Go to file
djm@openbsd.org 3b9798bda1 upstream: reorder child environment preparation so that variables
read from ~/.ssh/environment (if enabled) do not override SSH_* variables set
by the server.

OpenBSD-Commit-ID: 59f9d4c213cdcef2ef21f4b4ae006594dcf2aa7a
2018-06-09 13:11:00 +10:00
contrib Use ssh-keygen -A to generate missing host keys. 2018-06-06 16:05:44 +10:00
openbsd-compat sync fmt_scaled.c 2018-05-14 14:40:08 +10:00
regress upstream: test the correct configuration option name 2018-06-08 00:31:38 +10:00
.depend upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
.gitignore Fuzzer harnesses for sig verify and pubkey parsing 2017-09-08 12:44:13 +10:00
.skipped-commit-ids upstream: Import regenerated moduli file. 2018-04-06 14:20:33 +10:00
aclocal.m4 Better detection of unsupported compiler options. 2018-06-08 13:55:59 +10:00
addrmatch.c upstream commit 2016-09-22 03:14:59 +10:00
atomicio.c upstream commit 2016-08-03 15:38:43 +10:00
atomicio.h - djm@cvs.openbsd.org 2010/09/22 22:58:51 2010-09-24 22:15:11 +10:00
audit-bsm.c Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
audit-linux.c Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
audit.c Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
audit.h Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
auth2-chall.c upstream commit 2017-05-31 10:50:33 +10:00
auth2-gss.c upstream commit 2017-06-24 16:56:11 +10:00
auth2-hostbased.c upstream commit 2018-01-23 16:40:29 +11:00
auth2-kbdint.c upstream commit 2017-05-31 10:50:33 +10:00
auth2-none.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
auth2-passwd.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
auth2-pubkey.c upstream: switch config file parsing to getline(3) as this avoids 2018-06-07 04:34:05 +10:00
auth2.c upstream: Explicit cast when snprintf'ing an uint64. Prevents 2018-05-11 13:56:23 +10:00
auth-bsdauth.c upstream commit 2015-10-25 11:42:04 +11:00
auth-krb5.c upstream commit 2016-05-19 17:48:34 +10:00
auth-options.c upstream: some permitlisten fixes from markus@ that I missed in my 2018-06-07 19:28:44 +10:00
auth-options.h upstream: permitlisten option for authorized_keys; ok markus@ 2018-06-07 04:27:20 +10:00
auth-pam.c Expose SSH_AUTH_INFO_0 to PAM auth modules 2018-04-06 14:11:44 +10:00
auth-pam.h upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
auth-passwd.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
auth-rhosts.c upstream commit 2016-08-14 11:19:14 +10:00
auth-shadow.c - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype. 2007-04-29 12:10:57 +10:00
auth-sia.c Include ssh_api.h for struct ssh. 2018-03-26 13:24:41 +11:00
auth-sia.h - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of 2005-04-05 21:00:47 +10:00
auth-skey.c - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. 2011-08-28 04:50:16 +10:00
auth.c upstream: permitlisten option for authorized_keys; ok markus@ 2018-06-07 04:27:20 +10:00
auth.h upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
authfd.c upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
authfd.h upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
authfile.c upstream: switch config file parsing to getline(3) as this avoids 2018-06-07 04:34:05 +10:00
authfile.h upstream commit 2015-01-09 00:17:12 +11:00
bitmap.c upstream commit 2017-10-20 12:58:35 +11:00
bitmap.h upstream commit 2017-10-20 12:58:35 +11:00
bufaux.c - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for 2014-06-11 13:39:24 +10:00
bufbn.c upstream commit 2017-05-01 10:05:02 +10:00
bufec.c - (djm) [bufec.c] Skip this file on !ECC OpenSSL 2014-08-26 08:37:47 +10:00
buffer.c - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for 2014-06-11 13:39:24 +10:00
buffer.h upstream commit 2017-05-01 10:05:02 +10:00
