Age | Commit message (Collapse) | Author |
|
ralf.hack AT pipex.net; ok dtucker@
|
|
/usr/local being a symbolic link. Fixes problem reported by Henry Grebler.
|
|
just HEIMDAL.
Currently this will make no difference, as only Heimdal (which defines KRB5
anyway) has libkafs, however a libkafs that works with MIT may become
available. In that case it will be used too.
|
|
GSSAPI detection, libs and includes. ok djm@
|
|
[sshpty.c]
for pty opening, only use the openpty() path. the other stuff only needs
to be in openssh-p; markus ok
- (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an
openpty() replacement
|
|
[sftp.c]
initialise infile in main, rather than statically - from portable
|
|
[auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
|
[channels.c]
fake consumption for half closed channels since the peer is waiting for
window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@
reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo'
|
|
[compress.c]
cast for portability; millert@
|
|
[compress.c session.c]
-Wall; ok henning
|
|
[sftp.1]
remove unnecessary Ic's;
kill whitespace at EOL;
ok djm@
|
|
[sftp-int.c sftp.1 sftp.c]
Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and
enable use of "-b -" to accept batchfile from stdin; ok markus@
|
|
|
|
test for case where cleanup has already run.
|
|
unexpectedly. with & ok djm@
|
|
functional changes.
This is in preparation for a change to catch the authentication thread
exitting unexpectedly, to split functional and cosmetic changes.
|
|
|
|
only define if not already. From des at freebsd.org.
|
|
Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@
|
|
cjwatson at debian.org.
|
|
jakob@
|
|
Report from jakob@
|
|
|
|
jakob@
|
|
|
|
[auth2-passwd.c]
Ignore password change request during password auth (which we currently
don't support) and discard proposed new password. corrections/ok markus@
|
|
[sshd_config]
KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
|
|
[servconf.c servconf.h session.c sshd_config]
implement KerberosGetAFSToken server option. ok markus@, beck@
|
|
[cipher-3des1.c]
EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr
|
|
[moduli.c ssh-keygen.1 ssh-keygen.c]
tidy up moduli generation debugging, add -v (verbose/debug) option to
ssh-keygen; ok markus@
|
|
typedef size_t ourselves.
|
|
|
|
authentication. Partially fixes bug #423. Feedback & ok djm@
Some background on why this is the way it is:
* Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so
we must call do_pam_account() to figure out if the password is expired.
* AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the
authentication thread and once from the main shell child, so we cache the
result, which must be passed from the authentication thread back to the
monitor.
|
|
|
|
using a real 'signal()' (Noticed by a NeXT Compile)
|
|
setres[ug]id() present but not implemented (eg some Linux/glibc
combinations).
|
|
[dh.c]
use <= instead of < in dh_estimate; ok provos/hshoexer;
do not return < DH_GRP_MIN
|
|
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
[ssh.c ssh_config.5]
application layer keep alive (ServerAliveInterval ServerAliveCountMax)
for ssh(1), similar to the sshd(8) option; ok beck@; with help from
jmc and dtucker@
|
|
[ssh_config.5]
we don't support GSS KEX; from Simon Wilkinson
|
|
[clientloop.c]
Clear exit code when ssh -N is terminated with a SIGTERM. ok markus@
|
|
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
|
|
[ssh.c]
don't modify argv for ssh -o; similar to sshd.c 1.283
|
|
[sshd.c]
fix -o and HUP; ok henning@
|
|
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/12/09 15:28:43
[serverloop.c]
make ClientKeepAlive work for ssh -N, too (no login shell requested).
1) send a bogus channel request if we find a channel
2) send a bogus global request if we don't have a channel
ok + test beck@
|
|
[moduli.c]
Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
they can't be used for Diffie-Hellman. Assistance and ok djm@
|
|
|
|
[moduli.c]
remove unused debugging #define templates
|
|
[kexgexc.c]
print requested group size in debug; ok djm
|
|
[channels.c session.c ssh-agent.c ssh.h sshd.c]
use SSH_LISTEN_BACKLOG (=128) in listen(2).
|
|
[progressmeter.c]
improvments from andreas@:
* saner speed estimate for transfers that takes less than a second by
rounding the time to 1 second.
* when the transfer is finished calculate the actual total speed
rather than the current speed which is given during the transfer
|