Commit Graph

46 Commits

Author SHA1 Message Date
Damien Miller 8ce778a9f0 - markus@cvs.openbsd.org 2003/04/16 14:35:27
[auth.h]
     document struct Authctxt; with solar
2003-05-14 13:43:25 +10:00
Damien Miller 4f9f42a9bb - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
proper challenge-response module
2003-05-10 19:28:02 +10:00
Damien Miller d94e549ea8 - markus@cvs.openbsd.org 2002/09/26 11:38:43
[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h]
     krb4 + privsep; ok dugsong@, deraadt@
2002-09-27 13:25:58 +10:00
Damien Miller 25162f2518 - itojun@cvs.openbsd.org 2002/09/09 06:48:06
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
     [monitor_wrap.c monitor_wrap.h]
     kerberos support for privsep.  confirmed to work by lha@stacken.kth.se
     patch from markus
2002-09-12 09:47:29 +10:00
Ben Lindstrom 511bb24c5b - markus@cvs.openbsd.org 2002/05/31 11:35:15
[auth.h auth2.c]
     move Authmethod definitons to per-method file.

NOTE: The rest of this patch is with the import of the auth2-*.c files.
2002-06-06 20:52:37 +00:00
Ben Lindstrom 855bf3ac3c - markus@cvs.openbsd.org 2002/05/25 18:51:07
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
      auth2-passwd.c auth2-pubkey.c Makefile.in]
     split auth2.c into one file per method; ok provos@/deraadt@

NOTE: Merged back noticable cygwin and pam stuff.  May need review to
ensure I did not miss anything.
2002-06-06 20:27:55 +00:00
Ben Lindstrom a574cda45b - markus@cvs.openbsd.org 2002/05/13 20:44:58
[auth-options.c auth.c auth.h]
     move the packet_send_debug handling from auth-options.c to auth.c;
     ok provos@
2002-05-15 16:16:14 +00:00
Damien Miller 5ad9fd9820 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. 2002-05-13 11:07:41 +10:00
Ben Lindstrom 08105192fd - markus@cvs.openbsd.org 2002/03/19 10:35:39
[auth-options.c auth.h session.c session.h sshd.c]
     clean up prototypes
2002-03-22 02:50:06 +00:00
Ben Lindstrom 7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
2002-03-22 02:30:41 +00:00
Ben Lindstrom 73ab9ba45d - provos@cvs.openbsd.org 2002/03/18 01:12:14
[auth.h auth1.c auth2.c sshd.c]
     have the authentication functions return the authentication context
     and then do_authenticated; okay millert@
2002-03-22 01:27:35 +00:00
Ben Lindstrom 2ae18f40a7 - provos@cvs.openbsd.org 2002/03/17 20:25:56
[auth.c auth.h auth1.c auth2.c]
     getpwnamallow returns struct passwd * only if user valid; okay markus@
2002-03-22 01:24:38 +00:00
Ben Lindstrom 186b7da2d7 - markus@cvs.openbsd.org 2002/03/16 17:22:09
[auth-rh-rsa.c auth.h]
     split auth_rhosts_rsa(), ok provos@
2002-03-22 01:20:32 +00:00
Ben Lindstrom 9c8aefe750 - markus@cvs.openbsd.org 2002/03/14 16:56:33
[auth-rh-rsa.c auth-rsa.c auth.h]
     split auth_rsa() for better readability and privsep; ok provos@
2002-03-22 01:12:58 +00:00
Damien Miller 3a5b023330 Stupid djm commits experimental code to head instead of branch
revert
2002-03-13 13:19:42 +11:00
Damien Miller 646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00
Ben Lindstrom 05764b9286 - stevesk@cvs.openbsd.org 2002/03/04 17:27:39
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
      channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
      groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
      servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
      uuencode.c xmalloc.h]
     $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
     missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
     files.  ok markus@
2002-03-05 01:53:02 +00:00
Damien Miller a93c6d87ef - millert@cvs.openbsd.org 2002/02/17 19:42:32
[auth.h]
     Manual cleanup of remaining userland __P use (excluding packages
     maintained outside the tree)
2002-02-19 15:25:29 +11:00
Damien Miller b046211483 - millert@cvs.openbsd.org 2002/02/16 21:27:53
[auth.h]
     Part one of userland __P removal.  Done with a simple regexp with
     some minor hand editing to make comments line up correctly.  Another
     pass is forthcoming that handles the cases that could not be done
     automatically.
