Portable OpenSSH
Go to file
Damien Miller 97e2e1596c trivial optimisation for seccomp-bpf
When doing arg inspection and the syscall doesn't match, skip
past the instruction that reloads the syscall into the accumulator,
since the accumulator hasn't been modified at this point.
2015-06-17 14:36:54 +10:00
contrib update version numbers to match version.h 2015-03-04 15:39:22 -08:00
openbsd-compat Replace strcpy with strlcpy. 2015-06-02 20:15:26 +10:00
regress Fix t12 rules for out of tree builds. 2015-06-09 22:41:13 -07:00
scard
.cvsignore
aclocal.m4
addrmatch.c
atomicio.c upstream commit 2015-01-16 18:24:48 +11:00
atomicio.h
audit-bsm.c
audit-linux.c
audit.c
audit.h
auth1.c add --without-ssh1 option to configure 2015-01-13 19:38:18 +11:00
auth2-chall.c upstream commit 2015-01-20 09:14:16 +11:00
auth2-gss.c upstream commit 2015-01-20 09:14:16 +11:00
auth2-hostbased.c upstream commit 2015-05-10 11:38:04 +10:00
auth2-kbdint.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth2-none.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth2-passwd.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth2-pubkey.c upstream commit 2015-05-21 16:45:46 +10:00
auth2.c upstream commit 2015-01-20 09:14:16 +11:00
auth-bsdauth.c - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
auth-chall.c Remove redundant include of stdarg.h. bz#2410 2015-06-04 14:10:55 +10:00
auth-krb5.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth-options.c upstream commit 2015-05-10 11:53:08 +10:00
auth-options.h upstream commit 2015-01-14 21:34:20 +11:00
auth-pam.c xrealloc -> xreallocarray in portable code too. 2015-04-30 09:18:11 +10:00
auth-pam.h
auth-passwd.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth-rh-rsa.c add --without-ssh1 option to configure 2015-01-13 19:38:18 +11:00
auth-rhosts.c upstream commit 2015-01-09 00:13:35 +11:00
auth-rsa.c upstream commit 2015-01-29 10:18:56 +11:00
auth-shadow.c
auth-sia.c
auth-sia.h
auth-skey.c
auth.c upstream commit 2015-05-10 11:54:56 +10:00
auth.h upstream commit 2015-05-10 11:54:10 +10:00
authfd.c upstream commit 2015-03-27 12:02:38 +11:00
authfd.h upstream commit 2015-01-15 21:37:34 +11:00
authfile.c upstream commit 2015-04-29 18:14:21 +10:00
authfile.h upstream commit 2015-01-09 00:17:12 +11:00
bitmap.c upstream commit 2015-01-15 21:37:34 +11:00
bitmap.h add files missed in last commit 2015-01-15 02:28:00 +11:00
blocks.c
bufaux.c - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for 2014-06-11 13:39:24 +10:00
bufbn.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
bufec.c - (djm) [bufec.c] Skip this file on !ECC OpenSSL 2014-08-26 08:37:47 +10:00
buffer.c - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for 2014-06-11 13:39:24 +10:00
buffer.h Include OpenSSL's objects.h before bn.h. 2015-02-24 13:39:57 +11:00
buildpkg.sh.in
canohost.c upstream commit 2015-03-03 04:45:01 +11:00
canohost.h
chacha.c
chacha.h
channels.c upstream commit 2015-06-07 13:09:58 +10:00
channels.h upstream commit 2015-05-08 16:46:01 +10:00
cipher-3des1.c upstream commit 2015-01-14 21:32:54 +11:00
cipher-aes.c
cipher-aesctr.c Add includes.h for compatibility stuff. 2015-02-25 13:17:40 +11:00
cipher-aesctr.h
cipher-bf1.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
cipher-chachapoly.c upstream commit 2015-01-14 21:32:54 +11:00
cipher-chachapoly.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
cipher-ctr.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
cipher.c upstream commit 2015-01-14 21:32:55 +11:00
cipher.h upstream commit 2015-01-14 21:32:54 +11:00
cleanup.c
clientloop.c upstream commit 2015-05-10 11:38:04 +10:00
clientloop.h
compat.c upstream commit 2015-05-27 13:47:19 +10:00
compat.h upstream commit 2015-05-27 13:47:19 +10:00
config.guess Add Linux powerpc64le and powerpcle entries. 2015-06-05 14:51:40 +10:00
config.sub
configure.ac aarch64 support for seccomp-bpf sandbox 2015-06-17 10:50:51 +10:00
crc32.c
crc32.h
CREDITS
crypto_api.h
deattack.c upstream commit 2015-01-26 23:58:53 +11:00
deattack.h upstream commit 2015-01-20 09:13:01 +11:00
defines.h Revert "define __unused to nothing if not already defined" 2015-03-04 06:31:45 +11:00
dh.c upstream commit 2015-05-28 13:53:13 +10:00
dh.h upstream commit 2015-05-28 13:53:13 +10:00
digest-libc.c upstream commit 2015-05-08 13:32:55 +10:00
digest-openssl.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
digest.h upstream commit 2014-12-22 09:32:29 +11:00
dispatch.c upstream commit 2015-05-10 11:55:48 +10:00
