diff options
-rw-r--r-- | COPYING.Ylonen | 70 | ||||
-rw-r--r-- | ChangeLog | 578 | ||||
-rw-r--r-- | ChangeLog.linux | 20 | ||||
-rw-r--r-- | Makefile | 13 | ||||
-rw-r--r-- | Makefile.GNU | 50 | ||||
-rw-r--r-- | Makefile.inc | 11 | ||||
-rw-r--r-- | OVERVIEW | 164 | ||||
-rw-r--r-- | README | 563 | ||||
-rw-r--r-- | README.openssh | 44 | ||||
-rw-r--r-- | RFC.nroff | 1780 | ||||
-rw-r--r-- | auth-krb4.c | 209 | ||||
-rw-r--r-- | auth-passwd.c | 209 | ||||
-rw-r--r-- | auth-rh-rsa.c | 83 | ||||
-rw-r--r-- | auth-rhosts.c | 298 | ||||
-rw-r--r-- | auth-rsa.c | 478 | ||||
-rw-r--r-- | auth-skey.c | 149 | ||||
-rw-r--r-- | authfd.c | 565 | ||||
-rw-r--r-- | authfd.h | 102 | ||||
-rw-r--r-- | authfile.c | 350 | ||||
-rw-r--r-- | bufaux.c | 141 | ||||
-rw-r--r-- | bufaux.h | 51 | ||||
-rw-r--r-- | buffer.c | 150 | ||||
-rw-r--r-- | buffer.h | 66 | ||||
-rw-r--r-- | canohost.c | 234 | ||||
-rw-r--r-- | channels.c | 1500 | ||||
-rw-r--r-- | channels.h | 41 | ||||
-rw-r--r-- | cipher.c | 304 | ||||
-rw-r--r-- | cipher.h | 84 | ||||
-rw-r--r-- | clientloop.c | 924 | ||||
-rw-r--r-- | compat.c | 10 | ||||
-rw-r--r-- | compat.h | 7 | ||||
-rw-r--r-- | compress.c | 160 | ||||
-rw-r--r-- | compress.h | 46 | ||||
-rw-r--r-- | crc32.c | 120 | ||||
-rw-r--r-- | crc32.h | 25 | ||||
-rw-r--r-- | deattack.c | 180 | ||||
-rw-r--r-- | deattack.h | 27 | ||||
-rw-r--r-- | getput.h | 64 | ||||
-rw-r--r-- | helper.c | 108 | ||||
-rw-r--r-- | helper.h | 43 | ||||
-rw-r--r-- | hostfile.c | 279 | ||||
-rw-r--r-- | includes.h | 78 | ||||
-rw-r--r-- | log-client.c | 138 | ||||
-rw-r--r-- | log-server.c | 233 | ||||
-rw-r--r-- | login.c | 118 | ||||
-rw-r--r-- | match.c | 78 | ||||
-rw-r--r-- | mktemp.c | 181 | ||||
-rw-r--r-- | mktemp.h | 7 | ||||
-rw-r--r-- | mpaux.c | 46 | ||||
-rw-r--r-- | mpaux.h | 32 | ||||
-rw-r--r-- | nchan.c | 187 | ||||
-rw-r--r-- | nchan.h | 57 | ||||
-rw-r--r-- | nchan.ms | 71 | ||||
-rw-r--r-- | openssh.spec | 105 | ||||
-rw-r--r-- | packet.c | 762 | ||||
-rw-r--r-- | packet.h | 166 | ||||
-rw-r--r-- | pty.c | 264 | ||||
-rw-r--r-- | pty.h | 40 | ||||
-rw-r--r-- | radix.c | 258 | ||||
-rw-r--r-- | rc4.c | 105 | ||||
-rw-r--r-- | rc4.h | 110 | ||||
-rw-r--r-- | readconf.c | 684 | ||||
-rw-r--r-- | readconf.h | 116 | ||||
-rw-r--r-- | readpass.c | 114 | ||||
-rw-r--r-- | rsa.c | 164 | ||||
-rw-r--r-- | rsa.h | 36 | ||||
-rw-r--r-- | scp.1 | 110 | ||||
-rw-r--r-- | scp.c | 1220 | ||||
-rw-r--r-- | servconf.c | 567 | ||||
-rw-r--r-- | servconf.h | 86 | ||||
-rw-r--r-- | serverloop.c | 644 | ||||
-rw-r--r-- | ssh-add.1 | 116 | ||||
-rw-r--r-- | ssh-add.c | 254 | ||||
-rw-r--r-- | ssh-agent.1 | 124 | ||||
-rw-r--r-- | ssh-agent.c | 572 | ||||
-rw-r--r-- | ssh-keygen.1 | 155 | ||||
-rw-r--r-- | ssh-keygen.c | 552 | ||||
-rw-r--r-- | ssh.1 | 966 | ||||
-rw-r--r-- | ssh.c | 809 | ||||
-rw-r--r-- | ssh.h | 589 | ||||
-rw-r--r-- | ssh.pam | 7 | ||||
-rw-r--r-- | ssh_config | 30 | ||||
-rw-r--r-- | sshconnect.c | 1495 | ||||
-rw-r--r-- | sshd.8 | 781 | ||||
-rw-r--r-- | sshd.c | 2445 | ||||
-rwxr-xr-x | sshd.init | 49 | ||||
-rw-r--r-- | sshd_config | 44 | ||||
-rw-r--r-- | strlcpy.c | 68 | ||||
-rw-r--r-- | strlcpy.h | 4 | ||||
-rw-r--r-- | tildexpand.c | 70 | ||||
-rw-r--r-- | ttymodes.c | 359 | ||||
-rw-r--r-- | ttymodes.h | 138 | ||||
-rw-r--r-- | uidswap.c | 95 | ||||
-rw-r--r-- | uidswap.h | 30 | ||||
-rw-r--r-- | version.h | 1 | ||||
-rw-r--r-- | xmalloc.c | 56 | ||||
-rw-r--r-- | xmalloc.h | 34 |
97 files changed, 26920 insertions, 0 deletions
