Age | Commit message (Collapse) | Author |
|
authentication. Partially fixes bug #423. Feedback & ok djm@
Some background on why this is the way it is:
* Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so
we must call do_pam_account() to figure out if the password is expired.
* AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the
authentication thread and once from the main shell child, so we cache the
result, which must be passed from the authentication thread back to the
monitor.
|
|
|
|
using a real 'signal()' (Noticed by a NeXT Compile)
|
|
setres[ug]id() present but not implemented (eg some Linux/glibc
combinations).
|
|
[dh.c]
use <= instead of < in dh_estimate; ok provos/hshoexer;
do not return < DH_GRP_MIN
|
|
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
[ssh.c ssh_config.5]
application layer keep alive (ServerAliveInterval ServerAliveCountMax)
for ssh(1), similar to the sshd(8) option; ok beck@; with help from
jmc and dtucker@
|
|
[ssh_config.5]
we don't support GSS KEX; from Simon Wilkinson
|
|
[clientloop.c]
Clear exit code when ssh -N is terminated with a SIGTERM. ok markus@
|
|
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
|
|
[ssh.c]
don't modify argv for ssh -o; similar to sshd.c 1.283
|
|
[sshd.c]
fix -o and HUP; ok henning@
|
|
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/12/09 15:28:43
[serverloop.c]
make ClientKeepAlive work for ssh -N, too (no login shell requested).
1) send a bogus channel request if we find a channel
2) send a bogus global request if we don't have a channel
ok + test beck@
|
|
[moduli.c]
Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
they can't be used for Diffie-Hellman. Assistance and ok djm@
|
|
|
|
[moduli.c]
remove unused debugging #define templates
|
|
[kexgexc.c]
print requested group size in debug; ok djm
|
|
[channels.c session.c ssh-agent.c ssh.h sshd.c]
use SSH_LISTEN_BACKLOG (=128) in listen(2).
|
|
[progressmeter.c]
improvments from andreas@:
* saner speed estimate for transfers that takes less than a second by
rounding the time to 1 second.
* when the transfer is finished calculate the actual total speed
rather than the current speed which is given during the transfer
|
|
[cipher-aes.c]
fix #ifdef before #define; ok markus@
(RCS ID sync only, Portable already had this)
|
|
[ssh-add.1]
ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@.
|
|
|
|
source file path (in OpenBSD tree).
|
|
[ssh.1 ssh.c]
Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@
|
|
[ssh-keygen.c]
consistency PATH_MAX -> MAXPATHLEN; ok markus@
(RCS ID sync only)
- djm@cvs.openbsd.org 2003/11/23 23:21:21
[scp.c]
from portable: rename clashing variable limit-> limit_rate; ok markus@
(RCS ID sync only)
|
|
- djm@cvs.openbsd.org 2003/11/23 23:17:34
[ssh-keyscan.c]
from portable - use sysconf to detect fd limit; ok markus@
(tidy diff by adding SSH_SSFDMAX macro to defines.h)
|
|
function and call it unconditionally
|
|
|
|
|
|
|
|
Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA
is enabled, rely on SIA to check for locked accounts if enabled. ok djm@
|
|
Move AIX specific password authentication code to port-aix.c, call
authenticate() until reenter flag is clear.
|
|
|
|
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
|
|
- markus@cvs.openbsd.org 2003/11/20 11:39:28
[progressmeter.c]
fix rounding errors; from andreas@
|
|
[monitor.c]
unbreak fake authloop for non-existent users (my screwup). Spotted and
tested by dtucker@; ok markus@
|
|
- dtucker@cvs.openbsd.org 2003/11/18 00:40:05
[serverloop.c]
Correct check for authctxt->valid. ok djm@
|
|
|
|
and use it for do_pam_session. Fixes problems like pam_motd not displaying
anything. ok djm@
|
|
PermitRootLogin=no
|
|
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h sshconnect2.c ssh-gss.h]
replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
test + ok jakob.
|
|
parent. Part of Bug #717
|
|
conversation function
|
|
[msg.c msg.h sshconnect2.c ssh-keysign.c]
return error on msg send/receive failure (rather than fatal); ok markus@
|
|
[sshconnect2.c]
cleanup and minor fixes for the client code; from Simon Wilkinson
|
|
[ssh_config.5]
make verb agree with subject, and kill some whitespace;
|
|
[dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
update SSHFP validation. ok markus@
|
|
[scp.c]
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
|
[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
[key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
[ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
constify. ok markus@ & djm@
|
|
[sftp-int.c]
typos from Jonathon Gray;
|
|
[auth1.c]
remove unused variable (pw). ok djm@
(id sync only - still used in portable)
|