Age | Commit message (Collapse) | Author |
|
[sshd.c]
source port < 1024 is no longer required for rhosts-rsa since it
adds no additional security.
- markus@cvs.openbsd.org 2000/12/12 16:11:49
[ssh.1 ssh.c]
rhosts-rsa is no longer automagically disabled if ssh is not privileged.
UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
these changes should not change the visible default behaviour of the ssh client.
|
|
- markus@cvs.openbsd.org 2000/12/13 16:26:53
[ssh-keyscan.c]
fatal already adds \n; from stevesk@pobox.com
- markus@cvs.openbsd.org 2000/12/13 16:25:44
[ssh-agent.c]
remove redundant spaces; from stevesk@pobox.com
- ho@cvs.openbsd.org 2000/12/12 15:50:21
[pty.c]
When failing to set tty owner and mode on a read-only filesystem, don't
abort if the tty already has correct owner and reasonably sane modes.
Example; permit 'root' to login to a firewall with read-only root fs.
(markus@ ok)
- deraadt@cvs.openbsd.org 2000/12/13 06:36:05
[pty.c]
KNF
|
|
|
|
- markus@cvs.openbsd.org 2000/12/12 15:30:02
[ssh-keyscan.c ssh.c sshd.c]
consistently use __progname; from stevesk@pobox.com
|
|
from Andreas M. Kirchwitz <amk@krell.zikzak.de>
|
|
|
|
- markus@cvs.openbsd.org 2000/12/10 17:01:53
[sshconnect1.c]
always request new challenge for skey/tis-auth, fixes interop with
other implementations; report from roth@feep.net
|
|
- (bal) Applied patch to include ssh-keyscan into Redhat's package, and
patch to install ssh-keyscan manpage. Patch by Pekka Savola
<pekka@netcore.fi>
|
|
- provos@cvs.openbsd.org 2000/12/09 23:51:11
[compat.c]
remove unnecessary '\n'
|
|
- (bal) OpenBSD CVS updates
- markus@cvs.openbsd.org 2000/12/09 13:41:51
[cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
undo rijndael changes
- markus@cvs.openbsd.org 2000/12/09 13:48:31
[rijndael.c]
fix byte order bug w/o introducing new implementation
- markus@cvs.openbsd.org 2000/12/09 14:08:27
[sftp-server.c]
"" -> "." for realpath; from vinschen@redhat.com
- markus@cvs.openbsd.org 2000/12/09 14:06:54
[ssh-agent.c]
extern int optind; from stevesk@sweden.hp.com
|
|
- (bal) OpenSSH CVS updates:
- djm@cvs.openbsd.org 2000/12/07 4:24:59
[ssh.1]
Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
|
|
[rijndael.c]
unexpand(1)
- markus@cvs.openbsd.org 2000/12/06 23:05:43
[cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
new rijndael implementation. fixes endian bugs
|
|
- (bal) OpenSSH CVS updates:
- markus@cvs.openbsd.org 2000/12/06 22:58:14
[compat.c compat.h packet.c]
disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
|
|
- markus@cvs.openbsd.org 2000/12/06 19:57:48
[ssh-keyscan.c]
err(3) -> internal error(), from stevesk@sweden.hp.com
|
|
have it (used in ssh-keyscan).
|
|
- (bal) OpenSSH CVS updates:
- markus@cvs.openbsd.org 2000/12/05 20:34:09
[channels.c channels.h clientloop.c serverloop.c]
async connects for -R/-L; ok deraadt@
- todd@cvs.openssh.org 2000/12/05 16:47:28
[sshd.c]
tweak comment to reflect real location of pid file; ok provos@
|
|
|
|
- (bal) OpenSSH CVS updates:
- markus@cvs.openbsd.org 2000/12/04 19:24:02
[ssh-keyscan.c ssh-keyscan.1]
David Maziere's ssh-keyscan, ok niels@
- (bal) Updated Makefile.in to include ssh-keyscan that was just added
to the recent OpenBSD source tree.
|
|
- (bal) More C functions defined in NeXT that are unaccessable without
defining -POSIX.
- (bal) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/12/03 11:29:04
[compat.c]
remove fallback to SSH_BUG_HMAC now that the drafts are updated
- markus@cvs.openbsd.org 2000/12/03 11:27:55
[compat.c]
correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat
- markus@cvs.openbsd.org 2000/12/03 11:15:03
[auth2.c compat.c compat.h sshconnect2.c]
support f-secure/ssh.com 2.0.12; ok niels@
|
|
PAM authentication using KbdInteractive.
- (djm) Added another TODO
|
|
- (bal) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/11/30 22:54:31
[channels.c]
debug->warn if tried to do -R style fwd w/o client requesting this;
ok neils@
- markus@cvs.openbsd.org 2000/11/29 20:39:17
[cipher.c]
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
- markus@cvs.openbsd.org 2000/11/30 18:33:05
[ssh-agent.c]
agents must not dump core, ok niels@
- markus@cvs.openbsd.org 2000/11/30 07:04:02
[ssh.1]
T is for both protocols
- markus@cvs.openbsd.org 2000/12/01 00:00:51
[ssh.1]
typo; from green@FreeBSD.org
- markus@cvs.openbsd.org 2000/11/30 07:02:35
[ssh.c]
check -T before isatty()
- provos@cvs.openbsd.org 2000/11/29 13:51:27
[sshconnect.c]
show IP address and hostname when new key is encountered. okay markus@
- markus@cvs.openbsd.org 2000/11/30 22:53:35
[sshconnect.c]
disable agent/x11/port fwding if hostkey has changed; ok niels@
- marksu@cvs.openbsd.org 2000/11/29 21:11:59
[sshd.c]
sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
|
|
shell/sshd not sending a -TERM/-HUP to the grandchildren at the right
time in the exiting process.
