RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,029 Commits 69 Branches 157 Tags 25 MiB
Commit Graph

72 Commits

Author SHA1 Message Date
Damien Miller 278f907a2d - djm@cvs.openbsd.org 2001/12/20 22:50:24 
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
     [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
     [sshconnect2.c]
     Conformance fix: we should send failing packet sequence number when
     responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
     yakk@yakk.dot.net; ok markus@
 2001-12-21 15:00:19 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
 2001-12-21 14:45:46 +11:00
Ben Lindstrom 1c37c6a518 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12 
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
     minor KNF
 2001-12-06 18:00:18 +00:00
Ben Lindstrom 3c36bb29ca - itojun@cvs.openbsd.org 2001/12/05 03:56:39 
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
      sshconnect2.c]
     make it compile with more strict prototype checking
 2001-12-06 17:55:26 +00:00
Damien Miller 9f64390f41 - markus@cvs.openbsd.org 2001/11/07 16:03:17 
[packet.c packet.h sshconnect2.c]
     pad using the padding field from the ssh2 packet instead of sending
     extra ignore messages. tested against several other ssh servers.
 2001-11-12 11:02:52 +11:00
Damien Miller 91c1847733 - markus@cvs.openbsd.org 2001/10/29 19:27:15 
[sshconnect2.c]
     hostbased: check for client hostkey before building chost
 2001-11-12 11:02:03 +11:00
Damien Miller 59d9fb9e55 - markus@cvs.openbsd.org 2001/10/06 11:18:19 
[sshconnect1.c sshconnect2.c sshconnect.c]
     unify hostkey check error messages, simplify prompt.
 2001-10-10 15:03:11 +10:00
Ben Lindstrom 7d19996201 - markus@cvs.openbsd.org 2001/08/31 11:46:39 
[sshconnect2.c]
     disable kbd-interactive if we don't get
     SSH2_MSG_USERAUTH_INFO_REQUEST messages
 2001-09-12 18:29:00 +00:00
Ben Lindstrom 45350e8374 - markus@cvs.openbsd.org 2001/07/23 09:06:28 
[sshconnect2.c]
     reorder default sequence of userauth methods to match ssh behaviour:
     hostbased,publickey,keyboard-interactive,password
 2001-08-06 20:57:11 +00:00
Ben Lindstrom c5b680018b - markus@cvs.openbsd.org 2001/06/26 20:14:11 
[key.c key.h ssh.c sshconnect1.c sshconnect2.c]
     add smartcard support to the client, too (now you can use both
     the agent and the client).
 2001-07-04 04:52:03 +00:00
Ben Lindstrom 7907382299 - stevesk@cvs.openbsd.org 2001/06/25 20:26:37 
[auth2.c sshconnect2.c]
     prototype cleanup; ok markus@
 2001-07-04 03:42:30 +00:00
Ben Lindstrom 126c56ad9e - markus@cvs.openbsd.org 2001/06/24 05:47:13 
[sshconnect2.c]
     oops, missing format string
 2001-06-25 05:22:53 +00:00
Ben Lindstrom 949974bbdb - markus@cvs.openbsd.org 2001/06/24 05:35:33 
[readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
     switch to readpassphrase(3)
     2.7/8-stable needs readpassphrase.[ch] from libc
 2001-06-25 05:20:31 +00:00
Ben Lindstrom bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20 
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
 2001-06-25 05:01:22 +00:00
Ben Lindstrom d6481ea49a - markus@cvs.openbsd.org 2001/06/23 02:34:33 
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
      sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
     get rid of known_hosts2, use it for hostkey lookup, but do not
     modify.
 2001-06-25 04:37:41 +00:00
Ben Lindstrom 1bfe29151b - markus@cvs.openbsd.org 2001/05/19 16:32:16 
[ssh.1 sshconnect2.c]
     change preferredauthentication order to
        publickey,hostbased,password,keyboard-interactive
     document that hostbased defaults to no, document order
 2001-06-05 19:37:25 +00:00
Ben Lindstrom 551ea37576 - markus@cvs.openbsd.org 2001/05/18 14:13:29 
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
      readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
     improved kbd-interactive support. work by per@appgate.com and me
 2001-06-05 18:56:16 +00:00
Ben Lindstrom 671388f233 - markus@cvs.openbsd.org 2001/04/18 23:43:26 
[auth2.c compat.c sshconnect2.c]
     more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
     (however the 2.1.0 server seems to work only if debug is enabled...)
