Age | Commit message (Collapse) | Author |
|
[sshconnect.c]
Check ExitOnForwardFailure if forwardings are disabled due to a failed
host key check. ok djm@
|
|
[PROTOCOL]
clarify that eow@openssh.com is only sent on session channels
|
|
[nchan.c]
only send eow@openssh.com notifications for session channels; ok! markus@
|
|
[serverloop.c]
only pass channel requests on session channels through to the session
channel handler, avoiding spurious log messages; ok! markus@
|
|
[PROTOCOL.agent]
typo: s/constraint_date/constraint_data/
|
|
|
|
[regress/Makefile regress/test-exec.sh regress/conch-ciphers.sh]
very basic regress test against Twisted Conch in "make interop"
target (conch is available in ports/devel/py-twisted/conch);
ok markus@
|
|
[Makefile]
Don't run cipher-speed test by default; mistakenly enabled by me
|
|
[regress/Makefile regress/key-options.sh]
Add regress test for key options. ok djm@
|
|
[PROTOCOL PROTOCOL.agent]
document the protocol used by ssh-agent; "looks ok" markus@
|
|
[ssh-agent.c]
reset global compat flag after processing a protocol 2 signature
request with the legacy DSA encoding flag set; ok markus
|
|
[ssh-agent.c]
refuse to add a key that has unknown constraints specified;
ok markus
|
|
[PROTOCOL]
spelling fixes
|
|
[ssh.1]
add VisualHostKey to the list of options listed in -o;
|
|
[readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
Move SSH Fingerprint Visualization away from sharing the config option
CheckHostIP to an own config option named VisualHostKey.
While there, fix the behaviour that ssh would draw a random art picture
on every newly seen host even when the option was not enabled.
prodded by deraadt@, discussions,
help and ok markus@ djm@ dtucker@
|
|
[dh.c dh.h moduli.c]
when loading moduli from /etc/moduli in sshd(8), check that they
are of the expected "safe prime" structure and have had
appropriate primality tests performed;
feedback and ok dtucker@
|
|
[sftp-client.c sftp-server.c]
allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
bits. Note that this only affects explicit setting of modes (e.g. via
sftp(1)'s chmod command) and not file transfers. (bz#1310)
ok deraadt@ at c2k8
|
|
[key.c]
add key length to visual fingerprint; zap magical constants;
ok grunk@ djm@
|
|
- martynas@cvs.openbsd.org 2008/06/21 07:46:46
[sftp.c]
use optopt to get invalid flag, instead of return value of getopt,
which is always '?'; ok djm@
|
|
RFC.nroff lacks a license, remove it (it is long gone in OpenBSD).
|
|
[contrib/suse/openssh.spec] Include moduli.5 in RPM spec files.
|
|
(bz#1372)
|
|
|
|
[session.c channels.c]
Rename the isatty argument to is_tty so we don't shadow
isatty(3). ok markus@
|
|
|
|
[channels.c channels.h session.c]
don't call isatty() on a pty master, instead pass a flag down to
channel_set_fds() indicating that te fds refer to a tty. Fixes a
hang on exit on Solaris (bz#1463) in portable but is actually
a generic bug; ok dtucker deraadt markus
|
|
[servconf.c sshd_config.5]
Allow MaxAuthTries within a Match block. ok djm@
|
|
[sshd_config.5]
MaxSessions is allowed in a Match block too
|
|
[scp.1]
Mention that scp follows symlinks during -r. bz #1466,
from nectar at apple
|
|
[session.c]
suppress the warning message from chdir(homedir) failures
when chrooted (bz#1461); ok dtucker
|
|
[sshd.c]
ensure default umask disallows at least group and world write; ok djm@
|
|
- dtucker@cvs.openbsd.org 2008/06/14 15:49:48
[sshd.c]
wrap long line at 80 chars
|
|
|
|
replacement code; patch from ighighi AT gmail.com in bz#1240;
ok dtucker
|
|
despite its name doesn't seem to implement all of GSSAPI. Patch from
Jan Engelhardt, sanity checked by Simon Wilkinson.
|
|
[ssh.1]
Explain the use of SSH fpr visualization using random art, and cite the
original scientific paper inspiring that technique.
Much help with English and nroff by jmc@, thanks.
|
|
[scp.c]
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
|
[mux.c]
Friendlier error messages for mux fallback. ok djm@
|
|
[auth2-pubkey.c auth-rhosts.c]
Include unistd.h for close(), prevents warnings in -portable
|
|
[monitor.c]
Clear key options in the monitor on failed authentication, prevents
applying additional restrictions to non-pubkey authentications in
the case where pubkey fails but another method subsequently succeeds.
bz #1472, found by Colin Watson, ok markus@ djm
|
|
[packet.c]
compile on older gcc; no decl after code
|
|
compiler warnings on some platforms. Based on a discussion with otto@
|
|
[auth2-pubkey.c auth-rhosts.c]
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
regular files; report from Solar Designer via Colin Watson in bz#1471
ok dtucker@ deraadt@
|
|
[misc.c]
upcast uid to long with matching %ld, prevents warnings in portable
|
|
on big endian machines, so ifdef them for little endian only to prevent
unused function warnings.
|
|
systems. Patch from R. Scott Bailey.
|
|
[mac.c]
upcast another size_t to u_long to match format
|
|
[mux.c]
upcast size_t to u_long to match format arg; ok djm@
|
|
from Todd Vierling.
|
|
[mux.c]
fall back to creating a new TCP connection on most multiplexing errors
(socket connect fail, invalid version, refused permittion, corrupted
messages, etc.); bz #1329 ok dtucker@
|