| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
CheckHostIP to an own config option named VisualHostKey.
While there, fix the behaviour that ssh would draw a random art picture
on every newly seen host even when the option was not enabled.
prodded by deraadt@, discussions,
help and ok markus@ djm@ dtucker@
|
| | |
|
| |
|
|
| |
key renegotiation (bz #1363). With djm and Matt Day, ok djm@
|
| |
|
|
| |
spotted by naddy@, ok and help djm@ dtucker@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
can slow things down and we never use the service info anyway. bz
#859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok
deraadt@ djm@
djm belives that the reason for the "0" strings is to ensure that
it's not possible to call getaddrinfo with both host and port being
NULL. In the case of canohost.c host is a local array. In the
case of sshconnect.c, it's checked for null immediately before use.
In dns.c it ultimately comes from ssh.c:main() and is guaranteed to
be non-null but it's not obvious, so I added a warning message in
case it is ever passed a null.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
|
| |
|
|
|
| |
code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417.
ok markus@ stevesk@
|
| |
|
|
|
|
|
|
| |
SSH banner exchange (previously it just covered the TCP connection).
This allows callers of ssh(1) to better detect and deal with stuck servers
that accept a TCP connection but don't progress the protocol, and also makes
ConnectTimeout useful for connections via a ProxyCommand;
feedback and "looks ok" markus@
|
| | |
|
| |
|
|
| |
pr 5250; rad@twig.com; ok dtucker djm
|
| |
|
|
|
| |
ok djm, sort of ok stevesk
makes the pain stop in one easy step
|
| | |
|
| |
|
|
|
| |
non-standard ports too, so that all existing known_hosts entries will be
recognised. Requested by, feedback and ok markus@
|
| | |
|
| | |
|
| |
|
|
| |
and key changed; ok djm@ markus@ dtucker@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
on a patch from Devin Nate in bz#910.
For any connection using the default port or using a HostKeyAlias the
format is unchanged, otherwise the host name or address is enclosed
within square brackets in the same format as sshd's ListenAddress.
Tested by many, ok markus@.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
check seteuid() return values; report Marcus Meissner; ok dtucker djm
|
| | |
|
| | |
|
| |
|
|
| |
Theo nuked - our scripts to sync -portable need them in the files
|
| |
|
|
|
|
|
|
|
|
| |
and use them throughout openssh
xcalloc is particularly important because malloc(nmemb * size) is a
dangerous idiom (subject to integer overflow) and it is time for it to
die
feedback and ok deraadt@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
spotted dwmw2 AT infradead.org; ok markus@
|
| | |
|
| |
|
|
| |
add expansion to ControlPath; ok markus@
|
| |
|
|
|
|
|
|
|
|
|
| |
(containing number of bytes read/written), and indicates error by
returning 0. EOF is signalled by errno==EPIPE.
Typical use now becomes:
if (atomicio(read, ..., len) != len)
err(1,"read");
ok deraadt@, cloder@, djm@
|
| | |
|
| |
|
|
| |
found and ok dtucker@
|
| |
|
|
| |
to improve privacy of which hosts user have been visiting; ok markus@ deraadt@
|
grunk
ian
dtucker
djm
markus
deraadt
stevesk
reyk
avsm