| Age | Commit message (Collapse) | Author |
|---|
|
[ssh_config.5]
document RemoteForward usage with 0 listen port
|
|
[ssh.1]
consistency: Dq => Ql
|
|
[ssh.1]
document -R0:... usage
|
|
[monitor.c]
some paranoia: check that the serialised key is really KEY_RSA before
diddling its internals
|
|
[serverloop.c]
tighten check for -R0:... forwarding: only allow dynamic allocation
if want_reply is set in the packet
|
|
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
[readconf.h serverloop.c ssh.c]
support remote port forwarding with a zero listen port (-R0:...) to
dyamically allocate a listen port at runtime (this is actually
specified in rfc4254); bz#1003 ok markus@
|
|
[sftp.c]
Initialize a few variables to prevent spurious "may be used
uninitialized" warnings from newer gcc's. ok djm@
|
|
OSX provides a getlastlogxbyname function that automates the reading of
a lastlog file. Also, the pututxline function will update lastlog so
there is no need for loginrec.c to do it explicitly. Collapse some
overly verbose code while I'm in there.
|
|
set ownership and modes, so avoid explicitly setting them
|
|
channels.c too, so move the definition for non-IP6 platforms to defines.h
where it can be shared.
|
|
|
|
If the CYGWIN environment variable is empty, the installer script
should not install the service with an empty CYGWIN variable, but
rather without setting CYGWNI entirely.
|
|
Changes to work on Cygwin 1.5.x as well as on the new Cygwin 1.7.x.
The information given for the setting of the CYGWIN environment variable
is wrong for both releases so I just removed it, together with the
unnecessary (Cygwin 1.5.x) or wrong (Cygwin 1.7.x) default setting.
|
|
[cipher.c cipher.h packet.c]
Work around the CPNI-957037 Plaintext Recovery Attack by always
reading 256K of data on packet size or HMAC errors (in CBC mode only).
Help, feedback and ok djm@
Feedback from Martin Albrecht and Paterson Kenny
|
|
[ssh_config.5 sshd_config.5]
sync list of preferred ciphers; ok djm@
|
|
[myproposal.h]
prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC
modes; ok markus@
|
|
[auth-options.c]
another chunk of a2port() diff that got away. wtfdjm??
|
|
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
[serverloop.c ssh-keyscan.c ssh.c sshd.c]
make a2port() return -1 when it encounters an invalid port number
rather than 0, which it will now treat as valid (needed for future work)
adjust current consumers of a2port() to check its return value is <= 0,
which in turn required some things to be converted from u_short => int
make use of int vs. u_short consistent in some other places too
feedback & ok markus@
|
|
[channels.c]
oops! I committed the wrong version of the Channel->path diff,
it was missing some tweaks suggested by stevesk@
|
|
[channels.c channels.h session.c]
make Channel->path an allocated string, saving a few bytes here and
there and fixing bz#1380 in the process; ok markus@
|
|
[readconf.c]
1) use obsolete instead of alias for consistency
2) oUserKnownHostsFile not obsolete but oGlobalKnownHostsFile2 is
so move the comment.
3) reorder so like options are together
ok djm@
|
|
[channels.c]
support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482;
"looks ok" markus@
|
|
[kexgexs.c]
fix hash calculation for KEXGEX: hash over the original client-supplied
values and not the sanity checked versions that we acutally use;
bz#1540 reported by john.smith AT arrows.demon.co.uk
ok markus@
|
|
[channels.c]
call channel destroy callbacks on receipt of open failure messages.
fixes client hangs when connecting to a server that has MaxSessions=0
set spotted by imorgan AT nas.nasa.gov; ok markus@
|
|
[sshd_config.5]
add AllowAgentForwarding to available Match keywords list
ok djm
|
|
[pathnames.h]
no need to escape single quotes in comments
|
|
[ssh-keyscan.1]
fix example, default key type is rsa for 3+ years; from
frederic.perrin@resel.fr
|
|
[addrmatch.c]
o cannot be NULL here but use xfree() to be consistent; ok djm@
|
|
[clientloop.c]
fix typo in error message
|
|
[sftp.1 sftp.c]
update for the synopses displayed by the 'help' command, there are a
few missing flags; add 'bye' to the output of 'help'; sorting and spacing.
jmc@ suggested replacing .Oo/.Oc with a single .Op macro.
ok jmc@
|
|
[auth2-chall.c]
replace by-hand string building with xasprinf(); ok deraadt@
|
|
[channels.c servconf.c]
channel_print_adm_permitted_opens() should deal with all the printing
for that config option. suggested by markus@; ok markus@ djm@
dtucker@
|
|
ssh-copy-id copy id_rsa.pub by default (instead of the legacy "identity"
key). Patch from cjwatson AT debian.org
|
|
launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked;
ok dtucker@
|
|
Patch based on one from vgiffin AT apple.com; ok dtucker@
|
|
OpenServer 6 doesn't need libcrypt.
|
|
openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI.
OK djm@ dtucker@
|
|
[sftp.1 sftp.c]
correct sftp(1) and corresponding usage syntax;
bz#1518 patch from imorgan AT nas.nasa.gov; ok deraadt@ improved diff jmc@
|
|
[readconf.c]
don't leave junk (free'd) pointers around in Forward *fwd argument on
failure; avoids double-free in ~C -L handler when given an invalid
forwarding specification; bz#1539 report from adejong AT debian.org
via Colin Watson; ok markus@ dtucker@
|
|
[sftp.c]
Deal correctly with failures in remote stat() operation in sftp,
correcting fail-on-error behaviour in batchmode. bz#1541 report and
fix from anedvedicky AT gmail.com; ok markus@
|
|
[clientloop.c]
The ~C escape handler does not work correctly for multiplexed sessions -
it opens a commandline on the master session, instead of on the slave
that requested it. Disable it on slave sessions until such time as it
is fixed; bz#1543 report from Adrian Bridgett via Colin Watson
ok markus@
|
|
[channels.c]
s/remote_id/id/ to be more consistent with other code; ok djm@
|
|
[serverloop.c]
backout 1.149, since it's not necessary and openssh clients send
broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@
|
|
[clientloop.c]
we have to use the recipient's channel number (RFC 4254) for
SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages,
otherwise we trigger 'Non-public channel' error messages on sshd
systems with clientkeepalive enabled; noticed by sturm; ok djm;
|
|
use some stack in main().
Report and suggested fix from vapier AT gentoo.org
|
|
[monitor_fdpass.c]
Retry sendmsg/recvmsg on EAGAIN and EINTR; ok djm@
|
|
[packet.c]
packet_disconnect() on padding error, too. should reduce the success
probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18
ok djm@
|
|
and tweak the is-sshd-running check in ssh-host-config. Patch from
vinschen at redhat com.
|
|
|
|
declarations, removing an unnecessary union member and adding whitespace.
ok djm some time ago.
|
