Age | Commit message (Collapse) | Author |
|
Use xcalloc for permitted_adm_opens instead of xmalloc to
ensure it's zeroed. Fixes post-auth crash with permitopen=none. bz#2355, ok
djm@
|
|
don't choke on new-format private keys encrypted with an
AEAD cipher; bz#2366, patch from Ron Frederick; ok markus@
|
|
Clarify pseudo-terminal request behaviour and use
"pseudo-terminal" consistently. bz#1716, ok jmc@ "I like it" deraadt@.
|
|
Blacklist DH-GEX for specific PuTTY versions known to
send non-RFC4419 DH-GEX messages rather than all versions of PuTTY.
According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX
messages. ok djm@
|
|
WinSCP doesn't implement RFC4419 DH-GEX so flag it so we
don't offer that KEX method. ok markus@
|
|
use the sizeof the struct not the sizeof a pointer to the
struct in ssh_digest_start()
This file is only used if ssh is built with OPENSSL=no
ok markus@
|
|
This might help with the reported problem cross compiling for Android
("error: expected identifier or '(' before numeric constant") but
shouldn't hurt in any case.
|
|
|
|
Allow ListenAddress, Port and AddressFamily in any
order. bz#68, ok djm@, jmc@ (for the man page bit).
|
|
enviroment -> environment: apologies to darren for not
spotting that first time round...
|
|
Fix typo in previous
|
|
Document that the TERM environment variable is not
subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from
jjelen at redhat, help and ok jmc@
|
|
Make sshd default to PermitRootLogin=no; ok deraadt@
rpe@
|
|
fix compilation with OPENSSL=no; ok dtucker@
|
|
Include stdio.h for FILE (used in sshkey.h) so it
compiles with OPENSSL=no.
|
|
allow "sshd -f none" to skip reading the config file,
much like "ssh -F none" does. ok dtucker
|
|
combine -Dd onto one line and update usage();
|
|
add ssh-agent -D to leave ssh-agent in foreground
without enabling debug mode; bz#2381 ok dtucker@
|
|
2*len -> use xreallocarray() ok djm
|
|
rename xrealloc() to xreallocarray() since it follows
that form. ok djm
|
|
Two small fixes for sshd -T: ListenAddress'es are added
to a list head so reverse the order when printing them to ensure the
behaviour remains the same, and print StreamLocalBindMask as octal with
leading zero. ok deraadt@
|
|
Check for and reject missing arguments for
VersionAddendum and ForceCommand. bz#2281, patch from plautrba at redhat com,
ok djm@
|
|
unknown certificate extensions are non-fatal, so don't
fatal when they are encountered; bz#2387 reported by Bob Van Zant; ok
dtucker@
|
|
Add back a backslash removed in rev 1.42 so
KEX_SERVER_ENCRYPT will include aes again.
ok deraadt@
|
|
s/recommended/required/ that private keys be og-r this
wording change was made a while ago but got accidentally reverted
|
|
don't try to cleanup NULL KEX proposals in
kex_prop_free(); found by Jukka Taimisto and Markus Hietava
|
|
use error/logit/fatal instead of fprintf(stderr, ...)
and exit(0), fix a few errors that were being printed to stdout instead of
stderr and a few non-errors that were going to stderr instead of stdout
bz#2325; ok dtucker
|
|
debug log missing DISPLAY environment when X11
forwarding requested; bz#1682 ok dtucker@
|
|
don't call record_login() in monitor when UseLogin is
enabled; bz#278 reported by drk AT sgi.com; ok dtucker
|
|
Add some missing options to sshd -T and fix the output
of VersionAddendum HostCertificate. bz#2346, patch from jjelen at redhat
com, ok djm.
|
|
Document "none" for PidFile XAuthLocation
TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@
|
|
Plug leak of address passed to logging. bz#2373, patch
from jjelen at redhat, ok markus@
|
|
Output remote username in debug output since with Host
and Match it's not always obvious what it will be. bz#2368, ok djm@
|
|
Part of bz#2346, patch from jjelen at redhat com.
|
|
|
|
This changes configure.ac to look for '${host}-ar' as set by
AC_CANONICAL_HOST before looking for the unprefixed 'ar'.
Useful when cross-compiling when all your binutils are prefixed.
Patch from moben at exherbo org via astrand at lysator liu se and
bz#2352.
|
|
|
|
|
|
|
|
deprecate ancient, pre-RFC4419 and undocumented
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
reasonable" dtucker@
|
|
Don't send hostkey advertisments
(hostkeys-00@openssh.com) to current versions of Tera Term as they can't
handle them. Newer versions should be OK. Patch from Bryan Drewery and
IWAMOTO Kouichi, ok djm@
|
|
include port number if a non-default one has been
specified; based on patch from Michael Handler
|
|
treat Protocol=1,2|2,1 as Protocol=2 when compiled
without SSH1 support; ok dtucker@ millert@
|
|
Do not use int for sig_atomic_t; spotted by
christos@netbsd; ok markus@
|
|
From FreeBSD.
|
|
|
|
Patch from Bryan Drewery.
|
|
correct return value in pubkey parsing, spotted by Ben Hawkes
ok markus@
|
|
adapt to recent hostfile.c change: when parsing
known_hosts without fully parsing the keys therein, hostkeys_foreach() will
now correctly identify KEY_RSA1 keys; ok markus@ miod@
|
|
use ${SSH} for -Q instead of installed ssh
|