Age | Commit message (Collapse) | Author |
|
Make sure that there's a delay in PAM keyboard-interactive authentication
when PermitRootLogin is not set to yes and the correct root password is
entered (closes: #248747).
|
|
Fix timing information leak allowing discovery of invalid usernames in PAM
keyboard-interactive authentication (backported from a patch by Darren
Tucker; closes: #281595).
|
|
|
|
|
|
|
|
Correct README.Debian's ForwardX11Trusted description (closes: #280190).
|
|
Enable threading for PAM, on Sam Hartman's advice (closes: #278394).
|
|
#278715).
|
|
* Preserve /etc/ssh/sshd_config ownership/permissions (closes: #276754).
* Shorten the version string from the form "OpenSSH_3.8.1p1 Debian
1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH
implementations apparently have problems with the long version string.
This is of course a bug in those implementations, but since the extent
of the problem is unknown it's best to play safe (closes: #275731).
* debconf template translations:
- Add Finnish (thanks, Matti Pöllä; closes: #265339).
- Update Danish (thanks, Morten Brix Pedersen; closes: #275895).
- Update French (thanks, Denis Barbier; closes: #276703).
- Update Japanese (thanks, Kenshi Muto; closes: #277438).
|
|
|
|
1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH
implementations apparently have problems with the long version string. This
is of course a bug in those implementations, but since the extent of the
problem is unknown it's best to play safe (closes: #275731).
|
|
#277438).
|
|
#276703).
|
|
closes: #275895).
|
|
#265339).
|
|
|
|
|
|
|
|
* If PasswordAuthentication is disabled, then offer to disable
ChallengeResponseAuthentication too. The current PAM code will attempt
password-style authentication if ChallengeResponseAuthentication is
enabled (closes: #250369).
* This will ask a question of anyone who installed fresh with 1:3.8p1-2 or
later and then upgraded. Sorry about that ... for this reason, the
default answer is to leave ChallengeResponseAuthentication enabled.
|
|
PasswordAuthentication has been turned off for new installs since
1:3.8p1-2.
|
|
|
|
|
|
ChallengeResponseAuthentication too. The current PAM code will attempt
password-style authentication if ChallengeResponseAuthentication is enabled
(closes: #250369).
|
|
|
|
many GNOME people tell me it's the wrong thing to be doing. I've left it in
/usr/share/doc/ssh-askpass-gnome/examples/ for now.
|
|
|
|
|
|
(until sarge+2) it's still honoured to avoid breaking existing
configurations, but the right approach is now to remove the openssh-server
package if you don't want to run the server. Add a NEWS item to that
effect.
|
|
package.
|
|
happens even though we don't know what version we're upgrading from.
|
|
|
|
(closes: #39741). openssh-server depends on openssh-client for some
common functionality; it didn't seem worth creating yet another package
for this.
* New transitional ssh package, depending on openssh-client and
openssh-server. May be removed once nothing depends on it.
* When upgrading from ssh to openssh-{client,server}, it's very difficult
for the maintainer scripts to find out what version we're upgrading from
without dodgy dpkg hackery. I've therefore taken the opportunity to move
a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged
and ssh/user_environment_tell.
* In general, upgrading to this version directly from woody without first
upgrading to the version in sarge is not currently guaranteed to work
very smoothly due to the aforementioned version discovery problems.
|
|
cvs up -jV_3_8_1_P1-4 -jV_3_8_1_P1-8
|
|
|
|
|
|
Blank's request (closes: #260800).
|
|
|
|
found in sshd_config (closes: #87946).
|
|
|
|
to get openssh-client-udeb to show up as a retrievable debian-installer
component.
|
|
fix.
|
|
|
|
oh well.
|
|
handler kill the PAM thread if its waitpid() call returns 0, as well as the
previous check for -1 (closes: #252676).
|
|
|
|
for #258517).
|
|
|
|
|
|
(#93265), which has been replaced by ssh-keyscan.
|
|
closes: #252226).
|