summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/monitor_wrap.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* allow AuthorizedKeysFile to specify multiple files, separated by spaces.djm2011-05-231-2/+7
| | | | | | | | | Bring back authorized_keys2 as a default search path (to avoid breaking existing users of this file), but override this in sshd_config so it will be no longer used on fresh installs. Maybe in 2015 we can remove it entierly :) feedback and ok markus@ dtucker@
* use a macro to define which string options to copy between configsdjm2011-05-201-3/+10
| | | | | | | for Match. This avoids problems caused by forgetting to keep three code locations in perfect sync and ordering "this is at once beautiful and horrible" + ok dtucker@
* Implement Elliptic Curve Cryptography modes for key exchange (ECDH) anddjm2010-08-311-1/+2
| | | | | | | | | | | | | | | | | host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* Hold authentication debug messages until after successful authentication.dtucker2010-03-071-18/+1
| | | | | Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
* alphabetize includes; reduces diff vs portable and style(9). ok stevesk djmdtucker2009-06-221-5/+5
|
* Keep track of number of bytes read and written. Needed for upcomingandreas2009-05-281-1/+8
| | | | | changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@
* Put the globals in packet.c into a struct and don't access it directlyandreas2009-05-251-8/+9
| | | | | from other files. No functional changes. ok markus@ djm@
* refactor the (disabled) Schnorr proof code to make it a little moredjm2009-03-051-4/+5
| | | | generally useful
* Add support for an experimental zero-knowledge password authenticationdjm2008-11-041-1/+165
| | | | | | | | | | | | | | | | method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
* sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@markus2008-07-101-4/+6
|
* Make the maximum number of sessions run-time controllable viadjm2008-05-081-4/+18
| | | | | | | | | | | | | | | | | a sshd_config MaxSessions knob. This is useful for disabling login/shell/subsystem access while leaving port-forwarding working (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or simply increasing the number of allows multiplexed sessions. Because some bozos are sure to configure MaxSessions in excess of the number of available file descriptors in sshd (which, at peak, might be as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds on error paths, and make it fail gracefully on out-of-fd conditions - sending channel errors instead of than exiting with fatal(). bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com ok markus@
* Implement a channel success/failure status confirmation callbackdjm2008-05-081-1/+2
| | | | | | | | | | | | | mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
* Send config block back to slave for invalid users too so optionsdtucker2007-10-291-3/+4
| | | | | set by a Match block (eg Banner) behave the same for non-existent users. Found by and ok djm@
* unifdef -DBSD_AUTHdjm2007-09-211-61/+1
| | | | | | | unifdef -USKEY These options have been in use for some years; ok markus@ "no objection" millert@
* make file descriptor passing code return an error rather than call fatal()djm2007-09-041-3/+4
| | | | | when it encounters problems, and use this to make session multiplexing masters survive slaves failing to pass all stdio FDs; ok markus@
* Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, mustpvalchev2007-06-071-2/+2
| | | | | | | | | | specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
* Preserve MAC ctx between packets, saving 2xhash calls per-packet.djm2007-06-051-2/+2
| | | | | | | Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm committing at his request)
* Teach Match how handle config directives that are used before authentication.dtucker2007-02-191-4/+17
| | | | | | This allows configurations such as permitting password authentication from the local net only while requiring pubkey from offsite. ok djm@, man page bits ok jmc@
* Revert previous include file ordering change, for ssh to compile under gcc2miod2006-08-121-2/+2
| | | | | (or until openssl include files are cleaned of parameter names in function prototypes)
* "zlib.h" can be <zlib.h>; ok djm@ markus@stevesk2006-08-061-2/+2
|
* Zap unused variables in -DSKEY code. ok djm@dtucker2006-08-051-3/+2
|
* Add headers required to build with KERBEROS5=no. ok djm@dtucker2006-08-051-1/+3
|
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-11/+10
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* move #include <errno.h> out of includes.h; ok markus@stevesk2006-07-111-1/+2
|
* move #include <pwd.h> out of includes.h; ok markus@stevesk2006-07-061-1/+5
|
* replace {GET,PUT}_XXBIT macros with functionally similar functions,djm2006-03-301-4/+4
| | | | | | silencing a heap of lint warnings. also allows them to use __bounded__ checking which can't be applied to macros; requested by and feedback from deraadt@
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* introduce xcalloc() and xasprintf() failure-checked allocations functionsdjm2006-03-251-7/+3
| | | | | | | | | | and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
* sprinkle u_int throughout pty subsystem, ok markusderaadt2006-03-201-1/+1
|
* RCSID() can diederaadt2006-03-191-1/+0
|
* Switch atomicio to use a simpler interface; it now returns a size_tavsm2005-05-241-11/+8
| | | | | | | | | | | (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes: if (atomicio(read, ..., len) != len) err(1,"read"); ok deraadt@, cloder@, djm@
* Move "Last logged in at.." message generation to the monitor, rightdtucker2004-07-171-2/+7
| | | | | | before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@
* Put s/key functions inside #ifdef SKEY same as monitor.c,dtucker2004-07-031-1/+3
| | | | from des@freebsd via bz #330, ok markus@
* Change login->username, will prevent -Wshadow errors in Portable; ok markus@dtucker2004-06-221-3/+3
|
* make ssh -Wshadow clean, no functional changesavsm2004-06-211-14/+14
| | | | markus@ ok
* replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.markus2003-11-171-1/+20
|
* check pmonitor != NULLmarkus2003-10-151-2/+2
|
* return NULL for missing banner; ok djm@markus2003-10-111-3/+10
|
* replace fatal_cleanup() and linked list of fatal callbacks with staticmarkus2003-09-231-4/+13
| | | | | | cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
* remove kerberos support from ssh1, since it has been replaced with GSSAPI;markus2003-08-281-36/+1
| | | | but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
* 64 bit cleanups; markus okderaadt2003-08-241-2/+4
|
* support GSS API user authentication; patches from Simon Wilkinson,markus2003-08-221-2/+71
| | | | stripped down and tested by Jakob and myself.
* remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);markus2003-07-221-37/+1
| | | | test+ok henning@
* deal with typing of write vs read in atomicioderaadt2003-06-281-3/+3
|
* typo: get correct counters; introduced during rekeying change.markus2003-04-071-2/+2
|
* reapply rekeying chage, tested by henning@, ok djm@markus2003-04-021-3/+11
|
* backout rekeying changes (for 3.6.1)markus2003-04-011-11/+3
|
* rekeying bugfixes and automatic rekeying:markus2003-04-011-3/+11
| | | | | | | | | | | | * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.