path: root/auth2.c
AgeCommit message (Collapse)Author
2001-03-05 - 2001/03/01 02:45:10Ben Lindstrom
[auth-rsa.c auth2.c deattack.c packet.c] KNF
2001-03-05 - 2001/02/22 21:59:44Ben Lindstrom
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c] use pwcopy in ssh.c, too
2001-02-18 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] andBen Lindstrom
pty.[ch] -> sshpty.[ch]
2001-02-18 - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzieDamien Miller
enable with --with-bsd-auth.
2001-02-16KNFDamien Miller
2001-02-15 - 2001/02/13 22:49:40Ben Lindstrom
[auth1.c auth2.c] setproctitle(user) only if getpwnam succeeds
2001-02-15 - 2001/02/12 16:16:23Ben Lindstrom
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h ssh-keygen.c sshd.8] PermitRootLogin={yes,without-password,forced-commands-only,no} (before this change, root could login even if PermitRootLogin==no)
2001-02-14 - (djm) Split out and improve OSF SIA auth code. Patch from Chris AdamsDamien Miller
<> with a little modification and KNF.
2001-02-10 - 2001/02/10 12:52:02Ben Lindstrom
[auth2.c] offer passwd before s/key
2001-02-10 - 2001/02/07 22:35:46Ben Lindstrom
[auth1.c auth2.c sshd.c] move k_setpag() to a central place; ok dugsong@
2001-02-08 - (stevesk) OpenBSD sync:Kevin Steves
- 2001/02/08 11:20:01 [auth2.c] strict checking - 2001/02/08 11:15:22 [version.h] update to 2.3.2 - 2001/02/08 11:12:30 [auth2.c] fix typo
2001-02-05 - 2001/02/04 06:30:12Kevin Steves
[auth2.c authfd.c packet.c] remove duplicate #include's; ok markus@
2001-02-05 - 2001/02/04 08:32:27Kevin Steves
[many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2001-02-04NB: big update - may break stuff. Please test!Damien Miller
- (djm) OpenBSD CVS sync: - 2001/02/03 03:08:38 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c] [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8] [sshd_config] make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@ - 2001/02/03 03:19:51 [ssh.1 sshd.8 sshd_config] Skey is now called ChallengeResponse - 2001/02/03 03:43:09 [sshd.8] use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean channel. note from (pr/1659) - 2001/02/03 10:03:06 [ssh.1] typos; ok markus@ - 2001/02/04 04:11:56 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h] [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c] Basic interactive sftp client; ok theo@ - (djm) Update RPM specs for new sftp binary - (djm) Update several bits for new optional reverse lookup stuff. I think I got them all.
2001-01-29 - (bal) Minor auth2.c resync. Whitespace and moving of an #include.Ben Lindstrom
2001-01-23 - 2001/01/22 23:06:39Ben Lindstrom
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] rename skey -> challenge response. auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
2001-01-23 - (bal) OpenBSD ResyncBen Lindstrom
- 2001/01/22 8:15:00 [auth-krb4.c sshconnect1.c] only AFS needs radix.[ch] - 2001/01/22 8:32:53 [auth2.c] no need to include; from - 2001/01/22 16:55:21 [key.c] free() -> xfree(); ok markus@ - 2001/01/22 17:22:28 [sshconnect2.c sshd.c] fix memory leaks in SSH2 key exchange; ok markus@
2001-01-22Hopefully things did not get mixed around too much. It compiles underBen Lindstrom
Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by - 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from - 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.
2001-01-19 - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <>)Damien Miller
to fix NULL pointer deref and fake authloop breakage in PAM code.
