03/18 01:12:14
[auth.h auth1.c auth2.c sshd.c]
     have the authentication functions return the authentication context
     and then do_authenticated; okay millert@
2002-03-22 01:27:35 +00:00
Ben Lindstrom abcb145b38 - markus@cvs.openbsd.org 2002/03/14 16:38:26
[sshd.c]
     split out ssh1 session key decryption; ok provos@
2002-03-22 01:10:21 +00:00
Damien Miller 3a5b023330 Stupid djm commits experimental code to head instead of branch
revert
2002-03-13 13:19:42 +11:00
Damien Miller 646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00
Ben Lindstrom 733a2351f5 - stevesk@cvs.openbsd.org 2002/02/27 21:23:13
[canohost.c channels.c packet.c sshd.c]
     remove unneeded casts in [gs]etsockopt(); ok markus@
2002-03-05 01:31:28 +00:00
Ben Lindstrom 13c5d3b370 - stevesk@cvs.openbsd.org 2002/02/24 16:09:52
[sshd.c]
     use u_char* here; ok markus@
2002-02-26 18:00:48 +00:00
Damien Miller 6a47f30c55 - markus@cvs.openbsd.org 2002/02/11 16:19:39
[sshd.c]
     include md5.h not hmac.h
2002-02-13 13:55:06 +11:00
Damien Miller 654c03fd06 - markus@cvs.openbsd.org 2002/02/11 16:17:55
[sshd.c]
     do not complain about port > 1024 if rhosts-auth is disabled
2002-02-13 13:54:44 +11:00
Damien Miller 5aa5d78e40 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/02/04 12:15:25
     [sshd.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
2002-02-08 22:01:54 +11:00
Damien Miller 0e3b87279c - markus@cvs.openbsd.org 2002/01/13 17:57:37
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
     use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2002-01-22 23:26:38 +11:00
Damien Miller dff5099f13 - markus@cvs.openbsd.org 2001/12/28 14:50:54
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
Damien Miller d432ccf740 - markus@cvs.openbsd.org 2001/12/28 13:57:33
[auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
     packet_get_bignum* no longer returns a size
2002-01-22 23:14:44 +11:00
Damien Miller 48b03fc546 - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
Damien Miller 66823cddbe - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:38 +11:00
Damien Miller da7551677b - markus@cvs.openbsd.org 2001/12/27 18:22:16
[auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
     call fatal() for openssl allocation failures
2002-01-22 23:09:22 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Damien Miller 72c336def6 - stevesk@cvs.openbsd.org 2001/12/10 16:45:04
[sshd.c]
     possible fd leak on error; ok markus@
2001-12-21 12:44:28 +11:00
Ben Lindstrom ade03f6bad - markus@cvs.openbsd.org 2001/12/06 13:30:06
[servconf.c servconf.h sshd.8 sshd.c]
     add -o to sshd, too. ok deraadt@
 - (bal) Minor white space fix up in servconf.c
2001-12-06 18:22:17 +00:00
Ben Lindstrom 1c37c6a518 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
     minor KNF
2001-12-06 18:00:18 +00:00
Ben Lindstrom f8f065bc75 - itojun@cvs.openbsd.org 2001/12/05 03:50:01
[clientloop.c serverloop.c sshd.c]
     deal with LP64 printf issue with sig_atomic_t.  from thorpej
2001-12-06 17:52:16 +00:00
Ben Lindstrom 5e71c54b8c - markus@cvs.openbsd.org 2001/11/22 12:34:22
[clientloop.c serverloop.c sshd.c]
     volatile sig_atomic_t
2001-12-06 16:48:14 +00:00
Ben Lindstrom d84df989db - markus@cvs.openbsd.org 2001/11/19 11:20:21
[sshd.c]
     fd leak on HUP; ok stevesk@
2001-12-06 16:35:40 +00:00
Ben Lindstrom 0795848def - deraadt@cvs.openbsd.org 2001/11/14 20:45:08
[sshd.c]
     errno saving wrapping in a signal handler
2001-12-06 16:19:01 +00:00
Damien Miller 6a4a4b9290 - markus@cvs.openbsd.org 2001/11/10 13:19:45
[sshd.c]
     cleanup libwrap support (remove bogus comment, bogus close(), add debug, etc).
