summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* unbreak build for NOPIC systems; noticed, help and ok deraadt@markus2010-02-201-1/+2
|
* remove scardmarkus2010-02-081-2/+2
|
* replace our obsolete smartcard code with PKCS#11.markus2010-02-081-2/+2
| | | | | | | | | ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev
* Add support for an experimental zero-knowledge password authenticationdjm2008-11-041-2/+2
| | | | | | | | | | | | | | | | method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
* OpenSSL 0.9.8h supplies a real EVP_sha256 so we do not need ourdjm2008-09-061-2/+2
| | | | replacement anymore
* support CIDR address matching in sshd_config "Match address" blocks, withdjm2008-06-101-2/+2
| | | | | | | | | | | | full support for negation and fall-back to classic wildcard matching. For example: Match address 192.0.2.0/24,3ffe:ffff::/32,!10.* PasswordAuthentication yes addrmatch.c code mostly lifted from flowd's addr.c feedback and ok dtucker@
* Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, mustpvalchev2007-06-071-2/+2
| | | | | | | | | | specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
* build a lint library for us to use abovederaadt2006-05-281-1/+2
|
* Move Buffer bignum functions into their own file, bufbn.c. This means thatdtucker2006-04-181-2/+2
| | | | | sftp and sftp-server (which use the Buffer functions in bufaux.c but not the bignum ones) no longer need to be linked with libcrypto. ok markus@
* Implement the diffie-hellman-group-exchange-sha256 key exchange methoddjm2006-03-071-2/+2
| | | | | using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY
* replace tilde_expand_filename with a simpler implementation, ahead of moredjm2005-04-091-2/+2
| | | | whacking; ok deraadt@
* remove fallback AES support for old OpenSSL, as OpenBSD has had it for manydjm2004-12-221-3/+3
| | | | years now; ok deraadt@
* Use permanently_set_uid() in ssh and ssh-keysign for consistency, matchesdtucker2004-08-231-2/+2
| | | | change in Portable; ok markus@
* implement session multiplexing in the client (the server has supported thisdjm2004-06-131-2/+3
| | | | since 2.0); ok markus@
* kill it here toodjm2004-05-091-2/+2
|
* unexpand and delete whitespace at EOL; ok markus@djm2003-11-211-3/+3
|
* replace fatal_cleanup() and linked list of fatal callbacks with staticmarkus2003-09-231-2/+2
| | | | | | cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
* support GSS API user authentication; patches from Simon Wilkinson,markus2003-08-221-1/+4
| | | | stripped down and tested by Jakob and myself.
* experimental support for aes-ctr modes frommarkus2003-05-171-2/+2
| | | | | http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
* split out custom EVP ciphersmarkus2003-05-151-2/+3
|
* add experimental support for verifying hos keys using DNS as describedjakob2003-05-141-2/+2
| | | | | in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
* Disable Kerberos 4 support.hin2003-04-091-9/+1
| | | | ok markus@
* move server only kex and monitor code to sshd.markus2003-02-211-3/+2
|
* split kex into client and server code, no need to linkmarkus2003-02-161-1/+2
| | | | server code into the client; ok provos@
* move progressmeter.c to libssh; ok djm/fgs@markus2003-01-121-2/+2
|
* Make sure kerberosV/kafs.h is picked up if kerberosIV/kafs.h is not removed.hin2002-06-111-5/+5
| | | | ok markus@
* no longer use uidswap.[ch] from the ssh clientmarkus2002-06-111-2/+2
| | | | | | run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@
* add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authenticationmarkus2002-05-231-2/+2
| | | | in protocol v2 (needs to access the hostkeys).
* integrate privilege separated openssh; its turned off by default for now.provos2002-03-181-2/+2
| | | | work done by me and markus@
* tabifyitojun2002-03-081-2/+2
|
* overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@markus2002-02-221-3/+3
|
* do not build debug version either; markus@ okmickey2002-01-251-1/+2
|
* only build Kerberos v5 support with KERBEROS5=yesdugsong2001-06-261-2/+5
|
* Kerberos v5 support for SSH1, mostly from Assar Westerlund <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ okdugsong2001-06-261-1/+2
|
* unbreakmarkus2001-06-261-5/+1
|
* more smartcard support.markus2001-06-261-1/+6
|
* switch to readpassphrase(3)markus2001-06-241-2/+2
| | | | 2.7/8-stable needs readpassphrase.[ch] from libc
* undo the .c file split, just merge the header and keep the cvs historymarkus2001-05-311-5/+3
|
* channel layer cleanup: merge header files and split .c filesmarkus2001-05-301-4/+6
|
* move kex to kex*.c, used dispatch_set() callbacks for kex. shouldmarkus2001-04-031-2/+2
| | | | make rekeying easier.
* prepare for rekeying: move DH code to dh.cmarkus2001-03-291-2/+2
|
* 1) clean up the MAC support for SSH-2markus2001-02-111-2/+2
| | | | | | | 2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@
* $OpenBSD$niklas2001-01-291-0/+2
|
* split ssh.h and try to cleanup the #include mess. remove unnecessary #includes.markus2001-01-211-1/+1
| | | | rename util.[ch] -> misc.[ch]
* add support for RSA to SSH2. please test.markus2000-11-121-2/+2
| | | | | | | | | | | | | | | there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
* rijndael/aes supportmarkus2000-10-131-1/+1
|
* add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and memarkus2000-10-111-1/+2
|
* Boring... Add :L modifier to all tweakable variables tests.espie2000-09-031-2/+2
| | | | Closes PR 1246
* add SSH2/DSA support to the agent and some other DSA related cleanups.markus2000-08-191-1/+1
| | | | (note that we cannot talk to ssh.com's ssh2 agents)
* rename aux.c to util.c to help with cygwin portprovos2000-08-011-1/+1
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.