Start the process of splitting sshd into separate binaries. This step
splits sshd into a listener and a session binary. More splits are
planned.

After this changes, the listener binary will validate the configuration,
load the hostkeys, listen on port 22 and manage MaxStartups only. All
session handling will be performed by a new sshd-session binary that the
listener fork+execs.

This reduces the listener process to the minimum necessary and sets us
up for future work on the sshd-session binary.

feedback/ok markus@ deraadt@

NB. if you're updating via source, please restart sshd after installing,
otherwise you run the risk of locking yourself out.

enable ed25519 support; ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

Initial infrastructure for U2F/FIDO support

Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.

feedback & ok markus@

Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
ok djm@

more simplification and removal of SSHv1-related code; ok djm@

remove miscellaneous SSH1 leftovers; ok markus@

Remove fallback from moduli to "primes" file that was deprecated in 2001
and fix log messages referring to primes file. Based on patch from
xnox at ubuntu.com via bz#2559. "kill it" deraadt@

support ed25519 keys (hostkeys and user identities) using the public domain
ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@

use the existing _PATH_SSH_USER_RC define to construct the other
pathnames; bz#2077, ok dtucker@ (no binary change)

allow AuthorizedKeysFile to specify multiple files, separated by spaces.
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in sshd_config so it will
be no longer used on fresh installs. Maybe in 2015 we can remove it
entierly :)

feedback and ok markus@ dtucker@

remove support for authorized_keys2; it is a relic from the early days
of protocol v.2 support and has been undocumented for many years;
ok markus@

Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.

Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).

Certificate host and user keys using the new ECDSA key types are supported.

Note that this code has not been tested for interoperability and may be
subject to change.

feedback and ok markus@

correct comment

replace our obsolete smartcard code with PKCS#11.
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
provider (shared library) while ssh-agent(1) delegates PKCS#11 to
a forked a ssh-pkcs11-helper process.
PKCS#11 is currently a compile time option.
feedback and ok djm@; inspired by patches from Alon Bar-Lev

no need to escape single quotes in comments

standardise spacing in $OpenBSD$ tags; requested by deraadt@

branches: 1.15.6; 1.15.8;
spaces

branches: 1.14.2;
support for password change; ok dtucker@
(set password-dead=1w in login.conf to use this).

branches: 1.13.4; 1.13.6;
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication
in protocol v2 (needs to access the hostkeys).

branches: 1.12.2;
_PATH_PRIVSEP_CHROOT_DIR; ok provos@

move ssh config files to /etc/ssh

use only one path to X11 UNIX domain socket vs. an array of paths
to try. report from djast@cs.toronto.edu. ok markus@

branches: 1.9.2;
get rid of known_hosts2, use it for hostkey lookup, but do not modify.

merge authorized_keys2 into authorized_keys.
authorized_keys2 is used for backward compat.
(just append authorized_keys2 to authorized_keys).

use /etc/moduli instead of /etc/primes, okay markus@

move the path for xauth to pathnames.h

branches: 1.5.2;
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)

branches: 1.4.2; 1.4.4;
_PATH_LS; ok markus@

allow sftp over ssh protocol 1; ok djm@

$OpenBSD$

move ssh1 definitions to ssh1.h, pathnames to pathnames.h

enable ed25519 support; ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

Initial infrastructure for U2F/FIDO support

Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.

feedback & ok markus@

Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
ok djm@

more simplification and removal of SSHv1-related code; ok djm@

remove miscellaneous SSH1 leftovers; ok markus@

Remove fallback from moduli to "primes" file that was deprecated in 2001
and fix log messages referring to primes file. Based on patch from
xnox at ubuntu.com via bz#2559. "kill it" deraadt@

support ed25519 keys (hostkeys and user identities) using the public domain
ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@

use the existing _PATH_SSH_USER_RC define to construct the other
pathnames; bz#2077, ok dtucker@ (no binary change)

allow AuthorizedKeysFile to specify multiple files, separated by spaces.
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in sshd_config so it will
be no longer used on fresh installs. Maybe in 2015 we can remove it
entierly :)

feedback and ok markus@ dtucker@

remove support for authorized_keys2; it is a relic from the early days
of protocol v.2 support and has been undocumented for many years;
ok markus@

Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.

Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).

Certificate host and user keys using the new ECDSA key types are supported.

