Age | Commit message (Collapse) | Author |
|
[ssh-keyscan.1 ssh-keyscan.c]
option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@
|
|
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
[sshconnect.c sshd.8]
add support for hashing host names and addresses added to known_hosts
files, to improve privacy of which hosts user have been visiting; ok
markus@ deraadt@
|
|
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
[misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
[sshd_config.5]
bz#413: allow optional specification of bind address for port forwardings.
Patch originally by Dan Astorian, but worked on by several people
Adds GatewayPorts=clientspecified option on server to allow remote
forwards to bind to client-specified ports.
|
|
[ssh_config.5]
bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
orion AT cora.nwra.com; ok markus@
|
|
[sshd.8]
add /etc/motd and $HOME/.hushlogin to FILES;
from michael knudsen;
|
|
[sftp.c]
turn on ssh batch mode when in sftp batch mode, patch from
jdmossh AT nand.net;
ok markus@
|
|
[canohost.c]
better error messages for getnameinfo failures; ok dtucker@
|
|
[ssh.c]
Better diagnostic if an identity file is not accesible. ok markus@ djm@
|
|
binaries without the config files. Primarily useful for packaging.
Patch from phil at usc.edu. ok djm@
|
|
Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
more. Patch from vinschen at redhat.com.
|
|
Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com.
|
|
|
|
vinschen at redhat.com.
|
|
unrelated platforms to be configured incorrectly.
|
|
defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
--with-audit=bsm to enable. Patch originally from Sun Microsystems,
parts by John R. Jackson. ok djm@
|
|
defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
--with-audit=bsm to enable. Patch originally from Sun Microsystems,
parts by John R. Jackson. ok djm@
|
|
compiler warnings on AIX.
|
|
authentication early enough to be available to PAM session modules when
privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
Hartman and similar to Debian's ssh-krb5 package.
|
|
Unix; prevents problems relating to the location of -lresolv in the
link order.
|
|
by the system headers.
|
|
|
|
via mkstemp in some configurations. ok djm@
|
|
|
|
|
|
|
|
|
|
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
on AIX where possible (see README.platform for details) and work around
a misfeature of AIX's getnameinfo. ok djm@
|
|
|
|
|
|
|
|
--disable-etc-default-login configure option.
|
|
the username to be passed to the passwd command when changing expired
passwords. ok djm@
|
|
paths. ok djm@
|
|
disable_forwarding() from compat library. Prevent linker errrors trying
to resolve it for binaries other than sshd. ok djm@
|
|
[sshd.c]
Provide reason in error message if getnameinfo fails; ok markus@
|
|
[monitor.c]
Make code match intent; ok djm@
|
|
[ssh_config.5]
wording;
ok markus@
|
|
[ssh_config.5]
grammar;
|
|
[ssh_config]
Make it clear that the example entries in ssh_config are only some of the
commonly-used options and refer the user to ssh_config(5) for more
details; ok djm@
|
|
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
|
|
|
|
regress tests so newer versions of GNU head(1) behave themselves. Patch
by djm, so ok me.
|
|
|
|
|
|
|
|
instrumentation to sshd, currently disabled by default. with suggestions
from and djm@
|
|
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
|
|
Bug #974: Teach sshd to write failed login records to btmp for failed auth
attempts (currently only for password, kbdint and C/R, only on Linux and
HP-UX), based on code from login.c from util-linux. With ashok_kovai at
hotmail.com, ok djm@
|
|
the process. Since we also unset KRB5CCNAME at startup, if it's set after
authentication it must have been set by the platform's native auth system.
This was already done for AIX; this enables it for the general case.
|
|
Make record_failed_login() call provide hostname rather than having the
implementations having to do lookups themselves. Only affects AIX and
UNICOS (the latter only uses the "user" parameter anyway). ok djm@
|