mouring [Sat, 17 Mar 2001 00:47:54 +0000 (00:47 +0000)]
- markus@cvs.openbsd.org 2001/03/16 19:06:30
[auth-options.c channels.c channels.h serverloop.c session.c]
implement "permitopen" key option, restricts -L style forwarding to
to specified host:port pairs. based on work by harlan@genua.de
mouring [Sat, 17 Mar 2001 00:34:46 +0000 (00:34 +0000)]
- djm@cvs.openbsd.org 2001/03/16 08:16:18
[sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
Revise globbing for get/put to be more shell-like. In particular,
"get/put file* directory/" now works. ok markus@
djm [Wed, 14 Mar 2001 00:39:45 +0000 (00:39 +0000)]
- (djm) Add replacement glob() from OpenBSD libc if the system glob is
missing or lacks the GLOB_ALTDIRFUNC extension
- (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
relatively. Avoids conflict between glob.h and /usr/include/glob.h
mouring [Mon, 12 Mar 2001 03:02:17 +0000 (03:02 +0000)]
- markus@cvs.openbsd.org 2001/03/11 22:33:24
[ssh-keygen.1 ssh-keygen.c]
remove -v again. use -B instead for bubblebabble. make -B consistent
with -l and make -B work with /path/to/known_hosts. ok deraadt@
mouring [Sun, 11 Mar 2001 20:05:19 +0000 (20:05 +0000)]
- jakob@cvs.openbsd.org 2001/03/11 15:04:16
[ssh-keygen.1 ssh-keygen.c]
print both md5, sha1 and bubblebabble fingerprints when using
ssh-keygen -l -v. ok markus@.
mouring [Sun, 11 Mar 2001 20:03:44 +0000 (20:03 +0000)]
- jakob@cvs.openbsd.org 2001/03/11 15:03:16
[key.c key.h]
add improved fingerprint functions. based on work by Carsten
Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
mouring [Sat, 10 Mar 2001 17:22:20 +0000 (17:22 +0000)]
- deraadt@cvs.openbsd.org 2001/03/10 15:31:00
[compat.c compat.h sshconnect.c]
all known netscreen ssh versions, and older versions of OSU ssh cannot
handle password padding (newer OSU is fixed)
mouring [Fri, 9 Mar 2001 00:12:22 +0000 (00:12 +0000)]
- markus@cvs.openbsd.org 2001/03/08 21:42:33
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
no need to do enter passphrase or do expensive sign operations if the
server does not accept key).
mouring [Thu, 8 Mar 2001 03:39:10 +0000 (03:39 +0000)]
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/08 00:15:48
[readconf.c ssh.1]
turn off useprivilegedports by default. only rhost-auth needs
this. older sshd's may need this, too.
djm [Wed, 7 Mar 2001 23:08:49 +0000 (23:08 +0000)]
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2001/03/07 10:11:23
[sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
functions and small protocol change.
mouring [Tue, 6 Mar 2001 01:09:20 +0000 (01:09 +0000)]
- markus@cvs.openbsd.org 2001/03/05 17:17:21
[kex.c kex.h sshconnect2.c sshd.c]
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
mouring [Mon, 5 Mar 2001 07:47:23 +0000 (07:47 +0000)]
- millert@cvs.openbsd.org 2001/03/04 17:42:28
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
ssh.c sshconnect.c sshd.c]
log functions should not be passed strings that end in newline as they
get passed on to syslog() and when logging to stderr, do_log() appends
its own newline.
mouring [Mon, 5 Mar 2001 07:04:38 +0000 (07:04 +0000)]
- millert@cvs.openbsd.org 2001/03/03 21:19:41
[ssh-keyscan.c]
Dynamically allocate read_wait and its copies. Since maxfd is
based on resource limits it is often (usually?) larger than FD_SETSIZE.
mouring [Mon, 5 Mar 2001 06:52:57 +0000 (06:52 +0000)]
- markus@cvs.openbsd.org 2001/03/01 22:46:37
[ssh.c]
don't truncate remote ssh-2 commands; from mkubita@securities.cz
use min, not max for logging, fixes overflow.
mouring [Mon, 5 Mar 2001 06:28:06 +0000 (06:28 +0000)]
- markus@cvs.openbsd.org 2001/02/28 21:27:48
[channels.c packet.c packet.h serverloop.c]
use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
use random content in ignore messages.
mouring [Mon, 5 Mar 2001 06:17:49 +0000 (06:17 +0000)]
- markus@cvs.openbsd.org 2001/02/28 09:57:07
[packet.c packet.h sshconnect2.c]
in ssh protocol v2 use ignore messages for padding (instead of
trailing \0).