|
Name |
|
Date |
Size |
#Lines |
LOC |
| .. | | 03-May-2022 | - |
| CREDITS | H A D | 22-Apr-2019 | 5.4 KiB | 103 | 98 |
| LICENCE | H A D | 22-Apr-2019 | 14.8 KiB | 320 | 277 |
| PROTOCOL | H A D | 24-Apr-2019 | 18 KiB | 500 | 370 |
| PROTOCOL.agent | H A D | 22-Apr-2019 | 220 | 6 | 4 |
| PROTOCOL.certkeys | H A D | 24-Apr-2019 | 11.9 KiB | 308 | 246 |
| PROTOCOL.chacha20poly1305 | H A D | 24-Apr-2019 | 4.5 KiB | 108 | 84 |
| PROTOCOL.key | H A D | 22-Apr-2019 | 1.5 KiB | 69 | 51 |
| PROTOCOL.krl | H A D | 24-Apr-2019 | 5.1 KiB | 172 | 118 |
| PROTOCOL.mux | H A D | 24-Apr-2019 | 8.9 KiB | 299 | 219 |
| README | H A D | 24-Apr-2019 | 2.4 KiB | 63 | 47 |
| README.DELETED | H A D | 24-Apr-2019 | 1.1 KiB | 92 | 91 |
| README.DRAGONFLY | H A D | 24-Apr-2019 | 1.2 KiB | 47 | 39 |
| README.dns | H A D | 22-Apr-2019 | 1.6 KiB | 48 | 30 |
| README.tun | H A D | 22-Apr-2019 | 4.8 KiB | 133 | 98 |
| addrmatch.c | H A D | 24-Apr-2019 | 11 KiB | 499 | 355 |
| atomicio.c | H A D | 24-Apr-2019 | 4.7 KiB | 181 | 130 |
| atomicio.h | H A D | 24-Apr-2019 | 2.2 KiB | 54 | 14 |
| audit.h | H A D | 24-Apr-2019 | 2.3 KiB | 58 | 28 |
| auth-options.c | H A D | 24-Apr-2019 | 23.4 KiB | 936 | 768 |
| auth-options.h | H A D | 24-Apr-2019 | 2.7 KiB | 96 | 36 |
| auth-pam.c | H A D | 24-Apr-2019 | 35.7 KiB | 1,376 | 1,068 |
| auth-pam.h | H A D | 24-Apr-2019 | 1.9 KiB | 48 | 20 |
| auth-passwd.c | H A D | 24-Apr-2019 | 6.4 KiB | 224 | 147 |
| auth-rhosts.c | H A D | 24-Apr-2019 | 8.9 KiB | 325 | 211 |
| auth.c | H A D | 24-Apr-2019 | 32.3 KiB | 1,189 | 918 |
| auth.h | H A D | 24-Apr-2019 | 8 KiB | 243 | 152 |
| auth2-chall.c | H A D | 24-Apr-2019 | 9.8 KiB | 384 | 306 |
| auth2-hostbased.c | H A D | 24-Apr-2019 | 8.1 KiB | 262 | 205 |
| auth2-kbdint.c | H A D | 24-Apr-2019 | 2.2 KiB | 70 | 33 |
| auth2-none.c | H A D | 24-Apr-2019 | 2.3 KiB | 79 | 43 |
| auth2-passwd.c | H A D | 24-Apr-2019 | 2.4 KiB | 77 | 42 |
| auth2-pubkey.c | H A D | 24-Apr-2019 | 29.3 KiB | 1,062 | 827 |
| auth2.c | H A D | 24-Apr-2019 | 22.4 KiB | 822 | 633 |
| authfd.c | H A D | 24-Apr-2019 | 14.6 KiB | 583 | 432 |
| authfd.h | H A D | 24-Apr-2019 | 3 KiB | 91 | 53 |
| authfile.c | H A D | 24-Apr-2019 | 12.6 KiB | 539 | 417 |
| authfile.h | H A D | 22-Apr-2019 | 2.3 KiB | 53 | 20 |
| bitmap.c | H A D | 24-Apr-2019 | 4.4 KiB | 215 | 171 |
| bitmap.h | H A D | 24-Apr-2019 | 1.9 KiB | 58 | 15 |
