1. 15 Oct, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/10/14 23:28:23 · e9fc72ed
      Damien Miller authored
           [canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
           refactor client config code a little:
           add multistate option partsing to readconf.c, similar to servconf.c's
           existing code.
           move checking of options that accept "none" as an argument to readconf.c
           add a lowercase() function and use it instead of explicit tolower() in
           part of a larger diff that was ok markus@
  2. 01 Jun, 2013 1 commit
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2013/06/01 13:15:52 · b759c9c2
      Darren Tucker authored
           [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
           channels.c sandbox-systrace.c]
           Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
           keepalives and rekeying will work properly over clock steps.  Suggested by
           markus@, "looks good" djm@.
  3. 05 May, 2011 1 commit
  4. 01 Dec, 2010 1 commit
  5. 20 Nov, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/11/13 23:27:51 · 0dac6fb6
      Damien Miller authored
           [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
           [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
           allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
           hardcoding lowdelay/throughput.
           bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
  6. 07 Oct, 2010 1 commit
    • Damien Miller's avatar
      - matthew@cvs.openbsd.org 2010/09/24 13:33:00 · aa18063b
      Damien Miller authored
           [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
           Add timingsafe_bcmp(3) to libc, mention that it's already in the
           kernel in kern(9), and remove it from OpenSSH.
           ok deraadt@, djm@
           NB. re-added under openbsd-compat/ for portable OpenSSH
  7. 24 Sep, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/09/22 22:58:51 · 65e42f87
      Damien Miller authored
           [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
           [sftp-client.h sftp.1 sftp.c]
           add an option per-read/write callback to atomicio
           factor out bandwidth limiting code from scp(1) into a generic bandwidth
           limiter that can be attached using the atomicio callback mechanism
           add a bandwidth limit option to sftp(1) using the above
           "very nice" markus@
  8. 16 Jul, 2010 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/07/13 23:13:16 · ea1651c9
      Damien Miller authored
           [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/07/13 11:52:06 · 8a0268f1
      Damien Miller authored
           [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
           [packet.c ssh-rsa.c]
           implement a timing_safe_cmp() function to compare memory without leaking
           timing information by short-circuiting like memcmp() and use it for
           some of the more sensitive comparisons (though nothing high-value was
           readily attackable anyway); "looks ok" markus@
  9. 09 Jan, 2010 1 commit
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2010/01/09 23:04:13 · 7bd98e7f
      Darren Tucker authored
           [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
           ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
           readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
           Remove RoutingDomain from ssh since it's now not needed.  It can be
           replaced with "route exec" or "nc -V" as a proxycommand.  "route exec"
           also ensures that trafic such as DNS lookups stays withing the specified
           routingdomain.  For example (from reyk):
           # route -T 2 exec /usr/sbin/sshd
           or inherited from the parent process
           $ route -T 2 exec sh
           $ ssh
           ok deraadt@ markus@ stevesk@ reyk@
  10. 08 Jan, 2010 2 commits
    • Darren Tucker's avatar
      - stevesk@cvs.openbsd.org 2009/12/25 19:40:21 · 75456e8a
      Darren Tucker authored
           [readconf.c servconf.c misc.h ssh-keyscan.c misc.c]
           validate routing domain is in range 0-RT_TABLEID_MAX.
           'Looks right' deraadt@
    • Darren Tucker's avatar
      - reyk@cvs.openbsd.org 2009/10/28 16:38:18 · 34e314da
      Darren Tucker authored
           [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
           channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
           sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
           Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
           ok markus@
  11. 18 Nov, 2009 1 commit
  12. 12 Jun, 2008 1 commit
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2008/06/12 20:38:28 · 3fc464ef
      Darren Tucker authored
           [sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
           Make keepalive timeouts apply while waiting for a packet, particularly
           during key renegotiation (bz #1363).  With djm and Matt Day, ok djm@
  13. 28 Dec, 2007 1 commit
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2007/12/27 14:22:08 · 4abde771
      Darren Tucker authored
           [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
           Add a small helper function to consistently handle the EAI_SYSTEM error
           code of getaddrinfo.  Prompted by vgiffin at apple com via bz #1417.
           ok markus@ stevesk@
  14. 18 Aug, 2006 1 commit
  15. 05 Aug, 2006 2 commits
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 · d7834353
      Damien Miller authored
           [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
           [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
           [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
           [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
           [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
           [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
           [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
           [serverloop.c session.c session.h sftp-client.c sftp-common.c]
           [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
           [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
           [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
           [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
           [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
           almost entirely get rid of the culture of ".h files that include .h files"
           ok djm, sort of ok stevesk
           makes the pain stop in one easy step
           NB. portable commit contains everything *except* removing includes.h, as
           that will take a fair bit more work as we move headers that are required
           for portability workarounds to defines.h. (also, this step wasn't "easy")
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 · a7a73ee3
      Damien Miller authored
           [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
           [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
           [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
           [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
           [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
           [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
           [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
           [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
           [uuencode.h xmalloc.c]
           move #include <stdio.h> out of includes.h
  16. 10 Jul, 2006 2 commits
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 · da345535
      Darren Tucker authored
           [misc.c misc.h sshd.8 sshconnect.c]
           Add port identifier to known_hosts for non-default ports, based originally
           on a patch from Devin Nate in bz#910.
