2002-07-22 - (bal) AIX tty data limiting patch fix by Lindstrom
2002-06-25 - 2002/06/24 14:33:27Ben Lindstrom
[channels.c channels.h clientloop.c serverloop.c] move channel counter to u_int
2002-06-23 - 2002/06/23 21:06:41Ben Lindstrom
[channels.c channels.h session.c session.h] display, screen, row, col, xpixel, ypixel are u_int; markus ok - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col, xpixel are u_int.
2002-06-11 - 2002/06/10 22:28:41Ben Lindstrom
[channels.c channels.h session.c] move creation of agent socket to session.c; no need for uidswapping in channel.c.
2002-03-27 - 2002/03/26 22:50:39Ben Lindstrom
[channels.h] CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too
2002-03-26 - 2002/03/25 21:13:51Ben Lindstrom
[channels.c channels.h compat.c compat.h nchan.c] don't send stderr data after EOF, accept this from older known (broken) sshd servers only, fixes
2002-03-05 - 2002/03/04 17:27:39Ben Lindstrom
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h uuencode.c xmalloc.h] $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
2002-02-19 - 2002/02/14 23:28:00Damien Miller
[channels.h session.c ssh.c] increase the SSH v2 window size to 4 packets. comsumes a little bit more memory for slow receivers but increases througput.
2002-02-08 - 2002/02/05 14:32:55Damien Miller
[channels.c channels.h ssh.c] merge channel_request() into channel_request_start()
2002-02-05 - 2002/02/03 17:58:21Damien Miller
[channels.c channels.h ssh.c] generic callbacks are not really used, remove and add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION ok djm@
2002-02-05 - 2002/02/03 17:55:55Damien Miller
[channels.c channels.h] remove unused channel_input_channel_request
2002-01-22 - 2002/01/16 13:17:51Damien Miller
[channels.c channels.h serverloop.c ssh.c] wrapper for channel_setup_fwd_listener
2002-01-22 - 2002/01/14 13:57:03Damien Miller
[channels.h nchan.c] (c) 2002
2002-01-22 - 2002/01/14 13:55:55Damien Miller
[channels.c channels.h nchan.c] remove function pointers for events, remove chan_init*; ok provos@
2002-01-22 - 2002/01/13 21:31:20Damien Miller
[channels.h nchan.c] add chan_set_[io]state(), order states, state is now an u_int, simplifies debugging messages; ok provos@
2002-01-22 - 2001/12/28 15:06:00Damien Miller
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c] remove plen from the dispatch fn. it's no longer used.
2001-12-21 - 2001/12/20 22:50:24Damien Miller
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c] [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c] [sshconnect2.c] Conformance fix: we should send failing packet sequence number when responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by; ok markus@
2001-12-21 - 2001/12/20 16:37:29Damien Miller
[channels.c channels.h session.c] setup x11 listen socket for just one connect if the client requests so. (v2 only, but the openssh client does not support this feature).
2001-12-19 - (stevesk) OpenBSD CVS sync X11 localhost displayKevin Steves
- 2001/11/29 14:10:51 [channels.h channels.c session.c] sshd X11 fake server will now listen on localhost by default: $ echo $DISPLAY localhost:12.0 $ netstat -an|grep 6012 tcp 0 0 *.* LISTEN tcp6 0 0 ::1.6012 *.* LISTEN sshd_config gatewayports=yes can be used to revert back to the old behavior. will control this with another option later. ok markus@ - 2001/12/19 08:43:11 [includes.h session.c] handle utsname.nodename case for FamilyLocal X authorization; ok markus@
2001-12-06 - 2001/11/29 19:06:39Ben Lindstrom
[channels.h] remove dead function prototype; ok markus@
2001-11-12 - 2001/11/07 22:53:21Damien Miller
[channels.h] crank c->path to 256 so they can hold a full hostname;
2001-10-12 - (djm) OpenBSD CVS SyncDamien Miller
- 2001/10/10 22:18:47 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c session.h] try to keep channels open until an exit-status message is sent. don't kill the login shells if the shells stdin/out/err is closed. this should now work: ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
2001-10-10 - 2001/10/09 21:59:41Damien Miller
[channels.c channels.h serverloop.c session.c session.h] simplify session close: no more delayed session_close, no more blocking wait() calls.