2001-11-12 11:07:11 +11:00
Damien Miller e4a0ff4748 - markus@cvs.openbsd.org 2001/11/09 19:08:35
[sshd.c]
     remove extra trailing dot from log message; pilot@naughty.monkey.org
2001-11-12 11:06:54 +11:00
Damien Miller 00b61645eb - markus@cvs.openbsd.org 2001/10/24 08:41:41
[sshd.c]
     mention remote port in debug message
2001-11-12 10:51:23 +11:00
Ben Lindstrom 1bae404457 - stevesk@cvs.openbsd.org 2001/10/02 22:56:09
[sshd.c]
     #include "channels.h" for channel_set_af()
2001-10-03 17:46:39 +00:00
Ben Lindstrom 908afed17f - markus@cvs.openbsd.org 2001/10/01 21:38:53
[channels.c channels.h ssh.c sshd.c]
     remove ugliness; vp@drexel.edu via angelos
2001-10-03 17:34:59 +00:00
Damien Miller ffbe69890d - (djm) Revert setgroups call, it causes problems on OS-X 2001-09-18 14:03:03 +10:00
Damien Miller ebf989e601 - (djm) Clear supplemental groups at sshd start to prevent them from
being propogated to random PAM modules. Based on patch from Redhat via
   Pekka Savola <pekkas@netcore.fi>
2001-09-15 21:12:49 +10:00
Ben Lindstrom ce89dacda8 - camield@cvs.openbsd.org 2001/08/23 17:59:31
[sshd.c]
     end request with 0, not NULL
     ok markus@
2001-09-12 16:58:04 +00:00
Ben Lindstrom 6db66ff387 - (bal) Second around of UNICOS patches. A few other things left.
Patches by William L. Jones <jones@mail.utexas.edu>
2001-08-06 23:29:16 +00:00
Ben Lindstrom 794325ac7a - stevesk@cvs.openbsd.org 2001/07/26 17:18:22
[sshd.8 sshd.c]
     add -t option to test configuration file and keys; pekkas@netcore.fi
     ok markus@
2001-08-06 21:09:07 +00:00
Ben Lindstrom ec95ed9b4c - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
      servconf.c servconf.h session.c sshconnect1.c sshd.c]
     Kerberos v5 support for SSH1, mostly from Assar Westerlund
     <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-07-04 04:21:14 +00:00
Ben Lindstrom 980978639c - markus@cvs.openbsd.org 2001/06/23 19:12:43
[sshd.c]
     pidfile/sigterm race; bbraun@synack.net
2001-06-25 05:10:20 +00:00
Ben Lindstrom bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
2001-06-25 05:01:22 +00:00
Ben Lindstrom ec46e0b5fd - markus@cvs.openbsd.org 2001/06/04 23:07:21
[clientloop.c serverloop.c sshd.c]
     set flags in the signal handlers, do real work in the main loop,
     ok provos@
2001-06-09 01:27:31 +00:00
Ben Lindstrom 80c6d77085 - markus@cvs.openbsd.org 2001/05/28 23:58:35
[packet.c packet.h sshconnect.c sshd.c]
     remove some lines, simplify.
2001-06-05 21:09:18 +00:00
Ben Lindstrom 1bda4c835e - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
[misc.c misc.h servconf.c sshd.8 sshd.c]
     sshd command-line arguments and configuration file options that
     specify time may be expressed using a sequence of the form:
     time[qualifier], where time is a positive integer value and qualifier
     is one of the following:
         <none>,s,m,h,d,w
     Examples:
         600     600 seconds (10 minutes)
         10m     10 minutes
         1h30m   1 hour 30 minutes (90 minutes)
     ok markus@
2001-06-05 19:59:08 +00:00
Ben Lindstrom 551ea37576 - markus@cvs.openbsd.org 2001/05/18 14:13:29
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
      readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
     improved kbd-interactive support. work by per@appgate.com and me
2001-06-05 18:56:16 +00:00
Ben Lindstrom 15f33866a6 - markus@cvs.openbsd.org 2001/04/15 16:58:03
[authfile.c ssh-keygen.c sshd.c]
     don't use errno for key_{load,save}_private; discussion w/ solar@openwall
2001-04-16 02:00:02 +00:00
Ben Lindstrom 206941fdd8 - markus@cvs.openbsd.org 2001/04/15 08:43:47
[dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
     some unused variable and typos; from tomh@po.crl.go.jp
2001-04-15 14:27:16 +00:00
Ben Lindstrom 19066a112b - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
     robust port validation; ok markus@ jakob@
2001-04-12 23:39:26 +00:00
Ben Lindstrom 9fce9f02e8 - lebel@cvs.openbsd.org 2001/04/11 16:25:30
[sshd.8 sshd.c]
     implement the -e option into sshd:
      -e      When this option is specified, sshd will send the output to the
              standard error instead of the system log.
     markus@ OK.
