src - OpenBSD base system

Age	Commit message (Collapse)	Author
2005-06-08	add ControlMaster=auto/autoask options to support opportunistic multiplexing;	Damien Miller
	tested avsm@ and jakob@, ok markus@
2005-03-01	add support for hashing host names and addresses added to known_hosts files,	Damien Miller
	to improve privacy of which hosts user have been visiting; ok markus@ deraadt@
2005-03-01	bz#413: allow optional specification of bind address for port forwardings.	Damien Miller
	Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports. ok markus@
2004-07-11	spaces	Theo de Raadt

2004-06-13	implement session multiplexing in the client (the server has supported this	Damien Miller
	since 2.0); ok markus@
2004-04-27	bz #815: implement ability to pass specified environment variables from the	Damien Miller
	client to the server; ok markus@
2004-04-18	perform strict ownership and modes checks for ~/.ssh/config files, as these	Damien Miller
	can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions
2004-03-05	add IdentitiesOnly; ok djm@, pb@	Markus Friedl

2003-12-16	application layer keep alive (ServerAliveInterval ServerAliveCountMax)	Markus Friedl
	for ssh(1), similar to the sshd(8) option; ok beck@; with help from jmc and dtucker@
2003-12-09	rename keepalive to tcpkeepalive; the old name causes too much	Markus Friedl
	confusion; ok djm, dtucker; with help from jmc@
2003-11-21	unexpand and delete whitespace at EOL; ok markus@	Damien Miller

2003-10-11	remote x11 clients are now untrusted by default, uses xauth(8) to generate	Markus Friedl
	untrusted cookies; ForwardX11Trusted=yes restores old behaviour. ok deraadt; feedback and ok djm/fries
2003-09-01	remove unused kerberos code; ok henning@	Markus Friedl

2003-08-22	support GSS API user authentication; patches from Simon Wilkinson,	Markus Friedl
	stripped down and tested by Jakob and myself.
2003-08-13	remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,	Markus Friedl
	fgsch@, miod@, henning@, jakob@ and others
2003-07-22	remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);	Markus Friedl
	test+ok henning@
2003-07-03	fix AddressFamily option in config file, from brent@graveland.net; ok markus@	Damien Miller

2003-05-15	add a ConnectTimeout option to ssh, based on patch from	Damien Miller
	Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
2003-05-15	always parse kerberos options. ok djm@ markus@	Jakob Schlyter

2003-05-14	add experimental support for verifying hos keys using DNS as described	Jakob Schlyter
	in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
2003-04-02	reapply rekeying chage, tested by henning@, ok djm@	Markus Friedl

2003-04-01	backout rekeying changes (for 3.6.1)	Markus Friedl

2003-04-01	rekeying bugfixes and automatic rekeying:	Markus Friedl
	* both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying
2002-11-07	we cannot use HostbasedAuthentication for enabling ssh-keysign(8),	Markus Friedl
	because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
2002-06-08	deprecate FallBackToRsh and UseRsh; patch from djm@	Markus Friedl

2002-03-04	$OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add	Kevin Steves
	missing RCSID() to .c files and remove dup /$OpenBSD$/ from .c files. ok markus@
2002-02-10	more /etc/ssh; openbsd@davidkrause.com	Theo de Raadt

2001-10-01	add NoHostAuthenticationForLocalhost; note that the hostkey is	Markus Friedl
	now check for localhost, too.
2001-09-19	add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@	Kevin Steves

2001-09-03	fatal() for nonexistent -Fssh_config. ok markus@	Kevin Steves

2001-08-01	use strings instead of ints for smartcard reader ids	Markus Friedl

2001-07-31	add 'SmartcardDevice' client option to specify which smartcard device is used	Jakob Schlyter
	to access a smartcard used for storing the user's private RSA key. ok markus@.
2001-06-26	remove comments from .h, since they are cut&paste from the .c files	Markus Friedl
	and out of sync
2001-06-26	Kerberos v5 support for SSH1, mostly from Assar Westerlund ↵	Dug Song
	<assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-06-26	prototype pedant. not very creative...	Jun-ichiro itojun Hagino
	- () -> (void) - no variable names
2001-05-18	improved kbd-interactive support. work by per@appgate.com and me	Markus Friedl

2001-04-30	implement 'ssh -b bind_address' like 'telnet -b'	Markus Friedl

2001-04-17	add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@	Markus Friedl

2001-04-12	implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)	Markus Friedl
	similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
2001-03-10	add PreferredAuthentications	Markus Friedl

2001-03-08	implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->	Markus Friedl
	no need to do enter passphrase or do expensive sign operations if the server does not accept key).
2001-02-11	1) clean up the MAC support for SSH-2	Markus Friedl
	2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@
2001-01-22	rename skey -> challenge response.	Markus Friedl
	auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
2000-12-27	new option: HostKeyAlias: allows the user to record the host key	Markus Friedl
	under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine.
2000-11-12	add support for RSA to SSH2. please test.	Markus Friedl
	there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
2000-10-11	add support for s/key (kbd-interactive) to ssh2, based on work by ↵	Markus Friedl
	mkiernan@avantgo.com and me
2000-09-07	cleanup copyright notices on all files. I have attempted to be accurate with	Theo de Raadt
	the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
2000-06-20	OpenBSD tag	Markus Friedl

2000-05-31	xauth_location support; pr 1234	Markus Friedl

2000-05-08	complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)	Markus Friedl