diff --git a/COPYING.Ylonen b/COPYING.Ylonen new file mode 100644 index 00000000..5e681edd --- /dev/null +++ b/COPYING.Ylonen @@ -0,0 +1,70 @@ +This file is part of the ssh software, Copyright (c) 1995 Tatu Ylonen, Finland + + +COPYING POLICY AND OTHER LEGAL ISSUES + +As far as I am concerned, the code I have written for this software +can be used freely for any purpose. Any derived versions of this +software must be clearly marked as such, and if the derived work is +incompatible with the protocol description in the RFC file, it must be +called by a name other than "ssh" or "Secure Shell". + +However, I am not implying to give any licenses to any patents or +copyrights held by third parties, and the software includes parts that +are not under my direct control. As far as I know, all included +source code is used in accordance with the relevant license agreements +and can be used freely for any purpose (the GNU license being the most +restrictive); see below for details. + +[ RSA is no longer included. ] +[ IDEA is no longer included. ] +[ DES is now external. ] +[ GMP is now external. No more GNU licence. ] +[ Zlib is now external. ] +[ The make-ssh-known-hosts script is no longer included. ] +[ TSS has been removed. ] +[ MD5 is now external. ] +[ RC4 support has been removed. ] +[ Blowfish is now external. ] + +The 32-bit CRC implementation in crc32.c is due to Gary S. Brown. +Comments in the file indicate it may be used for any purpose without +restrictions. + +The 32-bit CRC compensation attack detector in deattack.c was +contributed by CORE SDI S.A. under a BSD-style license. See +http://www.core-sdi.com/english/ssh/ for details. + +Note that any information and cryptographic algorithms used in this +software are publicly available on the Internet and at any major +bookstore, scientific library, and patent office worldwide. More +information can be found e.g. at "http://www.cs.hut.fi/crypto". + +The legal status of this program is some combination of all these +permissions and restrictions. Use only at your own responsibility. +You will be responsible for any legal consequences yourself; I am not +making any claims whether possessing or using this is legal or not in +your country, and I am not taking any responsibility on your behalf. + + + NO WARRANTY + +BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 00000000..08d90f78 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,578 @@ +Fri Nov 17 16:19:20 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> + + * Released 1.2.12. + + * channels.c: Commented out debugging messages about output draining. + + * Added file OVERVIEW to give some idea about the structure of the + ssh software. + +Thu Nov 16 16:40:17 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> + + * canohost.c (get_remote_hostname): Don't ever return NULL (causes + segmentation violation). + + * sshconnect.c: Host ip address printed incorrectly with -v. + + * Implemented SSH_TTY environment variable. + +Wed Nov 15 01:47:40 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> + + * Implemented server and client option KeepAlive to specify + whether to set SO_KEEPALIVE. Both default to "yes"; to disable + keepalives, set the value to "no" in both the server and the + client configuration files. Updated manual pages. + + * sshd.c: Fixed Solaris utmp problem: wrong pid stored in utmp + (patch from Petri Virkkula <argon@bat.cs.hut.fi>). + + * login.c (record_logout): Fixed removing user from utmp on BSD + (with HAVE_LIBUTIL_LOGIN). + + * Added cleanup functions to be called from fatal(). Arranged for + utmp to be cleaned if sshd terminates by calling fatal (e.g., + after dropping connection). Eliminated separate client-side + fatal() functions and moved fatal() to log-client.c. Made all + cleanups, including channel_stop_listening() and packet_close() + be called using this mechanism. + +Thu Nov 9 09:58:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * sshd.c: Permit immediate login with empty password only if + password authentication is allowed. + +Wed