| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
[cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
[digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
[hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
[ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
[ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
[sshconnect2.c sshd.c sshkey.c sshkey.h
[openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.
NB. This commit also removes portable OpenSSH support for OpenSSL
<0.9.8e.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
[atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
[bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
[compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
[dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
[gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
[misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
[myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
[scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
[ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
[ttymodes.h uidswap.h uuencode.h xmalloc.h]
standardise spacing in $OpenBSD$ tags; requested by deraadt@
|
| |
|
|
|
|
|
|
|
|
|
| |
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
uuencode.c xmalloc.h]
$OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
files. ok markus@
|
| |
|
|
|
|
| |
[rsa.c rsa.h ssh-agent.c ssh-keygen.c]
s/generate_additional_parameters/rsa_generate_additional_parameters/
http://www.humppa.com/
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
canohost.h channels.h cipher.h clientloop.h compat.h compress.h
crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
tildexpand.h uidswap.h uuencode.h xmalloc.h]
remove comments from .h, since they are cut&paste from the .c files
and out of sync
|
| |
|
|
|
|
|
|
|
|
|
| |
[atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
radix.h readconf.h readpass.h rsa.h]
prototype pedant. not very creative...
- () -> (void)
- no variable names
|
| |
|
|
|
| |
[rsa.c rsa.h ssh-agent.c ssh-keygen.c]
try to read private f-secure ssh v2 rsa keys.
|
| |
|
|
|
|
|
| |
- markus@cvs.openbsd.org 2001/01/29 12:47:32
[rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
handle rsa_private_decrypt failures; helps against the Bleichenbacher
pkcs#1 attack
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- markus@cvs.openbsd.org 2000/11/06 16:04:56
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c ssh.c]
agent forwarding and -R for ssh2, based on work from
jhuuskon@messi.uku.fi
- markus@cvs.openbsd.org 2000/11/06 16:13:27
[ssh.c sshconnect.c sshd.c]
do not disabled rhosts(rsa) if server port > 1024; from
pekkas@netcore.fi
- markus@cvs.openbsd.org 2000/11/06 16:16:35
[sshconnect.c]
downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
- markus@cvs.openbsd.org 2000/11/09 18:04:40
[auth1.c]
typo; from mouring@pconline.com
- markus@cvs.openbsd.org 2000/11/12 12:03:28
[ssh-agent.c]
off-by-one when removing a key from the agent
- markus@cvs.openbsd.org 2000/11/12 12:50:39
[auth-rh-rsa.c auth2.c authfd.c authfd.h]
[authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
[readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
[sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
[ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
add support for RSA to SSH2. please test.
there are now 3 types of keys: RSA1 is used by ssh-1 only,
RSA and DSA are used by SSH2.
you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
keys for SSH2 and use the RSA keys for hostkeys or for user keys.
SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
- (djm) Fix up Makefile and Redhat init script to create RSA host keys
- (djm) Change to interim version
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- markus@cvs.openbsd.org 2000/09/05 02:59:57
[session.c]
print hostname (not hushlogin)
- markus@cvs.openbsd.org 2000/09/05 13:18:48
[authfile.c ssh-add.c]
enable ssh-add -d for DSA keys
- markus@cvs.openbsd.org 2000/09/05 13:20:49
[sftp-server.c]
cleanup
- markus@cvs.openbsd.org 2000/09/06 03:46:41
[authfile.h]
prototype
- deraadt@cvs.openbsd.org 2000/09/07 14:27:56
[ALL]
cleanup copyright notices on all files. I have attempted to be
accurate with the details. everything is now under Tatu's licence
(which I copied from his readme), and/or the core-sdi bsd-ish thing
for deattack, or various openbsd developers under a 2-term bsd
licence. We're not changing any rules, just being accurate.
