Age | Commit message (Collapse) | Author |
|
insomnia-fueled commits last night
OpenBSD-Commit-ID: 26f23622e928996086e85b1419cc1c0f136e359c
|
|
OpenBSD-Regress-ID: ab12eb42f0e14926980441cf7c058a6d1d832ea5
|
|
authorized_keys lines that contained permitopen/permitlisten were being
treated as invalid.
OpenBSD-Commit-ID: 7ef41d63a5a477b405d142dc925b67d9e7aaa31b
|
|
static limits noted by gerhard@; ok dtucker@, djm@
OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
|
|
OpenBSD-Regress-ID: ce8b5f28fc039f09bb297fc4a92319e65982ddaf
|
|
OpenBSD-Commit-ID: 86910af8f781a4ac5980fea125442eb25466dd78
|
|
OpenBSD-Commit-ID: 35b200cba4e46a16a4db6a80ef11838ab0fad67c
|
|
OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
|
|
addresses may be listened on when the client requests remote forwarding (ssh
-R).
This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.
feedback and ok markus@
OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
|
|
Instead of testing for each specific key type, use ssh-keygen -A to
generate any missing host key types.
|
|
make the grammatical format in sshd_config.5 match that in ssh_config.5;
OpenBSD-Commit-ID: e325663b9342f3d556e223e5306e0d5fa1a74fa0
|
|
OpenBSD-Commit-ID: 23585576c807743112ab956be0fb3c786bdef025
|
|
OpenBSD-Commit-ID: 30887b73ece257273fb619ab6f4e86dc92ddc15e
|
|
just files. This makes sure it gets applied to directories too, and prevents
a race where files get chmodded after creation. bz#2839, ok djm@
OpenBSD-Commit-ID: 3168ee6c7c39093adac4fd71039600cfa296203b
|
|
searching for and hashing known_hosts entries in a single operation
(ssh-keygen -HF ...) Patch from Anton Kremenetsky
OpenBSD-Regress-ID: 519585a4de35c4611285bd6a7272766c229b19dd
|
|
to instantly abort the test. Useful in capturing clean logs for individual
failure cases.
OpenBSD-Regress-ID: feba18cf338c2328b9601bd4093cabdd9baa3af1
|
|
OpenBSD-Regress-ID: 6adb35f384d447e7dcb9f170d4f0d546d3973e10
|
|
OpenBSD-Commit-ID: e5edb5e843ddc9b73a8e46518899be41d5709add
|
|
the ssh->state has been torn down; bz#2773
OpenBSD-Commit-ID: 167f12523613ca3d16d7716a690e7afa307dc7eb
|
|
known_hosts entries in a single operation (ssh-keygen -HF hostname); bz2772
Report and fix from Anton Kremenetsky
OpenBSD-Commit-ID: ac10ca13eb9bb0bc50fcd42ad11c56c317437b58
|
|
username is available currently. In the client this is via %i, in the server
%U (since %i was already used in the client in some places for this, but used
for something different in the server); bz#2870, ok dtucker@
OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
|
|
directive; bz2831, feedback and ok dtucker@
OpenBSD-Commit-ID: 3cec709a131499fbb0c1ea8a0a9e0b0915ce769e
|
|
because the user password is expired as it breaks password change dialog.
regression in openssh-7.7 reported by Daniel Wagner
OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73
|
|
download and fsync). These should return -1 on error, not a sftp status code.
patch from Petr Cerny in bz#2871
OpenBSD-Commit-ID: 651aa0220ad23c9167d9297a436162d741f97a09
|
|
the error path instead of trying to read from the socket on the way out,
which resets errno and causes the true error to be misreported. ok djm@
OpenBSD-Commit-ID: 2614edaadbd05a957aa977728aa7a030af7c6f0a
|
|
Requested for Linux/s390; patch from Eduardo Barretto via bz#2752;
ok dtucker
|
|
functionality; bz#2869 ok dtucker@
OpenBSD-Commit-ID: 1c06ee08eb78451b5837fcfd8cbebc5ff3a67a01
|
|
macdonell
OpenBSD-Commit-ID: ef1bdbc936b2ea693ee37a4c20a94d4d43f5fda3
|
|
and that users should specify an explicit Tunnel directive if they don't want
this. bz#2365.
OpenBSD-Commit-ID: 1a8d9c67ae213ead180481900dbbb3e04864560d
|
|
revision 1.17
date: 2018/05/14 04:39:04; author: djm; state: Exp; lines: +5 -2;
commitid: 53zY8GjViUBnWo8Z;
constrain fractional part to [0-9] (less confusing to static analysis); ok ian@
|
|
Skip the pty tests if the platform lacks openpty(3) and has to chown(2)
the pty device explicitly. This typically requires root permissions that
this test lacks.
bz#2856 ok dtucker@
|
|
fd rlimit and stop accepting new connections when it is exceeded (with some
grace). Accept is resumed when enough connections are closed.
bz#2576. feedback deraadt; ok dtucker@
OpenBSD-Commit-ID: 6a85d9cec7b85741961e7116a49f8dae777911ea
|
|
warnings on platforms where int64 is long not long long. ok djm@
OpenBSD-Commit-ID: 9c5359e2fbfce11dea2d93f7bc257e84419bd001
|
|
failing. The sftp program terminated with the wrong exit code as sftp called
fatal() instad of exit(0). So when the sigchld handler waits for the child,
remember that it was found. Then don't expect that main() can wait again. OK
dtucker@
OpenBSD-Commit-ID: bfafd940c0de5297940c71ddf362053db0232266
|
|
This ensures it picks up the definition of DEF_WEAK, the lack of which
can cause compile errors in some cases (eg modern AIX). From
michael at felt.demon.nl.
|
|
Patch from hongxu.jia at windriver.com, ok djm@
|
|
without version numbers since they choke on them under some circumstances.
https://twistedmatrix.com/trac/ticket/9422 via Colin Watson
Newer Conch versions have a version number in their ident string and
handle debug messages okay. https://twistedmatrix.com/trac/ticket/9424
OpenBSD-Commit-ID: 6cf7be262af0419c58ddae11324d9c0dc1577539
|
|
LocalCommand
OpenBSD-Commit-ID: 857b5cb37b2d856bfdfce61289a415257a487fb1
|
|
patch from Thomas Kuthan in bz2719; ok dtucker@
OpenBSD-Commit-ID: 78fac88c2f08054d1fc5162c43c24162b131cf78
|
|
The new timing attack mitigation code uses nanosleep in the preauth
codepath, allow in systrace andbox too.
|
|
The new timing attack mitigation code uses nanosleep in the preauth
codepath, allow in sandbox.
|
|
establishes a minimum time for each failed authentication attempt (5ms) and
adds a per-user constant derived from a host secret (0-4ms). Based on work
by joona.kannisto at tut.fi, ok markus@ djm@.
OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca
|
|
Patch from rsbecker at nexbridge.com.
|
|
bz2855, ok dtucker@
|
|
Only applies when built --without-openssl. Thanks Jann Horn for
reminder.
|
|
Revert 3fd2d229 and subsequent changes as they turned out to be a
portability hassle.
|
|
Spotted using https://github.com/lucasdemarchi/codespell
|
|
OpenBSD-Regress-ID: d906a2aea0663810a658b7d0bc61a1d2907d4d69
|
|
OpenBSD-Regress-ID: 62f7b9e055e8dfaab92b3825f158beeb4ca3f963
|
|
after checking with codespell tool
(https://github.com/lucasdemarchi/codespell)
OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
|