| Age | Commit message (Collapse) | Author |
|---|
|
[clientloop.c clientloop.h ssh.c]
Use new channel status confirmation callback system to properly deal
with "important" channel requests that fail, in particular command exec,
shell and subsystem requests. Previously we would optimistically assume
that the requests would always succeed, which could cause hangs if they
did not (e.g. when the server runs out of fds) or were unimplemented by
the server (bz #1384)
Also, properly report failing multiplex channel requests via the mux
client stderr (subject to LogLevel in the mux master) - better than
silently failing.
most bits ok markus@ (as part of a larger diff)
|
|
[monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c]
[sshd_config sshd_config.5]
Make the maximum number of sessions run-time controllable via
a sshd_config MaxSessions knob. This is useful for disabling
login/shell/subsystem access while leaving port-forwarding working
(MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
simply increasing the number of allows multiplexed sessions.
Because some bozos are sure to configure MaxSessions in excess of the
number of available file descriptors in sshd (which, at peak, might be
as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
on error paths, and make it fail gracefully on out-of-fd conditions -
sending channel errors instead of than exiting with fatal().
bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
ok markus@
|
|
|
|
|
|
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
[monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
[ssh.c sshd.c]
Implement a channel success/failure status confirmation callback
mechanism. Each channel maintains a queue of callbacks, which will
be drained in order (RFC4253 guarantees confirm messages are not
reordered within an channel).
Also includes a abandonment callback to clean up if a channel is
closed without sending confirmation messages. This probably
shouldn't happen in compliant implementations, but it could be
abused to leak memory.
ok markus@ (as part of a larger diff)
|
|
[bufaux.c buffer.h channels.c packet.c packet.h]
avoid extra malloc/copy/free when receiving data over the net;
~10% speedup for localhost-scp; ok djm@
|
|
[sshd_config.5]
sort;
|
|
[sshd_config]
push the sshd_config bits in, spotted by ajacoutot@
|
|
[servconf.c servconf.h session.c sshd_config.5]
Enable the AllowAgentForwarding option in sshd_config (global and match
context), to specify if agents should be permitted on the server.
As the man page states:
``Note that disabling Agent forwarding does not improve security
unless users are also denied shell access, as they can always install
their own forwarders.''
ok djm@, ok and a mild frown markus@
|
|
[ssh-keyscan.1 ssh-keyscan.c]
default to rsa (protocol 2) keys, instead of rsa1 keys; spotted by
larsnooden AT openoffice.org
|
|
[monitor_mm.h]
garbage collect two unused fields in struct mm_master; ok markus@
|
|
[session.c]
remove unneccessary parentheses
|
|
[sftp.1]
macro fixage;
|
|
[sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h]
introduce sftp extension methods statvfs@openssh.com and
fstatvfs@openssh.com that implement statvfs(2)-like operations,
based on a patch from miklos AT szeredi.hu (bz#1399)
also add a "df" command to the sftp client that uses the
statvfs@openssh.com to produce a df(1)-like display of filesystem
space and inode utilisation
ok markus@
|
|
- djm@cvs.openbsd.org 2008/04/13 00:22:17
[dh.c sshd.c]
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@
|
|
[configure.ac] Implement arc4random_buf(), import implementation of
arc4random_uniform() from OpenBSD
|
|
[sshd_config.5]
HostbasedAuthentication is supported under Match too
|
|
[sshd_config.5]
oops, some unrelated stuff crept into that commit - backout.
spotted by jmc@
|
|
- djm@cvs.openbsd.org 2008/04/04 05:14:38
[sshd_config.5]
ChrootDirectory is supported in Match blocks (in fact, it is most useful
there). Spotted by Minstrel AT minstrel.org.uk
|
|
strnvis first. Ok dtucker@
|
|
time warnings on LynxOS. Patch from ops AT iki.fi
|
|
|
|
|
|
[contrib/suse/openssh.spec] Crank version numbers in RPM spec files
|
|
[version.h]
openssh-5.0
|
|
[sshd.8]
remove trailing whitespace;
|
|
[channels.c]
avoid possible hijacking of x11-forwarded connections (back out 1.183)
CVE-2008-1483; ok djm@
|
|
|
|
[contrib/suse/openssh.spec] Crank version numbers in RPM spec files
|
|
|
|
|
|
|
|
|
|
[regress/sftp-badcmds.sh]
disable no-replace rename test now that we prefer a POSIX rename; spotted
by dkrause@
|
|
[version.h]
openssh-4.9
|
|
[auth-options.c auth-options.h session.c sshd.8]
add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
|
|
[session.c]
last patch had backwards test; spotted by termim AT gmail.com
|
|
[session.c sshd_config.5]
ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
from dtucker@ ok deraadt@ djm@
|
|
[monitor_fdpass.c]
msg_controllen has to be CMSG_SPACE so that the kernel can account for
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis
|
|
[sftp-client.c]
prefer POSIX-style file renaming over filexfer rename behaviour if the
server supports the posix-rename@openssh.com extension.
Note that the old (filexfer) behaviour would refuse to clobber an
existing file. Users who depended on this should adjust their sftp(1)
usage.
ok deraadt@ markus@
|
|
[monitor_fdpass.c]
Repair the simple cases for msg_controllen where it should just be
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
of alignment; ok kettenis hshoexer
|
|
[monitor_fdpass.c]
Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to
an extensive discussion with otto, kettenis, millert, and hshoexer
|
|
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
|
|
|
|
chroot. Allows ChrootDirectory to work with selinux support compiled in
but not enabled. Using it with selinux enabled will require some selinux
support inside the chroot. "looks sane" djm@
|
|
crashes when used with ChrootDirectory
|
|
empty; report and patch from Peter Stuge
- (djm) [regress/test-exec.sh] Silence noise from detection of putty
commands; report from Peter Stuge
|
|
nas.nasa.gov
|
|
vinschen at redhat.com. Add () to put echo commands in subshell for lls test
I mistakenly left out of last commit.
|
|
|
