| Age | Commit message (Collapse) | Author |
|---|
|
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
robust port validation; ok markus@ jakob@
|
|
[readconf.c]
typo
|
|
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
sshconnect2.c sshd_config]
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)
|
|
lack it.
|
|
[ssh.c]
show debug output during option processing, report from
pekkas@netcore.fi
|
|
[sshd.8 sshd.c]
implement the -e option into sshd:
-e When this option is specified, sshd will send the output to the
standard error instead of the system log.
markus@ OK.
|
|
[channels.c ssh.c]
https-connect and socks5 support. i feel so bad.
|
|
[ssh.c]
use strtol() for ports, thanks jakob@
|
|
[sftp-int.c]
'mget' and 'mput' aliases; ok markus@
|
|
[channels.c]
debug cleanup
|
|
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
document id_rsa{.pub,}. markus ok
|
|
[channels.c]
cleanup socks4 handling
|
|
[sshd.8]
ListenAddress mandoc from aaron@
|
|
[ssh-add.1]
ssh-add retries the last passphrase...
|
|
[ssh-add.c]
passphrase caching: ssh-add tries last passphrase, clears passphrase if
not successful and after last try.
based on discussions with espie@, jakob@, ... and code from jakob@ and
wolfgang@wsrcc.com
|
|
[sftp.1]
spelling
|
|
[sshd.8]
spelling
|
|
[sftp.c]
do not modify an actual argv[] entry
|
|
|
|
|
|
[uidswap.c]
KNF
|
|
[buffer.c channels.c channels.h readconf.c ssh.c]
allow the ssh client act as a SOCKS4 proxy (dynamic local
portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me.
thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
netscape use localhost:1080 as a socks proxy.
|
|
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
do gid/groups-swap in addition to uid-swap, should help if /home/group
is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
to olar@openwall.com is comments. we had many requests for this.
|
|
[clientloop.c]
leave_raw_mode if ssh2 "session" is closed
|
|
[ssh-add.c]
init pointers with NULL, thanks to danimal@danimal.org
|
|
[sshd.8]
document ListenAddress addr:port
|
|
[servconf.c]
in addition to:
ListenAddress host|ipv4_addr|ipv6_addr
permit:
ListenAddress [host|ipv4_addr|ipv6_addr]:port
ListenAddress host|ipv4_addr:port
sshd.8 updates coming. ok markus@
|
|
[hostfile.c]
unused; typo in comment
|
|
[scp.c]
remove trailing / from source paths; fixes pr#1756
|
|
[serverloop.c]
keep the ssh session even if there is no active channel.
this is more in line with the protocol spec and makes
ssh -N -L 1234:server:110 host
more useful.
based on discussion with <mats@mindbright.se> long time ago
and recent mail from <res@shore.net>
|
|
|
|
|
|
[clientloop.c ssh.c]
don't request a session for 'ssh -N', pointed out slade@shore.net
|
|
[buffer.c]
better error message
|
|
[clientloop.c]
for ~R print message if server does not support rekeying. (and fix ~R).
|
|
[canohost.c canohost.h session.c]
move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@
|
|
[ssh.1]
ssh defaults to protocol v2; from quisar@quisar.ambre.net
|
|
[clientloop.c compat.c compat.h]
add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
|
|
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
sshconnect2.c sshd.c]
fix whitespace: unexpand + trailing spaces.
|
|
[version.h]
temporary version 2.5.4 (supports rekeying).
this is not an official release.
|
|
[compress.c compress.h packet.c]
reset compress state per direction when rekeying.
|
|
[compat.c]
2.3.x does old GEX, too; report jakob@
|
|
|
|
BROKEN_VHANGUP
|
|
[dh.c kex.c packet.c]
clear+free keys,iv for rekeying.
+ fix DH mem leaks. ok niels@
|
|
[kex.c kexgex.c serverloop.c]
parse full kexinit packet.
make server-side more robust, too.
|
|
[auth2.c]
we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
|
|
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
sshconnect2.c sshd.c]
more robust rekeying
don't send channel data after rekeying is started.
|
|
[compat.c]
f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
|
|
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
enable server side rekeying + some rekey related clientup.
todo: we should not send any non-KEX messages after we send KEXINIT
|
