summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/sshd.c
AgeCommit message (Expand)Author
2015-07-17fix incorrect test for SSH1 keys when compiled without SSH1 supportDamien Miller
2015-07-15fix NULL-deref when SSH1 reenabledDamien Miller
2015-07-10Turn off DSA by default; add HostKeyAlgorithms to the server andMarkus Friedl
2015-07-03refuse to generate or accept RSA keys smaller than 1024 bits;Damien Miller
2015-07-03turn off 1024 bit diffie-hellman-group1-sha1 key exchange methodDamien Miller
2015-07-03delete support for legacy v00 certificates; "sure" markus@ dtucker@Damien Miller
2015-05-24add missing 'c' option to getopt(), case statement was alreadyDamien Miller
2015-05-21add AuthorizedPrincipalsCommand that allows getting authorized_principalsDamien Miller
2015-04-27allow "sshd -f none" to skip reading the config file, much likeDamien Miller
2015-04-15Plug leak of address passed to logging. bz#2373, patch from jjelen at redhat,Darren Tucker
2015-04-10Don't send hostkey advertisments (hostkeys-00@openssh.com) to currentDarren Tucker
2015-03-31don't fatal when a !ssh1 sshd is reexeced from a w/ssh1 listener;Damien Miller
2015-02-20UpdateHostKeys fixes:Damien Miller
2015-02-16partial backout of:Damien Miller
2015-02-16Revise hostkeys@openssh.com hostkey learning extension.Damien Miller
2015-01-31Let sshd load public host keys even when private keys are missing.Damien Miller
2015-01-26correctly match ECDSA subtype (== curve) for offered/receviedDamien Miller
2015-01-26Host key rotation support.Damien Miller
2015-01-20Reduce use of <sys/param.h> and transition to <limits.h> throughout.Theo de Raadt
2015-01-20kex_setup errors are fatal()Markus Friedl
2015-01-19store compat flags in struct ssh; ok djm@Markus Friedl
2015-01-19adapt kex to sshbuf and struct ssh; ok djm@Markus Friedl
2015-01-19update packet.c & isolate, introduce struct sshMarkus Friedl
2015-01-17fix hostkeys on ssh agent; found by unit test I'm about to commitDamien Miller
2015-01-14move authfd.c and its tentacles to the new buffer/key API;Damien Miller
2015-01-07workaround for the Meyer, et al, Bleichenbacher Side Channel Attack.Ted Unangst
2014-12-22make internal handling of filename arguments of "none" more consistentDamien Miller
2014-12-11explicitly include sys/param.h in files that use the howmany() macro;Damien Miller
2014-07-15Add support for Unix domain socket forwarding. A remote TCP portTodd C. Miller
2014-06-24New key API: refactor key-related functions to be more library-like,Damien Miller
2014-04-29make compiling against OpenSSL optional (make OPENSSL=no);Markus Friedl
2014-04-19Delete futile calls to RAND_seed. ok djmTed Unangst
2014-04-18OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connectionsDamien Miller
2014-04-12avoid crash at exit: check that pmonitor!=NULL before dereferencing;Damien Miller
2014-03-27disable weak proposals in sshd, but keep them in ssh; ok djm@Markus Friedl
2014-03-26remove libwrap support. ok deraadt djm mfriedlTed Unangst
2014-02-26ssh_gssapi_prepare_supported_oids needs GSSAPIMarkus Friedl
2014-02-26bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsepDamien Miller
2014-02-02convert memset of potentially-private data to explicit_bzero()Damien Miller
2014-01-31replace most bzero with explicit_bzero, except a few that cna be memsetTed Unangst
2014-01-29use kill(0, ...) instead of killpg(0, ...); on most operating systemsDamien Miller
2014-01-27replace openssl MD5 with our ssh_digest_*; ok djm@Markus Friedl
2014-01-09ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,Damien Miller
2013-12-30refuse RSA keys from old proprietary clients/servers that use theDamien Miller
2013-12-06support ed25519 keys (hostkeys and user identities) using the public domainMarkus Friedl
2013-11-20delay closure of in/out fds until after "Bad protocol versionDamien Miller
2013-11-02use curve25519 for default key exchange (curve25519-sha256@libssh.org);Markus Friedl
2013-10-23include local address and port in "Connection from ..." message (onlyDamien Miller
2013-10-17include remote port in bad banner message; bz#2162Damien Miller
2013-10-10bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctlyDamien Miller