1. 04 Mar, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/03/04 10:36:03 · 1aed65eb
      Damien Miller authored
           [auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
           [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
           [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
           Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
           are trusted to authenticate users (in addition than doing it per-user
           in authorized_keys).
      
           Add a RevokedKeys option to sshd_config and a @revoked marker to
           known_hosts to allow keys to me revoked and banned for user or host
           authentication.
      
           feedback and ok markus@
      1aed65eb
  2. 05 Aug, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 · d7834353
      Damien Miller authored
           [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
           [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
           [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
           [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
           [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
           [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
           [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
           [serverloop.c session.c session.h sftp-client.c sftp-common.c]
           [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
           [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
           [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
           [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
           [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
           almost entirely get rid of the culture of ".h files that include .h files"
           ok djm, sort of ok stevesk
           makes the pain stop in one easy step
           NB. portable commit contains everything *except* removing includes.h, as
           that will take a fair bit more work as we move headers that are required
           for portability workarounds to defines.h. (also, this step wasn't "easy")
      d7834353
  3. 10 Jul, 2006 1 commit
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 · 9f2abc47
      Damien Miller authored
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
           [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
           [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
           [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
           [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
           [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
           [uidswap.h]
           move #include <pwd.h> out of includes.h; ok markus@
      9f2abc47
  4. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 13:17:03 · 57c30117
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
           [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
           [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
           [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
           [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
           [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
           [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
           [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
           [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
           [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
           [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
           [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
           [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
           [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c]
           Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
           Theo nuked - our scripts to sync -portable need them in the files
      57c30117
  5. 25 Mar, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 · b0fb6872
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
           [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
           [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
           [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
           [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
           [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
           [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
           [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
           [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
           [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
           [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
           [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
           [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
           [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
           [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
           [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
           [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
           RCSID() can die
      b0fb6872
  6. 17 Jul, 2005 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2005/07/17 07:17:55 · 0dc1bef1
      Damien Miller authored
           [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
           [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
           [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
           [sshconnect.c sshconnect2.c]
           knf says that a 2nd level indent is four (not three or five) spaces
      0dc1bef1
  7. 17 Nov, 2003 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2003/11/04 08:54:09 · 3e3b5145
      Damien Miller authored
           [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
           [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
           [session.c]
           standardise arguments to auth methods - they should all take authctxt.
           check authctxt->valid rather then pw != NULL; ok markus@
      3e3b5145
  8. 03 Jun, 2003 1 commit
    • Damien Miller's avatar
      - (djm) OpenBSD CVS Sync · 3a961dc0
      Damien Miller authored
         - markus@cvs.openbsd.org 2003/06/02 09:17:34
           [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
           [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
           [sshd_config.5]
           deprecate VerifyReverseMapping since it's dangerous if combined
           with IP based access control as noted by Mike Harding; replace with
           a UseDNS option, UseDNS is on by default and includes the
           VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
           ok deraadt@, djm@
       - (djm) Fix portable-specific uses of verify_reverse_mapping too
      3a961dc0
  9. 14 May, 2003 1 commit
  10. 09 Apr, 2003 1 commit
  11. 26 Mar, 2002 1 commit
  12. 22 Mar, 2002 4 commits
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2002/03/19 10:49:35 · 6328ab39
      Ben Lindstrom authored
           [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
            sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
            ttymodes.c]
           KNF whitespace
      6328ab39
    • Ben Lindstrom's avatar
      - provos@cvs.openbsd.org 2002/03/18 17:50:31 · 7a2073c5
      Ben Lindstrom authored
           [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
            auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
            session.h servconf.h serverloop.c session.c sshd.c]
           integrate privilege separated openssh; its turned off by default for now.
           work done by me and markus@
      
      applied, but outside of ensure that smaller code bits migrated with
      their owners.. no work was tried to 'fix' it to work. =)  Later project!
      7a2073c5
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2002/03/16 17:22:09 · 186b7da2
      Ben Lindstrom authored
           [auth-rh-rsa.c auth.h]
           split auth_rhosts_rsa(), ok provos@
      186b7da2
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2002/03/14 16:56:33 · 9c8aefe7
      Ben Lindstrom authored
           [auth-rh-rsa.c auth-rsa.c auth.h]
           split auth_rsa() for better readability and privsep; ok provos@
      9c8aefe7
  13. 05 Mar, 2002 1 commit
  14. 05 Feb, 2002 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2002/01/29 14:32:03 · c5d8635d
      Damien Miller authored
           [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
           s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
      c5d8635d
  15. 22 Jan, 2002 1 commit
  16. 12 Nov, 2001 1 commit
  17. 25 Jun, 2001 2 commits
  18. 08 Apr, 2001 1 commit
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2001/04/06 21:00:17 · 3fcf1a22
      Ben Lindstrom authored
           [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
            ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
           do gid/groups-swap in addition to uid-swap, should help if /home/group
           is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
           to olar@openwall.com is comments.  we had many requests for this.
