summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-10-06upstream commitsobrado@openbsd.org
fix two typos. Upstream-ID: 424402c0d8863a11b51749bacd7f8d932083b709
2015-09-21upstream commitdjm@openbsd.org
fix possible hang on closed output; bz#2469 reported by Tomas Kuthan ok markus@ Upstream-ID: f7afd41810f8540f524284f1be6b970859f94fe3
2015-09-16upstream commitdjm@openbsd.org
skip if running as root; many systems (inc OpenBSD) allow root to ptrace arbitrary processes Upstream-Regress-ID: be2b925df89360dff36f972951fa0fa793769038
2015-09-16upstream commitdjm@openbsd.org
try all supported key types here; bz#2455 reported by Jakub Jelen Upstream-Regress-ID: 188cb7d9031cdbac3a0fa58b428b8fa2b2482bba
2015-09-16upstream committim@openbsd.org
- Fix error message: passphrase needs to be at least 5 characters, not 4. - Remove unused function argument. - Remove two unnecessary variables. OK djm@ Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
2015-09-16upstream committim@openbsd.org
When adding keys to the agent, don't ignore the comment of keys for which the user is prompted for a passphrase. Tweak and OK djm@ Upstream-ID: dc737c620a5a8d282cc4f66e3b9b624e9abefbec
2015-09-16upstream commitguenther@openbsd.org
Use explicit_bzero() when zeroing before free() from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) ok millert@ djm@ Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
2015-09-16upstream commitjmc@openbsd.org
sync -Q in usage() to SYNOPSIS; since it's drastically shorter, i've reformatted the block to sync with the man (80 cols) and saved a line; Upstream-ID: 86e2c65c3989a0777a6258a77e589b9f6f354abd
2015-09-16upstream commitjmc@openbsd.org
tweak previous; Upstream-ID: f29b3cfcfd9aa31fa140c393e7bd48c1c74139d6
2015-09-16upstream commitdtucker@openbsd.org
Update usage to match man page. Upstream-ID: 9e85aefaecfb6aaf34c7cfd0700cd21783a35675
2015-09-16upstream commitdjm@openbsd.org
expand %i in ControlPath to UID; bz#2449 patch from Christian Hesse w/ feedback from dtucker@ Upstream-ID: 2ba8d303e555a84e2f2165ab4b324b41e80ab925
2015-09-16upstream commitdjm@openbsd.org
mention -Q key-plain and -Q key-cert; bz#2455 pointed out by Jakub Jelen Upstream-ID: c8f1f8169332e4fa73ac96b0043e3b84e01d4896
2015-09-14Use ssh-keygen -A when generating host keys.Darren Tucker
Use ssh-keygen -A instead of per-keytype invocations when generating host keys. Add tests when doing host-key-force since we can't use ssh-keygen -A since it can't specify alternate locations. bz#2459, ok djm@
2015-09-11Correct default value for --with-ssh1.Darren Tucker
bz#2457, from konto-mindrot.org at walimnieto.com.
2015-09-11upstream commitdjm@openbsd.org
more clarity on what AuthorizedKeysFile=none does; based on diff by Thiebaud Weksteen Upstream-ID: 78ab87f069080f0cc3bc353bb04eddd9e8ad3704
2015-09-11upstream commitdjm@openbsd.org
openssh_RSA_verify return type is int, so don't make it size_t within the function itself with only negative numbers or zero assigned to it. bz#2460 Upstream-ID: b6e794b0c7fc4f9f329509263c8668d35f83ea55
2015-09-11upstream commitdtucker@openbsd.org
Plug minor memory leaks when options are used more than once. bz#2182, patch from Tiago Cunha, ok deraadt djm Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e
2015-09-11Force resolution of _res for correct detection.Darren Tucker
bz#2259, from sconeu at yahoo.com.
