[readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
Move SSH Fingerprint Visualization away from sharing the config option
CheckHostIP to an own config option named VisualHostKey.
While there, fix the behaviour that ssh would draw a random art picture
on every newly seen host even when the option was not enabled.
prodded by deraadt@, discussions,
help and ok markus@ djm@ dtucker@
[sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
Make keepalive timeouts apply while waiting for a packet, particularly
during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
[dns.c canohost.c sshconnect.c]
Do not pass "0" strings as ports to getaddrinfo because the lookups
can slow things down and we never use the service info anyway. bz
#859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok
deraadt@ djm@
djm belives that the reason for the "0" strings is to ensure that
it's not possible to call getaddrinfo with both host and port being
NULL. In the case of canohost.c host is a local array. In the
case of sshconnect.c, it's checked for null immediately before use.
In dns.c it ultimately comes from ssh.c:main() and is guaranteed to
be non-null but it's not obvious, so I added a warning message in
case it is ever passed a null.
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
[servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
sshd.c]
Add a small helper function to consistently handle the EAI_SYSTEM error
code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417.
ok markus@ stevesk@
[ssh.c sshconnect.c sshconnect.h]
make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
SSH banner exchange (previously it just covered the TCP connection).
This allows callers of ssh(1) to better detect and deal with stuck servers
that accept a TCP connection but don't progress the protocol, and also
makes ConnectTimeout useful for connections via a ProxyCommand;
feedback and "looks ok" markus@
openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
for hton* and ntoh* macros. Required on (at least) HP-UX since we define
_XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com.
[sshconnect.c]
Allow fallback to known_hosts entries without port qualifiers for
non-standard ports too, so that all existing known_hosts entries will be
recognised. Requested by, feedback and ok markus@
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
[gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
[servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
[ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
[openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
[openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
[openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
[openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
[openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
make the portable tree compile again - sprinkle unistd.h and string.h
back in. Don't redefine __unused, as it turned out to be used in
headers on Linux, and replace its use in auth-pam.c with ARGSUSED
[misc.c misc.h sshd.8 sshconnect.c]
Add port identifier to known_hosts for non-default ports, based originally
on a patch from Devin Nate in bz#910.
For any connection using the default port or using a HostKeyAlias the
format is unchanged, otherwise the host name or address is enclosed
within square brackets in the same format as sshd's ListenAddress.
Tested by many, ok markus@.
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
[clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
[monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
[ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
[xmalloc.c xmalloc.h]
introduce xcalloc() and xasprintf() failure-checked allocations
functions and use them throughout openssh
xcalloc is particularly important because malloc(nmemb * size) is a
dangerous idiom (subject to integer overflow) and it is time for it
to die
feedback and ok deraadt@
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
[ssh.c sshconnect.c sshconnect1.c sshd.c]
no need to escape single quotes in comments, no binary change
- djm@cvs.openbsd.org 2005/06/17 22:53:47
[ssh.c sshconnect.c]
Fix ControlPath's %p expanding to "0" for a default port,
spotted dwmw2 AT infradead.org; ok markus@
[atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c]
[ssh-keyscan.c sshconnect.c]
Switch atomicio to use a simpler interface; it now returns a size_t
(containing number of bytes read/written), and indicates error by
returning 0. EOF is signalled by errno==EPIPE.
Typical use now becomes:
if (atomicio(read, ..., len) != len)
err(1,"read");
ok deraadt@, cloder@, djm@
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
[sshconnect.c sshd.8]
add support for hashing host names and addresses added to known_hosts
files, to improve privacy of which hosts user have been visiting; ok
markus@ deraadt@
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
sshpty.c]
make ssh -Wshadow clean, no functional changes
markus@ ok
There are also some portable-specific -Wshadow warnings to be fixed in
monitor.c and montior_wrap.c.
