summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2005-12-20missed changelog entryDarren Tucker
2005-12-20 - jmc@cvs.openbsd.org 2005/12/16 18:14:40Darren Tucker
[ssh.1] signpost the protocol sections;
2005-12-20 - jmc@cvs.openbsd.org 2005/12/16 18:12:22Darren Tucker
[ssh.1] make the description of -c a little nicer;
2005-12-20 - jmc@cvs.openbsd.org 2005/12/16 18:08:53Darren Tucker
[ssh.1] simplify a sentence;
2005-12-20 - jmc@cvs.openbsd.org 2005/12/16 18:07:08Darren Tucker
[ssh.1] move the option descriptions up the page: start of a restructure; ok markus deraadt
2005-12-20 - (dtucker) OpenBSD CVS SyncDarren Tucker
- reyk@cvs.openbsd.org 2005/12/13 15:03:02 [serverloop.c] if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
2005-12-19 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.acDarren Tucker
openbsd-compat/openssl-compat.h] Check for and work around broken AES ciphers >128bit on (some) Solaris 10 systems. ok djm@
2005-12-17 - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: OurDarren Tucker
snprintf replacement can have a conflicting declaration in HP-UX's system headers (const vs. no const) so we now check for and work around it. Patch from the dynamic duo of David Leonard and Ted Percival.
2005-12-17 - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" whichDarren Tucker
scp.c also uses, so undef them here.
2005-12-14 - dtucker@cvs.openbsd.org 2005/12/30 04:36:39Darren Tucker
[regress/scp-ssh-wrapper.sh] Fix assumption about how many args scp will pass; ok djm@
2005-12-13 - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enableDamien Miller
again by providing a sys_tun_open() function for your platform and setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match OpenBSD's tunnel protocol, which prepends the address family to the packet
2005-12-13 - markus@cvs.openbsd.org 2005/12/12 13:46:18Damien Miller
[channels.c channels.h session.c] make sure protocol messages for internal channels are ignored. allow adjust messages for non-open channels; with and ok djm@
2005-12-13 - jmc@cvs.openbsd.org 2005/12/08 21:37:50Damien Miller
[ssh_config.5] new sentence, new line;
2005-12-13 - reyk@cvs.openbsd.org 2005/12/08 18:34:11Damien Miller
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c] [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] two changes to the new ssh tunnel support. this breaks compatibility with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@
2005-12-13 - jmc@cvs.openbsd.org 2005/12/08 15:06:29Damien Miller
[ssh_config.5] keep options in order;
2005-12-13 - jmc@cvs.openbsd.org 2005/12/08 14:59:44Damien Miller
[ssh.1 ssh_config.5] make `!command' a little clearer; ok reyk
2005-12-13 - jmc@cvs.openbsd.org 2005/12/07 10:52:13Damien Miller
[ssh.1] - avoid line split in SYNOPSIS - add args to -w - kill trailing whitespace
2005-12-13 - djm@cvs.openbsd.org 2005/12/07 03:52:22Damien Miller
[clientloop.c] reyk forgot to compile with -Werror (missing header)
2005-12-13 - reyk@cvs.openbsd.org 2005/12/06 22:38:28Damien Miller
[auth-options.c auth-options.h channels.c channels.h clientloop.c] [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] [sshconnect.h sshd.8 sshd_config sshd_config.5] Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 - jmc@cvs.openbsd.org 2005/11/30 11:45:20Damien Miller
[ssh.1] avoid ambiguities in describing TZ; ok djm@
2005-12-13 - (djm) OpenBSD CVS SyncDamien Miller
- jmc@cvs.openbsd.org 2005/11/30 11:18:27 [ssh.1] timezone -> time zone
2005-12-01Bump release note URLDarren Tucker
2005-12-01 - (djm) [envpass.sh] Remove regress script that was accidentally committedDamien Miller
in top level directory and not noticed for over a year :)
2005-11-28 - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)Tim Rice
for UnixWare.
