Age | Commit message (Collapse) | Author |
|
[auth.c]
Output a debug if we can't open an existing keyfile. bz#1694, ok djm@
|
|
[servconf.c]
Add ChrootDirectory to sshd.c test-mode output
|
|
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
Remove RoutingDomain from ssh since it's now not needed. It can be
replaced with "route exec" or "nc -V" as a proxycommand. "route exec"
also ensures that trafic such as DNS lookups stays withing the specified
routingdomain. For example (from reyk):
# route -T 2 exec /usr/sbin/sshd
or inherited from the parent process
$ route -T 2 exec sh
$ ssh 10.1.2.3
ok deraadt@ markus@ stevesk@ reyk@
|
|
Remove hacks add for RoutingDomain in preparation for its removal.
|
|
|
|
[sshd.c]
Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs
itself. Prevents two HUPs in quick succession from resulting in sshd
dying. bz#1692, patch from Colin Watson via Ubuntu.
|
|
[sftp.c]
Prevent sftp from derefing a null pointer when given a "-" without a
command. Also, allow whitespace to follow a "-". bz#1691, path from
Colin Watson via Debian. ok djm@ deraadt@
|
|
[roaming_client.c]
Remove a PRIu64 format string that snuck in with roaming. ok djm@
|
|
[mux.c sshpty.h clientloop.c sshtty.c]
quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we
usually don't actually have a tty to read/set; bz#1686 ok dtucker@
|
|
[sftp-server.8]
bad place to forget a comma...
|
|
[PROTOCOL]
tweak language
|
|
[sftp-server.c sftp-server.8]
add a 'read-only' mode to sftp-server(8) that disables open in write mode
and all other fs-modifying protocol methods. bz#430 ok dtucker@
|
|
when using utmpx. Patch from Ed Schouten.
|
|
|
|
|
|
have it.
|
|
[sftp.c]
Fix two warnings: possibly used unitialized and use a nul byte instead of
NULL pointer. ok djm@
|
|
|
|
to eliminate an unused variable warning.
|
|
be created.
|
|
too.
|
|
RoutingDomain an unsupported option on platforms that don't have it.
|
|
don't have libedit.
|
|
|
|
files for roaming and add to Makefile.
|
|
[sftp-server.c]
bz#1566 don't unnecessarily dup() in and out fds for sftp-server;
ok markus@
|
|
[sftp.c]
Implement tab-completion of commands, local and remote filenames for sftp.
Hacked on and off for some time by myself, mouring, Carlos Silva (via 2009
Google Summer of Code) and polished to a fine sheen by myself again.
It should deal more-or-less correctly with the ikky corner-cases presented
by quoted filenames, but the UI could still be slightly improved.
In particular, it is quite slow for remote completion on large directories.
bz#200; ok markus@
|
|
[sshconnect2.c]
Don't escape backslashes in the SSH2 banner. bz#1533, patch from
Michal Gorny via Gentoo.
|
|
[sshd_config.5 ssh_config.5]
sort previous;
|
|
[sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1]
Rename RDomain config option to RoutingDomain to be more clear and
consistent with other options.
NOTE: if you currently use RDomain in the ssh client or server config,
or ssh/sshd -o, you must update to use RoutingDomain.
ok markus@ djm@
|
|
[readconf.c servconf.c misc.h ssh-keyscan.c misc.c]
validate routing domain is in range 0-RT_TABLEID_MAX.
'Looks right' deraadt@
|
|
[PROTOCOL]
fix an incorrect magic number and typo in PROTOCOL; bz#1688
report and fix from ueno AT unixuser.org
|
|
[ssh.c sftp.c scp.c]
When passing user-controlled options with arguments to other programs,
pass the option and option argument as separate argv entries and
not smashed into one (e.g., as -l foo and not -lfoo). Also, always
pass a "--" argument to stop option parsing, so that a positional
argument that starts with a '-' isn't treated as an option. This
fixes some error cases as well as the handling of hostnames and
filenames that start with a '-'.
Based on a diff by halex@
ok halex@ djm@ deraadt@
|
|
[key.c]
switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537
for the RSA public exponent; discussed with provos; ok djm@
|
|
[sftp.c]
fix potential divide-by-zero in sftp's "df" output when talking to a server
that reports zero files on the filesystem (Unix filesystems always have at
least the root inode). From Steve McClellan at radisys, ok djm@
|
|
[roaming_common.c]
use socklen_t for getsockopt optlen parameter; reported by
Steve.McClellan AT radisys.com, ok dtucker@
|
|
[sshconnect2.c]
zap unused variable and strlen; from Steve McClellan, ok djm
|
|
[sftp.c]
make passing of zero-length arguments to ssh safe by
passing "-<switch>" "<value>" rather than "-<switch><value>"
ok dtucker@, guenther@, djm@
|
|
[misc.c]
correct off-by-one in percent_expand(): we would fatal() when trying
to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually
work. Note that nothing in OpenSSH actually uses close to this limit at
present. bz#1607 from Jan.Pechanec AT Sun.COM
|
|
[sshconnect2.c]
Use the HostKeyAlias when prompting for passwords. bz#1039, ok djm@
|
|
[sftp.c]
bz#1588 change "Connecting to host..." message to "Connected to host."
and delay it until after the sftp protocol connection has been established.
Avoids confusing sequence of messages when the underlying ssh connection
experiences problems. ok dtucker@
|
|
[session.c]
Warn but do not fail if stat()ing the subsystem binary fails. This helps
with chrootdirectory+forcecommand=sftp-server and restricted shells.
bz #1599, ok djm.
|
|
[session.c]
bz#1606: error when an attempt is made to connect to a server
with ForceCommand=internal-sftp with a shell session (i.e. not a
subsystem session). Avoids stuck client when attempting to ssh to such a
service. ok dtucker@
|
|
[clientloop.c]
fix incorrect exit status when multiplexing and channel ID 0 is recycled
bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
|
|
[channels.c channels.h]
fix race condition in x11/agent channel allocation: don't read after
the end of the select read/write fdset and make sure a reused FD
is not touched before the pre-handlers are called.
with and ok djm@
|
|
[sshconnect2.c channels.c sshconnect.c]
Set close-on-exec on various descriptors so they don't get leaked to
child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
|
|
[sshd_config.5]
clarify that StrictModes does not apply to ChrootDirectory. Permissions
and ownership are always checked when chrooting. bz#1532
|
|
[ssh_config.5]
explain the constraints on LocalCommand some more so people don't
try to abuse it.
|
|
[sshd_config.5 sftp.1]
tweak previous;
|
|
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
ok markus@
|