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
- djm@cvs.openbsd.org 2003/06/04 08:25:18
[sshconnect.c]
disable challenge/response and keyboard-interactive auth methods
upon hostkey mismatch. based on patch from fcusack AT fcusack.com.
bz #580; ok markus@
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
add a ConnectTimeout option to ssh, based on patch from
Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
[dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
add experimental support for verifying hos keys using DNS as described
in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
ok markus@ and henning@
[hostfile.c hostfile.h sshconnect.c]
print out all known keys for a host if we get a unknown host key,
see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4
the ssharp mitm tool attacks users in a similar way, so i'd like to
pointed out again:
A MITM attack is always possible if the ssh client prints:
The authenticity of host 'bla' can't be established.
(protocol version 2 with pubkey authentication allows you to detect
MITM attacks)
[ssh.c sshconnect.c sshconnect.h]
no longer use uidswap.[ch] from the ssh client
run less code with euid==0 if ssh is installed setuid root
just switch the euid, don't switch the complete set of groups
(this is only needed by sshd). ok provos@
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
openbsd-compat/openbsd-compat.h ] Add inet_ntop.c inet_ntop.h back
in. Needed for sshconnect.c
[sshconnect.c] fix INET6_ADDRSTRLEN for non IPv6 machines
[configure.in] make tests with missing libraries fail
patch by Wendy Palm <wendyp@cray.com>
Added openbsd-compat/bsd-cray.h. Selective patches from
William L. Jones <jones@mail.utexas.edu>
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
get rid of known_hosts2, use it for hostkey lookup, but do not
modify.
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
do gid/groups-swap in addition to uid-swap, should help if /home/group
is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
to olar@openwall.com is comments. we had many requests for this.
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
ssh.c sshconnect.c sshd.c]
log functions should not be passed strings that end in newline as they
get passed on to syslog() and when logging to stderr, do_log() appends
its own newline.
- itojun@cvs.opebsd.org 2001/02/08 10:47:05
[sshconnect.c sshconnect1.c sshconnect2.c]
%.30s is too short for IPv6 numeric address. use %.128s for now.
markus ok
NEED TO BE GENERATED* =) Refer to to entry "2001/01/16 19:20:06"
for more details.
20010118
- (bal) Super Sized OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
[sshd.c]
maxfd+1
- markus@cvs.openbsd.org 2001/01/13 17:59:18
[ssh-keygen.1]
small ssh-keygen manpage cleanup; stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:03:07
[scp.c ssh-keygen.c sshd.c]
getopt() returns -1 not EOF; stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:06:54
[ssh-keyscan.c]
use SSH_DEFAULT_PORT; from stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:12:47
[ssh-keyscan.c]
free() -> xfree(); fix memory leak; from stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:14:13
[ssh-add.c]
typo, from stevesk@sweden.hp.com
- markus@cvs.openbsd.org 2001/01/13 18:32:50
[packet.c session.c ssh.c sshconnect.c sshd.c]
split out keepalive from packet_interactive (from dale@accentre.com)
set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
- markus@cvs.openbsd.org 2001/01/13 18:36:45
[packet.c packet.h]
reorder, typo
- markus@cvs.openbsd.org 2001/01/13 18:38:00
[auth-options.c]
fix comment
- markus@cvs.openbsd.org 2001/01/13 18:43:31
[session.c]
Wall
- markus@cvs.openbsd.org 2001/01/13 19:14:08
[clientloop.h clientloop.c ssh.c]
move callback to headerfile
- markus@cvs.openbsd.org 2001/01/15 21:40:10
[ssh.c]
use log() instead of stderr
- markus@cvs.openbsd.org 2001/01/15 21:43:51
[dh.c]
use error() not stderr!
- markus@cvs.openbsd.org 2001/01/15 21:45:29
[sftp-server.c]
rename must fail if newpath exists, debug off by default
- markus@cvs.openbsd.org 2001/01/15 21:46:38
[sftp-server.c]
readable long listing for sftp-server, ok deraadt@
- markus@cvs.openbsd.org 2001/01/16 19:20:06
[key.c ssh-rsa.c]
make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
since they are in the wrong format, too. they must be removed from
.ssh/authorized_keys2 and .ssh/known_hosts2, etc.
(cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
.ssh/authorized_keys2) additionally, we now check that
BN_num_bits(rsa->n) >= 768.
- markus@cvs.openbsd.org 2001/01/16 20:54:27
[sftp-server.c]
remove some statics. simpler handles; idea from nisse@lysator.liu.se
- deraadt@cvs.openbsd.org 2001/01/16 23:58:08
[bufaux.c radix.c sshconnect.h sshconnect1.c]
indent
- (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
be missing such feature.
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/06 11:23:27
[ssh-rsa.c]
remove unused
- itojun@cvs.openbsd.org 2001/01/05 08:23:29
[ssh-keyscan.1]
missing .El
- markus@cvs.openbsd.org 2001/01/04 22:41:03
[session.c sshconnect.c]
consistent use of _PATH_BSHELL; from stevesk@pobox.com
- djm@cvs.openbsd.org 2001/01/04 22:35:32
[ssh.1 sshd.8]
Mention AES as available SSH2 Cipher; ok markus
- markus@cvs.openbsd.org 2001/01/04 22:25:58
[sshd.c]
sync usage()/man with defaults; from stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/04 22:21:26
[sshconnect2.c]
handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
that prints a banner (e.g. /etc/issue.net)
- (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
tree (mainly positioning)
- (bal) OpenSSH CVS Update
- markus@cvs.openbsd.org 2001/01/02 20:41:02
[packet.c]
log remote ip on disconnect; PR 1600 from jcs@rt.fm
- markus@cvs.openbsd.org 2001/01/02 20:50:56
[sshconnect.c]
strict_host_key_checking for host_status != HOST_CHANGED &&
ip_status == HOST_CHANGED
- markus@cvs.openbsd.org 2000/12/28 14:25:51
[auth.h auth2.c]
count authentication failures only
- markus@cvs.openbsd.org 2000/12/28 14:25:03
[sshconnect.c]
fingerprint for MITM attacks, too.
- markus@cvs.openbsd.org 2000/12/28 12:03:57
[sshd.8 sshd.c]
document -D
- markus@cvs.openbsd.org 2000/12/27 14:19:21
[serverloop.c]
less chatty
- markus@cvs.openbsd.org 2000/12/27 12:34
[auth1.c sshconnect2.c sshd.c]
typo
- markus@cvs.openbsd.org 2000/12/27 12:30:19
[readconf.c readconf.h ssh.1 sshconnect.c]
new option: HostKeyAlias: allow the user to record the host key
under a different name. This is useful for ssh tunneling over
forwarded connections or if you run multiple sshd's on different
ports on the same machine.
- markus@cvs.openbsd.org 2000/12/27 11:51:53
[ssh.1 ssh.c]
multiple -t force pty allocation, document ORIGINAL_COMMAND
- markus@cvs.openbsd.org 2000/12/27 11:41:31
[sshd.8]
update for ssh-2
- (bal) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/11/30 22:54:31
[channels.c]
debug->warn if tried to do -R style fwd w/o client requesting this;
ok neils@
- markus@cvs.openbsd.org 2000/11/29 20:39:17
[cipher.c]
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
- markus@cvs.openbsd.org 2000/11/30 18:33:05
[ssh-agent.c]
agents must not dump core, ok niels@
- markus@cvs.openbsd.org 2000/11/30 07:04:02
[ssh.1]
T is for both protocols
- markus@cvs.openbsd.org 2000/12/01 00:00:51
[ssh.1]
typo; from green@FreeBSD.org
- markus@cvs.openbsd.org 2000/11/30 07:02:35
[ssh.c]
check -T before isatty()
- provos@cvs.openbsd.org 2000/11/29 13:51:27
[sshconnect.c]
show IP address and hostname when new key is encountered. okay markus@
- markus@cvs.openbsd.org 2000/11/30 22:53:35
[sshconnect.c]
disable agent/x11/port fwding if hostkey has changed; ok niels@
- marksu@cvs.openbsd.org 2000/11/29 21:11:59
[sshd.c]
sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
- (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
Shinichi Maruyama <marya@st.jip.co.jp>
I assume the progname patch was finished. I believe stevek is on vacation,
but it passes compiling under Linux and NeXTStep.