2002-02-19 15:24:43 +11:00
Damien Miller d221ca6cc9 - markus@cvs.openbsd.org 2001/12/27 19:54:53
[auth1.c auth.h auth-rh-rsa.c]
     auth_rhosts_rsa now accept generic keys.
2002-01-22 23:11:00 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Damien Miller 5b2aea9494 - jakob@cvs.openbsd.org 2001/12/18 10:04:21
[auth.h hostfile.c hostfile.h]
     remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@
2001-12-21 12:47:09 +11:00
Damien Miller ee11625d43 - markus@cvs.openbsd.org 2001/12/09 18:45:56
[auth2.c auth2-chall.c auth.h]
     add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
     fixes memleak.
2001-12-21 12:42:34 +11:00
Ben Lindstrom 4cc240dabb - markus@cvs.openbsd.org 2001/06/26 17:27:25
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
      canohost.h channels.h cipher.h clientloop.h compat.h compress.h
      crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
      hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
      packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
      session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
      sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
      tildexpand.h uidswap.h uuencode.h xmalloc.h]
     remove comments from .h, since they are cut&paste from the .c files
     and out of sync
2001-07-04 04:46:56 +00:00
Ben Lindstrom ec95ed9b4c - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
      servconf.c servconf.h session.c sshconnect1.c sshd.c]
     Kerberos v5 support for SSH1, mostly from Assar Westerlund
     <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-07-04 04:21:14 +00:00
Ben Lindstrom 16ae3d0dba - itojun@cvs.openbsd.org 2001/06/26 06:32:58
[atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
      buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
      compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
      hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
      radix.h readconf.h readpass.h rsa.h]
     prototype pedant.  not very creative...
     - () -> (void)
     - no variable names
2001-07-04 04:02:36 +00:00
Ben Lindstrom 248c0784bf - provos@cvs.openbsd.org 2001/06/25 17:54:47
[auth.c auth.h auth-rsa.c]
     terminate secure_filename checking after checking homedir.  that way
     it works on AFS.  okay markus@
2001-07-04 03:40:39 +00:00
Ben Lindstrom 83647ce474 - markus@cvs.openbsd.org 2001/06/23 00:20:57
[auth2.c auth.c auth.h auth-rh-rsa.c]
     *known_hosts2 is obsolete for hostbased authentication and
     only used for backward compat. merge ssh1/2 hostkey check
     and move it to auth.c
2001-06-25 04:30:16 +00:00
Ben Lindstrom bfb3a0e973 - markus@cvs.openbsd.org 2001/05/20 17:20:36
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
      sshd_config]
     configurable authorized_keys{,2} location; originally from peter@;
     ok djm@
2001-06-05 20:25:05 +00:00
Ben Lindstrom 551ea37576 - markus@cvs.openbsd.org 2001/05/18 14:13:29
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
      readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
     improved kbd-interactive support. work by per@appgate.com and me
2001-06-05 18:56:16 +00:00
Ben Lindstrom 5eabda303a - markus@cvs.openbsd.org 2001/04/12 19:15:26
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
      compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
      servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
      sshconnect2.c sshd_config]
     implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
     similar to RhostRSAAuthentication unless you enable (the experimental)
     HostbasedUsesNameFromPacketOnly option.  please test. :)
2001-04-12 23:34:34 +00:00
Damien Miller 5d57e50730 - OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/28 22:43:31
     [auth.h auth2.c auth2-chall.c]
     check auth_root_allowed for kbd-int auth, too.
2001-03-30 10:48:31 +10:00
Ben Lindstrom eebc4a2ed3 - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
resync
2001-03-22 01:22:03 +00:00
Ben Lindstrom 086cf214cf - markus@cvs.openbsd.org 2001/02/22 21:59:44
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
     use pwcopy in ssh.c, too
2001-03-05 05:56:40 +00:00
Damien Miller 60396b060b - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
enable with --with-bsd-auth.