 2001-04-19 20:40:45 +00:00
Ben Lindstrom 2bffd6fd1b - markus@cvs.openbsd.org 2001/04/18 22:03:45 
[auth2.c sshconnect2.c]
     use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
 2001-04-19 20:35:40 +00:00
Ben Lindstrom 982dbbcfda - markus@cvs.openbsd.org 2001/04/17 10:53:26 
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
     add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
 2001-04-17 18:11:36 +00:00
Ben Lindstrom 206941fdd8 - markus@cvs.openbsd.org 2001/04/15 08:43:47 
[dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
     some unused variable and typos; from tomh@po.crl.go.jp
 2001-04-15 14:27:16 +00:00
Ben Lindstrom 5eabda303a - markus@cvs.openbsd.org 2001/04/12 19:15:26 
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
      compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
      servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
      sshconnect2.c sshd_config]
     implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
     similar to RhostRSAAuthentication unless you enable (the experimental)
     HostbasedUsesNameFromPacketOnly option.  please test. :)
 2001-04-12 23:34:34 +00:00
Ben Lindstrom a3700050ec - markus@cvs.openbsd.org 2001/04/05 10:42:57 
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
      mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
      sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
      sshconnect2.c sshd.c]
     fix whitespace: unexpand + trailing spaces.
 2001-04-05 23:26:32 +00:00
Ben Lindstrom be2cc43c3a - markus@cvs.openbsd.org 2001/04/04 20:25:38 
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
      sshconnect2.c sshd.c]
     more robust rekeying
     don't send channel data after rekeying is started.
 2001-04-04 23:46:07 +00:00
Ben Lindstrom 8ac9106c3d - markus@cvs.openbsd.org 2001/04/04 14:34:58 
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
     enable server side rekeying + some rekey related clientup.
     todo: we should not send any non-KEX messages after we send KEXINIT
 2001-04-04 17:57:54 +00:00
Ben Lindstrom 238abf6a14 - markus@cvs.openbsd.org 2001/04/04 09:48:35 
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
     don't sent multiple kexinit-requests.
     send newkeys, block while waiting for newkeys.
     fix comments.
 2001-04-04 17:52:53 +00:00
Ben Lindstrom f28f634a3a - markus@cvs.openbsd.org 2001/04/04 00:06:54 
[clientloop.c sshconnect2.c]
     enable client rekeying
        (1) force rekeying with ~R, or
        (2) if the server requests rekeying.
     works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
 2001-04-04 02:03:04 +00:00
Ben Lindstrom 2d90e00309 - markus@cvs.openbsd.org 2001/04/03 23:32:12 
[kex.c kex.h packet.c sshconnect2.c sshd.c]
     undo parts of recent my changes: main part of keyexchange does not
     need dispatch-callbacks, since application data is delayed until
     the keyexchange completes (if i understand the drafts correctly).
     add some infrastructure for re-keying.
 2001-04-04 02:00:54 +00:00
Ben Lindstrom 20d7c7b02c - markus@cvs.openbsd.org 2001/04/03 19:53:29 
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
     move kex to kex*.c, used dispatch_set() callbacks for kex. should
     make rekeying easier.
 2001-04-04 01:56:17 +00:00
Damien Miller a0ff466d80 - OpenBSD CVS Sync 
- stevesk@cvs.openbsd.org 2001/03/29 21:06:21
     [sshconnect2.c sshd.c]
     need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
 2001-03-30 10:49:35 +10:00
Damien Miller 653ae11c4a - OpenBSD CVS Sync 
- provos@cvs.openbsd.org 2001/03/29 14:24:59
     [sshconnect2.c]
     use recommended defaults
 2001-03-30 10:49:05 +10:00
Damien Miller 2557bfc5d7 - (djm) OpenBSD CVS Sync 
- provos@cvs.openbsd.org 2001/03/28 21:59:41
     [kex.c kex.h sshconnect2.c sshd.c]
     forgot to include min and max params in hash, okay markus@
 2001-03-30 10:47:14 +10:00
Ben Lindstrom df221391e6 - provos@cvs.openbsd.org 2001/03/27 17:46:50 
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
     make dh group exchange more flexible, allow min and max group size,
     okay markus@, deraadt@
 2001-03-29 00:36:16 +00:00
Ben Lindstrom d0fca423fc - markus@cvs.openbsd.org 2001/03/26 08:07:09 
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
      sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
     simpler key load/save interface, see authfile.h
 2001-03-26 13:44:06 +00:00
Ben Lindstrom c8530c7f5c - djm@cvs.openbsd.org 2001/03/23 11:04:07 
[compat.c compat.h sshconnect2.c sshd.c]
     Compat for OpenSSH with broken Rijndael/AES. ok markus@
 2001-03-24 00:35:19 +00:00
Ben Lindstrom cfccef96a3 - OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2001/03/12 22:02:02
     [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
     remove old key_fingerprint interface, s/_ex//
 2001-03-13 04:57:58 +00:00
Ben Lindstrom b9be60a722 - markus@cvs.openbsd.org 2001/03/10 17:51:04 
[kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
     add PreferredAuthentications
 2001-03-11 01:49:19 +00:00
Ben Lindstrom 329782e3db - markus@cvs.openbsd.org 2001/03/10 12:48:27 
[sshconnect2.c]
     ignore nonexisting private keys; report rjmooney@mediaone.net
 2001-03-10 17:08:59 +00:00
Ben Lindstrom 266dfdfd62 - markus@cvs.openbsd.org 2001/03/08 21:42:33 
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
     implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
     no need to do enter passphrase or do expensive sign operations if the
     server does not accept key).
