| Age | Commit message (Collapse) | Author |
|---|
|
[moduli.c]
Periodically print progress and, if possible, expected time to completion
when screening moduli for DH groups. ok deraadt djm
|
|
[sshd.c]
include local address and port in "Connection from ..." message (only
shown at loglevel>=verbose)
|
|
[servconf.c]
fix comment
|
|
rather than full client name which may be of form user@REALM;
patch from Miguel Sanders; ok dtucker@
|
|
[ssh-keygen.c]
Make code match documentation: relative-specified certificate expiry time
should be relative to current time and not the validity start time.
Reported by Petr Lautrbach; ok deraadt@
|
|
[readconf.c ssh.c]
comment
|
|
[readconf.c]
Hostname may have %h sequences that should be expanded prior to Match
evaluation; spotted by Iain Morgan
|
|
[ssh_config.5]
tweak the "exec" description, as worded by djm;
|
|
[scp.1 sftp.1]
add canonicalisation options to -o lists
|
|
[readconf.c ssh_config.5]
rename "command" subclause of the recently-added "Match" keyword to
"exec"; it's shorter, clearer in intent and we might want to add the
ability to match against the command being executed at the remote end in
the future.
|
|
[ssh_config.5]
document % expansions performed by "Match command ..."
|
|
[sshd.c]
include remote port in bad banner message; bz#2162
|
|
[sftp.1 sftp.c]
tweak previous;
|
|
[regress/Makefile regress/sftp-perm.sh]
regression test for sftp request white/blacklisting and readonly mode.
|
|
[ssh.c]
rearrange check to reduce diff against -portable
(Id sync only)
|
|
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
fsync@openssh.com protocol extension for sftp-server
client support to allow calling fsync() faster successful transfer
patch mostly by imorgan AT nas.nasa.gov; bz#1798
"fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
|
|
[ssh.c ssh_config.5]
one I missed in previous: s/isation/ization/
|
|
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
s/canonicalise/canonicalize/ for consistency with existing spelling,
e.g. authorized_keys; pointed out by naddy@
|
|
[ssh_config.5]
tweak previous;
|
|
[readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
[sshconnect.c sshconnect.h]
Implement client-side hostname canonicalisation to allow an explicit
search path of domain suffixes to use to convert unqualified host names
to fully-qualified ones for host key matching.
This is particularly useful for host certificates, which would otherwise
need to list unqualified names alongside fully-qualified ones (and this
causes a number of problems).
"looks fine" markus@
|
|
[ssh.1 ssh_config.5]
tweak previous;
|
|
|
|
|
|
[ssh.c]
whitespace at EOL; pointed out by markus@
|
|
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
refactor client config code a little:
add multistate option partsing to readconf.c, similar to servconf.c's
existing code.
move checking of options that accept "none" as an argument to readconf.c
add a lowercase() function and use it instead of explicit tolower() in
loops
part of a larger diff that was ok markus@
|
|
[readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5]
add a "Match" keyword to ssh_config that allows matching on hostname,
user and result of arbitrary commands. "nice work" markus@
|
|
[session.c session.h]
Add logging of session starts in a useful format; ok markus@ feedback and
ok dtucker@
|
|
[sftp-server.8 sftp-server.c]
tweak previous;
ok djm
|
|
[sftp-client.h]
obsolete comment
|
|
[sftp-client.c]
missed one arg reorder
|
|
[sftp-client.c]
rename flag arguments to be more clear and consistent.
reorder some internal function arguments to make adding additional flags
easier.
no functional change
|
|
[sshd.c]
bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly
updated; ok dtucker@
|
|
[sftp-server.c]
add -Q, -P and -p to usage() before jmc@ catches me
|
|
[sftp-server.8 sftp-server.c]
Add ability to whitelist and/or blacklist sftp protocol requests by name.
Refactor dispatch loop and consolidate read-only mode checks.
Make global variables static, since sftp-server is linked into sshd(8).
ok dtucker@
|
|
[dh.c dh.h]
Increase the size of the Diffie-Hellman groups requested for a each
symmetric key size. New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
djm@.
|
|
[sshconnect.c]
bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
swp AT swp.pp.ru; ok dtucker@
|
|
[channels.c]
bz#1297 - tell the client (via packet_send_debug) when their preferred
listen address has been overridden by the server's GatewayPorts;
ok dtucker@
|
|
[sftp-client.c]
fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan
|
|
[progressmeter.c]
store the initial file offset so the progress meter doesn't freak out
when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@
|
|
[ssh_config]
Remove gssapi config parts from ssh_config, as was already done for
sshd_config. Req by/ok ajacoutot@
ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
|
|
[openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
tested tim@
|
|
in OpenBSD implementation of arc4random, shortly to replace the existing
bsd-arc4random.c
|
|
|
|
setting when handling SIGHUP to maintain behaviour over retart. Patch
from Matthew Ife.
|
|
|
|
[channels.c]
avoid unaligned access in code that reused a buffer to send a
struct in_addr in a reply; simpler just use use buffer_put_int();
from portable; spotted by and ok dtucker@
|
|
[clientloop.c]
fix connection crash when sending break (~B) on ControlPersist'd session;
ok dtucker@
|
|
[sshd_config]
Remove commented-out kerberos/gssapi config options from sample config,
kerberos support is currently not enabled in ssh in OpenBSD. Discussed with
various people; ok deraadt@
ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
|
|
[ssh-keygen.c sshconnect1.c sshd.c]
All the instances of arc4random_stir() are bogus, since arc4random()
does this itself, inside itself, and has for a very long time.. Actually,
this was probably reducing the entropy available.
ok djm
ID SYNC ONLY for portable; we don't trust other arc4random implementations
to do this right.
|
|
[sftp.c]
make ^w match ksh behaviour (delete previous word instead of entire line)
|