2001-04-11 23:10:09 +00:00
Ben Lindstrom a3700050ec - markus@cvs.openbsd.org 2001/04/05 10:42:57
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
      mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
      sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
      sshconnect2.c sshd.c]
     fix whitespace: unexpand + trailing spaces.
2001-04-05 23:26:32 +00:00
Ben Lindstrom be2cc43c3a - markus@cvs.openbsd.org 2001/04/04 20:25:38
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
      sshconnect2.c sshd.c]
     more robust rekeying
     don't send channel data after rekeying is started.
2001-04-04 23:46:07 +00:00
Ben Lindstrom 8ac9106c3d - markus@cvs.openbsd.org 2001/04/04 14:34:58
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
     enable server side rekeying + some rekey related clientup.
     todo: we should not send any non-KEX messages after we send KEXINIT
2001-04-04 17:57:54 +00:00
Ben Lindstrom 238abf6a14 - markus@cvs.openbsd.org 2001/04/04 09:48:35
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
     don't sent multiple kexinit-requests.
     send newkeys, block while waiting for newkeys.
     fix comments.
2001-04-04 17:52:53 +00:00
Ben Lindstrom 2d90e00309 - markus@cvs.openbsd.org 2001/04/03 23:32:12
[kex.c kex.h packet.c sshconnect2.c sshd.c]
     undo parts of recent my changes: main part of keyexchange does not
     need dispatch-callbacks, since application data is delayed until
     the keyexchange completes (if i understand the drafts correctly).
     add some infrastructure for re-keying.
2001-04-04 02:00:54 +00:00
Ben Lindstrom 20d7c7b02c - markus@cvs.openbsd.org 2001/04/03 19:53:29
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
     move kex to kex*.c, used dispatch_set() callbacks for kex. should
     make rekeying easier.
2001-04-04 01:56:17 +00:00
Damien Miller ff75ac4d68 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2001/03/29 23:42:01
     [sshd.c]
     Protocol 1 key regeneration log => verbose, some KNF; ok markus@
2001-03-30 10:50:32 +10:00
Damien Miller a0ff466d80 - OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2001/03/29 21:06:21
     [sshconnect2.c sshd.c]
     need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
2001-03-30 10:49:35 +10:00
Damien Miller 2557bfc5d7 - (djm) OpenBSD CVS Sync
- provos@cvs.openbsd.org 2001/03/28 21:59:41
     [kex.c kex.h sshconnect2.c sshd.c]
     forgot to include min and max params in hash, okay markus@
2001-03-30 10:47:14 +10:00
Ben Lindstrom 7de696e798 - markus@cvs.openbsd.org 2001/03/28 20:50:45
[sshd.c]
     call refuse() before close(); from olemx@ans.pl
2001-03-29 00:45:12 +00:00
Ben Lindstrom df221391e6 - provos@cvs.openbsd.org 2001/03/27 17:46:50
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
     make dh group exchange more flexible, allow min and max group size,
     okay markus@, deraadt@
2001-03-29 00:36:16 +00:00
Ben Lindstrom 425fb02f20 - markus@cvs.openbsd.org 2001/03/27 10:34:08
[ssh-rsa.c sshd.c]
     use EVP_get_digestbynid, reorder some calls and fix missing free.
2001-03-29 00:31:20 +00:00
Ben Lindstrom d0fca423fc - markus@cvs.openbsd.org 2001/03/26 08:07:09
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
      sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
     simpler key load/save interface, see authfile.h
2001-03-26 13:44:06 +00:00
Ben Lindstrom de71cda078 - markus@cvs.openbsd.org 2001/03/23 14:28:32
[session.c sshd.c]
     ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
2001-03-24 00:43:26 +00:00
Ben Lindstrom c8530c7f5c - djm@cvs.openbsd.org 2001/03/23 11:04:07
[compat.c compat.h sshconnect2.c sshd.c]
     Compat for OpenSSH with broken Rijndael/AES. ok markus@
2001-03-24 00:35:19 +00:00
Ben Lindstrom 69d8c077d4 - deraadt@cvs.openbsd.org 2001/03/22 20:22:55
[sshd.c]
     do not place linefeeds in buffer
2001-03-22 22:45:33 +00:00
Damien Miller 27dbe6f37e - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
[compat.c compat.h sshd.c]
     specifically version match on ssh scanners.  do not log scan
     information to the console
2001-03-19 22:36:20 +11:00
Damien Miller 60bc517356 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
do it implicitly.