      3fcf1a22
  19. 04 Feb, 2001 1 commit
    • Damien Miller's avatar
      · 33804263
      Damien Miller authored
      NB: big update - may break stuff. Please test!
      
       - (djm) OpenBSD CVS sync:
         - markus@cvs.openbsd.org  2001/02/03 03:08:38
           [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
           [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
           [sshd_config]
           make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
         - markus@cvs.openbsd.org  2001/02/03 03:19:51
           [ssh.1 sshd.8 sshd_config]
           Skey is now called ChallengeResponse
         - markus@cvs.openbsd.org  2001/02/03 03:43:09
           [sshd.8]
           use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
           channel. note from Erik.Anggard@cygate.se (pr/1659)
         - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
           [ssh.1]
           typos; ok markus@
         - djm@cvs.openbsd.org     2001/02/04 04:11:56
           [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
           [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
           Basic interactive sftp client; ok theo@
       - (djm) Update RPM specs for new sftp binary
       - (djm) Update several bits for new optional reverse lookup stuff. I
         think I got them all.
      33804263
  20. 22 Jan, 2001 1 commit
    • Ben Lindstrom's avatar
      Hopefully things did not get mixed around too much. It compiles under · 226cfa03
      Ben Lindstrom authored
      Linux and works.  So that is at least a good sign. =)
      20010122
       - (bal) OpenBSD Resync
         - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
           [servconf.c ssh.h sshd.c]
           only auth-chall.c needs #ifdef SKEY
         - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
           [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
            auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
            packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
            session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
            ssh1.h sshconnect1.c sshd.c ttymodes.c]
           move ssh1 definitions to ssh1.h, pathnames to pathnames.h
         - markus@cvs.openbsd.org 2001/01/19 16:48:14
           [sshd.8]
           fix typo; from stevesk@
         - markus@cvs.openbsd.org 2001/01/19 16:50:58
           [ssh-dss.c]
           clear and free digest, make consistent with other code (use dlen); from
           stevesk@
         - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
           [auth-options.c auth-options.h auth-rsa.c auth2.c]
           pass the filename to auth_parse_options()
         - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
           [readconf.c]
           fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
         - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
           [sshconnect2.c]
           dh_new_group() does not return NULL.  ok markus@
         - markus@cvs.openbsd.org 2001/01/20 21:33:42
           [ssh-add.c]
           do not loop forever if askpass does not exist; from
           andrew@pimlott.ne.mediaone.net
         - djm@cvs.openbsd.org 2001/01/20 23:00:56
           [servconf.c]
           Check for NULL return from strdelim; ok markus
         - djm@cvs.openbsd.org 2001/01/20 23:02:07
           [readconf.c]
           KNF; ok markus
         - jakob@cvs.openbsd.org 2001/01/21 9:00:33
           [ssh-keygen.1]
           remove -R flag; ok markus@
         - markus@cvs.openbsd.org 2001/01/21 19:05:40
           [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
            auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
            auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
            bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
            cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
            deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
            key.c key.h log-client.c log-server.c log.c log.h login.c login.h
            match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
            readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
            session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
            ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
            sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
            ttysmodes.c uidswap.c xmalloc.c]
           split ssh.h and try to cleanup the #include mess. remove unnecessary
           #includes.  rename util.[ch] -> misc.[ch]
       - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
       - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
         conflict when compiling for non-kerb install
       - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
         on 1/19.
      226cfa03
  21. 22 Dec, 2000 1 commit
    • Ben Lindstrom's avatar
      One way to massive patch. <sigh> It compiles and works under Linux.. · 46c16220
      Ben Lindstrom authored
      And I think I have all the bits right from the OpenBSD tree.
