Portable OpenSSH
Go to file
djm@openbsd.org df56a8035d upstream commit
fix NULL-deref when SSH1 reenabled

Upstream-ID: f22fd805288c92b3e9646782d15b48894b2d5295
2015-07-15 18:02:12 +10:00
contrib crank version numbers for release 2015-07-01 11:49:12 +10:00
openbsd-compat Replace strcpy with strlcpy. 2015-06-02 20:15:26 +10:00
regress upstream commit 2015-07-15 17:25:10 +10:00
scard
.cvsignore
aclocal.m4 - (djm) [configure.ac aclocal.m4] More tests to detect fallout from 2014-01-22 21:30:12 +11:00
addrmatch.c upstream commit 2015-07-15 15:36:54 +10:00
atomicio.c upstream commit 2015-01-16 18:24:48 +11:00
atomicio.h
audit-bsm.c
audit-linux.c
audit.c
audit.h
auth1.c add --without-ssh1 option to configure 2015-01-13 19:38:18 +11:00
auth2-chall.c upstream commit 2015-01-20 09:14:16 +11:00
auth2-gss.c upstream commit 2015-01-20 09:14:16 +11:00
auth2-hostbased.c upstream commit 2015-05-10 11:38:04 +10:00
auth2-kbdint.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth2-none.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth2-passwd.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth2-pubkey.c upstream commit 2015-06-17 22:12:05 +10:00
auth2.c upstream commit 2015-01-20 09:14:16 +11:00
auth-bsdauth.c - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
auth-chall.c Remove redundant include of stdarg.h. bz#2410 2015-06-04 14:10:55 +10:00
auth-krb5.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth-options.c upstream commit 2015-07-15 15:35:09 +10:00
auth-options.h upstream commit 2015-01-14 21:34:20 +11:00
auth-pam.c xrealloc -> xreallocarray in portable code too. 2015-04-30 09:18:11 +10:00
auth-pam.h
auth-passwd.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
auth-rh-rsa.c add --without-ssh1 option to configure 2015-01-13 19:38:18 +11:00
auth-rhosts.c upstream commit 2015-01-09 00:13:35 +11:00
auth-rsa.c upstream commit 2015-01-29 10:18:56 +11:00
auth-shadow.c
auth-sia.c
auth-sia.h
auth-skey.c
auth.c upstream commit 2015-05-10 11:54:56 +10:00
auth.h upstream commit 2015-05-10 11:54:10 +10:00
authfd.c upstream commit 2015-07-15 15:35:09 +10:00
authfd.h upstream commit 2015-01-15 21:37:34 +11:00
authfile.c upstream commit 2015-07-15 15:37:16 +10:00
authfile.h upstream commit 2015-01-09 00:17:12 +11:00
bitmap.c upstream commit 2015-01-15 21:37:34 +11:00
bitmap.h add files missed in last commit 2015-01-15 02:28:00 +11:00
blocks.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include 2014-01-17 12:43:43 +11:00
bufaux.c - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for 2014-06-11 13:39:24 +10:00
bufbn.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
bufec.c - (djm) [bufec.c] Skip this file on !ECC OpenSSL 2014-08-26 08:37:47 +10:00
buffer.c - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for 2014-06-11 13:39:24 +10:00
buffer.h Include OpenSSL's objects.h before bn.h. 2015-02-24 13:39:57 +11:00
buildpkg.sh.in
canohost.c upstream commit 2015-03-03 04:45:01 +11:00
canohost.h
chacha.c
chacha.h - djm@cvs.openbsd.org 2014/05/02 03:27:54 2014-05-15 14:37:03 +10:00
channels.c upstream commit 2015-07-01 12:29:43 +10:00
channels.h upstream commit 2015-07-01 12:29:43 +10:00
cipher-3des1.c upstream commit 2015-01-14 21:32:54 +11:00
cipher-aes.c
cipher-aesctr.c Add includes.h for compatibility stuff. 2015-02-25 13:17:40 +11:00
cipher-aesctr.h - markus@cvs.openbsd.org 2014/04/29 18:01:49 2014-05-15 14:24:09 +10:00
cipher-bf1.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
cipher-chachapoly.c upstream commit 2015-01-14 21:32:54 +11:00
cipher-chachapoly.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
cipher-ctr.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
cipher.c upstream commit 2015-01-14 21:32:55 +11:00
cipher.h upstream commit 2015-07-15 15:36:55 +10:00
cleanup.c