           For any connection using the default port or using a HostKeyAlias the
           format is unchanged, otherwise the host name or address is enclosed
           within square brackets in the same format as sshd's ListenAddress.
           Tested by many, ok markus@.
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 · 9f2abc47
      Damien Miller authored
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
           [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
           [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
           [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
           [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
           [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
           move #include <pwd.h> out of includes.h; ok markus@
  17. 31 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/30 09:58:16 · 3f941889
      Damien Miller authored
           [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
           [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
           replace {GET,PUT}_XXBIT macros with functionally similar functions,
           silencing a heap of lint warnings. also allows them to use
           __bounded__ checking which can't be applied to macros; requested
           by and feedback from deraadt@
  18. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 22:22:43 · 51096383
      Damien Miller authored
           [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
           [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
           [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
           [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
           [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
           [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
           [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
           [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
           [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
           [ttymodes.h uidswap.h uuencode.h xmalloc.h]
           standardise spacing in $OpenBSD$ tags; requested by deraadt@
  19. 31 Jan, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/01/31 10:19:02 · 3eec6b73
      Damien Miller authored
           [misc.c misc.h scp.c sftp.c]
           fix local arbitrary command execution vulnerability on local/local and
           remote/remote copies (CVE-2006-0225, bz #1094), patch by
           t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
  20. 13 Dec, 2005 2 commits
    • Damien Miller's avatar
      - reyk@cvs.openbsd.org 2005/12/08 18:34:11 · 7b58e800
      Damien Miller authored
           [auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
           [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
           two changes to the new ssh tunnel support. this breaks compatibility
           with the initial commit but is required for a portable approach.
           - make the tunnel id u_int and platform friendly, use predefined types.
           - support configuration of layer 2 (ethernet) or layer 3
           (point-to-point, default) modes. configuration is done using the
           Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
           restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
           in sshd_config(5).
           ok djm@, man page bits by jmc@
    • Damien Miller's avatar
      - reyk@cvs.openbsd.org 2005/12/06 22:38:28 · d27b9471
      Damien Miller authored
           [auth-options.c auth-options.h channels.c channels.h clientloop.c]
           [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
           [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
           [sshconnect.h sshd.8 sshd_config sshd_config.5]
           Add support for tun(4) forwarding over OpenSSH, based on an idea and
           initial channel code bits by markus@. This is a simple and easy way to
           use OpenSSH for ad hoc virtual private network connections, e.g.
           administrative tunnels or secure wireless access. It's based on a new
           ssh channel and works similar to the existing TCP forwarding support,
           except that it depends on the tun(4) network interface on both ends of
           the connection for layer 2 or layer 3 tunneling. This diff also adds
           support for LocalCommand in the ssh(1) client.
           ok djm@, markus@, jmc@ (manpages), tested and discussed with others
  21. 03 Oct, 2005 1 commit
  22. 14 Jul, 2005 1 commit
  23. 05 Jul, 2005 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2005/07/04 00:58:43 · 1339002e
      Damien Miller authored
           [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
           implement support for X11 and agent forwarding over multiplex slave
           connections. Because of protocol limitations, the slave connections inherit
           the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
           their own.
           ok dtucker@ "put it in" deraadt@
  24. 16 Jun, 2005 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2005/06/06 11:20:36 · 6476cad9
      Damien Miller authored
           [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
           introduce a generic %foo expansion function. replace existing % expansion
           and add expansion to ControlPath; ok markus@
  25. 26 May, 2005 1 commit
  26. 01 Mar, 2005 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2005/03/01 10:09:52 · f91ee4c3
      Damien Miller authored
           [auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
           [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
           bz#413: allow optional specification of bind address for port forwardings.
           Patch originally by Dan Astorian, but worked on by several people
           Adds GatewayPorts=clientspecified option on server to allow remote
           forwards to bind to client-specified ports.
  27. 11 Dec, 2004 1 commit
  28. 06 Dec, 2004 1 commit
  29. 05 Nov, 2004 1 commit
  30. 13 Aug, 2004 1 commit
  31. 17 Jun, 2004 1 commit
  32. 15 Jun, 2004 1 commit
  33. 13 May, 2004 2 commits
  34. 25 Aug, 2003 1 commit