]>
andersk Git - openssh.git/log
mouring [Tue, 6 Mar 2001 01:09:20 +0000 (01:09 +0000)]
- markus@cvs.openbsd.org 2001/03/05 17:17:21
[kex.c kex.h sshconnect2.c sshd.c]
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
mouring [Tue, 6 Mar 2001 01:06:58 +0000 (01:06 +0000)]
- deraadt@cvs.openbsd.org 2001/03/05 16:07:15
[sshd.8]
detail default hmac setup too
mouring [Tue, 6 Mar 2001 01:05:23 +0000 (01:05 +0000)]
- deraadt@cvs.openbsd.org 2001/03/05 15:56:16
[myproposal.h ssh.1]
switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
provos & markus ok
mouring [Tue, 6 Mar 2001 01:02:41 +0000 (01:02 +0000)]
- stevesk@cvs.openbsd.org 2001/03/05 15:44:51
[servconf.c]
sync error message; ok markus@
mouring [Tue, 6 Mar 2001 01:00:03 +0000 (01:00 +0000)]
- deraadt@cvs.openbsd.org 2001/03/05 14:28:47
[sshd.8]
alpha order; jcs@rt.fm
stevesk [Mon, 5 Mar 2001 19:50:57 +0000 (19:50 +0000)]
- (stevesk) sftp.c: handle __progname
stevesk [Mon, 5 Mar 2001 19:46:37 +0000 (19:46 +0000)]
- (stevesk) OpenBSD sync:
- deraadt@cvs.openbsd.org 2001/03/05 08:37:27
[ssh-keyscan.c]
skip inlining, why bother
djm [Mon, 5 Mar 2001 12:33:24 +0000 (12:33 +0000)]
more
djm [Mon, 5 Mar 2001 10:23:31 +0000 (10:23 +0000)]
- (djm) Fix up LOG_AUTHPRIV for systems that have it
mouring [Mon, 5 Mar 2001 08:18:17 +0000 (08:18 +0000)]
Temporary disable AUTHPRIV code until it's fixed. It is broken. =(
mouring [Mon, 5 Mar 2001 08:16:54 +0000 (08:16 +0000)]
- (bal) Fix up logging since it changed. removed log-*.c
mouring [Mon, 5 Mar 2001 07:57:09 +0000 (07:57 +0000)]
- (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
mouring [Mon, 5 Mar 2001 07:51:52 +0000 (07:51 +0000)]
Oops.. Reverted CVS ID.
mouring [Mon, 5 Mar 2001 07:48:45 +0000 (07:48 +0000)]
- deraadt@cvs.openbsd.org 2001/03/04 18:21:28
[sshd.8]
list SSH2 ciphers
mouring [Mon, 5 Mar 2001 07:47:23 +0000 (07:47 +0000)]
- millert@cvs.openbsd.org 2001/03/04 17:42:28
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
ssh.c sshconnect.c sshd.c]
log functions should not be passed strings that end in newline as they
get passed on to syslog() and when logging to stderr, do_log() appends
its own newline.
