1 Fri Nov 17 16:19:20 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi>
5 * channels.c: Commented out debugging messages about output draining.
7 * Added file OVERVIEW to give some idea about the structure of the
10 Thu Nov 16 16:40:17 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi>
12 * canohost.c (get_remote_hostname): Don't ever return NULL (causes
13 segmentation violation).
15 * sshconnect.c: Host ip address printed incorrectly with -v.
17 * Implemented SSH_TTY environment variable.
19 Wed Nov 15 01:47:40 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi>
21 * Implemented server and client option KeepAlive to specify
22 whether to set SO_KEEPALIVE. Both default to "yes"; to disable
23 keepalives, set the value to "no" in both the server and the
24 client configuration files. Updated manual pages.
26 * sshd.c: Fixed Solaris utmp problem: wrong pid stored in utmp
27 (patch from Petri Virkkula <argon@bat.cs.hut.fi>).
29 * login.c (record_logout): Fixed removing user from utmp on BSD
30 (with HAVE_LIBUTIL_LOGIN).
32 * Added cleanup functions to be called from fatal(). Arranged for
33 utmp to be cleaned if sshd terminates by calling fatal (e.g.,
34 after dropping connection). Eliminated separate client-side
35 fatal() functions and moved fatal() to log-client.c. Made all
36 cleanups, including channel_stop_listening() and packet_close()
37 be called using this mechanism.
39 Thu Nov 9 09:58:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
41 * sshd.c: Permit immediate login with empty password only if
42 password authentication is allowed.
44 Wed Nov 8 00:43:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
46 * Eliminated unix-domain X11 forwarding. Inet-domain forwarding is
47 now the only supported form. Renamed server option
48 X11InetForwarding to X11Forwarding, and eliminated
49 X11UnixForwarding. Updated documentation. Updated RFC (marked
50 the SSH_CMSG_X11_REQUEST_FORWARDING message (code 26) as
51 obsolete, and removed all references to it). Increased protocol
52 version number to 1.3.
54 * scp.c (main): Added -B (BatchMode). Updated manual page.
56 * Cleaned up and updated all manual pages.
58 * clientloop.c: Added new escape sequences ~# (lists forwarded
59 connections), ~& (background ssh when waiting for forwarded
60 connections to terminate), ~? (list available escapes).
61 Polished the output of the connection listing. Updated
64 * uidswap.c: If _POSIX_SAVED_IDS is defined, don't change the real
65 uid. Assume that _POSIX_SAVED_IDS also applies to seteuid.
66 This may solve problems with tcp_wrappers (libwrap) showing
67 connections as coming from root.
69 Tue Nov 7 20:28:57 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
71 * Added RandomSeed server configuration option. The argument
72 specifies the location of the random seed file. Updated
75 * Locate perl5 in configure. Generate make-ssh-known-hosts (with
76 the correct path for perl5) in Makefile.in, and install it with
77 the other programs. Updated manual page.
79 * sshd.c (main): Added a call to umask to set the umask to a
82 * compress.c (buffer_compress): Fixed to follow the zlib
83 documentation (which is slightly confusing).
85 * INSTALL: Added information about Linux libc.so.4 problem.
87 Mon Nov 6 15:42:36 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
89 * (Actually autoconf fix) Installed patch to AC_ARG_PROGRAM.
91 * sshd.c, sshd.8.in: Renamed $HOME/.environment ->
92 $HOME/.ssh/environment.
94 * configure.in: Disable shadow password checking on convex.
95 Convex has /etc/shadow, but sets pw_passwd automatically if
98 * Eliminated HAVE_ETC_MASTER_PASSWD (NetBSD, FreeBSD); the
99 pw_passwd field is automatically filled if running as root.
100 Put explicit code in configure.in to prevent shadow password
101 checking on FreeBSD and NetBSD.
103 * serverloop.c (signchld_handler): Don't print error if wait
106 * Makefile.in (install): Fixed modes of data files.
