Portable OpenSSH
Go to file
doug@openbsd.org 43849a47c5 upstream commit
Add "id" to ssh-agent pledge for subprocess support.

Found the hard way by Jan Johansson when using ssh-agent with X.  Also,
rearranged proc/exec and retval to match other pledge calls in the tree.

ok djm@

Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db
2015-12-18 14:50:49 +11:00
contrib Increase robustness of redhat/openssh.spec 2015-12-15 15:23:49 +11:00
openbsd-compat Revert "stub for pledge(2) for systems that lack it" 2015-11-30 10:53:25 +11:00
regress upstream commit 2015-12-07 13:21:30 +11:00
scard
.cvsignore
CREDITS
INSTALL 20140908 2014-09-09 12:23:10 +10:00
LICENCE
Makefile.in upstream commit 2015-11-09 14:25:39 +11:00
OVERVIEW upstream commit 2015-07-15 15:36:21 +10:00
PROTOCOL upstream commit 2015-07-17 13:36:30 +10:00
PROTOCOL.agent upstream commit 2015-05-08 13:58:06 +10:00
PROTOCOL.certkeys
PROTOCOL.chacha20poly1305
PROTOCOL.key
PROTOCOL.krl upstream commit 2015-01-30 12:17:07 +11:00
PROTOCOL.mux upstream commit 2015-07-17 13:36:29 +10:00
README we don't use Github for issues/pull-requests 2015-08-21 14:49:03 +10:00
README.dns
README.platform
README.privsep
README.tun
TODO
aclocal.m4
addrmatch.c upstream commit 2015-07-15 15:36:54 +10:00
atomicio.c upstream commit 2015-01-16 18:24:48 +11:00
atomicio.h
audit-bsm.c
audit-linux.c
audit.c
audit.h
auth-bsdauth.c upstream commit 2015-10-25 11:42:04 +11:00
auth-chall.c Remove redundant include of stdarg.h. bz#2410 2015-06-04 14:10:55 +10:00
auth-krb5.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth-options.c upstream commit 2015-12-11 13:23:14 +11:00
auth-options.h upstream commit 2015-01-14 21:34:20 +11:00
auth-pam.c xrealloc -> xreallocarray in portable code too. 2015-04-30 09:18:11 +10:00
auth-pam.h
auth-passwd.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth-rh-rsa.c add --without-ssh1 option to configure 2015-01-13 19:38:18 +11:00
auth-rhosts.c upstream commit 2015-01-09 00:13:35 +11:00
auth-rsa.c upstream commit 2015-01-29 10:18:56 +11:00
auth-shadow.c
auth-sia.c
auth-sia.h
auth-skey.c
auth.c upstream commit 2015-08-21 13:43:25 +10:00
auth.h upstream commit 2015-12-07 12:38:58 +11:00
auth1.c add --without-ssh1 option to configure 2015-01-13 19:38:18 +11:00
auth2-chall.c upstream commit 2015-07-20 10:32:25 +10:00
auth2-gss.c upstream commit 2015-01-20 09:14:16 +11:00
auth2-hostbased.c upstream commit 2015-05-10 11:38:04 +10:00
auth2-kbdint.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth2-none.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth2-passwd.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth2-pubkey.c upstream commit 2015-10-29 19:07:15 +11:00
auth2.c upstream commit 2015-01-20 09:14:16 +11:00
authfd.c upstream commit 2015-12-07 12:38:58 +11:00
authfd.h upstream commit 2015-12-07 12:38:58 +11:00
authfile.c upstream commit 2015-12-18 14:50:48 +11:00
authfile.h upstream commit 2015-01-09 00:17:12 +11:00
bitmap.c upstream commit 2015-09-16 17:52:07 +10:00
bitmap.h add files missed in last commit 2015-01-15 02:28:00 +11:00
blocks.c
bufaux.c - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for 2014-06-11 13:39:24 +10:00
bufbn.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
bufec.c - (djm) [bufec.c] Skip this file on !ECC OpenSSL 2014-08-26 08:37:47 +10:00
buffer.c - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for 2014-06-11 13:39:24 +10:00
buffer.h Include OpenSSL's objects.h before bn.h. 2015-02-24 13:39:57 +11:00
buildpkg.sh.in