buildpkg.sh.in Update links to https. 2016-10-21 06:55:58 +11:00
canohost.c upstream commit 2016-03-08 06:20:35 +11:00
canohost.h upstream commit 2016-03-08 06:20:35 +11:00
chacha.c - djm@cvs.openbsd.org 2013/11/21 00:45:44 2013-11-21 14:12:23 +11:00
chacha.h upstream commit 2016-08-29 11:20:28 +10:00
channels.c upstream: Add a PermitListen directive to control which server-side 2018-06-07 04:27:20 +10:00
channels.h upstream: Add a PermitListen directive to control which server-side 2018-06-07 04:27:20 +10:00
cipher-aes.c - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c 2013-06-02 08:07:31 +10:00
cipher-aesctr.c Add includes.h for compatibility stuff. 2015-02-25 13:17:40 +11:00
cipher-aesctr.h - markus@cvs.openbsd.org 2014/04/29 18:01:49 2014-05-15 14:24:09 +10:00
cipher-chachapoly.c upstream commit 2016-08-09 09:06:52 +10:00
cipher-chachapoly.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
cipher-ctr.c support --without-openssl at configure time 2015-01-15 02:28:36 +11:00
cipher.c Omit 3des-cbc if OpenSSL built without DES. 2018-04-19 13:19:35 +10:00
cipher.h upstream commit 2017-05-08 09:21:00 +10:00
cleanup.c - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] 2006-08-05 14:07:20 +10:00
clientloop.c upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
clientloop.h upstream commit 2017-10-23 16:14:30 +11:00
compat.c upstream: Disable SSH2_MSG_DEBUG messages for Twisted Conch clients 2018-04-17 08:51:51 +10:00
compat.h upstream: Don't send IUTF8 to servers that don't like them. 2018-02-16 23:25:48 +11:00
config.guess update config.guess and config.sub to current 2016-08-02 10:48:04 +10:00
config.sub update config.guess and config.sub to current 2016-08-02 10:48:04 +10:00
configure.ac Remove ability to override $LD. 2018-06-08 17:43:36 +10:00
crc32.c - stevesk@cvs.openbsd.org 2006/04/22 18:29:33 2006-04-23 12:12:24 +10:00
crc32.h - djm@cvs.openbsd.org 2006/03/25 22:22:43 2006-03-26 14:30:00 +11:00
CREDITS Remove now-obsolete CVS $Id tags from text files. 2016-08-17 13:40:58 +10:00
crypto_api.h crypto_api.h needs includes.h 2018-01-24 12:20:44 +11:00
defines.h Remove UNICOS support. 2018-02-15 20:04:02 +11:00
dh.c upstream: switch config file parsing to getline(3) as this avoids 2018-06-07 04:34:05 +10:00
dh.h upstream commit 2016-05-02 20:39:32 +10:00
digest-libc.c upstream commit 2017-05-10 11:41:21 +10:00
digest-openssl.c upstream commit 2017-05-10 11:41:21 +10:00
digest.h upstream commit 2017-05-10 11:41:21 +10:00
dispatch.c upstream commit 2017-06-01 14:53:33 +10:00
dispatch.h upstream commit 2017-06-01 14:53:33 +10:00
dns.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
dns.h upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
ed25519.c - markus@cvs.openbsd.org 2013/12/09 11:03:45 2013-12-18 17:48:11 +11:00
entropy.c Replace remaining mysignal() with signal(). 2018-02-15 22:06:26 +11:00
entropy.h Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
fatal.c - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 2006-08-05 12:39:39 +10:00
fe25519.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include 2014-01-17 12:43:43 +11:00
fe25519.h - markus@cvs.openbsd.org 2013/12/09 11:03:45 2013-12-18 17:48:11 +11:00
fixalgorithms - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported 2013-06-11 11:26:10 +10:00
fixpaths - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org 2002-12-05 20:59:33 +11:00
ge25519_base.data - markus@cvs.openbsd.org 2013/12/09 11:03:45 2013-12-18 17:48:11 +11:00
ge25519.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include 2014-01-17 12:43:43 +11:00
ge25519.h upstream commit 2015-02-17 09:32:31 +11:00
groupaccess.c upstream commit 2015-05-10 11:38:04 +10:00
groupaccess.h - djm@cvs.openbsd.org 2008/07/04 03:44:59 2008-07-04 13:51:12 +10:00
