1
0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-24 02:42:25 +00:00
Portable OpenSSH
Go to file
Tim Rice bba02a5094 modified: auth-sia.c
modified:   openbsd-compat/port-aix.c
	modified:   openbsd-compat/port-uw.c

	propogate changes to auth-passwd.c in commit
	7c85685760 to other providers
	of sys_auth_passwd()
2018-03-25 09:17:33 -07:00
contrib Remove remaining now-obsolete cvs $Ids. 2018-02-15 20:06:19 +11:00
openbsd-compat modified: auth-sia.c 2018-03-25 09:17:33 -07:00
regress Replace /dev/stdin with "-". 2018-03-25 09:40:46 +11:00
.depend upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
.gitignore Fuzzer harnesses for sig verify and pubkey parsing 2017-09-08 12:44:13 +10:00
.skipped-commit-ids upstream commit 2018-01-23 16:34:53 +11:00
aclocal.m4
addrmatch.c
atomicio.c
atomicio.h
audit-bsm.c
audit-linux.c
audit.c
audit.h
auth2-chall.c upstream commit 2017-05-31 10:50:33 +10:00
auth2-gss.c upstream commit 2017-06-24 16:56:11 +10:00
auth2-hostbased.c upstream commit 2018-01-23 16:40:29 +11:00
auth2-kbdint.c upstream commit 2017-05-31 10:50:33 +10:00
auth2-none.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
auth2-passwd.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
auth2-pubkey.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
auth2.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
auth-bsdauth.c
auth-krb5.c
auth-options.c upstream: rename recently-added "valid-before" key restriction to 2018-03-14 18:55:33 +11:00
auth-options.h upstream: add valid-before="[time]" authorized_keys option. A 2018-03-14 18:55:32 +11:00
auth-pam.c Update PAM password change to new opts API. 2018-03-03 16:21:20 +11:00
auth-pam.h upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
auth-passwd.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
auth-rhosts.c
auth-shadow.c
auth-sia.c modified: auth-sia.c 2018-03-25 09:17:33 -07:00
auth-sia.h
auth-skey.c
auth.c upstream: add valid-before="[time]" authorized_keys option. A 2018-03-14 18:55:32 +11:00
auth.h upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
authfd.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
authfd.h upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
authfile.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
authfile.h
bitmap.c upstream commit 2017-10-20 12:58:35 +11:00
bitmap.h upstream commit 2017-10-20 12:58:35 +11:00
bufaux.c
bufbn.c upstream commit 2017-05-01 10:05:02 +10:00
bufec.c
buffer.c
buffer.h upstream commit 2017-05-01 10:05:02 +10:00
buildpkg.sh.in
canohost.c
canohost.h
chacha.c
chacha.h
channels.c upstream commit 2018-02-07 07:50:46 +11:00
channels.h upstream commit 2017-09-22 09:14:53 +10:00
cipher-aes.c
cipher-aesctr.c
cipher-aesctr.h
cipher-chachapoly.c
cipher-chachapoly.h
cipher-ctr.c
cipher.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
cipher.h upstream commit 2017-05-08 09:21:00 +10:00
cleanup.c
clientloop.c upstream Don't reset signal handlers inside handlers. 2018-02-13 09:29:09 +11:00
clientloop.h upstream commit 2017-10-23 16:14:30 +11:00
compat.c upstream: Don't send IUTF8 to servers that don't like them. 2018-02-16 23:25:48 +11:00
compat.h upstream: Don't send IUTF8 to servers that don't like them. 2018-02-16 23:25:48 +11:00
config.guess
config.sub
configure.ac Add AC_LANG_PROGRAM to AC_COMPILE_IFELSE. 2018-03-12 19:17:26 +11:00
crc32.c
crc32.h
CREDITS
crypto_api.h crypto_api.h needs includes.h 2018-01-24 12:20:44 +11:00
defines.h Remove UNICOS support. 2018-02-15 20:04:02 +11:00
dh.c upstream commit 2018-02-08 09:26:27 +11:00
dh.h
digest-libc.c upstream commit 2017-05-10 11:41:21 +10:00
digest-openssl.c upstream commit 2017-05-10 11:41:21 +10:00
digest.h upstream commit 2017-05-10 11:41:21 +10:00
dispatch.c upstream commit 2017-06-01 14:53:33 +10:00
dispatch.h upstream commit 2017-06-01 14:53:33 +10:00
dns.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
dns.h upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
ed25519.c
entropy.c Replace remaining mysignal() with signal(). 2018-02-15 22:06:26 +11:00
entropy.h
fatal.c
fe25519.c
fe25519.h
fixalgorithms
fixpaths
ge25519_base.data
ge25519.c
ge25519.h
groupaccess.c
groupaccess.h
gss-genr.c
gss-serv-krb5.c
gss-serv.c upstream commit 2017-06-24 16:56:11 +10:00
hash.c upstream commit 2018-01-23 16:35:07 +11:00
hmac.c
hmac.h
hostfile.c upstream commit 2017-06-01 14:55:22 +10:00
hostfile.h
includes.h portability for sftp globbed ls sort by mtime 2017-06-10 23:41:25 +10:00
