Commit Graph

37 Commits

Author SHA1 Message Date
Damien Miller
f91ee4c3de - djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
     [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
     [sshd_config.5]
     bz#413: allow optional specification of bind address for port forwardings.
     Patch originally by Dan Astorian, but worked on by several people
     Adds GatewayPorts=clientspecified option on server to allow remote
     forwards to bind to client-specified ports.
2005-03-01 21:24:33 +11:00
Darren Tucker
fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
2004-07-17 16:12:08 +10:00
Darren Tucker
655a5e0987 - markus@cvs.openbsd.org 2003/11/02 11:01:03
[auth2-gss.c compat.c compat.h sshconnect2.c]
     remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
2003-11-03 20:09:03 +11:00
Damien Miller
7630ee2fa6 - markus@cvs.openbsd.org 2003/08/29 10:03:15
[compat.c compat.h]
     SSH_BUG_K5USER is unused; ok henning@
2003-09-02 22:52:00 +10:00
Darren Tucker
0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Damien Miller
d32090426b - markus@cvs.openbsd.org 2003/04/01 10:31:26
[compat.c compat.h kex.c]
     bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
     tested by ho@ and myself
2003-04-01 21:44:37 +10:00
Damien Miller
e9264973ad - (djm) OpenBSD CVS Sync
- mickey@cvs.openbsd.org 2002/09/27 10:42:09
     [compat.c compat.h sshd.c]
     add a generic match for a prober, such as sie big brother;
     idea from stevesk@; markus@ ok
2002-09-30 11:59:21 +10:00
Ben Lindstrom
c822638794 - markus@cvs.openbsd.org 2002/04/10 08:21:47
[auth1.c compat.c compat.h]
     strip '@' from username only for KerbV and known broken clients, bug #204

Don't mind me.. I just commited a changelog with no patch. <sigh>
2002-04-10 16:22:09 +00:00
Ben Lindstrom
cf15944c23 - markus@cvs.openbsd.org 2002/03/25 21:13:51
[channels.c channels.h compat.c compat.h nchan.c]
     don't send stderr data after EOF, accept this from older known (broken)
     sshd servers only, fixes http://bugzilla.mindrot.org/show_bug.cgi?id=179
2002-03-26 03:26:24 +00:00
Ben Lindstrom
05764b9286 - stevesk@cvs.openbsd.org 2002/03/04 17:27:39
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
      channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
      groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
      servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
      uuencode.c xmalloc.h]
     $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
     missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
     files.  ok markus@
2002-03-05 01:53:02 +00:00
Ben Lindstrom
f558cf6580 - markus@cvs.openbsd.org 2001/09/20 13:50:40
[compat.c compat.h ssh.c]
     bug compat: request a dummy channel for -N (no shell) sessions +
     cleanup; vinschen@redhat.com
2001-09-20 23:13:49 +00:00
Ben Lindstrom
4cc240dabb - markus@cvs.openbsd.org 2001/06/26 17:27:25
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
      canohost.h channels.h cipher.h clientloop.h compat.h compress.h
      crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
      hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
      packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
      session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
      sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
      tildexpand.h uidswap.h uuencode.h xmalloc.h]
     remove comments from .h, since they are cut&paste from the .c files
     and out of sync
2001-07-04 04:46:56 +00:00
Ben Lindstrom
16ae3d0dba - itojun@cvs.openbsd.org 2001/06/26 06:32:58
[atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
      buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
      compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
      hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
      radix.h readconf.h readpass.h rsa.h]
     prototype pedant.  not very creative...
