summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-10-24 - djm@cvs.openbsd.org 2013/10/23 23:35:32Damien Miller
[sshd.c] include local address and port in "Connection from ..." message (only shown at loglevel>=verbose)
2013-10-24 - dtucker@cvs.openbsd.org 2013/10/23 05:40:58Damien Miller
[servconf.c] fix comment
2013-10-24 - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok checkDamien Miller
rather than full client name which may be of form user@REALM; patch from Miguel Sanders; ok dtucker@
2013-10-23 - djm@cvs.openbsd.org 2013/10/23 04:16:22Damien Miller
[ssh-keygen.c] Make code match documentation: relative-specified certificate expiry time should be relative to current time and not the validity start time. Reported by Petr Lautrbach; ok deraadt@
2013-10-23 - djm@cvs.openbsd.org 2013/10/23 03:05:19Damien Miller
[readconf.c ssh.c] comment
2013-10-23 - djm@cvs.openbsd.org 2013/10/23 03:03:07Damien Miller
[readconf.c] Hostname may have %h sequences that should be expanded prior to Match evaluation; spotted by Iain Morgan
2013-10-23 - jmc@cvs.openbsd.org 2013/10/20 18:00:13Damien Miller
[ssh_config.5] tweak the "exec" description, as worded by djm;
2013-10-23 - djm@cvs.openbsd.org 2013/10/20 09:51:26Damien Miller
[scp.1 sftp.1] add canonicalisation options to -o lists
2013-10-23 - djm@cvs.openbsd.org 2013/10/20 06:19:28Damien Miller
[readconf.c ssh_config.5] rename "command" subclause of the recently-added "Match" keyword to "exec"; it's shorter, clearer in intent and we might want to add the ability to match against the command being executed at the remote end in the future.
2013-10-23 - djm@cvs.openbsd.org 2013/10/20 04:39:28Damien Miller
[ssh_config.5] document % expansions performed by "Match command ..."
2013-10-18 - djm@cvs.openbsd.org 2013/10/17 22:08:04Damien Miller
[sshd.c] include remote port in bad banner message; bz#2162
2013-10-18 - jmc@cvs.openbsd.org 2013/10/17 07:35:48Damien Miller
[sftp.1 sftp.c] tweak previous;
2013-10-18 - djm@cvs.openbsd.org 2013/10/09 23:44:14Damien Miller
[regress/Makefile regress/sftp-perm.sh] regression test for sftp request white/blacklisting and readonly mode.
2013-10-17 - djm@cvs.openbsd.org 2013/10/17 00:46:49Damien Miller
[ssh.c] rearrange check to reduce diff against -portable (Id sync only)
2013-10-17 - djm@cvs.openbsd.org 2013/10/17 00:30:13Damien Miller
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c] fsync@openssh.com protocol extension for sftp-server client support to allow calling fsync() faster successful transfer patch mostly by imorgan AT nas.nasa.gov; bz#1798 "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
2013-10-17 - djm@cvs.openbsd.org 2013/10/16 22:58:01Damien Miller
[ssh.c ssh_config.5] one I missed in previous: s/isation/ization/
2013-10-17 - djm@cvs.openbsd.org 2013/10/16 22:49:39Damien Miller
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5] s/canonicalise/canonicalize/ for consistency with existing spelling, e.g. authorized_keys; pointed out by naddy@
2013-10-17 - jmc@cvs.openbsd.org 2013/10/16 06:42:25Damien Miller
[ssh_config.5] tweak previous;
2013-10-17 - djm@cvs.openbsd.org 2013/10/16 02:31:47Damien Miller
[readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5] [sshconnect.c sshconnect.h] Implement client-side hostname canonicalisation to allow an explicit search path of domain suffixes to use to convert unqualified host names to fully-qualified ones for host key matching. This is particularly useful for host certificates, which would otherwise need to list unqualified names alongside fully-qualified ones (and this causes a number of problems). "looks fine" markus@
2013-10-17 - jmc@cvs.openbsd.org 2013/10/15 14:10:25Damien Miller
[ssh.1 ssh_config.5] tweak previous;
2013-10-17 - [ssh.c] g/c unused variable.Damien Miller
2013-10-15 - [ssh.c] g/c unused variable.Damien Miller
2013-10-15 - djm@cvs.openbsd.org 2013/10/14 23:31:01Damien Miller
[ssh.c] whitespace at EOL; pointed out by markus@
2013-10-15 - djm@cvs.openbsd.org 2013/10/14 23:28:23Damien Miller
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c] refactor client config code a little: add multistate option partsing to readconf.c, similar to servconf.c's existing code. move checking of options that accept "none" as an argument to readconf.c add a lowercase() function and use it instead of explicit tolower() in loops part of a larger diff that was ok markus@
2013-10-15 - djm@cvs.openbsd.org 2013/10/14 22:22:05Damien Miller
[readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5] add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
2013-10-15 - djm@cvs.openbsd.org 2013/10/14 21:20:52Damien Miller
[session.c session.h] Add logging of session starts in a useful format; ok markus@ feedback and ok dtucker@