gss-genr.c upstream commit 2016-09-12 13:46:29 +10:00
gss-serv-krb5.c - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used 2014-07-19 06:23:18 +10:00
gss-serv.c upstream commit 2017-06-24 16:56:11 +10:00
hash.c upstream commit 2018-01-23 16:35:07 +11:00
hmac.c upstream commit 2015-03-27 12:00:47 +11:00
hmac.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
hostfile.c upstream: switch config file parsing to getline(3) as this avoids 2018-06-07 04:34:05 +10:00
hostfile.h upstream commit 2015-02-17 09:32:31 +11:00
includes.h portability for sftp globbed ls sort by mtime 2017-06-10 23:41:25 +10:00
INSTALL Remove ability to override $LD. 2018-06-08 17:43:36 +10:00
install-sh Pull in newer install-sh from autoconf-2.69. 2017-12-01 17:07:08 +11:00
kex.c upstream commit 2018-02-08 09:26:27 +11:00
kex.h upstream commit 2017-05-31 10:50:05 +10:00
kexc25519.c upstream commit 2016-05-02 20:35:04 +10:00
kexc25519c.c upstream commit 2017-12-19 15:21:37 +11:00
kexc25519s.c upstream commit 2017-10-20 12:58:18 +11:00
kexdh.c upstream commit 2016-05-02 20:39:32 +10:00
kexdhc.c upstream commit 2018-02-08 09:26:27 +11:00
kexdhs.c upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
kexecdh.c upstream commit 2015-01-20 09:19:39 +11:00
kexecdhc.c upstream commit 2018-02-08 09:26:27 +11:00
kexecdhs.c upstream commit 2018-02-08 09:26:27 +11:00
kexgex.c upstream commit 2015-01-20 09:19:39 +11:00
kexgexc.c upstream commit 2018-02-08 09:26:27 +11:00
kexgexs.c upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
key.c upstream commit 2017-12-19 15:21:37 +11:00
key.h upstream commit 2017-12-19 15:21:37 +11:00
krl.c upstream commit 2017-12-19 15:21:37 +11:00
krl.h upstream commit 2016-01-07 20:13:32 +11:00
LICENCE upstream commit 2017-05-01 10:05:04 +10:00
log.c upstream commit 2017-05-17 11:25:22 +10:00
log.h upstream commit 2017-05-17 11:25:22 +10:00
loginrec.c Remove UNICOS support. 2018-02-15 20:04:02 +11:00
loginrec.h - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of 2010-11-05 10:52:37 +11:00
logintest.c - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable 2010-04-09 18:13:27 +10:00
mac.c upstream commit 2017-05-10 11:41:21 +10:00
mac.h upstream commit 2016-07-08 13:50:03 +10:00
Makefile.in Revert $REGRESSTMP changes. 2018-04-13 13:13:33 +10:00
match.c upstream commit 2017-03-10 15:35:40 +11:00
match.h upstream commit 2017-02-04 10:08:15 +11:00
md5crypt.c Remove assigned-to-but-never-used variable. 2018-02-13 16:27:09 +11:00
md5crypt.h Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
mdoc2man.awk Remove remaining now-obsolete cvs $Ids. 2018-02-15 20:06:19 +11:00
misc.c upstream: switch config file parsing to getline(3) as this avoids 2018-06-07 04:34:05 +10:00
misc.h upstream: switch config file parsing to getline(3) as this avoids 2018-06-07 04:34:05 +10:00
mkinstalldirs Remove remaining now-obsolete cvs $Ids. 2018-02-15 20:06:19 +11:00
moduli Import regenerated moduli file. 2018-04-03 12:18:00 +10:00
moduli.5 - jmc@cvs.openbsd.org 2012/09/26 17:34:38 2012-11-07 08:36:00 +11:00
moduli.c upstream commit 2017-12-12 10:32:04 +11:00
monitor_fdpass.c upstream commit 2016-03-04 15:12:17 +11:00
monitor_fdpass.h - djm@cvs.openbsd.org 2007/09/04 03:21:03 2007-09-17 12:04:08 +10:00
monitor_wrap.c Many typo fixes from Karsten Weiss 2018-04-10 10:19:02 +10:00
monitor_wrap.h upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
monitor.c upstream: switch over to the new authorized_keys options API and 2018-03-03 14:37:16 +11:00
monitor.h upstream commit 2016-09-29 03:11:32 +10:00
msg.c upstream commit 2015-01-15 21:39:14 +11:00
msg.h upstream commit 2015-01-15 21:39:14 +11:00
mux.c upstream: Add a PermitListen directive to control which server-side 2018-06-07 04:27:20 +10:00
