path: root/servconf.h
AgeCommit message (Collapse)Author
2002-08-01 - 2002/07/30 17:03:55Ben Lindstrom
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5] add PermitUserEnvironment (off by default!); from; ok provos, deraadt
2002-06-21 - 2002/06/20 23:05:56Ben Lindstrom
[servconf.c servconf.h session.c sshd.c] allow Compression=yes/no in sshd_config
2002-03-22 - 2002/03/20 19:12:25Ben Lindstrom
[servconf.c servconf.h ssh.h sshd.c] for unprivileged user, group do: pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
2002-03-22 - 2002/03/19 03:03:43Ben Lindstrom
[pathnames.h servconf.c servconf.h sshd.c] _PATH_PRIVSEP_CHROOT_DIR; ok provos@
2002-03-22 - 2002/03/18 17:50:31Ben Lindstrom
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c session.h servconf.h serverloop.c session.c sshd.c] integrate privilege separated openssh; its turned off by default for now. work done by me and markus@ applied, but outside of ensure that smaller code bits migrated with their owners.. no work was tried to 'fix' it to work. =) Later project!
2002-03-05 - 2002/03/04 17:27:39Ben Lindstrom
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h uuencode.c xmalloc.h] $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
2002-02-05 - 2002/01/29 14:32:03Damien Miller
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config] s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 - 2002/01/27 14:57:46Damien Miller
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config] add X11UseLocalhost; ok markus@
2001-12-21 - 2001/12/19 07:18:56Damien Miller
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else
2001-12-06 - 2001/12/06 13:30:06Ben Lindstrom
[servconf.c servconf.h sshd.8 sshd.c] add -o to sshd, too. ok deraadt@ - (bal) Minor white space fix up in servconf.c
2001-09-12 - 2001/08/17 18:59:47Ben Lindstrom
[servconf.h] typo in comment
2001-09-12 - 2001/08/16 19:18:34Ben Lindstrom
[servconf.c servconf.h session.c sshd.8] deprecate CheckMail. ok markus@
2001-07-04 - (stevesk) sync servconf.h (comments)Kevin Steves
2001-07-04 - 2001/06/26 17:27:25Ben Lindstrom
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h compat.h compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h tildexpand.h uidswap.h uuencode.h xmalloc.h] remove comments from .h, since they are cut&paste from the .c files and out of sync
2001-07-04 - 2001/06/26 16:15:25Ben Lindstrom
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h servconf.c servconf.h session.c sshconnect1.c sshd.c] Kerberos v5 support for SSH1, mostly from Assar Westerlund <> and Bjorn Gronvall <>. markus@ ok
2001-07-04 - 2001/06/26 06:33:07Ben Lindstrom
[servconf.h serverloop.h session.h sftp-client.h sftp-common.h sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h tildexpand.h uidswap.h uuencode.h xmalloc.h] prototype pedant. not very creative... - () -> (void) - no variable names
2001-06-25 - 2001/06/23 02:34:33Ben Lindstrom
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1 sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8] get rid of known_hosts2, use it for hostkey lookup, but do not modify.