2001-01-19Please grep through the source and look for 'ISSUE' comments and verifyBen Lindstrom
that I was able to get all the portable bits in the right location. As for the SKEY comment there is an email out to Markus as to how it should be resolved. Until then I just #ifdef SKEY/#endif out the whole block. - (bal) OpenBSD Resync - 2001/01/18 16:20:21 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h sshd.8 sshd.c] log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many systems - 2001/01/18 16:59:59 [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c session.h sshconnect1.c] 1) removes fake skey from sshd, since this will be much harder with /usr/libexec/auth/login_XXX 2) share/unify code used in ssh-1 and ssh-2 authentication (server side) 3) make addition of BSD_AUTH and other challenge reponse methods easier. - 2001/01/18 17:12:43 [auth-chall.c auth2-chall.c] rename *-skey.c *-chall.c since the files are not skey specific
2001-01-09 - (bal) OpenBSD SyncBen Lindstrom
- 2001/01/08 22:29:05 [auth2.c compat.c compat.h servconf.c servconf.h sshd.8 sshd_config version.h] implement option 'Banner /etc/' for ssh2, move version to 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner is enabled). - 2001/01/08 22:03:23 [channels.c ssh-keyscan.c] O_NDELAY -> O_NONBLOCK; thanks - 2001/01/08 21:55:41 [sshconnect1.c] more cleanups and fixes from 1) try_agent_authentication() for loop will overwrite key just allocated with key_new(); don't alloc 2) call ssh_close_authentication_connection() before exit try_agent_authentication() 3) free mem on bad passphrase in try_rsa_authentication() - 2001/01/08 21:48:17 [kex.c] missing free; thanks
2000-12-28 - (bal) OpenBSD CVS UpdateBen Lindstrom
- 2000/12/28 14:25:51 [auth.h auth2.c] count authentication failures only - 2000/12/28 14:25:03 [sshconnect.c] fingerprint for MITM attacks, too. - 2000/12/28 12:03:57 [sshd.8 sshd.c] document -D - 2000/12/27 14:19:21 [serverloop.c] less chatty - 2000/12/27 12:34 [auth1.c sshconnect2.c sshd.c] typo - 2000/12/27 12:30:19 [readconf.c readconf.h ssh.1 sshconnect.c] new option: HostKeyAlias: allow the user to record the host key under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine. - 2000/12/27 11:51:53 [ssh.1 ssh.c] multiple -t force pty allocation, document ORIGINAL_COMMAND - 2000/12/27 11:41:31 [sshd.8] update for ssh-2
2000-12-22One way to massive patch. <sigh> It compiles and works under Linux..Ben Lindstrom
And I think I have all the bits right from the OpenBSD tree. 20001222 - Updated RCSID for pty.c - (bal) OpenBSD CVS Updates: - 2000/12/21 15:10:16 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - 2000/12/20 19:26:56 [authfile.c] allow ssh -i userkey for root - 2000/12/20 19:37:21 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] fix prototypes; from - 2000/12/20 19:32:08 [sshd.c] init pointer to NULL; report from - 2000/12/19 23:17:54 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char unsigned' with u_char.
2000-12-0320001204Ben Lindstrom
- (bal) More C functions defined in NeXT that are unaccessable without defining -POSIX. - (bal) OpenBSD CVS updates: - 2000/12/03 11:29:04 [compat.c] remove fallback to SSH_BUG_HMAC now that the drafts are updated - 2000/12/03 11:27:55 [compat.c] correctly match "2.1.0.pl2 SSH" etc; from - 2000/12/03 11:15:03 [auth2.c compat.c compat.h sshconnect2.c] support f-secure/ 2.0.12; ok niels@
2000-12-03 - (djm) Added patch from Nalin Dahyabhai <> to enableDamien Miller
PAM authentication using KbdInteractive. - (djm) Added another TODO
2000-11-13 - (djm) Merge OpenBSD changes:Damien Miller
- 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from - 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from - 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from - 2000/11/09 18:04:40 [auth1.c] typo; from - 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version
2000-10-28 - (djm) authctxt->pw may be NULL. Fix from Markus FriedlDamien Miller
2000-10-28 - (djm) Fix mangled AIXAUTHENTICATE codeDamien Miller
2000-10-16 - (djm) Sync with OpenBSD:Damien Miller
- 2000/10/14 04:01:15 [cipher.c] debug3 - 2000/10/14 04:07:23 [scp.c] remove spaces from arguments; from - 2000/10/14 06:09:46 [ssh.1] Cipher is for SSH-1 only - 2000/10/14 06:12:09 [servconf.c servconf.h serverloop.c session.c sshd.8] AllowTcpForwarding; from naddy@ - 2000/10/14 06:16:56 [auth2.c compat.c compat.h sshconnect2.c version.h] OpenSSH_2.3; note that is is not complete, but the version number needs to be changed for interoperability reasons - 2000/10/14 06:19:45 [auth-rsa.c] do not send RSA challenge if key is not allowed by key-options; from - 2000/10/15 08:14:01 [rijndael.c session.c] typos; from - 2000/10/15 08:18:31 [rijndael.c] typo - Copy manpages back over from OpenBSD - too tedious to wade through diffs
