1. 25 Jan, 2014 1 commit
    • Damien Miller's avatar
      - dtucker@cvs.openbsd.org 2014/01/25 10:12:50 · 76eea4ab
      Damien Miller authored
           [cipher.c cipher.h kex.c kex.h kexgexc.c]
           Add a special case for the DH group size for 3des-cbc, which has an
           effective strength much lower than the key size.  This causes problems
           with some cryptlib implementations, which don't support group sizes larger
           than 4k but also don't use the largest group size it does support as
           specified in the RFC.  Based on a patch from Petr Lautrbach at Redhat,
           reduced by me with input from Markus.  ok djm@ markus@
  2. 06 Dec, 2013 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2013/12/06 13:34:54 · bcd00abd
      Damien Miller authored
           [authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
           [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
           default; details in PROTOCOL.key; feedback and lots help from djm;
           ok djm@
  3. 21 Nov, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/11/21 00:45:44 · 0fde8acd
      Damien Miller authored
           [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
           [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
           [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
           [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
           cipher "chacha20-poly1305@openssh.com" that combines Daniel
           Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
           authenticated encryption mode.
           Inspired by and similar to Adam Langley's proposal for TLS:
           but differs in layout used for the MAC calculation and the use of a
           second ChaCha20 instance to separately encrypt packet lengths.
           Details are in the PROTOCOL.chacha20poly1305 file.
           Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
           ok markus@ naddy@
  4. 08 Nov, 2013 1 commit
  5. 23 Apr, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/04/19 01:06:50 · ea11119e
      Damien Miller authored
           [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
           [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
           add the ability to query supported ciphers, MACs, key type and KEX
           algorithms to ssh. Includes some refactoring of KEX and key type handling
           to be table-driven; ok markus@
  6. 09 Jan, 2013 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2013/01/08 18:49:04 · 1d75abfe
      Damien Miller authored
           [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
           [myproposal.h packet.c ssh_config.5 sshd_config.5]
           support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
           ok and feedback djm@
  7. 11 Dec, 2012 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2012/12/11 22:31:18 · af43a7ac
      Damien Miller authored
           [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
           [packet.c ssh_config.5 sshd_config.5]
           add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
           that change the packet format and compute the MAC over the encrypted
           message (including the packet size) instead of the plaintext data;
           these EtM modes are considered more secure and used by default.
           feedback and ok djm@
  8. 28 Jan, 2009 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2009/01/26 09:58:15 · 13ae44ce
      Damien Miller authored
           [cipher.c cipher.h packet.c]
           Work around the CPNI-957037 Plaintext Recovery Attack by always
           reading 256K of data on packet size or HMAC errors (in CBC mode only).
           Help, feedback and ok djm@
           Feedback from Martin Albrecht and Paterson Kenny
  9. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 22:22:43 · 51096383
      Damien Miller authored
           [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
           [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
           [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
           [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
           [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
           [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
           [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
           [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
           [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
           [ttymodes.h uidswap.h uuencode.h xmalloc.h]
           standardise spacing in $OpenBSD$ tags; requested by deraadt@
  10. 12 Aug, 2004 1 commit
  11. 17 Nov, 2003 1 commit
    • Damien Miller's avatar
      - jakob@cvs.openbsd.org 2003/11/10 16:23:41 · f58b58ce
      Damien Miller authored
           [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
           [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
           [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
           constify. ok markus@ & djm@
  12. 22 Mar, 2002 1 commit
  13. 13 Mar, 2002 2 commits
  14. 05 Mar, 2002 1 commit
    • Ben Lindstrom's avatar
      - stevesk@cvs.openbsd.org 2002/03/04 17:27:39 · 05764b92
      Ben Lindstrom authored
           [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
            channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
            groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
            servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
            uuencode.c xmalloc.h]
           $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
           missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
           files.  ok markus@
  15. 19 Feb, 2002 2 commits
  16. 14 Sep, 2001 1 commit
  17. 04 Jul, 2001 2 commits
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2001/06/26 17:27:25 · 4cc240da
      Ben Lindstrom authored
           [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
            canohost.h channels.h cipher.h clientloop.h compat.h compress.h
            crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
            hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
            packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
            session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
            sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
            tildexpand.h uidswap.h uuencode.h xmalloc.h]
           remove comments from .h, since they are cut&paste from the .c files
           and out of sync
    • Ben Lindstrom's avatar
      - itojun@cvs.openbsd.org 2001/06/26 06:32:58 · 16ae3d0d
      Ben Lindstrom authored
           [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
            buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
            compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
            hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
            radix.h readconf.h readpass.h rsa.h]
           prototype pedant.  not very creative...
