1. 18 Dec, 2013 1 commit
  2. 04 Dec, 2013 2 commits
    • Damien Miller's avatar
      - jmc@cvs.openbsd.org 2013/11/26 12:14:54 · bdb352a5
      Damien Miller authored
           [ssh.1 ssh.c]
           - put -Q in the right place
           - Ar was a poor choice for the arguments to -Q. i've chosen an
             admittedly equally poor Cm, at least consistent with the rest
             of the docs. also no need for multiple instances
           - zap a now redundant Nm
           - usage() sync
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2013/11/25 18:04:21 · d937dc08
      Damien Miller authored
           [ssh.1 ssh.c]
           improve -Q usage and such.  One usage change is that the option is now
           ok dtucker markus djm
  3. 21 Nov, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/11/21 00:45:44 · 0fde8acd
      Damien Miller authored
           [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
           [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
           [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
           [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
           cipher "chacha20-poly1305@openssh.com" that combines Daniel
           Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
           authenticated encryption mode.
           Inspired by and similar to Adam Langley's proposal for TLS:
           but differs in layout used for the MAC calculation and the use of a
           second ChaCha20 instance to separately encrypt packet lengths.
           Details are in the PROTOCOL.chacha20poly1305 file.
           Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
           ok markus@ naddy@
  4. 17 Oct, 2013 3 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/10/16 22:49:39 · 3850559b
      Damien Miller authored
           [readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
           s/canonicalise/canonicalize/ for consistency with existing spelling,
           e.g. authorized_keys; pointed out by naddy@
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/10/16 02:31:47 · 0faf747e
      Damien Miller authored
           [readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
           [sshconnect.c sshconnect.h]
           Implement client-side hostname canonicalisation to allow an explicit
           search path of domain suffixes to use to convert unqualified host names
           to fully-qualified ones for host key matching.
           This is particularly useful for host certificates, which would otherwise
           need to list unqualified names alongside fully-qualified ones (and this
           causes a number of problems).
           "looks fine" markus@
    • Damien Miller's avatar
      - jmc@cvs.openbsd.org 2013/10/15 14:10:25 · d77b81f8
      Damien Miller authored
           [ssh.1 ssh_config.5]
           tweak previous;
  5. 20 Aug, 2013 2 commits
  6. 18 Jul, 2013 2 commits
  7. 23 Apr, 2013 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/04/19 01:06:50 · ea11119e
      Damien Miller authored
           [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
           [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
           add the ability to query supported ciphers, MACs, key type and KEX
           algorithms to ssh. Includes some refactoring of KEX and key type handling
           to be table-driven; ok markus@
    • Damien Miller's avatar
      - dtucker@cvs.openbsd.org 2013/04/07 02:10:33 · 03d4d7e6
      Damien Miller authored
           [log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
           Add -E option to ssh and sshd to append debugging logs to a specified file
           instead of stderr or syslog.  ok markus@, man page help jmc@
  8. 05 Oct, 2012 2 commits
  9. 07 Sep, 2012 1 commit
  10. 06 Sep, 2012 1 commit
  11. 20 Jun, 2012 2 commits
  12. 22 Apr, 2012 1 commit
  13. 22 Sep, 2011 3 commits
  14. 05 Aug, 2011 1 commit
  15. 14 May, 2011 1 commit
  16. 05 May, 2011 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/04/18 00:46:05 · 8cb1cda1
      Damien Miller authored
           certificate options are supposed to be packed in lexical order of
           option name (though we don't actually enforce this at present).
           Move one up that was out of sequence
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/04/17 22:42:42 · 6c3eec7a
      Damien Miller authored
           [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
           allow graceful shutdown of multiplexing: request that a mux server
           removes its listener socket and refuse future multiplexing requests;
           ok markus@
  17. 20 Nov, 2010 1 commit
  18. 04 Nov, 2010 1 commit
  19. 24 Sep, 2010 2 commits
  20. 10 Sep, 2010 2 commits
  21. 31 Aug, 2010 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/31 11:54:45 · eb8b60e3
      Damien Miller authored
           [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
           [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
           [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
           [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
           [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
           [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
           [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
           Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
           host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
           better performance than plain DH and DSA at the same equivalent symmetric
           key length, as well as much shorter keys.
           Only the mandatory sections of RFC5656 are implemented, specifically the
           three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
           ECDSA. Point compression (optional in RFC5656 is NOT implemented).
           Certificate host and user keys using the new ECDSA key types are supported.
           Note that this code has not been tested for interoperability and may be
           subject to change.
           feedback and ok markus@
    • Damien Miller's avatar
      - jmc@cvs.openbsd.org 2010/08/08 19:36:30 · afdae616
      Damien Miller authored
           [ssh-keysign.8 ssh.1 sshd.8]
           use the same template for all FILES sections; i.e. -compact/.Pp where we
           have multiple items, and .Pa for path names;
  22. 05 Aug, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/04 05:37:01 · 7fa96602
      Damien Miller authored
           [ssh.1 ssh_config.5 sshd.8]
           Remove mentions of weird "addr/port" alternate address format for IPv6
           addresses combinations. It hasn't worked for ages and we have supported
           the more commen "[addr]:port" format for a long time. ok jmc@ markus@
  23. 03 Aug, 2010 1 commit
  24. 16 Jul, 2010 1 commit
  25. 21 May, 2010 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2010/05/16 12:55:51 · 388f6fc4
      Damien Miller authored
           [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
           mux support for remote forwarding with dynamic port allocation,
           use with
              LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
           feedback and ok djm@
  26. 16 Apr, 2010 1 commit