2000-10-14 - (djm) Big OpenBSD sync:Damien Miller
- 2000/09/30 10:27:44 [log.c] allow loglevel debug - 2000/10/03 11:59:57 [packet.c] hmac->mac - 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private DSA keys, too. - 2000/10/09 15:32:34 auth-options.c clear options on every call. - 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <> - 2000/10/10 14:20:45 compat.c use rexexp for version string matching - 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from - 2000/10/11 14:11:35 [dh.c] Wall - 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by and me - 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - 2000/10/11 14:45:21 [cipher.c] remove DES - 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - 2000/10/12 08:21:13 [kex.h packet.c] remove unused - 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; - 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - 2000/10/13 13:10:54 [sshd.8] more info about -V - 2000/10/13 13:12:02 [myproposal.h] prefer no compression
2000-09-30 - (djm) CVS OpenBSD sync:Damien Miller
- 2000/09/26 13:59:59 [clientloop.c] use debug2 - 2000/09/27 15:41:34 [auth2.c sshconnect2.c] use key_type() - 2000/09/28 12:03:18 [channels.c] debug -> debug2 cleanup
2000-09-23 - (djm) OpenBSD CVS sync:Damien Miller
- 2000/09/17 09:38:59 [sshconnect2.c sshd.c] fix DEBUG_KEXDH - 2000/09/17 09:52:51 [sshconnect.c] yes no; ok niels@ - 2000/09/21 04:55:11 [sshd.8] typo - 2000/09/21 05:03:54 [serverloop.c] typo - 2000/09/21 05:11:42 scp.c utime() to utimes(); - 2000/09/21 05:25:08 sshconnect2.c change login logic in ssh2, allows plugin of other auth methods - 2000/09/21 05:25:35 [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h] [serverloop.c] add context to dispatch_run - 2000/09/21 05:07:52 authfd.c authfd.h ssh-agent.c bug compat for old software
2000-09-16 - (djm) Update CygWin support from Corinna Vinschen <>Damien Miller
2000-09-16 - (djm) Merge OpenBSD changes:Damien Miller
- 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - 2000/09/05 13:20:49 [sftp-server.c] cleanup - 2000/09/06 03:46:41 [authfile.h] prototype - 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - 2000/09/07 14:53:00 [scp.c] typo - 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - 2000/09/08 03:02:51 [README.openssh2] bye bye - 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - 2000/09/14 14:25:15 [clientloop.c] typo - 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately
2000-08-23 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headersDamien Miller
- (djm) OpenBSD CVS updates: - 2000/08/18 20:07:23 [ssh.c] accept remsh as a valid name as well; - 2000/08/18 20:17:13 [deattack.c crc32.c packet.c] rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to libz crc32 function yet, because it has ugly "long"'s in it; - 2000/08/18 20:26:08 [scp.1 scp.c] -S prog support; - 2000/08/18 20:50:07 [scp.c] knf - 2000/08/18 20:57:33 [log-client.c] shorten - 2000/08/19 12:48:11 [channels.c channels.h clientloop.c ssh.c ssh.h] support for ~. in ssh2 - 2000/08/19 15:29:40 [crc32.h] proper prototype - 2000/08/19 15:34:44 [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1] [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile] [fingerprint.c fingerprint.h] add SSH2/DSA support to the agent and some other DSA related cleanups. (note that we cannot talk to's ssh2 agents) - 2000/08/19 15:55:52 [channels.c channels.h clientloop.c] more ~ support for ssh2 - 2000/08/19 16:21:19 [clientloop.c] oops - 2000/08/20 12:25:53 [session.c] We have to stash the result of get_remote_name_or_ip() before we close our socket or getpeername() will get EBADF and the process will exit. Only a problem for "UseLogin yes". - 2000/08/20 12:30:59 [session.c] Only check /etc/nologin if "UseLogin no" since login(1) may have its own policy on determining who is allowed to login when /etc/nologin is present. Also use the _PATH_NOLOGIN define. - 2000/08/20 12:42:43 [auth1.c auth2.c session.c ssh.c] Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class. - 2000/08/21 10:23:31 [session.c] Fix incorrect PATH setting; noted by Markus.