           - () -> (void)
           - no variable names
  18. 05 Jun, 2001 1 commit
  19. 22 Dec, 2000 1 commit
    • Ben Lindstrom's avatar
      One way to massive patch. <sigh> It compiles and works under Linux.. · 46c16220
      Ben Lindstrom authored
      And I think I have all the bits right from the OpenBSD tree.
       - Updated RCSID for pty.c
       - (bal) OpenBSD CVS Updates:
        - markus@cvs.openbsd.org 2000/12/21 15:10:16
          [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
          print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
        - markus@cvs.openbsd.org 2000/12/20 19:26:56
          allow ssh -i userkey for root
        - markus@cvs.openbsd.org 2000/12/20 19:37:21
          [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
          fix prototypes; from stevesk@pobox.com
        - markus@cvs.openbsd.org 2000/12/20 19:32:08
          init pointer to NULL; report from Jan.Ivan@cern.ch
        - markus@cvs.openbsd.org 2000/12/19 23:17:54
          [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
           auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
           bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
           crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
           key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
           packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
           serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
           ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h  uuencode.c
           uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
          replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
          unsigned' with u_char.
  20. 10 Dec, 2000 1 commit
    • Ben Lindstrom's avatar
      20001210 · fa1b3d08
      Ben Lindstrom authored
       - (bal) OpenBSD CVS updates
         - markus@cvs.openbsd.org 2000/12/09 13:41:51
           [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
           undo rijndael changes
         - markus@cvs.openbsd.org 2000/12/09 13:48:31
           fix byte order bug w/o introducing new implementation
         - markus@cvs.openbsd.org 2000/12/09 14:08:27
           "" -> "." for realpath; from vinschen@redhat.com
         - markus@cvs.openbsd.org 2000/12/09 14:06:54
           extern int optind; from stevesk@sweden.hp.com
  21. 07 Dec, 2000 1 commit
  22. 14 Oct, 2000 1 commit
    • Damien Miller's avatar
      - (djm) Big OpenBSD sync: · 874d77bb
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/09/30 10:27:44
           allow loglevel debug
         - markus@cvs.openbsd.org  2000/10/03 11:59:57
         - markus@cvs.openbsd.org  2000/10/03 12:03:03
           [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
           move fake-auth from auth1.c to individual auth methods, disables s/key in
         - markus@cvs.openbsd.org  2000/10/03 12:16:48
           do not resolve canonname, i have no idea why this was added oin ossh
         - markus@cvs.openbsd.org  2000/10/09 15:30:44
           ssh-keygen.1 ssh-keygen.c
           -X now reads private ssh.com DSA keys, too.
         - markus@cvs.openbsd.org  2000/10/09 15:32:34
           clear options on every call.
         - markus@cvs.openbsd.org  2000/10/09 15:51:00
           authfd.c authfd.h
           interop with ssh-agent2, from <res@shore.net>
         - markus@cvs.openbsd.org  2000/10/10 14:20:45
           use rexexp for version string matching
         - provos@cvs.openbsd.org  2000/10/10 22:02:18
           [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
           First rough implementation of the diffie-hellman group exchange.  The
           client can ask the server for bigger groups to perform the diffie-hellman
           in, thus increasing the attack complexity when using ciphers with longer
           keys.  University of Windsor provided network, T the company.
         - markus@cvs.openbsd.org  2000/10/11 13:59:52
           [auth-rsa.c auth2.c]
           clear auth options unless auth sucessfull
         - markus@cvs.openbsd.org  2000/10/11 14:00:27
           clear auth options unless auth sucessfull
         - markus@cvs.openbsd.org  2000/10/11 14:03:27
           [scp.1 scp.c]
           support 'scp -o' with help from mouring@pconline.com
         - markus@cvs.openbsd.org  2000/10/11 14:11:35
         - markus@cvs.openbsd.org  2000/10/11 14:14:40
           [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
           [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
           add support for s/key (kbd-interactive) to ssh2, based on work by
           mkiernan@avantgo.com and me
         - markus@cvs.openbsd.org  2000/10/11 14:27:24
           [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
           [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
           [sshconnect2.c sshd.c]
           new cipher framework
         - markus@cvs.openbsd.org  2000/10/11 14:45:21
           remove DES
         - markus@cvs.openbsd.org  2000/10/12 03:59:20
           [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
           enable DES in SSH-1 clients only
         - markus@cvs.openbsd.org  2000/10/12 08:21:13
           [kex.h packet.c]
           remove unused
         - markus@cvs.openbsd.org  2000/10/13 12:34:46
           Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
         - markus@cvs.openbsd.org  2000/10/13 12:59:15
           [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
           rijndael/aes support
         - markus@cvs.openbsd.org  2000/10/13 13:10:54
           more info about -V
         - markus@cvs.openbsd.org  2000/10/13 13:12:02
           prefer no compression
  23. 16 Sep, 2000 1 commit
    • Damien Miller's avatar
      - (djm) Merge OpenBSD changes: · e4340be5
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/09/05 02:59:57
           print hostname (not hushlogin)
         - markus@cvs.openbsd.org  2000/09/05 13:18:48
           [authfile.c ssh-add.c]
           enable ssh-add -d for DSA keys
         - markus@cvs.openbsd.org  2000/09/05 13:20:49
         - markus@cvs.openbsd.org  2000/09/06 03:46:41
         - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
           cleanup copyright notices on all files.  I have attempted to be
           accurate with the details.  everything is now under Tatu's licence
           (which I copied from his readme), and/or the core-sdi bsd-ish thing
           for deattack, or various openbsd developers under a 2-term bsd
           licence.  We're not changing any rules, just being accurate.