      20001222
       - Updated RCSID for pty.c
       - (bal) OpenBSD CVS Updates:
        - markus@cvs.openbsd.org 2000/12/21 15:10:16
          [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
          print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
        - markus@cvs.openbsd.org 2000/12/20 19:26:56
          [authfile.c]
          allow ssh -i userkey for root
        - markus@cvs.openbsd.org 2000/12/20 19:37:21
          [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
          fix prototypes; from stevesk@pobox.com
        - markus@cvs.openbsd.org 2000/12/20 19:32:08
          [sshd.c]
          init pointer to NULL; report from Jan.Ivan@cern.ch
        - markus@cvs.openbsd.org 2000/12/19 23:17:54
          [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
           auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
           bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
           crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
           key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
           packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
           serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
           ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h  uuencode.c
           uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
          replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
          unsigned' with u_char.
      46c16220
  22. 13 Nov, 2000 1 commit
    • Damien Miller's avatar
      - (djm) Merge OpenBSD changes: · 0bc1bd81
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/11/06 16:04:56
           [channels.c channels.h clientloop.c nchan.c serverloop.c]
           [session.c ssh.c]
           agent forwarding and -R for ssh2, based on work from
           jhuuskon@messi.uku.fi
         - markus@cvs.openbsd.org  2000/11/06 16:13:27
           [ssh.c sshconnect.c sshd.c]
           do not disabled rhosts(rsa) if server port > 1024; from
           pekkas@netcore.fi
         - markus@cvs.openbsd.org  2000/11/06 16:16:35
           [sshconnect.c]
           downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
         - markus@cvs.openbsd.org  2000/11/09 18:04:40
           [auth1.c]
           typo; from mouring@pconline.com
         - markus@cvs.openbsd.org  2000/11/12 12:03:28
           [ssh-agent.c]
           off-by-one when removing a key from the agent
         - markus@cvs.openbsd.org  2000/11/12 12:50:39
           [auth-rh-rsa.c auth2.c authfd.c authfd.h]
           [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
           [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
           [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
           [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
           [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
           add support for RSA to SSH2.  please test.
           there are now 3 types of keys: RSA1 is used by ssh-1 only,
           RSA and DSA are used by SSH2.
           you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
           keys for SSH2 and use the RSA keys for hostkeys or for user keys.
           SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
       - (djm) Fix up Makefile and Redhat init script to create RSA host keys
       - (djm) Change to interim version
      0bc1bd81
  23. 14 Oct, 2000 1 commit
    • Damien Miller's avatar
      - (djm) Big OpenBSD sync: · 874d77bb
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/09/30 10:27:44
           [log.c]
           allow loglevel debug
         - markus@cvs.openbsd.org  2000/10/03 11:59:57
           [packet.c]
           hmac->mac
         - markus@cvs.openbsd.org  2000/10/03 12:03:03
           [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
           move fake-auth from auth1.c to individual auth methods, disables s/key in
           debug-msg
         - markus@cvs.openbsd.org  2000/10/03 12:16:48
           ssh.c
           do not resolve canonname, i have no idea why this was added oin ossh
         - markus@cvs.openbsd.org  2000/10/09 15:30:44
           ssh-keygen.1 ssh-keygen.c
           -X now reads private ssh.com DSA keys, too.
         - markus@cvs.openbsd.org  2000/10/09 15:32:34
           auth-options.c
           clear options on every call.
         - markus@cvs.openbsd.org  2000/10/09 15:51:00
           authfd.c authfd.h
           interop with ssh-agent2, from <res@shore.net>
         - markus@cvs.openbsd.org  2000/10/10 14:20:45
           compat.c
           use rexexp for version string matching
         - provos@cvs.openbsd.org  2000/10/10 22:02:18
           [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
           First rough implementation of the diffie-hellman group exchange.  The
           client can ask the server for bigger groups to perform the diffie-hellman
           in, thus increasing the attack complexity when using ciphers with longer
           keys.  University of Windsor provided network, T the company.