clientloop.c upstream commit 2015-07-15 15:38:02 +10:00
clientloop.h
compat.c upstream commit 2015-07-15 15:38:02 +10:00
compat.h upstream commit 2015-05-27 13:47:19 +10:00
config.guess Add Linux powerpc64le and powerpcle entries. 2015-06-05 14:51:40 +10:00
config.sub
configure.ac upstream commit 2015-07-15 15:24:40 +10:00
crc32.c
crc32.h
CREDITS
crypto_api.h - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. 2014-01-17 12:31:33 +11:00
deattack.c upstream commit 2015-01-26 23:58:53 +11:00
deattack.h upstream commit 2015-01-20 09:13:01 +11:00
defines.h Revert "define __unused to nothing if not already defined" 2015-03-04 06:31:45 +11:00
dh.c upstream commit 2015-05-28 13:53:13 +10:00
dh.h upstream commit 2015-05-28 13:53:13 +10:00
digest-libc.c upstream commit 2015-05-08 13:32:55 +10:00
digest-openssl.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
digest.h upstream commit 2014-12-22 09:32:29 +11:00
dispatch.c upstream commit 2015-05-10 11:55:48 +10:00
dispatch.h cleaner way fix dispatch.h portion of commit 2015-02-23 22:06:56 -08:00
dns.c upstream commit 2015-01-29 10:18:56 +11:00
dns.h upstream commit 2015-05-08 16:46:01 +10:00
ed25519.c
entropy.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
entropy.h
fatal.c
fe25519.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include 2014-01-17 12:43:43 +11:00
fe25519.h
fixalgorithms
fixpaths
fixprogs
ge25519_base.data
ge25519.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include 2014-01-17 12:43:43 +11:00
ge25519.h upstream commit 2015-02-17 09:32:31 +11:00
groupaccess.c upstream commit 2015-05-10 11:38:04 +10:00
groupaccess.h
gss-genr.c Include signal.h for sig_atomic_t, used by kex.h. 2015-05-22 17:49:46 +10:00
gss-serv-krb5.c - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used 2014-07-19 06:23:18 +10:00
gss-serv.c upstream commit 2015-05-22 20:02:17 +10:00
hash.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include 2014-01-17 12:43:43 +11:00
hmac.c upstream commit 2015-03-27 12:00:47 +11:00
hmac.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
hostfile.c upstream commit 2015-05-10 11:38:04 +10:00
hostfile.h upstream commit 2015-02-17 09:32:31 +11:00
includes.h include netdb.h to look for MAXHOSTNAMELEN; ok tim 2015-02-24 16:50:36 -08:00
INSTALL 20140908 2014-09-09 12:23:10 +10:00
install-sh
kex.c upstream commit 2015-04-29 18:14:20 +10:00
kex.h repair --without-openssl; broken in refactor 2015-02-18 22:29:32 +11:00
kexc25519.c upstream commit 2015-03-27 12:02:27 +11:00
kexc25519c.c upstream commit 2015-01-27 00:00:57 +11:00
kexc25519s.c upstream commit 2015-04-29 18:15:52 +10:00
kexdh.c upstream commit 2015-01-20 09:19:39 +11:00
kexdhc.c upstream commit 2015-01-27 00:00:57 +11:00
kexdhs.c upstream commit 2015-01-27 00:00:57 +11:00
kexecdh.c upstream commit 2015-01-20 09:19:39 +11:00
kexecdhc.c upstream commit 2015-01-27 00:00:57 +11:00
kexecdhs.c upstream commit 2015-01-27 00:00:57 +11:00
kexgex.c upstream commit 2015-01-20 09:19:39 +11:00
kexgexc.c upstream commit 2015-05-27 13:47:19 +10:00
kexgexs.c upstream commit 2015-04-13 14:37:20 +10:00
key.c upstream commit 2015-07-15 15:35:09 +10:00
key.h upstream commit 2015-07-15 15:35:09 +10:00
krl.c upstream commit 2015-07-15 15:35:09 +10:00
krl.h upstream commit 2015-01-14 20:32:42 +11:00
LICENCE
log.c upstream commit 2015-07-15 15:36:54 +10:00
log.h
loginrec.c fix variable name for IPv6 case in construct_utmpx 2014-12-23 15:26:13 +11:00
loginrec.h
logintest.c
mac.c upstream commit 2015-01-16 18:21:32 +11:00
mac.h upstream commit 2015-01-14 20:43:11 +11:00
Makefile.in Revert "Work around finicky USL linker so netcat will build." 2015-02-25 09:56:48 -08:00
match.c upstream commit 2015-05-10 11:38:04 +10:00
match.h upstream commit 2015-05-10 11:38:04 +10:00
md5crypt.c
