Portable OpenSSH
Go to file
Damien Miller e3ea335abe Remove macro trickery; no binary change
This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros
prepending __NR_ to the syscall number parameter and just makes
them explicit in the macro invocations.

No binary change in stripped object file before/after.
2017-03-14 17:53:17 +11:00
contrib crank version numbers for release 2016-12-19 15:59:41 +11:00
openbsd-compat sync fmt_scaled.c with OpenBSD 2017-03-12 10:48:14 +11:00
regress Plumb conversion test into makefile. 2017-03-14 14:19:36 +11:00
.skipped-commit-ids upstream commit 2016-10-13 18:55:25 +11:00
aclocal.m4 Test multiplying two long long ints. 2016-08-17 13:35:43 +10:00
addrmatch.c upstream commit 2016-09-22 03:14:59 +10:00
atomicio.c upstream commit 2016-08-03 15:38:43 +10:00
atomicio.h
audit-bsm.c Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
audit-linux.c Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
audit.c Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
audit.h Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
auth2-chall.c upstream commit 2016-05-02 20:35:04 +10:00
auth2-gss.c
auth2-hostbased.c upstream commit 2016-03-08 06:20:35 +11:00
auth2-kbdint.c
auth2-none.c
auth2-passwd.c
auth2-pubkey.c upstream commit 2017-01-30 12:04:10 +11:00
auth2.c upstream commit 2017-02-04 10:09:43 +11:00
auth-bsdauth.c upstream commit 2015-10-25 11:42:04 +11:00
auth-krb5.c upstream commit 2016-05-19 17:48:34 +10:00
auth-options.c upstream commit 2016-11-30 19:44:01 +11:00
auth-options.h upstream commit 2016-11-30 19:44:01 +11:00
auth-pam.c Check for NULL from malloc. 2017-03-10 13:40:18 +11:00
auth-pam.h Remove do_pam_set_tty which is dead code. 2016-10-15 04:34:46 +11:00
auth-passwd.c upstream commit 2016-07-22 13:36:40 +10:00
auth-rhosts.c upstream commit 2016-08-14 11:19:14 +10:00
auth-shadow.c
auth-sia.c
auth-sia.h
auth-skey.c
auth.c upstream commit 2016-12-16 13:12:18 +11:00
auth.h upstream commit 2016-08-14 11:19:14 +10:00
authfd.c upstream commit 2015-12-07 12:38:58 +11:00
authfd.h upstream commit 2015-12-07 12:38:58 +11:00
authfile.c upstream commit 2016-11-29 16:48:02 +11:00
authfile.h
bitmap.c upstream commit 2015-09-16 17:52:07 +10:00
bitmap.h
blocks.c
bufaux.c
bufbn.c
bufec.c
buffer.c
buffer.h
buildpkg.sh.in Update links to https. 2016-10-21 06:55:58 +11:00
canohost.c upstream commit 2016-03-08 06:20:35 +11:00
canohost.h upstream commit 2016-03-08 06:20:35 +11:00
chacha.c
chacha.h upstream commit 2016-08-29 11:20:28 +10:00
channels.c If OSX is using launchd, remove screen no. 2017-03-10 13:22:32 +11:00
channels.h upstream commit 2017-02-03 14:23:24 +11:00
cipher-3des1.c Skip ssh1 specfic ciphers. 2016-10-28 13:38:19 +11:00
cipher-aes.c
cipher-aesctr.c
cipher-aesctr.h
cipher-bf1.c Skip ssh1 specfic ciphers. 2016-10-28 13:38:19 +11:00
cipher-chachapoly.c upstream commit 2016-08-09 09:06:52 +10:00
cipher-chachapoly.h
cipher-ctr.c
cipher.c Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL 2016-10-28 14:34:56 +11:00
cipher.h upstream commit 2016-08-09 09:06:52 +10:00
cleanup.c
clientloop.c upstream commit 2017-03-10 16:02:46 +11:00
clientloop.h upstream commit 2016-10-01 02:45:10 +10:00
compat.c upstream commit 2017-02-04 10:08:15 +11:00
compat.h
config.guess update config.guess and config.sub to current 2016-08-02 10:48:04 +10:00
config.sub update config.guess and config.sub to current 2016-08-02 10:48:04 +10:00
configure.ac prefer to use ldns-config to find libldns 2017-02-03 16:03:05 +11:00
crc32.c
crc32.h
CREDITS Remove now-obsolete CVS $Id tags from text files. 2016-08-17 13:40:58 +10:00
crypto_api.h
deattack.c
deattack.h
defines.h Move DEF_WEAK into defines.h. 2016-10-15 05:51:12 +11:00
dh.c upstream commit 2016-12-16 13:12:18 +11:00
dh.h upstream commit 2016-05-02 20:39:32 +10:00
digest-libc.c
digest-openssl.c upstream commit 2017-03-10 15:23:17 +11:00
digest.h
dispatch.c
dispatch.h
dns.c
dns.h
ed25519.c
entropy.c
entropy.h Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
fatal.c
fe25519.c
fe25519.h
fixalgorithms
fixpaths
fixprogs
ge25519_base.data
ge25519.c
ge25519.h
groupaccess.c
groupaccess.h
gss-genr.c upstream commit 2016-09-12 13:46:29 +10:00
gss-serv-krb5.c
gss-serv.c
hash.c
hmac.c
hmac.h
