| Age | Commit message (Collapse) | Author |
|---|
|
after registering the hardware engines, which causes the openssl.cnf file to
be processed. See OpenSSL's man page for OPENSSL_config(3) for details.
Patch from Solomon Peachy, ok djm@.
|
|
[sftp.c]
add missing "p" flag to getopt optstring;
bz#1704 from imorgan AT nas.nasa.gov
|
|
[mux.c]
fix bug introduced in mux rewrite:
In a mux master, when a socket to a mux slave closes before its server
session (as may occur when the slave has been signalled), gracefully
close the server session rather than deleting its channel immediately.
A server may have more messages on that channel to send (e.g. an exit
message) that will fatal() the client if they are sent to a channel that
has been prematurely deleted.
spotted by imorgan AT nas.nasa.gov
|
|
[mux.c]
-Wuninitialized and remove a // comment; from portable
(Id sync only)
|
|
[channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c]
rewrite ssh(1) multiplexing code to a more sensible protocol.
The new multiplexing code uses channels for the listener and
accepted control sockets to make the mux master non-blocking, so
no stalls when processing messages from a slave.
avoid use of fatal() in mux master protocol parsing so an errant slave
process cannot take down a running master.
implement requesting of port-forwards over multiplexed sessions. Any
port forwards requested by the slave are added to those the master has
established.
add support for stdio forwarding ("ssh -W host:port ...") in mux slaves.
document master/slave mux protocol so that other tools can use it to
control a running ssh(1). Note: there are no guarantees that this
protocol won't be incompatibly changed (though it is versioned).
feedback Salvador Fandino, dtucker@
channel changes ok markus@
|
|
[roaming_client.c]
s/long long unsigned/unsigned long long/, from tim via portable
(Id sync only, change already in portable)
|
|
[ssh-agent.1]
Correct and clarify ssh-add's password asking behavior.
Improved text dtucker and ok jmc
|
|
socket inheritance, reduce the default SO_RCVBUF/SO_SNDBUF buffer size
in Cygwin to 65535. Patch from Corinna Vinschen.
|
|
|
|
vsnprintf() named _xsnprintf() and _xvsnprintf() on SVR5 systems.
|
|
|
|
s/long long unsigned/unsigned long long/ to keep USL compilers happy.
|
|
we use "openbsd-compat/sys-queue.h"
|
|
getaddrinfo() is too old and limited for addr_pton() in addrmatch.c.
|
|
|
|
|
|
variable warnings.
|
|
[sftp-common.c]
unused
|
|
Tim.
|
|
and group_from_gid.
|
|
so we correctly detect whether or not we have a native user_from_uid.
|
|
|
|
for pwcache. Also, added caching of negative hits.
|
|
changes yet but there will be some to come).
|
|
[sftp.c]
Reset SIGTERM to SIG_DFL before executing ssh, so that even if sftp
inherited SIGTERM as ignored it will still be able to kill the ssh it
starts.
ok dtucker@
|
|
[sftp-common.c]
use user_from{uid,gid} to lookup up ids since it keeps a small cache.
ok djm
|
|
[auth.c]
when using ChrootDirectory, make sure we test for the existence of the
user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu;
ok dtucker
|
|
[sftp.1 sftp.c]
sftp.1: put ls -h in the right place
sftp.c: as above, plus add -p to get/put, and shorten their arg names
to keep the help usage nicely aligned
ok djm
|
|
platform_krb5_get_principal_name
|
|
feedback and ok dtucker@
|
|
|
|
[sftp.c]
don't append a space after inserting a completion of a directory (i.e.
a path ending in '/') for a slightly better user experience; ok dtucker@
|
|
[servconf.c servconf.h sshd.c]
avoid run-time failures when specifying hostkeys via a relative
path by prepending the cwd in these cases; bz#1290; ok dtucker@
|
|
[sftp.c sftp-server.c sftp.1 sftp-common.c sftp-common.h]
support '-h' (human-readable units) for sftp's ls command, just like
ls(1); ok dtucker@
|
|
[canohost.c ssh-keysign.c sshconnect2.c]
Make HostBased authentication work with a ProxyCommand. bz #1569, patch
from imorgan at nas nasa gov, ok djm@
|
|
[key.c]
Ignore and log any Protocol 1 keys where the claimed size is not equal to
the actual size. Noted by Derek Martin, ok djm@
|
|
- dtucker@cvs.openbsd.org 2010/01/13 00:19:04
[sshconnect.c auth.c]
Fix a couple of typos/mispellings in comments
|
|
Fixes bz #1590, where sometimes you could not interrupt a connection while
ssh was prompting for a passphrase or password.
|
|
|
|
r1.18: missing restore of SIGTTOU and some whitespace.
|
|
|
|
[session.c]
Add explicit stat so we reliably detect nologin with bad perms.
ok djm markus
|
|
[buffer.h bufaux.c]
add a buffer_get_string_ptr_ret() that does the same as
buffer_get_string_ptr() but does not fatal() on error; ok dtucker@
|
|
[session.c]
Do not allow logins if /etc/nologin exists but is not readable by the user
logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
|
|
[roaming_common.c]
delete with extreme prejudice a debug() that fired with every keypress;
ok dtucker deraadt
|
|
[monitor_fdpass.c]
avoid spinning when fd passing on nonblocking sockets by calling poll()
in the EINTR/EAGAIN path, much like we do in atomicio; ok dtucker@
|
|
[authfile.c]
Fix bug introduced in r1.78 (incorrect brace location) that broke key auth.
Patch from joachim joachimschipper nl.
|
|
[ssh-keygen.c]
when converting keys, truncate key comments at 72 chars as per RFC4716;
bz#1630 reported by tj AT castaglia.org; ok markus@
|
|
[authfile.c sshconnect2.c]
Do not prompt for a passphrase if we fail to open a keyfile, and log the
reason the open failed to debug.
bz #1693, found by tj AT castaglia org, ok djm@
|
|
[ssh_config channels.c ssh.1 channels.h ssh.c]
Add a 'netcat mode' (ssh -W). This connects stdio on the client to a
single port forward on the server. This allows, for example, using ssh as
a ProxyCommand to route connections via intermediate servers.
bz #1618, man page help from jmc@, ok markus@
|