2001-06-05 - 2001/05/20 17:20:36Ben Lindstrom
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8 sshd_config] configurable authorized_keys{,2} location; originally from peter@; ok djm@
2001-06-05 - 2001/05/18 14:13:29Ben Lindstrom
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] improved kbd-interactive support. work by and me
2001-04-25 - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'Damien Miller
(default: off), implies KbdInteractiveAuthentication. Suggestion from markus@
2001-04-13 - 2001/04/13 22:46:54Ben Lindstrom
[channels.c channels.h servconf.c servconf.h serverloop.c sshd.8] Add options ClientAliveInterval and ClientAliveCountMax to sshd. This gives the ability to do a "keepalive" via the encrypted channel which can't be spoofed (unlike TCP keepalives). Useful for when you want to use ssh connections to authenticate people for something, and know relatively quickly when they are no longer authenticated. Disabled by default (of course). ok markus@
2001-04-12 - 2001/04/12 19:15:26Ben Lindstrom
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd_config] implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
2001-03-26 - 2001/03/25 13:16:11Ben Lindstrom
[servconf.c servconf.h session.c sshd.8 sshd_config] PrintLastLog option; from with some minor changes by me. ok markus@
2001-02-15 - 2001/02/12 16:16:23Ben Lindstrom
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h ssh-keygen.c sshd.8] PermitRootLogin={yes,without-password,forced-commands-only,no} (before this change, root could login even if PermitRootLogin==no)
2001-02-15 - 2001/02/11 12:59:25Ben Lindstrom
[ sshd.8 sshconnect2.c readconf.h readconf.c packet.c sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c] 1) clean up the MAC support for SSH-2 2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@
2001-02-04NB: big update - may break stuff. Please test!Damien Miller
- (djm) OpenBSD CVS sync: - 2001/02/03 03:08:38 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c] [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8] [sshd_config] make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@ - 2001/02/03 03:19:51 [ssh.1 sshd.8 sshd_config] Skey is now called ChallengeResponse - 2001/02/03 03:43:09 [sshd.8] use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean channel. note from (pr/1659) - 2001/02/03 10:03:06 [ssh.1] typos; ok markus@ - 2001/02/04 04:11:56 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h] [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c] Basic interactive sftp client; ok theo@ - (djm) Update RPM specs for new sftp binary - (djm) Update several bits for new optional reverse lookup stuff. I think I got them all.
2001-01-23 - 2001/01/22 23:06:39Ben Lindstrom
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] rename skey -> challenge response. auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
2001-01-19Removed one more 'ISSUE' comment in auth1.cBen Lindstrom
20010120 - (bal) OpenBSD Resync - 2001/01/19 12:45:26 [ssh-chall.c servconf.c servconf.h ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY
2001-01-09 - (bal) OpenBSD SyncBen Lindstrom
- 2001/01/08 22:29:05 [auth2.c compat.c compat.h servconf.c servconf.h sshd.8 sshd_config version.h] implement option 'Banner /etc/' for ssh2, move version to 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner is enabled). - 2001/01/08 22:03:23 [channels.c ssh-keyscan.c] O_NDELAY -> O_NONBLOCK; thanks - 2001/01/08 21:55:41 [sshconnect1.c] more cleanups and fixes from 1) try_agent_authentication() for loop will overwrite key just allocated with key_new(); don't alloc 2) call ssh_close_authentication_connection() before exit try_agent_authentication() 3) free mem on bad passphrase in try_rsa_authentication() - 2001/01/08 21:48:17 [kex.c] missing free; thanks
2000-12-22One way to massive patch. <sigh> It compiles and works under Linux..Ben Lindstrom
And I think I have all the bits right from the OpenBSD tree. 20001222 - Updated RCSID for pty.c - (bal) OpenBSD CVS Updates: - 2000/12/21 15:10:16 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - 2000/12/20 19:26:56 [authfile.c] allow ssh -i userkey for root - 2000/12/20 19:37:21 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] fix prototypes; from - 2000/12/20 19:32:08 [sshd.c] init pointer to NULL; report from - 2000/12/19 23:17:54 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char unsigned' with u_char.
