Age | Commit message (Collapse) | Author |
|
functional changes.
This is in preparation for a change to catch the authentication thread
exitting unexpectedly, to split functional and cosmetic changes.
|
|
|
|
only define if not already. From des at freebsd.org.
|
|
Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@
|
|
cjwatson at debian.org.
|
|
jakob@
|
|
Report from jakob@
|
|
|
|
jakob@
|
|
|
|
[auth2-passwd.c]
Ignore password change request during password auth (which we currently
don't support) and discard proposed new password. corrections/ok markus@
|
|
[sshd_config]
KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
|
|
[servconf.c servconf.h session.c sshd_config]
implement KerberosGetAFSToken server option. ok markus@, beck@
|
|
[cipher-3des1.c]
EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr
|
|
[moduli.c ssh-keygen.1 ssh-keygen.c]
tidy up moduli generation debugging, add -v (verbose/debug) option to
ssh-keygen; ok markus@
|
|
typedef size_t ourselves.
|
|
|
|
authentication. Partially fixes bug #423. Feedback & ok djm@
Some background on why this is the way it is:
* Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so
we must call do_pam_account() to figure out if the password is expired.
* AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the
authentication thread and once from the main shell child, so we cache the
result, which must be passed from the authentication thread back to the
monitor.
|
|
|
|
using a real 'signal()' (Noticed by a NeXT Compile)
|
|
setres[ug]id() present but not implemented (eg some Linux/glibc
combinations).
|
|
[dh.c]
use <= instead of < in dh_estimate; ok provos/hshoexer;
do not return < DH_GRP_MIN
|
|
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
[ssh.c ssh_config.5]
application layer keep alive (ServerAliveInterval ServerAliveCountMax)
for ssh(1), similar to the sshd(8) option; ok beck@; with help from
jmc and dtucker@
|
|
[ssh_config.5]
we don't support GSS KEX; from Simon Wilkinson
|
|
[clientloop.c]
Clear exit code when ssh -N is terminated with a SIGTERM. ok markus@
|
|
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
|
|
[ssh.c]
don't modify argv for ssh -o; similar to sshd.c 1.283
|
|
[sshd.c]
fix -o and HUP; ok henning@
|
|
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/12/09 15:28:43
[serverloop.c]
make ClientKeepAlive work for ssh -N, too (no login shell requested).
1) send a bogus channel request if we find a channel
2) send a bogus global request if we don't have a channel
ok + test beck@
|
|
[moduli.c]
Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
they can't be used for Diffie-Hellman. Assistance and ok djm@
|
|
|
|
[moduli.c]
remove unused debugging #define templates
|
|
[kexgexc.c]
print requested group size in debug; ok djm
|
|
[channels.c session.c ssh-agent.c ssh.h sshd.c]
use SSH_LISTEN_BACKLOG (=128) in listen(2).
|
|
[progressmeter.c]
improvments from andreas@:
* saner speed estimate for transfers that takes less than a second by
rounding the time to 1 second.
* when the transfer is finished calculate the actual total speed
rather than the current speed which is given during the transfer
|
|
[cipher-aes.c]
fix #ifdef before #define; ok markus@
(RCS ID sync only, Portable already had this)
|
|
[ssh-add.1]
ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@.
|
|
|
|
source file path (in OpenBSD tree).
|
|
[ssh.1 ssh.c]
Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@
|
|
[ssh-keygen.c]
consistency PATH_MAX -> MAXPATHLEN; ok markus@
(RCS ID sync only)
- djm@cvs.openbsd.org 2003/11/23 23:21:21
[scp.c]
from portable: rename clashing variable limit-> limit_rate; ok markus@
(RCS ID sync only)
|
|
- djm@cvs.openbsd.org 2003/11/23 23:17:34
[ssh-keyscan.c]
from portable - use sysconf to detect fd limit; ok markus@
(tidy diff by adding SSH_SSFDMAX macro to defines.h)
|
|
function and call it unconditionally
|
|
|
|
|
|
|
|
|
|
|
|
Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA
is enabled, rely on SIA to check for locked accounts if enabled. ok djm@
|
|
Move AIX specific password authentication code to port-aix.c, call
authenticate() until reenter flag is clear.
|