djm [Wed, 15 Mar 2006 02:02:28 +0000 (02:02 +0000)]
- (djm) [configure.ac defines.h kex.c md-sha256.c]
[openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
[openbsd-compat/sha2.c] First stab at portability glue for SHA256
KEX support, should work with libc SHA256 support or OpenSSL
EVP_sha256 if present
djm [Wed, 15 Mar 2006 01:08:28 +0000 (01:08 +0000)]
- djm@cvs.openbsd.org 2006/03/07 09:07:40
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
Implement the diffie-hellman-group-exchange-sha256 key exchange method
using the SHA256 code in libc (and wrapper to make it into an OpenSSL
EVP), interop tested against CVS PuTTY
NB. no portability bits committed yet
djm [Wed, 15 Mar 2006 01:06:41 +0000 (01:06 +0000)]
- djm@cvs.openbsd.org 2006/03/14 00:15:39
[canohost.c]
log the originating address and not just the name when a reverse
mapping check fails, requested by linux AT linuon.com
djm [Wed, 15 Mar 2006 01:06:23 +0000 (01:06 +0000)]
- dtucker@cvs.openbsd.org 2006/03/13 10:26:52
[authfile.c authfile.h ssh-add.c]
Make ssh-add check file permissions before attempting to load private
key files multiple times; it will fail anyway and this prevents confusing
multiple prompts and warnings. mindrot #1138, ok djm@
djm [Wed, 15 Mar 2006 01:05:59 +0000 (01:05 +0000)]
- dtucker@cvs.openbsd.org 2006/03/13 10:14:29
[misc.c ssh_config.5 sshd_config.5]
Allow config directives to contain whitespace by surrounding them by double
quotes. mindrot #482, man page help from jmc@, ok djm@
djm [Wed, 15 Mar 2006 01:05:40 +0000 (01:05 +0000)]
- dtucker@cvs.openbsd.org 2006/03/13 08:43:16
[ssh-keygen.c]
Make ssh-keygen handle CR and CRLF line termination when converting IETF
format keys, in adition to vanilla LF. mindrot #1157, tested by Chris
Pepper, ok djm@
djm [Wed, 15 Mar 2006 01:05:22 +0000 (01:05 +0000)]
- dtucker@cvs.openbsd.org 2006/03/13 08:33:00
[packet.c]
Set TCP_NODELAY for all connections not just "interactive" ones. Fixes
poor performance and protocol stalls under some network conditions (mindrot
bugs #556 and #981). Patch originally from markus@, ok djm@
djm [Wed, 15 Mar 2006 01:04:36 +0000 (01:04 +0000)]
- djm@cvs.openbsd.org 2006/03/13 08:16:00
[sshd.c]
don't log that we are listening on a socket before the listen() call
actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
djm [Wed, 15 Mar 2006 01:01:14 +0000 (01:01 +0000)]
- djm@cvs.openbsd.org 2006/02/28 01:10:21
[session.c]
fix logout recording when privilege separation is disabled, analysis and
patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
NB. ID sync only - patch already in portable
djm [Wed, 15 Mar 2006 00:35:54 +0000 (00:35 +0000)]
- jmc@cvs.openbsd.org 2006/02/19 19:52:10
[sshd.8]
move the sshrc stuff out of FILES, and into its own section:
FILES is not a good place to document how stuff works;
djm [Wed, 15 Mar 2006 00:32:06 +0000 (00:32 +0000)]
- jmc@cvs.openbsd.org 2006/02/13 10:16:39
[sshd.8]
no need to subsection the authorized_keys examples - instead, convert
this to look like an actual file. also use proto 2 keys, and use IETF
example addresses;
djm [Wed, 15 Mar 2006 00:30:38 +0000 (00:30 +0000)]
- djm@cvs.openbsd.org 2006/02/12 10:44:18
[readconf.c]
raise error when the user specifies a RekeyLimit that is smaller than 16
(the smallest of our cipher's blocksize) or big enough to cause integer
wraparound; ok & feedback dtucker@
djm [Wed, 15 Mar 2006 00:30:13 +0000 (00:30 +0000)]
- djm@cvs.openbsd.org 2006/02/12 06:45:34
[ssh.c ssh_config.5]
add a %l expansion code to the ControlPath, which is filled in with the
local hostname at runtime. Requested by henning@ to avoid some problems
with /home on NFS; ok dtucker@
djm [Wed, 15 Mar 2006 00:27:20 +0000 (00:27 +0000)]
- jmc@cvs.openbsd.org 2006/02/09 10:10:47
[sshd.8]
- move some text into a CAVEATS section
- merge the COMMAND EXECUTION... section into AUTHENTICATION
djm [Wed, 15 Mar 2006 00:26:55 +0000 (00:26 +0000)]
- stevesk@cvs.openbsd.org 2006/02/09 00:32:07
[includes.h]
#include <sys/endian.h> not needed; ok djm@
NB. ID Sync only - we still need this (but it may move later)
djm [Wed, 15 Mar 2006 00:24:12 +0000 (00:24 +0000)]
- stevesk@cvs.openbsd.org 2006/02/08 14:38:18
[includes.h packet.c]
move #include <netinet/in_systm.h> and <netinet/ip.h> out of
includes.h; ok markus@
dtucker [Mon, 13 Mar 2006 08:06:51 +0000 (08:06 +0000)]
- (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
since not all platforms support it. Instead, use internal equivalent while
computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf*
as it's no longer required. Tested by Bernhard Simon, ok djm@
dtucker [Fri, 3 Mar 2006 21:50:31 +0000 (21:50 +0000)]
- (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a
file rather than directory, required as Cygwin will be importing lastlog(1).
Also tightens up permissions on the file. Patch from vinschen@redhat.com.
dtucker [Mon, 20 Feb 2006 09:17:35 +0000 (09:17 +0000)]
- (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
Add optional enabling of OpenSSL's (hardware) Engine support, via
configure --with-ssl-engine. Based in part on a diff by michal at
logix.cz.