mouring [Mon, 5 Mar 2001 07:43:27 +0000 (07:43 +0000)]
- stevesk@cvs.openbsd.org 2001/03/04 12:54:04
[sshd.8]
spelling
mouring [Mon, 5 Mar 2001 07:42:03 +0000 (07:42 +0000)]
- stevesk@cvs.openbsd.org 2001/03/04 11:16:06
[servconf.c sshd.8]
kill obsolete RandomSeed; ok markus@ deraadt@
mouring [Mon, 5 Mar 2001 07:40:40 +0000 (07:40 +0000)]
- stevesk@cvs.openbsd.org 2001/03/04 11:04:41
[sshd.8]
small cleanup and clarify for PermitRootLogin; ok markus@
mouring [Mon, 5 Mar 2001 07:39:01 +0000 (07:39 +0000)]
- stevesk@cvs.openbsd.org 2001/03/04 10:57:53
[ssh.c]
add -m to usage; ok markus@
mouring [Mon, 5 Mar 2001 07:33:14 +0000 (07:33 +0000)]
- (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
mouring [Mon, 5 Mar 2001 07:27:13 +0000 (07:27 +0000)]
- markus@cvs.openbsd.org 2001/03/04 00:03:59
[channels.c]
debug1->2
mouring [Mon, 5 Mar 2001 07:24:46 +0000 (07:24 +0000)]
- markus@cvs.openbsd.org 2001/03/03 23:59:34
[log.c ssh.c]
log*.c -> log.c
mouring [Mon, 5 Mar 2001 07:10:47 +0000 (07:10 +0000)]
- markus@cvs.openbsd.org 2001/03/03 23:52:22
[sftp.c]
clean up arg processing. based on work by Christophe_Moret@hp.com
mouring [Mon, 5 Mar 2001 07:09:11 +0000 (07:09 +0000)]
- deraadt@cvs.openbsd.org 2001/03/03 22:07:50
[sftp-server.c]
KNF
mouring [Mon, 5 Mar 2001 07:07:49 +0000 (07:07 +0000)]
- millert@cvs.openbsd.org 2001/03/03 21:41:07
[packet.c]
Dynamically allocate fd_set; deraadt@ OK
mouring [Mon, 5 Mar 2001 07:06:12 +0000 (07:06 +0000)]
- millert@cvs.openbsd.org 2001/03/03 21:40:30
[sftp-server.c]
Dynamically allocate fd_set; deraadt@ OK
mouring [Mon, 5 Mar 2001 07:04:38 +0000 (07:04 +0000)]
- millert@cvs.openbsd.org 2001/03/03 21:19:41
[ssh-keyscan.c]
Dynamically allocate read_wait and its copies. Since maxfd is
based on resource limits it is often (usually?) larger than FD_SETSIZE.
mouring [Mon, 5 Mar 2001 07:01:18 +0000 (07:01 +0000)]
- deraadt@cvs.openbsd.org 2001/03/03 06:53:12
[ssh-keyscan.c]
standard theo sweep
mouring [Mon, 5 Mar 2001 06:59:27 +0000 (06:59 +0000)]
- deraadt@cvs.openbsd.org 2001/03/02 18:54:31
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
make copyright lines the same format
mouring [Mon, 5 Mar 2001 06:57:23 +0000 (06:57 +0000)]
- deraadt@cvs.openbsd.org 2001/03/02 09:42:49
[sshd.8]
doc the dsa/rsa key pair files
mouring [Mon, 5 Mar 2001 06:55:18 +0000 (06:55 +0000)]
- deraadt@cvs.openbsd.org 2001/03/02 06:21:01
[sshd.8]
explain SIGHUP better
mouring [Mon, 5 Mar 2001 06:52:57 +0000 (06:52 +0000)]
- markus@cvs.openbsd.org 2001/03/01 22:46:37
[ssh.c]
don't truncate remote ssh-2 commands; from mkubita@securities.cz
use min, not max for logging, fixes overflow.
mouring [Mon, 5 Mar 2001 06:50:47 +0000 (06:50 +0000)]
- deraadt@cvs.openbsd.org 2001/03/01 03:38:33
[cli.c cli.h rijndael.h ssh-keyscan.1]
copyright notices on all source files
mouring [Mon, 5 Mar 2001 06:47:00 +0000 (06:47 +0000)]
- deraadt@cvs.openbsd.org 2001/03/01 02:45:10
[auth-rsa.c auth2.c deattack.c packet.c]
KNF
mouring [Mon, 5 Mar 2001 06:45:21 +0000 (06:45 +0000)]
- deraadt@cvs.openbsd.org 2001/03/01 02:29:04
[ssh.c]
shorten usage by a line
mouring [Mon, 5 Mar 2001 06:42:58 +0000 (06:42 +0000)]
- (bal) CVS ID touch up on uuencode.c
mouring [Mon, 5 Mar 2001 06:35:29 +0000 (06:35 +0000)]
- (bal) CVS ID touch up on sftp-int.c
mouring [Mon, 5 Mar 2001 06:33:23 +0000 (06:33 +0000)]
- deraadt@cvs.openbsd.org 2001/03/01 02:11:25
[authfd.c]
split line so that p will have an easier time next time around
mouring [Mon, 5 Mar 2001 06:29:44 +0000 (06:29 +0000)]
- markus@cvs.openbsd.org 2001/02/28 21:31:32
[channels.c]
typo
mouring [Mon, 5 Mar 2001 06:28:06 +0000 (06:28 +0000)]
- markus@cvs.openbsd.org 2001/02/28 21:27:48
[channels.c packet.c packet.h serverloop.c]
use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
use random content in ignore messages.