2001-03-19 09:38:15 +11:00
Ben Lindstrom ca42d5fb7f - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
[sshd.c]
     typo; slade@shore.net
2001-03-09 18:25:32 +00:00
Ben Lindstrom 4c4f05e096 - markus@cvs.openbsd.org 2001/03/05 17:17:21
[kex.c kex.h sshconnect2.c sshd.c]
     generate a 2*need size (~300 instead of 1024/2048) random private
     exponent during the DH key agreement. according to Niels (the great
     german advisor) this is safe since /etc/primes contains strong
     primes only.

     References:
             P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
             agreement with short exponents, In Advances in Cryptology
             - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
2001-03-06 01:09:20 +00:00
Ben Lindstrom 6df8ef4196 - millert@cvs.openbsd.org 2001/03/04 17:42:28
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
      ssh.c sshconnect.c sshd.c]
     log functions should not be passed strings that end in newline as they
     get passed on to syslog() and when logging to stderr, do_log() appends
     its own newline.
2001-03-05 07:47:23 +00:00
Ben Lindstrom 9c5324422e - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c 2001-03-05 07:33:14 +00:00
Ben Lindstrom 941ac82e16 - markus@cvs.openbsd.org 2001/02/28 21:21:41
[sshd.c]
     generate a fake session id, too
2001-03-05 06:25:23 +00:00
Ben Lindstrom eb648a749b - markus@cvs.openbsd.org 2001/02/23 18:15:13
[sshd.c]
     the random session key depends now on the session_key_int
     sent by the 'attacker'
             dig1 = md5(cookie|session_key_int);
             dig2 = md5(dig1|cookie|session_key_int);
             fake_session_key = dig1|dig2;
     this change is caused by a mail from anakin@pobox.com
     patch based on discussions with my german advisor niels@openbsd.org
2001-03-05 06:00:29 +00:00
Ben Lindstrom a9a29e1bed - deraadt@cvs.openbsd.org 2001/02/19 23:09:05
[sshd.c]
     clarify message to make it not mention "ident"
2001-02-20 01:20:47 +00:00
Ben Lindstrom d95c09cc83 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
pty.[ch] -> sshpty.[ch]
2001-02-18 19:13:33 +00:00
Damien Miller 0a4e27d583 - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
Miskiewicz <misiek@pld.ORG.PL>
2001-02-18 12:36:39 +11:00
Ben Lindstrom 5393f9360d - markus@cvs.openbsd.org 2001/02/12 23:26:20
[sshd.c]
    missing memset; from solar@openwall.com
2001-02-15 03:17:13 +00:00
Ben Lindstrom 06b33aa0e8 - markus@cvs.openbsd.org 2001/02/11 12:59:25
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
     1) clean up the MAC support for SSH-2
     2) allow you to specify the MAC with 'ssh -m'
     3) or the 'MACs' keyword in ssh(d)_config
     4) add hmac-{md5,sha1}-96
             ok stevesk@, provos@
2001-02-15 03:01:59 +00:00
Ben Lindstrom f79aeffe3b - markus@cvs.openbsd.org 2001/02/07 22:35:46
[auth1.c auth2.c sshd.c]
     move k_setpag() to a central place; ok dugsong@
2001-02-10 21:27:11 +00:00
Ben Lindstrom 31ca54aa86 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
sync with netbsd tree changes.
     - more strict prototypes, include necessary headers
     - use paths.h/pathnames.h decls
     - size_t typecase to int -> u_long
2001-02-09 02:11:24 +00:00
Kevin Steves adf74cdeca - deraadt@cvs.openbsd.org 2001/02/04 16:56:23
[scp.c sshd.c]
     alpha happiness
   - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
     [sshd.c]
     precedence; ok markus@
    - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
     [ssh.c sshd.c]
     make the alpha happy
2001-02-05 14:22:50 +00:00
Kevin Steves ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
Damien Miller 7650bc6842 - (djm) OpenBSD CVS Sync:
- markus@cvs.openbsd.org  2001/01/29 12:47:32
     [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
     handle rsa_private_decrypt failures; helps against the Bleichenbacher
     pkcs#1 attack
2001-01-30 09:27:26 +11:00
Ben Lindstrom d53902049e - markus@cvs.openbsd.org 2001/01/28 10:37:26
[sshd.c]
     remove -Q, no longer needed
2001-01-29 08:07:43 +00:00
Ben Lindstrom 95fb2dde77 - markus@cvs.openbsd.org 2001/01/22 23:06:39
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
      sshconnect1.c sshconnect2.c sshd.c]
     rename skey -> challenge response.
     auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
2001-01-23 03:12:10 +00:00
Ben Lindstrom b1985f7279 - (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/22 8:15:00
     [auth-krb4.c sshconnect1.c]
     only AFS needs radix.[ch]
   - markus@cvs.openbsd.org 2001/01/22 8:32:53
     [auth2.c]
     no need to include; from mouring@etoh.eviladmin.org
   - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
     [key.c]
     free() -> xfree(); ok markus@
   - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
     [sshconnect2.c sshd.c]
     fix memory leaks in SSH2 key exchange; ok markus@
2001-01-23 00:19:15 +00:00
Ben Lindstrom 226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Ben Lindstrom cf0809d644 Removed one more 'ISSUE' comment in auth1.c
20010120
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26
     [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
2001-01-19 15:44:10 +00:00
Ben Lindstrom db65e8fded Please grep through the source and look for 'ISSUE' comments and verify
that I was able to get all the portable bits in the right location.  As for
the SKEY comment there is an email out to Markus as to how it should be
resolved.  Until then I just #ifdef SKEY/#endif out the whole block.

 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/18 16:20:21
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
      sshd.8 sshd.c]
     log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
     systems
   - markus@cvs.openbsd.org 2001/01/18 16:59:59
     [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
      session.h sshconnect1.c]
     1) removes fake skey from sshd, since this will be much
        harder with /usr/libexec/auth/login_XXX
     2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
     3) make addition of BSD_AUTH and other challenge reponse methods
        easier.
   - markus@cvs.openbsd.org 2001/01/18 17:12:43
     [auth-chall.c auth2-chall.c]
     rename *-skey.c *-chall.c since the files are not skey specific
2001-01-19 04:26:52 +00:00
Ben Lindstrom bf555ba621 NOTE: This update changes the RSA key generation. *NEW RSA KEYS
NEED TO BE GENERATED*  =)  Refer to to entry "2001/01/16 19:20:06"
      for more details.

20010118
 - (bal) Super Sized OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
     [sshd.c]
     maxfd+1
   - markus@cvs.openbsd.org 2001/01/13 17:59:18
     [ssh-keygen.1]
     small ssh-keygen manpage cleanup; stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:03:07
     [scp.c ssh-keygen.c sshd.c]
     getopt() returns -1 not EOF; stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:06:54
     [ssh-keyscan.c]
     use SSH_DEFAULT_PORT; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:12:47
     [ssh-keyscan.c]
     free() -> xfree(); fix memory leak; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:14:13
     [ssh-add.c]
     typo, from stevesk@sweden.hp.com
   - markus@cvs.openbsd.org 2001/01/13 18:32:50
     [packet.c session.c ssh.c sshconnect.c sshd.c]
     split out keepalive from packet_interactive (from dale@accentre.com)
     set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
   - markus@cvs.openbsd.org 2001/01/13 18:36:45
     [packet.c packet.h]
     reorder, typo
   - markus@cvs.openbsd.org 2001/01/13 18:38:00
     [auth-options.c]
     fix comment
   - markus@cvs.openbsd.org 2001/01/13 18:43:31
     [session.c]
     Wall
   - markus@cvs.openbsd.org 2001/01/13 19:14:08
     [clientloop.h clientloop.c ssh.c]
     move callback to headerfile
   - markus@cvs.openbsd.org 2001/01/15 21:40:10
     [ssh.c]
     use log() instead of stderr
   - markus@cvs.openbsd.org 2001/01/15 21:43:51
     [dh.c]
     use error() not stderr!
   - markus@cvs.openbsd.org 2001/01/15 21:45:29
     [sftp-server.c]
     rename must fail if newpath exists, debug off by default
   - markus@cvs.openbsd.org 2001/01/15 21:46:38
     [sftp-server.c]
     readable long listing for sftp-server, ok deraadt@
   - markus@cvs.openbsd.org 2001/01/16 19:20:06
     [key.c ssh-rsa.c]
     make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
     galb@vandyke.com.  note that you have to delete older ssh2-rsa keys,
     since they are in the wrong format, too. they must be removed from
     .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
     (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
     .ssh/authorized_keys2) additionally, we now check that
     BN_num_bits(rsa->n) >= 768.
