Age | Commit message (Collapse) | Author |
|
[ssh.c]
nuke ptrace comment
|
|
|
|
this was mistakenly commited with the __progname fix to ssh-keysign.
|
|
Bertrand.Velle@apogee-com.fr
|
|
|
|
|
|
would be to clean out any dead wood and disable ssh setuid on install.
|
|
authentication to different files.
|
|
|
|
|
|
|
|
[sftp-server.c]
use get_int() macro (hide iqueue)
|
|
[sftp-server.c]
discard remaining bytes of current request; ok provos@
|
|
[monitor.h]
no trailing comma in enum; china@thewrittenword.com
|
|
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -t life, Set lifetime (in seconds) when adding identities;
ok provos@
|
|
[ssh-add.c]
add -x/-X to usage
|
|
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -x for lock and -X for unlocking the agent.
todo: encrypt private keys with locked...
|
|
[ssh-agent.c]
copy current request into an extra buffer and just flush this
request on errors, ok provos@
|
|
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
|
|
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
|
|
[cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
__FUNCTION__ -> __func__
NOTE: This includes all portable references also.
|
|
[packet.c]
remove __FUNCTION__
|
|
[monitor.c]
save the session id (hash) for ssh2 (it will be passed with the
initial sign request) and verify that this value is used during
authentication; ok provos@
|
|
[monitor.c]
only allow enabled authentication methods; ok provos@
|
|
[ssh.h]
compatiblity -> compatibility
decriptor -> descriptor
authentciated -> authenticated
transmition -> transmission
|
|
[ssh-rsa.c]
pad received signature with leading zeros, because RSA_verify expects
a signature of RSA_size. the drafts says the signature is transmitted
unpadded (e.g. putty does not pad), reported by anakin@pobox.com
|
|
[key.c]
add comment:
key_verify returns 1 for a correct signature, 0 for an incorrect signature
and -1 on error.
|
|
[auth.h auth2.c]
move Authmethod definitons to per-method file.
NOTE: The rest of this patch is with the import of the auth2-*.c files.
|
|
[sshconnect2.c]
extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@
|
|
[cipher.c]
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
our own implementation. allow use of AES hardware via libcrypto,
ok deraadt@
|
|
[sshd.c]
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
|
|
[ssh.1 sshd.8]
spelling
|
|
[uidswap.c]
use correct function name in fatal()
[See the patch above, I saw it before apply the next patch. <sigh>]
|
|
|
|
[uidswap.c]
format spec change/casts and some KNF; ok markus@
|
|
[monitor_mm.c]
print strerror(errno) on mmap/munmap error; ok markus@
|
|
[ssh.1]
sort ChallengeResponseAuthentication; ok markus@
|
|
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
auth2-passwd.c auth2-pubkey.c Makefile.in]
split auth2.c into one file per method; ok provos@/deraadt@
NOTE: Merged back noticable cygwin and pam stuff. May need review to
ensure I did not miss anything.
|
|
[sshconnect2.c]
execlp->execl; from stevesk
|
|
[sshconnect2.c]
stat ssh-keysign first, print error if stat fails;
some debug->error; fix comment
|
|
[ssh.c]
add comment about ssh-keysign
|
|
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
|
|
[ssh.c sshd.c]
spelling; abishoff@arc.nasa.gov
|
|
[log.h]
extra commas in enum not 100% portable
|
|
[session.c ssh.c]
don't limit xauth pathlen on client side and longer print length on
server when debug; ok markus@
|
|
[cipher.c kex.h mac.c]
fix warnings (openssl 0.9.7 requires const)
|
|
[servconf.c sshd.8 sshd_config]
re-enable privsep and disable setuid for post-3.2.2
|
|
setsockopt from debug to error for now).
|
|
build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
last monitor_fdpass.c changes that are no longer needed with new tests.
Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
|
|
|