Age | Commit message (Collapse) | Author |
|
- Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see
http://www.securityfocus.com/bid/28531/info).
- Add no-user-rc authorized_keys option to disable execution of
~/.ssh/rc.
|
|
confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945).
|
|
configurations (LP: #211400).
|
|
- CVE-2008-1483: Don't use X11 forwarding port which can't be bound on
all address families, preventing hijacking of X11 forwarding by
|
|
|
|
|
|
|
|
SSHD_OOM_ADJUST in /etc/default/ssh to change this (closes: #341767).
|
|
|
|
openssh-server.preinst.
|
|
|
|
- Don't use X11 forwarding port which can't be bound on all address
families (closes: #463011).
|
|
(closes: #471437).
|
|
- Update Finnish (thanks, Esko Arajärvi; closes: #468563).
|
|
|
|
|
|
|
|
SSHD_PAM_SERVICE (closes: #255870).
|
|
|
|
get_default_context_with_level (LP: #188136).
|
|
|
|
line, e.g. '/etc/init.d/ssh start "-o PermitRootLogin=yes"' (thanks,
Marc Haber; closes: #458547).
|
|
- Use the correct packet maximum sizes for remote port and agent
forwarding. Prevents the server from killing the connection if too
much data is queued and an excessively large packet gets sent
(https://bugzilla.mindrot.org/show_bug.cgi?id=1360).
|
|
|
|
|
|
- Remove support for building with GNOME 1. This allows simplification
of our GNOME build-dependencies (see #460136).
- Remove hacks to support the old PAM configuration scheme.
- Remove compatibility for building without po-debconf.
* Build-depend on libgtk2.0-dev rather than libgnomeui-dev. As far as I
can see, the GTK2 version of ssh-askpass-gnome has never required
libgnomeui-dev.
|
|
(closes: #460136).
|
|
groff (closes: #460121).
|
|
http://www.openssh.org/ (thanks, Dan Jacobson; mentioned in #459807).
|
|
|
|
|
|
|
|
.desktop file is intentionally not installed (see 1:3.8.1p1-10).
|
|
|
|
|
|
sshd_config(5) (closes: #327886, #345628).
|
|
|
|
|
|
|
|
easier.
|
|
|
|
|
|
(closes: #453285).
|
|
- Includes documentation on copying files with colons using scp
(closes: #303453).
|
|
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
creation of an untrusted cookie fails; found and fixed by Jan Pechanec
(closes: #444738).
- sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
installations are unchanged.
- The SSH channel window size has been increased, and both ssh(1)
sshd(8) now send window updates more aggressively. These improves
performance on high-BDP (Bandwidth Delay Product) networks.
- ssh(1) and sshd(8) now preserve MAC contexts between packets, which
saves 2 hash calls per packet and results in 12-16% speedup for
arcfour256/hmac-md5.
- A new MAC algorithm has been added, UMAC-64 (RFC4418) as
"umac-64@openssh.com". UMAC-64 has been measured to be approximately
20% faster than HMAC-MD5.
- Failure to establish a ssh(1) TunnelForward is now treated as a fatal
error when the ExitOnForwardFailure option is set.
- ssh(1) returns a sensible exit status if the control master goes away
without passing the full exit status.
- When using a ProxyCommand in ssh(1), set the outgoing hostname with
gethostname(2), allowing hostbased authentication to work.
- Make scp(1) skip FIFOs rather than hanging (closes: #246774).
- Encode non-printing characters in scp(1) filenames. These could cause
copies to be aborted with a "protocol error".
- Handle SIGINT in sshd(8) privilege separation child process to ensure
that wtmp and lastlog records are correctly updated.
- Report GSSAPI mechanism in errors, for libraries that support multiple
mechanisms.
- Improve documentation for ssh-add(1)'s -d option.
- Rearrange and tidy GSSAPI code, removing server-only code being linked
into the client.
- Delay execution of ssh(1)'s LocalCommand until after all forwardings
have been established.
- In scp(1), do not truncate non-regular files.
- Improve exit message from ControlMaster clients.
- Prevent sftp-server(8) from reading until it runs out of buffer space,
whereupon it would exit with a fatal error (closes: #365541).
- pam_end() was not being called if authentication failed
(closes: #405041).
- Manual page datestamps updated (closes: #433181).
|
|
|
|
|
|
|
|
rather than Matthew.
|
|
|