1. 07 Dec, 2013 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2013/12/06 13:39:49 · 5be9d9e3
      Damien Miller authored
           [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
           [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
           [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
           [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
           [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
           support ed25519 keys (hostkeys and user identities) using the public
           domain ed25519 reference code from SUPERCOP, see
           http://ed25519.cr.yp.to/software.html
           feedback, help & ok djm@
      5be9d9e3
  2. 23 Apr, 2013 1 commit
  3. 29 May, 2011 1 commit
    • Damien Miller's avatar
      OpenBSD CVS Sync · d8478b6a
      Damien Miller authored
         - djm@cvs.openbsd.org 2011/05/23 03:30:07
           [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
           allow AuthorizedKeysFile to specify multiple files, separated by spaces.
           Bring back authorized_keys2 as a default search path (to avoid breaking
           existing users of this file), but override this in sshd_config so it will
           be no longer used on fresh installs. Maybe in 2015 we can remove it
           entierly :)
      
           feedback and ok markus@ dtucker@
      d8478b6a
  4. 14 May, 2011 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/05/11 04:47:06 · 7c1b2c4e
      Damien Miller authored
           [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
           remove support for authorized_keys2; it is a relic from the early days
           of protocol v.2 support and has been undocumented for many years;
           ok markus@
      7c1b2c4e
  5. 31 Aug, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/31 11:54:45 · eb8b60e3
      Damien Miller authored
           [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
           [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
           [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
           [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
           [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
           [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
           [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
           Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
           host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
           better performance than plain DH and DSA at the same equivalent symmetric
           key length, as well as much shorter keys.
      
           Only the mandatory sections of RFC5656 are implemented, specifically the
           three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
           ECDSA. Point compression (optional in RFC5656 is NOT implemented).
      
           Certificate host and user keys using the new ECDSA key types are supported.
      
           Note that this code has not been tested for interoperability and may be
           subject to change.
      
           feedback and ok markus@
      eb8b60e3
  6. 24 Feb, 2010 1 commit
  7. 11 Feb, 2010 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2010/02/08 10:50:20 · 7ea845e4
      Damien Miller authored
           [pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
           [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
           replace our obsolete smartcard code with PKCS#11.
              ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
           ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
           provider (shared library) while ssh-agent(1) delegates PKCS#11 to
           a forked a ssh-pkcs11-helper process.
           PKCS#11 is currently a compile time option.
           feedback and ok djm@; inspired by patches from Alon Bar-Lev
      `
      7ea845e4
  8. 28 Jan, 2009 1 commit
  9. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 22:22:43 · 51096383
      Damien Miller authored
           [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
           [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
           [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
           [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
           [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
           [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
           [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
           [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
           [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
           [ttymodes.h uidswap.h uuencode.h xmalloc.h]
           standardise spacing in $OpenBSD$ tags; requested by deraadt@
      51096383
  10. 17 Jul, 2004 1 commit
    • Darren Tucker's avatar
      - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 · fc959703
      Darren Tucker authored
           [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
           readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
           session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
           sshd.c ttymodes.h]
           spaces
      fc959703
  11. 06 Feb, 2004 2 commits
  12. 06 Jun, 2002 1 commit
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2002/05/23 19:24:30 · 1bad2568
      Ben Lindstrom authored
           [authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
            sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
           add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
           authentication in protocol v2 (needs to access the hostkeys).
      