2013-10-15 - jmc@cvs.openbsd.org 2013/10/14 14:18:56Damien Miller
[sftp-server.8 sftp-server.c] tweak previous; ok djm
2013-10-15 - djm@cvs.openbsd.org 2013/10/11 02:53:45Damien Miller
[sftp-client.h] obsolete comment
2013-10-15 - djm@cvs.openbsd.org 2013/10/11 02:52:23Damien Miller
[sftp-client.c] missed one arg reorder
2013-10-15 - djm@cvs.openbsd.org 2013/10/11 02:45:36Damien Miller
[sftp-client.c] rename flag arguments to be more clear and consistent. reorder some internal function arguments to make adding additional flags easier. no functional change
2013-10-15 - djm@cvs.openbsd.org 2013/10/10 01:43:03Damien Miller
[sshd.c] bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly updated; ok dtucker@
2013-10-15 - djm@cvs.openbsd.org 2013/10/10 00:53:25Damien Miller
[sftp-server.c] add -Q, -P and -p to usage() before jmc@ catches me
2013-10-15 - djm@cvs.openbsd.org 2013/10/09 23:42:17Damien Miller
[sftp-server.8 sftp-server.c] Add ability to whitelist and/or blacklist sftp protocol requests by name. Refactor dispatch loop and consolidate read-only mode checks. Make global variables static, since sftp-server is linked into sshd(8). ok dtucker@
2013-10-10 - dtucker@cvs.openbsd.org 2013/10/08 11:42:13Darren Tucker
[dh.c dh.h] Increase the size of the Diffie-Hellman groups requested for a each symmetric key size. New values from NIST Special Publication 800-57 with the upper limit specified by RFC4419. Pointed out by Peter Backes, ok djm@.
2013-10-10 - djm@cvs.openbsd.org 2013/09/19 01:26:29Darren Tucker
[sshconnect.c] bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from swp AT swp.pp.ru; ok dtucker@
2013-10-10 - djm@cvs.openbsd.org 2013/09/19 01:24:46Darren Tucker
[channels.c] bz#1297 - tell the client (via packet_send_debug) when their preferred listen address has been overridden by the server's GatewayPorts; ok dtucker@
2013-10-10 - djm@cvs.openbsd.org 2013/09/19 00:49:12Darren Tucker
[sftp-client.c] fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan
2013-10-10 - djm@cvs.openbsd.org 2013/09/19 00:24:52Darren Tucker
[progressmeter.c] store the initial file offset so the progress meter doesn't freak out when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@
2013-10-10 - sthen@cvs.openbsd.org 2013/09/16 11:35:43Darren Tucker
[ssh_config] Remove gssapi config parts from ssh_config, as was already done for sshd_config. Req by/ok ajacoutot@ ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
2013-10-09 - (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c]Damien Miller
[openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@, tested tim@
2013-10-09 - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] PullDamien Miller
in OpenBSD implementation of arc4random, shortly to replace the existing bsd-arc4random.c
2013-10-09correct incorrect years in datestamps; from desDamien Miller
2013-09-22 - (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adjDarren Tucker
setting when handling SIGHUP to maintain behaviour over retart. Patch from Matthew Ife.
2013-09-18 - (dtucker) [sshd_config] Trailing whitespace; from jstjohn at purdue edu.Darren Tucker
2013-09-14 - djm@cvs.openbsd.org 2013/09/13 06:54:34Damien Miller
[channels.c] avoid unaligned access in code that reused a buffer to send a struct in_addr in a reply; simpler just use use buffer_put_int(); from portable; spotted by and ok dtucker@
2013-09-14 - djm@cvs.openbsd.org 2013/09/12 01:41:12Damien Miller
[clientloop.c] fix connection crash when sending break (~B) on ControlPersist'd session; ok dtucker@
2013-09-14 - sthen@cvs.openbsd.org 2013/09/07 13:53:11Damien Miller
[sshd_config] Remove commented-out kerberos/gssapi config options from sample config, kerberos support is currently not enabled in ssh in OpenBSD. Discussed with various people; ok deraadt@ ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
2013-09-14 - deraadt@cvs.openbsd.org 2013/09/02 22:00:34Damien Miller
[ssh-keygen.c sshconnect1.c sshd.c] All the instances of arc4random_stir() are bogus, since arc4random() does this itself, inside itself, and has for a very long time.. Actually, this was probably reducing the entropy available. ok djm ID SYNC ONLY for portable; we don't trust other arc4random implementations to do this right.
2013-09-14 - djm@cvs.openbsd.org 2013/08/31 00:13:54Damien Miller
[sftp.c] make ^w match ksh behaviour (delete previous word instead of entire line)
2013-09-14 - mikeb@cvs.openbsd.org 2013/08/28 12:34:27Damien Miller
[ssh-keygen.c] improve batch processing a bit by making use of the quite flag a bit more often and exit with a non zero code if asked to find a hostname in a known_hosts file and it wasn't there; originally from reyk@, ok djm