canohost.c upstream commit 2015-03-03 04:45:01 +11:00
canohost.h
chacha.c
chacha.h - djm@cvs.openbsd.org 2014/05/02 03:27:54 2014-05-15 14:37:03 +10:00
channels.c upstream commit 2015-10-16 10:54:08 +11:00
channels.h upstream commit 2015-07-01 12:29:43 +10:00
cipher-3des1.c upstream commit 2015-01-14 21:32:54 +11:00
cipher-aes.c
cipher-aesctr.c Add includes.h for compatibility stuff. 2015-02-25 13:17:40 +11:00
cipher-aesctr.h - markus@cvs.openbsd.org 2014/04/29 18:01:49 2014-05-15 14:24:09 +10:00
cipher-bf1.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
cipher-chachapoly.c upstream commit 2015-01-14 21:32:54 +11:00
cipher-chachapoly.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
cipher-ctr.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
cipher.c upstream commit 2015-12-11 13:23:14 +11:00
cipher.h upstream commit 2015-07-15 15:36:55 +10:00
cleanup.c
clientloop.c upstream commit 2015-12-04 15:14:59 +11:00
clientloop.h
compat.c upstream commit 2015-08-20 13:07:42 +10:00
compat.h upstream commit 2015-05-27 13:47:19 +10:00
config.guess Add Linux powerpc64le and powerpcle entries. 2015-06-05 14:51:40 +10:00
config.sub
configure.ac Allow --without-ssl-engine with --without-openssl 2015-12-15 15:10:32 +11:00
crc32.c
crc32.h
crypto_api.h
deattack.c upstream commit 2015-01-26 23:58:53 +11:00
deattack.h upstream commit 2015-01-20 09:13:01 +11:00
defines.h Prevent name collisions with system glob (bz#2463) 2015-10-29 10:48:23 +11:00
dh.c upstream commit 2015-05-28 13:53:13 +10:00
dh.h upstream commit 2015-10-17 09:32:47 +11:00
digest-libc.c upstream commit 2015-05-08 13:32:55 +10:00
digest-openssl.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
digest.h upstream commit 2014-12-22 09:32:29 +11:00
dispatch.c upstream commit 2015-05-10 11:55:48 +10:00
dispatch.h cleaner way fix dispatch.h portion of commit 2015-02-23 22:06:56 -08:00
dns.c upstream commit 2015-08-21 13:43:25 +10:00
dns.h upstream commit 2015-05-08 16:46:01 +10:00
ed25519.c
entropy.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
entropy.h
fatal.c
fe25519.c
fe25519.h
fixalgorithms
fixpaths
fixprogs
ge25519.c
ge25519.h upstream commit 2015-02-17 09:32:31 +11:00
ge25519_base.data
groupaccess.c upstream commit 2015-05-10 11:38:04 +10:00
groupaccess.h
gss-genr.c Include signal.h for sig_atomic_t, used by kex.h. 2015-05-22 17:49:46 +10:00
gss-serv-krb5.c - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used 2014-07-19 06:23:18 +10:00
gss-serv.c upstream commit 2015-05-22 20:02:17 +10:00
hash.c
hmac.c upstream commit 2015-03-27 12:00:47 +11:00
hmac.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
hostfile.c upstream commit 2015-05-10 11:38:04 +10:00
hostfile.h upstream commit 2015-02-17 09:32:31 +11:00
includes.h Prevent name collisions with system glob (bz#2463) 2015-10-29 10:48:23 +11:00
install-sh
kex.c upstream commit 2015-12-11 13:23:14 +11:00
kex.h upstream commit 2015-12-07 12:38:58 +11:00
kexc25519.c upstream commit 2015-03-27 12:02:27 +11:00
kexc25519c.c upstream commit 2015-01-27 00:00:57 +11:00
kexc25519s.c upstream commit 2015-12-07 12:38:58 +11:00
kexdh.c upstream commit 2015-01-20 09:19:39 +11:00
kexdhc.c upstream commit 2015-01-27 00:00:57 +11:00
kexdhs.c upstream commit 2015-12-07 12:38:58 +11:00
kexecdh.c upstream commit 2015-01-20 09:19:39 +11:00
kexecdhc.c upstream commit 2015-01-27 00:00:57 +11:00
kexecdhs.c upstream commit 2015-12-07 12:38:58 +11:00
kexgex.c upstream commit 2015-01-20 09:19:39 +11:00
kexgexc.c upstream commit 2015-05-27 13:47:19 +10:00