| canohost.c | H A D | 22-Apr-2019 | 4.7 KiB | 205 | 143 |
| canohost.h | H A D | 22-Apr-2019 | 842 | 27 | 9 |
| chacha.c | H A D | 22-Apr-2019 | 5.3 KiB | 220 | 188 |
| chacha.h | H A D | 22-Apr-2019 | 1,000 | 37 | 22 |
| channels.c | H A D | 24-Apr-2019 | 133.7 KiB | 4,886 | 3,890 |
| channels.h | H A D | 24-Apr-2019 | 13 KiB | 345 | 228 |
| cipher-aesctr.h | H A D | 22-Apr-2019 | 1.3 KiB | 36 | 13 |
| cipher-chachapoly.c | H A D | 22-Apr-2019 | 3.7 KiB | 120 | 71 |
| cipher-chachapoly.h | H A D | 22-Apr-2019 | 1.6 KiB | 42 | 19 |
| cipher.c | H A D | 24-Apr-2019 | 13.6 KiB | 528 | 421 |
| cipher.h | H A D | 24-Apr-2019 | 3.1 KiB | 76 | 32 |
| cleanup.c | H A D | 22-Apr-2019 | 1 KiB | 33 | 10 |
| clientloop.c | H A D | 24-Apr-2019 | 69 KiB | 2,408 | 1,777 |
| clientloop.h | H A D | 24-Apr-2019 | 3.7 KiB | 84 | 31 |
| compat.c | H A D | 24-Apr-2019 | 6.6 KiB | 236 | 196 |
| compat.h | H A D | 24-Apr-2019 | 2.8 KiB | 74 | 32 |
| crc32.h | H A D | 22-Apr-2019 | 1.4 KiB | 31 | 4 |
| crypto_api.h | H A D | 24-Apr-2019 | 1.7 KiB | 57 | 37 |
| defines.h | H A D | 24-Apr-2019 | 21.7 KiB | 877 | 650 |
| dh.c | H A D | 24-Apr-2019 | 15.1 KiB | 493 | 393 |
| dh.h | H A D | 24-Apr-2019 | 2.6 KiB | 81 | 33 |
| digest-openssl.c | H A D | 24-Apr-2019 | 4.9 KiB | 207 | 159 |
| digest.h | H A D | 22-Apr-2019 | 2.5 KiB | 71 | 32 |
| dispatch.c | H A D | 24-Apr-2019 | 3.5 KiB | 136 | 96 |
| dispatch.h | H A D | 24-Apr-2019 | 2 KiB | 50 | 17 |
| dns.c | H A D | 24-Apr-2019 | 9.2 KiB | 357 | 258 |
| dns.h | H A D | 24-Apr-2019 | 2 KiB | 59 | 25 |
| ed25519.c | H A D | 22-Apr-2019 | 3.1 KiB | 145 | 105 |
| entropy.c | H A D | 24-Apr-2019 | 6.6 KiB | 262 | 181 |
| entropy.h | H A D | 24-Apr-2019 | 1.5 KiB | 35 | 7 |
| fatal.c | H A D | 22-Apr-2019 | 1.6 KiB | 46 | 13 |
| fe25519.c | H A D | 22-Apr-2019 | 8.1 KiB | 338 | 278 |
| fe25519.h | H A D | 22-Apr-2019 | 2.3 KiB | 71 | 42 |
| ge25519.c | H A D | 22-Apr-2019 | 11 KiB | 322 | 249 |
| ge25519.h | H A D | 22-Apr-2019 | 1.4 KiB | 44 | 25 |
| ge25519_base.data | H A D | 22-Apr-2019 | 164.6 KiB | 859 | 856 |
| groupaccess.c | H A D | 24-Apr-2019 | 3.5 KiB | 135 | 79 |
| groupaccess.h | H A D | 22-Apr-2019 | 1.5 KiB | 36 | 7 |
| hash.c | H A D | 24-Apr-2019 | 623 | 28 | 15 |
| hmac.c | H A D | 22-Apr-2019 | 5.1 KiB | 198 | 150 |
| hmac.h | H A D | 22-Apr-2019 | 1.6 KiB | 39 | 15 |
