Age | Commit message (Collapse) | Author |
|
[channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
Add options ClientAliveInterval and ClientAliveCountMax to sshd.
This gives the ability to do a "keepalive" via the encrypted channel
which can't be spoofed (unlike TCP keepalives). Useful for when you want
to use ssh connections to authenticate people for something, and know
relatively quickly when they are no longer authenticated. Disabled
by default (of course). ok markus@
|
|
<vinschen@redhat.com>
|
|
|
|
[ssh.c]
missing \n in error message
|
|
[sftp-int.c sftp-int.h sftp.1 sftp.c]
Add support for:
sftp [user@]host[:file [file]] - Fetch remote file(s)
sftp [user@]host[:dir[/]] - Start in remote dir/
OK deraadt@
|
|
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
robust port validation; ok markus@ jakob@
|
|
[readconf.c]
typo
|
|
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
sshconnect2.c sshd_config]
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)
|
|
lack it.
|
|
[ssh.c]
show debug output during option processing, report from
pekkas@netcore.fi
|
|
[sshd.8 sshd.c]
implement the -e option into sshd:
-e When this option is specified, sshd will send the output to the
standard error instead of the system log.
markus@ OK.
|
|
[channels.c ssh.c]
https-connect and socks5 support. i feel so bad.
|
|
[ssh.c]
use strtol() for ports, thanks jakob@
|
|
[sftp-int.c]
'mget' and 'mput' aliases; ok markus@
|
|
[channels.c]
debug cleanup
|
|
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
document id_rsa{.pub,}. markus ok
|
|
[channels.c]
cleanup socks4 handling
|
|
[sshd.8]
ListenAddress mandoc from aaron@
|
|
[ssh-add.1]
ssh-add retries the last passphrase...
|
|
[ssh-add.c]
passphrase caching: ssh-add tries last passphrase, clears passphrase if
not successful and after last try.
based on discussions with espie@, jakob@, ... and code from jakob@ and
wolfgang@wsrcc.com
|
|
[sftp.1]
spelling
|
|
[sshd.8]
spelling
|
|
[sftp.c]
do not modify an actual argv[] entry
|
|
|
|
|
|
[uidswap.c]
KNF
|
|
[buffer.c channels.c channels.h readconf.c ssh.c]
allow the ssh client act as a SOCKS4 proxy (dynamic local
portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me.
thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
netscape use localhost:1080 as a socks proxy.
|
|
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
do gid/groups-swap in addition to uid-swap, should help if /home/group
is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
to olar@openwall.com is comments. we had many requests for this.
|
|
[clientloop.c]
leave_raw_mode if ssh2 "session" is closed
|
|
[ssh-add.c]
init pointers with NULL, thanks to danimal@danimal.org
|
|
[sshd.8]
document ListenAddress addr:port
|
|
[servconf.c]
in addition to:
ListenAddress host|ipv4_addr|ipv6_addr
permit:
ListenAddress [host|ipv4_addr|ipv6_addr]:port
ListenAddress host|ipv4_addr:port
sshd.8 updates coming. ok markus@
|
|
[hostfile.c]
unused; typo in comment
|
|
[scp.c]
remove trailing / from source paths; fixes pr#1756
|
|
[serverloop.c]
keep the ssh session even if there is no active channel.
this is more in line with the protocol spec and makes
ssh -N -L 1234:server:110 host
more useful.
based on discussion with <mats@mindbright.se> long time ago
and recent mail from <res@shore.net>
|
|
|
|
|
|
[clientloop.c ssh.c]
don't request a session for 'ssh -N', pointed out slade@shore.net
|
|
[buffer.c]
better error message
|
|
[clientloop.c]
for ~R print message if server does not support rekeying. (and fix ~R).
|
|
[canohost.c canohost.h session.c]
move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@
|
|
[ssh.1]
ssh defaults to protocol v2; from quisar@quisar.ambre.net
|
|
[clientloop.c compat.c compat.h]
add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
|
|
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
sshconnect2.c sshd.c]
fix whitespace: unexpand + trailing spaces.
|
|
[version.h]
temporary version 2.5.4 (supports rekeying).
this is not an official release.
|
|
[compress.c compress.h packet.c]
reset compress state per direction when rekeying.
|
|
[compat.c]
2.3.x does old GEX, too; report jakob@
|
|
|
|
BROKEN_VHANGUP
|
|
[dh.c kex.c packet.c]
clear+free keys,iv for rekeying.
+ fix DH mem leaks. ok niels@
|