Age | Commit message (Collapse) | Author |
|
[ssh.1]
update for no setuid root and ssh-keysign; ok deraadt@
|
|
|
|
sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand
independant of them)
|
|
[sshconnect.c]
abort() - > fatal()
|
|
[sshconnect.c]
always use getnameinfo. (diag message only)
|
|
[readconf.c]
silently ignore deprecated options, since FallBackToRsh might be passed
by remote scp commands.
|
|
[scp.c]
remove FallBackToRsh
|
|
[ssh_config]
remove FallBackToRsh/UseRsh
|
|
[readconf.c]
just warn about Deprecated options for now
|
|
[readconf.c readconf.h ssh.1 ssh.c]
deprecate FallBackToRsh and UseRsh; patch from djm@
|
|
[ssh-keysign.c]
only accept 20 byte session ids
|
|
[ssh.c]
nuke ptrace comment
|
|
this was mistakenly commited with the __progname fix to ssh-keysign.
|
|
Bertrand.Velle@apogee-com.fr
|
|
|
|
|
|
would be to clean out any dead wood and disable ssh setuid on install.
|
|
authentication to different files.
|
|
|
|
|
|
|
|
[sftp-server.c]
use get_int() macro (hide iqueue)
|
|
[sftp-server.c]
discard remaining bytes of current request; ok provos@
|
|
[monitor.h]
no trailing comma in enum; china@thewrittenword.com
|
|
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -t life, Set lifetime (in seconds) when adding identities;
ok provos@
|
|
[ssh-add.c]
add -x/-X to usage
|
|
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -x for lock and -X for unlocking the agent.
todo: encrypt private keys with locked...
|
|
[ssh-agent.c]
copy current request into an extra buffer and just flush this
request on errors, ok provos@
|
|
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
|
|
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
|
|
[cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
__FUNCTION__ -> __func__
NOTE: This includes all portable references also.
|
|
[packet.c]
remove __FUNCTION__
|
|
[monitor.c]
save the session id (hash) for ssh2 (it will be passed with the
initial sign request) and verify that this value is used during
authentication; ok provos@
|
|
[monitor.c]
only allow enabled authentication methods; ok provos@
|
|
[ssh.h]
compatiblity -> compatibility
decriptor -> descriptor
authentciated -> authenticated
transmition -> transmission
|
|
[ssh-rsa.c]
pad received signature with leading zeros, because RSA_verify expects
a signature of RSA_size. the drafts says the signature is transmitted
unpadded (e.g. putty does not pad), reported by anakin@pobox.com
|
|
[key.c]
add comment:
key_verify returns 1 for a correct signature, 0 for an incorrect signature
and -1 on error.
|
|
[auth.h auth2.c]
move Authmethod definitons to per-method file.
NOTE: The rest of this patch is with the import of the auth2-*.c files.
|
|
[sshconnect2.c]
extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@
|
|
[cipher.c]
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
our own implementation. allow use of AES hardware via libcrypto,
ok deraadt@
|
|
[sshd.c]
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
|
|
[ssh.1 sshd.8]
spelling
|
|
[uidswap.c]
use correct function name in fatal()
[See the patch above, I saw it before apply the next patch. <sigh>]
|
|
|
|
[uidswap.c]
format spec change/casts and some KNF; ok markus@
|
|
[monitor_mm.c]
print strerror(errno) on mmap/munmap error; ok markus@
|
|
[ssh.1]
sort ChallengeResponseAuthentication; ok markus@
|
|
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
auth2-passwd.c auth2-pubkey.c Makefile.in]
split auth2.c into one file per method; ok provos@/deraadt@
NOTE: Merged back noticable cygwin and pam stuff. May need review to
ensure I did not miss anything.
|
|
[sshconnect2.c]
execlp->execl; from stevesk
|
|
[sshconnect2.c]
stat ssh-keysign first, print error if stat fails;
some debug->error; fix comment
|