mouring [Mon, 5 Mar 2001 06:25:23 +0000 (06:25 +0000)]
- markus@cvs.openbsd.org 2001/02/28 21:21:41
[sshd.c]
generate a fake session id, too
mouring [Mon, 5 Mar 2001 06:22:01 +0000 (06:22 +0000)]
- deraadt@cvs.openbsd.org 2001/02/28 17:52:54
[misc.c]
for completeness, copy pw_gecos too
mouring [Mon, 5 Mar 2001 06:20:14 +0000 (06:20 +0000)]
- markus@cvs.openbsd.org 2001/02/28 12:55:07
[channels.c]
unify debug messages
mouring [Mon, 5 Mar 2001 06:17:49 +0000 (06:17 +0000)]
- markus@cvs.openbsd.org 2001/02/28 09:57:07
[packet.c packet.h sshconnect2.c]
in ssh protocol v2 use ignore messages for padding (instead of
trailing \0).
mouring [Mon, 5 Mar 2001 06:16:11 +0000 (06:16 +0000)]
- markus@cvs.openbsd.org 2001/02/28 08:54:55
[channels.c nchan.c nchan.h]
make sure remote stderr does not get truncated.
remove closed fd's from the select mask.
mouring [Mon, 5 Mar 2001 06:14:02 +0000 (06:14 +0000)]
- markus@cvs.openbsd.org 2001/02/28 08:45:39
[clientloop.c]
fix byte counts for ssh protocol v1
mouring [Mon, 5 Mar 2001 06:12:01 +0000 (06:12 +0000)]
- deraadt@cvs.openbsd.org 2001/02/28 05:36:28
[sftp.c]
do not kill the subprocess on termination (we will see if this helps
things or hurts things)
mouring [Mon, 5 Mar 2001 06:09:31 +0000 (06:09 +0000)]
- deraadt@cvs.openbsd.org 2001/02/28 05:34:28
[misc.c]
pull in protos
mouring [Mon, 5 Mar 2001 06:08:19 +0000 (06:08 +0000)]
- markus@cvs.openbsd.org 2001/02/27 11:00:11
[compat.c]
support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
mouring [Mon, 5 Mar 2001 06:07:00 +0000 (06:07 +0000)]
- markus@cvs.openbsd.org 2001/02/27 10:35:27
[packet.c]
fix random padding
mouring [Mon, 5 Mar 2001 06:05:35 +0000 (06:05 +0000)]
- deraadt@cvs.openbsd.org 2001/02/24 10:37:26
[sshd_config]
ssh2 rsa key before dsa key
mouring [Mon, 5 Mar 2001 06:03:03 +0000 (06:03 +0000)]
- deraadt@cvs.openbsd.org 2001/02/24 10:37:55
[readconf.c]
look for id_rsa by default, before id_dsa
mouring [Mon, 5 Mar 2001 06:00:29 +0000 (06:00 +0000)]
- markus@cvs.openbsd.org 2001/02/23 18:15:13
[sshd.c]
the random session key depends now on the session_key_int
sent by the 'attacker'
dig1 = md5(cookie|session_key_int);
dig2 = md5(dig1|cookie|session_key_int);
fake_session_key = dig1|dig2;
this change is caused by a mail from anakin@pobox.com
patch based on discussions with my german advisor niels@openbsd.org
mouring [Mon, 5 Mar 2001 05:58:23 +0000 (05:58 +0000)]
- markus@cvs.openbsd.org 2001/02/23 15:34:53
[serverloop.c]
debug2->3
mouring [Mon, 5 Mar 2001 05:56:40 +0000 (05:56 +0000)]
- markus@cvs.openbsd.org 2001/02/22 21:59:44
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
use pwcopy in ssh.c, too
mouring [Mon, 5 Mar 2001 05:49:29 +0000 (05:49 +0000)]