     - () -> (void)
     - no variable names
2001-07-04 04:02:36 +00:00
Ben Lindstrom
4469723325 - markus@cvs.openbsd.org 2001/06/25 08:25:41
[channels.c channels.h cipher.c clientloop.c compat.c compat.h
      hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
      session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
     update copyright for 2001
2001-07-04 03:32:30 +00:00
Ben Lindstrom
8c96392255 - markus@cvs.openbsd.org 2001/04/30 15:50:46
[compat.c compat.h kex.c]
     allow interop with weaker key generation used by ssh-2.0.x, x < 10
2001-04-30 23:06:57 +00:00
Ben Lindstrom
f343674d5e - markus@cvs.openbsd.org 2001/04/29 19:16:52
[channels.c clientloop.c compat.c compat.h serverloop.c]
     more ssh.com-2.0.x bug-compat; from per@appgate.com
2001-04-29 19:52:00 +00:00
Ben Lindstrom
5eabda303a - markus@cvs.openbsd.org 2001/04/12 19:15:26
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
      compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
      servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
      sshconnect2.c sshd_config]
     implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
     similar to RhostRSAAuthentication unless you enable (the experimental)
     HostbasedUsesNameFromPacketOnly option.  please test. :)
2001-04-12 23:34:34 +00:00
Ben Lindstrom
a8baf36d41 - markus@cvs.openbsd.org 2001/04/05 11:09:17
[clientloop.c compat.c compat.h]
     add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
2001-04-05 23:28:36 +00:00
Ben Lindstrom
df221391e6 - provos@cvs.openbsd.org 2001/03/27 17:46:50
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
     make dh group exchange more flexible, allow min and max group size,
     okay markus@, deraadt@
2001-03-29 00:36:16 +00:00
Ben Lindstrom
60a4381f1a - markus@cvs.openbsd.org 2001/03/27 10:57:00
[compat.c compat.h ssh-rsa.c]
     some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
     signatures in SSH protocol 2, ok djm@
2001-03-29 00:32:56 +00:00
Ben Lindstrom
c8530c7f5c - djm@cvs.openbsd.org 2001/03/23 11:04:07
[compat.c compat.h sshconnect2.c sshd.c]
     Compat for OpenSSH with broken Rijndael/AES. ok markus@
2001-03-24 00:35:19 +00:00
Damien Miller
27dbe6f37e - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
[compat.c compat.h sshd.c]
     specifically version match on ssh scanners.  do not log scan
     information to the console
2001-03-19 22:36:20 +11:00
Ben Lindstrom
d20d0f3e27 - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
[compat.c compat.h sshconnect.c]
     all known netscreen ssh versions, and older versions of OSU ssh cannot
     handle password padding (newer OSU is fixed)
2001-03-10 17:22:20 +00:00
Ben Lindstrom
266dfdfd62 - markus@cvs.openbsd.org 2001/03/08 21:42:33
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
     implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
     no need to do enter passphrase or do expensive sign operations if the
     server does not accept key).
2001-03-09 00:12:22 +00:00
Damien Miller
225736c73a - OpenBSD CVS Sync:
- reinhard@cvs.openbsd.org        2001/02/17 08:24:40
     [sftp.1]
     typo
   - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
     [ssh.c]
     cleanup -V output; noted by millert
   - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
     [sshd.8]
     it's the OpenSSH one
   - markus@cvs.openbsd.org  2001/02/18 11:33:54
     [dispatch.c]
     typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
   - markus@cvs.openbsd.org  2001/02/19 02:53:32
     [compat.c compat.h serverloop.c]
     ssh-1.2.{18-22} has broken handling of ignore messages; report from
     itojun@
   - markus@cvs.openbsd.org  2001/02/19 03:35:23
     [version.h]
     OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
   - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
     [scp.c]
     np is changed by recursion; vinschen@redhat.com
2001-02-19 21:51:08 +11:00
Ben Lindstrom
48bd7c118a - (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/08 22:29:05
     [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
      sshd_config version.h]
     implement option 'Banner /etc/issue.net' for ssh2, move version to
     2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
     is enabled).
   - markus@cvs.openbsd.org 2001/01/08 22:03:23
     [channels.c ssh-keyscan.c]
     O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/08 21:55:41
     [sshconnect1.c]
     more cleanups and fixes from stevesk@pobox.com:
     1) try_agent_authentication() for loop will overwrite key just
        allocated with key_new(); don't alloc
     2) call ssh_close_authentication_connection() before exit
        try_agent_authentication()
     3) free mem on bad passphrase in try_rsa_authentication()
   - markus@cvs.openbsd.org 2001/01/08 21:48:17
     [kex.c]
     missing free; thanks stevesk@pobox.com
2001-01-09 00:35:42 +00:00
Ben Lindstrom
a14ee47f2e 20001207
- (bal) OpenSSH CVS updates:
   - markus@cvs.openbsd.org 2000/12/06 22:58:14
     [compat.c compat.h packet.c]
     disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
2000-12-07 01:24:58 +00:00
Ben Lindstrom
d121f61370 20001204
- (bal) More C functions defined in NeXT that are unaccessable without
   defining -POSIX.
