| Age | Commit message (Collapse) | Author |
|---|
|
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
do gid/groups-swap in addition to uid-swap, should help if /home/group
is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
to olar@openwall.com is comments. we had many requests for this.
|
|
[clientloop.c]
leave_raw_mode if ssh2 "session" is closed
|
|
[ssh-add.c]
init pointers with NULL, thanks to danimal@danimal.org
|
|
[sshd.8]
document ListenAddress addr:port
|
|
[servconf.c]
in addition to:
ListenAddress host|ipv4_addr|ipv6_addr
permit:
ListenAddress [host|ipv4_addr|ipv6_addr]:port
ListenAddress host|ipv4_addr:port
sshd.8 updates coming. ok markus@
|
|
[hostfile.c]
unused; typo in comment
|
|
[scp.c]
remove trailing / from source paths; fixes pr#1756
|
|
[serverloop.c]
keep the ssh session even if there is no active channel.
this is more in line with the protocol spec and makes
ssh -N -L 1234:server:110 host
more useful.
based on discussion with <mats@mindbright.se> long time ago
and recent mail from <res@shore.net>
|
|
|
|
|
|
[clientloop.c ssh.c]
don't request a session for 'ssh -N', pointed out slade@shore.net
|
|
[buffer.c]
better error message
|
|
[clientloop.c]
for ~R print message if server does not support rekeying. (and fix ~R).
|
|
[canohost.c canohost.h session.c]
move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@
|
|
[ssh.1]
ssh defaults to protocol v2; from quisar@quisar.ambre.net
|
|
[clientloop.c compat.c compat.h]
add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
|
|
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
sshconnect2.c sshd.c]
fix whitespace: unexpand + trailing spaces.
|
|
[version.h]
temporary version 2.5.4 (supports rekeying).
this is not an official release.
|
|
[compress.c compress.h packet.c]
reset compress state per direction when rekeying.
|
|
[compat.c]
2.3.x does old GEX, too; report jakob@
|
|
|
|
BROKEN_VHANGUP
|
|
[dh.c kex.c packet.c]
clear+free keys,iv for rekeying.
+ fix DH mem leaks. ok niels@
|
|
[kex.c kexgex.c serverloop.c]
parse full kexinit packet.
make server-side more robust, too.
|
|
[auth2.c]
we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
|
|
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
sshconnect2.c sshd.c]
more robust rekeying
don't send channel data after rekeying is started.
|
|
[compat.c]
f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
|
|
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
enable server side rekeying + some rekey related clientup.
todo: we should not send any non-KEX messages after we send KEXINIT
|
|
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
don't sent multiple kexinit-requests.
send newkeys, block while waiting for newkeys.
fix comments.
|
|
|
|
[clientloop.c sshconnect2.c]
enable client rekeying
(1) force rekeying with ~R, or
(2) if the server requests rekeying.
works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
|
|
[kex.c kex.h packet.c sshconnect2.c sshd.c]
undo parts of recent my changes: main part of keyexchange does not
need dispatch-callbacks, since application data is delayed until
the keyexchange completes (if i understand the drafts correctly).
add some infrastructure for re-keying.
|
|
[ssh_config]
id_rsa1/2 -> id_rsa; ok markus@
|
|
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
move kex to kex*.c, used dispatch_set() callbacks for kex. should
make rekeying easier.
|
|
[sftp-glob.c ssh-agent.c ssh-keygen.c]
free() -> xfree()
|
|
[ssh-agent.1]
grammar; slade@shore.net
|
|
shutdown(SHUT_RD) error() bypass for HP-UX.
|
|
[readconf.c servconf.c]
correct comment; ok markus@
|
|
[sshd.8]
typo; ok markus@
|
|
|
|
|
|
|
|
- djm@cvs.openbsd.org 2001/03/29 23:42:01
[sshd.c]
Protocol 1 key regeneration log => verbose, some KNF; ok markus@
|
|
- markus@cvs.openbsd.org 2001/03/29 21:17:40
[dh.c dh.h kex.c kex.h]
prepare for rekeying: move DH code to dh.c
|
|
- stevesk@cvs.openbsd.org 2001/03/29 21:06:21
[sshconnect2.c sshd.c]
need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
|
|
- provos@cvs.openbsd.org 2001/03/29 14:24:59
[sshconnect2.c]
use recommended defaults
|
|
- markus@cvs.openbsd.org 2001/03/28 22:43:31
[auth.h auth2.c auth2-chall.c]
check auth_root_allowed for kbd-int auth, too.
|
|
- provos@cvs.openbsd.org 2001/03/28 22:04:57
[dh.c]
more sanity checking on primes file
|
|
- provos@cvs.openbsd.org 2001/03/28 21:59:41
[kex.c kex.h sshconnect2.c sshd.c]
forgot to include min and max params in hash, okay markus@
|
|
|
