| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
being primary there.
|
|
#694282).
|
|
[ssh-keygen.c]
allow the full range of unsigned serial numbers; 'fine' deraadt@
|
|
[auth2-pubkey.c]
fix username passed to helper program
prepare stdio fds before closefrom()
spotted by landry@
|
|
[moduli.5]
last stage of rfc changes, using consistent Rs/Re blocks, and moving the
references into a STANDARDS section;
|
|
[moduli.5]
fix formula
ok djm@
|
|
don't have it. Spotted by tim@.
|
|
openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids
and gids from uidswap.c to the compat library, which allows it to work with
the new setresuid calls in auth2-pubkey. with tim@, ok djm@
|
|
[auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
[sshd_config.5]
Support multiple required authentication via an AuthenticationMethods
option. This option lists one or more comma-separated lists of
authentication method names. Successful completion of all the methods in
any list is required for authentication to complete;
feedback and ok markus@
|
|
[auth2-pubkey.c sshd.c sshd_config.5]
Remove default of AuthorizedCommandUser. Administrators are now expected
to explicitly specify a user. feedback and ok markus@
|
|
- jmc@cvs.openbsd.org 2012/10/31 08:04:50
[sshd_config.5]
tweak previous;
|
|
|
|
been long enough since the relevant vulnerability that we shouldn't
need these installed by default nowadays.
|
|
- Add support for registering ConsoleKit sessions on login. (This is
currently enabled only when building for Ubuntu.)
|
|
[auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
[sshd.c sshd_config sshd_config.5]
new sshd_config option AuthorizedKeysCommand to support fetching
authorized_keys from a command in addition to (or instead of) from
the filesystem. The command is run as the target server user unless
another specified via a new AuthorizedKeysCommandUser option.
patch originally by jchadima AT redhat.com, reworked by me; feedback
and ok markus@
|
|
- markus@cvs.openbsd.org 2012/10/05 12:34:39
[sftp.c]
fix signed vs unsigned warning; feedback & ok: djm@
|
|
the generated file as intended.
|
|
|
|
|
|
[regress/multiplex.sh]
use -Ocheck and waiting for completions by PID to make multiplexing test
less racy and (hopefully) more reliable on slow hardware.
|
|
[regress/multiplex.sh]
Log -O cmd output to the log file and make logging consistent with the
other tests. Test clean shutdown of an existing channel when testing
"stop".
|
|
[multiplex.sh]
Add test for ssh -Ostop
|
|
[regress/try-ciphers.sh]
Restore missing space. (Id sync only).
|
|
|
|
|
|
[myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
add umac128 variant; ok djm@ at n2k12
(note: further Makefile work is required)
|
|
[ssh-keygen.c]
fix -z option, broken in revision 1.215
|
|
[monitor_wrap.c]
pasto; ok djm@
|
|
[ssh.1]
last stage of rfc changes, using consistent Rs/Re blocks, and moving the
references into a STANDARDS section;
|
|
[sftp.c]
Fix handling of filenames containing escaped globbing characters and
escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm.
|
|
[sftp.c]
Fix improper handling of absolute paths when PWD is part of the completed
path. Patch from Jean-Marc Robert via tech@, ok djm.
|
|
[sftp.c]
Add bounds check on sftp tab-completion. Part of a patch from from
Jean-Marc Robert via tech@, ok djm
|
|
[packet.c]
clear old keys on rekeing; ok djm
|
|
- djm@cvs.openbsd.org 2012/09/17 09:54:44
[sftp.c]
an XXX for later
|
|
|
|
[sshconnect.c]
remove unused variable
|
|
[servconf.c]
Fix comment line length
|
|
|
|
[clientloop.c]
when muxmaster is run with -N, make it shut down gracefully when a client
sends it "-O stop" rather than hanging around (bz#1985). ok djm@
|
|
[clientloop.c]
Merge escape help text for ~v and ~V; ok djm@
|
|
[clientloop.c]
Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@
|
|
[ssh.1]
missing letter in previous;
|
|
[clientloop.c]
Make the escape command help (~?) context sensitive so that only commands
that will work in the current session are shown. ok markus@
(note: previous commit with this description was a mistake on my part while
pulling changes from OpenBSD)
|
|
work. From Ondřej Surý.
|
|
|
|
|
|
- Enable pre-auth sandboxing by default for new installs.
- Allow "PermitOpen none" to refuse all port-forwarding requests
(closes: #543683).
|
