Age | Commit message (Collapse) | Author |
|
[ssh.1]
add VisualHostKey to the list of options listed in -o;
|
|
[readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
Move SSH Fingerprint Visualization away from sharing the config option
CheckHostIP to an own config option named VisualHostKey.
While there, fix the behaviour that ssh would draw a random art picture
on every newly seen host even when the option was not enabled.
prodded by deraadt@, discussions,
help and ok markus@ djm@ dtucker@
|
|
[dh.c dh.h moduli.c]
when loading moduli from /etc/moduli in sshd(8), check that they
are of the expected "safe prime" structure and have had
appropriate primality tests performed;
feedback and ok dtucker@
|
|
[sftp-client.c sftp-server.c]
allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
bits. Note that this only affects explicit setting of modes (e.g. via
sftp(1)'s chmod command) and not file transfers. (bz#1310)
ok deraadt@ at c2k8
|
|
[key.c]
add key length to visual fingerprint; zap magical constants;
ok grunk@ djm@
|
|
- martynas@cvs.openbsd.org 2008/06/21 07:46:46
[sftp.c]
use optopt to get invalid flag, instead of return value of getopt,
which is always '?'; ok djm@
|
|
RFC.nroff lacks a license, remove it (it is long gone in OpenBSD).
|
|
[contrib/suse/openssh.spec] Include moduli.5 in RPM spec files.
|
|
(bz#1372)
|
|
|
|
[session.c channels.c]
Rename the isatty argument to is_tty so we don't shadow
isatty(3). ok markus@
|
|
|
|
[channels.c channels.h session.c]
don't call isatty() on a pty master, instead pass a flag down to
channel_set_fds() indicating that te fds refer to a tty. Fixes a
hang on exit on Solaris (bz#1463) in portable but is actually
a generic bug; ok dtucker deraadt markus
|
|
[servconf.c sshd_config.5]
Allow MaxAuthTries within a Match block. ok djm@
|
|
[sshd_config.5]
MaxSessions is allowed in a Match block too
|
|
[scp.1]
Mention that scp follows symlinks during -r. bz #1466,
from nectar at apple
|
|
[session.c]
suppress the warning message from chdir(homedir) failures
when chrooted (bz#1461); ok dtucker
|
|
[sshd.c]
ensure default umask disallows at least group and world write; ok djm@
|
|
- dtucker@cvs.openbsd.org 2008/06/14 15:49:48
[sshd.c]
wrap long line at 80 chars
|
|
|
|
replacement code; patch from ighighi AT gmail.com in bz#1240;
ok dtucker
|
|
despite its name doesn't seem to implement all of GSSAPI. Patch from
Jan Engelhardt, sanity checked by Simon Wilkinson.
|
|
[ssh.1]
Explain the use of SSH fpr visualization using random art, and cite the
original scientific paper inspiring that technique.
Much help with English and nroff by jmc@, thanks.
|
|
[scp.c]
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
|
[mux.c]
Friendlier error messages for mux fallback. ok djm@
|
|
[auth2-pubkey.c auth-rhosts.c]
Include unistd.h for close(), prevents warnings in -portable
|
|
[monitor.c]
Clear key options in the monitor on failed authentication, prevents
applying additional restrictions to non-pubkey authentications in
the case where pubkey fails but another method subsequently succeeds.
bz #1472, found by Colin Watson, ok markus@ djm
|
|
[packet.c]
compile on older gcc; no decl after code
|
|
compiler warnings on some platforms. Based on a discussion with otto@
|
|
[auth2-pubkey.c auth-rhosts.c]
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
regular files; report from Solar Designer via Colin Watson in bz#1471
ok dtucker@ deraadt@
|
|
[misc.c]
upcast uid to long with matching %ld, prevents warnings in portable
|
|
on big endian machines, so ifdef them for little endian only to prevent
unused function warnings.
|
|
systems. Patch from R. Scott Bailey.
|
|
[mac.c]
upcast another size_t to u_long to match format
|
|
[mux.c]
upcast size_t to u_long to match format arg; ok djm@
|
|
from Todd Vierling.
|
|
[mux.c]
fall back to creating a new TCP connection on most multiplexing errors
(socket connect fail, invalid version, refused permittion, corrupted
messages, etc.); bz #1329 ok dtucker@
|
|
[sftp.h log.h]
replace __dead with __attribute__((noreturn)), makes things
a little easier to port. Also, add it to sigdie(). ok djm@
|
|
[sshconnect.c]
tweak wording in message, ok deraadt@ jmc@
|
|
[key.c]
add my copyright, ok djm@
|
|
[ssh-keygen.c]
make ssh-keygen -lf show the key type just as ssh-add -l would do it
ok djm@ markus@
|
|
[clientloop.c]
I was coalescing expected global request confirmation replies at
the wrong end of the queue - fix; prompted by markus@
|
|
[sftp-client.c]
print extension revisions for extensions that we understand
|
|
[sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
Make keepalive timeouts apply while waiting for a packet, particularly
during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
|
|
[ssh_config.5 ssh-keygen.1]
tweak the ascii art text; ok grunk
|
|
takes 2 more args. with djm@
|
|
[ssh_config.5 ssh.c]
keyword expansion for localcommand. ok djm@
|
|
[clientloop.h channels.h clientloop.c channels.c mux.c]
The multiplexing escape char handler commit last night introduced a
small memory leak per session; plug it.
|
|
[key.c]
We already mark the start of the worm, now also mark the end of the worm
in our random art drawings.
ok djm@
|
|
[key.c]
supply the key type (rsa1, rsa, dsa) as a caption in the frame of the
random art. while there, stress the fact that the field base should at
least be 8 characters for the pictures to make sense.
comment and ok djm@
|