         - markus@cvs.openbsd.org  2000/10/11 13:59:52
           [auth-rsa.c auth2.c]
           clear auth options unless auth sucessfull
         - markus@cvs.openbsd.org  2000/10/11 14:00:27
           [auth-options.h]
           clear auth options unless auth sucessfull
         - markus@cvs.openbsd.org  2000/10/11 14:03:27
           [scp.1 scp.c]
           support 'scp -o' with help from mouring@pconline.com
         - markus@cvs.openbsd.org  2000/10/11 14:11:35
           [dh.c]
           Wall
         - markus@cvs.openbsd.org  2000/10/11 14:14:40
           [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
           [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
           add support for s/key (kbd-interactive) to ssh2, based on work by
           mkiernan@avantgo.com and me
         - markus@cvs.openbsd.org  2000/10/11 14:27:24
           [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
           [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
           [sshconnect2.c sshd.c]
           new cipher framework
         - markus@cvs.openbsd.org  2000/10/11 14:45:21
           [cipher.c]
           remove DES
         - markus@cvs.openbsd.org  2000/10/12 03:59:20
           [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
           enable DES in SSH-1 clients only
         - markus@cvs.openbsd.org  2000/10/12 08:21:13
           [kex.h packet.c]
           remove unused
         - markus@cvs.openbsd.org  2000/10/13 12:34:46
           [sshd.c]
           Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
         - markus@cvs.openbsd.org  2000/10/13 12:59:15
           [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
           rijndael/aes support
         - markus@cvs.openbsd.org  2000/10/13 13:10:54
           [sshd.8]
           more info about -V
         - markus@cvs.openbsd.org  2000/10/13 13:12:02
           [myproposal.h]
           prefer no compression
      874d77bb
  24. 16 Sep, 2000 1 commit
    • Damien Miller's avatar
      - (djm) Merge OpenBSD changes: · e4340be5
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/09/05 02:59:57
           [session.c]
           print hostname (not hushlogin)
         - markus@cvs.openbsd.org  2000/09/05 13:18:48
           [authfile.c ssh-add.c]
           enable ssh-add -d for DSA keys
         - markus@cvs.openbsd.org  2000/09/05 13:20:49
           [sftp-server.c]
           cleanup
         - markus@cvs.openbsd.org  2000/09/06 03:46:41
           [authfile.h]
           prototype
         - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
           [ALL]
           cleanup copyright notices on all files.  I have attempted to be
           accurate with the details.  everything is now under Tatu's licence
           (which I copied from his readme), and/or the core-sdi bsd-ish thing
           for deattack, or various openbsd developers under a 2-term bsd
           licence.  We're not changing any rules, just being accurate.
         - markus@cvs.openbsd.org  2000/09/07 14:40:30
           [channels.c channels.h clientloop.c serverloop.c ssh.c]
           cleanup window and packet sizes for ssh2 flow control; ok niels
         - markus@cvs.openbsd.org  2000/09/07 14:53:00
           [scp.c]
           typo
         - markus@cvs.openbsd.org  2000/09/07 15:13:37
           [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
           [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
           [pty.c readconf.c]
           some more Copyright fixes
         - markus@cvs.openbsd.org  2000/09/08 03:02:51
           [README.openssh2]
           bye bye
         - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
           [LICENCE cipher.c]
           a few more comments about it being ARC4 not RC4
         - markus@cvs.openbsd.org  2000/09/12 14:53:11
           [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
           multiple debug levels
         - markus@cvs.openbsd.org  2000/09/14 14:25:15
           [clientloop.c]
           typo
         - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
           [ssh-agent.c]
           check return value for setenv(3) for failure, and deal appropriately
      e4340be5
  25. 22 Jun, 2000 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Updates: · 6536c7d3
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/06/18 18:50:11
           [auth2.c compat.c compat.h sshconnect2.c]
           make userauth+pubkey interop with ssh.com-2.2.0
         - markus@cvs.openbsd.org  2000/06/18 20:56:17
           [dsa.c]
           mem leak + be more paranoid in dsa_verify.
         - markus@cvs.openbsd.org  2000/06/18 21:29:50
           [key.c]
           cleanup fingerprinting, less hardcoded sizes
         - markus@cvs.openbsd.org  2000/06/19 19:39:45
           [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
           [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
           [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
           [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
           [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
           [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
           [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
           OpenBSD tag
         - markus@cvs.openbsd.org  2000/06/21 10:46:10
           sshconnect2.c missing free; nuke old comment
      6536c7d3
  26. 16 Apr, 2000 2 commits
    • Damien Miller's avatar
      - Reduce diff against OpenBSD source · 5f05637b
      Damien Miller authored
         - All OpenSSL includes are now unconditionally referenced as
           openssl/foo.h
         - Pick up formatting changes
         - Other minor changed (typecasts, etc) that I missed
      5f05637b
    • Damien Miller's avatar
      · 4af51306
      Damien Miller authored
       - OpenBSD CVS updates.
