| Age | Commit message (Collapse) | Author |
|---|
|
r1.18: missing restore of SIGTTOU and some whitespace.
|
|
|
|
[session.c]
Add explicit stat so we reliably detect nologin with bad perms.
ok djm markus
|
|
[buffer.h bufaux.c]
add a buffer_get_string_ptr_ret() that does the same as
buffer_get_string_ptr() but does not fatal() on error; ok dtucker@
|
|
[session.c]
Do not allow logins if /etc/nologin exists but is not readable by the user
logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
|
|
[roaming_common.c]
delete with extreme prejudice a debug() that fired with every keypress;
ok dtucker deraadt
|
|
[monitor_fdpass.c]
avoid spinning when fd passing on nonblocking sockets by calling poll()
in the EINTR/EAGAIN path, much like we do in atomicio; ok dtucker@
|
|
[authfile.c]
Fix bug introduced in r1.78 (incorrect brace location) that broke key auth.
Patch from joachim joachimschipper nl.
|
|
[ssh-keygen.c]
when converting keys, truncate key comments at 72 chars as per RFC4716;
bz#1630 reported by tj AT castaglia.org; ok markus@
|
|
[authfile.c sshconnect2.c]
Do not prompt for a passphrase if we fail to open a keyfile, and log the
reason the open failed to debug.
bz #1693, found by tj AT castaglia org, ok djm@
|
|
[ssh_config channels.c ssh.1 channels.h ssh.c]
Add a 'netcat mode' (ssh -W). This connects stdio on the client to a
single port forward on the server. This allows, for example, using ssh as
a ProxyCommand to route connections via intermediate servers.
bz #1618, man page help from jmc@, ok markus@
|
|
[auth.c]
Output a debug if we can't open an existing keyfile. bz#1694, ok djm@
|
|
[servconf.c]
Add ChrootDirectory to sshd.c test-mode output
|
|
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
Remove RoutingDomain from ssh since it's now not needed. It can be
replaced with "route exec" or "nc -V" as a proxycommand. "route exec"
also ensures that trafic such as DNS lookups stays withing the specified
routingdomain. For example (from reyk):
# route -T 2 exec /usr/sbin/sshd
or inherited from the parent process
$ route -T 2 exec sh
$ ssh 10.1.2.3
ok deraadt@ markus@ stevesk@ reyk@
|
|
Remove hacks add for RoutingDomain in preparation for its removal.
|
|
|
|
[sshd.c]
Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs
itself. Prevents two HUPs in quick succession from resulting in sshd
dying. bz#1692, patch from Colin Watson via Ubuntu.
|
|
[sftp.c]
Prevent sftp from derefing a null pointer when given a "-" without a
command. Also, allow whitespace to follow a "-". bz#1691, path from
Colin Watson via Debian. ok djm@ deraadt@
|
|
[roaming_client.c]
Remove a PRIu64 format string that snuck in with roaming. ok djm@
|
|
[mux.c sshpty.h clientloop.c sshtty.c]
quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we
usually don't actually have a tty to read/set; bz#1686 ok dtucker@
|
|
[sftp-server.8]
bad place to forget a comma...
|
|
[PROTOCOL]
tweak language
|
|
[sftp-server.c sftp-server.8]
add a 'read-only' mode to sftp-server(8) that disables open in write mode
and all other fs-modifying protocol methods. bz#430 ok dtucker@
|
|
when using utmpx. Patch from Ed Schouten.
|
|
|
|
|
|
have it.
|
|
[sftp.c]
Fix two warnings: possibly used unitialized and use a nul byte instead of
NULL pointer. ok djm@
|
|
|
|
to eliminate an unused variable warning.
|
|
be created.
|
|
too.
|
|
RoutingDomain an unsupported option on platforms that don't have it.
|
|
don't have libedit.
|
|
|
|
files for roaming and add to Makefile.
|
|
[sftp-server.c]
bz#1566 don't unnecessarily dup() in and out fds for sftp-server;
ok markus@
|
|
[sftp.c]
Implement tab-completion of commands, local and remote filenames for sftp.
Hacked on and off for some time by myself, mouring, Carlos Silva (via 2009
Google Summer of Code) and polished to a fine sheen by myself again.
It should deal more-or-less correctly with the ikky corner-cases presented
by quoted filenames, but the UI could still be slightly improved.
In particular, it is quite slow for remote completion on large directories.
bz#200; ok markus@
|
|
[sshconnect2.c]
Don't escape backslashes in the SSH2 banner. bz#1533, patch from
Michal Gorny via Gentoo.
|
|
[sshd_config.5 ssh_config.5]
sort previous;
|
|
[sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1]
Rename RDomain config option to RoutingDomain to be more clear and
consistent with other options.
NOTE: if you currently use RDomain in the ssh client or server config,
or ssh/sshd -o, you must update to use RoutingDomain.
ok markus@ djm@
|
|
[readconf.c servconf.c misc.h ssh-keyscan.c misc.c]
validate routing domain is in range 0-RT_TABLEID_MAX.
'Looks right' deraadt@
|
|
[PROTOCOL]
fix an incorrect magic number and typo in PROTOCOL; bz#1688
report and fix from ueno AT unixuser.org
|
|
[ssh.c sftp.c scp.c]
When passing user-controlled options with arguments to other programs,
pass the option and option argument as separate argv entries and
not smashed into one (e.g., as -l foo and not -lfoo). Also, always
pass a "--" argument to stop option parsing, so that a positional
argument that starts with a '-' isn't treated as an option. This
fixes some error cases as well as the handling of hostnames and
filenames that start with a '-'.
Based on a diff by halex@
ok halex@ djm@ deraadt@
|
|
[key.c]
switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537
for the RSA public exponent; discussed with provos; ok djm@
|
|
[sftp.c]
fix potential divide-by-zero in sftp's "df" output when talking to a server
that reports zero files on the filesystem (Unix filesystems always have at
least the root inode). From Steve McClellan at radisys, ok djm@
|
|
[roaming_common.c]
use socklen_t for getsockopt optlen parameter; reported by
Steve.McClellan AT radisys.com, ok dtucker@
|
|
[sshconnect2.c]
zap unused variable and strlen; from Steve McClellan, ok djm
|
|
[sftp.c]
make passing of zero-length arguments to ssh safe by
passing "-<switch>" "<value>" rather than "-<switch><value>"
ok dtucker@, guenther@, djm@
|
|
[misc.c]
correct off-by-one in percent_expand(): we would fatal() when trying
to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually
work. Note that nothing in OpenSSH actually uses close to this limit at
present. bz#1607 from Jan.Pechanec AT Sun.COM
|
