Age | Commit message (Collapse) | Author |
|
[sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h]
[sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c]
support for short/long listings and globbing in "ls"; ok markus@
|
|
[authfd.c authfd.h ssh.c]
don't connect to agent to test for presence if we've previously
connected; ok markus@
|
|
[ssh.1]
add agent and X11 forwarding warning text from ssh_config.5; ok markus@
|
|
[ssh-agent.c]
check the euid of the connecting process with getpeereid(2);
ok provos deraadt stevesk
|
|
[channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c]
signed vs unsigned from -pedantic; ok henning@
|
|
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
[monitor_wrap.c monitor_wrap.h]
kerberos support for privsep. confirmed to work by lha@stacken.kth.se
patch from markus
|
|
- markus@cvs.openbsd.org 2002/09/08 20:24:08
[hostfile.h]
no comma at end of enumerator list
|
|
|
|
Patch from Robert Halubek <rob@adso.com.pl>
|
|
Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com>
|
|
|
|
Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- stevesk@cvs.openbsd.org 2002/09/04 18:52:42
[servconf.c sshd.8 sshd_config.5]
default LoginGraceTime to 2m; 1m may be too short for slow systems.
ok markus@
|
|
|
|
|
|
[ssh_config.5 sshd_config.5]
state XAuthLocation is a full pathname
|
|
[ssh.c]
shrink initial privilege bracket for setuid case; ok markus@
|
|
[ssh_config.5]
more on UsePrivilegedPort and setuid root; ok markus@
|
|
[ssh.1 ssh.c]
deprecate -P as UsePrivilegedPort defaults to no now; ok markus@
|
|
[monitor.c session.c sshlogin.c sshlogin.h]
pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
NOTE: there are also p-specific parts to this patch. ok markus@
|
|
[ssh_config.5]
some warning text for ForwardAgent and ForwardX11; ok markus@
|
|
[ssh-rsa.c]
RSA_public_decrypt() returns -1 on error so len must be signed;
ok markus@
|
|
[session.c]
send signal name (not signal number) in "exit-signal" message; noticed
by galb@vandyke.com
|
|
[auth1.c auth2.c]
auth_root_allowed() is handled by the monitor in the privsep case,
so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
|
|
[ssh-agent.c]
shutdown(SHUT_RDWR) not needed before close here; ok markus@
|
|
[clientloop.c]
format with current EscapeChar; bugzilla #388 from wknox@mitre.org.
ok markus@
|
|
[ssh-agent.c]
use common close function; ok markus@
|
|
[ssh-agent.c]
raise listen backlog; ok markus@
|
|
[servconf.c sshd.8 sshd_config sshd_config.5]
change LoginGraceTime default to 1 minute; ok mouring@ markus@
|
|
[sshd.8]
`RSA' updated to refer to `public key', where it matters.
okay markus@
|
|
[ssh-agent.c]
make ssh-agent setgid, disallow ptrace.
(note: change not yet made in Makefile)
|
|
it to ULONG_MAX.
|
|
[ssh_config.5]
ordered list here
|
|
[ssh.1]
ForwardAgent has defaulted to no for over 2 years; be more clear here.
|
|
[ssh.1 sshd.8 sshd_config.5]
more PermitUserEnvironment; ok markus@
|
|
[sshd_config.5]
proxy vs. fake display
|
|
[sshd_config.5]
use Op for mdoc conformance; from esr@golux.thyrsus.com
ok aaron@
|
|
[auth.c]
typo in comment
|
|
[sshconnect1.c]
Use & to test if bits are set, not &&; markus@ ok.
|
|
[ssh-rsa.c]
replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser
for authentication; ok deraadt/djm
|
|
[ssh-rsa.c]
diff is u_int (2x); ok deraadt/provos
|
|
[ssh.1 sshd.8]
note that .ssh/environment is only read when
allowed (PermitUserEnvironment in sshd_config).
OK markus@
|
|
[monitor.c monitor_mm.c]
Change mm_zalloc() sanity checks to be more in line with what
we do in calloc() and add a check to monitor_mm.c.
OK provos@ and markus@
|
|
Patch by dtucker@zip.com.au
|
|
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
add PermitUserEnvironment (off by default!); from dot@dotat.at;
ok provos, deraadt
|
|
[sshconnect.c]
print file:line
|
|
[sftp.c]
FallBackToRsh does not exist anywhere else. Remove it from here.
OK deraadt.
|
|
[hostfile.c hostfile.h sshconnect.c]
print out all known keys for a host if we get a unknown host key,
see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4
the ssharp mitm tool attacks users in a similar way, so i'd like to
pointed out again:
A MITM attack is always possible if the ssh client prints:
The authenticity of host 'bla' can't be established.
(protocol version 2 with pubkey authentication allows you to detect
MITM attacks)
|
|
|