2001-02-18 17:01:00 +11:00
Ben Lindstrom d8a9021f36 - markus@cvs.openbsd.org 2001/02/12 16:16:23
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
      ssh-keygen.c sshd.8]
     PermitRootLogin={yes,without-password,forced-commands-only,no}
     (before this change, root could login even if PermitRootLogin==no)
2001-02-15 03:08:27 +00:00
Ben Lindstrom 226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Ben Lindstrom db65e8fded Please grep through the source and look for 'ISSUE' comments and verify
that I was able to get all the portable bits in the right location.  As for
the SKEY comment there is an email out to Markus as to how it should be
resolved.  Until then I just #ifdef SKEY/#endif out the whole block.

 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/18 16:20:21
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
      sshd.8 sshd.c]
     log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
     systems
   - markus@cvs.openbsd.org 2001/01/18 16:59:59
     [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
      session.h sshconnect1.c]
     1) removes fake skey from sshd, since this will be much
        harder with /usr/libexec/auth/login_XXX
     2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
     3) make addition of BSD_AUTH and other challenge reponse methods
        easier.
   - markus@cvs.openbsd.org 2001/01/18 17:12:43
     [auth-chall.c auth2-chall.c]
     rename *-skey.c *-chall.c since the files are not skey specific
2001-01-19 04:26:52 +00:00
Ben Lindstrom 4dccfa5fb7 - (bal) OpenBSD CVS Update
- markus@cvs.openbsd.org 2000/12/28 14:25:51
     [auth.h auth2.c]
     count authentication failures only
   - markus@cvs.openbsd.org 2000/12/28 14:25:03
     [sshconnect.c]
     fingerprint for MITM attacks, too.
   - markus@cvs.openbsd.org 2000/12/28 12:03:57
     [sshd.8 sshd.c]
     document -D
   - markus@cvs.openbsd.org 2000/12/27 14:19:21
     [serverloop.c]
     less chatty
   - markus@cvs.openbsd.org 2000/12/27 12:34
     [auth1.c sshconnect2.c sshd.c]
     typo
   - markus@cvs.openbsd.org 2000/12/27 12:30:19
     [readconf.c readconf.h ssh.1 sshconnect.c]
     new option: HostKeyAlias: allow the user to record the host key
     under a different name. This is useful for ssh tunneling over
     forwarded connections or if you run multiple sshd's on different
     ports on the same machine.
   - markus@cvs.openbsd.org 2000/12/27 11:51:53
     [ssh.1 ssh.c]
     multiple -t force pty allocation, document ORIGINAL_COMMAND
   - markus@cvs.openbsd.org 2000/12/27 11:41:31
     [sshd.8]
     update for ssh-2
2000-12-28 16:40:05 +00:00
Damien Miller b84815880e - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
PAM authentication using KbdInteractive.
 - (djm) Added another TODO
2000-12-03 11:51:51 +11:00
Damien Miller 874d77bb13 - (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org  2000/09/30 10:27:44
     [log.c]
     allow loglevel debug
   - markus@cvs.openbsd.org  2000/10/03 11:59:57
     [packet.c]
     hmac->mac
   - markus@cvs.openbsd.org  2000/10/03 12:03:03
     [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
     move fake-auth from auth1.c to individual auth methods, disables s/key in
     debug-msg
   - markus@cvs.openbsd.org  2000/10/03 12:16:48
     ssh.c
     do not resolve canonname, i have no idea why this was added oin ossh
   - markus@cvs.openbsd.org  2000/10/09 15:30:44
     ssh-keygen.1 ssh-keygen.c
     -X now reads private ssh.com DSA keys, too.
   - markus@cvs.openbsd.org  2000/10/09 15:32:34
     auth-options.c
     clear options on every call.