   - markus@cvs.openbsd.org 2001/01/16 20:54:27
     [sftp-server.c]
     remove some statics. simpler handles; idea from nisse@lysator.liu.se
   - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
     [bufaux.c radix.c sshconnect.h sshconnect1.c]
     indent
 - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
   be missing such feature.
2001-01-18 02:04:35 +00:00
Ben Lindstrom 2f959b4cd1 20010112
- (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/10 22:56:22
     [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
     cleanup sftp-server implementation:
	     add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
	     parse SSH2_FILEXFER_ATTR_EXTENDED
	     send SSH2_FX_EOF if readdir returns no more entries
	     reply to SSH2_FXP_EXTENDED message
	     use #defines from the draft
	     move #definations to sftp.h
     more info:
     http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
   - markus@cvs.openbsd.org 2001/01/10 19:43:20
     [sshd.c]
     XXX - generate_empheral_server_key() is not safe against races,
     because it calls log()
   - markus@cvs.openbsd.org 2001/01/09 21:19:50
     [packet.c]
     allow TCP_NDELAY for ipv6; from netbsd via itojun@
2001-01-11 06:20:23 +00:00
Ben Lindstrom a383baac46 20010108
- (bal) Fixed another typo in cli.c
 - (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/07 21:26:55
     [cli.c]
     typo
   - markus@cvs.openbsd.org 2001/01/07 21:26:55
     [cli.c]
     missing free, stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/07 19:06:25
     [auth1.c]
     missing free, stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/07 11:28:04
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
      ssh.h sshd.8 sshd.c]
     rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
     syslog priority changes:
             fatal() LOG_ERR  -> LOG_CRIT
             log()   LOG_INFO -> LOG_NOTICE
2001-01-08 06:13:41 +00:00
Ben Lindstrom d26dcf3371 20010107
- (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/06 11:23:27
     [ssh-rsa.c]
     remove unused
   - itojun@cvs.openbsd.org 2001/01/05 08:23:29
     [ssh-keyscan.1]
     missing .El
   - markus@cvs.openbsd.org 2001/01/04 22:41:03
     [session.c sshconnect.c]
     consistent use of _PATH_BSHELL; from stevesk@pobox.com
   - djm@cvs.openbsd.org 2001/01/04 22:35:32
     [ssh.1 sshd.8]
     Mention AES as available SSH2 Cipher; ok markus
   - markus@cvs.openbsd.org 2001/01/04 22:25:58
     [sshd.c]
     sync usage()/man with defaults; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/04 22:21:26
     [sshconnect2.c]
     handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
     that prints a banner (e.g. /etc/issue.net)
2001-01-06 15:18:16 +00:00
Ben Lindstrom 4dccfa5fb7 - (bal) OpenBSD CVS Update
- markus@cvs.openbsd.org 2000/12/28 14:25:51
     [auth.h auth2.c]
     count authentication failures only
   - markus@cvs.openbsd.org 2000/12/28 14:25:03
     [sshconnect.c]
     fingerprint for MITM attacks, too.
   - markus@cvs.openbsd.org 2000/12/28 12:03:57
     [sshd.8 sshd.c]
     document -D
   - markus@cvs.openbsd.org 2000/12/27 14:19:21
     [serverloop.c]
     less chatty
   - markus@cvs.openbsd.org 2000/12/27 12:34
     [auth1.c sshconnect2.c sshd.c]
     typo
   - markus@cvs.openbsd.org 2000/12/27 12:30:19
     [readconf.c readconf.h ssh.1 sshconnect.c]
     new option: HostKeyAlias: allow the user to record the host key
     under a different name. This is useful for ssh tunneling over
     forwarded connections or if you run multiple sshd's on different
     ports on the same machine.
   - markus@cvs.openbsd.org 2000/12/27 11:51:53
     [ssh.1 ssh.c]
     multiple -t force pty allocation, document ORIGINAL_COMMAND
   - markus@cvs.openbsd.org 2000/12/27 11:41:31
     [sshd.8]
     update for ssh-2
2000-12-28 16:40:05 +00:00
Ben Lindstrom 46c162204b One way to massive patch. <sigh> It compiles and works under Linux..