| hostfile.c | H A D | 24-Apr-2019 | 21.7 KiB | 835 | 637 |
| hostfile.h | H A D | 22-Apr-2019 | 3.8 KiB | 109 | 61 |
| includes.h | H A D | 22-Apr-2019 | 3.9 KiB | 180 | 136 |
| kex.c | H A D | 24-Apr-2019 | 33.8 KiB | 1,314 | 1,096 |
| kex.h | H A D | 24-Apr-2019 | 8.2 KiB | 261 | 203 |
| kexc25519.c | H A D | 24-Apr-2019 | 5.7 KiB | 200 | 149 |
| kexdh.c | H A D | 24-Apr-2019 | 5 KiB | 202 | 159 |
| kexecdh.c | H A D | 24-Apr-2019 | 5.6 KiB | 212 | 166 |
| kexgen.c | H A D | 24-Apr-2019 | 9.5 KiB | 340 | 279 |
| kexgex.c | H A D | 24-Apr-2019 | 3.7 KiB | 105 | 70 |
| kexgexc.c | H A D | 24-Apr-2019 | 6.4 KiB | 220 | 168 |
| kexgexs.c | H A D | 24-Apr-2019 | 6 KiB | 205 | 151 |
| kexsntrup4591761x25519.c | H A D | 24-Apr-2019 | 7.1 KiB | 220 | 174 |
| krl.c | H A D | 24-Apr-2019 | 35.6 KiB | 1,367 | 1,132 |
| krl.h | H A D | 24-Apr-2019 | 2.7 KiB | 67 | 37 |
| log.c | H A D | 24-Apr-2019 | 10.7 KiB | 481 | 370 |
| log.h | H A D | 24-Apr-2019 | 2.6 KiB | 82 | 58 |
| loginrec.c | H A D | 24-Apr-2019 | 41.9 KiB | 1,725 | 1,100 |
| loginrec.h | H A D | 24-Apr-2019 | 4.6 KiB | 135 | 53 |
| mac.c | H A D | 22-Apr-2019 | 7.2 KiB | 266 | 212 |
| mac.h | H A D | 22-Apr-2019 | 2 KiB | 54 | 24 |
| match.c | H A D | 24-Apr-2019 | 9.5 KiB | 364 | 202 |
| match.h | H A D | 24-Apr-2019 | 1.2 KiB | 31 | 14 |
| misc.c | H A D | 24-Apr-2019 | 45.5 KiB | 2,121 | 1,632 |
| misc.h | H A D | 24-Apr-2019 | 6 KiB | 183 | 134 |
| moduli | H A D | 24-Apr-2019 | 563.9 KiB | 453 | 452 |
| moduli.5 | H A D | 22-Apr-2019 | 3.6 KiB | 128 | 127 |
| moduli.c | H A D | 24-Apr-2019 | 20.6 KiB | 816 | 500 |
| monitor.c | H A D | 24-Apr-2019 | 51.5 KiB | 1,900 | 1,507 |
| monitor.h | H A D | 24-Apr-2019 | 3.9 KiB | 96 | 56 |
| monitor_fdpass.c | H A D | 22-Apr-2019 | 4.7 KiB | 188 | 146 |
| monitor_fdpass.h | H A D | 22-Apr-2019 | 1.5 KiB | 35 | 5 |
| monitor_wrap.c | H A D | 24-Apr-2019 | 26.8 KiB | 1,001 | 783 |
| monitor_wrap.h | H A D | 24-Apr-2019 | 3.6 KiB | 99 | 57 |
| msg.c | H A D | 24-Apr-2019 | 2.8 KiB | 95 | 60 |
| msg.h | H A D | 22-Apr-2019 | 1.5 KiB | 33 | 6 |
| mux.c | H A D | 24-Apr-2019 | 66.1 KiB | 2,402 | 2,008 |
| myproposal.h | H A D | 24-Apr-2019 | 5.5 KiB | 205 | 153 |
| nchan.c | H A D | 24-Apr-2019 | 12.1 KiB | 447 | 346 |
| packet.c | H A D | 24-Apr-2019 | 71.2 KiB | 2,705 | 2,084 |