   - markus@cvs.openbsd.org  2000/10/09 15:51:00
     authfd.c authfd.h
     interop with ssh-agent2, from <res@shore.net>
   - markus@cvs.openbsd.org  2000/10/10 14:20:45
     compat.c
     use rexexp for version string matching
   - provos@cvs.openbsd.org  2000/10/10 22:02:18
     [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
     First rough implementation of the diffie-hellman group exchange.  The
     client can ask the server for bigger groups to perform the diffie-hellman
     in, thus increasing the attack complexity when using ciphers with longer
     keys.  University of Windsor provided network, T the company.
   - markus@cvs.openbsd.org  2000/10/11 13:59:52
     [auth-rsa.c auth2.c]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:00:27
     [auth-options.h]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:03:27
     [scp.1 scp.c]
     support 'scp -o' with help from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/10/11 14:11:35
     [dh.c]
     Wall
   - markus@cvs.openbsd.org  2000/10/11 14:14:40
     [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
     [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
     add support for s/key (kbd-interactive) to ssh2, based on work by
     mkiernan@avantgo.com and me
   - markus@cvs.openbsd.org  2000/10/11 14:27:24
     [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
     [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
     [sshconnect2.c sshd.c]
     new cipher framework
   - markus@cvs.openbsd.org  2000/10/11 14:45:21
     [cipher.c]
     remove DES
   - markus@cvs.openbsd.org  2000/10/12 03:59:20
     [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
     enable DES in SSH-1 clients only
   - markus@cvs.openbsd.org  2000/10/12 08:21:13
     [kex.h packet.c]
     remove unused
   - markus@cvs.openbsd.org  2000/10/13 12:34:46
     [sshd.c]
     Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
   - markus@cvs.openbsd.org  2000/10/13 12:59:15
     [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
     rijndael/aes support
   - markus@cvs.openbsd.org  2000/10/13 13:10:54
     [sshd.8]
     more info about -V
   - markus@cvs.openbsd.org  2000/10/13 13:12:02
     [myproposal.h]
     prefer no compression
2000-10-14 16:23:11 +11:00
Damien Miller e4340be5b3 - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/09/05 02:59:57
     [session.c]
     print hostname (not hushlogin)
   - markus@cvs.openbsd.org  2000/09/05 13:18:48
     [authfile.c ssh-add.c]
     enable ssh-add -d for DSA keys
   - markus@cvs.openbsd.org  2000/09/05 13:20:49
     [sftp-server.c]
     cleanup
   - markus@cvs.openbsd.org  2000/09/06 03:46:41
     [authfile.h]
     prototype
   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
     [ALL]
     cleanup copyright notices on all files.  I have attempted to be
     accurate with the details.  everything is now under Tatu's licence
     (which I copied from his readme), and/or the core-sdi bsd-ish thing
     for deattack, or various openbsd developers under a 2-term bsd
     licence.  We're not changing any rules, just being accurate.
   - markus@cvs.openbsd.org  2000/09/07 14:40:30
     [channels.c channels.h clientloop.c serverloop.c ssh.c]
     cleanup window and packet sizes for ssh2 flow control; ok niels
   - markus@cvs.openbsd.org  2000/09/07 14:53:00
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/09/07 15:13:37
     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
     [pty.c readconf.c]
     some more Copyright fixes
   - markus@cvs.openbsd.org  2000/09/08 03:02:51
     [README.openssh2]
     bye bye
   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
     [LICENCE cipher.c]
     a few more comments about it being ARC4 not RC4
   - markus@cvs.openbsd.org  2000/09/12 14:53:11
     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
     multiple debug levels
   - markus@cvs.openbsd.org  2000/09/14 14:25:15
     [clientloop.c]
     typo
   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
     [ssh-agent.c]
     check return value for setenv(3) for failure, and deal appropriately
2000-09-16 13:29:08 +11:00
Damien Miller 3702396526 - (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org  2000/06/26 03:22:29
     [authfd.c]
     cleanup, less cut&paste
   - markus@cvs.openbsd.org  2000/06/26 15:59:19
     [servconf.c servconf.h session.c sshd.8 sshd.c]
     MaxStartups: limit number of unauthenticated connections, work by
     theo and me
   - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
     [session.c]
     use no_x11_forwarding_flag correctly; provos ok
   - provos@cvs.openbsd.org  2000/07/05 15:35:57
     [sshd.c]
     typo
   - aaron@cvs.openbsd.org   2000/07/05 22:06:58
     [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
     Insert more missing .El directives. Our troff really should identify
     these and spit out a warning.