|
|
- (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
- (bal) Irix need some sort of mansubdir, patch by Michael Stone
<mstone@cs.loyola.edu>
Also removed a finished entry in TODO, and changed my address in the
CREDITS file to match my new home address.
|
|
if there are background children with open fds.
|
|
|
|
more manpage paths in fixpaths calls
- (djm) Also add xauth path at Pekka's suggestion.
|
|
|
|
- provos@cvs.openbsd.org 2000/11/22 08:38:31
[sshd.8]
talk about /etc/primes, okay markus@
- markus@cvs.openbsd.org 2000/11/23 14:03:48
[ssh.c sshconnect1.c sshconnect2.c]
complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
defaults
- markus@cvs.openbsd.org 2000/11/25 09:42:53
[sshconnect1.c]
reorder check for illegal ciphers, bugreport from espie@
- markus@cvs.openbsd.org 2000/11/25 10:19:34
[ssh-keygen.c ssh.h]
print keytype when generating a key.
reasonable defaults for RSA1/RSA/DSA keys.
|
|
- (djm) Don't fail in defines.h on absence of 64 bit types (we will
still fail during compilation of sftp-server).
- (djm) Fail if ar is not found during configure
|
|
|
|
|
|
- (bal) Merge OpenBSD changes:
- markus@cvs.openbsd.org 2000/11/15 22:31:36
[auth-options.c]
case insensitive key options; from stevesk@sweeden.hp.com
- markus@cvs.openbsd.org 2000/11/16 17:55:43
[dh.c]
do not use perror() in sshd, after child is forked()
- markus@cvs.openbsd.org 2000/11/14 23:42:40
[auth-rsa.c]
parse option only if key matches; fix some confusing seen by the client
- markus@cvs.openbsd.org 2000/11/14 23:44:19
[session.c]
check no_agent_forward_flag for ssh-2, too
- markus@cvs.openbsd.org 2000/11/15
[ssh-agent.1]
reorder SYNOPSIS; typo, use .It
- markus@cvs.openbsd.org 2000/11/14 23:48:55
[ssh-agent.c]
do not reorder keys if a key is removed
- markus@cvs.openbsd.org 2000/11/15 19:58:08
[ssh.c]
just ignore non existing user keys
- millert@cvs.openbsd.org 200/11/15 20:24:43
[ssh-keygen.c]
Add missing \n at end of error message.
|
|
- (bal) Minor patch to ensure platforms lacking IRIX job limit supports
are compilable.
- (bal) Updated TODO as of 11/18/2000 with known things to resolve.
|
|
- (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
Shinichi Maruyama <marya@st.jip.co.jp>
I assume the progname patch was finished. I believe stevek is on vacation,
but it passes compiling under Linux and NeXTStep.
|
|
- (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It
has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com>
|
|
- (bal) Added in MAXSYMLINK test in bsd-realpath.c. Required for some SCO
releases.
- (bal) Make builds work outside of source tree. Patch by Mark D. Roth
<roth@feep.net>
|
|
|
|
|
|
|
|
|
|
- markus@cvs.openbsd.org 2000/11/06 16:04:56
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c ssh.c]
agent forwarding and -R for ssh2, based on work from
jhuuskon@messi.uku.fi
- markus@cvs.openbsd.org 2000/11/06 16:13:27
[ssh.c sshconnect.c sshd.c]
do not disabled rhosts(rsa) if server port > 1024; from
pekkas@netcore.fi
- markus@cvs.openbsd.org 2000/11/06 16:16:35
[sshconnect.c]
downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
- markus@cvs.openbsd.org 2000/11/09 18:04:40
[auth1.c]
typo; from mouring@pconline.com
- markus@cvs.openbsd.org 2000/11/12 12:03:28
[ssh-agent.c]
off-by-one when removing a key from the agent
- markus@cvs.openbsd.org 2000/11/12 12:50:39
[auth-rh-rsa.c auth2.c authfd.c authfd.h]
[authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
[readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
[sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
[ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
add support for RSA to SSH2. please test.
there are now 3 types of keys: RSA1 is used by ssh-1 only,
RSA and DSA are used by SSH2.
you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
keys for SSH2 and use the RSA keys for hostkeys or for user keys.
SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
- (djm) Fix up Makefile and Redhat init script to create RSA host keys
- (djm) Change to interim version
|
|
contrib/README
|
|
failed ioctl(TIOCSCTTY) call.
|
|
- (bal) SCO Patch to add needed libraries for configure.in. Patch by
Phillips Porch <root@theporch.com>
- (bal) IRIX patch to adding Job Limits. Patch by Denis Parker <dcp@sgi.com>
|
|
it wrong. Report from Bennett Todd <bet@rahul.net>
|
|
promoted to type int. Report and fix from Dan Astoorian
<djast@cs.toronto.edu>
|
|
|
|
|
|
packaging files
|
|
- INSTALL minor correction for s/key
- and I forgot to submit loginrec.c even after I put it in the ChangeLog =)
|