2015-09-10allow getrandom syscall; from Felix von LeitnerDamien Miller
2015-09-04upstream commitjmc@openbsd.org
full stop belongs outside the brackets, not inside; Upstream-ID: 99d098287767799ac33d2442a05b5053fa5a551a
2015-09-04upstream commitdjm@openbsd.org
add a debug2() right before DNS resolution; it's a place where ssh could previously silently hang for a while. bz#2433 Upstream-ID: 52a1a3e0748db66518e7598352c427145692a6a0
2015-09-04upstream commitdjm@openbsd.org
correct function name in error messages Upstream-ID: 92fb2798617ad9561370897f4ab60adef2ff4c0e
2015-09-04upstream commitdjm@openbsd.org
better document ExitOnForwardFailure; bz#2444, ok dtucker@ Upstream-ID: a126209b5a6d9cb3117ac7ab5bc63d284538bfc2
2015-09-04upstream commitdjm@openbsd.org
don't record hostbased authentication hostkeys as user keys in test for multiple authentication with the same key Upstream-ID: 26b368fa2cff481f47f37e01b8da1ae5b57b1adc
2015-09-04upstream commitdjm@openbsd.org
remove extra newline in nethack-mode hostkey; from Christian Hesse bz#2686 Upstream-ID: 4f56368b1cc47baeea0531912186f66007fd5b92
2015-09-04upstream commitdjm@openbsd.org
trim junk from end of file; bz#2455 from Jakub Jelen Upstream-Regress-ID: a4e64e8931e40d23874b047074444eff919cdfe6
2015-09-03upstream commitjsg@openbsd.org
Fix occurrences of "r = func() != 0" which result in the wrong error codes being returned due to != having higher precedence than =. ok deraadt@ markus@ Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
2015-09-03don't check for yp_match; ok tim@Damien Miller
2015-08-22upstream commitdjm@openbsd.org
Improve printing of KEX offers and decisions The debug output now labels the client and server offers and the negotiated options. ok markus@ Upstream-ID: 8db921b3f92a4565271b1c1fbce6e7f508e1a2cb
2015-08-22upstream commitdjm@openbsd.org
Fix printing (ssh -G ...) of HostKeyAlgorithms=+... Reported by Bryan Drewery Upstream-ID: 19ad20c41bd5971e006289b6f9af829dd46c1293
2015-08-22upstream commitdjm@openbsd.org
Fix expansion of HostkeyAlgorithms=+... Reported by Bryan Drewery Upstream-ID: 70ca1deea39d758ba36d36428ae832e28566f78d
2015-08-22upstream commitderaadt@openbsd.org
Improve size == 0, count == 0 checking in mm_zalloc, which is "array" like. Discussed with tedu, millert, otto.... and ok djm Upstream-ID: 899b021be43b913fad3eca1aef44efe710c53e29
2015-08-21expose POLLHUP and POLLNVAL for netcat.cDamien Miller
2015-08-21we don't use Github for issues/pull-requestsDamien Miller
2015-08-21fix URL for connect.cDamien Miller
2015-08-21update version numbers for 7.1Damien Miller
2015-08-21upstream commitdjm@openbsd.org
openssh-7.1 Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f
2015-08-21upstream commitdjm@openbsd.org
fix inverted logic that broke PermitRootLogin; reported by Mantas Mikulenas; ok markus@ Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5
2015-08-21upstream commitderaadt@openbsd.org
Do not cast result of malloc/calloc/realloc* if stdlib.h is in scope ok krw millert Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
2015-08-21upstream commitnaddy@openbsd.org
In the certificates section, be consistent about using "host_key" and "user_key" for the respective key types. ok sthen@ deraadt@ Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
2015-08-20upstream commitdjm@openbsd.org
Better compat matching for WinSCP, add compat matching for FuTTY (fork of PuTTY); ok markus@ deraadt@ Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
2015-08-20upstream commitdjm@openbsd.org
fix double-free() in error path of DSA key generation reported by Mateusz Kocielski; ok markus@ Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c
2015-08-20upstream commitdjm@openbsd.org
fix free() of uninitialised pointer reported by Mateusz Kocielski; ok markus@ Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
2015-08-20upstream commitdjm@openbsd.org
fixed unlink([uninitialised memory]) reported by Mateusz Kocielski; ok markus@ Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109
2015-08-19upstream commitjmc@openbsd.org
match myproposal.h order; from brian conway (i snuck in a tweak while here) ok dtucker Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67
2015-08-11upstream commitderaadt@openbsd.org
add prohibit-password as a synonymn for without-password, since the without-password is causing too many questions. Harden it to ban all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from djm, ok markus Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
2015-08-11update version in READMEDamien Miller
2015-08-11update versions in *.specDamien Miller
2015-08-11set sshpam_ctxt to NULL after freeDamien Miller
Avoids use-after-free in monitor when privsep child is compromised. Reported by Moritz Jodeit; ok dtucker@
2015-08-11Don't resend username to PAM; it already has it.Damien Miller
Pointed out by Moritz Jodeit; ok dtucker@