And I think I have all the bits right from the OpenBSD tree.
20001222
 - Updated RCSID for pty.c
 - (bal) OpenBSD CVS Updates:
  - markus@cvs.openbsd.org 2000/12/21 15:10:16
    [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
    print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
  - markus@cvs.openbsd.org 2000/12/20 19:26:56
    [authfile.c]
    allow ssh -i userkey for root
  - markus@cvs.openbsd.org 2000/12/20 19:37:21
    [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
    fix prototypes; from stevesk@pobox.com
  - markus@cvs.openbsd.org 2000/12/20 19:32:08
    [sshd.c]
    init pointer to NULL; report from Jan.Ivan@cern.ch
  - markus@cvs.openbsd.org 2000/12/19 23:17:54
    [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
     auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
     bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
     crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
     key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
     packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
     serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
     ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h  uuencode.c
     uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
    replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
    unsigned' with u_char.
2000-12-22 01:43:59 +00:00
Kevin Steves 6b87586965 - provos@cvs.openbsd.org 2000/12/15 10:30:15
[kex.c kex.h sshconnect2.c sshd.c]
     compute diffie-hellman in parallel between server and client. okay markus@
2000-12-15 23:31:01 +00:00
Kevin Steves fcec7f82bb - markus@cvs.openbsd.org 2000/12/12 14:45:21
[sshd.c]
     source port < 1024 is no longer required for rhosts-rsa since it
     adds no additional security.
   - markus@cvs.openbsd.org 2000/12/12 16:11:49
     [ssh.1 ssh.c]
     rhosts-rsa is no longer automagically disabled if ssh is not privileged.
     UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
     these changes should not change the visible default behaviour of the ssh client.
2000-12-15 19:55:48 +00:00
Kevin Steves ec84dc12db - (stevesk) OpenSSH CVS update:
- markus@cvs.openbsd.org 2000/12/12 15:30:02
     [ssh-keyscan.c ssh.c sshd.c]
     consistently use __progname; from stevesk@pobox.com
2000-12-13 17:45:15 +00:00
Ben Lindstrom 7ad9710334 20001206
- (bal) OpenSSH CVS updates:
   - markus@cvs.openbsd.org 2000/12/05 20:34:09
     [channels.c channels.h clientloop.c serverloop.c]
     async connects for -R/-L; ok deraadt@
   - todd@cvs.openssh.org 2000/12/05 16:47:28
     [sshd.c]
     tweak comment to reflect real location of pid file; ok provos@
2000-12-06 01:42:49 +00:00
Ben Lindstrom c72745afa9 20001203
- (bal) OpenBSD CVS updates:
  - markus@cvs.openbsd.org 2000/11/30 22:54:31
    [channels.c]
    debug->warn if tried to do -R style fwd w/o client requesting this;
    ok neils@
  - markus@cvs.openbsd.org 2000/11/29 20:39:17
    [cipher.c]
    des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
  - markus@cvs.openbsd.org 2000/11/30 18:33:05
    [ssh-agent.c]
    agents must not dump core, ok niels@
  - markus@cvs.openbsd.org 2000/11/30 07:04:02
    [ssh.1]
    T is for both protocols
  - markus@cvs.openbsd.org 2000/12/01 00:00:51
    [ssh.1]
    typo; from green@FreeBSD.org
  - markus@cvs.openbsd.org 2000/11/30 07:02:35
    [ssh.c]
    check -T before isatty()
  - provos@cvs.openbsd.org 2000/11/29 13:51:27
    [sshconnect.c]
    show IP address and hostname when new key is encountered. okay markus@
  - markus@cvs.openbsd.org 2000/11/30 22:53:35
    [sshconnect.c]
    disable agent/x11/port fwding if hostkey has changed; ok niels@
  - marksu@cvs.openbsd.org 2000/11/29 21:11:59
    [sshd.c]
    sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
    from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
2000-12-02 19:03:54 +00:00
Ben Lindstrom 49a79c0976 - (stevek) Reworked progname support.
- (bal) Misplaced #include "includes.h" in bsd-setproctitle.c.  Patch by
   Shinichi Maruyama <marya@st.jip.co.jp>

I assume the progname patch was finished.  I believe stevek is on vacation,
but it passes compiling under Linux and NeXTStep.