 2001-03-09 00:12:22 +00:00
Ben Lindstrom 4c4f05e096 - markus@cvs.openbsd.org 2001/03/05 17:17:21 
[kex.c kex.h sshconnect2.c sshd.c]
     generate a 2*need size (~300 instead of 1024/2048) random private
     exponent during the DH key agreement. according to Niels (the great
     german advisor) this is safe since /etc/primes contains strong
     primes only.

     References:
             P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
             agreement with short exponents, In Advances in Cryptology
             - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
 2001-03-06 01:09:20 +00:00
Ben Lindstrom 5699c5f9ac - markus@cvs.openbsd.org 2001/02/28 09:57:07 
[packet.c packet.h sshconnect2.c]
     in ssh protocol v2 use ignore messages for padding (instead of
     trailing \0).
 2001-03-05 06:17:49 +00:00
Damien Miller 79438cc030 - (djm) OpenBSD CVS: 
- markus@cvs.openbsd.org  2001/02/15 16:19:59
     [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
     [sshconnect1.c sshconnect2.c]
     genericize password padding function for SSH1 and SSH2.
     add stylized echo to 2, too.
 - (djm) Add roundup() macro to defines.h
 2001-02-16 12:34:57 +11:00
Ben Lindstrom 06b33aa0e8 - markus@cvs.openbsd.org 2001/02/11 12:59:25 
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
     1) clean up the MAC support for SSH-2
     2) allow you to specify the MAC with 'ssh -m'
     3) or the 'MACs' keyword in ssh(d)_config
     4) add hmac-{md5,sha1}-96
             ok stevesk@, provos@
 2001-02-15 03:01:59 +00:00
Ben Lindstrom 03df5bde9c - markus@cvs.openbsd.org 2001/02/06 22:26:17 
[sshconnect2.c]
     do not ask for passphrase in batch mode; report from ejb@ql.org
   - itojun@cvs.opebsd.org 2001/02/08 10:47:05
     [sshconnect2.c]
     %.30s is too short for IPv6 numeric address.  use %.128s for now.
     markus ok
   - markus@cvs.openbsd.org 2001/02/09 12:28:35
     [sshconnect2.c]
     do not free twice, thanks to /etc/malloc.conf
   - markus@cvs.openbsd.org 2001/02/09 17:10:53
     [sshconnect2.c]
     partial success: debug->log; "Permission denied" if no more auth methods
   - markus@cvs.openbsd.org 2001/02/10 12:09:21
     [sshconnect2.c]
     remove some lines
 2001-02-10 22:16:41 +00:00
Kevin Steves e27a5e05b3 - markus@cvs.openbsd.org 2001/01/31 13:48:09 
[sshconnect2.c]
     unused
 2001-02-05 15:15:27 +00:00
Kevin Steves ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27 
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
 2001-02-05 12:42:17 +00:00
Ben Lindstrom 95fb2dde77 - markus@cvs.openbsd.org 2001/01/22 23:06:39 
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
      sshconnect1.c sshconnect2.c sshd.c]
     rename skey -> challenge response.
     auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
 2001-01-23 03:12:10 +00:00
Ben Lindstrom b1985f7279 - (bal) OpenBSD Resync 
- markus@cvs.openbsd.org 2001/01/22 8:15:00
     [auth-krb4.c sshconnect1.c]
     only AFS needs radix.[ch]
   - markus@cvs.openbsd.org 2001/01/22 8:32:53
     [auth2.c]
     no need to include; from mouring@etoh.eviladmin.org
   - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
     [key.c]
     free() -> xfree(); ok markus@
   - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
     [sshconnect2.c sshd.c]
     fix memory leaks in SSH2 key exchange; ok markus@
 2001-01-23 00:19:15 +00:00
Ben Lindstrom 226cfa0378 Hopefully things did not get mixed around too much. It compiles under 
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
 2001-01-22 05:34:40 +00:00
Ben Lindstrom d26dcf3371 20010107 
- (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/06 11:23:27
     [ssh-rsa.c]
     remove unused
   - itojun@cvs.openbsd.org 2001/01/05 08:23:29
     [ssh-keyscan.1]
     missing .El
   - markus@cvs.openbsd.org 2001/01/04 22:41:03
     [session.c sshconnect.c]
     consistent use of _PATH_BSHELL; from stevesk@pobox.com
   - djm@cvs.openbsd.org 2001/01/04 22:35:32
     [ssh.1 sshd.8]
     Mention AES as available SSH2 Cipher; ok markus
   - markus@cvs.openbsd.org 2001/01/04 22:25:58
     [sshd.c]
     sync usage()/man with defaults; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/04 22:21:26
     [sshconnect2.c]
     handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
     that prints a banner (e.g. /etc/issue.net)
 2001-01-06 15:18:16 +00:00