dispatch.h cleaner way fix dispatch.h portion of commit 2015-02-23 22:06:56 -08:00
dns.c upstream commit 2015-01-29 10:18:56 +11:00
dns.h upstream commit 2015-05-08 16:46:01 +10:00
ed25519.c
entropy.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
entropy.h
fatal.c
fe25519.c
fe25519.h
fixalgorithms
fixpaths
fixprogs
ge25519_base.data
ge25519.c
ge25519.h upstream commit 2015-02-17 09:32:31 +11:00
groupaccess.c upstream commit 2015-05-10 11:38:04 +10:00
groupaccess.h
gss-genr.c Include signal.h for sig_atomic_t, used by kex.h. 2015-05-22 17:49:46 +10:00
gss-serv-krb5.c - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used 2014-07-19 06:23:18 +10:00
gss-serv.c upstream commit 2015-05-22 20:02:17 +10:00
hash.c
hmac.c upstream commit 2015-03-27 12:00:47 +11:00
hmac.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
hostfile.c upstream commit 2015-05-10 11:38:04 +10:00
hostfile.h upstream commit 2015-02-17 09:32:31 +11:00
includes.h include netdb.h to look for MAXHOSTNAMELEN; ok tim 2015-02-24 16:50:36 -08:00
INSTALL 20140908 2014-09-09 12:23:10 +10:00
install-sh
kex.c upstream commit 2015-04-29 18:14:20 +10:00
kex.h repair --without-openssl; broken in refactor 2015-02-18 22:29:32 +11:00
kexc25519.c upstream commit 2015-03-27 12:02:27 +11:00
kexc25519c.c upstream commit 2015-01-27 00:00:57 +11:00
kexc25519s.c upstream commit 2015-04-29 18:15:52 +10:00
kexdh.c upstream commit 2015-01-20 09:19:39 +11:00
kexdhc.c upstream commit 2015-01-27 00:00:57 +11:00
kexdhs.c upstream commit 2015-01-27 00:00:57 +11:00
kexecdh.c upstream commit 2015-01-20 09:19:39 +11:00
kexecdhc.c upstream commit 2015-01-27 00:00:57 +11:00
kexecdhs.c upstream commit 2015-01-27 00:00:57 +11:00
kexgex.c upstream commit 2015-01-20 09:19:39 +11:00
kexgexc.c upstream commit 2015-05-27 13:47:19 +10:00
kexgexs.c upstream commit 2015-04-13 14:37:20 +10:00
key.c upstream commit 2015-01-29 10:18:56 +11:00
key.h upstream commit 2015-01-29 10:18:56 +11:00
krl.c upstream commit 2015-01-30 12:17:07 +11:00
krl.h upstream commit 2015-01-14 20:32:42 +11:00
LICENCE
log.c
log.h
loginrec.c fix variable name for IPv6 case in construct_utmpx 2014-12-23 15:26:13 +11:00
loginrec.h
logintest.c
mac.c upstream commit 2015-01-16 18:21:32 +11:00
mac.h upstream commit 2015-01-14 20:43:11 +11:00
Makefile.in Revert "Work around finicky USL linker so netcat will build." 2015-02-25 09:56:48 -08:00
match.c upstream commit 2015-05-10 11:38:04 +10:00
match.h upstream commit 2015-05-10 11:38:04 +10:00
md5crypt.c
md5crypt.h
md-sha256.c
mdoc2man.awk
misc.c upstream commit 2015-04-29 18:15:23 +10:00
misc.h - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
mkinstalldirs
moduli New moduli file from OpenBSD, removing 1k groups. 2015-05-28 10:06:50 +10:00
moduli.5
moduli.c upstream commit 2015-01-26 23:58:53 +11:00
monitor_fdpass.c upstream commit 2015-02-26 10:09:59 +11:00
monitor_fdpass.h
monitor_mm.c don't include stdint.h unless HAVE_STDINT_H set 2015-02-24 09:04:32 +11:00
monitor_mm.h
monitor_wrap.c upstream commit 2015-05-10 11:54:10 +10:00
monitor_wrap.h upstream commit 2015-05-10 11:54:10 +10:00
monitor.c upstream commit 2015-05-10 11:54:10 +10:00
monitor.h upstream commit 2015-01-20 09:13:01 +11:00
msg.c upstream commit 2015-01-15 21:39:14 +11:00
msg.h upstream commit 2015-01-15 21:39:14 +11:00
mux.c upstream commit 2015-05-10 11:54:25 +10:00
myproposal.h fix merge botch that left ",," in KEX algs 2015-05-29 18:03:15 +10:00
nchan2.ms
nchan.c
nchan.ms
opacket.c more --without-ssh1 fixes 2015-03-03 13:50:27 -08:00
opacket.h Convert two macros into functions. 2015-02-24 12:30:59 +11:00
openssh.xml.in
opensshd.init.in
OVERVIEW
packet.c upstream commit 2015-05-10 11:55:48 +10:00
packet.h cleaner way fix dispatch.h portion of commit 2015-02-23 22:06:56 -08:00
pathnames.h
pkcs11.h
platform.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
platform.h
poly1305.c
poly1305.h
progressmeter.c upstream commit 2015-01-15 02:22:18 +11:00
progressmeter.h upstream commit 2015-01-15 02:22:18 +11:00
PROTOCOL upstream commit 2015-05-08 13:58:06 +10:00
PROTOCOL.agent upstream commit 2015-05-08 13:58:06 +10:00
PROTOCOL.certkeys
PROTOCOL.chacha20poly1305
PROTOCOL.key
PROTOCOL.krl upstream commit 2015-01-30 12:17:07 +11:00
PROTOCOL.mux
readconf.c upstream commit 2015-05-22 20:02:18 +10:00
readconf.h upstream commit 2015-02-17 09:32:32 +11:00
README update version numbers to match version.h 2015-03-04 15:39:22 -08:00
README.dns
README.platform
