| Age | Commit message (Collapse) | Author |
|---|
|
[sshconnect2.c]
for pubkey authentication try the user keys in the following order:
1. agent keys that are found in the config file
2. other agent keys
3. keys that are only listed in the config file
this helps when an agent has many keys, where the server might
close the connection before the correct key is used. report & ok pb@
|
|
[channels.c clientloop.c serverloop.c session.c ssh.c]
make channel_new() strdup the 'remote_name' (not the caller); ok theo
|
|
[authfile.c ssh-keygen.c]
change key_load_public to try to read a public from:
rsa1 private or rsa1 public and ssh2 keys.
this makes ssh-keygen -e fail for ssh1 keys more gracefully
for example; report from itojun (netbsd pr 20550).
|
|
[sshd.8]
fix invalid .Pf macro usage introduced in previous commit
ok jmc@ mouring@
|
|
[sshd.8 sshd_config.5]
Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable
Bug #550 and * escaping suggested by jmc@.
|
|
[ssh-keyscan.c]
-t in usage(); rogier@quaak.org
|
|
[auth.h]
document struct Authctxt; with solar
|
|
[sftp-int.c]
Missing globfree(&g) in process_put() spotted by Vince Brimhall
<VBrimhall@novell.com>. ok@ Theo
|
|
[channels.c sshconnect.c sshd.c ssh-keyscan.c]
avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
|
|
[ssh.1]
document -V switch, fix wording; ok markus@
|
|
[misc.c]
debug->debug2
|
|
[cipher.c]
hide cipher details; ok djm@
|
|
- djm@cvs.openbsd.org 2003/04/09 12:00:37
[readconf.c]
strip trailing whitespace from config lines before parsing.
Fixes bz 528; ok markus@
|
|
|
|
|
|
building with GNOME/GTK askpass (patch from bet@rahul.net)
|
|
andre@ae-35.com
|
|
proper challenge-response module
|
|
problem on Linux (fixes "could not set controlling tty" errors).
Also renames STREAMS_PUSH_ACQUIRES_CTTY to the more generic SSHD_ACQUIRES_CTTY
and moves the Solaris-specific comments to configure.ac.
|
|
"make install". Patch by roth@feep.net.
|
|
|
|
vinschen@redhat.com.
|
|
by wendyp@cray.com.
|
|
|
|
specific record_failed_login() function (affects AIX & Unicos).
|
|
privsep should now work.
|
|
Makefile many moons ago
- (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
- (djm) Fix blibpath specification for AIX/gcc
- (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
|
|
hacked code.
|
|
|
|
|
|
as well clean out some of those evil #ifdefs
|
|
furrier@iglou.com
|
|
from matth@eecs.berkeley.edu
|
|
|
|
[servconf.c]
Don't include <krb.h> when compiling with Kerberos 5 support
|
|
[*.c *.h]
rename log() into logit() to avoid name conflict. markus ok, from
netbsd
- (djm) XXX - Performed locally using:
"perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h"
- (djm) Fix up missing include for packet.c
|
|
|
|
[progressmeter.c]
The UCB copyright here is incorrect. This code did not originate
at UCB, it was written by Luke Mewburn. Updated the copyright at
the author's request. markus@ OK
|
|
[monitor_wrap.c]
typo: get correct counters; introduced during rekeying change.
|
|
[progressmeter.c]
$OpenBSD$
- itojun@cvs.openbsd.org 2003/04/03 10:17:35
[progressmeter.c]
remove $OpenBSD$, as other *.c does not have it.
|
|
[ssh-keysign.c]
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
|
- markus@cvs.openbsd.org 2003/04/02 09:48:07
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
reapply rekeying chage, tested by henning@, ok djm@
|
|
|
|
from matth@eecs.berkeley.edu
|
|
packet_set_tos() function call. bug #527
|
|
|
|
|
|
[version.h]
3.6.1
|
|
[compat.c compat.h kex.c]
bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
tested by ho@ and myself
|
|
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
- markus@cvs.openbsd.org 2003/04/01 10:22:21
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
backout rekeying changes (for 3.6.1)
|