- markus@cvs.openbsd.org 2000/11/06 16:04:56
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c ssh.c]
agent forwarding and -R for ssh2, based on work from
jhuuskon@messi.uku.fi
- markus@cvs.openbsd.org 2000/11/06 16:13:27
[ssh.c sshconnect.c sshd.c]
do not disabled rhosts(rsa) if server port > 1024; from
pekkas@netcore.fi
- markus@cvs.openbsd.org 2000/11/06 16:16:35
[sshconnect.c]
downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
- markus@cvs.openbsd.org 2000/11/09 18:04:40
[auth1.c]
typo; from mouring@pconline.com
- markus@cvs.openbsd.org 2000/11/12 12:03:28
[ssh-agent.c]
off-by-one when removing a key from the agent
- markus@cvs.openbsd.org 2000/11/12 12:50:39
[auth-rh-rsa.c auth2.c authfd.c authfd.h]
[authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
[readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
[sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
[ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
add support for RSA to SSH2. please test.
there are now 3 types of keys: RSA1 is used by ssh-1 only,
RSA and DSA are used by SSH2.
you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
keys for SSH2 and use the RSA keys for hostkeys or for user keys.
SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
- (djm) Fix up Makefile and Redhat init script to create RSA host keys
- (djm) Change to interim version
- markus@cvs.openbsd.org 2000/09/05 02:59:57
[session.c]
print hostname (not hushlogin)
- markus@cvs.openbsd.org 2000/09/05 13:18:48
[authfile.c ssh-add.c]
enable ssh-add -d for DSA keys
- markus@cvs.openbsd.org 2000/09/05 13:20:49
[sftp-server.c]
cleanup
- markus@cvs.openbsd.org 2000/09/06 03:46:41
[authfile.h]
prototype
- deraadt@cvs.openbsd.org 2000/09/07 14:27:56
[ALL]
cleanup copyright notices on all files. I have attempted to be
accurate with the details. everything is now under Tatu's licence
(which I copied from his readme), and/or the core-sdi bsd-ish thing
for deattack, or various openbsd developers under a 2-term bsd
licence. We're not changing any rules, just being accurate.
- markus@cvs.openbsd.org 2000/09/07 14:40:30
[channels.c channels.h clientloop.c serverloop.c ssh.c]
cleanup window and packet sizes for ssh2 flow control; ok niels
- markus@cvs.openbsd.org 2000/09/07 14:53:00
[scp.c]
typo
- markus@cvs.openbsd.org 2000/09/07 15:13:37
[auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
[authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
[pty.c readconf.c]
some more Copyright fixes
- markus@cvs.openbsd.org 2000/09/08 03:02:51
[README.openssh2]
bye bye
- deraadt@cvs.openbsd.org 2000/09/11 18:38:33
[LICENCE cipher.c]
a few more comments about it being ARC4 not RC4
- markus@cvs.openbsd.org 2000/09/12 14:53:11
[log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
multiple debug levels
- markus@cvs.openbsd.org 2000/09/14 14:25:15
[clientloop.c]
typo
- deraadt@cvs.openbsd.org 2000/09/15 01:13:51
[ssh-agent.c]
check return value for setenv(3) for failure, and deal appropriately
- OpenBSD CVS updates:
- markus@cvs.openbsd.org
[sshconnect.c]
copy only ai_addrlen bytes; misiek@pld.org.pl
[auth.c]
accept an empty shell in authentication; bug reported by
chris@tinker.ucr.edu
[serverloop.c]
we don't have stderr for interactive terminal sessions (fcntl errors)
[clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
- pid_t
[session.c]
- remove bogus chan_read_failed. this could cause data
corruption (missing data) at end of a SSH2 session.
Darren Tucker
Damien Miller
Ben Lindstrom
Kevin Steves
Tim Rice