README.privsep
README.tun
readpass.c
rijndael.c upstream commit 2015-03-23 17:08:12 +11:00
rijndael.h
roaming_client.c upstream commit 2015-01-29 09:08:06 +11:00
roaming_common.c upstream commit 2015-01-29 09:08:06 +11:00
roaming_dummy.c upstream commit 2015-01-20 09:13:01 +11:00
roaming_serv.c
roaming.h
rsa.c - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
rsa.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
sandbox-capsicum.c
sandbox-darwin.c
sandbox-null.c
sandbox-rlimit.c
sandbox-seccomp-filter.c trivial optimisation for seccomp-bpf 2015-06-17 14:36:54 +10:00
sandbox-systrace.c upstream commit 2015-05-21 15:06:06 +10:00
sc25519.c
sc25519.h
scp.1 upstream commit 2015-01-30 22:47:01 +11:00
scp.c upstream commit 2015-04-29 18:15:23 +10:00
servconf.c upstream commit 2015-05-22 20:02:17 +10:00
servconf.h upstream commit 2015-05-22 20:02:17 +10:00
serverloop.c upstream commit 2015-02-21 09:20:28 +11:00
serverloop.h
session.c upstream commit 2015-04-29 18:15:23 +10:00
session.h
sftp-client.c upstream commit 2015-05-28 18:54:55 +10:00
sftp-client.h upstream commit 2015-05-08 16:46:01 +10:00
sftp-common.c upstream commit 2015-01-26 23:58:53 +11:00
sftp-common.h upstream commit 2015-01-15 02:22:18 +11:00
sftp-glob.c upstream commit 2015-01-15 02:22:18 +11:00
sftp-server-main.c
sftp-server.8 upstream commit 2014-12-11 19:17:24 +11:00
sftp-server.c upstream commit 2015-04-29 18:15:23 +10:00
sftp.1 upstream commit 2015-01-30 22:47:01 +11:00
sftp.c upstream commit 2015-01-26 23:58:53 +11:00
sftp.h
smult_curve25519_ref.c
ssh1.h
ssh2.h
ssh_api.c Repair for non-ECC OpenSSL. 2015-02-23 05:04:21 +11:00
ssh_api.h various include fixes for portable 2015-02-24 06:30:29 +11:00
ssh_config
ssh_config.5 upstream commit 2015-06-04 08:53:54 +10:00
ssh-add.1 upstream commit 2015-04-01 10:00:27 +11:00
ssh-add.c upstream commit 2015-03-27 12:02:34 +11:00
ssh-agent.1 upstream commit 2015-04-29 18:15:38 +10:00
ssh-agent.c conditionalise util.h inclusion 2015-05-21 17:55:15 +10:00
ssh-dss.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
ssh-ecdsa.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
ssh-ed25519.c upstream commit 2015-01-16 18:22:24 +11:00
ssh-gss.h
ssh-keygen.1 upstream commit 2015-02-26 04:32:08 +11:00
ssh-keygen.c upstream commit 2015-05-28 18:54:58 +10:00
ssh-keyscan.1 upstream commit 2014-10-13 11:37:32 +11:00
ssh-keyscan.c upstream commit 2015-04-13 14:37:18 +10:00
ssh-keysign.8
ssh-keysign.c upstream commit 2015-03-27 12:00:52 +11:00
ssh-pkcs11-client.c - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
ssh-pkcs11-helper.8
ssh-pkcs11-helper.c upstream commit 2015-01-26 23:58:53 +11:00
ssh-pkcs11.c upstream commit 2015-05-27 15:16:59 +10:00
ssh-pkcs11.h upstream commit 2015-01-15 21:39:14 +11:00
ssh-rsa.c upstream commit 2015-06-15 13:45:24 +10:00
ssh-sandbox.h
ssh.1 upstream commit 2015-05-22 20:02:19 +10:00
ssh.c upstream commit 2015-05-10 11:38:04 +10:00
ssh.h
sshbuf-getput-basic.c upstream commit 2015-01-15 02:22:18 +11:00
sshbuf-getput-crypto.c upstream commit 2015-01-15 02:22:18 +11:00
sshbuf-misc.c upstream commit 2015-03-27 12:00:47 +11:00
sshbuf.c upstream commit 2015-01-26 23:58:53 +11:00
sshbuf.h more --without-openssl 2015-01-15 03:08:58 +11:00
sshconnect1.c upstream commit 2015-01-15 21:37:34 +11:00
sshconnect2.c upstream commit 2015-05-10 11:38:04 +10:00
sshconnect.c upstream commit 2015-05-28 18:54:57 +10:00
sshconnect.h
sshd_config upstream commit 2015-04-29 18:20:12 +10:00
sshd_config.5 upstream commit 2015-06-05 15:18:02 +10:00
sshd.8 upstream commit 2015-05-10 11:35:07 +10:00
sshd.c upstream commit 2015-05-25 09:49:48 +10:00
ssherr.c upstream commit 2015-02-17 09:32:32 +11:00
ssherr.h upstream commit 2015-01-30 12:18:59 +11:00
sshkey.c upstream commit 2015-05-21 15:06:06 +10:00
sshkey.h upstream commit 2015-05-21 15:06:06 +10:00
sshlogin.c upstream commit 2015-01-26 23:58:53 +11:00
sshlogin.h
sshpty.c platform's with openpty don't need pty_release 2015-04-13 14:40:17 +10:00
sshpty.h
sshtty.c
survey.sh.in
TODO
ttymodes.c
ttymodes.h
uidswap.c xrealloc -> xreallocarray in portable code too. 2015-04-30 09:18:11 +10:00
uidswap.h
umac.c - guenther@cvs.openbsd.org 2014/07/22 07:13:42 2014-07-23 09:43:42 +10:00
umac.h
uuencode.c upstream commit 2015-04-29 18:15:24 +10:00
uuencode.h
verify.c
version.h upstream commit 2015-03-05 05:59:46 +11:00
xmalloc.c upstream commit 2015-04-29 18:15:23 +10:00
xmalloc.h upstream commit 2015-04-29 18:15:23 +10:00