kexgexs.c upstream commit 2015-12-07 12:38:58 +11:00
key.c upstream commit 2015-12-07 12:38:58 +11:00
key.h upstream commit 2015-12-07 12:38:58 +11:00
krl.c upstream commit 2015-12-18 14:50:48 +11:00
krl.h upstream commit 2015-01-14 20:32:42 +11:00
log.c upstream commit 2015-07-15 15:36:54 +10:00
log.h
loginrec.c Add sys/time.h for gettimeofday. 2015-12-15 13:59:12 +11:00
loginrec.h
logintest.c
mac.c upstream commit 2015-01-16 18:21:32 +11:00
mac.h upstream commit 2015-01-14 20:43:11 +11:00
match.c upstream commit 2015-05-10 11:38:04 +10:00
match.h upstream commit 2015-05-10 11:38:04 +10:00
md-sha256.c
md5crypt.c
md5crypt.h
mdoc2man.awk
misc.c Don't set IPV6_V6ONLY on OpenBSD 2015-12-09 09:18:45 +11:00
misc.h - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
mkinstalldirs
moduli Import updated moduli file from OpenBSD. 2015-08-10 11:21:13 +10:00
moduli.5
moduli.c upstream commit 2015-01-26 23:58:53 +11:00
monitor.c upstream commit 2015-12-07 12:38:58 +11:00
monitor.h upstream commit 2015-01-20 09:13:01 +11:00
monitor_fdpass.c upstream commit 2015-02-26 10:09:59 +11:00
monitor_fdpass.h
monitor_mm.c don't include stdint.h unless HAVE_STDINT_H set 2015-02-24 09:04:32 +11:00
monitor_mm.h
monitor_wrap.c upstream commit 2015-12-07 12:38:58 +11:00
monitor_wrap.h upstream commit 2015-12-07 12:38:58 +11:00
msg.c upstream commit 2015-01-15 21:39:14 +11:00
msg.h upstream commit 2015-01-15 21:39:14 +11:00
mux.c upstream commit 2015-12-04 15:14:59 +11:00
myproposal.h upstream commit 2015-12-07 12:39:20 +11:00
nchan.c
nchan.ms
nchan2.ms
opacket.c more --without-ssh1 fixes 2015-03-03 13:50:27 -08:00
opacket.h Convert two macros into functions. 2015-02-24 12:30:59 +11:00
openssh.xml.in
opensshd.init.in 20140314 2014-03-14 12:45:01 -07:00
packet.c upstream commit 2015-12-18 14:50:48 +11:00
packet.h upstream commit 2015-12-18 14:50:10 +11:00
pathnames.h
pkcs11.h
platform.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
platform.h
poly1305.c
poly1305.h - djm@cvs.openbsd.org 2014/05/02 03:27:54 2014-05-15 14:37:03 +10:00
progressmeter.c upstream commit 2015-01-15 02:22:18 +11:00
progressmeter.h upstream commit 2015-01-15 02:22:18 +11:00
readconf.c upstream commit 2015-11-16 11:31:39 +11:00
readconf.h upstream commit 2015-11-16 11:31:39 +11:00
readpass.c upstream commit 2015-12-11 13:23:14 +11:00
rijndael.c upstream commit 2015-03-23 17:08:12 +11:00
rijndael.h - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine 2014-05-15 13:45:26 +10:00
roaming.h
roaming_client.c upstream commit 2015-01-29 09:08:06 +11:00
roaming_common.c upstream commit 2015-01-29 09:08:06 +11:00
roaming_dummy.c upstream commit 2015-01-20 09:13:01 +11:00
roaming_serv.c
rsa.c - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
rsa.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
sandbox-capsicum.c
sandbox-darwin.c
sandbox-null.c
sandbox-pledge.c s/SANDBOX_TAME/SANDBOX_PLEDGE/g 2015-10-14 09:22:15 -07:00
sandbox-rlimit.c
sandbox-seccomp-filter.c allow getrandom syscall; from Felix von Leitner 2015-09-10 10:57:41 +10:00
sandbox-systrace.c (re)wrap SYS_sendsyslog in ifdef. 2015-10-29 20:57:34 +11:00
sc25519.c
sc25519.h
scp.1 upstream commit 2015-10-06 12:21:55 +11:00
scp.c upstream commit 2015-11-28 17:44:33 +11:00
servconf.c upstream commit 2015-11-16 11:31:37 +11:00
servconf.h upstream commit 2015-07-15 15:38:02 +10:00
serverloop.c upstream commit 2015-12-07 12:38:58 +11:00
serverloop.h
session.c upstream commit 2015-10-25 11:42:06 +11:00