| packet.h | H A D | 24-Apr-2019 | 7.4 KiB | 221 | 156 |
| pathnames.h | H A D | 24-Apr-2019 | 5.7 KiB | 173 | 69 |
| pkcs11.h | H A D | 22-Apr-2019 | 41.4 KiB | 1,358 | 1,119 |
| platform-misc.c | H A D | 22-Apr-2019 | 1.1 KiB | 36 | 13 |
| platform.c | H A D | 24-Apr-2019 | 4.7 KiB | 199 | 128 |
| platform.h | H A D | 24-Apr-2019 | 1.7 KiB | 49 | 27 |
| poly1305.c | H A D | 22-Apr-2019 | 4.5 KiB | 161 | 121 |
| poly1305.h | H A D | 22-Apr-2019 | 645 | 23 | 11 |
| progressmeter.c | H A D | 24-Apr-2019 | 7.3 KiB | 299 | 215 |
| progressmeter.h | H A D | 24-Apr-2019 | 1.5 KiB | 29 | 3 |
| readconf.c | H A D | 24-Apr-2019 | 79.9 KiB | 2,771 | 2,287 |
| readconf.h | H A D | 24-Apr-2019 | 7.8 KiB | 220 | 159 |
| readpass.c | H A D | 24-Apr-2019 | 5.2 KiB | 200 | 139 |
| rijndael.h | H A D | 22-Apr-2019 | 2.1 KiB | 57 | 21 |
| sandbox-rlimit.c | H A D | 22-Apr-2019 | 2.4 KiB | 97 | 59 |
| sc25519.c | H A D | 22-Apr-2019 | 7.2 KiB | 309 | 255 |
| sc25519.h | H A D | 22-Apr-2019 | 2.8 KiB | 81 | 46 |
| scp.1 | H A D | 24-Apr-2019 | 6 KiB | 263 | 262 |
| scp.c | H A D | 24-Apr-2019 | 39.2 KiB | 1,711 | 1,397 |
| servconf.c | H A D | 18-Jun-2019 | 79.8 KiB | 2,720 | 2,329 |
| servconf.h | H A D | 24-Apr-2019 | 10.2 KiB | 282 | 195 |
| serverloop.c | H A D | 24-Apr-2019 | 29.4 KiB | 983 | 746 |
| serverloop.h | H A D | 22-Apr-2019 | 1,000 | 29 | 5 |
| session.c | H A D | 24-Apr-2019 | 67.2 KiB | 2,724 | 2,022 |
| session.h | H A D | 24-Apr-2019 | 2.6 KiB | 85 | 48 |
| sftp-client.c | H A D | 24-Apr-2019 | 50.7 KiB | 1,957 | 1,597 |
| sftp-client.h | H A D | 24-Apr-2019 | 4.4 KiB | 146 | 54 |
| sftp-common.c | H A D | 24-Apr-2019 | 6.8 KiB | 260 | 206 |
| sftp-common.h | H A D | 22-Apr-2019 | 2 KiB | 53 | 19 |
| sftp-glob.c | H A D | 22-Apr-2019 | 3.4 KiB | 151 | 95 |
| sftp-server-main.c | H A D | 24-Apr-2019 | 1.5 KiB | 56 | 29 |
| sftp-server.8 | H A D | 22-Apr-2019 | 5 KiB | 171 | 170 |
| sftp-server.c | H A D | 24-Apr-2019 | 44.1 KiB | 1,776 | 1,512 |
| sftp.1 | H A D | 24-Apr-2019 | 15.4 KiB | 674 | 673 |
| sftp.c | H A D | 24-Apr-2019 | 60.5 KiB | 2,602 | 2,138 |
| sftp.h | H A D | 22-Apr-2019 | 3.3 KiB | 102 | 55 |
| smult_curve25519_ref.c | H A D | 22-Apr-2019 | 6.7 KiB | 266 | 227 |
| sntrup4591761.c | H A D | 24-Apr-2019 | 24.8 KiB | 1,084 | 708 |
| ssh-add.1 | H A D | 24-Apr-2019 | 6.8 KiB | 229 | 228 |
| ssh-add.c | H A D | 24-Apr-2019 | 19.1 KiB | 754 | 628 |