2001-10-10 - 2001/10/07 17:49:40Damien Miller
[channels.c channels.h] avoid possible FD_ISSET overflow for channels established during channnel_after_select() (used for dynamic channels).
2001-10-03 - 2001/10/01 21:38:53Ben Lindstrom
[channels.c channels.h ssh.c sshd.c] remove ugliness; via angelos
2001-09-18 - 2001/09/17 20:52:47Ben Lindstrom
[channels.c channels.h clientloop.c] try to fix agent-forwarding-backconnection-bug, as seen on HPUX, for example; with Lutz.Jaenicke@aet.TU-Cottbus.DE,
2001-07-18 - 2001/07/17 21:04:58Ben Lindstrom
[channels.c channels.h clientloop.c nchan.c serverloop.c] keep track of both maxfd and the size of the malloc'ed fdsets. update maxfd if maxfd gets closed.
2001-07-04 - 2001/07/02 22:52:57Ben Lindstrom
[channels.c channels.h serverloop.c] improve cleanup/exit logic in ssh2: stop listening to channels, detach channel users (e.g. sessions). wait for children (i.e. dying sessions), send exit messages, cleanup all channels.
2001-07-04 - 2001/06/30 18:08:40Ben Lindstrom
[channels.c channels.h clientloop.c] adress -> address; ok markus@
2001-07-04 - 2001/06/26 17:27:25Ben Lindstrom
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h compat.h compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h tildexpand.h uidswap.h uuencode.h xmalloc.h] remove comments from .h, since they are cut&paste from the .c files and out of sync
2001-07-04 - 2001/06/26 06:32:58Ben Lindstrom
[atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h compat.h compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h radix.h readconf.h readpass.h rsa.h] prototype pedant. not very creative... - () -> (void) - no variable names
2001-07-04 - 2001/06/25 08:25:41Ben Lindstrom
[channels.c channels.h cipher.c clientloop.c compat.c compat.h hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h] update copyright for 2001
2001-06-21 - 2001/06/20 13:56:39Ben Lindstrom
[channels.c channels.h clientloop.c packet.c serverloop.c] move from channel_stop_listening to channel_free_all, call channel_free_all before calling waitpid() in serverloop. fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
2001-06-21 - 2001/06/16 08:50:39Ben Lindstrom
[channels.h] bad //-style comment; thx to
2001-06-09 - 2001/06/04 21:59:43Ben Lindstrom
[channels.c channels.h session.c] switch uid when cleaning up tmp files and sockets; reported by on bugtraq
2001-06-09 - 2001/06/03 14:55:39Ben Lindstrom
[channels.c channels.h session.c] use fatal_register_cleanup instead of atexit, sync with x11 authdir handling
- (bal) Channels.c and Channels.h -- "Merge Functions, simplify"
out of ssh Attic)
2001-06-05 - 2001/05/28 23:14:49Ben Lindstrom
[channels.c channels.h nchan.c] undo broken channel fix and try a different one. there should be still some select errors...
2001-05-05 - 2001/05/04 23:47:34Ben Lindstrom
[channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c] move to Channel **channels (instead of Channel *channels), fixes realloc problems. channel_new now returns a Channel *, favour Channel * over channel id. remove old channel_allocate interface.
2001-04-13 - 2001/04/13 22:46:54Ben Lindstrom
[channels.c channels.h servconf.c servconf.h serverloop.c sshd.8] Add options ClientAliveInterval and ClientAliveCountMax to sshd. This gives the ability to do a "keepalive" via the encrypted channel which can't be spoofed (unlike TCP keepalives). Useful for when you want to use ssh connections to authenticate people for something, and know relatively quickly when they are no longer authenticated. Disabled by default (of course). ok markus@
2001-04-08 - 2001/04/07 08:55:18Ben Lindstrom
[buffer.c channels.c channels.h readconf.c ssh.c] allow the ssh client act as a SOCKS4 proxy (dynamic local portforwarding). work by Dan Kaminsky <> and me. thanks to Dan for this great patch: use 'ssh -D 1080 host' and make netscape use localhost:1080 as a socks proxy.
