on a local port), the `Auto' protocol option on the Tunnels panel
should always produce a port you can connect to in _either_ of IPv4
and v6, because the aim is for the user not to have to know or care
which one they're using. This was not the case on Windows, and now
is. Also, updated the docs to give more detail on issues like this.
[originally from svn r5083]
exchange. Without doing this, after we have done one specific-group
DH exchange (group1 or group14), ssh2_pkt_type _always_ translates
30 and 31 as KEXDH_INIT and KEXDH_REPLY, making a subsequent
group-exchange kex look rather strange in an SSH packet log.
[originally from svn r5081]
meaning of BellOverload{T,S} in Unix saved sessions. Add a Unix-
specific backwards compatibility wart to settings.c to compensate.
Of course when I do the serious config format revamp, I will ensure
that no config item depends on internal #defines (these time
intervals will be specified as a floating-point number of seconds)
and this horror will be relegated to the old-config-compatibility
code.
[originally from svn r5080]
INFO_REQUESTs, and for some reason Debian OpenSSH is sending INFO_REQUESTs
containing no prompts after a normal password authentication, so this
should fix Shai's problem.
[originally from svn r5078]
[r5068 == 297ee2573e]
[this svn revision also touched putty-wishlist]
`%proxyport' in addition to the other things it interpolates. This
is useful when using the Unix-only `Local' proxy type: it allows me
to, for example, set up a proxy command such as
ssh %proxyhost nc -q0 %host %port
and then enter the name of the proxy machine in `Proxy hostname',
which makes it marginally more convenient to quickly change to using
a different proxy to get at the same target.
I haven't documented this, because we currently don't document the
Local proxy type at all. Possibly we should, though.
[originally from svn r5073]
SSH connection when we're in the middle of asking the user a
dialog-box-type question. Fixes `unix-kex-packet', which has just
bitten me when connecting to one of the work Suns.
[originally from svn r5071]
[this svn revision also touched putty-wishlist]
long as the server offers it, rather than only once, unless the server responds
to our initial USERAUTH_REQUEST("keyboard-interactive") with FAILURE, in which
case we give up on it entirely.
[originally from svn r5068]
[this svn revision also touched putty-wishlist]
mid-session in SSH2: this forces an immediate rekey to activate the
new settings. I'm not sure exactly what this will be useful for
(except possibly it might make comparative performance testing
easier?), but it has wonderful James Bond value for being able to
switch to a more secure cipher before doing anything sensitive :-)
If, that is, you weren't using the most secure one to begin with...
[originally from svn r5051]
to be destroying old ones _before_ creating new ones, so that we can
reuse a port for a new purpose without colliding with ourselves.
Also fixed port forwarding, which my IPv6 checkin had completely
funted :-)
[originally from svn r5049]
of polishing to bring them to what I think should in principle be
release quality. Unlike the unfix.org patches themselves, this
checkin enables IPv6 by default; if you want to leave it out, you
have to build with COMPAT=-DNO_IPV6.
I have tested that this compiles on Visual C 7 (so the nightlies
_should_ acquire IPv6 support without missing a beat), but since I
don't have IPv6 set up myself I haven't actually tested that it
_works_. It still seems to make correct IPv4 connections, but that's
all I've been able to verify for myself. Further testing is needed.
[originally from svn r5047]
[this svn revision also touched putty-wishlist]
of directory recursion was a strategic error: it obfuscates
sftp_{get,put}_file(), and also it makes it very hard to handle
subdirectory wildcards such as `foo/*'. Accordingly, here's a
completely different approach, in which sftp_{get,put}_file() are
still responsible for directory recursion, but wildcards are
expanded in sftp_general_{get,put}() before being passed thereto.
Subdirectory wildcards are now handled consistently across Unix,
Windows and the remote server.
[originally from svn r5045]
to manipulate settings they can't see so could lead to confusion. (Also remove
"Delete" button for some sort of UI consistency even though it's harmless.)
Also conditionalise other aspects of sessionsaver_handler() that don't make
sense mid-session.
[originally from svn r5043]
mid-session if we are not using SSHv1. I've done this by introducing
a generic `cfg_info' function which every back end can use to
communicate an int's worth of data to setup_config_box; in SSH
that's the protocol version in use, and in everything else it's
currently zero.
[originally from svn r5040]
[r5031 == d77102a8d5]
IPv6-unrelated changes, which convert ints into unsigned in a few
key places in ssh.c. Looks harmless at worst, possibly terribly
useful, so I think we'll have these no matter what the real IPv6
stuff is up to!
[originally from svn r5038]
the difficult questions about when it's sensible to offer the option
of saving to the slot we loaded from: _we never do_. The user must
always explicitly specify a slot to save to.
[originally from svn r5035]
[this svn revision also touched putty-wishlist]
bit is working out when to reschedule the next rekey for when the
timeout or data limit changes; sometimes it will be _right now_
because we're already over the new limit.
Still to do: the Kex panel should not appear in mid-session if we
are using SSHv1.
[originally from svn r5031]
Change Settings, the port forwarding setup function is run again,
and tags all existing port forwardings as `do not keep'. Then it
iterates through the config in the normal way; when it encounters a
port forwarding which is already in the tree, it tags it `keep'
rather than setting it up from scratch. Finally, it goes through the
tree and removes any that haven't been labelled `keep'. Hence,
editing the list of forwardings in Change Settings has the effect of
cancelling any forwardings you remove, and adding any new ones.
The SSH panel now appears in the reconfig box, and is empty apart
from a message explaining that it has to be there for subpanels of
it to exist. Better wording for this message would be welcome.
[originally from svn r5030]
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
(which will gain more content anon).
Retire BUG_SSH2_DH_GEX and add a backwards-compatibility wart, since we never
did find a way of automatically detecting this alleged server bug, and in any
case there was only ever one report (<3D91F3B5.7030309@inwind.it>, FWIW).
Also generalise askcipher() to a new askalg() (thus touching all the
front-ends).
I've made some attempt to document what SSH key exchange is and why you care,
but it could use some review for clarity (and outright lies).
[originally from svn r5022]
to call _either_ do_text() _or_ do_cursor() on a given character
cell. In fact you're supposed to call do_text() no matter what, and
then call do_cursor() as well if it's got the cursor on it, since
do_cursor() _only_ draws the actual cursor, which often doesn't also
cause the text to get drawn.
I'm half tempted to change this in the interface, retire do_cursor()
as an external function and relegate it to an internal function in
each front end, and require that do_text() must fully process all
cursor attributes it is passed. However, I haven't done this yet.
[originally from svn r5017]
Simon Tatham
Jacob Nevins
Ben Harris