| Age | Commit message (Collapse) | Author |
|---|
|
[channels.c channels.h clientloop.c serverloop.c session.c]
fix regression I introduced in 4.2: X11 forwardings initiated after
a session has exited (e.g. "(sleep 5; xterm) &") would not start.
bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
|
|
- markus@cvs.openbsd.org 2005/10/07 11:13:57
[ssh-keygen.c]
change DSA default back to 1024, as it's defined for 1024 bits only
and this causes interop problems with other clients. moreover,
in order to improve the security of DSA you need to change more
components of DSA key generation (e.g. the internal SHA1 hash);
ok deraadt
|
|
Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
via FreeBSD.
|
|
enabled, instead allow PAM to handle it. Note that on platforms using PAM,
the pam_nologin module should be added to sshd's session stack in order to
maintain exising behaviour. Based on patch and discussion from t8m at
centrum.cz, ok djm@
|
|
sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init
files from imorgan AT nas.nasa.gov
|
|
prompt. Patch from vinschen at redhat.com.
|
|
understand "%lld", even though the compiler has "long long", so handle
it as a special case. Patch tested by mcaskill.scott at epa.gov.
(actually was included in previous commit)
|
|
sizeof(long long) checks, to make fixing bug #1104 easier (no changes
yet).
|
|
/etc/default/login report and testing from aabaker at iee.org, corrections
from tim@.
|
|
versions from OpenBSD. ok djm@
|
|
|
|
brian.smith at agilent com.
|
|
|
|
"*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
senthilkumar_sen at hotpop.com.
|
|
is required in the system path for the multiplex test to work.
|
|
[canohost.c]
Relocate check_ip_options call to prevent logging of garbage for
connections with IP options set. bz#1092 from David Leonard,
"looks good" deraadt@
|
|
[ssh-keyscan.1]
deploy .An -nosplit; ok jmc
|
|
[sshd.c]
change label at markus@'s request
|
|
[sshd_config.5]
aquire -> acquire, from stevesk@
|
|
[ssh.1]
spelling nit from stevesk@
|
|
[ssh.c]
update -D usage here too;
|
|
[ssh.1]
some more .Bk/.Ek to avoid ugly line split;
|
|
[gss-serv.c]
typo
|
|
[sshd.c]
stop connection abort on rekey with delayed compression enabled when
post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
|
|
[ssh_config.5 ssh.1]
mention ability to specify bind_address for DynamicForward and -D options;
bz#1077 spotted by Haruyama Seigo
|
|
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
ensure that stdio fds are attached; ok deraadt@
|
|
[clientloop.c]
typo; from mark at mcs.vuw.ac.nz, bug #1082
|
|
[channels.c]
enforce chanid != NULL; ok djm
|
|
child during PAM account check without clearing it. This restores the
post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
with help from several others.
|
|
for strtoll. Patch from o.flebbe at science-computing.de.
|
|
introduced during sync.
|
|
PAM via keyboard-interactive. Patch tested by the folks at Vintela.
|
|
|
|
process when sshd relies on ssh-random-helper. Should result in faster
logins on systems without a real random device or prngd. ok djm@
|
|
calls, since they can't possibly fail. ok djm@
|
|
duplicate call. ok djm@
|
|
shillest.net.
|
|
skeleten at shillest.net.
|
|
|
|
AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages.
|
|
Mike Frysinger.
|
|
- (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
|
|
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
|
|
|
|
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
Feedback and OK dtucker@
|
|
|
|
[version.h]
4.2
|
|
- djm@cvs.openbsd.org 2005/08/30 22:08:05
[gss-serv.c sshconnect2.c]
destroy credentials if krb5_kuserok() call fails. Stops credentials being
delegated to users who are not authorised for GSSAPIAuthentication when
GSSAPIDeletegateCredentials=yes and another authentication mechanism
succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by
simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
|
|
|
|
|