108 * Makefile.in (install): Make links for slogin.1.
110 * make-ssh-known-hosts: Merged a patch from melo@ci.uminho.pt to
111 fix the ping command.
113 Fri Nov 3 16:25:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
115 * ssh.1.in: Added more information about X11 forwarding.
117 Thu Nov 2 18:42:13 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
119 * Changes to use O_NONBLOCK_BROKEN consistently.
121 * pty.c (pty_make_controlling_tty): Use setpgid instead of
124 * includes.h: Removed redundant #undefs for Ultrix and Sony News;
125 these are already handled in configure.in.
127 Tue Oct 31 13:31:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
129 * configure.in: Define SSH_WTMP to /var/adm/wtmp is wtmp not found.
131 * configure.in: Disable vhangup on Ultrix. I am told this fixes
134 Sat Oct 28 14:22:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
136 * sshconnect.c: Fixed a bug in connecting to a multi-homed host.
137 Restructured the connecting code to never try to use the same
138 socket a second time after a failed connection.
140 * Makefile.in: Added explicit -m option to install, and umask 022
141 when creating directories and the host key.
143 Fri Oct 27 01:05:10 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
145 * Makefile.in: Added cleaning of $(ZLIBDIR) to clean and distclean.
147 * login.c (get_last_login_time): Fixed a typo (define -> defined).
149 Thu Oct 26 01:28:07 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
151 * configure.in: Moved testing for ANSI C compiler after the host
152 specific code (problems on HPUX).
154 * Minor fixes to /etc/default/login stuff from Bryan O'Sullivan.
156 * Fixed .SH NAME sections in manual pages.
158 * compress.c: Trying to fix a mysterious bug in the compression
163 * scp.c: disable agent forwarding when running ssh from scp.
165 * Added compression of plaintext packets using the gzip library
166 (zlib). Client configuration options Compression and
167 CompressionLevel (1-9 as in gzip). New ssh and scp option -C
168 (to enable compression). Updated RFC.
170 Wed Oct 25 05:11:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
172 * Implemented ProxyCommand stuff based on patches from Bryan
173 O'Sullivan <bos@serpentine.com>.
175 * Merged BSD login/logout/lastlog patches from Mark Treacy
178 * sshd.c: Added chdir("/").
180 Tue Oct 24 00:29:01 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
182 * Merged RSA environment= patches from Felix Leitner
183 <leitner@prz.tu-berlin.de> with some changes.
185 * sshd.c: Made the packet code use two separate descriptors for
186 the connection (one for input, the other for output). This will
187 make future extensions easier (e.g., non-socket transports, etc.).
188 sshd -i now uses both stdin and stdout separately.
190 Mon Oct 23 21:29:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
192 * sshd.c: Merged execle -> execve patches from Mark Martinec
193 <Mark.Martinec@nsc.ijs.si>. This may help with execle bugs on
194 Convex (environment not getting passed properly). This might
195 also solve similar problems on Sonys; please test!
197 * Removed all compatibility code for protocol version 1.0.
198 THIS MEANS THAT WE ARE NO LONGER COMPATIBLE WITH SSH VERSIONS
201 * randoms.c (random_acquire_light_environmental_noise): If
202 /dev/random is available, read up to 32 bytes (256 bits) from
203 there in non-blocking mode, and mix the new random bytes into
206 * Added client configuration option StrictHostKeyChecking
207 (disabled by default). If this is enabled, the client will not
208 automatically add new host keys to $HOME/.ssh/known_hosts;
209 instead the connection will be refused if the host key is not
210 known. Similarly, if the host key has changed, the connection
211 will be refused instead if just issuing a warning. This
212 provides additional security against man-in-the-middle/trojan
213 horse attacks (especially in scripts where there is no-one to
214 see the warnings), but may be quite inconvenient in everyday
215 interactive use unless /etc/ssh_known_hosts is very complete,
216 because new host keys must now be added manually.
