summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* don't fatal() when hostname canonicalisation fails with adjm2014-06-241-5/+9
| | | | | | ProxyCommand in use; continue and allow the ProxyCommand to connect anyway (e.g. to a host with a name outside the DNS behind a bastion)
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-3/+19
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* bz#2205: avoid early hostname lookups unless canonicalisation is enabled;djm2014-02-261-6/+24
| | | | ok dtucker@ markus@
* reparse ssh_config and ~/.ssh/config if hostname canonicalisation changesdjm2014-02-231-56/+94
| | | | | | | | | | | | | | | | the hostname. This allows users to write configurations that always refer to canonical hostnames, e.g. CanonicalizeHostname yes CanonicalDomains int.example.org example.org CanonicalizeFallbackLocal no Host *.int.example.org Compression off Host *.example.org User djm ok markus@
* delay lowercasing of hostname until right before hostnamedjm2014-02-041-2/+2
| | | | | canonicalisation to unbreak case-sensitive matching of ssh_config; reported by Ike Devolder; ok markus@
* replace most bzero with explicit_bzero, except a few that cna be memsettedu2014-01-311-6/+6
| | | | ok djm dtucker
* don't forget to load Ed25519 certs toodjm2013-12-291-12/+16
|
* support ed25519 keys (hostkeys and user identities) using the public domainmarkus2013-12-061-4/+13
| | | | | ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
* - put -Q in the right placejmc2013-11-261-5/+5
| | | | | | | | - Ar was a poor choice for the arguments to -Q. i've chosen an admittedly equally poor Cm, at least consistent with the rest of the docs. also no need for multiple instances - zap a now redundant Nm - usage() sync
* improve -Q usage and such. One usage change is that the option is nowderaadt2013-11-251-10/+10
| | | | | case-sensitive ok dtucker markus djm
* Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com"djm2013-11-211-2/+4
| | | | | | | | | | | | | | that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
* Output the effective values of Ciphers, MACs and KexAlgorithms whendtucker2013-11-071-4/+4
| | | | the default has not been overridden. ok markus@
* fix crash when using ProxyCommand caused by previous commit - was callingdjm2013-10-251-2/+4
| | | | freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
* fix bug introduced in hostname canonicalisation commit: don't try todjm2013-10-241-3/+5
| | | | | resolve hostnames when a ProxyCommand is set unless the user has forced canonicalisation; spotted by Iain Morgan
* commentdjm2013-10-231-1/+2
|
* rearrange check to reduce diff against -portabledjm2013-10-171-2/+4
|
* one I missed in previous: s/isation/ization/djm2013-10-161-6/+6
|
* s/canonicalise/canonicalize/ for consistency with existing spelling,djm2013-10-161-16/+16
| | | | e.g. authorized_keys; pointed out by naddy@
* Implement client-side hostname canonicalisation to allow an explicitdjm2013-10-161-11/+162
| | | | | | | | | | search path of domain suffixes to use to convert unqualified host names to fully-qualified ones for host key matching. This is particularly useful for host certificates, which would otherwise need to list unqualified names alongside fully-qualified ones (and this causes a number of problems). "looks fine" markus@
* whitespace at EOL; pointed out by markus@djm2013-10-141-4/+4
|
* refactor client config code a little:djm2013-10-141-19/+9
| | | | | | | | | | | | add multistate option partsing to readconf.c, similar to servconf.c's existing code. move checking of options that accept "none" as an argument to readconf.c add a lowercase() function and use it instead of explicit tolower() in loops part of a larger diff that was ok markus@
* add a "Match" keyword to ssh_config that allows matching on hostname,djm2013-10-141-13/+10
| | | | user and result of arbitrary commands. "nice work" markus@
* daemonise backgrounded (ControlPersist'ed) multiplexing master to ensuredjm2013-07-251-1/+2
| | | | | | it is fully detached from its controlling terminal. based on debugging and patch from tedu@ ok dtucker@ "be careful" deraadt@
* More useful error message on missing current user in /etc/passwddjm2013-07-201-2/+2
|
* set TCP nodelay for connections started with -N; bz#2124 ok dtucker@djm2013-07-121-1/+6
|
* bye, bye xfree(); ok markus@djm2013-05-171-23/+21
|
* add -Q to usage; reminded by jmc@djm2013-04-191-2/+2
|
* add the ability to query supported ciphers, MACs, key type and KEXdjm2013-04-191-2/+18
| | | | | algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
* Add -E option to ssh and sshd to append debugging logs to a specified filedtucker2013-04-071-8/+20
| | | | instead of stderr or syslog. ok markus@, man page help jmc@
* allow "ssh -f none ..." ok markus@djm2013-03-081-2/+3
|
* Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlierdjm2013-02-221-2/+3
| | | | version)
* Don't complain if IdentityFiles specified in system-wide configs are missing.dtucker2013-02-221-4/+6
| | | | ok djm, deraadt.
* Keep track of which IndentityFile options were manually supplied and whichdtucker2013-02-171-7/+2
| | | | were default options, and don't warn if the latter are missing. ok markus@
* move setting of tty_flag to after config parsing so RequestTTY optionsdjm2012-07-061-22/+21
| | | | | are correctly picked up. bz#1995 patch from przemoc AT gmail.com; ok dtucker@
* set interactive ToS for forwarded X11 sessions. ok djm@dtucker2012-07-021-1/+5
|
* bz#1943: unbreak stdio forwarding when ControlPersist is in user - sshdjm2011-10-241-25/+27
| | | | | was incorrectly requesting the forward in both the control master and slave. skip requesting it in the master to fix. ok markus@
* ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@djm2011-10-181-6/+9
|
* unbreak remote portforwarding with dynamic allocated listen ports:markus2011-09-231-10/+19
| | | | | | | | | 1) send the actual listen port in the open message (instead of 0). this allows multiple forwardings with a dynamic listen port 2) update the matching permit-open entry, so we can identify where to connect to report: den at skbkontur.ru and P. Szczygielski feedback and ok djm@
* support for cancelling local and remote port forwards via the multiplexdjm2011-09-091-1/+3
| | | | | socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request the cancellation of the specified forwardings; ok markus@
* typo in commentdjm2011-08-021-2/+2
|
* hook up a channel confirm callback to warn the user then requested X11djm2011-06-221-5/+7
| | | | forwarding was refused by the server; ok markus@
* bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesargdjm2011-06-031-1/+2
| | | | AT googlemail.com; ok dtucker@
* Remove undocumented legacy options UserKnownHostsFile2 anddjm2011-05-241-10/+18
| | | | | | GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile accept multiple paths per line and making their defaults include known_hosts2; ok markus
* fix dropping from previous diffdjm2011-05-061-2/+1
|
* Add a RequestTTY ssh_config option to allow configuration-baseddjm2011-05-061-19/+22
| | | | control over tty allocation (like -t/-T); ok markus@
* add a %L expansion (short-form of the local host name) for ControlPath;djm2011-05-061-14/+14
| | | | sync some more expansions with LocalCommand; ok markus@
* allow graceful shutdown of multiplexing: request that a mux server removesdjm2011-04-171-1/+3
| | | | its listener socket and refuse future multiplexing requests; ok markus@
* unbreak %n expansion in LocalCommand; patch from bert.wesarg ATdjm2011-01-061-3/+5
| | | | googlemail.com; ok markus@
* automatically order the hostkeys requested by the client based ondjm2010-11-291-2/+2
| | | | | | which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys that are preferred by default; with markus@
* allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead ofdjm2010-11-131-4/+3
| | | | | | hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.