 - (bal) OpenBSD CVS updates:
   - markus@cvs.openbsd.org 2000/12/03 11:29:04
     [compat.c]
     remove fallback to SSH_BUG_HMAC now that the drafts are updated
   - markus@cvs.openbsd.org 2000/12/03 11:27:55
     [compat.c]
     correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat
   - markus@cvs.openbsd.org 2000/12/03 11:15:03
     [auth2.c compat.c compat.h sshconnect2.c]
     support f-secure/ssh.com 2.0.12; ok niels@
2000-12-03 17:00:47 +00:00
Damien Miller
50a41ed079 - (djm) Sync with OpenBSD:
- markus@cvs.openbsd.org  2000/10/14 04:01:15
     [cipher.c]
     debug3
   - markus@cvs.openbsd.org  2000/10/14 04:07:23
     [scp.c]
     remove spaces from arguments; from djm@mindrot.org
   - markus@cvs.openbsd.org  2000/10/14 06:09:46
     [ssh.1]
     Cipher is for SSH-1 only
   - markus@cvs.openbsd.org  2000/10/14 06:12:09
     [servconf.c servconf.h serverloop.c session.c sshd.8]
     AllowTcpForwarding; from naddy@
   - markus@cvs.openbsd.org  2000/10/14 06:16:56
     [auth2.c compat.c compat.h sshconnect2.c version.h]
     OpenSSH_2.3; note that is is not complete, but the version number
     needs to be changed for interoperability reasons
   - markus@cvs.openbsd.org  2000/10/14 06:19:45
     [auth-rsa.c]
     do not send RSA challenge if key is not allowed by key-options; from
     eivind@ThinkSec.com
   - markus@cvs.openbsd.org  2000/10/15 08:14:01
     [rijndael.c session.c]
     typos; from stevesk@sweden.hp.com
   - markus@cvs.openbsd.org  2000/10/15 08:18:31
     [rijndael.c]
     typo
 - Copy manpages back over from OpenBSD - too tedious to wade through diffs
2000-10-16 12:14:42 +11:00
Damien Miller
e4340be5b3 - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/09/05 02:59:57
     [session.c]
     print hostname (not hushlogin)
   - markus@cvs.openbsd.org  2000/09/05 13:18:48
     [authfile.c ssh-add.c]
     enable ssh-add -d for DSA keys
   - markus@cvs.openbsd.org  2000/09/05 13:20:49
     [sftp-server.c]
     cleanup
   - markus@cvs.openbsd.org  2000/09/06 03:46:41
     [authfile.h]
     prototype
   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
     [ALL]
     cleanup copyright notices on all files.  I have attempted to be
     accurate with the details.  everything is now under Tatu's licence
     (which I copied from his readme), and/or the core-sdi bsd-ish thing
     for deattack, or various openbsd developers under a 2-term bsd
     licence.  We're not changing any rules, just being accurate.
   - markus@cvs.openbsd.org  2000/09/07 14:40:30
     [channels.c channels.h clientloop.c serverloop.c ssh.c]
     cleanup window and packet sizes for ssh2 flow control; ok niels
   - markus@cvs.openbsd.org  2000/09/07 14:53:00
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/09/07 15:13:37
     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
     [pty.c readconf.c]
     some more Copyright fixes
   - markus@cvs.openbsd.org  2000/09/08 03:02:51
     [README.openssh2]
     bye bye
   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
     [LICENCE cipher.c]
     a few more comments about it being ARC4 not RC4
   - markus@cvs.openbsd.org  2000/09/12 14:53:11
     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
     multiple debug levels
   - markus@cvs.openbsd.org  2000/09/14 14:25:15
     [clientloop.c]
     typo
   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
     [ssh-agent.c]
     check return value for setenv(3) for failure, and deal appropriately
2000-09-16 13:29:08 +11:00
Damien Miller
6536c7d3c9 - OpenBSD CVS Updates:
- markus@cvs.openbsd.org  2000/06/18 18:50:11
     [auth2.c compat.c compat.h sshconnect2.c]
     make userauth+pubkey interop with ssh.com-2.2.0
   - markus@cvs.openbsd.org  2000/06/18 20:56:17
     [dsa.c]
     mem leak + be more paranoid in dsa_verify.