2000-07-11 - (djm) OpenBSD CVS updates:Damien Miller
- 2000/06/26 03:22:29 [authfd.c] cleanup, less cut&paste - 2000/06/26 15:59:19 [servconf.c servconf.h session.c sshd.8 sshd.c] MaxStartups: limit number of unauthenticated connections, work by theo and me - 2000/07/05 14:18:07 [session.c] use no_x11_forwarding_flag correctly; provos ok - 2000/07/05 15:35:57 [sshd.c] typo - 2000/07/05 22:06:58 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8] Insert more missing .El directives. Our troff really should identify these and spit out a warning. - 2000/07/06 21:55:04 [auth-rsa.c auth2.c ssh-keygen.c] clean code is good code - 2000/07/07 02:14:29 [serverloop.c] sense of port forwarding flag test was backwards - 2000/07/08 17:17:31 [compat.c readconf.c] replace strtok with strsep; from David Young <> - 2000/07/08 19:21:15 [auth.h] KNF - 2000/07/08 19:27:33 [compat.c readconf.c] Better conditions for strsep() ending. - 2000/07/10 10:27:05 [readconf.c] Get the correct message on errors. (niels@ ok) - 2000/07/10 10:30:25 [cipher.c kex.c servconf.c] strtok() --> strsep(). (niels@ ok)
2000-06-28 - (djm) Added patch from Chris Adams <> to add OSF SIADamien Miller
support. Enable using "USE_SIA=1 ./configure [options]"
2000-06-22 - OpenBSD CVS Updates:Damien Miller
- 2000/06/18 18:50:11 [auth2.c compat.c compat.h sshconnect2.c] make userauth+pubkey interop with - 2000/06/18 20:56:17 [dsa.c] mem leak + be more paranoid in dsa_verify. - 2000/06/18 21:29:50 [key.c] cleanup fingerprinting, less hardcoded sizes - 2000/06/19 19:39:45 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] OpenBSD tag - 2000/06/21 10:46:10 sshconnect2.c missing free; nuke old comment
2000-06-18 - OpenBSD CVS updates:Damien Miller
- 2000/06/17 09:58:46 [channels.c] everyone says "nix it" (remove protocol 2 debugging message) - 2000/06/17 13:24:34 [sshconnect.c] allow extended server banners - 2000/06/17 14:30:10 [sshconnect.c] missing atomicio, typo - 2000/06/17 16:52:34 [servconf.c servconf.h session.c sshd.8 sshd_config] add support for ssh v2 subsystems. ok markus@. - 2000/06/17 18:57:48 [readconf.c servconf.c] include = in WHITESPACE; markus ok - 2000/06/17 19:09:10 [auth2.c] implement bug compatibility with ssh-2.0.13 pubkey, server side - 2000/06/17 21:00:28 [compat.c] initial support for's 2.2.0 - 2000/06/17 21:16:09 [scp.c] typo - 2000/06/17 22:05:02 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h] split auth-rsa option parsing into auth-options add options support to authorized_keys2 - 2000/06/17 22:42:54 [session.c] typo
2000-05-17 - Applied Tom Bertelson's <> AIX authentication fixDamien Miller
2000-05-09 - OpenBSD CVS updateDamien Miller
- [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c] [ssh.h sshconnect1.c sshconnect2.c sshd.8] - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only) - [ssh.1] - zap typo [ssh-keygen.1] - One last nit fix. (markus approved) [sshd.8] - some markus certified spelling adjustments - [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c] [sshconnect2.c ] - bug compat w/ ssh-2.0.13 x11, split out bugs [nchan.c] - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@ [ssh-keygen.c] - handle escapes in real and original key format, ok millert@ [version.h] - OpenSSH-2.1
2000-05-07 - Remove references to SSLeay.Damien Miller
