1. 05 Jun, 2013 1 commit
  2. 06 Sep, 2012 1 commit
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2012/08/17 00:45:45 · 66cb0e07
      Darren Tucker authored
           [clientloop.c clientloop.h mux.c]
           Force a clean shutdown of ControlMaster client sessions when the ~. escape
           sequence is used.  This means that ~. should now work in mux clients even
           if the server is no longer responding.  Found by tedu, ok djm.
  3. 22 Sep, 2011 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/09/09 22:46:44 · f6dff7cd
      Damien Miller authored
           [channels.c channels.h clientloop.h mux.c ssh.c]
           support for cancelling local and remote port forwards via the multiplex
           socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
           the cancellation of the specified forwardings; ok markus@
  4. 22 Jun, 2011 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/06/22 22:08:42 · 6d7b4377
      Damien Miller authored
           [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
           hook up a channel confirm callback to warn the user then requested X11
           forwarding was refused by the server; ok markus@
  5. 14 May, 2011 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/05/08 12:52:01 · 555f3b85
      Damien Miller authored
           [PROTOCOL.mux clientloop.c clientloop.h mux.c]
           improve our behaviour when TTY allocation fails: if we are in
           RequestTTY=auto mode (the default), then do not treat at TTY
           allocation error as fatal but rather just restore the local TTY
           to cooked mode and continue. This is more graceful on devices that
           never allocate TTYs.
           If RequestTTY is set to "yes" or "force", then failure to allocate
           a TTY is fatal.
           ok markus@
  6. 05 May, 2011 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/04/17 22:42:42 · 6c3eec7a
      Damien Miller authored
           [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
           allow graceful shutdown of multiplexing: request that a mux server
           removes its listener socket and refuse future multiplexing requests;
           ok markus@
  7. 26 Jun, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/06/25 23:10:30 · 1ab6a51f
      Damien Miller authored
           log the hostname and address that we connected to at LogLevel=verbose
           after authentication is successful to mitigate "phishing" attacks by
           servers with trusted keys that accept authentication silently and
           automatically before presenting fake password/passphrase prompts;
           "nice!" markus@
  8. 21 May, 2010 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2010/05/16 12:55:51 · 388f6fc4
      Damien Miller authored
           [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
           mux support for remote forwarding with dynamic port allocation,
           use with
              LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
           feedback and ok djm@
  9. 26 Jan, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/01/26 01:28:35 · e1537f95
      Damien Miller authored
           [channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c]
           rewrite ssh(1) multiplexing code to a more sensible protocol.
           The new multiplexing code uses channels for the listener and
           accepted control sockets to make the mux master non-blocking, so
           no stalls when processing messages from a slave.
           avoid use of fatal() in mux master protocol parsing so an errant slave
           process cannot take down a running master.
           implement requesting of port-forwards over multiplexed sessions. Any
           port forwards requested by the slave are added to those the master has
           add support for stdio forwarding ("ssh -W host:port ...") in mux slaves.
           document master/slave mux protocol so that other tools can use it to
           control a running ssh(1). Note: there are no guarantees that this
           protocol won't be incompatibly changed (though it is versioned).
           feedback Salvador Fandino, dtucker@
           channel changes ok markus@
  10. 12 Jun, 2008 3 commits
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2008/06/12 15:19:17 · 84c56f53
      Darren Tucker authored
           [clientloop.h channels.h clientloop.c channels.c mux.c]
           The multiplexing escape char handler commit last night introduced a
           small memory leak per session; plug it.
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2008/06/12 04:06:00 · 9f407c44
      Darren Tucker authored
           [clientloop.h ssh.c clientloop.c]
           maintain an ordered queue of outstanding global requests that we
           expect replies to, similar to the per-channel confirmation queue.
           Use this queue to verify success or failure for remote forward
           establishment in a race free way.
           ok dtucker@
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2008/06/12 03:40:52 · 2fb66cac
      Darren Tucker authored
           [clientloop.h mux.c channels.c clientloop.c channels.h]
           Enable ~ escapes for multiplex slave sessions; give each channel
           its own escape state and hook the escape filters up to muxed
           channels. bz #1331
           Mux slaves do not currently support the ~^Z and ~& escapes.