      Note: Makefile.in untested.  Will test after merge is finished.
      1bad2568
  13. 13 May, 2002 1 commit
  14. 22 Mar, 2002 1 commit
  15. 10 Feb, 2002 1 commit
    • Damien Miller's avatar
      - (djm) OpenBSD CVS Sync · 05eda437
      Damien Miller authored
         - deraadt@cvs.openbsd.org 2002/02/09 17:37:34
           [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
           move ssh config files to /etc/ssh
       - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
      05eda437
  16. 23 Dec, 2001 1 commit
    • Damien Miller's avatar
      - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from · 62116dcc
      Damien Miller authored
         solar@openwall.com
       - (djm) Rework entropy code. If the OpenSSL PRNG is has not been
         internally seeded, execute a subprogram "ssh-rand-helper" to obtain
         some entropy for us. Rewrite the old in-process entropy collecter as
         an example ssh-rand-helper.
       - (djm) Always perform ssh_prng_cmds path lookups in configure, even if
         we don't end up using ssh_prng_cmds (so we always get a valid file)
      62116dcc
  17. 21 Dec, 2001 1 commit
  18. 28 Jun, 2001 1 commit
  19. 25 Jun, 2001 3 commits
  20. 09 Jun, 2001 1 commit
  21. 12 Apr, 2001 1 commit
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2001/04/12 19:15:26 · 5eabda30
      Ben Lindstrom authored
           [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
            compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
            servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
            sshconnect2.c sshd_config]
           implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
           similar to RhostRSAAuthentication unless you enable (the experimental)
           HostbasedUsesNameFromPacketOnly option.  please test. :)
      5eabda30
  22. 27 Feb, 2001 1 commit
  23. 09 Feb, 2001 1 commit
    • Damien Miller's avatar
      - (djm) Sync sftp and scp stuff from OpenBSD: · d7686fd1
      Damien Miller authored
         - djm@cvs.openbsd.org     2001/02/07 03:55:13
           [sftp-client.c]
           Don't free handles before we are done with them. Based on work from
           Corinna Vinschen <vinschen@redhat.com>. ok markus@
         - djm@cvs.openbsd.org     2001/02/06 22:32:53
           [sftp.1]
           Punctuation fix from Pekka Savola <pekkas@netcore.fi>
         - deraadt@cvs.openbsd.org 2001/02/07 04:07:29
           [sftp.1]
           pretty up significantly
         - itojun@cvs.openbsd.org  2001/02/07 06:49:42
           [sftp.1]
           .Bl-.El mismatch.  markus ok
         - djm@cvs.openbsd.org     2001/02/07 06:12:30
           [sftp-int.c]
           Check that target is a directory before doing ls; ok markus@
         - itojun@cvs.openbsd.org  2001/02/07 11:01:18
           [scp.c sftp-client.c sftp-server.c]
           unsigned long long -> %llu, not %qu.  markus ok
         - stevesk@cvs.openbsd.org 2001/02/07 11:10:39
           [sftp.1 sftp-int.c]
           more man page cleanup and sync of help text with man page; ok markus@
         - markus@cvs.openbsd.org  2001/02/07 14:58:34
           [sftp-client.c]
           older servers reply with SSH2_FXP_NAME + count==0 instead of EOF
         - djm@cvs.openbsd.org     2001/02/07 15:27:19
           [sftp.c]
           Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov
           <roumen.petrov@skalasoft.com>
         - stevesk@cvs.openbsd.org 2001/02/07 15:36:04
           [sftp-int.c]
           portable; ok markus@
         - stevesk@cvs.openbsd.org 2001/02/07 15:55:47
           [sftp-int.c]
           lowercase cmds[].c also; ok markus@
         - markus@cvs.openbsd.org  2001/02/07 17:04:52
           [pathnames.h sftp.c]
           allow sftp over ssh protocol 1; ok djm@
         - deraadt@cvs.openbsd.org 2001/02/08 07:38:55
           [scp.c]
           memory leak fix, and snprintf throughout
         - deraadt@cvs.openbsd.org 2001/02/08 08:02:02
           [sftp-int.c]
           plug a memory leak
         - stevesk@cvs.openbsd.org 2001/02/08 10:11:23
           [session.c sftp-client.c]
           %i -> %d
         - stevesk@cvs.openbsd.org 2001/02/08 10:57:59
           [sftp-int.c]
           typo
         - stevesk@cvs.openbsd.org 2001/02/08 15:28:07
           [sftp-int.c pathnames.h]
           _PATH_LS; ok markus@
         - djm@cvs.openbsd.org     2001/02/09 04:46:25
           [sftp-int.c]
           Check for NULL attribs for chown, chmod & chgrp operations, only send
           relevant attribs back to server; ok markus@
       - (djm) Update makefile.in for _PATH_SFTP_SERVER
      d7686fd1
  24. 29 Jan, 2001 1 commit
    • Ben Lindstrom's avatar
      - niklas@cvs.openbsd.org 2001/01/2001 · 36579d3d
      Ben Lindstrom authored
           [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
            groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
            key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
            radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
            ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
            sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
           $OpenBSD$
      36579d3d
  25. 25 Jan, 2001 1 commit
    • Ben Lindstrom's avatar
      · 27eebe6c
      Ben Lindstrom authored
       - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen
         Petrov <roumen.petrov@skalasoft.com>
      27eebe6c
  26. 22 Jan, 2001 2 commits
    • Ben Lindstrom's avatar
      20010123 · cb577331
      Ben Lindstrom authored
       - (bal) regexp.h typo in configure.in.  Should have been regex.h
       - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
      cb577331
    • Ben Lindstrom's avatar
      Hopefully things did not get mixed around too much. It compiles under · 226cfa03
      Ben Lindstrom authored
      Linux and works.  So that is at least a good sign. =)
      20010122
       - (bal) OpenBSD Resync
         - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
           [servconf.c ssh.h sshd.c]
           only auth-chall.c needs #ifdef SKEY
         - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
           [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
            auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
            packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
            session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
            ssh1.h sshconnect1.c sshd.c ttymodes.c]
           move ssh1 definitions to ssh1.h, pathnames to pathnames.h
         - markus@cvs.openbsd.org 2001/01/19 16:48:14
           [sshd.8]
           fix typo; from stevesk@
         - markus@cvs.openbsd.org 2001/01/19 16:50:58
           [ssh-dss.c]
           clear and free digest, make consistent with other code (use dlen); from
           stevesk@
         - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
           [auth-options.c auth-options.h auth-rsa.c auth2.c]
           pass the filename to auth_parse_options()
         - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
           [readconf.c]
           fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
         - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
           [sshconnect2.c]
           dh_new_group() does not return NULL.  ok markus@
         - markus@cvs.openbsd.org 2001/01/20 21:33:42
           [ssh-add.c]
           do not loop forever if askpass does not exist; from
           andrew@pimlott.ne.mediaone.net
         - djm@cvs.openbsd.org 2001/01/20 23:00:56
           [servconf.c]
           Check for NULL return from strdelim; ok markus
         - djm@cvs.openbsd.org 2001/01/20 23:02:07
           [readconf.c]
           KNF; ok markus
         - jakob@cvs.openbsd.org 2001/01/21 9:00:33
           [ssh-keygen.1]
           remove -R flag; ok markus@
         - markus@cvs.openbsd.org 2001/01/21 19:05:40
           [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
            auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
            auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
            bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
            cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
            deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
            key.c key.h log-client.c log-server.c log.c log.h login.c login.h
            match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
            readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
            session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
            ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
            sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
            ttysmodes.c uidswap.c xmalloc.c]
           split ssh.h and try to cleanup the #include mess. remove unnecessary
           #includes.  rename util.[ch] -> misc.[ch]
       - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
       - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
         conflict when compiling for non-kerb install
       - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
         on 1/19.
      226cfa03