diff options
| author | Damien Miller <djm@mindrot.org> | 2008-05-19 15:34:50 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2008-05-19 15:34:50 +1000 |
| commit | 7207f64a23a49a719aad3083c068f50e5034ccb8 (patch) | |
| tree | 7ce6e49ae0713fad145ea9feb0181ec4d250ed75 /ChangeLog | |
| parent | 9417831eced03242e283e30286ac06ca2ce6d83e (diff) | |
- djm@cvs.openbsd.org 2008/05/08 12:21:16
[monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c]
[sshd_config sshd_config.5]
Make the maximum number of sessions run-time controllable via
a sshd_config MaxSessions knob. This is useful for disabling
login/shell/subsystem access while leaving port-forwarding working
(MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
simply increasing the number of allows multiplexed sessions.
Because some bozos are sure to configure MaxSessions in excess of the
number of available file descriptors in sshd (which, at peak, might be
as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
on error paths, and make it fail gracefully on out-of-fd conditions -
sending channel errors instead of than exiting with fatal().
bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
ok markus@
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 17 |
1 files changed, 16 insertions, 1 deletions
| @@ -77,6 +77,21 @@ | |||
| 77 | shouldn't happen in compliant implementations, but it could be | 77 | shouldn't happen in compliant implementations, but it could be |
| 78 | abused to leak memory. | 78 | abused to leak memory. |
| 79 | ok markus@ (as part of a larger diff) | 79 | ok markus@ (as part of a larger diff) |
| 80 | - djm@cvs.openbsd.org 2008/05/08 12:21:16 | ||
| 81 | [monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c] | ||
| 82 | [sshd_config sshd_config.5] | ||
| 83 | Make the maximum number of sessions run-time controllable via | ||
| 84 | a sshd_config MaxSessions knob. This is useful for disabling | ||
| 85 | login/shell/subsystem access while leaving port-forwarding working | ||
| 86 | (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or | ||
| 87 | simply increasing the number of allows multiplexed sessions. | ||
| 88 | Because some bozos are sure to configure MaxSessions in excess of the | ||
| 89 | number of available file descriptors in sshd (which, at peak, might be | ||
| 90 | as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds | ||
| 91 | on error paths, and make it fail gracefully on out-of-fd conditions - | ||
| 92 | sending channel errors instead of than exiting with fatal(). | ||
| 93 | bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com | ||
| 94 | ok markus@ | ||
| 80 | 95 | ||
| 81 | 20080403 | 96 | 20080403 |
| 82 | - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- | 97 | - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- |
| @@ -3937,4 +3952,4 @@ | |||
| 3937 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 3952 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 3938 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 3953 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 3939 | 3954 | ||
| 3940 | $Id: ChangeLog,v 1.4922 2008/05/19 05:28:35 djm Exp $ | 3955 | $Id: ChangeLog,v 1.4923 2008/05/19 05:34:50 djm Exp $ |