           NB. this change cranks the mux protocol version, so a new ssh
           mux client will not be able to connect to a running old ssh
           mux master.
           ok dtucker@
  11. 19 May, 2008 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2008/05/09 14:18:44 · b1cbfa25
      Damien Miller authored
           [clientloop.c clientloop.h ssh.c mux.c]
           tidy up session multiplexing code, moving it into its own file and
           making the function names more consistent - making ssh.c and
           clientloop.c a fair bit more readable.
           ok markus@
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2008/05/08 13:06:11 · 5771ed7d
      Damien Miller authored
           [clientloop.c clientloop.h ssh.c]
           Use new channel status confirmation callback system to properly deal
           with "important" channel requests that fail, in particular command exec,
           shell and subsystem requests. Previously we would optimistically assume
           that the requests would always succeed, which could cause hangs if they
           did not (e.g. when the server runs out of fds) or were unimplemented by
           the server (bz #1384)
           Also, properly report failing multiplex channel requests via the mux
           client stderr (subject to LogLevel in the mux master) - better than
           silently failing.
           most bits ok markus@ (as part of a larger diff)
  12. 08 Aug, 2007 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2007/08/07 07:32:53 · b3ce9fec
      Damien Miller authored
           [clientloop.c clientloop.h ssh.c]
           bz#1232: ensure that any specified LocalCommand is executed after the
           tunnel device is opened. Also, make failures to open a tunnel device
           fatal when ExitOnForwardFailure is active.
           Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
  13. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 22:22:43 · 51096383
      Damien Miller authored
           [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
           [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
           [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
           [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
           [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
           [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
           [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
           [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
           [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
           [ttymodes.h uidswap.h uuencode.h xmalloc.h]
           standardise spacing in $OpenBSD$ tags; requested by deraadt@
  14. 15 Mar, 2006 1 commit
  15. 05 Jul, 2005 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2005/07/04 00:58:43 · 1339002e
      Damien Miller authored
           [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
           implement support for X11 and agent forwarding over multiplex slave
           connections. Because of protocol limitations, the slave connections inherit
           the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
           their own.
           ok dtucker@ "put it in" deraadt@
  16. 17 Jun, 2005 1 commit
    • Damien Miller's avatar
      - (djm) OpenBSD CVS Sync · 17e7ed0e
      Damien Miller authored
         - djm@cvs.openbsd.org 2005/06/16 03:38:36
           [channels.c channels.h clientloop.c clientloop.h ssh.c]
           move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd
           easier later; ok deraadt@
  17. 07 Nov, 2004 1 commit
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2004/11/07 00:01:46 · 7ebfc108
      Darren Tucker authored
           [clientloop.c clientloop.h ssh.1 ssh.c]
           add basic control of a running multiplex master connection; including the
           ability to check its status and request it to exit; ok markus@
  18. 17 Jul, 2004 1 commit
    • Darren Tucker's avatar
      - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 · fc959703
      Darren Tucker authored
           [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
           readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
           session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
           sshd.c ttymodes.h]
  19. 17 Jun, 2004 1 commit
    • Damien Miller's avatar
      - (djm) OpenBSD CVS Sync · 3756dcee
      Damien Miller authored
         - djm@cvs.openbsd.org 2004/06/17 14:52:48
           [clientloop.c clientloop.h ssh.c]
           support environment passing over shared connections; ok markus@
  20. 15 Jun, 2004 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2004/06/13 15:03:02 · 0e220dbf
      Damien Miller authored
           [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c]
           [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5]
           implement session multiplexing in the client (the server has supported
           this since 2.0); ok markus@
  21. 17 Dec, 2003 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2003/12/16 15:49:51 · 509b0107
      Damien Miller authored
           [clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
           [ssh.c ssh_config.5]
           application layer keep alive (ServerAliveInterval ServerAliveCountMax)
           for ssh(1), similar to the sshd(8) option; ok beck@; with help from
           jmc and dtucker@
  22. 23 Apr, 2002 1 commit
  23. 04 Jul, 2001 2 commits
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2001/06/26 17:27:25 · 4cc240da
      Ben Lindstrom authored
           [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
            canohost.h channels.h cipher.h clientloop.h compat.h compress.h
            crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
            hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
            packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
            session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
            sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
            tildexpand.h uidswap.h uuencode.h xmalloc.h]
           remove comments from .h, since they are cut&paste from the .c files
           and out of sync
    • Ben Lindstrom's avatar
      - itojun@cvs.openbsd.org 2001/06/26 06:32:58 · 16ae3d0d
      Ben Lindstrom authored
           [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
            buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
            compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
            hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
            radix.h readconf.h readpass.h rsa.h]
           prototype pedant.  not very creative...