218 * sshconnect.c (ssh_connect): Use the user's uid when creating the
219 socket and connecting it. I am hoping that this might help with
220 tcp_wrappers showing the remote user as root.
222 * ssh.c: Try inet-domain X11 forwarding regardless of whether we
223 can get local authorization information. If we don't, we just
224 come up with fake information; the forwarding code will anyway
225 generate its own fake information and validate that the client
226 knows that information. It will then substitute our fake
227 information for that, but that info should get ignored by the
228 server if it doesn't support it.
230 * Added option BatchMode to disable password/passphrase querying
233 * auth-rh-rsa.c: Changed to use uid-swapping when reading
236 * sshd.8.in (command): Improved documentation of file permissions
239 Thu Oct 19 21:05:51 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
241 * ssh-add.c (add_file): Fixed a bug causing ssh to sometimes refer
242 to freed memory (comment -> saved_comment).
244 * log-server.c: Added a prefix to debug/warning/error/fatal
245 messages describing message types. Syslog does not include that
246 information automatically.
248 Sun Oct 8 01:56:01 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
250 * Merged /etc/default/login and MAIL environment variable changes
251 from Bryan O'Sullivan <bos@serpentine.com>.
252 - mail spool file location
253 - process /etc/default/login
254 - add HAVE_ETC_DEFAULT_LOGIN
255 - new function child_get_env and read_etc_default_login (sshd.c)
257 * ssh-add.c (add_file): Fixed asking for passphrase.
259 * Makefile.in: Fixed installing configure-generated man pages when
260 compiling in a separate object directory.
262 * sshd.c (main): Moved RSA key generation until after allocating
263 the port number. (Actually, the code got duplicated because we
264 never listen when run from inetd.)
266 * ssh.c: Fixed a problem that caused scp to hang when called with
269 Sat Oct 7 03:08:06 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
271 * Added server config option StrictModes. It specifies whether to
272 check ownership and modes of home directory and .rhosts files.
274 * ssh.c: If ssh is renamed/linked to a host name, connect to that
277 * serverloop.c, clientloop.c: Ignore EAGAIN reported on read from
278 connection. Solaris has a kernel bug which causes select() to
279 sometimes wake up even though there is no data available.
281 * Display all open connections when printing the "Waiting for
282 forwarded connections to terminate" message.
284 * sshd.c, readconf.c: Added X11InetForwarding and
285 X11UnixForwarding server config options.
287 Thu Oct 5 17:41:16 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
289 * Some more SCO fixes.
291 Tue Oct 3 01:04:34 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
293 * Fixes and cleanups in README, INSTALL, COPYING.
295 Mon Oct 2 03:36:08 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
297 * ssh-add.c (add_file): Fixed a bug in ssh-add (xfree: NULL ...).
299 * Removed .BR from ".SH NAME" in man pages.
301 Sun Oct 1 04:16:07 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
305 * configure.in: When checking that the compiler works, check that
306 it understands ANSI C prototypes.
308 * Made uidswap error message a debug() to avoid confusing errors
309 on AIX (AIX geteuid is brain-damaged and fails even for root).
311 * Fixed an error in sshd.8 (FacistLogging -> FascistLogging).
313 * Fixed distribution in Makefile.in (missing manual page .in files).
315 Sat Sep 30 17:38:46 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
317 * auth-rhosts.c: Fixed serious security problem in
318 /etc/hosts.equiv authentication.
320 Fri Sep 29 00:41:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
322 * Include machine/endian.h on Paragon.
324 * ssh-add.c (add_file): Made ssh-add keep asking for the
325 passphrase until the user just types return or cancels.
326 Make the dialog display the comment of the key.
328 * Read use shosts.equiv in addition to /etc/hosts.equiv.
330 * sshd.8 is now sshd.8.in and is processed by configure to
331 substitute the proper paths for various files. Ditto for ssh.1.
