aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssh/src/ssh_transport.erl
AgeCommit message (Collapse)Author
2015-05-29ssh: Check e and f parameters in kexdhHans Nilsson
rfc 4253 says in section 8 that: "Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be sent or accepted by either side. If this condition is violated, the key exchange fails." This commit implements the reception check.
2015-05-29ssh: Set max num algoritms in msg_kexinit negotiationHans
This is to prevent some dos-attac scenarios. The limit is hard-coded.
2015-04-21ssh: added id_string option for server and clientHans Nilsson
For limiting Banner Grabbing attempts.
2014-09-24ssh: Gracefully handle incorrect versionsIngela Anderton Andin
Conflicts: lib/ssh/test/ssh_connection_SUITE.erl
2014-08-28SSH: only enable ciphers/MACs when they are available in cryptoAlex Wilson
Also adjusts tests to only expect a positive outcome when crypto supports the relevant base ciphers/MACs.
2014-06-10SSH: add support for aes128-ctr and hmac-sha2-256Alex Wilson
This cipher and hmac are RECOMMENDED as per RFC4344 and RFC6668. RFC4344 notes that aes128-ctr is likely to be promoted to REQUIRED in the near future. Some distros of Linux and Illumos are already shipping with aes128-cbc and 3des-cbc disabled by default due to security concerns around chosen-plaintext attacks and other information leaks. Without this patch, OTP SSH cannot connect to these SSH servers in their default configuration.
2013-11-13ssh: Merge connection_manager and connection_handler processesIngela Anderton Andin
Also start adding dialyzer specs and removing dead code
2013-11-13ssh: Remove use of process dictionaryIngela Anderton Andin
This is step one in in making ssh process structure less complicated. As an effect I also found other simplifications/clean ups of the code that could be done.
2013-06-20Add openssh_zlib compression type to ssh_transportLouis-Philippe Gauthier
http://www.openssh.org/txt/draft-miller-secsh-compression-delayed-00.txt
2013-05-22crypto,ssh, netconf, inets: binary_to_integer -> bytes_to_integerIngela Anderton Andin
2013-05-20ssh & crypto: Remove use of deprecated crypto functions from sshIngela Anderton Andin
2013-02-22Update copyright yearsBjörn-Egil Dahlberg
2013-02-15Added event/3 and clarified error messageFredrik Gustafsson
2013-02-15Error msg to be returned together with Key exchange failedFredrik Gustafsson
2013-02-15Returning the actual reason why key exchange failedFredrik Gustafsson
2012-12-13ssh: Document and clean up SSH behavioursIngela Anderton Andin
2012-11-15Fixed user interaction sshFredrik Gustafsson
2012-02-28Prevent client hanging. (OTP-8111)Ingela Anderton Andin
Restored supervisor tree so that error propagation will work as intended, although connection processes are set to temporary, instead of permanent with restart times set to 0, and termination of the connection subtree is initiated by a temporary process spawned by ssh_connection_managers terminate. This is done to avoid unwanted supervisor reports. Pherhaps we need some new supervisor functionality.
2012-02-10Cleaned up code so that ssh_file can become a template for a documentedIngela Anderton Andin
ssh_keys behavior
2012-02-10Ssh daemon handles RSA host keysIngela Anderton Andin
Solves OTP-7677
2012-02-10Removed no longer needed codeIngela Anderton Andin
2012-02-10Use the public_key application for all public key handlingIngela Anderton Andin
Also improved test suites to avoid copying of users keys to test server directories as this is a security liability
2011-01-17OTP-9031 - SSH did not handle the error reason enetunreach when trying to ↵Niclas Eklund
open a IPv6 connection.
2010-04-21New branch for ssh-2.0 and laterNiclas Eklund
2009-11-20The R13B03 release.OTP_R13B03Erlang/OTP