Ben Lindstrom
f9c4884c8e
- markus@cvs.openbsd.org 2002/06/11 04:14:26
...
[ssh.c sshconnect.c sshconnect.h]
no longer use uidswap.[ch] from the ssh client
run less code with euid==0 if ssh is installed setuid root
just switch the euid, don't switch the complete set of groups
(this is only needed by sshd). ok provos@
2002-06-11 16:37:51 +00:00
Ben Lindstrom
8bb6f36c8f
- markus@cvs.openbsd.org 2002/06/10 22:28:41
...
[channels.c channels.h session.c]
move creation of agent socket to session.c; no need for uidswapping
in channel.c.
2002-06-11 15:59:02 +00:00
Ben Lindstrom
914d03758b
- stevesk@cvs.openbsd.org 2002/06/10 21:21:10
...
[ssh_config]
update defaults for RhostsRSAAuthentication and RhostsAuthentication
here too (all options commented out with default value).
2002-06-11 15:55:01 +00:00
Ben Lindstrom
2bf8276393
- stevesk@cvs.openbsd.org 2002/06/10 17:45:20
...
[readconf.c ssh.1]
change RhostsRSAAuthentication and RhostsAuthentication default to no
since ssh is no longer setuid root by default; ok markus@
2002-06-11 15:53:05 +00:00
Ben Lindstrom
1775c9c97a
- stevesk@cvs.openbsd.org 2002/06/10 17:36:23
...
[ssh-add.1 ssh-add.c]
use convtime() to parse and validate key lifetime. can now
use '-t 2h' etc. ok markus@ provos@
2002-06-11 15:51:54 +00:00
Ben Lindstrom
11d470de34
- stevesk@cvs.openbsd.org 2002/06/10 16:56:30
...
[ssh-keysign.8]
merge in stuff from my man page; ok markus@
2002-06-11 15:50:13 +00:00
Ben Lindstrom
2779d28a0f
- stevesk@cvs.openbsd.org 2002/06/10 16:53:06
...
[auth-rsa.c ssh-rsa.c]
display minimum RSA modulus in error(); ok markus@
2002-06-11 15:47:42 +00:00
Ben Lindstrom
18a32a7efa
- itojun@cvs.openbsd.org 2002/06/09 22:17:21
...
[sshconnect.c]
pass salen to sockaddr_ntop so that we are happy on linux/solaris
2002-06-11 15:46:34 +00:00
Ben Lindstrom
5cac423871
- stevesk@cvs.openbsd.org 2002/06/09 22:15:15
...
[ssh.1]
update for no setuid root and ssh-keysign; ok deraadt@
2002-06-11 15:45:02 +00:00
Ben Lindstrom
494709decb
- (bal) ssh-agent.c RCSD fix (|unexpand already done)
2002-06-11 15:42:53 +00:00
Ben Lindstrom
05efee1092
- (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c,
...
sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand
independant of them)
2002-06-09 20:20:58 +00:00
Ben Lindstrom
2749e1c8f5
- markus@cvs.openbsd.org 2002/06/09 04:33:27
...
[sshconnect.c]
abort() - > fatal()
2002-06-09 20:16:22 +00:00
Ben Lindstrom
159ac2e8cd
- itojun@cvs.openbsd.org 2002/06/08 21:15:27
...
[sshconnect.c]
always use getnameinfo. (diag message only)
2002-06-09 20:14:54 +00:00
Ben Lindstrom
2e17b08e48
- markus@cvs.openbsd.org 2002/06/08 12:46:14
...
[readconf.c]
silently ignore deprecated options, since FallBackToRsh might be passed
by remote scp commands.
2002-06-09 20:13:27 +00:00
Ben Lindstrom
af0c6d6a8c
- markus@cvs.openbsd.org 2002/06/08 12:36:53
...
[scp.c]
remove FallBackToRsh
2002-06-09 20:06:29 +00:00
Ben Lindstrom
7a7483d72e
- markus@cvs.openbsd.org 2002/06/08 05:41:18
...