2005-11-29 - dtucker@cvs.openbsd.org 2005/11/29 02:04:55Darren Tucker
[ssh-keygen.c] Populate default key sizes before checking them; from & ok tim@
2005-11-28 - (tim) [ssh-keygen.c] Move DSA length test after setting default whenTim Rice
bits == 0.
2005-11-28 - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, useDarren Tucker
_GNU_SOURCE instead. Patch from t8m at centrum.cz.
2005-11-28 - dtucker@cvs.openbsd.org 2005/11/28 06:02:56Darren Tucker
[ssh-agent.1] Update agent socket path templates to reflect reality, correct xref for time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
2005-11-28 [ssh-keygen.1 ssh-keygen.c]Darren Tucker
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2, increase minumum RSA key size to 768 bits and update man page to reflect these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), ok djm@, grudging ok deraadt@.
2005-11-28 - (dtucker) [regress/yes-head.sh] Work around breakage caused by someDarren Tucker
versions of GNU head. Based on patch from zappaman at buraphalinux.org
2005-11-26 - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,Darren Tucker
when they're available) need the real UID set otherwise pam_chauthtok will set ADMCHG after changing the password, forcing the user to change it again immediately.
2005-11-25 - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts forDarren Tucker
snprintf formats, fixes warnings on some 64 bit platforms. Patch from shaw at vranix.com, ok djm@
2005-11-25 - (dtucker) [configure.ac] Apply tim's fix for older systems where theDarren Tucker
resolver state in resolv.h is "state" not "__res_state". With slight modification by me to also work on old AIXes. ok djm@
2005-11-24 - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate soDarren Tucker
many and use them only once. Speeds up testing on older/slower hardware.
2005-11-24 - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argumentDarren Tucker
order in Reliant Unix block. Patch from johane at lysator.liu.se.
2005-11-24 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.cDamien Miller
openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an asprintf() implementation, after syncing our {v,}snprintf() implementation with some extra fixes from Samba's version. With help and debugging from dtucker and tim; ok dtucker@
2005-11-22 - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patchDarren Tucker
from shaw at vranix.com.
2005-11-22 - dtucker@cvs.openbsd.org 2005/11/22 03:36:03Darren Tucker
[hostfile.c] Correct format/arguments to debug call; spotted by shaw at vranix.com ok djm@
2005-11-22 - dtucker@cvs.openbsd.org 2005/11/21 09:42:10Darren Tucker
[auth-krb5.c] Perform Kerberos calls even for invalid users to prevent leaking information about account validity. bz #975, patch originally from Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@, ok markus@
2005-11-22 - millert@cvs.openbsd.org 2005/11/15 11:59:54Darren Tucker
[includes.h] Include sys/queue.h explicitly instead of assuming some other header will pull it in. At the moment it gets pulled in by sys/select.h (which ssh has no business including) via event.h. OK markus@ (ID sync only in -portable)
2005-11-22 - deraadt@cvs.openbsd.org 2005/11/12 18:38:15Darren Tucker
[scp.c] avoid close(-1), as in rcp; ok cloder
2005-11-22 - deraadt@cvs.openbsd.org 2005/11/12 18:37:59Darren Tucker
[ssh-add.c] space
2005-11-20 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining whatDarren Tucker
is going on.
2005-11-12 - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigureDarren Tucker
test: if sshd takes too long to reconfigure the subsequent connection will fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
2005-11-12 - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@Darren Tucker
2005-11-12 - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test.Darren Tucker
2005-11-12 - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag.Darren Tucker
2005-11-12 - (dtucker) [openbsd-compat/realpath.c] Sync $OpenBSD tag.Darren Tucker
2005-11-12 - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specificDarren Tucker
ifdef lost during sync. Spotted by tim@.
2005-11-10- (dtucker) [configure.ac] Try to get the gcc version number in a way thatDarren Tucker
doesn't change between versions, and use a safer default.