332 Ditto for make-ssh-known-hosts.1.
334 * configure.in: Moved /etc/sshd_pid to PIDDIR/sshd.pid. PIDDIR
335 will be /var/run if it exists, and ETCDIR otherwise.
337 Thu Sep 28 21:52:42 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
339 * On Ultrix, check if sys/syslog.h needs to be included in
340 addition to syslog.h.
342 * make-ssh-known-hosts.pl: Merged Kivinen's fixes for HPUX.
344 * configure.in: Put -lwrap, -lsocks, etc. at the head of LIBS.
346 * Fixed case-insensitivity in auth-rhosts.c.
348 * Added missing socketpair.c to EXTRA_SRCS (needed on SCO), plus
351 * Makefile.in: Fixed missing install_prefixes.
353 Wed Sep 27 03:57:00 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
357 * Added SOCKS support.
359 * Fixed default setting of IgnoreRhosts option.
361 * Pass the magic cookie to xauth in stdin instead of command line;
362 the command line is visible in ps.
364 * Added processing $HOME/.ssh/rc and /etc/sshrc.
366 * Added a section to sshd.8 on what happens at login time.
368 Tue Sep 26 01:27:40 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
370 * Don't define speed_t on SunOS 4.1.1; it conflicts with system
373 * Added support for .hushlogin.
375 * Added --with-etcdir.
377 * Read $HOME/.environment after /etc/environment.
379 Mon Sep 25 03:26:06 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
381 * Merged patches for SCO Unix (from Michael Henits).
383 Sun Sep 24 22:28:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
385 * Added ssh option ConnectionAttempts.
387 Sat Sep 23 12:30:15 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
389 * sshd.c: Don't print last login time and /etc/motd if a command
390 has been specified (with ssh -t host command).
392 * Added support for passing the screen number in X11 forwarding.
393 It is implemented as a compatible protocol extension, signalled
394 by SSH_PROTOFLAG_SCREEN_NUMBER by the child.
396 * clientloop.c: Fixed bugs in the order in which things were
397 processed. This may solve problems with some data not getting
398 sent to the server as soon as possible (probably solves the TCP
399 forwarding delayed close problem). Also, it looked like window
400 changes might not get transmitted as early as possible in some
403 * clientloop.c: Changed to detect window size change that
404 happened while ssh was suspended.
406 * ssh.c: Moved the do_session function (client main loop) to
407 clientloop.c. Divided it into smaller functions. General cleanup.
411 Fri Sep 22 22:07:46 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
413 * sshconnect.c (ssh_login): Made ssh_login take the options
414 structure as argument, instead of the individual arguments.
416 * auth-rhosts.c (check_rhosts_file): Added support for netgroups.
418 * auth-rhosts.c (check_rhosts_file): Added support for negated
421 Thu Sep 21 00:07:56 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
423 * auth-rhosts.c: Restructured rhosts authentication code.
424 Hosts.equiv now has same format as .rhosts: user names are allowed.
426 * Added support for the Intel Paragon.
428 * sshd.c: Don't use X11 forwarding with spoofing if no xauth
429 program. Changed configure.in to not define XAUTH_PATH if
430 there is no xauth program.
434 * sshd.c: Rewrote the code to build the environment. Now also reads
437 * sshd.c: Fixed problems in libwrap code. --with-libwrap now
438 takes optional library name/path.
442 * Define USE_PIPES by default.
444 * Added support for Univel Unixware and MachTen.
446 * Added IgnoreRhosts server option.
448 * Added USE_STRLEN_FOR_AF_UNIX; it is needed at least on MachTen.
450 Wed Sep 20 02:41:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
452 * sshd.c (do_child): don't call packet_close when /etc/nologin,
453 because packet_close does shutdown, and the message does not get
456 * pty.c (pty_allocate): Push ttcompat streams module.
