Age | Commit message (Collapse) | Author |
|
[key.c]
add key length to visual fingerprint; zap magical constants;
ok grunk@ djm@
|
|
- martynas@cvs.openbsd.org 2008/06/21 07:46:46
[sftp.c]
use optopt to get invalid flag, instead of return value of getopt,
which is always '?'; ok djm@
|
|
RFC.nroff lacks a license, remove it (it is long gone in OpenBSD).
|
|
[contrib/suse/openssh.spec] Include moduli.5 in RPM spec files.
|
|
(bz#1372)
|
|
|
|
[session.c channels.c]
Rename the isatty argument to is_tty so we don't shadow
isatty(3). ok markus@
|
|
[channels.c channels.h session.c]
don't call isatty() on a pty master, instead pass a flag down to
channel_set_fds() indicating that te fds refer to a tty. Fixes a
hang on exit on Solaris (bz#1463) in portable but is actually
a generic bug; ok dtucker deraadt markus
|
|
[servconf.c sshd_config.5]
Allow MaxAuthTries within a Match block. ok djm@
|
|
[sshd_config.5]
MaxSessions is allowed in a Match block too
|
|
[scp.1]
Mention that scp follows symlinks during -r. bz #1466,
from nectar at apple
|
|
[session.c]
suppress the warning message from chdir(homedir) failures
when chrooted (bz#1461); ok dtucker
|
|
[sshd.c]
ensure default umask disallows at least group and world write; ok djm@
|
|
- dtucker@cvs.openbsd.org 2008/06/14 15:49:48
[sshd.c]
wrap long line at 80 chars
|
|
|
|
replacement code; patch from ighighi AT gmail.com in bz#1240;
ok dtucker
|
|
despite its name doesn't seem to implement all of GSSAPI. Patch from
Jan Engelhardt, sanity checked by Simon Wilkinson.
|
|
[ssh.1]
Explain the use of SSH fpr visualization using random art, and cite the
original scientific paper inspiring that technique.
Much help with English and nroff by jmc@, thanks.
|
|
[scp.c]
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
|
[mux.c]
Friendlier error messages for mux fallback. ok djm@
|
|
[auth2-pubkey.c auth-rhosts.c]
Include unistd.h for close(), prevents warnings in -portable
|
|
[monitor.c]
Clear key options in the monitor on failed authentication, prevents
applying additional restrictions to non-pubkey authentications in
the case where pubkey fails but another method subsequently succeeds.
bz #1472, found by Colin Watson, ok markus@ djm
|
|
[packet.c]
compile on older gcc; no decl after code
|
|
compiler warnings on some platforms. Based on a discussion with otto@
|
|
[auth2-pubkey.c auth-rhosts.c]
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
regular files; report from Solar Designer via Colin Watson in bz#1471
ok dtucker@ deraadt@
|
|
[misc.c]
upcast uid to long with matching %ld, prevents warnings in portable
|
|
on big endian machines, so ifdef them for little endian only to prevent
unused function warnings.
|
|
systems. Patch from R. Scott Bailey.
|
|
[mac.c]
upcast another size_t to u_long to match format
|
|
[mux.c]
upcast size_t to u_long to match format arg; ok djm@
|
|
from Todd Vierling.
|
|
[mux.c]
fall back to creating a new TCP connection on most multiplexing errors
(socket connect fail, invalid version, refused permittion, corrupted
messages, etc.); bz #1329 ok dtucker@
|
|
[sftp.h log.h]
replace __dead with __attribute__((noreturn)), makes things
a little easier to port. Also, add it to sigdie(). ok djm@
|
|
[sshconnect.c]
tweak wording in message, ok deraadt@ jmc@
|
|
[key.c]
add my copyright, ok djm@
|
|
[ssh-keygen.c]
make ssh-keygen -lf show the key type just as ssh-add -l would do it
ok djm@ markus@
|
|
[clientloop.c]
I was coalescing expected global request confirmation replies at
the wrong end of the queue - fix; prompted by markus@
|
|
[sftp-client.c]
print extension revisions for extensions that we understand
|
|
[sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
Make keepalive timeouts apply while waiting for a packet, particularly
during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
|
|
[ssh_config.5 ssh-keygen.1]
tweak the ascii art text; ok grunk
|
|
takes 2 more args. with djm@
|
|
[ssh_config.5 ssh.c]
keyword expansion for localcommand. ok djm@
|
|
[clientloop.h channels.h clientloop.c channels.c mux.c]
The multiplexing escape char handler commit last night introduced a
small memory leak per session; plug it.
|
|
[key.c]
We already mark the start of the worm, now also mark the end of the worm
in our random art drawings.
ok djm@
|
|
[mux.c]
some more TODO for me
|
|
[PROTOCOL]
document tun@openssh.com forwarding method
|
|
[ssh.c]
thal shalt not code past the eightieth column
|
|
[clientloop.c]
thall shalt not code past the eightieth column
|
|
[clientloop.h ssh.c clientloop.c]
maintain an ordered queue of outstanding global requests that we
expect replies to, similar to the per-channel confirmation queue.
Use this queue to verify success or failure for remote forward
establishment in a race free way.
ok dtucker@
|
|
[clientloop.h mux.c channels.c clientloop.c channels.h]
Enable ~ escapes for multiplex slave sessions; give each channel
its own escape state and hook the escape filters up to muxed
channels. bz #1331
Mux slaves do not currently support the ~^Z and ~& escapes.
NB. this change cranks the mux protocol version, so a new ssh
mux client will not be able to connect to a running old ssh
mux master.
ok dtucker@
|