session.h
sftp-client.c upstream commit 2015-05-28 18:54:55 +10:00
sftp-client.h Prevent name collisions with system glob (bz#2463) 2015-10-29 10:48:23 +11:00
sftp-common.c upstream commit 2015-01-26 23:58:53 +11:00
sftp-common.h upstream commit 2015-01-15 02:22:18 +11:00
sftp-glob.c upstream commit 2015-01-15 02:22:18 +11:00
sftp-server-main.c
sftp-server.8 upstream commit 2014-12-11 19:17:24 +11:00
sftp-server.c upstream commit 2015-11-17 11:15:20 +11:00
sftp.1 upstream commit 2015-10-06 12:21:55 +11:00
sftp.c upstream commit 2015-08-21 13:43:25 +10:00
sftp.h
smult_curve25519_ref.c
ssh-add.1 upstream commit 2015-04-01 10:00:27 +11:00
ssh-add.c upstream commit 2015-12-18 14:49:32 +11:00
ssh-agent.1 upstream commit 2015-11-16 11:31:40 +11:00
ssh-agent.c upstream commit 2015-12-18 14:50:49 +11:00
ssh-dss.c upstream commit 2015-12-18 14:50:48 +11:00
ssh-ecdsa.c upstream commit 2015-12-18 14:50:48 +11:00
ssh-ed25519.c upstream commit 2015-01-16 18:22:24 +11:00
ssh-gss.h
ssh-keygen.1 upstream commit 2015-11-16 11:31:36 +11:00
ssh-keygen.c upstream commit 2015-12-18 14:49:32 +11:00
ssh-keyscan.1 upstream commit 2015-11-09 14:25:41 +11:00
ssh-keyscan.c upstream commit 2015-11-09 14:25:41 +11:00
ssh-keysign.8
ssh-keysign.c upstream commit 2015-12-07 12:38:58 +11:00
ssh-pkcs11-client.c upstream commit 2015-12-11 13:23:14 +11:00
ssh-pkcs11-helper.8
ssh-pkcs11-helper.c upstream commit 2015-08-21 13:43:25 +10:00
ssh-pkcs11.c upstream commit 2015-07-20 10:32:25 +10:00
ssh-pkcs11.h upstream commit 2015-01-15 21:39:14 +11:00
ssh-rsa.c upstream commit 2015-12-18 14:50:48 +11:00
ssh-sandbox.h
ssh.1 upstream commit 2015-11-16 11:31:39 +11:00
ssh.c upstream commit 2015-12-18 14:50:09 +11:00
ssh.h upstream commit 2015-12-18 14:49:32 +11:00
ssh1.h
ssh2.h upstream commit 2015-12-07 12:38:58 +11:00
ssh_api.c upstream commit 2015-12-07 12:38:58 +11:00
ssh_api.h various include fixes for portable 2015-02-24 06:30:29 +11:00
ssh_config
ssh_config.5 upstream commit 2015-11-16 11:31:40 +11:00
sshbuf-getput-basic.c upstream commit 2015-10-25 11:42:04 +11:00
sshbuf-getput-crypto.c upstream commit 2015-01-15 02:22:18 +11:00
sshbuf-misc.c upstream commit 2015-10-06 12:26:41 +11:00
sshbuf.c upstream commit 2015-12-18 14:50:48 +11:00
sshbuf.h upstream commit 2015-12-11 13:23:13 +11:00
sshconnect.c upstream commit 2015-11-20 12:46:06 +11:00
sshconnect.h upstream commit 2015-11-16 11:31:39 +11:00
sshconnect1.c upstream commit 2015-11-16 11:31:39 +11:00
sshconnect2.c upstream commit 2015-12-18 14:49:32 +11:00
sshd.8 upstream commit 2015-11-16 11:31:41 +11:00
sshd.c upstream commit 2015-12-11 13:23:14 +11:00
sshd_config upstream commit 2015-08-11 18:57:29 +10:00
sshd_config.5 upstream commit 2015-11-16 11:31:37 +11:00
ssherr.c upstream commit 2015-09-16 17:52:09 +10:00
ssherr.h upstream commit 2015-01-30 12:18:59 +11:00
sshkey.c upstream commit 2015-12-18 14:50:48 +11:00
sshkey.h upstream commit 2015-12-07 12:38:58 +11:00
sshlogin.c upstream commit 2015-01-26 23:58:53 +11:00
sshlogin.h
sshpty.c upstream commit 2015-08-02 19:59:25 +10:00
sshpty.h
sshtty.c
survey.sh.in
ttymodes.c
ttymodes.h
uidswap.c upstream commit 2015-06-25 09:50:12 +10:00
uidswap.h
umac.c - guenther@cvs.openbsd.org 2014/07/22 07:13:42 2014-07-23 09:43:42 +10:00
umac.h
uuencode.c upstream commit 2015-04-29 18:15:24 +10:00
uuencode.h
verify.c
version.h upstream commit 2015-08-21 13:47:08 +10:00
xmalloc.c upstream commit 2015-04-29 18:15:23 +10:00
xmalloc.h upstream commit 2015-04-29 18:15:23 +10:00

