diff options
author | Darren Tucker <dtucker@zip.com.au> | 2008-06-11 09:34:01 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-11 09:34:01 +1000 |
commit | 8901fa9c88d52ac1f099e7a3ce5bd75089e7e731 (patch) | |
tree | b8d241457d1c0abc2cbfb901f861864bd6940764 /ChangeLog | |
parent | c9807e825a83df6d95ae7e0390c34ab71321f30b (diff) |
- djm@cvs.openbsd.org 2008/06/10 22:15:23
[PROTOCOL ssh.c serverloop.c]
Add a no-more-sessions@openssh.com global request extension that the
client sends when it knows that it will never request another session
(i.e. when session multiplexing is disabled). This allows a server to
disallow further session requests and terminate the session.
Why would a non-multiplexing client ever issue additional session
requests? It could have been attacked with something like SSH'jack:
http://www.storm.net.nz/projects/7
feedback & ok markus
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -41,6 +41,16 @@ | |||
41 | - dtucker@cvs.openbsd.org 2008/06/10 18:21:24 | 41 | - dtucker@cvs.openbsd.org 2008/06/10 18:21:24 |
42 | [ssh_config.5] | 42 | [ssh_config.5] |
43 | clarify that Host patterns are space-separated. ok deraadt | 43 | clarify that Host patterns are space-separated. ok deraadt |
44 | - djm@cvs.openbsd.org 2008/06/10 22:15:23 | ||
45 | [PROTOCOL ssh.c serverloop.c] | ||
46 | Add a no-more-sessions@openssh.com global request extension that the | ||
47 | client sends when it knows that it will never request another session | ||
48 | (i.e. when session multiplexing is disabled). This allows a server to | ||
49 | disallow further session requests and terminate the session. | ||
50 | Why would a non-multiplexing client ever issue additional session | ||
51 | requests? It could have been attacked with something like SSH'jack: | ||
52 | http://www.storm.net.nz/projects/7 | ||
53 | feedback & ok markus | ||
44 | - (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6 | 54 | - (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6 |
45 | since the new CIDR code in addmatch.c references it. | 55 | since the new CIDR code in addmatch.c references it. |
46 | - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6 | 56 | - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6 |
@@ -4133,4 +4143,4 @@ | |||
4133 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 4143 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
4134 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 4144 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
4135 | 4145 | ||
4136 | $Id: ChangeLog,v 1.4961 2008/06/10 23:33:01 dtucker Exp $ | 4146 | $Id: ChangeLog,v 1.4962 2008/06/10 23:34:01 dtucker Exp $ |