hostfile.c upstream commit 2017-03-10 15:35:39 +11:00
hostfile.h
includes.h Prevent name collisions with system glob (bz#2463) 2015-10-29 10:48:23 +11:00
INSTALL Re-add missing "Prerequisites" header and fix typo 2016-12-20 12:16:11 +11:00
install-sh
kex.c upstream commit 2017-03-10 15:35:39 +11:00
kex.h upstream commit 2016-09-29 08:18:39 +10:00
kexc25519.c upstream commit 2016-05-02 20:35:04 +10:00
kexc25519c.c
kexc25519s.c upstream commit 2015-12-07 12:38:58 +11:00
kexdh.c upstream commit 2016-05-02 20:39:32 +10:00
kexdhc.c upstream commit 2016-05-02 20:39:32 +10:00
kexdhs.c upstream commit 2016-05-02 20:39:32 +10:00
kexecdh.c
kexecdhc.c
kexecdhs.c upstream commit 2015-12-07 12:38:58 +11:00
kexgex.c
kexgexc.c upstream commit 2016-09-12 13:46:29 +10:00
kexgexs.c upstream commit 2016-09-12 13:46:29 +10:00
key.c upstream commit 2016-05-02 20:35:05 +10:00
key.h upstream commit 2016-09-13 09:33:24 +10:00
krl.c upstream commit 2017-03-12 10:50:18 +11:00
krl.h upstream commit 2016-01-07 20:13:32 +11:00
LICENCE
log.c upstream commit 2017-03-10 15:25:11 +11:00
log.h upstream commit 2016-07-15 20:54:55 +10:00
loginrec.c Add sys/time.h for gettimeofday. 2015-12-15 13:59:12 +11:00
loginrec.h
logintest.c
mac.c Move OPENSSL_NO_RIPEMD160 to compat. 2016-10-28 14:26:58 +11:00
mac.h upstream commit 2016-07-08 13:50:03 +10:00
Makefile.in Plumb conversion test into makefile. 2017-03-14 14:19:36 +11:00
match.c upstream commit 2017-03-10 15:35:40 +11:00
match.h upstream commit 2017-02-04 10:08:15 +11:00
md5crypt.c
md5crypt.h Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
md-sha256.c
mdoc2man.awk fix mdoc2man.awk formatting for top-level lists 2016-09-28 07:40:33 +10:00
misc.c upstream commit 2017-03-14 13:45:14 +11:00
misc.h upstream commit 2016-11-30 19:44:01 +11:00
mkinstalldirs
moduli Import updated moduli. 2016-08-11 11:42:48 +10:00
moduli.5
moduli.c upstream commit 2016-09-12 13:46:29 +10:00
monitor_fdpass.c upstream commit 2016-03-04 15:12:17 +11:00
monitor_fdpass.h
monitor_wrap.c upstream commit 2016-08-14 11:19:14 +10:00
monitor_wrap.h upstream commit 2016-09-29 03:11:32 +10:00
monitor.c upstream commit 2017-02-04 10:09:43 +11:00
monitor.h upstream commit 2016-09-29 03:11:32 +10:00
msg.c
msg.h
mux.c upstream commit 2017-01-30 11:07:44 +11:00
myproposal.h upstream commit 2016-09-29 03:11:32 +10:00
nchan2.ms
nchan.c
nchan.ms
opacket.c upstream commit 2016-01-27 16:54:10 +11:00
opacket.h upstream commit 2016-10-01 02:45:10 +10:00
openssh.xml.in
opensshd.init.in modified: configure.ac opensshd.init.in 2016-08-01 14:31:52 -07:00
OVERVIEW
packet.c upstream commit 2017-03-12 10:50:19 +11:00
packet.h upstream commit 2017-02-04 10:08:15 +11:00
pathnames.h Remove LOGIN_PROGRAM. 2017-01-16 09:08:32 +11:00
pkcs11.h
platform-pledge.c Support Illumos/Solaris fine-grained privileges 2016-01-08 14:29:12 +11:00
platform-tracing.c Use ptrace(PT_DENY_ATTACH, ..) on OS X. 2016-11-01 08:12:33 +11:00
platform.c Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
platform.h Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
poly1305.c
poly1305.h
progressmeter.c upstream commit 2016-07-08 13:46:59 +10:00
progressmeter.h
PROTOCOL Update links to https. 2016-10-21 06:55:58 +11:00
PROTOCOL.agent upstream commit 2016-05-19 17:48:36 +10:00
PROTOCOL.certkeys upstream commit 2016-05-03 20:29:14 +10:00
PROTOCOL.chacha20poly1305 upstream commit 2016-05-04 00:55:21 +10:00
PROTOCOL.key
PROTOCOL.krl
PROTOCOL.mux
readconf.c upstream commit 2017-03-10 15:35:39 +11:00
readconf.h upstream commit 2016-07-15 14:20:10 +10:00
README crank version numbers for release 2016-12-19 15:59:41 +11:00
README.dns
README.platform Remove now-obsolete CVS $Id tags from text files. 2016-08-17 13:40:58 +10:00
README.privsep Remove portability support for mmap 2016-09-29 03:19:23 +10:00
README.tun
readpass.c upstream commit 2015-12-11 13:23:14 +11:00
rijndael.c
rijndael.h
rsa.c
rsa.h
sandbox-capsicum.c
sandbox-darwin.c Add missing monitor.h include. 2016-12-16 15:02:24 +11:00
sandbox-null.c
sandbox-pledge.c s/SANDBOX_TAME/SANDBOX_PLEDGE/g 2015-10-14 09:22:15 -07:00
sandbox-rlimit.c upstream commit 2016-09-12 13:46:29 +10:00
sandbox-seccomp-filter.c Remove macro trickery; no binary change 2017-03-14 17:53:17 +11:00