myproposal.h upstream commit 2017-05-08 09:21:11 +10:00
nchan2.ms - djm@cvs.openbsd.org 2008/05/15 23:52:24 2008-05-19 16:08:20 +10:00
nchan.c upstream commit 2017-09-12 17:37:03 +10:00
nchan.ms - djm@cvs.openbsd.org 2003/11/21 11:57:03 2003-11-21 23:48:55 +11:00
opacket.c upstream commit 2017-10-20 12:58:35 +11:00
opacket.h upstream commit 2017-10-20 12:58:35 +11:00
openssh.xml.in - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5) 2007-07-24 21:16:07 -07:00
opensshd.init.in Remove RSA1 host key generation. 2017-12-01 16:55:35 +11:00
OVERVIEW upstream commit 2015-07-15 15:36:21 +10:00
packet.c upstream: make ssh_remote_ipaddr() capable of being called after 2018-06-01 14:20:12 +10:00
packet.h upstream commit 2017-12-12 10:32:04 +11:00
pathnames.h upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
pkcs11.h - deraadt@cvs.openbsd.org 2013/11/26 19:15:09 2013-12-05 10:22:03 +11:00
platform-misc.c Split platform_sys_dir_uid into its own file 2017-08-25 13:25:01 +10:00
platform-pledge.c Support Illumos/Solaris fine-grained privileges 2016-01-08 14:29:12 +11:00
platform-tracing.c Use ptrace(PT_DENY_ATTACH, ..) on OS X. 2016-11-01 08:12:33 +11:00
platform.c Split platform_sys_dir_uid into its own file 2017-08-25 13:25:01 +10:00
platform.h Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
poly1305.c - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. 2014-01-17 12:42:17 +11:00
poly1305.h - djm@cvs.openbsd.org 2014/05/02 03:27:54 2014-05-15 14:37:03 +10:00
progressmeter.c upstream commit 2016-07-08 13:46:59 +10:00
progressmeter.h upstream commit 2015-01-15 02:22:18 +11:00
PROTOCOL upstream: emphasise that the hostkey rotation may send key types 2018-02-23 13:37:32 +11:00
PROTOCOL.agent update URL again 2017-10-01 10:32:25 +11:00
PROTOCOL.certkeys upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
PROTOCOL.chacha20poly1305 upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
PROTOCOL.key - markus@cvs.openbsd.org 2013/12/06 13:34:54 2013-12-07 10:41:55 +11:00
PROTOCOL.krl upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
PROTOCOL.mux upstream commit 2015-07-17 13:36:29 +10:00
readconf.c upstream: switch config file parsing to getline(3) as this avoids 2018-06-07 04:34:05 +10:00
readconf.h upstream: Add BindInterface ssh_config directive and -B 2018-02-23 13:37:49 +11:00
README update version number 2018-04-02 15:38:20 +10:00
README.dns - jakob@cvs.openbsd.org 2003/10/14 19:43:23 2003-10-15 16:07:53 +10:00
README.platform Many typo fixes from Karsten Weiss 2018-04-10 10:19:02 +10:00
README.privsep Remove references to UNICOS. 2018-02-15 22:28:14 +11:00
README.tun - deraadt@cvs.openbsd.org 2006/03/28 00:12:31 2006-03-31 23:10:51 +11:00
readpass.c upstream commit 2015-12-11 13:23:14 +11:00
rijndael.c upstream commit 2015-03-23 17:08:12 +11:00
rijndael.h - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine 2014-05-15 13:45:26 +10:00
sandbox-capsicum.c Switch Capsicum header to sys/capsicum.h. 2017-08-28 16:48:27 +10:00
sandbox-darwin.c Add missing monitor.h include. 2016-12-16 15:02:24 +11:00
sandbox-null.c - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] 2014-01-17 16:47:04 +11:00
sandbox-pledge.c s/SANDBOX_TAME/SANDBOX_PLEDGE/g 2015-10-14 09:22:15 -07:00
sandbox-rlimit.c upstream commit 2016-09-12 13:46:29 +10:00
sandbox-seccomp-filter.c Permit getuid()/geteuid() syscalls. 2018-05-25 13:45:01 +10:00
sandbox-solaris.c drop two more privileges in the Solaris sandbox 2017-06-09 14:44:43 +10:00
sandbox-systrace.c Allow nanosleep in preauth privsep child. 2018-04-13 16:23:57 +10:00
sc25519.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include 2014-01-17 12:43:43 +11:00
sc25519.h - markus@cvs.openbsd.org 2013/12/09 11:03:45 2013-12-18 17:48:11 +11:00