| ssh-agent.1 | H A D | 22-Apr-2019 | 7.1 KiB | 232 | 231 |
| ssh-agent.c | H A D | 24-Apr-2019 | 32.8 KiB | 1,350 | 1,124 |
| ssh-dss.c | H A D | 24-Apr-2019 | 5.6 KiB | 210 | 158 |
| ssh-ecdsa.c | H A D | 24-Apr-2019 | 5.5 KiB | 201 | 149 |
| ssh-ed25519.c | H A D | 22-Apr-2019 | 4.2 KiB | 168 | 134 |
| ssh-keygen.1 | H A D | 24-Apr-2019 | 27.2 KiB | 931 | 930 |
| ssh-keygen.c | H A D | 24-Apr-2019 | 79.6 KiB | 2,954 | 2,559 |
| ssh-keyscan.1 | H A D | 24-Apr-2019 | 3.8 KiB | 159 | 158 |
| ssh-keyscan.c | H A D | 24-Apr-2019 | 17.9 KiB | 811 | 683 |
| ssh-keysign.8 | H A D | 22-Apr-2019 | 2.9 KiB | 94 | 93 |
| ssh-keysign.c | H A D | 24-Apr-2019 | 8.1 KiB | 295 | 217 |
| ssh-pkcs11-helper.8 | H A D | 24-Apr-2019 | 1.7 KiB | 67 | 66 |
| ssh-pkcs11-helper.c | H A D | 24-Apr-2019 | 10.7 KiB | 437 | 354 |
| ssh-pkcs11.h | H A D | 24-Apr-2019 | 1.5 KiB | 41 | 20 |
| ssh-rsa.c | H A D | 24-Apr-2019 | 11.9 KiB | 450 | 359 |
| ssh-sandbox.h | H A D | 22-Apr-2019 | 1.1 KiB | 25 | 6 |
| ssh.1 | H A D | 24-Apr-2019 | 44 KiB | 1,701 | 1,700 |
| ssh.c | H A D | 24-Apr-2019 | 61.8 KiB | 2,165 | 1,665 |
| ssh.h | H A D | 24-Apr-2019 | 2.7 KiB | 100 | 21 |
| ssh2.h | H A D | 22-Apr-2019 | 5.7 KiB | 175 | 78 |
| ssh_api.c | H A D | 24-Apr-2019 | 14.5 KiB | 559 | 443 |
| ssh_api.h | H A D | 24-Apr-2019 | 4.3 KiB | 138 | 31 |
| ssh_config | H A D | 24-Apr-2019 | 1.4 KiB | 46 | 41 |
| ssh_config.5 | H A D | 24-Apr-2019 | 51.7 KiB | 1,836 | 1,835 |
| sshbuf-getput-basic.c | H A D | 22-Apr-2019 | 9.2 KiB | 465 | 382 |
| sshbuf-getput-crypto.c | H A D | 24-Apr-2019 | 4.5 KiB | 186 | 145 |
| sshbuf-misc.c | H A D | 22-Apr-2019 | 3.5 KiB | 162 | 129 |
| sshbuf.c | H A D | 24-Apr-2019 | 9 KiB | 403 | 314 |
| sshbuf.h | H A D | 24-Apr-2019 | 11.5 KiB | 347 | 161 |
| sshconnect.c | H A D | 24-Apr-2019 | 40.3 KiB | 1,430 | 1,110 |
| sshconnect.h | H A D | 24-Apr-2019 | 2.2 KiB | 56 | 20 |
| sshconnect2.c | H A D | 24-Apr-2019 | 59.9 KiB | 2,185 | 1,751 |
| sshd.8 | H A D | 24-Apr-2019 | 30.6 KiB | 994 | 993 |
| sshd.c | H A D | 24-Apr-2019 | 62.2 KiB | 2,323 | 1,660 |
| sshd_config | H A D | 24-Apr-2019 | 3 KiB | 117 | 93 |
| sshd_config.5 | H A D | 24-Apr-2019 | 50 KiB | 1,823 | 1,822 |
| ssherr.c | H A D | 24-Apr-2019 | 5 KiB | 148 | 129 |
| ssherr.h | H A D | 24-Apr-2019 | 3.3 KiB | 88 | 63 |