sandbox-solaris.c Make Solaris privs code build on older systems. 2016-02-19 09:05:39 +11:00
sandbox-systrace.c (re)wrap SYS_sendsyslog in ifdef. 2015-10-29 20:57:34 +11:00
sc25519.c
sc25519.h
scp.1 upstream commit 2016-07-17 14:21:09 +10:00
scp.c Force Turkish locales back to C/POSIX; bz#2643 2016-12-12 13:58:59 +11:00
servconf.c upstream commit 2017-03-10 15:35:39 +11:00
servconf.h upstream commit 2016-11-30 19:44:01 +11:00
serverloop.c upstream commit 2017-02-03 14:23:24 +11:00
serverloop.h upstream commit 2016-08-14 11:19:14 +10:00
session.c upstream commit 2016-11-30 19:44:01 +11:00
session.h upstream commit 2016-08-14 11:19:14 +10:00
sftp-client.c upstream commit 2017-01-04 13:23:04 +11:00
sftp-client.h Prevent name collisions with system glob (bz#2463) 2015-10-29 10:48:23 +11:00
sftp-common.c upstream commit 2016-09-12 13:46:29 +10:00
sftp-common.h
sftp-glob.c
sftp-server-main.c upstream commit 2016-02-16 10:44:00 +11:00
sftp-server.8
sftp-server.c upstream commit 2016-09-12 13:46:29 +10:00
sftp.1 upstream commit 2016-07-17 14:21:09 +10:00
sftp.c upstream commit 2017-02-17 14:52:24 +11:00
sftp.h
smult_curve25519_ref.c
ssh1.h upstream commit 2016-05-19 17:48:34 +10:00
ssh2.h upstream commit 2016-05-19 17:48:34 +10:00
ssh_api.c upstream commit 2016-05-19 17:48:34 +10:00
ssh_api.h
ssh_config upstream commit 2016-02-23 12:44:19 +11:00
ssh_config.5 upstream commit 2017-02-28 17:10:41 +11:00
ssh-add.1
ssh-add.c upstream commit 2016-02-16 10:44:00 +11:00
ssh-agent.1 upstream commit 2016-11-30 19:44:25 +11:00
ssh-agent.c upstream commit 2017-01-04 13:23:04 +11:00
ssh-dss.c upstream commit 2016-04-21 16:30:11 +10:00
ssh-ecdsa.c upstream commit 2016-04-21 16:30:11 +10:00
ssh-ed25519.c upstream commit 2016-04-21 16:30:11 +10:00
ssh-gss.h
ssh-keygen.1 upstream commit 2016-06-24 13:35:28 +10:00
ssh-keygen.c upstream commit 2017-03-10 15:35:39 +11:00
ssh-keyscan.1 upstream commit 2015-11-09 14:25:41 +11:00
ssh-keyscan.c upstream commit 2017-03-10 15:35:39 +11:00
ssh-keysign.8 upstream commit 2016-02-18 09:24:40 +11:00
ssh-keysign.c upstream commit 2016-02-16 10:44:00 +11:00
ssh-pkcs11-client.c upstream commit 2015-12-11 13:23:14 +11:00
ssh-pkcs11-helper.8
ssh-pkcs11-helper.c upstream commit 2016-02-16 10:44:00 +11:00
ssh-pkcs11.c upstream commit 2016-11-06 16:47:43 +11:00
ssh-pkcs11.h
ssh-rsa.c upstream commit 2016-09-14 10:51:24 +10:00
ssh-sandbox.h
ssh.1 upstream commit 2016-07-17 14:21:09 +10:00
ssh.c upstream commit 2017-03-10 15:35:39 +11:00
ssh.h upstream commit 2015-12-18 14:49:32 +11:00
sshbuf-getput-basic.c Move VA_COPY macro into compat header. 2016-07-15 14:54:16 +10:00
sshbuf-getput-crypto.c upstream commit 2016-01-13 10:48:11 +11:00
sshbuf-misc.c upstream commit 2016-05-02 20:35:04 +10:00
sshbuf.c upstream commit 2016-11-29 16:48:02 +11:00
sshbuf.h upstream commit 2016-11-29 16:48:02 +11:00
sshconnect1.c upstream commit 2017-03-10 15:35:39 +11:00
sshconnect2.c upstream commit 2017-03-12 10:50:19 +11:00
sshconnect.c upstream commit 2017-03-10 15:25:11 +11:00
sshconnect.h upstream commit 2015-11-16 11:31:39 +11:00
sshd_config upstream commit 2016-08-23 13:28:30 +10:00
sshd_config.5 upstream commit 2017-02-04 10:08:15 +11:00
sshd.8 upstream commit 2017-02-03 14:23:24 +11:00
sshd.c upstream commit 2017-02-28 17:10:41 +11:00
ssherr.c upstream commit 2015-09-16 17:52:09 +10:00
ssherr.h
sshkey.c upstream commit 2017-03-10 15:35:39 +11:00
sshkey.h upstream commit 2017-03-10 15:35:39 +11:00
sshlogin.c upstream commit 2016-01-07 20:13:31 +11:00
sshlogin.h
sshpty.c upstream commit 2016-11-29 16:51:27 +11:00
sshpty.h upstream commit 2016-11-29 16:51:27 +11:00
sshtty.c
survey.sh.in
TODO Remove portability support for mmap 2016-09-29 03:19:23 +10:00
ttymodes.c upstream commit 2016-05-19 17:48:34 +10:00
ttymodes.h upstream commit 2016-05-03 20:04:42 +10:00
uidswap.c Support Illumos/Solaris fine-grained privileges 2016-01-08 14:29:12 +11:00
uidswap.h
umac.c
umac.h
utf8.c upstream commit 2017-02-19 11:18:42 +11:00
utf8.h Force Turkish locales back to C/POSIX; bz#2643 2016-12-12 13:58:59 +11:00
uuencode.c
uuencode.h
verify.c
version.h upstream commit 2016-12-19 15:59:40 +11:00
xmalloc.c make existing ssh_malloc_init only for __OpenBSD__ 2016-02-16 10:45:02 +11:00
xmalloc.h upstream commit 2016-02-16 10:44:00 +11:00