2000-11-17 03:47:20 +00:00
Damien Miller 0bc1bd814e - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/11/06 16:04:56
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c ssh.c]
     agent forwarding and -R for ssh2, based on work from
     jhuuskon@messi.uku.fi
   - markus@cvs.openbsd.org  2000/11/06 16:13:27
     [ssh.c sshconnect.c sshd.c]
     do not disabled rhosts(rsa) if server port > 1024; from
     pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/11/06 16:16:35
     [sshconnect.c]
     downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
   - markus@cvs.openbsd.org  2000/11/09 18:04:40
     [auth1.c]
     typo; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/11/12 12:03:28
     [ssh-agent.c]
     off-by-one when removing a key from the agent
   - markus@cvs.openbsd.org  2000/11/12 12:50:39
     [auth-rh-rsa.c auth2.c authfd.c authfd.h]
     [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
     [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
     [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
     [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
     add support for RSA to SSH2.  please test.
     there are now 3 types of keys: RSA1 is used by ssh-1 only,
     RSA and DSA are used by SSH2.
     you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
     keys for SSH2 and use the RSA keys for hostkeys or for user keys.
     SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
 - (djm) Change to interim version
2000-11-13 22:57:25 +11:00
Damien Miller 874d77bb13 - (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org  2000/09/30 10:27:44
     [log.c]
     allow loglevel debug
   - markus@cvs.openbsd.org  2000/10/03 11:59:57
     [packet.c]
     hmac->mac
   - markus@cvs.openbsd.org  2000/10/03 12:03:03
     [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
     move fake-auth from auth1.c to individual auth methods, disables s/key in
     debug-msg
   - markus@cvs.openbsd.org  2000/10/03 12:16:48
     ssh.c
     do not resolve canonname, i have no idea why this was added oin ossh
   - markus@cvs.openbsd.org  2000/10/09 15:30:44
     ssh-keygen.1 ssh-keygen.c
     -X now reads private ssh.com DSA keys, too.
   - markus@cvs.openbsd.org  2000/10/09 15:32:34
     auth-options.c
     clear options on every call.
   - markus@cvs.openbsd.org  2000/10/09 15:51:00
     authfd.c authfd.h
     interop with ssh-agent2, from <res@shore.net>
   - markus@cvs.openbsd.org  2000/10/10 14:20:45
     compat.c
     use rexexp for version string matching
   - provos@cvs.openbsd.org  2000/10/10 22:02:18
     [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
     First rough implementation of the diffie-hellman group exchange.  The
     client can ask the server for bigger groups to perform the diffie-hellman
     in, thus increasing the attack complexity when using ciphers with longer
     keys.  University of Windsor provided network, T the company.
   - markus@cvs.openbsd.org  2000/10/11 13:59:52
     [auth-rsa.c auth2.c]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:00:27
     [auth-options.h]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:03:27
     [scp.1 scp.c]
     support 'scp -o' with help from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/10/11 14:11:35
     [dh.c]
     Wall
   - markus@cvs.openbsd.org  2000/10/11 14:14:40
     [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
     [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
     add support for s/key (kbd-interactive) to ssh2, based on work by
     mkiernan@avantgo.com and me
   - markus@cvs.openbsd.org  2000/10/11 14:27:24
     [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
     [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
     [sshconnect2.c sshd.c]
     new cipher framework
   - markus@cvs.openbsd.org  2000/10/11 14:45:21
     [cipher.c]
     remove DES
   - markus@cvs.openbsd.org  2000/10/12 03:59:20
     [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
     enable DES in SSH-1 clients only
   - markus@cvs.openbsd.org  2000/10/12 08:21:13
     [kex.h packet.c]
     remove unused
   - markus@cvs.openbsd.org  2000/10/13 12:34:46
     [sshd.c]
     Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
   - markus@cvs.openbsd.org  2000/10/13 12:59:15
     [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
     rijndael/aes support
   - markus@cvs.openbsd.org  2000/10/13 13:10:54
     [sshd.8]
     more info about -V
   - markus@cvs.openbsd.org  2000/10/13 13:12:02
     [myproposal.h]
     prefer no compression
2000-10-14 16:23:11 +11:00
Damien Miller 3dfb0dd7fd - (djm) Support in bsd-snprintf.c for long long conversions from
Ben Lindstrom <mouring@pconline.com>
 - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
2000-09-30 09:49:08 +11:00
Damien Miller 78315eb6d6 - (djm) Merged big SCO portability patch from Tim Rice
<tim@multitalents.net>
2000-09-29 23:01:36 +11:00