Age | Commit message (Collapse) | Author |
|
- Merged OpenBSD CVS changes:
- [channels.c]
fix packet_integrity_check() for !have_hostname_in_open.
report from mrwizard@psu.edu via djm@ibs.com.au
- [channels.c]
set SO_REUSEADDR and SO_LINGER for forwarded ports.
chip@valinux.com via damien@ibs.com.au
- [nchan.c]
it's not an error() if shutdown_write failes in nchan.
- [readconf.c]
remove dead #ifdef-0-code
- [readconf.c servconf.c]
strcasecmp instead of tolower
- [scp.c]
progress meter overflow fix from damien@ibs.com.au
- [ssh-add.1 ssh-add.c]
SSH_ASKPASS support
- [ssh.1 ssh.c]
postpone fork_after_authentication until command execution,
request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
plus: use daemon() for backgrounding
|
|
- OpenBSD CVS updates
- [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
[ssh.h sshd.8 sshd.c]
syslog changes:
* Unified Logmessage for all auth-types, for success and for failed
* Standard connections get only ONE line in the LOG when level==LOG:
Auth-attempts are logged only, if authentication is:
a) successfull or
b) with passwd or
c) we had more than AUTH_FAIL_LOG failues
* many log() became verbose()
* old behaviour with level=VERBOSE
- [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
messages. allows use of s/key in windows (ttssh, securecrt) and
ssh-1.2.27 clients without 'ssh -v', ok: niels@
- [sshd.8]
-V, for fallback to openssh in SSH2 compatibility mode
- [sshd.c]
fix sigchld race; cjc5@po.cwru.edu
|
|
|
|
|
|
- Restructured package-related files under packages/
- Added generic PAM config
|
|
<tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
|
|
|
|
|
|
- Retry /dev/urandom reads interrupted by signal (report from
Robert Hardy <rhardy@webcon.net>)
|
|
pam_strerror definition (one arg vs two).
|
|
- Added timersum() macro
- Tidy RCSIDs of bsd-*.c
|
|
- [ssh-keygen.c]
don't create ~/.ssh only if the user wants to store the private
key there. show fingerprint instead of public-key after
keygeneration. ok niels@
|
|
|
|
- [ssh-keygen.c]
replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
exit if writing the key fails (no infinit loop)
print usage() everytime we get bad options
- [ssh-keygen.c] overflow, djm@mindrot.org
- [sshd.c] fix sigchld race; cjc5@po.cwru.edu
|
|
- [channels.c]
make this compile, bad markus
- [log.c readconf.c servconf.c ssh.h]
bugfix: loglevels are per host in clientconfig,
factor out common log-level parsing code.
- [servconf.c]
remove unused index (-Wall)
- [ssh-agent.c]
only one 'extern char *__progname'
- [sshd.8]
document SIGHUP, -Q to synopsis
- [sshconnect.c serverloop.c sshd.c packet.c packet.h]
[channels.c clientloop.c]
SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
[hope this time my ISP stays alive during commit]
|
|
|
|
<marc.fournier@acadiau.ca>
- Wrote autoconf tests for integer bit-types
- Fixed enabling kerberos support
|
|
|
|
- Added tests for login and daemon and OpenBSD replacements for when they
are absent.
|
|
- Added autoconf option to enable AFS support (untested)
- Added autoconf option to enable S/Key support (untested)
- Added autoconf option to enable TCP wrappers support (compiles OK)
|
|
David Rankin <drankin@bohemians.lexington.ky.us>
|
|
|
|
- Fix includes in fingerprint.c
|
|
- [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
more %d vs. %s in fmt-strings
- [authfd.c]
Integers should not be printed with %s
|
|
|
|
|
|
- [scp.c] foregroundproc() in scp
- [sshconnect.h] include fingerprint.h
- [sshd.c] bugfix: the log() for passwd-auth escaped during logging
changes.
- Added openssh.com info to README
|
|
- [ChangeLog.Ylonen] noone needs this anymore
- [authfd.c] close-on-exec for auth-socket, ok deraadt
- [hostfile.c]
in known_hosts key lookup the entry for the bits does not need
to match, all the information is contained in n and e. This
solves the problem with buggy servers announcing the wrong
modulus length. markus and me.
- [serverloop.c]
bugfix: check for space if child has terminated, from:
iedowse@maths.tcd.ie
- [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
[fingerprint.c fingerprint.h]
rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
- [ssh-agent.1] typo
- [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
- [sshd.c]
force logging to stderr while loading private key file
(lost while converting to new log-levels)
|
|
- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
[mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
the keysize of rsa-parameter 'n' is passed implizit,
a few more checks and warnings about 'pretended' keysizes.
- [cipher.c cipher.h packet.c packet.h sshd.c]
remove support for cipher RC4
- [ssh.c]
a note for legay systems about secuity issues with permanently_set_uid(),
the private hostkey and ptrace()
- [sshconnect.c]
more detailed messages about adding and checking hostkeys
|
|
|
|
|
|
<marc.fournier@acadiau.ca>
- Wrote autoconf tests for __progname symbol
|
|
|
|
|
|
[auth-krb4.c]
- disconnect if getpeername() fails
- missing xfree(*client)
[canohost.c]
- disconnect if getpeername() fails
- fix comment: we _do_ disconnect if ip-options are set
[sshd.c]
- disconnect if getpeername() fails
- move checking of remote port to central place
[auth-rhosts.c] move checking of remote port to central place
[log-server.c] avoid extra fd per sshd, from millert@
[readconf.c] print _all_ bad config-options in ssh(1), too
[readconf.h] print _all_ bad config-options in ssh(1), too
[ssh.c] print _all_ bad config-options in ssh(1), too
[sshconnect.c] disconnect if getpeername() fails
- OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
|
|
- [ssh-add.c] change passphrase loop logic and remove ref to
$DISPLAY, ok niels
- Changed to ssh-add.c broke askpass support. Revised it to be a little more
modular.
- Revised autoconf support for enabling/disabling askpass support.
|
|
|
|
- Revised Redhat initscript to fix bug: sshd (re)start would fail
if executed from inside a ssh login.
|
|
- Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
|
|
|
|
|
|
|
|
- [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
[ssh.c ssh.h sshconnect.c sshd.c]
make all access to options via 'extern Options options'
and 'extern ServerOptions options' respectively;
options are no longer passed as arguments:
* make options handling more consistent
* remove #include "readconf.h" from ssh.h
* readconf.h is only included if necessary
- [mpaux.c] clear temp buffer
- [servconf.c] print _all_ bad options found in configfile
|
|
Minor other doc updates
|
|
|
|
|
|
- [sshd.c] session_key_int may be zero
- [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
deraadt,millert
- Brought default sshd_config more in line with OpenBSDs
|
|
- [sshd.c] session_key_int may be zero
|
|
- [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
+ krb-cleanup cleanup
- [clientloop.c log-client.c log-server.c ]
[readconf.c readconf.h servconf.c servconf.h ]
[ssh.1 ssh.c ssh.h sshd.8]
add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
obsoletes QuietMode and FascistLogging in sshd.
|
|
|