[ssh_config]
remove FallBackToRsh/UseRsh
2002-06-09 20:05:35 +00:00
Ben Lindstrom
1c2bafebb3
- markus@cvs.openbsd.org 2002/06/08 05:40:01
...
[readconf.c]
just warn about Deprecated options for now
2002-06-09 20:04:50 +00:00
Ben Lindstrom
4daea86fd4
- markus@cvs.openbsd.org 2002/06/08 05:17:01
...
[readconf.c readconf.h ssh.1 ssh.c]
deprecate FallBackToRsh and UseRsh; patch from djm@
2002-06-09 20:04:02 +00:00
Ben Lindstrom
a20715788d
- markus@cvs.openbsd.org 2002/06/08 05:07:09
...
[ssh-keysign.c]
only accept 20 byte session ids
2002-06-09 20:01:48 +00:00
Ben Lindstrom
ece420413b
- markus@cvs.openbsd.org 2002/06/08 05:07:56
...
[ssh.c]
nuke ptrace comment
2002-06-09 20:00:09 +00:00
Ben Lindstrom
5a6abdae0f
unexpand
2002-06-09 19:41:48 +00:00
Ben Lindstrom
2ab1968da2
- (bal) Removed --{enable/disable}-suid-ssh
...
this was mistakenly commited with the __progname fix to ssh-keysign.
2002-06-07 16:49:11 +00:00
Ben Lindstrom
378a417389
- (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by
...
Bertrand.Velle@apogee-com.fr
2002-06-07 14:49:56 +00:00
Ben Lindstrom
3545352dc4
- (bal) Missed __progname in ssh-keysign.c patch by dtucker@zip.com.au
2002-06-07 14:37:00 +00:00
Ben Lindstrom
03bab2861e
- (bal) Reverse logic, use __func__ first since it's C99
2002-06-07 03:19:35 +00:00
Ben Lindstrom
db41d2390c
- (bal) ssh-keysign should build and install correctly now. Phase two
...
would be to clean out any dead wood and disable ssh setuid on install.
2002-06-07 03:11:38 +00:00
Ben Lindstrom
b85ab30a6e
- (bal) Refixed auth2.c. It was never fully commited while spliting out
...
authentication to different files.
2002-06-07 02:05:25 +00:00
Ben Lindstrom
4eeccc79f6
- (bal) monitor_mm.c typos.
2002-06-07 01:57:25 +00:00
Ben Lindstrom
88d26ed408
- (bal) Forgot to add msg.c Makefile.in.
2002-06-07 01:53:59 +00:00
Ben Lindstrom
a93f12f396
- (bal) Missed msg.[ch] in merge. Required for ssh-keysign.
2002-06-07 01:51:06 +00:00
Ben Lindstrom
937df1d630
- markus@cvs.openbsd.org 2002/06/06 17:30:11
...
[sftp-server.c]
use get_int() macro (hide iqueue)
2002-06-06 21:58:35 +00:00
Ben Lindstrom
2c14047ada
- markus@cvs.openbsd.org 2002/06/06 17:12:44
...
[sftp-server.c]
discard remaining bytes of current request; ok provos@
2002-06-06 21:57:54 +00:00
Ben Lindstrom
d9d6ab6372
- stevesk@cvs.openbsd.org 2002/06/06 01:09:41
...
[monitor.h]
no trailing comma in enum; china@thewrittenword.com
2002-06-06 21:57:01 +00:00
Ben Lindstrom
61d328acf9
- markus@cvs.openbsd.org 2002/06/05 21:55:44
...
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -t life, Set lifetime (in seconds) when adding identities;
ok provos@
2002-06-06 21:54:57 +00:00
Ben Lindstrom
163f3b8f6b
- markus@cvs.openbsd.org 2002/06/05 20:56:39
...