scp.1 upstream: some cleanup for BindInterface and ssh-keyscan; 2018-02-26 11:32:29 +11:00
scp.c upstream: Apply umask to all incoming files and directories not 2018-06-04 14:54:43 +10:00
servconf.c upstream: switch config file parsing to getline(3) as this avoids 2018-06-07 04:34:05 +10:00
servconf.h upstream: permitlisten option for authorized_keys; ok markus@ 2018-06-07 04:27:20 +10:00
serverloop.c upstream: fix some over-long lines and __func__ up some debug 2018-06-09 13:10:59 +10:00
serverloop.h upstream commit 2017-09-12 17:37:02 +10:00
session.c upstream: reorder child environment preparation so that variables 2018-06-09 13:11:00 +10:00
session.h upstream commit 2017-09-12 17:37:02 +10:00
sftp-client.c upstream: Fix return value confusion in several functions (readdir, 2018-05-25 14:27:50 +10:00
sftp-client.h Prevent name collisions with system glob (bz#2463) 2015-10-29 10:48:23 +11:00
sftp-common.c upstream commit 2017-06-10 16:40:11 +10:00
sftp-common.h upstream commit 2015-01-15 02:22:18 +11:00
sftp-glob.c upstream commit 2015-01-15 02:22:18 +11:00
sftp-server-main.c upstream commit 2016-02-16 10:44:00 +11:00
sftp-server.8 upstream commit 2014-12-11 19:17:24 +11:00
sftp-server.c upstream: make UID available as a %-expansion everywhere that the 2018-06-01 13:35:59 +10:00
sftp.1 upstream: some cleanup for BindInterface and ssh-keyscan; 2018-02-26 11:32:29 +11:00
sftp.c upstream: Since the previous commit, ssh regress test sftp-chroot was 2018-05-11 13:10:49 +10:00
sftp.h - dtucker@cvs.openbsd.org 2008/06/13 00:12:02 2008-06-13 10:22:54 +10:00
smult_curve25519_ref.c - markus@cvs.openbsd.org 2013/11/02 21:59:15 2013-11-04 08:26:52 +11:00
ssh2.h upstream commit 2016-05-19 17:48:34 +10:00
ssh_api.c upstream commit 2017-05-01 09:42:37 +10:00
ssh_api.h upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
ssh_config upstream commit 2017-05-08 09:21:00 +10:00
ssh_config.5 upstream: add missing punctuation after %i in ssh_config.5, and 2018-06-04 14:54:43 +10:00
ssh-add.1 upstream commit 2017-09-04 09:38:57 +10:00
ssh-add.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
ssh-agent.1 upstream commit 2016-11-30 19:44:25 +11:00
ssh-agent.c upstream: implement EMFILE mitigation for ssh-agent: remember the 2018-05-11 13:56:42 +10:00
ssh-dss.c upstream commit 2018-02-08 09:26:27 +11:00
ssh-ecdsa.c upstream commit 2018-02-08 09:26:27 +11:00
ssh-ed25519.c upstream commit 2016-04-21 16:30:11 +10:00
ssh-gss.h upstream commit 2017-06-24 16:56:11 +10:00
ssh-keygen.1 upstream: add valid-before="[time]" authorized_keys option. A 2018-03-14 18:55:32 +11:00
ssh-keygen.c upstream: switch config file parsing to getline(3) as this avoids 2018-06-07 04:34:05 +10:00
ssh-keyscan.1 upstream: move the input format details to -f; remove the output 2018-03-12 11:48:15 +11:00
ssh-keyscan.c upstream: switch config file parsing to getline(3) as this avoids 2018-06-07 04:34:05 +10:00
ssh-keysign.8 upstream commit 2016-02-18 09:24:40 +11:00
ssh-keysign.c upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
ssh-pkcs11-client.c upstream commit 2018-02-07 07:50:46 +11:00
ssh-pkcs11-helper.8 - schwarze@cvs.openbsd.org 2013/07/16 00:07:52 2013-07-18 16:14:13 +10:00
ssh-pkcs11-helper.c upstream commit 2018-01-23 16:31:55 +11:00
ssh-pkcs11.c upstream commit 2018-02-08 09:26:27 +11:00
ssh-pkcs11.h upstream commit 2015-01-15 21:39:14 +11:00
ssh-rsa.c upstream: Ensure that D mod (P-1) and D mod (Q-1) are calculated in 2018-02-16 13:35:28 +11:00
ssh-sandbox.h - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] 2014-01-17 16:47:04 +11:00
ssh-xmss.c Add WITH_XMSS, move to prevent conflicts. 2018-02-28 19:59:35 +11:00
ssh.1 upstream: Emphasise that -w implicitly sets Tunnel=point-to-point 2018-05-22 10:15:18 +10:00