| sshkey-xmss.h | H A D | 24-Apr-2019 | 2.9 KiB | 57 | 28 |
| sshkey.c | H A D | 24-Apr-2019 | 101.8 KiB | 4,122 | 3,600 |
| sshkey.h | H A D | 24-Apr-2019 | 10.1 KiB | 279 | 214 |
| sshlogin.c | H A D | 24-Apr-2019 | 5.2 KiB | 171 | 96 |
| sshlogin.h | H A D | 22-Apr-2019 | 935 | 24 | 8 |
| sshpty.c | H A D | 24-Apr-2019 | 5.6 KiB | 230 | 162 |
| sshpty.h | H A D | 22-Apr-2019 | 1 KiB | 29 | 10 |
| sshtty.c | H A D | 22-Apr-2019 | 2.9 KiB | 97 | 52 |
| ttymodes.c | H A D | 24-Apr-2019 | 10.1 KiB | 457 | 334 |
| ttymodes.h | H A D | 22-Apr-2019 | 4.9 KiB | 170 | 104 |
| uidswap.c | H A D | 24-Apr-2019 | 7.1 KiB | 237 | 156 |
| uidswap.h | H A D | 24-Apr-2019 | 680 | 18 | 3 |
| umac.c | H A D | 24-Apr-2019 | 44.9 KiB | 1,283 | 769 |
| umac.h | H A D | 22-Apr-2019 | 4.6 KiB | 130 | 42 |
| umac128.c | H A D | 24-Apr-2019 | 274 | 11 | 7 |
| utf8.c | H A D | 24-Apr-2019 | 8.1 KiB | 341 | 228 |
| utf8.h | H A D | 22-Apr-2019 | 1.2 KiB | 26 | 8 |
| uuencode.c | H A D | 22-Apr-2019 | 2.9 KiB | 96 | 49 |
| uuencode.h | H A D | 22-Apr-2019 | 1.5 KiB | 30 | 3 |
| verify.c | H A D | 22-Apr-2019 | 668 | 50 | 40 |
| version.h | H A D | 24-Apr-2019 | 170 | 7 | 3 |
| xmalloc.c | H A D | 22-Apr-2019 | 2.4 KiB | 119 | 85 |
| xmalloc.h | H A D | 22-Apr-2019 | 1.1 KiB | 28 | 9 |
| xmss_fast.h | H A D | 24-Apr-2019 | 3.6 KiB | 112 | 50 |
README
1See https://www.openssh.com/releasenotes.html#8.0p1 for the release notes.
2
3Please read https://www.openssh.com/report.html for bug reporting
4instructions and note that we do not use Github for bug reporting or
5patch/pull-request management.
6
7This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other
8Unices.
9
10OpenSSH is based on the last free version of Tatu Ylonen's sample
11implementation with all patent-encumbered algorithms removed (to
12external libraries), all known security bugs fixed, new features
13reintroduced and many other clean-ups. OpenSSH has been created by
14Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
15and Dug Song. It has a homepage at https://www.openssh.com/
16
17This port consists of the re-introduction of autoconf support, PAM
18support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
19functions that are (regrettably) absent from other unices. This port
20has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
21FreeBSD, NetBSD, OpenBSD, OpenServer, Solaris and UnixWare.
