summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-04-29upstream commitdtucker@openbsd.org
Allow ListenAddress, Port and AddressFamily in any order. bz#68, ok djm@, jmc@ (for the man page bit).
2015-04-29upstream commitjmc@openbsd.org
enviroment -> environment: apologies to darren for not spotting that first time round...
2015-04-29upstream commitdtucker@openbsd.org
Fix typo in previous
2015-04-29upstream commitdtucker@openbsd.org
Document that the TERM environment variable is not subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from jjelen at redhat, help and ok jmc@
2015-04-29upstream commitdjm@openbsd.org
Make sshd default to PermitRootLogin=no; ok deraadt@ rpe@
2015-04-29upstream commitdjm@openbsd.org
fix compilation with OPENSSL=no; ok dtucker@
2015-04-29upstream commitdtucker@openbsd.org
Include stdio.h for FILE (used in sshkey.h) so it compiles with OPENSSL=no.
2015-04-29upstream commitdjm@openbsd.org
allow "sshd -f none" to skip reading the config file, much like "ssh -F none" does. ok dtucker
2015-04-29upstream commitjmc@openbsd.org
combine -Dd onto one line and update usage();
2015-04-29upstream commitdjm@openbsd.org
add ssh-agent -D to leave ssh-agent in foreground without enabling debug mode; bz#2381 ok dtucker@
2015-04-29upstream commitderaadt@openbsd.org
2*len -> use xreallocarray() ok djm
2015-04-29upstream commitderaadt@openbsd.org
rename xrealloc() to xreallocarray() since it follows that form. ok djm
2015-04-29upstream commitdtucker@openbsd.org
Two small fixes for sshd -T: ListenAddress'es are added to a list head so reverse the order when printing them to ensure the behaviour remains the same, and print StreamLocalBindMask as octal with leading zero. ok deraadt@
2015-04-29upstream commitdtucker@openbsd.org
Check for and reject missing arguments for VersionAddendum and ForceCommand. bz#2281, patch from plautrba at redhat com, ok djm@
2015-04-29upstream commitdjm@openbsd.org
unknown certificate extensions are non-fatal, so don't fatal when they are encountered; bz#2387 reported by Bob Van Zant; ok dtucker@
2015-04-29upstream commitjsg@openbsd.org
Add back a backslash removed in rev 1.42 so KEX_SERVER_ENCRYPT will include aes again. ok deraadt@
2015-04-29upstream commitdjm@openbsd.org
s/recommended/required/ that private keys be og-r this wording change was made a while ago but got accidentally reverted
2015-04-29upstream commitdjm@openbsd.org
don't try to cleanup NULL KEX proposals in kex_prop_free(); found by Jukka Taimisto and Markus Hietava
2015-04-29upstream commitdjm@openbsd.org
use error/logit/fatal instead of fprintf(stderr, ...) and exit(0), fix a few errors that were being printed to stdout instead of stderr and a few non-errors that were going to stderr instead of stdout bz#2325; ok dtucker
2015-04-29upstream commitdjm@openbsd.org
debug log missing DISPLAY environment when X11 forwarding requested; bz#1682 ok dtucker@
2015-04-29upstream commitdjm@openbsd.org
don't call record_login() in monitor when UseLogin is enabled; bz#278 reported by drk AT sgi.com; ok dtucker
2015-04-29upstream commitdtucker@openbsd.org
Add some missing options to sshd -T and fix the output of VersionAddendum HostCertificate. bz#2346, patch from jjelen at redhat com, ok djm.
2015-04-29upstream commitdtucker@openbsd.org
Document "none" for PidFile XAuthLocation TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@
2015-04-29upstream commitdtucker@openbsd.org
Plug leak of address passed to logging. bz#2373, patch from jjelen at redhat, ok markus@
2015-04-29upstream commitdtucker@openbsd.org
Output remote username in debug output since with Host and Match it's not always obvious what it will be. bz#2368, ok djm@
2015-04-17Format UsePAM setting when using sshd -T.Darren Tucker
Part of bz#2346, patch from jjelen at redhat com.
2015-04-17Wrap endian.h include inside ifdef (bz#2370).Darren Tucker
2015-04-17Look for '${host}-ar' before 'ar'.Darren Tucker
This changes configure.ac to look for '${host}-ar' as set by AC_CANONICAL_HOST before looking for the unprefixed 'ar'. Useful when cross-compiling when all your binutils are prefixed. Patch from moben at exherbo org via astrand at lysator liu se and bz#2352.
2015-04-16remove dependency on arpa/telnet.hDamien Miller
2015-04-15Remove duplicate include of pwd.h. bz#2337, patch from Mordy Ovits.Darren Tucker
2015-04-13platform's with openpty don't need pty_releaseDamien Miller
2015-04-13upstream commitdjm@openbsd.org
deprecate ancient, pre-RFC4419 and undocumented SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems reasonable" dtucker@
2015-04-13upstream commitdtucker@openbsd.org
Don't send hostkey advertisments (hostkeys-00@openssh.com) to current versions of Tera Term as they can't handle them. Newer versions should be OK. Patch from Bryan Drewery and IWAMOTO Kouichi, ok djm@
2015-04-13upstream commitdjm@openbsd.org
include port number if a non-default one has been specified; based on patch from Michael Handler
2015-04-13upstream commitdjm@openbsd.org
treat Protocol=1,2|2,1 as Protocol=2 when compiled without SSH1 support; ok dtucker@ millert@
2015-04-13upstream commitmiod@openbsd.org
Do not use int for sig_atomic_t; spotted by christos@netbsd; ok markus@
2015-04-07Use do{}while(0) for no-op functions.Darren Tucker
From FreeBSD.
2015-04-07Wrap blf.h include in ifdef. From FreeBSD.Darren Tucker
2015-04-07Fix misspellings of regress CONFOPTS env variables.Darren Tucker
Patch from Bryan Drewery.
2015-04-04upstream commitdjm@openbsd.org
correct return value in pubkey parsing, spotted by Ben Hawkes ok markus@
2015-04-01upstream commitdjm@openbsd.org
adapt to recent hostfile.c change: when parsing known_hosts without fully parsing the keys therein, hostkeys_foreach() will now correctly identify KEY_RSA1 keys; ok markus@ miod@
2015-04-01upstream commitmarkus@openbsd.org
use ${SSH} for -Q instead of installed ssh
2015-04-01upstream commitdjm@openbsd.org
make CLEANFILES clean up more of the tests' droppings
2015-04-01upstream commitdjm@openbsd.org
downgrade error() for known_hosts parse errors to debug() to quiet warnings from ssh1 keys present when compiled !ssh1. also identify ssh1 keys when scanning, even when compiled !ssh1 ok markus@ miod@
2015-04-01upstream commitdjm@openbsd.org
fd leak for !ssh1 case; found by unittests; ok markus@
2015-04-01upstream commitdjm@openbsd.org
don't fatal when a !ssh1 sshd is reexeced from a w/ssh1 listener; reported by miod@; ok miod@ markus@
2015-04-01upstream committobias@openbsd.org
Comments are only supported for RSA1 keys. If a user tried to add one and entered his passphrase, explicitly clear it before exit. This is done in all other error paths, too. ok djm
2015-04-01upstream commitjmc@openbsd.org
ssh-askpass(1) is the default, overridden by SSH_ASKPASS; diff originally from jiri b;
2015-03-30upstream commitdjm@openbsd.org
fix uninitialised memory read when parsing a config file consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok dtucker
2015-03-27upstream commitmarkus@openbsd.org
sigp and lenp are not optional in ssh_agent_sign(); ok djm@