2001-04-04 - 2001/04/04 20:25:38Ben Lindstrom
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c] more robust rekeying don't send channel data after rekeying is started.
2001-03-17 - 2001/03/16 19:06:30Ben Lindstrom
[auth-options.c channels.c channels.h serverloop.c session.c] implement "permitopen" key option, restricts -L style forwarding to to specified host:port pairs. based on work by
2001-02-16 - (djm) OpenBSD CVS:Damien Miller
- 2001/02/15 16:19:59 [channels.c channels.h serverloop.c sshconnect.c sshconnect.h] [sshconnect1.c sshconnect2.c] genericize password padding function for SSH1 and SSH2. add stylized echo to 2, too. - (djm) Add roundup() macro to defines.h
2001-02-05 - 2001/01/31 13:37:24Kevin Steves
[channels.c channels.h serverloop.c ssh.c] do not disconnect if local port forwarding fails, e.g. if port is already in use - 2001/02/01 14:58:09 [channels.c] use ipaddr in channel messages, ietf-secsh wants this - 2001/01/31 12:26:20 [channels.c] does not send additional info in CHANNEL_OPEN_FAILURE messages; bug report from
2001-01-30 - (djm) OpenBSD CVS Sync:Damien Miller
- 2001/01/29 09:55:37 [channels.c channels.h clientloop.c serverloop.c] fix select overflow; ok deraadt@ and stevesk@
- (bal) OpenSSH CVS updates:
- (bal) OpenSSH CVS updates: - 2000/12/05 20:34:09 [channels.c channels.h clientloop.c serverloop.c] async connects for -R/-L; ok deraadt@ - 2000/12/05 16:47:28 [sshd.c] tweak comment to reflect real location of pid file; ok provos@
2000-11-13 - (djm) Merge OpenBSD changes:Damien Miller
- 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from - 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from - 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from - 2000/11/09 18:04:40 [auth1.c] typo; from - 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version
2000-10-28 - (djm) Sync with OpenBSD:Damien Miller
- 2000/10/16 15:46:32 [ssh.1] fixes from - 2000/10/17 14:28:11 [atomicio.c] return number of characters processed; ok deraadt@ - 2000/10/18 12:04:02 [atomicio.c] undo - 2000/10/18 12:23:02 [scp.c] replace atomicio(read,...) with read(); ok deraadt@ - 2000/10/18 12:42:00 [session.c] restore old record login behaviour - 2000/10/19 10:41:13 [auth-skey.c] fmt string problem in unused code - 2000/10/19 10:45:16 [sshconnect2.c] don't reference freed memory. okay deraadt@ - 2000/10/21 11:04:23 [canohost.c] typo,; ok niels@ - 2000/10/23 13:31:55 [cipher.c] non-alignment dependent swap_bytes(); from - 2000/10/26 12:38:28 [compat.c] add older vandyke products - 2000/10/27 01:32:19 [channels.c channels.h clientloop.c serverloop.c session.c] [ssh.c util.c] enable non-blocking IO on channels, and tty's (except for the client ttys). - 2000/10/27 01:48:22 channels.c channels.h clientloop.c deny agent/x11 forwarding unless requested; thanks to
2000-09-23 - (djm) OpenBSD CVS sync:Damien Miller
- 2000/09/17 09:38:59 [sshconnect2.c sshd.c] fix DEBUG_KEXDH - 2000/09/17 09:52:51 [sshconnect.c] yes no; ok niels@ - 2000/09/21 04:55:11 [sshd.8] typo - 2000/09/21 05:03:54 [serverloop.c] typo - 2000/09/21 05:11:42 scp.c utime() to utimes(); - 2000/09/21 05:25:08 sshconnect2.c change login logic in ssh2, allows plugin of other auth methods - 2000/09/21 05:25:35 [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h] [serverloop.c] add context to dispatch_run - 2000/09/21 05:07:52 authfd.c authfd.h ssh-agent.c bug compat for old software