2000-11-13 - (djm) Merge OpenBSD changes:Damien Miller
- 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from - 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from - 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from - 2000/11/09 18:04:40 [auth1.c] typo; from - 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version
2000-10-16 - (djm) Sync with OpenBSD:Damien Miller
- 2000/10/14 04:01:15 [cipher.c] debug3 - 2000/10/14 04:07:23 [scp.c] remove spaces from arguments; from - 2000/10/14 06:09:46 [ssh.1] Cipher is for SSH-1 only - 2000/10/14 06:12:09 [servconf.c servconf.h serverloop.c session.c sshd.8] AllowTcpForwarding; from naddy@ - 2000/10/14 06:16:56 [auth2.c compat.c compat.h sshconnect2.c version.h] OpenSSH_2.3; note that is is not complete, but the version number needs to be changed for interoperability reasons - 2000/10/14 06:19:45 [auth-rsa.c] do not send RSA challenge if key is not allowed by key-options; from - 2000/10/15 08:14:01 [rijndael.c session.c] typos; from - 2000/10/15 08:18:31 [rijndael.c] typo - Copy manpages back over from OpenBSD - too tedious to wade through diffs
2000-10-14 - (djm) Big OpenBSD sync:Damien Miller
- 2000/09/30 10:27:44 [log.c] allow loglevel debug - 2000/10/03 11:59:57 [packet.c] hmac->mac - 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private DSA keys, too. - 2000/10/09 15:32:34 auth-options.c clear options on every call. - 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <> - 2000/10/10 14:20:45 compat.c use rexexp for version string matching - 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from - 2000/10/11 14:11:35 [dh.c] Wall - 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by and me - 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - 2000/10/11 14:45:21 [cipher.c] remove DES - 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - 2000/10/12 08:21:13 [kex.h packet.c] remove unused - 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; - 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - 2000/10/13 13:10:54 [sshd.8] more info about -V - 2000/10/13 13:12:02 [myproposal.h] prefer no compression
2000-09-16 - (djm) Merge OpenBSD changes:Damien Miller
- 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - 2000/09/05 13:20:49 [sftp-server.c] cleanup - 2000/09/06 03:46:41 [authfile.h] prototype - 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - 2000/09/07 14:53:00 [scp.c] typo - 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - 2000/09/08 03:02:51 [README.openssh2] bye bye - 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - 2000/09/14 14:25:15 [clientloop.c] typo - 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately
2000-08-18 - (djm) OpenBSD CVS changes:Damien Miller
- 2000/07/22 03:14:37 [servconf.c servconf.h sshd.8 sshd.c sshd_config] random early drop; ok theo, niels - 2000/07/26 11:46:51 [ssh.1] typo - 2000/08/01 11:46:11 [sshd.8] many fixes from - 2000/08/01 13:01:42 [ util.c aux.c] rename aux.c to util.c to help with cygwin port - 2000/08/02 00:23:31 [authfd.c] correct sun_len; - 2000/08/02 10:27:17 [readconf.c sshd.8] disable kerberos authentication by default - 2000/08/02 11:27:05 [sshd.8 readconf.c auth-krb4.c] disallow kerberos authentication if we can't verify the TGT; from dugsong@ kerberos authentication is on by default only if you have a srvtab. - 2000/08/04 14:30:07 [auth.c] unused - 2000/08/04 14:30:35 [sshd_config] MaxStartups - 2000/08/15 13:20:46 [authfd.c] cleanup; ok niels@ - 2000/08/17 14:05:10 [session.c] cleanup login(1)-like jobs, no duplicate utmp entries - 2000/08/17 14:06:34 [session.c sshd.8 sshd.c] sshd -u len, similar to telnetd
2000-07-11 - (djm) OpenBSD CVS updates:Damien Miller
