| Age | Commit message (Collapse) | Author |
|---|
|
[misc.c]
correct off-by-one in percent_expand(): we would fatal() when trying
to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually
work. Note that nothing in OpenSSH actually uses close to this limit at
present. bz#1607 from Jan.Pechanec AT Sun.COM
|
|
[sshconnect2.c]
Use the HostKeyAlias when prompting for passwords. bz#1039, ok djm@
|
|
[sftp.c]
bz#1588 change "Connecting to host..." message to "Connected to host."
and delay it until after the sftp protocol connection has been established.
Avoids confusing sequence of messages when the underlying ssh connection
experiences problems. ok dtucker@
|
|
[session.c]
Warn but do not fail if stat()ing the subsystem binary fails. This helps
with chrootdirectory+forcecommand=sftp-server and restricted shells.
bz #1599, ok djm.
|
|
[session.c]
bz#1606: error when an attempt is made to connect to a server
with ForceCommand=internal-sftp with a shell session (i.e. not a
subsystem session). Avoids stuck client when attempting to ssh to such a
service. ok dtucker@
|
|
[clientloop.c]
fix incorrect exit status when multiplexing and channel ID 0 is recycled
bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
|
|
[channels.c channels.h]
fix race condition in x11/agent channel allocation: don't read after
the end of the select read/write fdset and make sure a reused FD
is not touched before the pre-handlers are called.
with and ok djm@
|
|
[sshconnect2.c channels.c sshconnect.c]
Set close-on-exec on various descriptors so they don't get leaked to
child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
|
|
[sshd_config.5]
clarify that StrictModes does not apply to ChrootDirectory. Permissions
and ownership are always checked when chrooting. bz#1532
|
|
[ssh_config.5]
explain the constraints on LocalCommand some more so people don't
try to abuse it.
|
|
[sshd_config.5 sftp.1]
tweak previous;
|
|
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
ok markus@
|
|
[ssh.c]
Request roaming to be enabled if UseRoaming is true and the server
supports it.
ok markus@
|
|
[roaming_common.c]
Do the actual suspend/resume in the client. This won't be useful until
the server side supports roaming.
Most code from Martin Forssen, maf at appgate dot com. Some changes by
me and markus@
ok markus@
|
|
[ssh2.h]
Define the KEX messages used when resuming a suspended connection.
ok markus@
|
|
[clientloop.c]
client_loop() must detect if the session has been suspended and resumed,
and take appropriate action in that case.
From Martin Forssen, maf at appgate dot com
ok markus@
|
|
[sshconnect2.c kex.h kex.c]
Let the client detect if the server supports roaming by looking
for the resume@appgate.com kex algorithm.
ok markus@
|
|
[roaming.h]
Declarations needed for upcoming changes.
ok markus@
|
|
Gzip all man pages. Patch from Corinna Vinschen.
|
|
Bug #1583: Use system's kerberos principal name on AIX if it's available.
Based on a patch from and tested by Miguel Sanders.
|
|
based on a patch from Vaclav Ovsik and Colin Watson. ok djm.
|
|
|
|
Tested by Martin Paljak.
|
|
Bug 1628. OK dtucker@
|
|
line arguments as none are supported. Exit when passed unrecognised
commandline flags. bz#1568 from gson AT araneus.fi
|
|
bz#1645, patch from jchadima AT redhat.com
|
|
set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
report and fix from jan.kratochvil AT redhat.com
|
|
keys when built with OpenSSL versions that don't do AES.
|
|
older versions of OpenSSL.
|
|
is enabled set the security context to "sftpd_t" before running the
internal sftp server Based on a patch from jchadima at redhat.
|
|
|
|
[ssh-keygen.1]
ssh-keygen now uses AES-128 for private keys
|
|
[sshconnect2.c]
disallow a hostile server from checking jpake auth by sending an
out-of-sequence success message. (doesn't affect code enabled by default)
|
|
[authfile.c]
switch from 3DES to AES-128 for encryption of passphrase-protected
SSH protocol 2 private keys; ok several
|
|
[ssh-agent.1 ssh-add.1 ssh.1]
write UNIX-domain in a more consistent way; while here, replace a
few remaining ".Tn UNIX" macros with ".Ux" ones.
pointed out by ratchov@, thanks!
ok jmc@
|
|
[ssh.1 ssh-agent.1 ssh-add.1]
use the UNIX-related macros (.At and .Ux) where appropriate.
ok jmc@
|
|
[sftp-server.c]
sort flags.
|
|
- djm@cvs.openbsd.org 2009/10/11 23:03:15
[hostfile.c]
mention the host name that we are looking for in check_host_in_hostfile()
|
|
[regress/test-exec.sh]
re-enable protocol v1 for the tests.
|
|
[sftp-client.c]
d_type isn't portable so use lstat to get dirent modes. Suggested by and
"looks sane" deraadt@
|
|
[sshd_config.5 ssh_config.5 sshd.8 ssh.1]
some tweaks now that protocol 1 is not offered by default; ok markus
|
|
- markus@cvs.openbsd.org 2009/10/08 14:03:41
[sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
disable protocol 1 by default (after a transition period of about 10 years)
ok deraadt
|
|
dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
lstat.
|
|
stat(), needed on at least cygwin.
|
|
least dragonflybsd.
|
|
|
|
|
|
[regress/ssh2putty.sh]
Add OpenBSD tag to make syncs easier
|
|
[ssh-com-sftp.sh]
fix one sftp -D ... => sftp -P ... conversion that I missed; from Carlos
Silva for Google Summer of Code
|
|
[sftp-batch.sh sftp-badcmds.sh sftp.sh sftp-cmds.sh sftp-glob.sh]
date: 2009/08/13 01:11:19; author: djm; state: Exp; lines: +10 -7
Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path",
add "-P port" to match scp(1). Fortunately, the -P option is only really
used by our regression scripts.
part of larger patch from carlosvsilvapt@gmail.com for his Google Summer
of Code work; ok deraadt markus
|