22
23This version actively tracks changes in the OpenBSD CVS repository.
24
25The PAM support is now more functional than the popular packages of
26commercial ssh-1.2.x. It checks "account" and "session" modules for
27all logins, not just when using password authentication.
28
29OpenSSH depends on Zlib[3], OpenSSL[4], and optionally PAM[5] and
30libedit[6]
31
32There is now several mailing lists for this port of OpenSSH. Please
33refer to https://www.openssh.com/list.html for details on how to join.
34
35Please send bug reports and patches to the mailing list
36openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed
37users. Code contribution are welcomed, but please follow the OpenBSD
38style guidelines[7].
39
40Please refer to the INSTALL document for information on how to install
41OpenSSH on your system.
42
43Damien Miller <djm@mindrot.org>
44
45Miscellania -
46
47This version of OpenSSH is based upon code retrieved from the OpenBSD
48CVS repository which in turn was based on the last free sample
49implementation released by Tatu Ylonen.
50
51References -
52
53[0] https://www.openssh.com/
54[1] http://www.lothar.com/tech/crypto/
55[2] http://prngd.sourceforge.net/
56[3] https://www.zlib.net/
57[4] https://www.openssl.org/
58[5] https://www.openpam.org
59 https://www.kernel.org/pub/linux/libs/pam/
60 (PAM also is standard on Solaris and HP-UX 11)
61[6] https://thrysoee.dk/editline/ (portable version)
62[7] https://man.openbsd.org/style.9
63
README.DELETED
README.DRAGONFLY
README.dns
1How to verify host keys using OpenSSH and DNS
2---------------------------------------------
3
4OpenSSH contains support for verifying host keys using DNS as described in
5draft-ietf-secsh-dns-05.txt. The document contains very brief instructions
6on how to use this feature. Configuring DNS is out of the scope of this
7document.
8
9
10(1) Server: Generate and publish the DNS RR
11
12To create a DNS resource record (RR) containing a fingerprint of the
13public host key, use the following command:
14
15 ssh-keygen -r hostname -f keyfile -g
16
17where "hostname" is your fully qualified hostname and "keyfile" is the
18file containing the public host key file. If you have multiple keys,
19you should generate one RR for each key.
20
21In the example above, ssh-keygen will print the fingerprint in a
22generic DNS RR format parsable by most modern name server
23implementations. If your nameserver has support for the SSHFP RR
24you can omit the -g flag and ssh-keygen will print a standard SSHFP RR.
25
26To publish the fingerprint using the DNS you must add the generated RR
27to your DNS zone file and sign your zone.
28
29
30(2) Client: Enable ssh to verify host keys using DNS
31
32To enable the ssh client to verify host keys using DNS, you have to
33add the following option to the ssh configuration file
34($HOME/.ssh/config or /etc/ssh/ssh_config):
35
36 VerifyHostKeyDNS yes
37
38Upon connection the client will try to look up the fingerprint RR
39using DNS. If the fingerprint received from the DNS server matches
40the remote host key, the user will be notified.
41
42
43 Jakob Schlyter
44 Wesley Griffin
45
46
47$OpenBSD: README.dns,v 1.2 2003/10/14 19:43:23 jakob Exp $
48
README.tun
1How to use OpenSSH-based virtual private networks
2-------------------------------------------------
3
4OpenSSH contains support for VPN tunneling using the tun(4) network
5tunnel pseudo-device which is available on most platforms, either for
6layer 2 or 3 traffic.
7
8The following brief instructions on how to use this feature use
9a network configuration specific to the OpenBSD operating system.
10
11(1) Server: Enable support for SSH tunneling
12
13To enable the ssh server to accept tunnel requests from the client, you
14have to add the following option to the ssh server configuration file
15(/etc/ssh/sshd_config):
16
17 PermitTunnel yes
18
19Restart the server or send the hangup signal (SIGHUP) to let the server
20reread it's configuration.