   - todd@cvs.openbsd.org    2000/07/06 21:55:04
     [auth-rsa.c auth2.c ssh-keygen.c]
     clean code is good code
   - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
     [serverloop.c]
     sense of port forwarding flag test was backwards
   - provos@cvs.openbsd.org  2000/07/08 17:17:31
     [compat.c readconf.c]
     replace strtok with strsep; from David Young <dyoung@onthejob.net>
   - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
     [auth.h]
     KNF
   - ho@cvs.openbsd.org      2000/07/08 19:27:33
     [compat.c readconf.c]
     Better conditions for strsep() ending.
   - ho@cvs.openbsd.org      2000/07/10 10:27:05
     [readconf.c]
     Get the correct message on errors. (niels@ ok)
   - ho@cvs.openbsd.org      2000/07/10 10:30:25
     [cipher.c kex.c servconf.c]
     strtok() --> strsep(). (niels@ ok)
2000-07-11 17:31:38 +10:00
Damien Miller eba71bab9b - Merge big update to OpenSSH-2.0 from OpenBSD CVS
[README.openssh2]
   - interop w/ F-secure windows client
   - sync documentation
   - ssh_host_dsa_key not ssh_dsa_key
   [auth-rsa.c]
   - missing fclose
   [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
   [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
   [sshd.c uuencode.c uuencode.h authfile.h]
   - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
     for trading keys with the real and the original SSH, directly from the
     people who invented the SSH protocol.
   [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
   [sshconnect1.c sshconnect2.c]
   - split auth/sshconnect in one file per protocol version
   [sshconnect2.c]
   - remove debug
   [uuencode.c]
   - add trailing =
   [version.h]
   - OpenSSH-2.0
   [ssh-keygen.1 ssh-keygen.c]
   - add -R flag: exit code indicates if RSA is alive
   [sshd.c]
   - remove unused
     silent if -Q is specified
   [ssh.h]
   - host key becomes /etc/ssh_host_dsa_key
   [readconf.c servconf.c ]
   - ssh/sshd default to proto 1 and 2
   [uuencode.c]
   - remove debug
   [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
   - xfree DSA blobs
   [auth2.c serverloop.c session.c]
   - cleanup logging for sshd/2, respect PasswordAuth no
   [sshconnect2.c]
   - less debug, respect .ssh/config
   [README.openssh2 channels.c channels.h]
   - clientloop.c session.c ssh.c
   - support for x11-fwding, client+server
2000-04-29 23:57:08 +10:00
Damien Miller efb4afe026 - More large OpenBSD CVS updates:
- [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
     [session.h ssh.h sshd.c README.openssh2]
     ssh2 server side, see README.openssh2; enable with 'sshd -2'
   - [channels.c]
     no adjust after close
   - [sshd.c compat.c ]
     interop w/ latest ssh.com windows client.
2000-04-12 18:45:05 +10:00
Damien Miller b38eff8e4f - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
- [auth.c session.c sshd.c auth.h]
     split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
   - [bufaux.c bufaux.h]
     support ssh2 bignums
   - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
     [readconf.c ssh.c ssh.h serverloop.c]
     replace big switch() with function tables (prepare for ssh2)
   - [ssh2.h]
     ssh2 message type codes
   - [sshd.8]
     reorder Xr to avoid cutting
   - [serverloop.c]
     close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
   - [channels.c]
     missing close
     allow bigger packets
   - [cipher.c cipher.h]
     support ssh2 ciphers
   - [compress.c]
     cleanup, less code
   - [dispatch.c dispatch.h]
     function tables for different message types
   - [log-server.c]
     do not log() if debuggin to stderr
     rename a cpp symbol, to avoid param.h collision
   - [mpaux.c]
     KNF
   - [nchan.c]
     sync w/ channels.c
2000-04-01 11:09:21 +10:00