Age | Commit message (Collapse) | Author |
|
|
|
TODO; cleanup headers
|
|
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)
|
|
|
|
rename util.[ch] -> misc.[ch]
|
|
|
|
with u_char.
|
|
there are now 3 types of keys: RSA1 is used by ssh-1 only,
RSA and DSA are used by SSH2.
you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
keys for SSH2 and use the RSA keys for hostkeys or for user keys.
SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
IdentityFile2, HostDsaKey and DSAAuthentication are obsolete.
you can use multiple IdentityFile and HostKey for all types of keys.
the option DSAAuthentication is replaced by PubkeyAuthetication.
|
|
the details. everything is now under Tatu's licence (which I copied from his
readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd
developers under a 2-term bsd licence. We're not changing any rules, just
being accurate.
|
|
match or no match at all
|
|
|
|
for trading keys with the real and the original SSH, directly from the
people who invented the SSH protocol.
|
|
|
|
|
|
|
|
|
|
|
|
sshd allows multiple ListenAddress and Port options. note that libwrap is
not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and
fujiwara@rcac.tdi.co.jp)
|
|
|
|
|
|
|
|
|
|
the information is contained in n and e. This solves the problem with buggy
servers announcing the wrong modulus length. markus and me.
|
|
a few more checks and warnings about 'pretended' keysizes.
|
|
|
|
the main idea is to not only store the host key for the hostname but
also for the according IP address. When we check the host key in the
known_hosts file, we also check the key against the according IP address.
When the server key changes, host_status = HOST_CHANGED. If
check_host_in_hostfile() returns differing status for the IP address
that means that either DNS was spoofed or that the IP address
for the host and the host key changed at the same time.
|
|
convert all used of rsa to SSL rsa functions
remove all use of randomstate to OpenBSD arc4random() and arc4_stir()
all this done at a long long night in Canada.
|
|
well, except for the patent issues. someone in sweden (forget their
name at the moment) cleaned out most of the patented code, and now
this code removes rsa code. when this is done, it will link against
libssl, but the work isn't completely done yet. then we need to bring
this up to modern days, featurewise.
|