| Age | Commit message (Collapse) | Author |
|---|
|
[ssh-keyscan.c]
make ssh-keygen discard junk from server before SSH- ident, spotted by
dave AT cirt.net; ok dtucker@
|
|
[ssh_config.5]
mention control socket fallback behaviour, reported by
tryponraj AT gmail.com
|
|
[dns.c dns.h]
more cleanups; ok jakob@
|
|
[dns.c]
remove #ifdef LWRES; ok jakob@
|
|
[dns.c]
fix memory leaks from 2 sources:
1) key_fingerprint_raw()
2) malloc in dns_read_rdata()
ok jakob@
|
|
[sshconnect.c]
make external definition static; ok deraadt@
|
|
[channels.c clientloop.c]
free()->xfree(); ok djm@
|
|
[ssh-keygen.c ssh.c sshconnect2.c]
no trailing "\n" for log functions; ok djm@
|
|
[auth2-gss.c gss-genr.c gss-serv.c monitor.c]
KNF; ok djm@
|
|
[dns.c]
unneeded #include, unused declaration, little knf; ok deraadt@
|
|
[gss-serv-krb5.c gss-serv.c]
unused declarations; ok deraadt@
(id sync only for gss-serv-krb5.c)
|
|
[gss-serv.c]
spelling in comments
|
|
[auth2-gss.c gss-genr.c gss-serv.c]
remove unneeded #includes; ok markus@
|
|
[channels.c]
bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing
bind() failure when a previous connection's listeners are in TIME_WAIT,
reported by plattner AT inf.ethz.ch; ok dtucker@
|
|
[channels.c channels.h clientloop.c serverloop.c session.c]
fix regression I introduced in 4.2: X11 forwardings initiated after
a session has exited (e.g. "(sleep 5; xterm) &") would not start.
bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
|
|
- markus@cvs.openbsd.org 2005/10/07 11:13:57
[ssh-keygen.c]
change DSA default back to 1024, as it's defined for 1024 bits only
and this causes interop problems with other clients. moreover,
in order to improve the security of DSA you need to change more
components of DSA key generation (e.g. the internal SHA1 hash);
ok deraadt
|
|
Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
via FreeBSD.
|
|
enabled, instead allow PAM to handle it. Note that on platforms using PAM,
the pam_nologin module should be added to sshd's session stack in order to
maintain exising behaviour. Based on patch and discussion from t8m at
centrum.cz, ok djm@
|
|
sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init
files from imorgan AT nas.nasa.gov
|
|
prompt. Patch from vinschen at redhat.com.
|
|
understand "%lld", even though the compiler has "long long", so handle
it as a special case. Patch tested by mcaskill.scott at epa.gov.
(actually was included in previous commit)
|
|
sizeof(long long) checks, to make fixing bug #1104 easier (no changes
yet).
|
|
/etc/default/login report and testing from aabaker at iee.org, corrections
from tim@.
|
|
versions from OpenBSD. ok djm@
|
|
|
|
brian.smith at agilent com.
|
|
|
|
"*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
senthilkumar_sen at hotpop.com.
|
|
is required in the system path for the multiplex test to work.
|
|
[canohost.c]
Relocate check_ip_options call to prevent logging of garbage for
connections with IP options set. bz#1092 from David Leonard,
"looks good" deraadt@
|
|
[ssh-keyscan.1]
deploy .An -nosplit; ok jmc
|
|
[sshd.c]
change label at markus@'s request
|
|
[sshd_config.5]
aquire -> acquire, from stevesk@
|
|
[ssh.1]
spelling nit from stevesk@
|
|
[ssh.c]
update -D usage here too;
|
|
[ssh.1]
some more .Bk/.Ek to avoid ugly line split;
|
|
[gss-serv.c]
typo
|
|
[sshd.c]
stop connection abort on rekey with delayed compression enabled when
post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
|
|
[ssh_config.5 ssh.1]
mention ability to specify bind_address for DynamicForward and -D options;
bz#1077 spotted by Haruyama Seigo
|
|
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
ensure that stdio fds are attached; ok deraadt@
|
|
[clientloop.c]
typo; from mark at mcs.vuw.ac.nz, bug #1082
|
|
[channels.c]
enforce chanid != NULL; ok djm
|
|
child during PAM account check without clearing it. This restores the
post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
with help from several others.
|
|
for strtoll. Patch from o.flebbe at science-computing.de.
|
|
introduced during sync.
|
|
PAM via keyboard-interactive. Patch tested by the folks at Vintela.
|
|
|
|
process when sshd relies on ssh-random-helper. Should result in faster
logins on systems without a real random device or prngd. ok djm@
|
|
calls, since they can't possibly fail. ok djm@
|
|
duplicate call. ok djm@
|