Nov 8 00:43:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * Eliminated unix-domain X11 forwarding. Inet-domain forwarding is + now the only supported form. Renamed server option + X11InetForwarding to X11Forwarding, and eliminated + X11UnixForwarding. Updated documentation. Updated RFC (marked + the SSH_CMSG_X11_REQUEST_FORWARDING message (code 26) as + obsolete, and removed all references to it). Increased protocol + version number to 1.3. + + * scp.c (main): Added -B (BatchMode). Updated manual page. + + * Cleaned up and updated all manual pages. + + * clientloop.c: Added new escape sequences ~# (lists forwarded + connections), ~& (background ssh when waiting for forwarded + connections to terminate), ~? (list available escapes). + Polished the output of the connection listing. Updated + documentation. + + * uidswap.c: If _POSIX_SAVED_IDS is defined, don't change the real + uid. Assume that _POSIX_SAVED_IDS also applies to seteuid. + This may solve problems with tcp_wrappers (libwrap) showing + connections as coming from root. + +Tue Nov 7 20:28:57 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * Added RandomSeed server configuration option. The argument + specifies the location of the random seed file. Updated + documentation. + + * Locate perl5 in configure. Generate make-ssh-known-hosts (with + the correct path for perl5) in Makefile.in, and install it with + the other programs. Updated manual page. + + * sshd.c (main): Added a call to umask to set the umask to a + reasonable value. + + * compress.c (buffer_compress): Fixed to follow the zlib + documentation (which is slightly confusing). + + * INSTALL: Added information about Linux libc.so.4 problem. + +Mon Nov 6 15:42:36 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * (Actually autoconf fix) Installed patch to AC_ARG_PROGRAM. + + * sshd.c, sshd.8.in: Renamed $HOME/.environment -> + $HOME/.ssh/environment. + + * configure.in: Disable shadow password checking on convex. + Convex has /etc/shadow, but sets pw_passwd automatically if + running as root. + + * Eliminated HAVE_ETC_MASTER_PASSWD (NetBSD, FreeBSD); the + pw_passwd field is automatically filled if running as root. + Put explicit code in configure.in to prevent shadow password + checking on FreeBSD and NetBSD. + + * serverloop.c (signchld_handler): Don't print error if wait + returns -1. + + * Makefile.in (install): Fixed modes of data files. + + * Makefile.in (install): Make links for slogin.1. + + * make-ssh-known-hosts: Merged a patch from melo@ci.uminho.pt to + fix the ping command. + +Fri Nov 3 16:25:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * ssh.1.in: Added more information about X11 forwarding. + +Thu Nov 2 18:42:13 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * Changes to use O_NONBLOCK_BROKEN consistently. + + * pty.c (pty_make_controlling_tty): Use setpgid instead of + setsid() on Ultrix. + + * includes.h: Removed redundant #undefs for Ultrix and Sony News; + these are already handled in configure.in. + +Tue Oct 31 13:31:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * configure.in: Define SSH_WTMP to /var/adm/wtmp is wtmp not found. + + * configure.in: Disable vhangup on Ultrix. I am told this fixes + the server problems. + +Sat Oct 28 14:22:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * sshconnect.c: Fixed a bug in connecting to a multi-homed host. + Restructured the connecting code to never try to use the same + socket a second time after a failed connection. + + * Makefile.in: Added explicit -m option to install, and umask 022 + when creating directories and the host key. + +Fri Oct 27 01:05:10 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * Makefile.in: Added cleaning of $(ZLIBDIR) to clean and distclean. + + * login.c (get_last_login_time): Fixed a typo (define -> defined). + +Thu Oct 26 01:28:07 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * configure.in: Moved testing for ANSI C compiler after the host + specific code (problems on HPUX). + + * Minor fixes to /etc/default/login stuff from Bryan O'Sullivan. + + * Fixed .SH NAME sections in manual pages. + + * compress.c: Trying to fix a mysterious bug in the compression + glue. + + * ssh-1.2.11. + + * scp.c: disable agent forwarding when running ssh from scp. + + * Added compression of plaintext packets using the gzip library + (zlib). Client configuration options Compression and + CompressionLevel (1-9 as in gzip). New ssh and scp option -C + (to enable compression). Updated RFC. + +Wed Oct 25 05:11:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * Implemented ProxyCommand stuff based on patches from Bryan + O'Sullivan <bos@serpentine.com>. + + * Merged BSD login/logout/lastlog patches from Mark Treacy + <mark@labtam.oz.au>. + + * sshd.c: Added chdir("/"). + +Tue Oct 24 00:29:01 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * Merged RSA environment= patches from Felix Leitner + <leitner@prz.tu-berlin.de> with some changes. + + * sshd.c: Made the packet code use two separate descriptors for + the connection (one for input, the other for output). This will + make future extensions easier (e.g., non-socket transports, etc.). + sshd -i now uses both stdin and stdout separately. + +Mon Oct 23 21:29:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * sshd.c: Merged execle -> execve patches from Mark Martinec + <Mark.Martinec@nsc.ijs.si>. This may help with execle bugs on + Convex (environment not getting passed properly). This might + also solve similar problems on Sonys; please test! + + * Removed all compatibility code for protocol version 1.0. + THIS MEANS THAT WE ARE NO LONGER COMPATIBLE WITH SSH VERSIONS + PRIOR TO 1.1.0. + + * randoms.c (random_acquire_light_environmental_noise): If + /dev/random is available, read up to 32 bytes (256 bits) from + there in non-blocking mode, and mix the new random bytes into + the pool. + + * Added client configuration option StrictHostKeyChecking + (disabled by default). If this is enabled, the client will not + automatically add new host keys to $HOME/.ssh/known_hosts; + instead the connection will be refused if the host key is not + known. Similarly, if the host key has changed, the connection + will be refused instead if just issuing a warning. This + provides additional security against man-in-the-middle/trojan + horse attacks (especially in scripts where there is no-one to + see the warnings), but may be quite inconvenient in everyday + interactive use unless /etc/ssh_known_hosts is very complete, + because new host keys must now be added manually. + + * sshconnect.c (ssh_connect): Use the user's uid when creating the + socket and connecting it. I am hoping that this might help with + tcp_wrappers showing the remote user as root. + + * ssh.c: Try inet-domain X11 forwarding regardless of whether we + can get local authorization information. If we don't, we just + come up with fake information; the forwarding code will anyway + generate its own fake information and validate that the client + knows that information. It will then substitute our fake + information for that, but that info should get ignored by the + server if it doesn't support it. + + * Added option BatchMode to disable password/passphrase querying + in scripts. + + * auth-rh-rsa.c: Changed to use uid-swapping when reading + .ssh/known_hosts. + + * sshd.8.in (command): Improved documentation of file permissions + on the manual pages. + +Thu Oct 19 21:05:51 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> + + * ssh-add.c (add_file): Fixed a bug causing ssh to |