- markus@cvs.openbsd.org 2001/02/22 21:57:27
[ssh.1 sshd.8]
typos/grammar from matt@anzen.com
mouring [Mon, 5 Mar 2001 05:17:18 +0000 (05:17 +0000)]
- deraadt@cvs.openbsd.org 2001/02/22 18:09:06
[sshd_config]
activate RSA 2 key
mouring [Mon, 5 Mar 2001 05:13:38 +0000 (05:13 +0000)]
- deraadt@cvs.openbsd.org 2001/02/22 08:03:51
[ssh-keygen.1 ssh-keygen.c]
bye bye -d
mouring [Mon, 5 Mar 2001 05:10:52 +0000 (05:10 +0000)]
- deraadt@cvs.openbsd.org 2001/02/22 06:43:55
[ssh-keygen.1 ssh-keygen.c]
document -d, and -t defaults to rsa1
mouring [Mon, 5 Mar 2001 05:07:52 +0000 (05:07 +0000)]
- deraadt@cvs.openbsd.org 2001/02/22 04:29:37
[servconf.c]
grammar; slade@shore.net
mouring [Mon, 5 Mar 2001 05:04:57 +0000 (05:04 +0000)]
- stevesk@cvs.openbsd.org 2001/02/21 21:14:04
[ssh.c]
-i supports DSA identities now; ok markus@
mouring [Mon, 5 Mar 2001 05:02:08 +0000 (05:02 +0000)]
- deraadt@cvs.openbsd.org 2001/02/21 09:12:56
[sftp-server.c]
careful with & and &&; markus ok
mouring [Mon, 5 Mar 2001 04:59:27 +0000 (04:59 +0000)]
- deraadt@cvs.openbsd.org 2001/02/21 09:05:54
[authfile.c]
improve fd handling
mouring [Mon, 5 Mar 2001 04:54:49 +0000 (04:54 +0000)]
- deraadt@cvs.openbsd.org 2001/02/21 07:37:04
[ssh-keyscan.c]
inline -> __inline__, and some indent
mouring [Mon, 5 Mar 2001 04:47:55 +0000 (04:47 +0000)]
- deraadt@cvs.openbsd.org 2001/02/17 23:48:48
[sshd.8]
it's the OpenSSH one
mouring [Mon, 5 Mar 2001 03:53:02 +0000 (03:53 +0000)]
- (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
mouring [Sat, 3 Mar 2001 21:43:19 +0000 (21:43 +0000)]
- (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
give Mark Roth credit for mdoc2man.pl
mouring [Sat, 3 Mar 2001 21:37:50 +0000 (21:37 +0000)]
- (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
djm [Sat, 3 Mar 2001 13:29:20 +0000 (13:29 +0000)]
- Allow PRNGd entropy collection from localhost TCP socket. Replace
"--with-egd-pool" configure option with "--with-prngd-socket" and
"--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE>
djm [Sat, 3 Mar 2001 13:19:00 +0000 (13:19 +0000)]
mode doc
djm [Sat, 3 Mar 2001 13:16:20 +0000 (13:16 +0000)]
- Document PAM ChallengeResponseAuthentication in sshd.8
- Disable and comment ChallengeResponseAuthentication in sshd_config
djm [Sat, 3 Mar 2001 09:00:36 +0000 (09:00 +0000)]
- Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
djm [Thu, 1 Mar 2001 00:09:42 +0000 (00:09 +0000)]
- (djm) Released 2.5.1p2
djm [Wed, 28 Feb 2001 22:48:13 +0000 (22:48 +0000)]
- (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen
<vinschen@redhat.com>
djm [Wed, 28 Feb 2001 22:18:57 +0000 (22:18 +0000)]
- (djm) Force standard PAM conversation function in a few more places.
Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
<nalin@redhat.com>
djm [Wed, 28 Feb 2001 22:16:11 +0000 (22:16 +0000)]
- (djm) Properly add -lcrypt if needed.
djm [Wed, 28 Feb 2001 01:51:18 +0000 (01:51 +0000)]
- (djm) Remove /tmp from EGD socket search list
djm [Wed, 28 Feb 2001 01:49:38 +0000 (01:49 +0000)]
- (djm) EGD detection patch from Tim Rice <tim@multitalents.net>
djm [Wed, 28 Feb 2001 00:48:06 +0000 (00:48 +0000)]
- (djm) Fully revert PAM session patch (again). All PAM session init is
now done before the final fork().
djm [Wed, 28 Feb 2001 00:46:11 +0000 (00:46 +0000)]
- (djm) Fully revert PAM session patch. All PAM session init is now done
before the final fork().
djm [Tue, 27 Feb 2001 21:14:22 +0000 (21:14 +0000)]
- (djm) Detect endianness in configure and use it in rijndael.c. Fixes
"Bad packet length" bugs.
djm [Tue, 27 Feb 2001 03:42:58 +0000 (03:42 +0000)]
doh
djm [Tue, 27 Feb 2001 03:42:48 +0000 (03:42 +0000)]
- (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice
<tim@multitalents.net>
- (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice
<tim@multitalents.net>
djm [Tue, 27 Feb 2001 03:03:30 +0000 (03:03 +0000)]
- (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller
<markm@swoon.net>
djm [Tue, 27 Feb 2001 00:00:52 +0000 (00:00 +0000)]
avoid warning
djm [Mon, 26 Feb 2001 23:53:00 +0000 (23:53 +0000)]
- (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This
change is being made as 2.5.x configfiles are not back-compatible with
2.3.x.
djm [Mon, 26 Feb 2001 23:48:01 +0000 (23:48 +0000)]
- (djm) Fix PAM fix
djm [Mon, 26 Feb 2001 23:45:20 +0000 (23:45 +0000)]
Bump spec versions too
djm [Mon, 26 Feb 2001 23:39:16 +0000 (23:39 +0000)]
Bump version to 2.5.1p2 so I can generate new test RPMs
djm [Mon, 26 Feb 2001 22:47:16 +0000 (22:47 +0000)]
- (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
<markm@swoon.net>
djm [Mon, 26 Feb 2001 22:28:23 +0000 (22:28 +0000)]
- (djm) Move PAM init to after fork for non-Solaris derived PAMs
djm [Mon, 26 Feb 2001 22:20:57 +0000 (22:20 +0000)]
- (djm) fatal() on OpenSSL version mismatch
djm [Mon, 26 Feb 2001 22:20:48 +0000 (22:20 +0000)]
whitspace
mouring [Mon, 26 Feb 2001 22:11:59 +0000 (22:11 +0000)]
Second Ooops... =) I started with the wrong date.
djm [Mon, 26 Feb 2001 22:05:38 +0000 (22:05 +0000)]
doh
djm [Mon, 26 Feb 2001 21:39:07 +0000 (21:39 +0000)]
- (djm) Fix up POSIX saved uid support. Report from Mark Miller
<markm@swoon.net>
- (djm) Search for -lcrypt on FreeBSD too
mouring [Mon, 26 Feb 2001 20:38:53 +0000 (20:38 +0000)]
- (bal) sshd.init support for all Redhat release. Patch by Jim Knoble
<jmknoble@jmknoble.cx>
mouring [Mon, 26 Feb 2001 20:13:32 +0000 (20:13 +0000)]
- markus@cvs.openbsd.org 2001/02/23 15:37:45
[session.c]
handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
mouring [Mon, 26 Feb 2001 20:04:45 +0000 (20:04 +0000)]
- (bal) Applied shutdown() patch for sftp.c by Corinna Vinschen
<vinschen@redhat.com>
djm [Mon, 26 Feb 2001 09:49:58 +0000 (09:49 +0000)]
- (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
Based on patch from Tim Rice <tim@multitalents.net>
This page took 1.678356 seconds and 4 git commands to generate.