Age | Commit message (Expand) | Author |
2015-12-04 | implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) | Markus Friedl |
2015-11-16 | always call privsep_preauth_child() regardless of whether sshd | Damien Miller |
2015-09-04 | Plug minor memory leaks when options are used more than once. bz#2182, | Darren Tucker |
2015-08-20 | Do not cast result of malloc/calloc/realloc* if stdlib.h is in scope | Theo de Raadt |
2015-07-30 | Allow ssh_config and sshd_config kex parameters options be prefixed | Damien Miller |
2015-07-17 | fix incorrect test for SSH1 keys when compiled without SSH1 support | Damien Miller |
2015-07-15 | fix NULL-deref when SSH1 reenabled | Damien Miller |
2015-07-10 | Turn off DSA by default; add HostKeyAlgorithms to the server and | Markus Friedl |
2015-07-03 | refuse to generate or accept RSA keys smaller than 1024 bits; | Damien Miller |
2015-07-03 | turn off 1024 bit diffie-hellman-group1-sha1 key exchange method | Damien Miller |
2015-07-03 | delete support for legacy v00 certificates; "sure" markus@ dtucker@ | Damien Miller |
2015-05-24 | add missing 'c' option to getopt(), case statement was already | Damien Miller |
2015-05-21 | add AuthorizedPrincipalsCommand that allows getting authorized_principals | Damien Miller |
2015-04-27 | allow "sshd -f none" to skip reading the config file, much like | Damien Miller |
2015-04-15 | Plug leak of address passed to logging. bz#2373, patch from jjelen at redhat, | Darren Tucker |
2015-04-10 | Don't send hostkey advertisments (hostkeys-00@openssh.com) to current | Darren Tucker |
2015-03-31 | don't fatal when a !ssh1 sshd is reexeced from a w/ssh1 listener; | Damien Miller |
2015-02-20 | UpdateHostKeys fixes: | Damien Miller |
2015-02-16 | partial backout of: | Damien Miller |
2015-02-16 | Revise hostkeys@openssh.com hostkey learning extension. | Damien Miller |
2015-01-31 | Let sshd load public host keys even when private keys are missing. | Damien Miller |
2015-01-26 | correctly match ECDSA subtype (== curve) for offered/recevied | Damien Miller |
2015-01-26 | Host key rotation support. | Damien Miller |
2015-01-20 | Reduce use of <sys/param.h> and transition to <limits.h> throughout. | Theo de Raadt |
2015-01-20 | kex_setup errors are fatal() | Markus Friedl |
2015-01-19 | store compat flags in struct ssh; ok djm@ | Markus Friedl |
2015-01-19 | adapt kex to sshbuf and struct ssh; ok djm@ | Markus Friedl |
2015-01-19 | update packet.c & isolate, introduce struct ssh | Markus Friedl |
2015-01-17 | fix hostkeys on ssh agent; found by unit test I'm about to commit | Damien Miller |
2015-01-14 | move authfd.c and its tentacles to the new buffer/key API; | Damien Miller |
2015-01-07 | workaround for the Meyer, et al, Bleichenbacher Side Channel Attack. | Ted Unangst |
2014-12-22 | make internal handling of filename arguments of "none" more consistent | Damien Miller |
2014-12-11 | explicitly include sys/param.h in files that use the howmany() macro; | Damien Miller |
2014-07-15 | Add support for Unix domain socket forwarding. A remote TCP port | Todd C. Miller |
2014-06-24 | New key API: refactor key-related functions to be more library-like, | Damien Miller |
2014-04-29 | make compiling against OpenSSL optional (make OPENSSL=no); | Markus Friedl |
2014-04-19 | Delete futile calls to RAND_seed. ok djm | Ted Unangst |
2014-04-18 | OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections | Damien Miller |
2014-04-12 | avoid crash at exit: check that pmonitor!=NULL before dereferencing; | Damien Miller |
2014-03-27 | disable weak proposals in sshd, but keep them in ssh; ok djm@ | Markus Friedl |
2014-03-26 | remove libwrap support. ok deraadt djm mfriedl | Ted Unangst |
2014-02-26 | ssh_gssapi_prepare_supported_oids needs GSSAPI | Markus Friedl |
2014-02-26 | bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep | Damien Miller |
2014-02-02 | convert memset of potentially-private data to explicit_bzero() | Damien Miller |
2014-01-31 | replace most bzero with explicit_bzero, except a few that cna be memset | Ted Unangst |
2014-01-29 | use kill(0, ...) instead of killpg(0, ...); on most operating systems | Damien Miller |
2014-01-27 | replace openssl MD5 with our ssh_digest_*; ok djm@ | Markus Friedl |
2014-01-09 | ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient, | Damien Miller |
2013-12-30 | refuse RSA keys from old proprietary clients/servers that use the | Damien Miller |
2013-12-06 | support ed25519 keys (hostkeys and user identities) using the public domain | Markus Friedl |