Age | Commit message (Collapse) | Author |
|
[key.c]
fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)
|
|
- djm@cvs.openbsd.org 2011/05/15 08:09:01
[authfd.c monitor.c serverloop.c]
use FD_CLOEXEC consistently; patch from zion AT x96.org
|
|
|
|
options, we should corresponding -W-option when trying to determine
whether it is accepted. Also includes a warning fix on the program
fragment uses (bad main() return type).
bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
|
|
changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
|
|
|
|
[authfile.c]
warn on unexpected key type in key_parse_private_type()
|
|
[auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
remove support for authorized_keys2; it is a relic from the early days
of protocol v.2 support and has been undocumented for many years;
ok markus@
|
|
[authfile.c]
despam debug() logs by detecting that we are trying to load a private key
in key_try_load_public() and returning early; ok markus@
|
|
[PROTOCOL.mux clientloop.c clientloop.h mux.c]
improve our behaviour when TTY allocation fails: if we are in
RequestTTY=auto mode (the default), then do not treat at TTY
allocation error as fatal but rather just restore the local TTY
to cooked mode and continue. This is more graceful on devices that
never allocate TTYs.
If RequestTTY is set to "yes" or "force", then failure to allocate
a TTY is fatal.
ok markus@
|
|
[ssh.1]
+.It RequestTTY
|
|
[ssh_config.5]
- tweak previous
- come consistency fixes
ok djm
|
|
[PROTOCOL.mux]
fix numbering; from bert.wesarg AT googlemail.com
|
|
[ssh.c]
fix dropping from previous diff
|
|
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
Add a RequestTTY ssh_config option to allow configuration-based
control over tty allocation (like -t/-T); ok markus@
|
|
[readconf.c ssh_config.5]
support negated Host matching, e.g.
Host *.example.org !c.example.org
User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
ok markus@
|
|
[ssh.c ssh_config.5]
add a %L expansion (short-form of the local host name) for ControlPath;
sync some more expansions with LocalCommand; ok markus@
|
|
[packet.c packet.h]
set traffic class for IPv6 traffic as we do for IPv4 TOS;
patch from lionel AT mamane.lu via Colin Watson in bz#1855;
ok markus@
|
|
[sshconnect2.c]
fix memory leak; bz#1849 ok dtucker@
|
|
[sftp.1]
mention that IPv6 addresses must be enclosed in square brackets;
bz#1845
|
|
[sshd_config]
clarify language about overriding defaults. bz#1892, from Petr Cerny
|
|
[mux.c]
gracefully fall back when ControlPath is too large for a
sockaddr_un. ok markus@ as part of a larger diff
|
|
--with-ssl-engine which was broken with the change from deprecated
SSLeay_add_all_algorithms(). ok djm
|
|
for closefrom() in test code. Report from Dan Wallis via Gentoo.
|
|
|
|
so autoreconf 2.68 is happy.
|
|
[authfile.c authfile.h ssh-add.c]
allow "ssh-add - < key"; feedback and ok markus@
|
|
[ssh-keygen.c]
certificate options are supposed to be packed in lexical order of
option name (though we don't actually enforce this at present).
Move one up that was out of sequence
|
|
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
allow graceful shutdown of multiplexing: request that a mux server
removes its listener socket and refuse future multiplexing requests;
ok markus@
|
|
[ssh-keygen.1]
mention valid -b sizes for ECDSA keys; bz#1862
|
|
[ssh-keygen.1]
improve wording; bz#1861
|
|
[sshd.c]
exit with 0 status on SIGTERM; bz#1879
|
|
[ssh-keygen.c]
fix -Wshadow
|
|
[misc.c misc.h servconf.c]
print ipqos friendly string for sshd -T; ok markus
# sshd -Tf sshd_config|grep ipqos
ipqos lowdelay throughput
|
|
[ssh-keygen.c]
use strcasecmp() for "clear" cert permission option also; ok djm
|
|
[ssh-keygen.1]
zap trailing whitespace;
|
|
[ssh-keygen.c]
remove -d, documentation removed >10 years ago; ok markus
|
|
[ssh-keygen.1]
-q not used in /etc/rc now so remove statement.
|
|
[ssh-keygen.1 ssh-keygen.c]
Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa)
for which host keys do not exist, generate the host keys with the
default key file path, an empty passphrase, default bits for the key
type, and default comment. This will be used by /etc/rc to generate
new host keys. Idea from deraadt.
ok deraadt
|
|
[ssh-keyscan.c]
use timerclear macro
ok djm@
|
|
[auth.h]
allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
|
|
- djm@cvs.openbsd.org 2011/03/10 02:52:57
[auth2-gss.c auth2.c]
allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
|
|
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
[ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
[regress/README.regress] Remove ssh-rand-helper and all its
tentacles. PRNGd seeding has been rolled into entropy.c directly.
Thanks to tim@ for testing on affected platforms.
|
|
definitions.
|
|
|
|
Cygwin-specific service installer script ssh-host-config. The actual
functionality is the same, the revisited version is just more
exact when it comes to check for problems which disallow to run
certain aspects of the script. So, part of this script and the also
rearranged service helper script library "csih" is to check if all
the tools required to run the script are available on the system.
The new script also is more thorough to inform the user why the
script failed. Patch from vinschen at redhat com.
|
|
[ssh-keysign.c]
make hostbased auth with ECDSA keys work correctly. Based on patch
by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
|
generation and simplify. Patch from Corinna Vinschen.
|
|
selinux code. Patch from Leonardo Chiquitto.
|
|
[contrib/suse/openssh.spec] update versions in docs and spec files.
- Release OpenSSH 5.8p1
|