- 2000/06/26 03:22:29 [authfd.c] cleanup, less cut&paste - 2000/06/26 15:59:19 [servconf.c servconf.h session.c sshd.8 sshd.c] MaxStartups: limit number of unauthenticated connections, work by theo and me - 2000/07/05 14:18:07 [session.c] use no_x11_forwarding_flag correctly; provos ok - 2000/07/05 15:35:57 [sshd.c] typo - 2000/07/05 22:06:58 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8] Insert more missing .El directives. Our troff really should identify these and spit out a warning. - 2000/07/06 21:55:04 [auth-rsa.c auth2.c ssh-keygen.c] clean code is good code - 2000/07/07 02:14:29 [serverloop.c] sense of port forwarding flag test was backwards - 2000/07/08 17:17:31 [compat.c readconf.c] replace strtok with strsep; from David Young <> - 2000/07/08 19:21:15 [auth.h] KNF - 2000/07/08 19:27:33 [compat.c readconf.c] Better conditions for strsep() ending. - 2000/07/10 10:27:05 [readconf.c] Get the correct message on errors. (niels@ ok) - 2000/07/10 10:30:25 [cipher.c kex.c servconf.c] strtok() --> strsep(). (niels@ ok)
2000-06-22 - OpenBSD CVS Updates:Damien Miller
- 2000/06/18 18:50:11 [auth2.c compat.c compat.h sshconnect2.c] make userauth+pubkey interop with - 2000/06/18 20:56:17 [dsa.c] mem leak + be more paranoid in dsa_verify. - 2000/06/18 21:29:50 [key.c] cleanup fingerprinting, less hardcoded sizes - 2000/06/19 19:39:45 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] OpenBSD tag - 2000/06/21 10:46:10 sshconnect2.c missing free; nuke old comment
2000-06-18 - OpenBSD CVS updates:Damien Miller
- 2000/06/17 09:58:46 [channels.c] everyone says "nix it" (remove protocol 2 debugging message) - 2000/06/17 13:24:34 [sshconnect.c] allow extended server banners - 2000/06/17 14:30:10 [sshconnect.c] missing atomicio, typo - 2000/06/17 16:52:34 [servconf.c servconf.h session.c sshd.8 sshd_config] add support for ssh v2 subsystems. ok markus@. - 2000/06/17 18:57:48 [readconf.c servconf.c] include = in WHITESPACE; markus ok - 2000/06/17 19:09:10 [auth2.c] implement bug compatibility with ssh-2.0.13 pubkey, server side - 2000/06/17 21:00:28 [compat.c] initial support for's 2.2.0 - 2000/06/17 21:16:09 [scp.c] typo - 2000/06/17 22:05:02 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h] split auth-rsa option parsing into auth-options add options support to authorized_keys2 - 2000/06/17 22:42:54 [session.c] typo
2000-06-07 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts IIIDamien Miller
<> - (djm) OpenBSD CVS updates: - [sshconnect2.c] teach protocol v2 to count login failures properly and also enable an explanation of why the password prompt comes up again like v1; this is NOT crypto - [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] xauth_location support; pr 1234 [readconf.c sshconnect2.c] typo, unused [session.c] allow use_login only for login sessions, otherwise remote commands are execed with uid==0 [sshd.8] document UseLogin better [version.h] OpenSSH 2.1.1 [auth-rsa.c] fix match_hostname() logic for auth-rsa: deny access if we have a negative match or no match at all [channels.c hostfile.c match.c] don't panic if mkdtemp fails for authfwd; via
2000-05-07 - Remove references to SSLeay.Damien Miller
- Big OpenBSD CVS update - [clientloop.c] - typo [session.c] - update proctitle on pty alloc/dealloc, e.g. w/ windows client [session.c] - update proctitle for proto 1, too [channels.h nchan.c serverloop.c session.c sshd.c] - use c-style comments - [scp.c] - more atomicio - [channels.c] - set O_NONBLOCK [ssh.1] - update AUTHOR [readconf.c ssh-keygen.c ssh.h] - default DSA key file ~/.ssh/id_dsa [clientloop.c] - typo, rm verbose debug - [ssh-keygen.1] - document DSA use of ssh-keygen [sshd.8] - a start at describing what i understand of the DSA side [ssh-keygen.1] - document -X and -x [ssh-keygen.c] - simplify usage - [sshd.8] - there is no rhosts_dsa [ssh-keygen.1] - document -y, update -X,-x [nchan.c] - fix close for non-open ssh1 channels [servconf.c servconf.h ssh.h sshd.8 sshd.c ] - s/DsaKey/HostDSAKey/, document option [sshconnect2.c] - respect number_of_password_prompts [channels.c channels.h servconf.c servconf.h session.c sshd.8] - GatewayPorts for sshd, ok deraadt@ [ssh-add.1 ssh-agent.1 ssh.1] - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2 [ssh.1] - more info on proto 2 [sshd.8] - sync AUTHOR w/ ssh.1 [key.c key.h sshconnect.c] - print key type when talking about host keys [packet.c] - clear padding in ssh2 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h] - replace broken uuencode w/ libc b64_ntop [auth2.c] - log failure before sending the reply [key.c radix.c uuencode.c] - remote trailing comments before calling __b64_pton [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1] [sshconnect2.c sshd.8] - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-02 - OpenBSD CVS updateDamien Miller