- markus@cvs.openbsd.org 2000/09/07 14:40:30
[channels.c channels.h clientloop.c serverloop.c ssh.c]
cleanup window and packet sizes for ssh2 flow control; ok niels
- markus@cvs.openbsd.org 2000/09/07 14:53:00
[scp.c]
typo
- markus@cvs.openbsd.org 2000/09/07 15:13:37
[auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
[authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
[pty.c readconf.c]
some more Copyright fixes
- markus@cvs.openbsd.org 2000/09/08 03:02:51
[README.openssh2]
bye bye
- deraadt@cvs.openbsd.org 2000/09/11 18:38:33
[LICENCE cipher.c]
a few more comments about it being ARC4 not RC4
- markus@cvs.openbsd.org 2000/09/12 14:53:11
[log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
multiple debug levels
- markus@cvs.openbsd.org 2000/09/14 14:25:15
[clientloop.c]
typo
- deraadt@cvs.openbsd.org 2000/09/15 01:13:51
[ssh-agent.c]
check return value for setenv(3) for failure, and deal appropriately
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- markus@cvs.openbsd.org 2000/06/18 18:50:11
[auth2.c compat.c compat.h sshconnect2.c]
make userauth+pubkey interop with ssh.com-2.2.0
- markus@cvs.openbsd.org 2000/06/18 20:56:17
[dsa.c]
mem leak + be more paranoid in dsa_verify.
- markus@cvs.openbsd.org 2000/06/18 21:29:50
[key.c]
cleanup fingerprinting, less hardcoded sizes
- markus@cvs.openbsd.org 2000/06/19 19:39:45
[atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
[buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
[clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
[deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
[kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
[nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
[rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
[ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
OpenBSD tag
- markus@cvs.openbsd.org 2000/06/21 10:46:10
sshconnect2.c missing free; nuke old comment
|
| |
|
|
|
|
|
| |
- All OpenSSL includes are now unconditionally referenced as
openssl/foo.h
- Pick up formatting changes
- Other minor changed (typecasts, etc) that I missed
|
| |
|
|
|
|
|
|
|
|
| |
[ssh.1 ssh.c]
- ssh -2
[auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
[session.c sshconnect.c]
- check payload for (illegal) extra data
[ALL]
- whitespace cleanup
|
| | |
|
| |
|
|
| |
- Split random collector into seperate file
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Merged OpenBSD CVS changes:
- [channels.c]
report from mrwizard@psu.edu via djm@ibs.com.au
- [channels.c]
set SO_REUSEADDR and SO_LINGER for forwarded ports.
chip@valinux.com via damien@ibs.com.au
- [nchan.c]
it's not an error() if shutdown_write failes in nchan.
- [readconf.c]
remove dead #ifdef-0-code
- [readconf.c servconf.c]
strcasecmp instead of tolower
- [scp.c]
progress meter overflow fix from damien@ibs.com.au
- [ssh-add.1 ssh-add.c]
SSH_ASKPASS support
- [ssh.1 ssh.c]
postpone fork_after_authentication until command execution,
request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
plus: use daemon() for backgrounding
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- OpenBSD CVS updates
- [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
[ssh.h sshd.8 sshd.c]
syslog changes:
* Unified Logmessage for all auth-types, for success and for failed
* Standard connections get only ONE line in the LOG when level==LOG:
Auth-attempts are logged only, if authentication is:
a) successfull or
b) with passwd or
c) we had more than AUTH_FAIL_LOG failues
* many log() became verbose()
* old behaviour with level=VERBOSE
- [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
messages. allows use of s/key in windows (ttssh, securecrt) and
ssh-1.2.27 clients without 'ssh -v', ok: niels@
- [sshd.8]
-V, for fallback to openssh in SSH2 compatibility mode
- [sshd.c]
fix sigchld race; cjc5@po.cwru.edu
|
| |
|
|
|
|
|
|
|
| |
- Merged several minor fixed:
- ssh-agent commandline parsing
- RPM spec file now installs ssh setuid root
- Makefile creates libdir
- Merged beginnings of Solaris compability from Marc G. Fournier
<marc.fournier@acadiau.ca>
|
| |
|
|
|
|
|
|
|
| |
- Build fixes
- Autoconf
- Change binary names to open*
- Fixed autoconf script to detect PAM on RH6.1
- Added tests for libpwdb, and OpenBSD functions to autoconf (not used yet)
|
| |
|