ssh.c upstream: fix incorrect expansion of %i in 2018-06-09 13:10:59 +10:00
ssh.h upstream: switch config file parsing to getline(3) as this avoids 2018-06-07 04:34:05 +10:00
sshbuf-getput-basic.c upstream commit 2017-06-01 14:55:23 +10:00
sshbuf-getput-crypto.c upstream commit 2016-01-13 10:48:11 +11:00
sshbuf-misc.c upstream commit 2016-05-02 20:35:04 +10:00
sshbuf.c upstream commit 2017-06-07 11:31:15 +10:00
sshbuf.h upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
sshconnect2.c upstream: fix bogus warning when signing cert keys using agent; 2018-03-25 09:47:30 +11:00
sshconnect.c upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
sshconnect.h upstream commit 2018-02-10 20:26:40 +11:00
sshd_config upstream: the UseLogin option was removed, so remove it here too. 2018-04-10 10:16:36 +10:00
sshd_config.5 upstream: tweak previous; 2018-06-09 13:10:59 +10:00
sshd.8 upstream: tweak previous; 2018-06-09 13:10:59 +10:00
sshd.c upstream: Defend against user enumeration timing attacks. This 2018-04-13 15:26:11 +10:00
ssherr.c upstream commit 2017-09-12 17:37:02 +10:00
ssherr.h upstream commit 2017-09-12 17:37:02 +10:00
sshkey-xmss.c upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
sshkey-xmss.h upstream: Add experimental support for PQC XMSS keys (Extended 2018-02-26 11:40:41 +11:00
sshkey.c upstream: ssh/xmss: fix deserialize for certs; ok djm@ 2018-03-23 11:05:39 +11:00
sshkey.h Check for attributes on prototype args. 2018-02-27 08:51:56 +11:00
sshlogin.c upstream commit 2016-01-07 20:13:31 +11:00
sshlogin.h - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134 2013-08-01 14:34:16 +10:00
sshpty.c Remove UNICOS support. 2018-02-15 20:04:02 +11:00
sshpty.h upstream commit 2016-11-29 16:51:27 +11:00
sshtty.c - djm@cvs.openbsd.org 2010/01/09 05:04:24 2010-01-09 22:26:23 +11:00
survey.sh.in - (dtucker) [config.sh.in] Collect oslevel -r too. 2005-02-15 21:26:32 +11:00
TODO Many typo fixes from Karsten Weiss 2018-04-10 10:19:02 +10:00
ttymodes.c upstream: Don't send IUTF8 to servers that don't like them. 2018-02-16 23:25:48 +11:00
ttymodes.h upstream commit 2017-05-01 10:05:04 +10:00
uidswap.c Support Illumos/Solaris fine-grained privileges 2016-01-08 14:29:12 +11:00
uidswap.h - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 2006-08-05 12:39:39 +10:00
umac128.c upstream commit 2018-02-09 20:00:18 +11:00
umac.c upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
umac.h - djm@cvs.openbsd.org 2013/07/22 12:20:02 2013-07-25 11:55:39 +10:00
utf8.c upstream commit 2017-06-01 14:55:22 +10:00
utf8.h Force Turkish locales back to C/POSIX; bz#2643 2016-12-12 13:58:59 +11:00
uuencode.c upstream commit 2015-04-29 18:15:24 +10:00
uuencode.h - djm@cvs.openbsd.org 2010/08/31 11:54:45 2010-08-31 22:41:14 +10:00
verify.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include 2014-01-17 12:43:43 +11:00
version.h upstream: openssh-7.7 2018-03-26 09:38:44 +11:00
xmalloc.c upstream commit 2017-06-01 14:55:22 +10:00
xmalloc.h upstream commit 2017-06-01 14:55:22 +10:00
xmss_commons.c upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_commons.h Remove extra XMSS #endif 2018-03-05 10:22:32 +11:00
xmss_fast.c upstream: ssh/xmss: fix build; ok djm@ 2018-03-23 11:05:39 +11:00
xmss_fast.h upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_hash_address.c upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_hash_address.h upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_hash.c upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_hash.h upstream: Add $OpenBSD$ markers to xmss files to help keep synced 2018-03-02 14:29:25 +11:00
xmss_wots.c upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
xmss_wots.h upstream: Remove unneeded (local) include. ok markus@ 2018-03-02 14:30:02 +11:00