INSTALL Remove extra newline. 2018-02-15 22:28:00 +11:00
install-sh Pull in newer install-sh from autoconf-2.69. 2017-12-01 17:07:08 +11:00
kex.c upstream commit 2018-02-08 09:26:27 +11:00
kex.h upstream commit 2017-05-31 10:50:05 +10:00
kexc25519.c
kexc25519c.c upstream commit 2017-12-19 15:21:37 +11:00
kexc25519s.c upstream commit 2017-10-20 12:58:18 +11:00
kexdh.c
kexdhc.c upstream commit 2018-02-08 09:26:27 +11:00
kexdhs.c upstream commit 2018-02-08 09:26:27 +11:00
kexecdh.c
kexecdhc.c upstream commit 2018-02-08 09:26:27 +11:00
kexecdhs.c upstream commit 2018-02-08 09:26:27 +11:00
kexgex.c
kexgexc.c upstream commit 2018-02-08 09:26:27 +11:00
kexgexs.c upstream commit 2018-02-08 09:26:27 +11:00
key.c upstream commit 2017-12-19 15:21:37 +11:00
key.h upstream commit 2017-12-19 15:21:37 +11:00
krl.c upstream commit 2017-12-19 15:21:37 +11:00
krl.h
LICENCE upstream commit 2017-05-01 10:05:04 +10:00
log.c upstream commit 2017-05-17 11:25:22 +10:00
log.h upstream commit 2017-05-17 11:25:22 +10:00
loginrec.c Remove UNICOS support. 2018-02-15 20:04:02 +11:00
loginrec.h
logintest.c
mac.c upstream commit 2017-05-10 11:41:21 +10:00
mac.h
Makefile.in Replace $(CURDIR) with $(PWD). 2018-02-26 16:24:23 +11:00
match.c
match.h
md5crypt.c Remove assigned-to-but-never-used variable. 2018-02-13 16:27:09 +11:00
md5crypt.h
mdoc2man.awk Remove remaining now-obsolete cvs $Ids. 2018-02-15 20:06:19 +11:00
misc.c upstream: add valid-before="[time]" authorized_keys option. A 2018-03-14 18:55:32 +11:00
misc.h upstream: add valid-before="[time]" authorized_keys option. A 2018-03-14 18:55:32 +11:00
mkinstalldirs Remove remaining now-obsolete cvs $Ids. 2018-02-15 20:06:19 +11:00
moduli upstream commit 2017-12-07 11:40:38 +11:00
moduli.5
moduli.c upstream commit 2017-12-12 10:32:04 +11:00
monitor_fdpass.c
monitor_fdpass.h
monitor_wrap.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
monitor_wrap.h upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
monitor.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
monitor.h
msg.c
msg.h
mux.c upstream commit 2017-09-22 09:14:53 +10:00
myproposal.h upstream commit 2017-05-08 09:21:11 +10:00
nchan2.ms
nchan.c upstream commit 2017-09-12 17:37:03 +10:00
nchan.ms
opacket.c upstream commit 2017-10-20 12:58:35 +11:00
opacket.h upstream commit 2017-10-20 12:58:35 +11:00
openssh.xml.in
opensshd.init.in Remove RSA1 host key generation. 2017-12-01 16:55:35 +11:00
OVERVIEW
packet.c upstream commit 2017-12-19 15:21:37 +11:00
packet.h upstream commit 2017-12-12 10:32:04 +11:00
pathnames.h upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
pkcs11.h
platform-misc.c Split platform_sys_dir_uid into its own file 2017-08-25 13:25:01 +10:00
platform-pledge.c
platform-tracing.c
platform.c Split platform_sys_dir_uid into its own file 2017-08-25 13:25:01 +10:00
platform.h
poly1305.c
poly1305.h
progressmeter.c
progressmeter.h
PROTOCOL upstream: emphasise that the hostkey rotation may send key types 2018-02-23 13:37:32 +11:00
PROTOCOL.agent update URL again 2017-10-01 10:32:25 +11:00
PROTOCOL.certkeys upstream commit 2017-11-03 16:20:41 +11:00
PROTOCOL.chacha20poly1305
PROTOCOL.key
PROTOCOL.krl
PROTOCOL.mux
readconf.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
readconf.h upstream: Add BindInterface ssh_config directive and -B 2018-02-23 13:37:49 +11:00
README Use https URLs for links that support it. 2018-03-08 10:41:30 +11:00
README.dns
README.platform
README.privsep Remove references to UNICOS. 2018-02-15 22:28:14 +11:00
README.tun
readpass.c
rijndael.c
rijndael.h
sandbox-capsicum.c Switch Capsicum header to sys/capsicum.h. 2017-08-28 16:48:27 +10:00
sandbox-darwin.c
sandbox-null.c
sandbox-pledge.c
sandbox-rlimit.c
sandbox-seccomp-filter.c
sandbox-solaris.c drop two more privileges in the Solaris sandbox 2017-06-09 14:44:43 +10:00
sandbox-systrace.c
sc25519.c
sc25519.h
scp.1 upstream: some cleanup for BindInterface and ssh-keyscan; 2018-02-26 11:32:29 +11:00
scp.c upstream commit 2018-02-10 17:16:04 +11:00
servconf.c upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report by 2018-03-02 14:30:15 +11:00
servconf.h upstream commit 2017-10-25 12:26:21 +11:00
serverloop.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
serverloop.h upstream commit 2017-09-12 17:37:02 +10:00
session.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
session.h upstream commit 2017-09-12 17:37:02 +10:00
sftp-client.c upstream commit 2017-12-07 11:38:50 +11:00
sftp-client.h
sftp-common.c upstream commit 2017-06-10 16:40:11 +10:00