[channels.c] - init all fds, close all fds. [sshconnect2.c] - check whether file exists before asking for passphrase [servconf.c servconf.h sshd.8 sshd.c] - PidFile, pr 1210 [channels.c] - EINTR [channels.c] - unbreak, ok niels@ [sshd.c] - unlink pid file, ok niels@ [auth2.c] - Add missing #ifdefs; ok - markus
2000-04-16 - OpenBSD CVS updates.Damien Miller
[ssh.1 ssh.c] - ssh -2 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] [session.c sshconnect.c] - check payload for (illegal) extra data [ALL] - whitespace cleanup
2000-04-12 - OpenBSD CVS updates:Damien Miller
- [channels.c] repair x11-fwd - [sshconnect.c] fix passwd prompt for ssh2, less debugging output. - [clientloop.c compat.c dsa.c kex.c sshd.c] less debugging output - [kex.c kex.h sshconnect.c sshd.c] check for reasonable public DH values - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c] [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c] add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc' - [sshd.c] print 1.99 only if server supports both
2000-04-12 - More large OpenBSD CVS updates:Damien Miller
- [auth.c auth.h servconf.c servconf.h serverloop.c session.c] [session.h ssh.h sshd.c README.openssh2] ssh2 server side, see README.openssh2; enable with 'sshd -2' - [channels.c] no adjust after close - [sshd.c compat.c ] interop w/ latest windows client.
2000-01-14 - Merged OpenBSD IPv6 patch:Damien Miller
- [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1] [scp.c packet.h packet.c login.c log.c canohost.c channels.c] [hostfile.c sshd_config] ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from - [ssh.c canohost.c] more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo, from itojun@ - [channels.c] listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE) - [packet.h] allow auth-kerberos for IPv4 only - [scp.1 sshd.8 servconf.h scp.c] document -4, -6, and 'ssh -L 2022/::1/22' - [ssh.c] 'ssh @host' is illegal (null user name), from - [sshconnect.c] better error message - [sshd.c] allow auth-kerberos for IPv4 only - Big IPv6 merge: - Cleanup overrun in sockaddr copying on RHL 6.1 - Replacements for getaddrinfo, getnameinfo, etc based on versions from patch from KIKUCHI Takahiro <> - Replacement for missing structures on systems that lack IPv6 - record_login needed to know about AF_INET6 addresses - Borrowed more code from OpenBSD: rresvport_af and requisites
1999-11-25 - More reformatting merged from OpenBSD CVSDamien Miller
- Merged OpenBSD CVS changes: - [channels.c] report from via - [channels.c] set SO_REUSEADDR and SO_LINGER for forwarded ports. via - [nchan.c] it's not an error() if shutdown_write failes in nchan. - [readconf.c] remove dead #ifdef-0-code - [readconf.c servconf.c] strcasecmp instead of tolower - [scp.c] progress meter overflow fix from - [ssh-add.1 ssh-add.c] SSH_ASKPASS support - [ssh.1 ssh.c] postpone fork_after_authentication until command execution, request/patch from via plus: use daemon() for backgrounding
1999-11-25 - Merged very large OpenBSD source code reformatDamien Miller
- OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race;
1999-11-12 - Merged changes from OpenBSD CVSDamien Miller
- [sshd.c] session_key_int may be zero - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config] IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok deraadt,millert - Brought default sshd_config more in line with OpenBSDs
1999-11-11 - Merged more OpenBSD CVS changes:Damien Miller
- [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal() + krb-cleanup cleanup - [clientloop.c log-client.c log-server.c ] [readconf.c readconf.h servconf.c servconf.h ] [ssh.1 ssh.c ssh.h sshd.8] add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd, obsoletes QuietMode and FascistLogging in sshd.
1999-10-27Initial revisionDamien Miller