21
22(2) Server: Restrict client access and assign the tunnel
23
24The OpenSSH server simply uses the file /root/.ssh/authorized_keys to
25restrict the client to connect to a specified tunnel and to
26automatically start the related interface configuration command. These
27settings are optional but recommended:
28
29 tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... reyk@openbsd.org
30
31(3) Client: Configure the local network tunnel interface
32
33Use the hostname.if(5) interface-specific configuration file to set up
34the network tunnel configuration with OpenBSD. For example, use the
35following configuration in /etc/hostname.tun0 to set up the layer 3
36tunnel on the client:
37
38 inet 192.168.5.1 255.255.255.252 192.168.5.2
39
40OpenBSD also supports layer 2 tunneling over the tun device by adding
41the link0 flag:
42
43 inet 192.168.1.78 255.255.255.0 192.168.1.255 link0
44
45Layer 2 tunnels can be used in combination with an Ethernet bridge(4)
46interface, like the following example for /etc/bridgename.bridge0:
47
48 add tun0
49 add sis0
50 up
51
52(4) Client: Configure the OpenSSH client
53
54To establish tunnel forwarding for connections to a specified
55remote host by default, use the following ssh client configuration for
56the privileged user (in /root/.ssh/config):
57
58 Host sshgateway
59 Tunnel yes
60 TunnelDevice 0:any
61 PermitLocalCommand yes
62 LocalCommand sh /etc/netstart tun0
63
64A more complicated configuration is possible to establish a tunnel to
65a remote host which is not directly accessible by the client.
66The following example describes a client configuration to connect to
67the remote host over two ssh hops in between. It uses the OpenSSH
68ProxyCommand in combination with the nc(1) program to forward the final
69ssh tunnel destination over multiple ssh sessions.
70
71 Host access.somewhere.net
72 User puffy
73 Host dmzgw
74 User puffy
75 ProxyCommand ssh access.somewhere.net nc dmzgw 22
76 Host sshgateway
77 Tunnel Ethernet
78 TunnelDevice 0:any
79 PermitLocalCommand yes
80 LocalCommand sh /etc/netstart tun0
81 ProxyCommand ssh dmzgw nc sshgateway 22
82
83The following network plan illustrates the previous configuration in
84combination with layer 2 tunneling and Ethernet bridging.
85
86+--------+ ( ) +----------------------+
87| Client |------( Internet )-----| access.somewhere.net |
88+--------+ ( ) +----------------------+
89 : 192.168.1.78 |
90 :............................. +-------+
91 Forwarded ssh connection : | dmzgw |
92 Layer 2 tunnel : +-------+
93 : |
94 : |
95 : +------------+
96 :......| sshgateway |
97 | +------------+
98--- real connection Bridge -> | +----------+
99... "virtual connection" [ X ]--------| somehost |
100[X] switch +----------+
101 192.168.1.25
102
103(5) Client: Connect to the server and establish the tunnel
104
105Finally connect to the OpenSSH server to establish the tunnel by using
106the following command:
107
108 ssh sshgateway
109
110It is also possible to tell the client to fork into the background after
111the connection has been successfully established:
112
113 ssh -f sshgateway true
114
115Without the ssh configuration done in step (4), it is also possible
116to use the following command lines:
117
118 ssh -fw 0:1 sshgateway true
119 ifconfig tun0 192.168.5.1 192.168.5.2 netmask 255.255.255.252
120
121Using OpenSSH tunnel forwarding is a simple way to establish secure
122and ad hoc virtual private networks. Possible fields of application
123could be wireless networks or administrative VPN tunnels.
124
125Nevertheless, ssh tunneling requires some packet header overhead and
126runs on top of TCP. It is still suggested to use the IP Security
127Protocol (IPSec) for robust and permanent VPN connections and to
128interconnect corporate networks.
129
130 Reyk Floeter
131
132$OpenBSD: README.tun,v 1.4 2006/03/28 00:12:31 deraadt Exp $
133