md5crypt.h
md-sha256.c
mdoc2man.awk
misc.c upstream commit 2015-04-29 18:15:23 +10:00
misc.h - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
mkinstalldirs
moduli New moduli file from OpenBSD, removing 1k groups. 2015-05-28 10:06:50 +10:00
moduli.5
moduli.c upstream commit 2015-01-26 23:58:53 +11:00
monitor_fdpass.c upstream commit 2015-02-26 10:09:59 +11:00
monitor_fdpass.h
monitor_mm.c don't include stdint.h unless HAVE_STDINT_H set 2015-02-24 09:04:32 +11:00
monitor_mm.h - tedu@cvs.openbsd.org 2014/01/04 17:50:55 2014-01-10 10:37:05 +11:00
monitor_wrap.c upstream commit 2015-05-10 11:54:10 +10:00
monitor_wrap.h upstream commit 2015-05-10 11:54:10 +10:00
monitor.c upstream commit 2015-06-23 10:34:47 +10:00
monitor.h upstream commit 2015-01-20 09:13:01 +11:00
msg.c upstream commit 2015-01-15 21:39:14 +11:00
msg.h upstream commit 2015-01-15 21:39:14 +11:00
mux.c upstream commit 2015-05-10 11:54:25 +10:00
myproposal.h upstream commit 2015-07-15 15:38:02 +10:00
nchan2.ms
nchan.c
nchan.ms
opacket.c more --without-ssh1 fixes 2015-03-03 13:50:27 -08:00
opacket.h Convert two macros into functions. 2015-02-24 12:30:59 +11:00
openssh.xml.in
opensshd.init.in 20140314 2014-03-14 12:45:01 -07:00
OVERVIEW upstream commit 2015-07-15 15:36:21 +10:00
packet.c upstream commit 2015-05-10 11:55:48 +10:00
packet.h cleaner way fix dispatch.h portion of commit 2015-02-23 22:06:56 -08:00
pathnames.h
pkcs11.h
platform.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 2014-07-18 14:11:24 +10:00
platform.h
poly1305.c - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. 2014-01-17 12:42:17 +11:00
poly1305.h - djm@cvs.openbsd.org 2014/05/02 03:27:54 2014-05-15 14:37:03 +10:00
progressmeter.c upstream commit 2015-01-15 02:22:18 +11:00
progressmeter.h upstream commit 2015-01-15 02:22:18 +11:00
PROTOCOL upstream commit 2015-05-08 13:58:06 +10:00
PROTOCOL.agent upstream commit 2015-05-08 13:58:06 +10:00
PROTOCOL.certkeys
PROTOCOL.chacha20poly1305
PROTOCOL.key
PROTOCOL.krl upstream commit 2015-01-30 12:17:07 +11:00
PROTOCOL.mux
readconf.c upstream commit 2015-07-15 15:38:02 +10:00
readconf.h upstream commit 2015-07-15 15:38:02 +10:00
README crank version numbers for release 2015-07-01 11:49:12 +10:00
README.dns
README.platform
README.privsep
README.tun
readpass.c - djm@cvs.openbsd.org 2014/02/02 03:44:32 2014-02-04 11:20:14 +11:00
rijndael.c upstream commit 2015-03-23 17:08:12 +11:00
rijndael.h - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine 2014-05-15 13:45:26 +10:00
roaming_client.c upstream commit 2015-01-29 09:08:06 +11:00
roaming_common.c upstream commit 2015-01-29 09:08:06 +11:00
roaming_dummy.c upstream commit 2015-01-20 09:13:01 +11:00
roaming_serv.c
roaming.h
rsa.c - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
rsa.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
sandbox-capsicum.c - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by 2014-02-05 10:33:45 +11:00
sandbox-darwin.c - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] 2014-01-17 16:47:04 +11:00
sandbox-null.c - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] 2014-01-17 16:47:04 +11:00
sandbox-rlimit.c - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable 2014-01-26 09:39:53 +11:00
sandbox-seccomp-filter.c upstream commit 2015-06-30 08:36:34 +10:00
sandbox-systrace.c upstream commit 2015-06-30 08:36:34 +10:00
sc25519.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include 2014-01-17 12:43:43 +11:00
sc25519.h
scp.1 upstream commit 2015-07-15 15:38:02 +10:00
scp.c upstream commit 2015-04-29 18:15:23 +10:00
servconf.c upstream commit 2015-07-15 15:38:02 +10:00
servconf.h upstream commit 2015-07-15 15:38:02 +10:00
serverloop.c upstream commit 2015-02-21 09:20:28 +11:00
serverloop.h
session.c upstream commit 2015-04-29 18:15:23 +10:00
