summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
AgeCommit message (Collapse)Author
2018-02-05Add a couple of non-negativity checks to avoid close(-1).Theo Buehler
ok djm
2018-02-05The file descriptors for socket, stdin, stdout and stderr aren'tTheo Buehler
necessarily distinct, so check if they are the same to avoid closing the same fd several times. ok djm
2018-02-05I accidentially a wordDamien Miller
2018-01-25certificate options are case-sensitive; fix case on one that had it wrong.Damien Miller
move a badly-place sentence to a less bad place
2018-01-23Fix a logic bug in sshd_exchange_identification which prevented clientsStefan Sperling
using major protocol version 2 from connecting to the server. ok millert@
2018-01-23Add missing braces; fixes 'write: Socket is not connected' error in ssh.Stefan Sperling
ok deraadt@
2018-01-23Drop compatibility hacks for some ancient SSH implementations, includingDamien Miller
ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
2018-01-23try harder to preserve errno during ssh_connect_direct() to make theDamien Miller
final error message possibly accurate; bz#2814, ok dtucker@
2018-01-23unbreak support for clients that advertise a protocol versionDamien Miller
of "1.99" (indicating both v2 and v1 support). Busted by me during SSHv1 purge in r1.358; bz2810, ok dtucker
2018-01-23don't attempt to force hostnames that are addresses to lowercase, butDamien Miller
instead canonicalise them through getnameinfo/getaddrinfo to remove ambiguities (e.g. ::0001 => ::1) before they are matched against known_hosts; bz#2763, ok dtucker@
2018-01-23avoid modifying pw->pw_passwd; let endpwent() clean up for us, butDamien Miller
keep a scrubbed copy; bz2777, ok dtucker@
2018-01-13clarify authorship; prodded by and ok markus@Christian Weisgerber
2018-01-08group shared source files (e.g. SRCS_KEX) and allow compilation w/o OPENSSLMarkus Friedl
ok djm@
2018-01-08move subprocess() so scp/sftp do not need uidswap.o; ok djm@Markus Friedl
2018-01-08switch ssh-pkcs11-helper to new API; ok djm@Markus Friedl
2018-01-08split client/server kex; only ssh-keygen needs uuencode.o;Markus Friedl
only scp/sftp use progressmeter.o; ok djm@
2018-01-08only ssh-keygen needs uuencode.o; only scp/sftp use progressmeter.oMarkus Friedl
2018-01-08uuencode.h is not usedMarkus Friedl
2017-12-21revert stricter key type / signature type checking in userauth path;Damien Miller
too much software generates inconsistent messages, so we need a better plan.
2017-12-19include signature type and CA key (if applicable) in some debug messagesDamien Miller
2017-12-18unbreak hostkey rotation; attempting to sign with a desired signatureDamien Miller
algorithm of kex->hostkey_alg is incorrect when the key type isn't capable of making those signatures. ok markus@
2017-12-18log mismatched RSA signature types; ok markus@Damien Miller
2017-12-18pass kex->hostkey_alg and kex->hostkey_nid from pre-auth to post-authDamien Miller
unpriviledged child processes; ok markus@
2017-12-18Add helper function for uri handing in scp where a missing pathTodd C. Miller
simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
2017-12-18pass negotiated signing algorithm though to sshkey_verify() andDamien Miller
check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
2017-12-18sshkey_sigtype() function to return the type of a signature;Damien Miller
ok markus@
2017-12-14Replace ED25519's private SHA-512 implementation with a call to theChristian Weisgerber
regular digest code. This speeds up compilation considerably. ok markus@
2017-12-12Create a persistent umac128.c source file: #define the output size andChristian Weisgerber
the name of the entry points for UMAC-128 before including umac.c. Idea from FreeBSD. ok dtucker@
2017-12-10ssh/lib hasn't worked towards our code-sharing goals for a quit while,Theo de Raadt
perhaps it is too verbose? Change each */Makefile to specifying exactly what sources that program requires, compiling it seperate. Maybe we'll iterate by sorting those into seperatable chunks, splitting up files which contain common code + server/client specific code, or whatnot. But this isn't one step, or we'd have done it a long time ago.. ok dtucker markus djm
2017-12-10Put remote client info back into the ClientAlive connection terminationDarren Tucker
message. Based in part on diff from lars.nooden at gmail, ok djm
2017-12-08time_t printing needs %lld and (long long) castsTheo de Raadt
ok djm
2017-12-08fix ordering in previous to ensure errno isn't clobbered beforeDamien Miller
logging.
2017-12-08for some reason unix_listener() logged most errors twice with eachDamien Miller
message containing only some of the useful information; merge these
2017-12-06don't accept junk after "yes" or "no" responses to hostkey prompts.Damien Miller
bz#2803 reported by Maksim Derbasov; ok dtucker@
2017-12-05Replace atoi and strtol conversions for integer arguments to configDarren Tucker
keywords with a checking wrapper around strtonum. This will prevent and flag invalid and negative arguments to these keywords. ok djm@
2017-12-05Add missing break for rdomain. Prevents spurious "Deprecated option"Darren Tucker
warnings. ok djm@
2017-12-05include the addr:port in bind/listen failure messagesDamien Miller
2017-11-29Import updated moduli.Darren Tucker
2017-11-28Have sftp print a warning about shell cleanliness when decoding the firstDarren Tucker
packet fails, which is usually caused by shells polluting stdout of non-interactive starups. bz#2800, ok markus@ deraadt@.
2017-11-28more whitespace errorsDamien Miller
2017-11-28whitespace at EOLDamien Miller
2017-11-25Add monotime_ts and monotime_tv that return monotonic timespec andDarren Tucker
timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@
2017-11-25Remove get_current_time() and replace with calls to monotime_double()Darren Tucker
which uses CLOCK_MONOTONIC and works over clock steps. "I like" markus@
2017-11-15downgrade a couple more request parsing errors from process-fatal toDamien Miller
just returning failure, making them consistent with the others that were already like that.
2017-11-15fix regression in 7.6: failure to parse a signature request messageDamien Miller
shouldn't be fatal to the process, just the request. Reported by Ron Frederick
2017-11-14fix problem in configuration parsing when in config dump mode (sshd -T)Damien Miller
without providing a full connection specification (sshd -T -C ...) spotted by bluhm@
2017-11-03reuse parse_multistate for parse_flag (yes/no arguments). SavesDamien Miller
a few lines of code and makes the parser more consistent wrt case- sensitivity. bz#2664 ok dtucker@
2017-11-03allow certificate validity intervals that specify only a start orDamien Miller
stop time (we already support specifying both or neither)
2017-11-03allow "cd" and "lcd" commands with no explicit path argument.Damien Miller
lcd will change to the local user's home directory as usual. cd will change to the starting directory for session (because the protocol offers no way to obtain the remote user's home directory). bz#2760 ok dtucker@
2017-11-03When doing a config test with sshd -T, only require the attributesDarren Tucker
that are actually used in Match criteria rather than (an incomplete list of) all criteria. ok djm@, man page help jmc@
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-26 10:55:31 +0000