summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/hostfile.c
AgeCommit message (Collapse)Author
2003-11-10constify. ok markus@ & djm@Jakob Schlyter
2003-04-08rename log() into logit() to avoid name conflict. markus ok, from netbsdJun-ichiro itojun Hagino
2002-07-24print out all known keys for a host if we get a unknown host key,Markus Friedl
see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4 the ssharp mitm tool attacks users in a similar way, so i'd like to pointed out again: A MITM attack is always possible if the ssh client prints: The authenticity of host 'bla' can't be established. (protocol version 2 with pubkey authentication allows you to detect MITM attacks)
2001-12-18remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@Jakob Schlyter
2001-06-25update copyright for 2001Markus Friedl
2001-06-23more strict prototypes. raise warning level in Makefile.inc. markus ok'edJun-ichiro itojun Hagino
TODO; cleanup headers
2001-04-12implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)Markus Friedl
similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
2001-04-06unused; typo in commentKevin Steves
2001-01-21split ssh.h and try to cleanup the #include mess. remove unnecessary #includes.Markus Friedl
rename util.[ch] -> misc.[ch]
2000-12-21print keyfile:line for changed hostkeys, for deraadt@; ok deraadt@Markus Friedl
2000-12-19replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned'Markus Friedl
with u_char.
2000-11-12add support for RSA to SSH2. please test.Markus Friedl
there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
2000-09-07cleanup copyright notices on all files. I have attempted to be accurate withTheo de Raadt
the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
2000-06-06fix match_hostname() logic for auth-rsa: deny access if we have a negative ↵Markus Friedl
match or no match at all
2000-04-29keysize warnings error() -> log()Markus Friedl
2000-04-26add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]Markus Friedl
for trading keys with the real and the original SSH, directly from the people who invented the SSH protocol.
2000-04-14whitespace cleanupMarkus Friedl
2000-04-12#include <ssl/foo.h> -> <openssh/foo.h>Markus Friedl
2000-03-23initial support for DSA keys. ok deraadt@, niels@Markus Friedl
2000-02-18remove unused variable 'len'. fix comments.Markus Friedl
2000-02-16remove unused variableMarkus Friedl
2000-01-04ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features:Markus Friedl
sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
1999-12-02indent, shorter warningMarkus Friedl
1999-11-24KNF, final part 3Markus Friedl
1999-11-24much more KNFTheo de Raadt
1999-11-23KNF part 1Markus Friedl
1999-11-16in known_hosts key lookup the entry for the bits does not need to match, allNiels Provos
the information is contained in n and e. This solves the problem with buggy servers announcing the wrong modulus length. markus and me.
1999-11-15the keysize of rsa-parameter 'n' is passed implizit,Markus Friedl
a few more checks and warnings about 'pretended' keysizes.
1999-11-02replace assert() with error, fatal or packet_disconnectMarkus Friedl
1999-10-03add code to detect DNS spoofing:Niels Provos
the main idea is to not only store the host key for the hostname but also for the according IP address. When we check the host key in the known_hosts file, we also check the key against the according IP address. When the server key changes, host_status = HOST_CHANGED. If check_host_in_hostfile() returns differing status for the IP address that means that either DNS was spoofed or that the IP address for the host and the host key changed at the same time.
1999-09-28convert all uses of gmp to SSL bignumNiels Provos
convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
1999-09-26i bet a lot of people didn't know what ssh 1.2.16 had a nice license.Theo de Raadt
well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 13:37:39 +0000