summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2004-10-24Add Finnish debconf template translation (thanks, Matti Pöllä; closes:Colin Watson
#265339).
2004-10-24Preserve /etc/ssh/sshd_config ownership/permissions (closes: #276754).Colin Watson
2004-10-06Finish 1:3.8.1p1-11.Colin Watson
2004-10-06Finish 1:3.8.1p1-8.sarge.1.Colin Watson
2004-10-06Forward-port from HEAD:Colin Watson
* If PasswordAuthentication is disabled, then offer to disable ChallengeResponseAuthentication too. The current PAM code will attempt password-style authentication if ChallengeResponseAuthentication is enabled (closes: #250369). * This will ask a question of anyone who installed fresh with 1:3.8p1-2 or later and then upgraded. Sorry about that ... for this reason, the default answer is to leave ChallengeResponseAuthentication enabled.
2004-10-06Leave ChallengeResponseAuthentication enabled by default, sinceColin Watson
PasswordAuthentication has been turned off for new installs since 1:3.8p1-2.
2004-10-06Don't ask ssh/disable_cr_auth unless /etc/ssh/sshd_config exists.Colin Watson
2004-10-06get_config_option checks for existence of /etc/ssh/sshd_config.Colin Watson
2004-10-05If PasswordAuthentication is disabled, then offer to disableColin Watson
ChallengeResponseAuthentication too. The current PAM code will attempt password-style authentication if ChallengeResponseAuthentication is enabled (closes: #250369).
2004-08-31Move sshd_config(5) to openssh-server, where it belongs.Colin Watson
2004-08-25Don't install the ssh-askpass-gnome .desktop file by default; I've had tooColin Watson
many GNOME people tell me it's the wrong thing to be doing. I've left it in /usr/share/doc/ssh-askpass-gnome/examples/ for now.
2004-08-17 - (djm) Release 3.9p1Damien Miller
2004-08-17 - (djm) Crank RPM spec version numbersDamien Miller
2004-08-17 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2004/08/16 08:17:01 [version.h] 3.9
2004-08-17 - (dtucker) [regress/README.regress] Note compatibility issues with GNU head.Darren Tucker
2004-08-16 - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-rootDarren Tucker
to convince Solaris PAM to honour password complexity rules. ok djm@
2004-08-15 - (dtucker) [Makefile.in] Fix typo.Darren Tucker
2004-08-15 - (djm) [loginrec.c] Check that seek succeeded here too; ok dtuckerDamien Miller
2004-08-15 - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.inDamien Miller
openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter closefrom() replacement from sudo; ok dtucker@
2004-08-15 - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() sinceDarren Tucker
it does the right thing on all platforms. ok djm@
2004-08-15 - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]Darren Tucker
Plug AIX login recording into login_write so logins will be recorded for all auth types.
2004-08-15 - (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwiseDarren Tucker
prot.h and shadow.h provide conflicting declarations of getspnam. ok djm@
2004-08-14 - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]Darren Tucker
Explicitly set umask for mkstemp; ok djm@
2004-08-14remove antique crypto restrictions textDamien Miller
2004-08-13 - dtucker@cvs.openbsd.org 2004/08/13 11:09:24Darren Tucker
[servconf.c] Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr ok markus@, djm@
2004-08-13 - djm@cvs.openbsd.org 2004/08/13 02:51:48Darren Tucker
[monitor_fdpass.c] extra check for no message case; ok markus, deraadt, hshoexer, henning
2004-08-13 - jmc@cvs.openbsd.org 2004/08/13 00:01:43Darren Tucker
[ssh-keygen.1] kill whitespace at eol;
2004-08-13 - jakob@cvs.openbsd.org 2004/08/12 21:41:13Darren Tucker
[ssh-keygen.1 ssh.1] improve SSHFP documentation; ok deraadt@
2004-08-13 - djm@cvs.openbsd.org 2004/08/12 09:18:24Darren Tucker
[sshlogin.c] typo in error message, spotted by moritz AT jodeit.org (Id sync only)
2004-08-13 - avsm@cvs.openbsd.org 2004/08/11 21:44:32Darren Tucker
[authfd.c scp.c ssh-keyscan.c] use atomicio instead of homegrown equivalents or read/write. markus@ ok
2004-08-13 - avsm@cvs.openbsd.org 2004/08/11 21:43:05Darren Tucker
[channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c] some signed/unsigned int comparison cleanups; markus@ ok
2004-08-13 - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen atDarren Tucker
redhat.com
2004-08-12 - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doublingDarren Tucker
messages generated before the postauth privsep split.
2004-08-12 - djm@cvs.openbsd.org 2004/08/11 12:01:16Darren Tucker
[sshlogin.c] make store_lastlog_message() static to appease -Wall; ok markus
2004-08-12 - djm@cvs.openbsd.org 2004/08/11 11:59:22Darren Tucker
[sshlogin.c] check that lseek went were we told it to; ok markus@ (Id sync only, but similar changes are needed in loginrec.c)
2004-08-12 - dtucker@cvs.openbsd.org 2004/08/11 11:50:09Darren Tucker
[sshd.c] Don't try to close startup_pipe if it's not open; ok djm@
2004-08-12 - dtucker@cvs.openbsd.org 2004/08/11 11:09:54Darren Tucker
[servconf.c] Fix minor leak; "looks right" deraadt@
2004-08-12 - djm@cvs.openbsd.org 2004/08/04 10:37:52Darren Tucker
[dh.c] return group14 when no primes found - fixes hang on empty /etc/moduli; ok markus@
2004-08-12 - markus@cvs.openbsd.org 2004/07/28 09:40:29Darren Tucker
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c sshconnect1.c] more s/illegal/invalid/
2004-08-12 - markus@cvs.openbsd.org 2004/07/28 08:56:22Darren Tucker
[sshd.c] call setsid() _before_ re-exec
2004-08-12 - (dtucker) [sshd.c] Remove duplicate variable imported during sync.Darren Tucker
2004-08-02Finish openssh 1:3.8.1p1-9.Colin Watson
2004-08-02Drop priorities of openssh-server and ssh to optional.Colin Watson
2004-08-02Remove /etc/ssh/sshd_not_to_be_run on purge of openssh-server. For nowColin Watson
(until sarge+2) it's still honoured to avoid breaking existing configurations, but the right approach is now to remove the openssh-server package if you don't want to run the server. Add a NEWS item to that effect.
2004-08-02According to Matt Zimmerman, there should only be one NEWS file per sourceColin Watson
package.
2004-08-02Add a heuristic to try to make sure the sshd_config upgrade to >= 3.7Colin Watson
happens even though we don't know what version we're upgrading from.
2004-08-02Add copyright file to transitional ssh package.Colin Watson
2004-07-31* Split the ssh binary package into openssh-client and openssh-serverColin Watson
(closes: #39741). openssh-server depends on openssh-client for some common functionality; it didn't seem worth creating yet another package for this. * New transitional ssh package, depending on openssh-client and openssh-server. May be removed once nothing depends on it. * When upgrading from ssh to openssh-{client,server}, it's very difficult for the maintainer scripts to find out what version we're upgrading from without dodgy dpkg hackery. I've therefore taken the opportunity to move a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged and ssh/user_environment_tell. * In general, upgrading to this version directly from woody without first upgrading to the version in sarge is not currently guaranteed to work very smoothly due to the aforementioned version discovery problems.
2004-07-30Merge from MAIN:Colin Watson
cvs up -jV_3_8_1_P1-4 -jV_3_8_1_P1-8
2004-07-29Changelog Matthew's copyright file change. Finish 1:3.8.1p1-8.Colin Watson