[ssh-add.c]
add -x/-X to usage
2002-06-06 21:53:11 +00:00
Ben Lindstrom
2f71704b42
- markus@cvs.openbsd.org 2002/06/05 19:57:12
...
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -x for lock and -X for unlocking the agent.
todo: encrypt private keys with locked...
2002-06-06 21:52:03 +00:00
Ben Lindstrom
21d1ed8303
- markus@cvs.openbsd.org 2002/06/05 16:48:54
...
[ssh-agent.c]
copy current request into an extra buffer and just flush this
request on errors, ok provos@
2002-06-06 21:48:57 +00:00
Ben Lindstrom
b7788f3ebe
- markus@cvs.openbsd.org 2002/06/05 16:08:07
...
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
2002-06-06 21:46:08 +00:00
Ben Lindstrom
22fa01cdea
- markus@cvs.openbsd.org 2002/06/05 16:08:07
...
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
2002-06-06 21:46:07 +00:00
Ben Lindstrom
7d9c38f37a
- markus@cvs.openbsd.org 2002/06/04 23:05:49
...
[cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
__FUNCTION__ -> __func__
NOTE: This includes all portable references also.
2002-06-06 21:40:51 +00:00
Ben Lindstrom
3dca4f55f2
- markus@cvs.openbsd.org 2002/06/04 23:02:06
...
[packet.c]
remove __FUNCTION__
2002-06-06 20:59:25 +00:00
Ben Lindstrom
f67e07711f
- markus@cvs.openbsd.org 2002/06/04 19:53:40
...
[monitor.c]
save the session id (hash) for ssh2 (it will be passed with the
initial sign request) and verify that this value is used during
authentication; ok provos@
2002-06-06 20:58:19 +00:00
Ben Lindstrom
dcf6bfbfbd
- markus@cvs.openbsd.org 2002/06/04 19:42:35
...
[monitor.c]
only allow enabled authentication methods; ok provos@
2002-06-06 20:57:17 +00:00
Ben Lindstrom
2e14bc71e6
- deraadt@cvs.openbsd.org 2002/06/03 12:04:07
...
[ssh.h]
compatiblity -> compatibility
decriptor -> descriptor
authentciated -> authenticated
transmition -> transmission
2002-06-06 20:56:07 +00:00
Ben Lindstrom
ceae9d1c33
- markus@cvs.openbsd.org 2002/05/31 13:20:50
...
[ssh-rsa.c]
pad received signature with leading zeros, because RSA_verify expects
a signature of RSA_size. the drafts says the signature is transmitted
unpadded (e.g. putty does not pad), reported by anakin@pobox.com
2002-06-06 20:55:04 +00:00
Ben Lindstrom
01fff0c9d4
- markus@cvs.openbsd.org 2002/05/31 13:16:48
...
[key.c]
add comment:
key_verify returns 1 for a correct signature, 0 for an incorrect signature
and -1 on error.
2002-06-06 20:54:07 +00:00
Ben Lindstrom
511bb24c5b
- markus@cvs.openbsd.org 2002/05/31 11:35:15
...
[auth.h auth2.c]
move Authmethod definitons to per-method file.
NOTE: The rest of this patch is with the import of the auth2-*.c files.
2002-06-06 20:52:37 +00:00
Ben Lindstrom
cec2ea8d02
- markus@cvs.openbsd.org 2002/05/31 10:30:33
...
[sshconnect2.c]
extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@
2002-06-06 20:51:04 +00:00
Ben Lindstrom
f088f4374a
- markus@cvs.openbsd.org 2002/05/30 08:07:31
...
[cipher.c]
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
our own implementation. allow use of AES hardware via libcrypto,
ok deraadt@
2002-06-06 20:50:07 +00:00
Ben Lindstrom
a26ea63f8a
- markus@cvs.openbsd.org 2002/05/29 11:21:57
...
[sshd.c]
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
2002-06-06 20:46:25 +00:00