Age | Commit message (Collapse) | Author |
|
[misc.c]
no trailing "\n" for debug()
|
|
[includes.h misc.c]
move <net/if.h>; ok djm@
|
|
[ssh.1]
.Nm does not require an argument;
|
|
[ssh.1]
clean up ENVIRONMENT a little;
|
|
- jmc@cvs.openbsd.org 2005/12/31 10:46:17
[ssh.1]
merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
AUTHENTICATION" sections into "AUTHENTICATION";
some rewording done to make the text read better, plus some
improvements from djm;
ok djm
|
|
|
|
|
|
|
|
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
limited to IPv4 tunnels only, and most versions don't support the
tap(4) device at all.
|
|
|
|
not exist
|
|
[serverloop.c ssh.c openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
compatability support for Linux, diff from reyk@
|
|
[ssh.1]
document -MM; ok djm@
|
|
[sftp.1]
do not suggest that interactive authentication will work
with the -b flag;
based on a diff from john l. scarfone;
ok djm
|
|
[channels.c channels.h clientloop.c]
add channel output filter interface.
ok djm@, suggested by markus@
|
|
- stevesk@cvs.openbsd.org 2005/12/28 22:46:06
[canohost.c channels.c clientloop.c]
use 'break-in' for consistency; ok deraadt@ ok and input jmc@
|
|
|
|
[session.c sshd.c]
eliminate some code duplicated in privsep and non-privsep paths, and
explicitly clear SIGALRM handler; "groovy" deraadt@
|
|
[ssh.1]
less mark up for -c;
|
|
[ssh.1]
- sync the description of -e w/ synopsis
- simplify the description of -I
- note that -I is only available if support compiled in, and that it
isn't by default
feedback/ok djm@
|
|
[ssh.1]
expand the description of -w somewhat;
help/ok reyk
|
|
[ssh_config.5]
put the description of "UsePrivilegedPort" in the correct place;
|
|
[sshd.8]
clarify precedence of -p, Port, ListenAddress; ok and help jmc@
|
|
[ssh.1]
-Y does X11 forwarding too;
ok markus
|
|
[ssh.1]
options now described `above', rather than `later';
|
|
[ssh.1]
-L and -R descriptions are now above, not below, ~C description;
|
|
[ssh.1]
move info on ssh return values and config files up into the main
description;
|
|
[ssh.1]
.Ss -> .Sh: subsections have not made this page more readable
|
|
[ssh.1]
merge the sections on protocols 1 and 2 into one section on
authentication;
feedback djm dtucker
ok deraadt markus dtucker
|
|
[ssh.c]
exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
|
|
[ssh_config.5]
spelling: intented -> intended
|
|
[ssh_config.5 session.c]
spelling: fowarding, fowarded
|
|
|
|
[ssh.1]
signpost the protocol sections;
|
|
[ssh.1]
simplify a sentence;
|
|
[ssh.1]
move the option descriptions up the page: start of a restructure;
ok markus deraadt
|
|
- reyk@cvs.openbsd.org 2005/12/13 15:03:02
[serverloop.c]
if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
|
|
openbsd-compat/openssl-compat.h] Check for and work around broken AES
ciphers >128bit on (some) Solaris 10 systems. ok djm@
|
|
snprintf replacement can have a conflicting declaration in HP-UX's system
headers (const vs. no const) so we now check for and work around it. Patch
from the dynamic duo of David Leonard and Ted Percival.
|
|
scp.c also uses, so undef them here.
|
|
[regress/scp-ssh-wrapper.sh]
Fix assumption about how many args scp will pass; ok djm@
|
|
again by providing a sys_tun_open() function for your platform and
setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
OpenBSD's tunnel protocol, which prepends the address family to the
packet
|
|
[channels.c channels.h session.c]
make sure protocol messages for internal channels are ignored.
allow adjust messages for non-open channels; with and ok djm@
|
|
[ssh_config.5]
new sentence, new line;
|
|
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
[serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
two changes to the new ssh tunnel support. this breaks compatibility
with the initial commit but is required for a portable approach.
- make the tunnel id u_int and platform friendly, use predefined types.
- support configuration of layer 2 (ethernet) or layer 3
(point-to-point, default) modes. configuration is done using the
Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
in sshd_config(5).
ok djm@, man page bits by jmc@
|
|
[ssh_config.5]
keep options in order;
|
|
[ssh.1 ssh_config.5]
make `!command' a little clearer;
ok reyk
|
|
[ssh.1]
- avoid line split in SYNOPSIS
- add args to -w
- kill trailing whitespace
|
|
[clientloop.c]
reyk forgot to compile with -Werror (missing header)
|
|
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|