         - markus@cvs.openbsd.org  2000/09/07 14:40:30
           [channels.c channels.h clientloop.c serverloop.c ssh.c]
           cleanup window and packet sizes for ssh2 flow control; ok niels
         - markus@cvs.openbsd.org  2000/09/07 14:53:00
         - markus@cvs.openbsd.org  2000/09/07 15:13:37
           [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
           [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
           [pty.c readconf.c]
           some more Copyright fixes
         - markus@cvs.openbsd.org  2000/09/08 03:02:51
           bye bye
         - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
           [LICENCE cipher.c]
           a few more comments about it being ARC4 not RC4
         - markus@cvs.openbsd.org  2000/09/12 14:53:11
           [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
           multiple debug levels
         - markus@cvs.openbsd.org  2000/09/14 14:25:15
         - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
           check return value for setenv(3) for failure, and deal appropriately
  24. 22 Jun, 2000 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Updates: · 6536c7d3
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/06/18 18:50:11
           [auth2.c compat.c compat.h sshconnect2.c]
           make userauth+pubkey interop with ssh.com-2.2.0
         - markus@cvs.openbsd.org  2000/06/18 20:56:17
           mem leak + be more paranoid in dsa_verify.
         - markus@cvs.openbsd.org  2000/06/18 21:29:50
           cleanup fingerprinting, less hardcoded sizes
         - markus@cvs.openbsd.org  2000/06/19 19:39:45
           [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
           [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
           [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
           [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
           [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
           [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
           [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
           OpenBSD tag
         - markus@cvs.openbsd.org  2000/06/21 10:46:10
           sshconnect2.c missing free; nuke old comment
  25. 09 May, 2000 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS update · 30c3d429
      Damien Miller authored
        - markus@cvs.openbsd.org
          [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
          [ssh.h sshconnect1.c sshconnect2.c sshd.8]
          - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
        - hugh@cvs.openbsd.org
          - zap typo
          - One last nit fix. (markus approved)
          - some markus certified spelling adjustments
        - markus@cvs.openbsd.org
          [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
          [sshconnect2.c ]
          - bug compat w/ ssh-2.0.13 x11, split out bugs
          - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
          - handle escapes in real and original key format, ok millert@
          - OpenSSH-2.1
  26. 16 Apr, 2000 2 commits
    • Damien Miller's avatar
      - Reduce diff against OpenBSD source · 5f05637b
      Damien Miller authored
         - All OpenSSL includes are now unconditionally referenced as
         - Pick up formatting changes
         - Other minor changed (typecasts, etc) that I missed
    • Damien Miller's avatar
      · 4af51306
      Damien Miller authored
       - OpenBSD CVS updates.
         [ssh.1 ssh.c]
         - ssh -2
         [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
         [session.c sshconnect.c]
         - check payload for (illegal) extra data
         - whitespace cleanup
  27. 13 Apr, 2000 1 commit
  28. 12 Apr, 2000 1 commit
    • Damien Miller's avatar
      · 78928793
      Damien Miller authored
       - OpenBSD CVS updates:
         - [channels.c]
           repair x11-fwd
         - [sshconnect.c]
           fix passwd prompt for ssh2, less debugging output.
         - [clientloop.c compat.c dsa.c kex.c sshd.c]
           less debugging output
         - [kex.c kex.h sshconnect.c sshd.c]
           check for reasonable public DH values
         - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
           [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
           add Cipher and Protocol options to ssh/sshd, e.g.:
           ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
         - [sshd.c]
           print 1.99 only if server supports both
  29. 06 Apr, 2000 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS update: · 1383bd8e
      Damien Miller authored
         - [channels.c]
           close efd on eof
         - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
           ssh2 client implementation, interops w/ ssh.com and lsh servers.
