mirror of git://anongit.mindrot.org/openssh.git
43849a47c5
Add "id" to ssh-agent pledge for subprocess support. Found the hard way by Jan Johansson when using ssh-agent with X. Also, rearranged proc/exec and retval to match other pledge calls in the tree. ok djm@ Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db |
||
---|---|---|
contrib | ||
openbsd-compat | ||
regress | ||
scard | ||
.cvsignore | ||
CREDITS | ||
INSTALL | ||
LICENCE | ||
Makefile.in | ||
OVERVIEW | ||
PROTOCOL | ||
PROTOCOL.agent | ||
PROTOCOL.certkeys | ||
PROTOCOL.chacha20poly1305 | ||
PROTOCOL.key | ||
PROTOCOL.krl | ||
PROTOCOL.mux | ||
README | ||
README.dns | ||
README.platform | ||
README.privsep | ||
README.tun | ||
TODO | ||
aclocal.m4 | ||
addrmatch.c | ||
atomicio.c | ||
atomicio.h | ||
audit-bsm.c | ||
audit-linux.c | ||
audit.c | ||
audit.h | ||
auth-bsdauth.c | ||
auth-chall.c | ||
auth-krb5.c | ||
auth-options.c | ||
auth-options.h | ||
auth-pam.c | ||
auth-pam.h | ||
auth-passwd.c | ||
auth-rh-rsa.c | ||
auth-rhosts.c | ||
auth-rsa.c | ||
auth-shadow.c | ||
auth-sia.c | ||
auth-sia.h | ||
auth-skey.c | ||
auth.c | ||
auth.h | ||
auth1.c | ||
auth2-chall.c | ||
auth2-gss.c | ||
auth2-hostbased.c | ||
auth2-kbdint.c | ||
auth2-none.c | ||
auth2-passwd.c | ||
auth2-pubkey.c | ||
auth2.c | ||
authfd.c | ||
authfd.h | ||
authfile.c | ||
authfile.h | ||
bitmap.c | ||
bitmap.h | ||
blocks.c | ||
bufaux.c | ||
bufbn.c | ||
bufec.c | ||
buffer.c | ||
buffer.h | ||
buildpkg.sh.in | ||
canohost.c | ||
canohost.h | ||
chacha.c | ||
chacha.h | ||
channels.c | ||
channels.h | ||
cipher-3des1.c | ||
cipher-aes.c | ||
cipher-aesctr.c | ||
cipher-aesctr.h | ||
cipher-bf1.c | ||
cipher-chachapoly.c | ||
cipher-chachapoly.h | ||
cipher-ctr.c | ||
cipher.c | ||
cipher.h | ||
cleanup.c | ||
clientloop.c | ||
clientloop.h | ||
compat.c | ||
compat.h | ||
config.guess | ||
config.sub | ||
configure.ac | ||
crc32.c | ||
crc32.h | ||
crypto_api.h | ||
deattack.c | ||
deattack.h | ||
defines.h | ||
dh.c | ||
dh.h | ||
digest-libc.c | ||
digest-openssl.c | ||
digest.h | ||
dispatch.c | ||
dispatch.h | ||
dns.c | ||
dns.h | ||
ed25519.c | ||
entropy.c | ||
entropy.h | ||
fatal.c | ||
fe25519.c | ||
fe25519.h | ||
fixalgorithms | ||
fixpaths | ||
fixprogs | ||
ge25519.c | ||
ge25519.h | ||
ge25519_base.data | ||
groupaccess.c | ||
groupaccess.h | ||
gss-genr.c | ||
gss-serv-krb5.c | ||
gss-serv.c | ||
hash.c | ||
hmac.c | ||
hmac.h | ||
hostfile.c | ||
hostfile.h | ||
includes.h | ||
install-sh | ||
kex.c | ||
kex.h | ||
kexc25519.c | ||
kexc25519c.c | ||
kexc25519s.c | ||
kexdh.c | ||
kexdhc.c | ||
kexdhs.c | ||
kexecdh.c | ||
kexecdhc.c | ||
kexecdhs.c | ||
kexgex.c | ||
kexgexc.c | ||
kexgexs.c | ||
key.c | ||
key.h | ||
krl.c | ||
krl.h | ||
log.c | ||
log.h | ||
loginrec.c | ||
loginrec.h | ||
logintest.c | ||
mac.c | ||
mac.h | ||
match.c | ||
match.h | ||
md-sha256.c | ||
md5crypt.c | ||
md5crypt.h | ||
mdoc2man.awk | ||
misc.c | ||
misc.h | ||
mkinstalldirs | ||
moduli | ||
moduli.5 | ||
moduli.c | ||
monitor.c | ||
monitor.h | ||
monitor_fdpass.c | ||
monitor_fdpass.h | ||
monitor_mm.c | ||
monitor_mm.h | ||
monitor_wrap.c | ||
monitor_wrap.h | ||
msg.c | ||
msg.h | ||
mux.c | ||
myproposal.h | ||
nchan.c | ||
nchan.ms | ||
nchan2.ms | ||
opacket.c | ||
opacket.h | ||
openssh.xml.in | ||
opensshd.init.in | ||
packet.c | ||
packet.h | ||
pathnames.h | ||
pkcs11.h | ||
platform.c | ||
platform.h | ||
poly1305.c | ||
poly1305.h | ||
progressmeter.c | ||
progressmeter.h | ||
readconf.c | ||
readconf.h | ||
readpass.c | ||
rijndael.c | ||
rijndael.h | ||
roaming.h | ||
roaming_client.c | ||
roaming_common.c | ||
roaming_dummy.c | ||
roaming_serv.c | ||
rsa.c | ||
rsa.h | ||
sandbox-capsicum.c | ||
sandbox-darwin.c | ||
sandbox-null.c | ||
sandbox-pledge.c | ||
sandbox-rlimit.c | ||
sandbox-seccomp-filter.c | ||
sandbox-systrace.c | ||
sc25519.c | ||
sc25519.h | ||
scp.1 | ||
scp.c | ||
servconf.c | ||