See https://www.openssh.com/releasenotes.html#7.4p1 for the release notes.

Please read https://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or
patch/pull-request management.

- A Japanese translation of this document and of the release notes is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
- Thanks to HARUYAMA Seigo <haruyama@unixuser.org>

This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other
Unices.

OpenSSH is based on the last free version of Tatu Ylonen's sample
implementation with all patent-encumbered algorithms removed (to
external libraries), all known security bugs fixed, new features
reintroduced and many other clean-ups.  OpenSSH has been created by
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
and Dug Song. It has a homepage at https://www.openssh.com/

This port consists of the re-introduction of autoconf support, PAM
support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
functions that are (regrettably) absent from other unices. This port
has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
NetBSD, OpenBSD, OpenServer, Solaris, Unicos, and UnixWare.

This version actively tracks changes in the OpenBSD CVS repository.

The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for
all logins, not just when using password authentication.

OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5].

There is now several mailing lists for this port of OpenSSH. Please
refer to https://www.openssh.com/list.html for details on how to join.

Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed
users.  Code contribution are welcomed, but please follow the OpenBSD
style guidelines[6].

Please refer to the INSTALL document for information on how to install
OpenSSH on your system.

Damien Miller <djm@mindrot.org>

Miscellania -

This version of OpenSSH is based upon code retrieved from the OpenBSD
CVS repository which in turn was based on the last free sample
implementation released by Tatu Ylonen.

References -

[0] https://www.openssh.com/
[1] http://www.lothar.com/tech/crypto/
[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
[3] http://www.gzip.org/zlib/
[4] http://www.openssl.org/
[5] http://www.openpam.org
    http://www.kernel.org/pub/linux/libs/pam/
    (PAM also is standard on Solaris and HP-UX 11)
[6] http://man.openbsd.org/style.9