summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/sshconnect2.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Let the client detect if the server supports roaming by lookingandreas2009-10-241-1/+6
| | | | | for the resume@appgate.com kex algorithm. ok markus@
* disallow a hostile server from checking jpake auth by sending andjm2009-10-231-1/+20
| | | | out-of-sequence success message. (doesn't affect code enabled by default)
* refactor the (disabled) Schnorr proof code to make it a little moredjm2009-03-051-1/+2
| | | | generally useful
* Add support for an experimental zero-knowledge password authenticationdjm2008-11-041-2/+301
| | | | | | | | | | | | | | | | method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
* sprinkle ARGSUSED on dispatch handlersdjm2008-11-011-2/+13
| | | | nuke stale unusued prototype
* Repair strnvis() buffersize of 4*n+1, with termination gauranteed by thederaadt2008-10-031-3/+3
| | | | | | | | function. spotted by des@freebsd, who commited an incorrect fix to the freebsd tree and (as is fairly typical) did not report the problem to us. But this fix is correct. ok djm
* don't allocate space for empty banners; report t8m at centrum.cz; ok deraadtmarkus2008-07-311-2/+2
|
* strnvis preauth banner; pointed out by mpf@ ok markus@djm2008-07-171-5/+13
|
* promote rekeylimit to a int64 so it can hold the maximum useful limitdjm2008-01-191-2/+2
| | | | of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
* djm owes me a vb and a tism cd for breaking ssh compilationjolan2007-05-171-1/+2
|
* fall back to gethostname() when the outgoing connection is notdjm2007-05-171-3/+12
| | | | | | on a socket, such as is the case when ProxyCommand is used. Gives hostbased auth an opportunity to work; bz#616, report and feedback stuart AT kaloram.com; ok markus@
* Fix regression where SSH2 banner is printed at loglevels ERROR and FATALdtucker2006-08-301-2/+2
| | | | where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@
* bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.ukdjm2006-08-181-11/+4
| | | | ok markus@
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-5/+6
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* missed some needed #include <unistd.h> when KERBEROS5=no; issue fromstevesk2006-07-201-1/+2
| | | | massimo@cedoc.mo.it
* move #include <errno.h> out of includes.h; ok markus@stevesk2006-07-111-1/+3
|
* do not set the gid, noted by solar; ok djmmarkus2006-06-081-2/+2
|
* replace remaining setuid() calls with permanently_set_uid() andmarkus2006-06-061-3/+3
| | | | check seteuid() return values; report Marcus Meissner; ok dtucker djm
* uint32_t -> u_int32_t (which we use everywhere else)djm2006-05-081-2/+2
|
* Prevent ssh from trying to open private keys with bad permissions more thandtucker2006-04-251-5/+7
| | | | | once or prompting for their passphrases (which it subsequently ignores anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* introduce xcalloc() and xasprintf() failure-checked allocations functionsdjm2006-03-251-7/+3
| | | | | | | | | | and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
* RCSID() can diederaadt2006-03-191-1/+0
|
* memory leaks detected by Coverity via elad AT netbsd.org;djm2006-03-191-2/+7
| | | | deraadt@ ok
* Implement the diffie-hellman-group-exchange-sha256 key exchange methoddjm2006-03-071-1/+2
| | | | | using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY
* move #include <sys/stat.h> out of includes.h; ok markus@stevesk2006-02-201-1/+2
|
* move #include <sys/wait.h> out of includes.h; ok markus@stevesk2006-02-101-1/+3
|
* move #include <sys/queue.h> out of includes.h; ok markus@stevesk2006-02-071-1/+3
|
* no trailing "\n" for log functions; ok djm@stevesk2005-10-141-2/+2
|
* destroy credentials if krb5_kuserok() call fails. Stops credentials beingdjm2005-08-301-2/+3
| | | | | | | delegated to users who are not authorised for GSSAPIAuthentication when GSSAPIDeletegateCredentials=yes and another authentication mechanism succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
* add a new compression method that delays compression until the usermarkus2005-07-251-3/+3
| | | | | | | | | has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
* knf says that a 2nd level indent is four (not three or five) spacesdjm2005-07-171-3/+3
|
* make this -Wsign-compare clean; ok avsm@ markus@djm2005-06-171-3/+4
|
* implement diffie-hellman-group14-sha1 kex method (trivial extension todjm2004-06-131-1/+2
| | | | existing diffie-hellman-group1-sha1); ok markus@
* kill a tiny header; ok deraadt@djm2004-05-081-2/+2
|
* swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what FreeBSDhenning2004-04-081-2/+2
| | | | | and NetBSD do. ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@
* add IdentitiesOnly; ok djm@, pb@markus2004-03-051-2/+2
|
* fix mem leaks; some fixes from Pete Flugstad; tested dtucker@markus2004-01-191-4/+4
|
* unexpand and delete whitespace at EOL; ok markus@djm2003-11-211-12/+12
|
* replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.markus2003-11-171-7/+29
|
* return error on msg send/receive failure (rather than fatal); ok markus@djm2003-11-171-2/+3
|
* cleanup and minor fixes for the client code; from Simon Wilkinsonmarkus2003-11-141-44/+36
|
* remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.ukmarkus2003-11-021-24/+16
|
* rename 'supported' static var in userauth_gssapi() to 'gss_supported'avsm2003-10-261-13/+13
| | | | to avoid shadowing the global version. markus@ ok
* search keys in reverse order; fixes #684markus2003-10-111-2/+8
|
* set ptr to NULL after freederaadt2003-10-071-4/+9
|
* Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 & #707.dtucker2003-10-071-2/+3
| | | | ok markus@
* fprintf->logit to silence login banner with "ssh -q"; ok markus@djm2003-08-251-2/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.