servconf.h | ||
serverloop.c | ||
serverloop.h | ||
session.c | ||
session.h | ||
sftp-client.c | ||
sftp-client.h | ||
sftp-common.c | ||
sftp-common.h | ||
sftp-glob.c | ||
sftp-server-main.c | ||
sftp-server.8 | ||
sftp-server.c | ||
sftp.1 | ||
sftp.c | ||
sftp.h | ||
smult_curve25519_ref.c | ||
ssh-add.1 | ||
ssh-add.c | ||
ssh-agent.1 | ||
ssh-agent.c | ||
ssh-dss.c | ||
ssh-ecdsa.c | ||
ssh-ed25519.c | ||
ssh-gss.h | ||
ssh-keygen.1 | ||
ssh-keygen.c | ||
ssh-keyscan.1 | ||
ssh-keyscan.c | ||
ssh-keysign.8 | ||
ssh-keysign.c | ||
ssh-pkcs11-client.c | ||
ssh-pkcs11-helper.8 | ||
ssh-pkcs11-helper.c | ||
ssh-pkcs11.c | ||
ssh-pkcs11.h | ||
ssh-rsa.c | ||
ssh-sandbox.h | ||
ssh.1 | ||
ssh.c | ||
ssh.h | ||
ssh1.h | ||
ssh2.h | ||
ssh_api.c | ||
ssh_api.h | ||
ssh_config | ||
ssh_config.5 | ||
sshbuf-getput-basic.c | ||
sshbuf-getput-crypto.c | ||
sshbuf-misc.c | ||
sshbuf.c | ||
sshbuf.h | ||
sshconnect.c | ||
sshconnect.h | ||
sshconnect1.c | ||
sshconnect2.c | ||
sshd.8 | ||
sshd.c | ||
sshd_config | ||
sshd_config.5 | ||
ssherr.c | ||
ssherr.h | ||
sshkey.c | ||
sshkey.h | ||
sshlogin.c | ||
sshlogin.h | ||
sshpty.c | ||
sshpty.h | ||
sshtty.c | ||
survey.sh.in | ||
ttymodes.c | ||
ttymodes.h | ||
uidswap.c | ||
uidswap.h | ||
umac.c | ||
umac.h | ||
uuencode.c | ||
uuencode.h | ||
verify.c | ||
version.h | ||
xmalloc.c | ||
xmalloc.h |
README
See http://www.openssh.com/txt/release-7.1 for the release notes. Please read http://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or patch/pull-request management. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html - Thanks to HARUYAMA Seigo <haruyama@unixuser.org> This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other Unices. OpenSSH is based on the last free version of Tatu Ylonen's sample implementation with all patent-encumbered algorithms removed (to external libraries), all known security bugs fixed, new features reintroduced and many other clean-ups. OpenSSH has been created by Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. It has a homepage at http://www.openssh.com/ This port consists of the re-introduction of autoconf support, PAM support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library functions that are (regrettably) absent from other unices. This port has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X, NetBSD, OpenBSD, OpenServer, Solaris, Unicos, and UnixWare. This version actively tracks changes in the OpenBSD CVS repository. The PAM support is now more functional than the popular packages of commercial ssh-1.2.x. It checks "account" and "session" modules for all logins, not just when using password authentication. OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5]. There is now several mailing lists for this port of OpenSSH. Please refer to http://www.openssh.com/list.html for details on how to join. Please send bug reports and patches to the mailing list openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed users.Code contribution are welcomed, but please follow the OpenBSD style guidelines[6]. Please refer to the INSTALL document for information on how to install OpenSSH on your system. There are a number of differences between this port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7] for details and general tips. Damien Miller <djm@mindrot.org> Miscellania - This version of OpenSSH is based upon code retrieved from the OpenBSD CVS repository which in turn was based on the last free sample implementation released by Tatu Ylonen. References - [0] http://www.openssh.com/faq.html [1] http://www.lothar.com/tech/crypto/ [2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html [3] http://www.gzip.org/zlib/ [4] http://www.openssl.org/ [5] http://www.openpam.org http://www.kernel.org/pub/linux/libs/pam/ (PAM also is standard on Solaris and HP-UX 11) [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html $Id: README,v 1.87 2014/08/10 01:35:06 djm Exp $