- Big OpenBSD CVS update - [clientloop.c] - typo [session.c] - update proctitle on pty alloc/dealloc, e.g. w/ windows client [session.c] - update proctitle for proto 1, too [channels.h nchan.c serverloop.c session.c sshd.c] - use c-style comments - [scp.c] - more atomicio - [channels.c] - set O_NONBLOCK [ssh.1] - update AUTHOR [readconf.c ssh-keygen.c ssh.h] - default DSA key file ~/.ssh/id_dsa [clientloop.c] - typo, rm verbose debug - [ssh-keygen.1] - document DSA use of ssh-keygen [sshd.8] - a start at describing what i understand of the DSA side [ssh-keygen.1] - document -X and -x [ssh-keygen.c] - simplify usage - [sshd.8] - there is no rhosts_dsa [ssh-keygen.1] - document -y, update -X,-x [nchan.c] - fix close for non-open ssh1 channels [servconf.c servconf.h ssh.h sshd.8 sshd.c ] - s/DsaKey/HostDSAKey/, document option [sshconnect2.c] - respect number_of_password_prompts [channels.c channels.h servconf.c servconf.h session.c sshd.8] - GatewayPorts for sshd, ok deraadt@ [ssh-add.1 ssh-agent.1 ssh.1] - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2 [ssh.1] - more info on proto 2 [sshd.8] - sync AUTHOR w/ ssh.1 [key.c key.h sshconnect.c] - print key type when talking about host keys [packet.c] - clear padding in ssh2 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h] - replace broken uuencode w/ libc b64_ntop [auth2.c] - log failure before sending the reply [key.c radix.c uuencode.c] - remote trailing comments before calling __b64_pton [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1] [sshconnect2.c sshd.8] - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-02 - OpenBSD CVS updateDamien Miller
[channels.c] - init all fds, close all fds. [sshconnect2.c] - check whether file exists before asking for passphrase [servconf.c servconf.h sshd.8 sshd.c] - PidFile, pr 1210 [channels.c] - EINTR [channels.c] - unbreak, ok niels@ [sshd.c] - unlink pid file, ok niels@ [auth2.c] - Add missing #ifdefs; ok - markus
2000-05-01 - Add some missing ifdefs to auth2.cDamien Miller
2000-05-01 [scp.c]Damien Miller
- fix very rare EAGAIN/EINTR issues; based on work by djm [packet.c] - less debug, rm unused [auth2.c] - disable kerb,s/key in ssh2 [sshd.8] - Minor tweaks and typo fixes. [ssh-keygen.c] - Put -d into usage and reorder. markus ok.
2000-04-29 - Merge big update to OpenSSH-2.0 from OpenBSD CVSDamien Miller
[README.openssh2] - interop w/ F-secure windows client - sync documentation - ssh_host_dsa_key not ssh_dsa_key [auth-rsa.c] - missing fclose [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c] [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c] [sshd.c uuencode.c uuencode.h authfile.h] - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX] for trading keys with the real and the original SSH, directly from the people who invented the SSH protocol. [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h] [sshconnect1.c sshconnect2.c] - split auth/sshconnect in one file per protocol version [sshconnect2.c] - remove debug [uuencode.c] - add trailing = [version.h] - OpenSSH-2.0 [ssh-keygen.1 ssh-keygen.c] - add -R flag: exit code indicates if RSA is alive [sshd.c] - remove unused silent if -Q is specified [ssh.h] - host key becomes /etc/ssh_host_dsa_key [readconf.c servconf.c ] - ssh/sshd default to proto 1 and 2 [uuencode.c] - remove debug [auth2.c ssh-keygen.c sshconnect2.c sshd.c] - xfree DSA blobs [auth2.c serverloop.c session.c] - cleanup logging for sshd/2, respect PasswordAuth no [sshconnect2.c] - less debug, respect .ssh/config [README.openssh2 channels.c channels.h] - clientloop.c session.c ssh.c - support for x11-fwding, client+server