Commit Graph

120 Commits

Author SHA1 Message Date
dtucker@openbsd.org
486c4dc3b8 upstream: Always return allocated strings from the kex filtering so
that we can free them later.  Fix one leak in compat_kex_proposal.  Based on
github PR#324 from ZoltanFridrich with some simplications by me. ok djm@

OpenBSD-Commit-ID: 9171616da3307612d0ede086fd511142f91246e4
2022-07-01 13:41:16 +10:00
djm@openbsd.org
b344db7a41 upstream: openssh-7.4 was incorrectly listed twice; spotted by
Dmitry Belyavskiy, ok dtucker@

OpenBSD-Commit-ID: 4b823ae448f6e899927ce7b04225ac9e489f58ef
2021-09-10 20:34:09 +10:00
djm@openbsd.org
4265215d73 upstream: Client-side workaround for a bug in OpenSSH 7.4: this release
allows RSA/SHA2 signatures for public key authentication but fails to
advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these
server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse
to offer valid keys.

Reported by and based on patch from Gordon Messmer via bz3213, thanks
also for additional analysis by Jakub Jelen. ok dtucker

OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7
2021-06-06 13:41:36 +10:00
djm@openbsd.org
4ca6a1fac3 upstream: remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@

OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
2021-01-27 20:28:25 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org
6d755706a0 upstream: some language improvements; ok markus
OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
2020-07-15 15:07:42 +10:00
dtucker@openbsd.org
b458423a38 upstream: Remove now-unused proto_spec and associated definitions.
ok djm@

OpenBSD-Commit-ID: 2e2b18e3aa6ee22a7b69c39f2d3bd679ec35c362
2020-06-04 11:03:39 +10:00
djm@openbsd.org
c3903c38b0 upstream: revert compat.[ch] section of the following change. It
causes double-free under some circumstances.

--

date: 2018/07/31 03:07:24;  author: djm;  state: Exp;  lines: +33 -18;  commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@

OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
2018-08-13 12:42:13 +10:00
djm@openbsd.org
1a66079c06 upstream: fix some memory leaks spotted by Coverity via Jakub Jelen
in bz#2366 feedback and ok dtucker@

OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563
2018-07-31 13:13:26 +10:00
markus@openbsd.org
cecee2d607 upstream: client: switch to sshbuf API; ok djm@
OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
2018-07-10 15:14:26 +10:00
djm@openbsd.org
312d2f2861 upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA
signature work - returns ability to add/remove/specify algorithms by
wildcard.

Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.

Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.

(lots of) feedback, ok markus@

OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
2018-07-04 23:51:52 +10:00
djm@openbsd.org
2f30300c5e upstream: crank version number to 7.8; needed for new compat flag
for prior version; part of RSA-SHA2 strictification, ok markus@

OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b
2018-07-03 23:26:47 +10:00
djm@openbsd.org
4ba0d54794 upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.

In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.

Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.

Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.

feedback and ok markus@

OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
2018-07-03 23:26:36 +10:00
djm@openbsd.org
a575ddd588 upstream: Disable SSH2_MSG_DEBUG messages for Twisted Conch clients
without version numbers since they choke on them under some circumstances.
https://twistedmatrix.com/trac/ticket/9422 via Colin Watson

Newer Conch versions have a version number in their ident string and
handle debug messages okay. https://twistedmatrix.com/trac/ticket/9424

OpenBSD-Commit-ID: 6cf7be262af0419c58ddae11324d9c0dc1577539
2018-04-17 08:51:51 +10:00
dtucker@openbsd.org
8570177195 upstream: Don't send IUTF8 to servers that don't like them.
Some SSH servers eg "ConfD" drop the connection if the client sends the
new IUTF8 (RFC8160) terminal mode even if it's not set.  Add a bug bit
for such servers and avoid sending IUTF8 to them.  ok djm@

OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda
2018-02-16 23:25:48 +11:00
djm@openbsd.org
14b5c635d1 upstream commit
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2018-01-23 16:40:29 +11:00
dtucker@openbsd.org
2985d4062e upstream commit
Make WinSCP patterns for SSH_OLD_DHGEX more specific to
exclude WinSCP 5.10.x and up.  bz#2748, from martin at winscp.net, ok djm@

Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a
2017-07-28 13:08:37 +10:00
djm@openbsd.org
97f4d3083b upstream commit
remove compat20/compat13/compat15 variables

ok markus@

Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
2017-05-01 09:42:37 +10:00
djm@openbsd.org
99f95ba826 upstream commit
remove options.protocol and client Protocol
configuration knob

ok markus@

Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
2017-05-01 09:38:46 +10:00
djm@openbsd.org
56912dea6e upstream commit
unifdef WITH_SSH1 ok markus@

Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
2017-05-01 09:37:40 +10:00
djm@openbsd.org
68bc8cfa76 upstream commit
support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@

Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
2017-02-04 10:08:15 +11:00
dtucker@openbsd.org
7ec4946fb6 upstream commit
Back out 'plug memleak'.

Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0
2016-06-06 11:25:37 +10:00
dtucker@openbsd.org
a0cb7778fb upstream commit
Plug mem leak in filter_proposal.  ok djm@

Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34
2016-06-06 11:25:37 +10:00
djm@openbsd.org
8543d4ef6f upstream commit
Better compat matching for WinSCP, add compat matching
 for FuTTY (fork of PuTTY); ok markus@ deraadt@

Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
2015-08-20 13:07:42 +10:00
djm@openbsd.org
b6ea0e5730 upstream commit
add Cisco to the list of clients that choke on the
 hostkeys update extension. Pointed out by Howard Kash

Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84
2015-07-29 19:35:41 +10:00
dtucker@openbsd.org
b1dc2b3368 upstream commit
Add "PuTTY_Local:" to the clients to which we do not
 offer DH-GEX. This was the string that was used for development versions
 prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately
 there are some extant products based on those versions.  bx2424 from Jay
 Rouman, ok markus@ djm@

Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5
2015-07-15 15:38:02 +10:00
dtucker@openbsd.org
b282fec1aa upstream commit
Cap DH-GEX group size at 4kbits for Cisco implementations.
 Some of them will choke when asked for preferred sizes >4k instead of
 returning the 4k group that they do have.  bz#2209, ok djm@

Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d
2015-05-27 13:47:19 +10:00
djm@openbsd.org
e661a86353 upstream commit
Remove pattern length argument from match_pattern_list(), we
 only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.

ok markus@
2015-05-10 11:38:04 +10:00
dtucker@openbsd.org
ea139507be upstream commit
Blacklist DH-GEX for specific PuTTY versions known to
 send non-RFC4419 DH-GEX messages rather than all versions of PuTTY.
 According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX
 messages.  ok djm@
2015-05-08 13:32:57 +10:00
dtucker@openbsd.org
b58234f00e upstream commit
WinSCP doesn't implement RFC4419 DH-GEX so flag it so we
 don't offer that KEX method.  ok markus@
2015-05-08 13:32:56 +10:00
djm@openbsd.org
318be28cda upstream commit
deprecate ancient, pre-RFC4419 and undocumented
 SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
 reasonable" dtucker@
2015-04-13 14:37:20 +10:00
dtucker@openbsd.org
d8f391caef upstream commit
Don't send hostkey advertisments
 (hostkeys-00@openssh.com) to current versions of Tera Term as they can't
 handle them.  Newer versions should be OK.  Patch from Bryan Drewery and
 IWAMOTO Kouichi, ok djm@
2015-04-13 14:37:19 +10:00
djm@openbsd.org
4492a4f222 upstream commit
treat Protocol=1,2|2,1 as Protocol=2 when compiled
 without SSH1 support; ok dtucker@ millert@
2015-04-13 14:37:17 +10:00
markus@openbsd.org
48b3b2ba75 upstream commit
store compat flags in struct ssh; ok djm@
2015-01-20 09:19:40 +11:00
djm@openbsd.org
5c0dafd38b upstream commit
another -Wpointer-sign from clang
2014-10-13 11:39:23 +11:00
Damien Miller
b628cc4c3e - djm@cvs.openbsd.org 2014/04/20 02:49:32
[compat.c]
     add a canonical 6.6 + curve25519 bignum fix fake version that I can
     recommend people use ahead of the openssh-6.7 release
2014-04-20 13:33:58 +10:00
Damien Miller
0e6b67423b - djm@cvs.openbsd.org 2014/04/19 05:54:59
[compat.c]
     missing wildcard; pointed out by naddy@
2014-04-20 13:27:01 +10:00
Damien Miller
9395b28223 - djm@cvs.openbsd.org 2014/04/18 23:52:25
[compat.c compat.h sshconnect2.c sshd.c version.h]
     OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
     using the curve25519-sha256@libssh.org KEX exchange method to fail
     when connecting with something that implements the spec properly.

     Disable this KEX method when speaking to one of the affected
     versions.

     reported by Aris Adamantiadis; ok markus@
2014-04-20 13:25:30 +10:00
Damien Miller
324541e526 - djm@cvs.openbsd.org 2013/12/30 23:52:28
[auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
     [sshconnect.c sshconnect2.c sshd.c]
     refuse RSA keys from old proprietary clients/servers that use the
     obsolete RSA+MD5 signature scheme. it will still be possible to connect
     with these clients/servers but only DSA keys will be accepted, and we'll
     deprecate them entirely in a future release. ok markus@
2013-12-31 12:25:40 +11:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Darren Tucker
00c1518a4d - djm@cvs.openbsd.org 2012/08/17 01:30:00
[compat.c sshconnect.c]
     Send client banner immediately, rather than waiting for the server to
     move first for SSH protocol 2 connections (the default). Patch based on
     one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
2012-09-06 21:21:56 +10:00
Darren Tucker
68afb8c5f2 - markus@cvs.openbsd.org 2011/09/23 07:45:05
[mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c     version.h]
     unbreak remote portforwarding with dynamic allocated listen ports:
     1) send the actual listen port in the open message (instead of 0).
        this allows multiple forwardings with a dynamic listen port
     2) update the matching permit-open entry, so we can identify where
        to connect to
     report: den at skbkontur.ru and P. Szczygielski
     feedback and ok djm@
2011-10-02 18:59:03 +11:00
Damien Miller
456e6f0ebb - markus@cvs.openbsd.org 2008/09/11 14:22:37
[compat.c compat.h nchan.c ssh.c]
     only send eow and no-more-sessions requests to openssh 5 and newer;
     fixes interop problems with broken ssh v2 implementations; ok djm@
2008-11-03 19:20:10 +11:00
Damien Miller
1ec462658e - djm@cvs.openbsd.org 2006/12/12 03:58:42
[channels.c compat.c compat.h]
     bz #1019: some ssh.com versions apparently can't cope with the
     remote port forwarding bind_address being a hostname, so send
     them an address for cases where they are not explicitly
     specified (wildcard or localhost bind).  reported by daveroth AT
     acm.org; ok dtucker@ deraadt@
2007-01-05 16:26:45 +11:00
Damien Miller
d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
Damien Miller
e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller
57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller
b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
f91ee4c3de - djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
     [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
     [sshd_config.5]
     bz#413: allow optional specification of bind address for port forwardings.
     Patch originally by Dan Astorian, but worked on by several people
     Adds GatewayPorts=clientspecified option on server to allow remote
     forwards to bind to client-specified ports.
2005-03-01 21:24:33 +11:00