See https://www.openssh.com/releasenotes.html#7.7p1 for the release notes.

Please read https://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or
patch/pull-request management.

- A Japanese translation of this document and of the release notes is
- available at https://www.unixuser.org/~haruyama/security/openssh/index.html
- Thanks to HARUYAMA Seigo <haruyama@unixuser.org>

This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other
Unices.

OpenSSH is based on the last free version of Tatu Ylonen's sample
implementation with all patent-encumbered algorithms removed (to
external libraries), all known security bugs fixed, new features
reintroduced and many other clean-ups.  OpenSSH has been created by
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
and Dug Song. It has a homepage at https://www.openssh.com/

This port consists of the re-introduction of autoconf support, PAM
support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
functions that are (regrettably) absent from other unices. This port
has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
NetBSD, OpenBSD, OpenServer, Solaris and UnixWare.

This version actively tracks changes in the OpenBSD CVS repository.

The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for
all logins, not just when using password authentication.

OpenSSH depends on Zlib[3], OpenSSL[4], and optionally PAM[5] and
libedit[6]

There is now several mailing lists for this port of OpenSSH. Please
refer to https://www.openssh.com/list.html for details on how to join.

Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed
users.  Code contribution are welcomed, but please follow the OpenBSD
style guidelines[7].

Please refer to the INSTALL document for information on how to install
OpenSSH on your system.

Damien Miller <djm@mindrot.org>

Miscellania -

This version of OpenSSH is based upon code retrieved from the OpenBSD
CVS repository which in turn was based on the last free sample
implementation released by Tatu Ylonen.

References -

[0] https://www.openssh.com/
[1] http://www.lothar.com/tech/crypto/
[2] http://prngd.sourceforge.net/
[3] https://www.zlib.net/
[4] https://www.openssl.org/
[5] https://www.openpam.org
    https://www.kernel.org/pub/linux/libs/pam/
    (PAM also is standard on Solaris and HP-UX 11)
[6] https://thrysoee.dk/editline/ (portable version)
[7] https://man.openbsd.org/style.9