         - [sshconnect.c]
           missing free.
         - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
           remove unused argument, split cipher_mask()
         - [clientloop.c]
           re-order: group ssh1 vs. ssh2
       - Make Redhat spec require openssl >= 0.9.5a
  30. 01 Apr, 2000 1 commit
    • Damien Miller's avatar
      - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure) · b38eff8e
      Damien Miller authored
         - [auth.c session.c sshd.c auth.h]
           split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
         - [bufaux.c bufaux.h]
           support ssh2 bignums
         - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
           [readconf.c ssh.c ssh.h serverloop.c]
           replace big switch() with function tables (prepare for ssh2)
         - [ssh2.h]
           ssh2 message type codes
         - [sshd.8]
           reorder Xr to avoid cutting
         - [serverloop.c]
           close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
         - [channels.c]
           missing close
           allow bigger packets
         - [cipher.c cipher.h]
           support ssh2 ciphers
         - [compress.c]
           cleanup, less code
         - [dispatch.c dispatch.h]
           function tables for different message types
         - [log-server.c]
           do not log() if debuggin to stderr
           rename a cpp symbol, to avoid param.h collision
         - [mpaux.c]
         - [nchan.c]
           sync w/ channels.c
  31. 26 Mar, 2000 1 commit
    • Damien Miller's avatar
      · 450a7a1f
      Damien Miller authored
       - OpenBSD CVS update
         - [auth-krb4.c]
         - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
           [match.h ssh.c ssh.h sshconnect.c sshd.c]
           initial support for DSA keys. ok deraadt@, niels@
         - [cipher.c cipher.h]
           remove unused cipher_attack_detected code
         - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
           Fix some formatting problems I missed before.
         - [ssh.1 sshd.8]
           fix spelling errors, From: FreeBSD
         - [ssh.c]
           switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
  32. 25 Nov, 1999 1 commit
    • Damien Miller's avatar
      · 5428f646
      Damien Miller authored
       - More reformatting merged from OpenBSD CVS
       - Merged OpenBSD CVS changes:
         - [channels.c]
           report from mrwizard@psu.edu via djm@ibs.com.au
         - [channels.c]
           set SO_REUSEADDR and SO_LINGER for forwarded ports.
           chip@valinux.com via damien@ibs.com.au
         - [nchan.c]
           it's not an error() if shutdown_write failes in nchan.
         - [readconf.c]
           remove dead #ifdef-0-code
         - [readconf.c servconf.c]
           strcasecmp instead of tolower
         - [scp.c]
           progress meter overflow fix from damien@ibs.com.au
         - [ssh-add.1 ssh-add.c]
           SSH_ASKPASS support
         - [ssh.1 ssh.c]
           postpone fork_after_authentication until command execution,
           request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
           plus: use daemon() for backgrounding
  33. 24 Nov, 1999 1 commit
    • Damien Miller's avatar
      - Merged very large OpenBSD source code reformat · 95def098
      Damien Miller authored
       - OpenBSD CVS updates
         - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
           [ssh.h sshd.8 sshd.c]
           syslog changes:
           * Unified Logmessage for all auth-types, for success and for failed
           * Standard connections get only ONE line in the LOG when level==LOG:
             Auth-attempts are logged only, if authentication is:
                a) successfull or
                b) with passwd or
                c) we had more than AUTH_FAIL_LOG failues
           * many log() became verbose()
           * old behaviour with level=VERBOSE
         - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
           tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
           messages. allows use of s/key in windows (ttssh, securecrt) and
           ssh-1.2.27 clients without 'ssh -v', ok: niels@
         - [sshd.8]
           -V, for fallback to openssh in SSH2 compatibility mode
         - [sshd.c]
           fix sigchld race; cjc5@po.cwru.edu
  34. 16 Nov, 1999 1 commit
    • Damien Miller's avatar
      - Merged OpenBSD CVS changes: · 7e8e8201
      Damien Miller authored
         - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
           [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
           the keysize of rsa-parameter 'n' is passed implizit,
           a few more checks and warnings about 'pretended' keysizes.
         - [cipher.c cipher.h packet.c packet.h sshd.c]
           remove support for cipher RC4
         - [ssh.c]
           a note for legay systems about secuity issues with permanently_set_uid(),
           the private hostkey and ptrace()
         - [sshconnect.c]
           more detailed messages about adding and checking hostkeys
  35. 28 Oct, 1999 1 commit
  36. 27 Oct, 1999 1 commit