README

See http://www.openssh.com/txt/release-7.1 for the release notes.

Please read http://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or
patch/pull-request management.

- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
- Thanks to HARUYAMA Seigo <haruyama@unixuser.org>

This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other
Unices.

OpenSSH is based on the last free version of Tatu Ylonen's sample
implementation with all patent-encumbered algorithms removed (to
external libraries), all known security bugs fixed, new features
reintroduced and many other clean-ups.  OpenSSH has been created by
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
and Dug Song. It has a homepage at http://www.openssh.com/

This port consists of the re-introduction of autoconf support, PAM
support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
functions that are (regrettably) absent from other unices. This port
has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
NetBSD, OpenBSD, OpenServer, Solaris, Unicos, and UnixWare.

This version actively tracks changes in the OpenBSD CVS repository.

The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for
all logins, not just when using password authentication.

OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5].

There is now several mailing lists for this port of OpenSSH. Please
refer to http://www.openssh.com/list.html for details on how to join.

Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is open to posting by
unsubscribed users.Code contribution are welcomed, but please follow the 
OpenBSD style guidelines[6].

Please refer to the INSTALL document for information on how to install
OpenSSH on your system. There are a number of differences between this
port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
for details and general tips.

Damien Miller <djm@mindrot.org>

Miscellania -

This version of OpenSSH is based upon code retrieved from the OpenBSD
CVS repository which in turn was based on the last free sample
implementation released by Tatu Ylonen.

References -

[0] http://www.openssh.com/faq.html
[1] http://www.lothar.com/tech/crypto/
[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
[3] http://www.gzip.org/zlib/
[4] http://www.openssl.org/
[5] http://www.openpam.org
    http://www.kernel.org/pub/linux/libs/pam/ 
    (PAM also is standard on Solaris and HP-UX 11)
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html

$Id: README,v 1.87 2014/08/10 01:35:06 djm Exp $