   - markus@cvs.openbsd.org  2000/06/18 21:29:50
     [key.c]
     cleanup fingerprinting, less hardcoded sizes
   - markus@cvs.openbsd.org  2000/06/19 19:39:45
     [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
     [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
     [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
     [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
     [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
     [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
     [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
     OpenBSD tag
   - markus@cvs.openbsd.org  2000/06/21 10:46:10
     sshconnect2.c missing free; nuke old comment
2000-06-22 21:32:31 +10:00
Damien Miller
30c3d42930 - OpenBSD CVS update
- markus@cvs.openbsd.org
    [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
    [ssh.h sshconnect1.c sshconnect2.c sshd.8]
    - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
  - hugh@cvs.openbsd.org
    [ssh.1]
    - zap typo
    [ssh-keygen.1]
    - One last nit fix. (markus approved)
    [sshd.8]
    - some markus certified spelling adjustments
  - markus@cvs.openbsd.org
    [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
    [sshconnect2.c ]
    - bug compat w/ ssh-2.0.13 x11, split out bugs
    [nchan.c]
    - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
    [ssh-keygen.c]
    - handle escapes in real and original key format, ok millert@
    [version.h]
    - OpenSSH-2.1
2000-05-09 11:02:59 +10:00
Damien Miller
78928793fb - OpenBSD CVS updates:
- [channels.c]
     repair x11-fwd
   - [sshconnect.c]
     fix passwd prompt for ssh2, less debugging output.
   - [clientloop.c compat.c dsa.c kex.c sshd.c]
     less debugging output
   - [kex.c kex.h sshconnect.c sshd.c]
     check for reasonable public DH values
   - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
     [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
     add Cipher and Protocol options to ssh/sshd, e.g.:
     ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
     arcfour,3des-cbc'
   - [sshd.c]
     print 1.99 only if server supports both
2000-04-12 20:17:38 +10:00
Damien Miller
33b13568b5 - OpenBSD CVS update:
- [packet.h packet.c]
     ssh2 packet format
   - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
     [channels.h channels.c]
     channel layer support for ssh2
   - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
     DSA, keyexchange, algorithm agreement for ssh2
2000-04-04 14:38:59 +10:00
Damien Miller
5428f646ad - More reformatting merged from OpenBSD CVS
- Merged OpenBSD CVS changes:
   - [channels.c]
     report from mrwizard@psu.edu via djm@ibs.com.au
   - [channels.c]
     set SO_REUSEADDR and SO_LINGER for forwarded ports.
     chip@valinux.com via damien@ibs.com.au
   - [nchan.c]
     it's not an error() if shutdown_write failes in nchan.
   - [readconf.c]
     remove dead #ifdef-0-code
   - [readconf.c servconf.c]
     strcasecmp instead of tolower
   - [scp.c]
     progress meter overflow fix from damien@ibs.com.au
   - [ssh-add.1 ssh-add.c]
     SSH_ASKPASS support
   - [ssh.1 ssh.c]
     postpone fork_after_authentication until command execution,
     request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
     plus: use daemon() for backgrounding
1999-11-25 11:54:57 +11:00
Damien Miller
95def09838 - Merged very large OpenBSD source code reformat
- OpenBSD CVS updates
   - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
     [ssh.h sshd.8 sshd.c]
     syslog changes:
     * Unified Logmessage for all auth-types, for success and for failed
     * Standard connections get only ONE line in the LOG when level==LOG:
       Auth-attempts are logged only, if authentication is:
          a) successfull or
          b) with passwd or
          c) we had more than AUTH_FAIL_LOG failues
     * many log() became verbose()
     * old behaviour with level=VERBOSE
   - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
     tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
     messages. allows use of s/key in windows (ttssh, securecrt) and
     ssh-1.2.27 clients without 'ssh -v', ok: niels@
   - [sshd.8]
     -V, for fallback to openssh in SSH2 compatibility mode
   - [sshd.c]
     fix sigchld race; cjc5@po.cwru.edu
1999-11-25 00:26:21 +11:00
Damien Miller
d4a8b7e34d Initial revision 1999-10-27 13:42:43 +10:00