458 * randoms.c (random_acquire_light_environmental_noise): Don't use
459 the second argument to gettimeofday as it is not supported on
462 * login.c (record_login): Added NULL second argument to gettimeofday.
464 Tue Sep 19 13:25:48 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
466 * fixed pclose wait() in sshd key regeneration (now only collects
467 easily available noise).
469 * configure.in: test for bsdi before bsd*.
471 * ssh.c: Don't print "Connection closed" if -q.
473 Wed Sep 13 04:19:52 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
475 * Released ssh-1.2.5.
477 * Hopefully fixed "Waiting for forwarded connections to terminate"
480 * randoms.c, md5.c: Large modifications to make these work on Cray
481 (which has no 32 bit integer type).
483 * Fixed a problem with forwarded connection closes not being
484 reported immediately.
486 * ssh.c: fixed rhosts authentication (broken by uid-swapping).
488 * scp.c: Don't use -l if server user not specified (it made
489 setting User in the configuration file not work).
491 * configure.in: don't use -pipe on BSDI.
493 * randoms.c: Major modifications to make it work without 32 bit
494 integers (e.g. Cray).
496 * md5.c: Major modifications to make it work without 32 bit
497 integers (e.g. Cray).
499 * Eliminated HPSUX_BROKEN_PTYS. The code is now enabled by
500 default on all systems.
502 Mon Sep 11 00:53:12 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
504 * sshd.c: don't include sshd pathname in log messages.
506 * Added libwrap stuff (includes support for identd).
508 * Added OSF/1 C2 extended security stuff.
510 * Fixed interactions between getuid() and uid-swap stuff.
512 Sun Sep 10 00:29:27 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
514 * serverloop.c: Don't send stdout data to client until after a few
515 milliseconds if there is very little data. This is because some
516 systems give data from pty one character at a time, which would
517 multiply data size by about 16.
519 * serverloop.c: Moved server do_session to a separate file and
520 renamed it server_loop. Split it into several functions and
521 partially rewrote it. Fixed "cat /etc/termcap | ssh foo cat" hangup.
523 * Screwed up something while checking stuff in under cvs. No harm,
524 but bogus log entries...
526 Sat Sep 9 02:24:51 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
528 * minfd.c (_get_permanent_fd): Use SHELL environment variable.
530 * channels.c (x11_create_display_inet): Created
531 HPSUX_NONSTANDARD_X11_KLUDGE; it causes DISPLAY to contain the
532 IP address of the host instead of the name, because HPSUX uses
533 some magic shared memory communication for local connections.
535 * Changed SIGHUP processing in server; it should now work multiple
538 * Added length limits in many debug/log/error/fatal calls just in
541 * login.c (get_last_login_time): Fixed location of lastlog.
543 * Rewrote all uid-swapping code. New files uidswap.h, uidswap.c.
545 * Fixed several security problems involving chmod and chgrp (race
546 conditions). Added warnings about dubious modes for /tmp/.X11-unix.
548 Fri Sep 8 20:03:36 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
550 * Changed readconf.c to never display anything from the config
551 file. This should now be prevented otherwise, but let's play safe.
553 * log-server.c: Use %.500s in syslog() just to be sure (they
554 should already be shorter than 1024 though).
556 * sshd.c: Moved setuid in child a little earlier (just to be
557 conservative, there was no security problem that I could detect).
559 * README, INSTALL: Added info about mailing list and WWW page.
561 * sshd.c: Added code to use SIGCHLD and wait zombies immediately.
563 * Merged patch to set ut_addr in utmp.
565 * Created ChangeLog and added it to Makefile.in.
567 * Use read_passphrase instead of getpass().
569 * Added SSH_FALLBACK_CIPHER. Fixed a bug in default cipher
570 selection (IDEA used to be selected even if not supported by the
573 * Use no encryption for key files if empty passphrase.
575 * Added section about --without-idea in INSTALL.
577 * Version 1.2.0 was released a couple of days ago.