sftp-common.h
sftp-glob.c
sftp-server-main.c
sftp-server.8
sftp-server.c
sftp.1 upstream: some cleanup for BindInterface and ssh-keyscan; 2018-02-26 11:32:29 +11:00
sftp.c upstream commit 2017-11-03 16:20:41 +11:00
sftp.h
smult_curve25519_ref.c
ssh2.h
ssh_api.c upstream commit 2017-05-01 09:42:37 +10:00
ssh_api.h
ssh_config upstream commit 2017-05-08 09:21:00 +10:00
ssh_config.5 upstream: some cleanup for BindInterface and ssh-keyscan; 2018-02-26 11:32:29 +11:00
ssh-add.1 upstream commit 2017-09-04 09:38:57 +10:00
ssh-add.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
ssh-agent.1
ssh-agent.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
ssh-dss.c upstream commit 2018-02-08 09:26:27 +11:00
ssh-ecdsa.c upstream commit 2018-02-08 09:26:27 +11:00
ssh-ed25519.c
ssh-gss.h upstream commit 2017-06-24 16:56:11 +10:00
ssh-keygen.1 upstream: add valid-before="[time]" authorized_keys option. A 2018-03-14 18:55:32 +11:00
ssh-keygen.c upstream: add valid-before="[time]" authorized_keys option. A 2018-03-14 18:55:32 +11:00
ssh-keyscan.1 upstream: move the input format details to -f; remove the output 2018-03-12 11:48:15 +11:00
ssh-keyscan.c upstream: apply a lick of paint; tweaks/ok dtucker 2018-03-03 14:20:47 +11:00
ssh-keysign.8
ssh-keysign.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
ssh-pkcs11-client.c upstream commit 2018-02-07 07:50:46 +11:00
ssh-pkcs11-helper.8
ssh-pkcs11-helper.c upstream commit 2018-01-23 16:31:55 +11:00
ssh-pkcs11.c upstream commit 2018-02-08 09:26:27 +11:00
ssh-pkcs11.h
ssh-rsa.c upstream: Ensure that D mod (P-1) and D mod (Q-1) are calculated in 2018-02-16 13:35:28 +11:00
ssh-sandbox.h
ssh-xmss.c Add WITH_XMSS, move to prevent conflicts. 2018-02-28 19:59:35 +11:00
ssh.1 upstream: some cleanup for BindInterface and ssh-keyscan; 2018-02-26 11:32:29 +11:00
ssh.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
ssh.h upstream commit 2017-05-08 09:21:22 +10:00
sshbuf-getput-basic.c upstream commit 2017-06-01 14:55:23 +10:00
sshbuf-getput-crypto.c
sshbuf-misc.c
sshbuf.c upstream commit 2017-06-07 11:31:15 +10:00
sshbuf.h upstream commit 2017-09-12 17:37:02 +10:00
sshconnect2.c upstream: fix bogus warning when signing cert keys using agent; 2018-03-25 09:47:30 +11:00
sshconnect.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
sshconnect.h upstream commit 2018-02-10 20:26:40 +11:00
sshd_config upstream: stop loading DSA keys by default, remove sshd_config 2018-02-16 13:35:28 +11:00
sshd_config.5 upstream: Mention recent DH KEX methods: 2018-02-16 13:42:09 +11:00
sshd.8 upstream: sort expiry-time; 2018-03-14 18:55:33 +11:00
sshd.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
ssherr.c upstream commit 2017-09-12 17:37:02 +10:00
ssherr.h upstream commit 2017-09-12 17:37:02 +10:00
sshkey-xmss.c Add WITH_XMSS, move to prevent conflicts. 2018-02-28 19:59:35 +11:00
sshkey-xmss.h upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
sshkey.c upstream: ssh/xmss: fix deserialize for certs; ok djm@ 2018-03-23 11:05:39 +11:00
sshkey.h Check for attributes on prototype args. 2018-02-27 08:51:56 +11:00
sshlogin.c
sshlogin.h
sshpty.c Remove UNICOS support. 2018-02-15 20:04:02 +11:00
sshpty.h
sshtty.c
survey.sh.in
TODO
ttymodes.c upstream: Don't send IUTF8 to servers that don't like them. 2018-02-16 23:25:48 +11:00
ttymodes.h upstream commit 2017-05-01 10:05:04 +10:00
uidswap.c
uidswap.h
umac128.c upstream commit 2018-02-09 20:00:18 +11:00
umac.c upstream commit 2017-12-19 15:17:38 +11:00
umac.h
utf8.c upstream commit 2017-06-01 14:55:22 +10:00
utf8.h
uuencode.c
uuencode.h
verify.c
version.h upstream: openssh-7.7 2018-03-25 09:48:48 +11:00
xmalloc.c upstream commit 2017-06-01 14:55:22 +10:00
xmalloc.h upstream commit 2017-06-01 14:55:22 +10:00
xmss_commons.c upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_commons.h Remove extra XMSS #endif 2018-03-05 10:22:32 +11:00
xmss_fast.c upstream: ssh/xmss: fix build; ok djm@ 2018-03-23 11:05:39 +11:00
xmss_fast.h upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_hash_address.c upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_hash_address.h upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_hash.c upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_hash.h upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_wots.c upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_wots.h upstream: Remove unneeded (local) include. ok markus@ 2018-03-02 14:30:02 +11:00

