summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/sshd.c
AgeCommit message (Expand)Author
2016-02-15Add a function to enable security-related malloc_options. With and okDarren Tucker
2016-01-29Allow RekeyLimits in excess of 4G up to 2**63 bits (limited by the returnDarren Tucker
2016-01-14remove roaming support; ok djm@Markus Friedl
2015-12-10Remove NULL-checks before free().mmcc
2015-12-04implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)Markus Friedl
2015-11-16always call privsep_preauth_child() regardless of whether sshdDamien Miller
2015-09-04Plug minor memory leaks when options are used more than once. bz#2182,Darren Tucker
2015-08-20Do not cast result of malloc/calloc/realloc* if stdlib.h is in scopeTheo de Raadt
2015-07-30Allow ssh_config and sshd_config kex parameters options be prefixedDamien Miller
2015-07-17fix incorrect test for SSH1 keys when compiled without SSH1 supportDamien Miller
2015-07-15fix NULL-deref when SSH1 reenabledDamien Miller
2015-07-10Turn off DSA by default; add HostKeyAlgorithms to the server andMarkus Friedl
2015-07-03refuse to generate or accept RSA keys smaller than 1024 bits;Damien Miller
2015-07-03turn off 1024 bit diffie-hellman-group1-sha1 key exchange methodDamien Miller
2015-07-03delete support for legacy v00 certificates; "sure" markus@ dtucker@Damien Miller
2015-05-24add missing 'c' option to getopt(), case statement was alreadyDamien Miller
2015-05-21add AuthorizedPrincipalsCommand that allows getting authorized_principalsDamien Miller
2015-04-27allow "sshd -f none" to skip reading the config file, much likeDamien Miller
2015-04-15Plug leak of address passed to logging. bz#2373, patch from jjelen at redhat,Darren Tucker
2015-04-10Don't send hostkey advertisments (hostkeys-00@openssh.com) to currentDarren Tucker
2015-03-31don't fatal when a !ssh1 sshd is reexeced from a w/ssh1 listener;Damien Miller
2015-02-20UpdateHostKeys fixes:Damien Miller
2015-02-16partial backout of:Damien Miller
2015-02-16Revise hostkeys@openssh.com hostkey learning extension.Damien Miller
2015-01-31Let sshd load public host keys even when private keys are missing.Damien Miller
2015-01-26correctly match ECDSA subtype (== curve) for offered/receviedDamien Miller
2015-01-26Host key rotation support.Damien Miller
2015-01-20Reduce use of <sys/param.h> and transition to <limits.h> throughout.Theo de Raadt
2015-01-20kex_setup errors are fatal()Markus Friedl
2015-01-19store compat flags in struct ssh; ok djm@Markus Friedl
2015-01-19adapt kex to sshbuf and struct ssh; ok djm@Markus Friedl
2015-01-19update packet.c & isolate, introduce struct sshMarkus Friedl
2015-01-17fix hostkeys on ssh agent; found by unit test I'm about to commitDamien Miller
2015-01-14move authfd.c and its tentacles to the new buffer/key API;Damien Miller
2015-01-07workaround for the Meyer, et al, Bleichenbacher Side Channel Attack.Ted Unangst
2014-12-22make internal handling of filename arguments of "none" more consistentDamien Miller
2014-12-11explicitly include sys/param.h in files that use the howmany() macro;Damien Miller
2014-07-15Add support for Unix domain socket forwarding. A remote TCP portTodd C. Miller
2014-06-24New key API: refactor key-related functions to be more library-like,Damien Miller
2014-04-29make compiling against OpenSSL optional (make OPENSSL=no);Markus Friedl
2014-04-19Delete futile calls to RAND_seed. ok djmTed Unangst
2014-04-18OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connectionsDamien Miller
2014-04-12avoid crash at exit: check that pmonitor!=NULL before dereferencing;Damien Miller
2014-03-27disable weak proposals in sshd, but keep them in ssh; ok djm@Markus Friedl
2014-03-26remove libwrap support. ok deraadt djm mfriedlTed Unangst
2014-02-26ssh_gssapi_prepare_supported_oids needs GSSAPIMarkus Friedl
2014-02-26bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsepDamien Miller
2014-02-02convert memset of potentially-private data to explicit_bzero()Damien Miller
2014-01-31replace most bzero with explicit_bzero, except a few that cna be memsetTed Unangst
2014-01-29use kill(0, ...) instead of killpg(0, ...); on most operating systemsDamien Miller