Age | Commit message (Collapse) | Author |
|
- reyk@cvs.openbsd.org 2005/12/13 15:03:02
[serverloop.c]
if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
|
|
openbsd-compat/openssl-compat.h] Check for and work around broken AES
ciphers >128bit on (some) Solaris 10 systems. ok djm@
|
|
snprintf replacement can have a conflicting declaration in HP-UX's system
headers (const vs. no const) so we now check for and work around it. Patch
from the dynamic duo of David Leonard and Ted Percival.
|
|
scp.c also uses, so undef them here.
|
|
[regress/scp-ssh-wrapper.sh]
Fix assumption about how many args scp will pass; ok djm@
|
|
again by providing a sys_tun_open() function for your platform and
setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
OpenBSD's tunnel protocol, which prepends the address family to the
packet
|
|
[channels.c channels.h session.c]
make sure protocol messages for internal channels are ignored.
allow adjust messages for non-open channels; with and ok djm@
|
|
[ssh_config.5]
new sentence, new line;
|
|
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
[serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
two changes to the new ssh tunnel support. this breaks compatibility
with the initial commit but is required for a portable approach.
- make the tunnel id u_int and platform friendly, use predefined types.
- support configuration of layer 2 (ethernet) or layer 3
(point-to-point, default) modes. configuration is done using the
Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
in sshd_config(5).
ok djm@, man page bits by jmc@
|
|
[ssh_config.5]
keep options in order;
|
|
[ssh.1 ssh_config.5]
make `!command' a little clearer;
ok reyk
|
|
[ssh.1]
- avoid line split in SYNOPSIS
- add args to -w
- kill trailing whitespace
|
|
[clientloop.c]
reyk forgot to compile with -Werror (missing header)
|
|
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
|
[ssh.1]
avoid ambiguities in describing TZ;
ok djm@
|
|
- jmc@cvs.openbsd.org 2005/11/30 11:18:27
[ssh.1]
timezone -> time zone
|
|
|
|
in top level directory and not noticed for over a year :)
|
|
for UnixWare.
|
|
[ssh-keygen.c]
Populate default key sizes before checking them; from & ok tim@
|
|
bits == 0.
|
|
_GNU_SOURCE instead. Patch from t8m at centrum.cz.
|
|
[ssh-agent.1]
Update agent socket path templates to reflect reality, correct xref for
time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
|
|
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
increase minumum RSA key size to 768 bits and update man page to reflect
these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
ok djm@, grudging ok deraadt@.
|
|
versions of GNU head. Based on patch from zappaman at buraphalinux.org
|
|
when they're available) need the real UID set otherwise pam_chauthtok will
set ADMCHG after changing the password, forcing the user to change it
again immediately.
|
|
snprintf formats, fixes warnings on some 64 bit platforms. Patch from
shaw at vranix.com, ok djm@
|
|
resolver state in resolv.h is "state" not "__res_state". With slight
modification by me to also work on old AIXes. ok djm@
|
|
many and use them only once. Speeds up testing on older/slower hardware.
|
|
order in Reliant Unix block. Patch from johane at lysator.liu.se.
|
|
openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
asprintf() implementation, after syncing our {v,}snprintf() implementation
with some extra fixes from Samba's version. With help and debugging from
dtucker and tim; ok dtucker@
|
|
from shaw at vranix.com.
|
|
[hostfile.c]
Correct format/arguments to debug call; spotted by shaw at vranix.com
ok djm@
|
|
[auth-krb5.c]
Perform Kerberos calls even for invalid users to prevent leaking
information about account validity. bz #975, patch originally from
Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
ok markus@
|
|
[includes.h]
Include sys/queue.h explicitly instead of assuming some other header
will pull it in. At the moment it gets pulled in by sys/select.h
(which ssh has no business including) via event.h. OK markus@
(ID sync only in -portable)
|
|
[scp.c]
avoid close(-1), as in rcp; ok cloder
|
|
[ssh-add.c]
space
|
|
is going on.
|
|
test: if sshd takes too long to reconfigure the subsequent connection will
fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
|
|
|
|
|
|
|
|
|
|
ifdef lost during sync. Spotted by tim@.
|
|
doesn't change between versions, and use a safer default.
|
|
Id and copyright sync only, there were no substantial changes we need.
|
|
|
|
-Wall fixes from djm.
|
|
Id and copyright sync only, there were no substantial changes we need.
|
|
|