mouring [Thu, 6 Jun 2002 21:52:03 +0000 (21:52 +0000)]
- markus@cvs.openbsd.org 2002/06/05 19:57:12
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -x for lock and -X for unlocking the agent.
todo: encrypt private keys with locked...
mouring [Thu, 6 Jun 2002 21:46:57 +0000 (21:46 +0000)]
- markus@cvs.openbsd.org 2002/06/05 16:08:07
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
mouring [Thu, 6 Jun 2002 21:46:07 +0000 (21:46 +0000)]
- markus@cvs.openbsd.org 2002/06/05 16:08:07
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
mouring [Thu, 6 Jun 2002 20:58:19 +0000 (20:58 +0000)]
- markus@cvs.openbsd.org 2002/06/04 19:53:40
[monitor.c]
save the session id (hash) for ssh2 (it will be passed with the
initial sign request) and verify that this value is used during
authentication; ok provos@
mouring [Thu, 6 Jun 2002 20:55:04 +0000 (20:55 +0000)]
- markus@cvs.openbsd.org 2002/05/31 13:20:50
[ssh-rsa.c]
pad received signature with leading zeros, because RSA_verify expects
a signature of RSA_size. the drafts says the signature is transmitted
unpadded (e.g. putty does not pad), reported by anakin@pobox.com
mouring [Thu, 6 Jun 2002 20:54:07 +0000 (20:54 +0000)]
- markus@cvs.openbsd.org 2002/05/31 13:16:48
[key.c]
add comment:
key_verify returns 1 for a correct signature, 0 for an incorrect signature
and -1 on error.
mouring [Thu, 6 Jun 2002 20:51:04 +0000 (20:51 +0000)]
- markus@cvs.openbsd.org 2002/05/31 10:30:33
[sshconnect2.c]
extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@
mouring [Thu, 6 Jun 2002 20:50:07 +0000 (20:50 +0000)]
- markus@cvs.openbsd.org 2002/05/30 08:07:31
[cipher.c]
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
our own implementation. allow use of AES hardware via libcrypto,
ok deraadt@
mouring [Thu, 6 Jun 2002 20:46:25 +0000 (20:46 +0000)]
- markus@cvs.openbsd.org 2002/05/29 11:21:57
[sshd.c]
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
mouring [Thu, 6 Jun 2002 19:49:54 +0000 (19:49 +0000)]
- stevesk@cvs.openbsd.org 2002/05/16 22:09:59
[session.c ssh.c]
don't limit xauth pathlen on client side and longer print length on
server when debug; ok markus@
tim [Tue, 28 May 2002 00:37:32 +0000 (00:37 +0000)]
[configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address
build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
last monitor_fdpass.c changes that are no longer needed with new tests.
Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
mouring [Wed, 15 May 2002 16:25:01 +0000 (16:25 +0000)]
- mouring@cvs.openbsd.org 2002/05/15 15:47:49
[kex.c monitor.c monitor_wrap.c sshd.c]
'monitor' variable clashes with at least one lame platform (NeXT). i
Renamed to 'pmonitor'. provos@
- (bal) Fixed up PAM case. I think.
mouring [Wed, 15 May 2002 16:17:56 +0000 (16:17 +0000)]
- millert@cvs.openbsd.org 2002/05/13 15:53:19
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
mouring [Wed, 15 May 2002 16:16:14 +0000 (16:16 +0000)]
- markus@cvs.openbsd.org 2002/05/13 20:44:58
[auth-options.c auth.c auth.h]
move the packet_send_debug handling from auth-options.c to auth.c;
ok provos@
tim [Tue, 14 May 2002 00:07:18 +0000 (00:07 +0000)]
20020514
[sshpty.c] set tty modes when allocating old style bsd ptys to
match what newer style ptys have when allocated. Based on a patch by
Roger Cornelius <rac@tenzing.org>
[README.privsep] UnixWare 7 and OpenUNIX 8 work.
tim [Sat, 11 May 2002 20:17:42 +0000 (20:17 +0000)]
applied a rework of djm's OpenSSL search cleanup patch.
Now only searches system and /usr/local/ssl (OpenSSL's default install path)
Others must use --with-ssl-dir=....