           - () -> (void)
           - no variable names
  24. 10 Feb, 2001 1 commit
  25. 29 Jan, 2001 1 commit
    • Ben Lindstrom's avatar
      - niklas@cvs.openbsd.org 2001/01/2001 · 36579d3d
      Ben Lindstrom authored
           [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
            groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
            key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
            radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
            ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
            sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
  26. 22 Jan, 2001 1 commit
    • Ben Lindstrom's avatar
      Hopefully things did not get mixed around too much. It compiles under · 226cfa03
      Ben Lindstrom authored
      Linux and works.  So that is at least a good sign. =)
       - (bal) OpenBSD Resync
         - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
           [servconf.c ssh.h sshd.c]
           only auth-chall.c needs #ifdef SKEY
         - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
           [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
            auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
            packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
            session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
            ssh1.h sshconnect1.c sshd.c ttymodes.c]
           move ssh1 definitions to ssh1.h, pathnames to pathnames.h
         - markus@cvs.openbsd.org 2001/01/19 16:48:14
           fix typo; from stevesk@
         - markus@cvs.openbsd.org 2001/01/19 16:50:58
           clear and free digest, make consistent with other code (use dlen); from
         - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
           [auth-options.c auth-options.h auth-rsa.c auth2.c]
           pass the filename to auth_parse_options()
         - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
           fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
         - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
           dh_new_group() does not return NULL.  ok markus@
         - markus@cvs.openbsd.org 2001/01/20 21:33:42
           do not loop forever if askpass does not exist; from
         - djm@cvs.openbsd.org 2001/01/20 23:00:56
           Check for NULL return from strdelim; ok markus
         - djm@cvs.openbsd.org 2001/01/20 23:02:07
           KNF; ok markus
         - jakob@cvs.openbsd.org 2001/01/21 9:00:33
           remove -R flag; ok markus@
         - markus@cvs.openbsd.org 2001/01/21 19:05:40
           [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
            auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
            auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
            bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
            cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
            deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
            key.c key.h log-client.c log-server.c log.c log.h login.c login.h
            match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
            readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
            session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
            ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
            sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
            ttysmodes.c uidswap.c xmalloc.c]
           split ssh.h and try to cleanup the #include mess. remove unnecessary
           #includes.  rename util.[ch] -> misc.[ch]
       - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
       - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
         conflict when compiling for non-kerb install
       - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
         on 1/19.
  27. 18 Jan, 2001 1 commit
    • Ben Lindstrom's avatar
      NOTE: This update changes the RSA key generation. *NEW RSA KEYS · bf555ba6
      Ben Lindstrom authored
            NEED TO BE GENERATED*  =)  Refer to to entry "2001/01/16 19:20:06"
            for more details.