See http://www.openssh.com/txt/release-6.8 for the release notes.

- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
- Thanks to HARUYAMA Seigo <haruyama@unixuser.org>

This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other
Unices.

OpenSSH is based on the last free version of Tatu Ylonen's sample
implementation with all patent-encumbered algorithms removed (to
external libraries), all known security bugs fixed, new features
reintroduced and many other clean-ups.  OpenSSH has been created by
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
and Dug Song. It has a homepage at http://www.openssh.com/

This port consists of the re-introduction of autoconf support, PAM
support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
functions that are (regrettably) absent from other unices. This port
has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
NetBSD, OpenBSD, OpenServer, Solaris, Unicos, and UnixWare.

This version actively tracks changes in the OpenBSD CVS repository.

The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for
all logins, not just when using password authentication.

OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5].

There is now several mailing lists for this port of OpenSSH. Please
refer to http://www.openssh.com/list.html for details on how to join.

Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is open to posting by
unsubscribed users.Code contribution are welcomed, but please follow the 
OpenBSD style guidelines[6].

Please refer to the INSTALL document for information on how to install
OpenSSH on your system. There are a number of differences between this
port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
for details and general tips.

Damien Miller <djm@mindrot.org>

Miscellania -

This version of OpenSSH is based upon code retrieved from the OpenBSD
CVS repository which in turn was based on the last free sample
implementation released by Tatu Ylonen.

References -

[0] http://www.openssh.com/faq.html
[1] http://www.lothar.com/tech/crypto/
[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
[3] http://www.gzip.org/zlib/
[4] http://www.openssl.org/
[5] http://www.openpam.org
    http://www.kernel.org/pub/linux/libs/pam/ 
    (PAM also is standard on Solaris and HP-UX 11)
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html

$Id: README,v 1.87 2014/08/10 01:35:06 djm Exp $