session.h
sftp-client.c upstream commit 2015-05-28 18:54:55 +10:00
sftp-client.h upstream commit 2015-05-08 16:46:01 +10:00
sftp-common.c upstream commit 2015-01-26 23:58:53 +11:00
sftp-common.h upstream commit 2015-01-15 02:22:18 +11:00
sftp-glob.c upstream commit 2015-01-15 02:22:18 +11:00
sftp-server-main.c
sftp-server.8 upstream commit 2014-12-11 19:17:24 +11:00
sftp-server.c upstream commit 2015-04-29 18:15:23 +10:00
sftp.1 upstream commit 2015-01-30 22:47:01 +11:00
sftp.c upstream commit 2015-01-26 23:58:53 +11:00
sftp.h
smult_curve25519_ref.c
ssh1.h
ssh2.h - djm@cvs.openbsd.org 2014/01/29 06:18:35 2014-02-04 11:12:56 +11:00
ssh_api.c Repair for non-ECC OpenSSL. 2015-02-23 05:04:21 +11:00
ssh_api.h various include fixes for portable 2015-02-24 06:30:29 +11:00
ssh_config
ssh_config.5 upstream commit 2015-07-15 15:38:02 +10:00
ssh-add.1 upstream commit 2015-04-01 10:00:27 +11:00
ssh-add.c upstream commit 2015-07-15 15:35:09 +10:00
ssh-agent.1 upstream commit 2015-04-29 18:15:38 +10:00
ssh-agent.c upstream commit 2015-07-15 15:37:16 +10:00
ssh-dss.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
ssh-ecdsa.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
ssh-ed25519.c upstream commit 2015-01-16 18:22:24 +11:00
ssh-gss.h - djm@cvs.openbsd.org 2014/02/26 20:28:44 2014-02-27 10:17:49 +11:00
ssh-keygen.1 upstream commit 2015-07-15 15:36:02 +10:00
ssh-keygen.c upstream commit 2015-07-15 15:36:02 +10:00
ssh-keyscan.1 upstream commit 2014-10-13 11:37:32 +11:00
ssh-keyscan.c upstream commit 2015-04-13 14:37:18 +10:00
ssh-keysign.8
ssh-keysign.c upstream commit 2015-07-15 15:36:02 +10:00
ssh-pkcs11-client.c - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
ssh-pkcs11-helper.8
ssh-pkcs11-helper.c upstream commit 2015-01-26 23:58:53 +11:00
ssh-pkcs11.c upstream commit 2015-05-27 15:16:59 +10:00
ssh-pkcs11.h upstream commit 2015-01-15 21:39:14 +11:00
ssh-rsa.c upstream commit 2015-06-15 13:45:24 +10:00
ssh-sandbox.h - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] 2014-01-17 16:47:04 +11:00
ssh.1 upstream commit 2015-07-15 15:38:02 +10:00
ssh.c upstream commit 2015-05-10 11:38:04 +10:00
ssh.h upstream commit 2015-07-15 15:36:02 +10:00
sshbuf-getput-basic.c upstream commit 2015-01-15 02:22:18 +11:00
sshbuf-getput-crypto.c upstream commit 2015-01-15 02:22:18 +11:00
sshbuf-misc.c upstream commit 2015-03-27 12:00:47 +11:00
sshbuf.c upstream commit 2015-01-26 23:58:53 +11:00
sshbuf.h more --without-openssl 2015-01-15 03:08:58 +11:00
sshconnect1.c upstream commit 2015-01-15 21:37:34 +11:00
sshconnect2.c upstream commit 2015-07-15 15:38:02 +10:00
sshconnect.c upstream commit 2015-05-28 18:54:57 +10:00
sshconnect.h
sshd_config upstream commit 2015-04-29 18:20:12 +10:00
sshd_config.5 upstream commit 2015-07-15 15:38:02 +10:00
sshd.8 upstream commit 2015-07-15 15:36:02 +10:00
sshd.c upstream commit 2015-07-15 18:02:12 +10:00
ssherr.c upstream commit 2015-02-17 09:32:32 +11:00
ssherr.h upstream commit 2015-01-30 12:18:59 +11:00
sshkey.c upstream commit 2015-07-15 15:35:09 +10:00
sshkey.h upstream commit 2015-07-15 15:36:21 +10:00
sshlogin.c upstream commit 2015-01-26 23:58:53 +11:00
sshlogin.h
sshpty.c platform's with openpty don't need pty_release 2015-04-13 14:40:17 +10:00
sshpty.h
sshtty.c
survey.sh.in
TODO
ttymodes.c
ttymodes.h
uidswap.c upstream commit 2015-06-25 09:50:12 +10:00
uidswap.h
umac.c - guenther@cvs.openbsd.org 2014/07/22 07:13:42 2014-07-23 09:43:42 +10:00
umac.h
uuencode.c upstream commit 2015-04-29 18:15:24 +10:00
uuencode.h
verify.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include 2014-01-17 12:43:43 +11:00
version.h upstream commit 2015-07-01 11:58:36 +10:00
xmalloc.c upstream commit 2015-04-29 18:15:23 +10:00
xmalloc.h upstream commit 2015-04-29 18:15:23 +10:00