         [ssh.1 ssh.c]
         - ssh -2
         [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
         [session.c sshconnect.c]
         - check payload for (illegal) extra data
         [ALL]
         - whitespace cleanup
      4af51306
  27. 13 Apr, 2000 1 commit
  28. 26 Mar, 2000 1 commit
    • Damien Miller's avatar
      · 450a7a1f
      Damien Miller authored
       - OpenBSD CVS update
         - [auth-krb4.c]
           -Wall
         - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
           [match.h ssh.c ssh.h sshconnect.c sshd.c]
           initial support for DSA keys. ok deraadt@, niels@
         - [cipher.c cipher.h]
           remove unused cipher_attack_detected code
         - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
           Fix some formatting problems I missed before.
         - [ssh.1 sshd.8]
           fix spelling errors, From: FreeBSD
         - [ssh.c]
           switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
      450a7a1f
  29. 25 Nov, 1999 1 commit
    • Damien Miller's avatar
      · 5428f646
      Damien Miller authored
       - More reformatting merged from OpenBSD CVS
       - Merged OpenBSD CVS changes:
         - [channels.c]
           report from mrwizard@psu.edu via djm@ibs.com.au
         - [channels.c]
           set SO_REUSEADDR and SO_LINGER for forwarded ports.
           chip@valinux.com via damien@ibs.com.au
         - [nchan.c]
           it's not an error() if shutdown_write failes in nchan.
         - [readconf.c]
           remove dead #ifdef-0-code
         - [readconf.c servconf.c]
           strcasecmp instead of tolower
         - [scp.c]
           progress meter overflow fix from damien@ibs.com.au
         - [ssh-add.1 ssh-add.c]
           SSH_ASKPASS support
         - [ssh.1 ssh.c]
           postpone fork_after_authentication until command execution,
           request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
           plus: use daemon() for backgrounding
      5428f646
  30. 24 Nov, 1999 1 commit
    • Damien Miller's avatar
      - Merged very large OpenBSD source code reformat · 95def098
      Damien Miller authored
       - OpenBSD CVS updates
         - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
           [ssh.h sshd.8 sshd.c]
           syslog changes:
           * Unified Logmessage for all auth-types, for success and for failed
           * Standard connections get only ONE line in the LOG when level==LOG:
             Auth-attempts are logged only, if authentication is:
                a) successfull or
                b) with passwd or
                c) we had more than AUTH_FAIL_LOG failues
           * many log() became verbose()
           * old behaviour with level=VERBOSE
         - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
           tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
           messages. allows use of s/key in windows (ttssh, securecrt) and
           ssh-1.2.27 clients without 'ssh -v', ok: niels@
         - [sshd.8]
           -V, for fallback to openssh in SSH2 compatibility mode
         - [sshd.c]
           fix sigchld race; cjc5@po.cwru.edu
      95def098
  31. 16 Nov, 1999 1 commit
    • Damien Miller's avatar
      - Merged OpenBSD CVS changes: · 7e8e8201
      Damien Miller authored
         - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
           [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
           the keysize of rsa-parameter 'n' is passed implizit,
           a few more checks and warnings about 'pretended' keysizes.
         - [cipher.c cipher.h packet.c packet.h sshd.c]
           remove support for cipher RC4
         - [ssh.c]
           a note for legay systems about secuity issues with permanently_set_uid(),
           the private hostkey and ptrace()
         - [sshconnect.c]
           more detailed messages about adding and checking hostkeys
      7e8e8201
  32. 12 Nov, 1999 2 commits
    • Damien Miller's avatar
      - Merged yet more changes from OpenBSD CVS · 6d7b2cd1
      Damien Miller authored
         - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
           [ssh.c ssh.h sshconnect.c sshd.c]
           make all access to options via 'extern Options options'
           and 'extern ServerOptions options' respectively;
           options are no longer passed as arguments:
            * make options handling more consistent
            * remove #include "readconf.h" from ssh.h
            * readconf.h is only included if necessary
         - [mpaux.c] clear temp buffer
         - [servconf.c] print _all_ bad options found in configfile
      6d7b2cd1
    • Damien Miller's avatar
      · 32265092
      Damien Miller authored
       - Merged changes from OpenBSD CVS
         - [sshd.c] session_key_int may be zero
         - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
           IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
           deraadt,millert
       - Brought default sshd_config more in line with OpenBSDs
      32265092
  33. 11 Nov, 1999 1 commit
  34. 27 Oct, 1999 1 commit