Age | Commit message (Collapse) | Author |
|
Roger Cornelius <rac@tenzing.org>
|
|
|
|
|
|
|
|
<vinschen@redhat.com>
|
|
<vinschen@redhat.com> Could be abused to guess valid usernames
|
|
make programs.
|
|
portable lib and __progname support for ssh-rand-helper; ok djm@
|
|
|
|
was not being maintained.
|
|
solar@openwall.com
- (djm) Rework entropy code. If the OpenSSL PRNG is has not been
internally seeded, execute a subprogram "ssh-rand-helper" to obtain
some entropy for us. Rewrite the old in-process entropy collecter as
an example ssh-rand-helper.
- (djm) Always perform ssh_prng_cmds path lookups in configure, even if
we don't end up using ssh_prng_cmds (so we always get a valid file)
|
|
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
[dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
[sshconnect2.c]
Conformance fix: we should send failing packet sequence number when
responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
yakk@yakk.dot.net; ok markus@
|
|
[channels.c channels.h session.c]
setup x11 listen socket for just one connect if the client requests so.
(v2 only, but the openssh client does not support this feature).
|
|
[authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c]
change the buffer/packet interface to use void* vs. char*; ok markus@
|
|
[serverloop.c]
fix race between SIGCHLD and select with an additional pipe. writing
to the pipe on SIGCHLD wakes up select(). using pselect() is not
portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
initial idea by pmenage@ensim.com; ok deraadt@, djm@
|
|
|
|
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
|
|
[auth-rsa.c]
log fingerprint on successful public key authentication, simplify usage of key structs; ok markus@
|
|
[auth2.c]
log fingerprint on successful public key authentication; ok markus@
|
|
[auth.h hostfile.c hostfile.h]
remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@
|
|
[ssh-keyscan.c]
check that server supports v1 for -t rsa1, report from wirth@dfki.de
|
|
[sshd.c]
possible fd leak on error; ok markus@
|
|
[auth2.c auth2-chall.c auth.h]
add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
fixes memleak.
|
|
[channels.c pathnames.h]
use only one path to X11 UNIX domain socket vs. an array of paths
to try. report from djast@cs.toronto.edu. ok markus@
|
|
server. I have found this necessary to avoid server hangs with X input
extensions (e.g. kinput2). Enable by setting the environment variable
"GNOME_SSH_ASKPASS_NOGRAB"
|
|
- stevesk@cvs.openbsd.org 2001/11/29 14:10:51
[channels.h channels.c session.c]
sshd X11 fake server will now listen on localhost by default:
$ echo $DISPLAY
localhost:12.0
$ netstat -an|grep 6012
tcp 0 0 127.0.0.1.6012 *.* LISTEN
tcp6 0 0 ::1.6012 *.* LISTEN
sshd_config gatewayports=yes can be used to revert back to the old
behavior. will control this with another option later. ok markus@
- stevesk@cvs.openbsd.org 2001/12/19 08:43:11
[includes.h session.c]
handle utsname.nodename case for FamilyLocal X authorization; ok markus@
|
|
[channels.c]
disable nagle for X11 fake server and client TCPs. from netbsd.
ok markus@
|
|
[channels.c session.c]
strncpy->strlcpy. remaining strncpy's are necessary. ok markus@
|
|
[channels.c sshconnect.c]
shutdown(sock, SHUT_RDWR) not needed here; ok markus@
|
|
fake-regex.h
|
|
[servconf.c servconf.h sshd.8 sshd.c]
add -o to sshd, too. ok deraadt@
- (bal) Minor white space fix up in servconf.c
|
|
[compat.c match.c match.h]
make theo and djm happy: bye bye regexp
|
|
[version.h]
post 3.0.2
|
|
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
minor KNF
|
|
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
sshconnect2.c]
make it compile with more strict prototype checking
|
|
[clientloop.c serverloop.c sshd.c]
deal with LP64 printf issue with sig_atomic_t. from thorpej
|
|
[sftp-common.c]
zap };
|
|
[session.c sshd.8]
don't pass user defined variables to /usr/bin/login
|
|
[ssh.c]
sscanf() length dependencies are clearer now; can also shrink proto
and data if desired, but i have not done that. ok markus@
|
|
[auth-rsa.c]
fix protocol error: send 'failed' message instead of a 2nd challenge
(happens if the same key is in authorized_keys twice).
reported Ralf_Meister@genua.de; ok djm@
|
|
[channels.h]
remove dead function prototype; ok markus@
|
|
[clientloop.c serverloop.c sshd.c]
volatile sig_atomic_t
|
|
[ssh-keyscan.c]
don't use "\n" in fatal()
|
|
[ssh-keygen.1]
more on passphrase construction; ok markus@
|
|
[key.c]
mem leak
|
|
[deattack.c radix.c]
kill more registers
millert@ ok
|
|
[ssh-agent.1]
clarify/state that private keys are not exposed to clients using the
agent; ok markus@
|
|
[sshd.c]
fd leak on HUP; ok stevesk@
|
|
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
enum/int type cleanup where it made sense to do so; ok markus@
|
|
[ssh-keyscan.c]
handle empty lines instead of dumping core; report from sha@sha-1.net
|