       - (bal) Super Sized OpenBSD Resync
         - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
         - markus@cvs.openbsd.org 2001/01/13 17:59:18
           small ssh-keygen manpage cleanup; stevesk@pobox.com
         - markus@cvs.openbsd.org 2001/01/13 18:03:07
           [scp.c ssh-keygen.c sshd.c]
           getopt() returns -1 not EOF; stevesk@pobox.com
         - markus@cvs.openbsd.org 2001/01/13 18:06:54
           use SSH_DEFAULT_PORT; from stevesk@pobox.com
         - markus@cvs.openbsd.org 2001/01/13 18:12:47
           free() -> xfree(); fix memory leak; from stevesk@pobox.com
         - markus@cvs.openbsd.org 2001/01/13 18:14:13
           typo, from stevesk@sweden.hp.com
         - markus@cvs.openbsd.org 2001/01/13 18:32:50
           [packet.c session.c ssh.c sshconnect.c sshd.c]
           split out keepalive from packet_interactive (from dale@accentre.com)
         - markus@cvs.openbsd.org 2001/01/13 18:36:45
           [packet.c packet.h]
           reorder, typo
         - markus@cvs.openbsd.org 2001/01/13 18:38:00
           fix comment
         - markus@cvs.openbsd.org 2001/01/13 18:43:31
         - markus@cvs.openbsd.org 2001/01/13 19:14:08
           [clientloop.h clientloop.c ssh.c]
           move callback to headerfile
         - markus@cvs.openbsd.org 2001/01/15 21:40:10
           use log() instead of stderr
         - markus@cvs.openbsd.org 2001/01/15 21:43:51
           use error() not stderr!
         - markus@cvs.openbsd.org 2001/01/15 21:45:29
           rename must fail if newpath exists, debug off by default
         - markus@cvs.openbsd.org 2001/01/15 21:46:38
           readable long listing for sftp-server, ok deraadt@
         - markus@cvs.openbsd.org 2001/01/16 19:20:06
           [key.c ssh-rsa.c]
           make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
           galb@vandyke.com.  note that you have to delete older ssh2-rsa keys,
           since they are in the wrong format, too. they must be removed from
           .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
           (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
           .ssh/authorized_keys2) additionally, we now check that
           BN_num_bits(rsa->n) >= 768.
         - markus@cvs.openbsd.org 2001/01/16 20:54:27
           remove some statics. simpler handles; idea from nisse@lysator.liu.se
         - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
           [bufaux.c radix.c sshconnect.h sshconnect1.c]
       - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
         be missing such feature.
  28. 16 Sep, 2000 1 commit
  29. 09 Jul, 2000 1 commit
    • Damien Miller's avatar
      - (djm) Fix pam sprintf fix · f9b625c3
      Damien Miller authored
       - (djm) Cleanup entropy collection code a little more. Split initialisation
         from seeding, perform intialisation immediatly at start, be careful with
         uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
  30. 03 Apr, 2000 1 commit
  31. 25 Nov, 1999 1 commit
    • Damien Miller's avatar
      · 5428f646
      Damien Miller authored
       - More reformatting merged from OpenBSD CVS
       - Merged OpenBSD CVS changes:
         - [channels.c]
           report from mrwizard@psu.edu via djm@ibs.com.au
         - [channels.c]
           set SO_REUSEADDR and SO_LINGER for forwarded ports.
           chip@valinux.com via damien@ibs.com.au
         - [nchan.c]
           it's not an error() if shutdown_write failes in nchan.
         - [readconf.c]
           remove dead #ifdef-0-code
         - [readconf.c servconf.c]
           strcasecmp instead of tolower
         - [scp.c]
           progress meter overflow fix from damien@ibs.com.au
         - [ssh-add.1 ssh-add.c]
           SSH_ASKPASS support
         - [ssh.1 ssh.c]
           postpone fork_after_authentication until command execution,
           request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
           plus: use daemon() for backgrounding
  32. 24 Nov, 1999 1 commit
    • Damien Miller's avatar
      - Merged very large OpenBSD source code reformat · 95def098
      Damien Miller authored
       - OpenBSD CVS updates
         - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
           [ssh.h sshd.8 sshd.c]
           syslog changes:
           * Unified Logmessage for all auth-types, for success and for failed
           * Standard connections get only ONE line in the LOG when level==LOG:
             Auth-attempts are logged only, if authentication is:
                a) successfull or
                b) with passwd or
                c) we had more than AUTH_FAIL_LOG failues
           * many log() became verbose()
           * old behaviour with level=VERBOSE
         - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
           tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
           messages. allows use of s/key in windows (ttssh, securecrt) and
           ssh-1.2.27 clients without 'ssh -v', ok: niels@
         - [sshd.8]
           -V, for fallback to openssh in SSH2 compatibility mode
         - [sshd.c]
           fix sigchld race; cjc5@po.cwru.edu
  33. 27 Oct, 1999 1 commit