See http://www.openssh.com/txt/release-6.9 for the release notes.

- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
- Thanks to HARUYAMA Seigo <haruyama@unixuser.org>

This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other
Unices.

OpenSSH is based on the last free version of Tatu Ylonen's sample
implementation with all patent-encumbered algorithms removed (to
external libraries), all known security bugs fixed, new features
reintroduced and many other clean-ups.  OpenSSH has been created by
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
and Dug Song. It has a homepage at http://www.openssh.com/

This port consists of the re-introduction of autoconf support, PAM
support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
functions that are (regrettably) absent from other unices. This port
has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
NetBSD, OpenBSD, OpenServer, Solaris, Unicos, and UnixWare.

This version actively tracks changes in the OpenBSD CVS repository.

The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for
all logins, not just when using password authentication.

OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5].

There is now several mailing lists for this port of OpenSSH. Please
refer to http://www.openssh.com/list.html for details on how to join.

Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is open to posting by
unsubscribed users.Code contribution are welcomed, but please follow the 
OpenBSD style guidelines[6].

Please refer to the INSTALL document for information on how to install
OpenSSH on your system. There are a number of differences between this
port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
for details and general tips.

Damien Miller <djm@mindrot.org>

Miscellania -

This version of OpenSSH is based upon code retrieved from the OpenBSD
CVS repository which in turn was based on the last free sample
implementation released by Tatu Ylonen.

References -

[0] http://www.openssh.com/faq.html
[1] http://www.lothar.com/tech/crypto/
[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
[3] http://www.gzip.org/zlib/
[4] http://www.openssl.org/
[5] http://www.openpam.org
    http://www.kernel.org/pub/linux/libs/pam/ 
    (PAM also is standard on Solaris and HP-UX 11)
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html

$Id: README,v 1.87 2014/08/10 01:35:06 djm Exp $