Note that this code has not been tested for interoperability and may be
subject to change.

feedback and ok markus@

correct comment

replace our obsolete smartcard code with PKCS#11.
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
provider (shared library) while ssh-agent(1) delegates PKCS#11 to
a forked a ssh-pkcs11-helper process.
PKCS#11 is currently a compile time option.
feedback and ok djm@; inspired by patches from Alon Bar-Lev

no need to escape single quotes in comments

standardise spacing in $OpenBSD$ tags; requested by deraadt@

branches: 1.15.6; 1.15.8;
spaces

branches: 1.14.2;
support for password change; ok dtucker@
(set password-dead=1w in login.conf to use this).

branches: 1.13.4; 1.13.6;
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication
in protocol v2 (needs to access the hostkeys).

branches: 1.12.2;
_PATH_PRIVSEP_CHROOT_DIR; ok provos@

move ssh config files to /etc/ssh

use only one path to X11 UNIX domain socket vs. an array of paths
to try. report from djast@cs.toronto.edu. ok markus@

branches: 1.9.2;
get rid of known_hosts2, use it for hostkey lookup, but do not modify.

merge authorized_keys2 into authorized_keys.
authorized_keys2 is used for backward compat.
(just append authorized_keys2 to authorized_keys).

use /etc/moduli instead of /etc/primes, okay markus@

move the path for xauth to pathnames.h

branches: 1.5.2;
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)

branches: 1.4.2; 1.4.4;
_PATH_LS; ok markus@

allow sftp over ssh protocol 1; ok djm@

$OpenBSD$

move ssh1 definitions to ssh1.h, pathnames to pathnames.h

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

Initial infrastructure for U2F/FIDO support

Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.

feedback & ok markus@

Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
ok djm@

more simplification and removal of SSHv1-related code; ok djm@

remove miscellaneous SSH1 leftovers; ok markus@

Remove fallback from moduli to "primes" file that was deprecated in 2001
and fix log messages referring to primes file. Based on patch from
xnox at ubuntu.com via bz#2559. "kill it" deraadt@

support ed25519 keys (hostkeys and user identities) using the public domain
ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@

use the existing _PATH_SSH_USER_RC define to construct the other
pathnames; bz#2077, ok dtucker@ (no binary change)

allow AuthorizedKeysFile to specify multiple files, separated by spaces.
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in sshd_config so it will
be no longer used on fresh installs. Maybe in 2015 we can remove it
entierly :)

feedback and ok markus@ dtucker@

remove support for authorized_keys2; it is a relic from the early days
of protocol v.2 support and has been undocumented for many years;
ok markus@

Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.

Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).

Certificate host and user keys using the new ECDSA key types are supported.

Note that this code has not been tested for interoperability and may be
subject to change.

feedback and ok markus@

correct comment

replace our obsolete smartcard code with PKCS#11.
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
provider (shared library) while ssh-agent(1) delegates PKCS#11 to
a forked a ssh-pkcs11-helper process.
PKCS#11 is currently a compile time option.
feedback and ok djm@; inspired by patches from Alon Bar-Lev

no need to escape single quotes in comments

standardise spacing in $OpenBSD$ tags; requested by deraadt@

branches: 1.15.6; 1.15.8;
spaces

branches: 1.14.2;
support for password change; ok dtucker@
(set password-dead=1w in login.conf to use this).

branches: 1.13.4; 1.13.6;
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication
in protocol v2 (needs to access the hostkeys).

branches: 1.12.2;
_PATH_PRIVSEP_CHROOT_DIR; ok provos@

move ssh config files to /etc/ssh

use only one path to X11 UNIX domain socket vs. an array of paths
to try. report from djast@cs.toronto.edu. ok markus@

branches: 1.9.2;
get rid of known_hosts2, use it for hostkey lookup, but do not modify.

merge authorized_keys2 into authorized_keys.
authorized_keys2 is used for backward compat.
(just append authorized_keys2 to authorized_keys).

use /etc/moduli instead of /etc/primes, okay markus@

move the path for xauth to pathnames.h

branches: 1.5.2;
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)

branches: 1.4.2; 1.4.4;
_PATH_LS; ok markus@

allow sftp over ssh protocol 1; ok djm@

$OpenBSD$

move ssh1 definitions to ssh1.h, pathnames to pathnames.h

Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
ok djm@

more simplification and removal of SSHv1-related code; ok djm@

remove miscellaneous SSH1 leftovers; ok markus@

Remove fallback from moduli to "primes" file that was deprecated in 2001
and fix log messages referring to primes file. Based on patch from
xnox at ubuntu.com via bz#2559. "kill it" deraadt@

support ed25519 keys (hostkeys and user identities) using the public domain
ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@

use the existing _PATH_SSH_USER_RC define to construct the other
pathnames; bz#2077, ok dtucker@ (no binary change)

allow AuthorizedKeysFile to specify multiple files, separated by spaces.
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in sshd_config so it will
be no longer used on fresh installs. Maybe in 2015 we can remove it
entierly :)

feedback and ok markus@ dtucker@

remove support for authorized_keys2; it is a relic from the early days
of protocol v.2 support and has been undocumented for many years;
ok markus@

Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.

Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).

Certificate host and user keys using the new ECDSA key types are supported.

Note that this code has not been tested for interoperability and may be
subject to change.

feedback and ok markus@

correct comment

replace our obsolete smartcard code with PKCS#11.
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
provider (shared library) while ssh-agent(1) delegates PKCS#11 to
a forked a ssh-pkcs11-helper process.
PKCS#11 is currently a compile time option.
feedback and ok djm@; inspired by patches from Alon Bar-Lev

no need to escape single quotes in comments

standardise spacing in $OpenBSD$ tags; requested by deraadt@

branches: 1.15.6; 1.15.8;
spaces

branches: 1.14.2;
support for password change; ok dtucker@
(set password-dead=1w in login.conf to use this).

branches: 1.13.4; 1.13.6;
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication
in protocol v2 (needs to access the hostkeys).

branches: 1.12.2;
_PATH_PRIVSEP_CHROOT_DIR; ok provos@

move ssh config files to /etc/ssh

use only one path to X11 UNIX domain socket vs. an array of paths
to try. report from djast@cs.toronto.edu. ok markus@

branches: 1.9.2;
get rid of known_hosts2, use it for hostkey lookup, but do not modify.

merge authorized_keys2 into authorized_keys.
authorized_keys2 is used for backward compat.
(just append authorized_keys2 to authorized_keys).

use /etc/moduli instead of /etc/primes, okay markus@

move the path for xauth to pathnames.h

branches: 1.5.2;
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)

branches: 1.4.2; 1.4.4;
_PATH_LS; ok markus@

allow sftp over ssh protocol 1; ok djm@

$OpenBSD$

move ssh1 definitions to ssh1.h, pathnames to pathnames.h

more simplification and removal of SSHv1-related code; ok djm@

remove miscellaneous SSH1 leftovers; ok markus@

Remove fallback from moduli to "primes" file that was deprecated in 2001
and fix log messages referring to primes file. Based on patch from
xnox at ubuntu.com via bz#2559. "kill it" deraadt@

support ed25519 keys (hostkeys and user identities) using the public domain
ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@

use the existing _PATH_SSH_USER_RC define to construct the other
pathnames; bz#2077, ok dtucker@ (no binary change)

allow AuthorizedKeysFile to specify multiple files, separated by spaces.
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in sshd_config so it will
be no longer used on fresh installs. Maybe in 2015 we can remove it
entierly :)

feedback and ok markus@ dtucker@

remove support for authorized_keys2; it is a relic from the early days
of protocol v.2 support and has been undocumented for many years;
ok markus@

Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.

Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).

Certificate host and user keys using the new ECDSA key types are supported.

Note that this code has not been tested for interoperability and may be
subject to change.

feedback and ok markus@

correct comment

replace our obsolete smartcard code with PKCS#11.
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
provider (shared library) while ssh-agent(1) delegates PKCS#11 to
a forked a ssh-pkcs11-helper process.
PKCS#11 is currently a compile time option.
feedback and ok djm@; inspired by patches from Alon Bar-Lev

no need to escape single quotes in comments

standardise spacing in $OpenBSD$ tags; requested by deraadt@

branches: 1.15.6; 1.15.8;
spaces

branches: 1.14.2;
support for password change; ok dtucker@
(set password-dead=1w in login.conf to use this).

branches: 1.13.4; 1.13.6;
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication
in protocol v2 (needs to access the hostkeys).

branches: 1.12.2;
_PATH_PRIVSEP_CHROOT_DIR; ok provos@

move ssh config files to /etc/ssh

use only one path to X11 UNIX domain socket vs. an array of paths
to try. report from djast@cs.toronto.edu. ok markus@

branches: 1.9.2;
get rid of known_hosts2, use it for hostkey lookup, but do not modify.

merge authorized_keys2 into authorized_keys.
authorized_keys2 is used for backward compat.
(just append authorized_keys2 to authorized_keys).

use /etc/moduli instead of /etc/primes, okay markus@

move the path for xauth to pathnames.h

branches: 1.5.2;
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)

branches: 1.4.2; 1.4.4;
_PATH_LS; ok markus@

allow sftp over ssh protocol 1; ok djm@

$OpenBSD$

move ssh1 definitions to ssh1.h, pathnames to pathnames.h