See https://www.openssh.com/releasenotes.html#7.6p1 for the release notes.

Please read https://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or
patch/pull-request management.

- A Japanese translation of this document and of the release notes is
- available at https://www.unixuser.org/~haruyama/security/openssh/index.html
- Thanks to HARUYAMA Seigo <haruyama@unixuser.org>

This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other
Unices.

OpenSSH is based on the last free version of Tatu Ylonen's sample
implementation with all patent-encumbered algorithms removed (to
external libraries), all known security bugs fixed, new features
reintroduced and many other clean-ups.  OpenSSH has been created by
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
and Dug Song. It has a homepage at https://www.openssh.com/

This port consists of the re-introduction of autoconf support, PAM
support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
functions that are (regrettably) absent from other unices. This port
has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
NetBSD, OpenBSD, OpenServer, Solaris and UnixWare.

This version actively tracks changes in the OpenBSD CVS repository.

The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for
all logins, not just when using password authentication.

OpenSSH depends on Zlib[3], OpenSSL[4], and optionally PAM[5] and
libedit[6]

There is now several mailing lists for this port of OpenSSH. Please
refer to https://www.openssh.com/list.html for details on how to join.

Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed
users.  Code contribution are welcomed, but please follow the OpenBSD
style guidelines[7].

Please refer to the INSTALL document for information on how to install
OpenSSH on your system.

Damien Miller <djm@mindrot.org>

Miscellania -

This version of OpenSSH is based upon code retrieved from the OpenBSD
CVS repository which in turn was based on the last free sample
implementation released by Tatu Ylonen.

References -

[0] https://www.openssh.com/
[1] http://www.lothar.com/tech/crypto/
[2] http://prngd.sourceforge.net/
[3] https://www.zlib.net/
[4] https://www.openssl.org/
[5] https://www.openpam.org
    https://www.kernel.org/pub/linux/libs/pam/
    (PAM also is standard on Solaris and HP-UX 11)
[6] https://thrysoee.dk/editline/ (portable version)
[7] https://man.openbsd.org/style.9