| Age | Commit message (Collapse) | Author |
|---|
|
- Add support for multiple required authentication in SSH protocol 2 via
an AuthenticationMethods option (closes: #195716).
- Fix Sophie Germain formula in moduli(5) (closes: #698612).
- Update ssh-copy-id to Phil Hands' greatly revised version (closes:
#99785, #322228, #620428; LP: #518883, #835901, #1074798).
|
|
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
[monitor.c monitor.h]
Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.
Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.
Fix multiple authentication when one of the methods is
keyboard-interactive.
ok markus@
|
|
[auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
[sshd_config.5]
Support multiple required authentication via an AuthenticationMethods
option. This option lists one or more comma-separated lists of
authentication method names. Successful completion of all the methods in
any list is required for authentication to complete;
feedback and ok markus@
|
|
- Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
offer better performance than plain DH and DSA at the same equivalent
symmetric key length, as well as much shorter keys.
- sftp(1)/sftp-server(8): add a protocol extension to support a hard
link operation. It is available through the "ln" command in the
client. The old "ln" behaviour of creating a symlink is available
using its "-s" option or through the preexisting "symlink" command.
- scp(1): Add a new -3 option to scp: Copies between two remote hosts
are transferred through the local host (closes: #508613).
- ssh(1): "atomically" create the listening mux socket by binding it on
a temporary name and then linking it into position after listen() has
succeeded. This allows the mux clients to determine that the server
socket is either ready or stale without races (closes: #454784).
Stale server sockets are now automatically removed (closes: #523250).
- ssh(1): install a SIGCHLD handler to reap expired child process
(closes: #594687).
- ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent
temporary directories (closes: #357469, although only if you arrange
for ssh-agent to actually see $TMPDIR since the setgid bit will cause
it to be stripped off).
|
|
[auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
[packet.h ssh-dss.c ssh-rsa.c]
Add buffer_get_cstring() and related functions that verify that the
string extracted from the buffer contains no embedded \0 characters*
This prevents random (possibly malicious) crap from being appended to
strings where it would not be noticed if the string is used with
a string(3) function.
Use the new API in a few sensitive places.
* actually, we allow a single one at the end of the string for now because
we don't know how many deployed implementations get this wrong, but don't
count on this to remain indefinitely.
|
|
- Added a ControlPersist option to ssh_config(5) that automatically
starts a background ssh(1) multiplex master when connecting. This
connection can stay alive indefinitely, or can be set to automatically
close after a user-specified duration of inactivity (closes: #335697,
#350898, #454787, #500573, #550262).
- Support AuthorizedKeysFile, AuthorizedPrincipalsFile,
HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5)
Match blocks (closes: #549858).
- sftp(1): fix ls in working directories that contain globbing
characters in their pathnames (LP: #530714).
|
|
[auth1.c auth2-none.c]
skip the initial check for access with an empty password when
PermitEmptyPasswords=no; bz#1638; ok markus@
|
|
* Update to GSSAPI patch from
http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch.
|
|
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
version of Cygwin. Patch from vinschen at redhat com.
|
|
backported to 4.7p1:
- 4.9/4.9p1 (http://www.openssh.com/txt/release-4.9):
+ Added chroot(2) support for sshd(8), controlled by a new option
"ChrootDirectory" (closes: #139047, LP: #24777).
+ Linked sftp-server(8) into sshd(8). The internal sftp server is used
when the command "internal-sftp" is specified in a Subsystem or
ForceCommand declaration. When used with ChrootDirectory, the
internal sftp server requires no special configuration of files
inside the chroot environment.
+ Added a protocol extension method "posix-rename@openssh.com" for
sftp-server(8) to perform POSIX atomic rename() operations; sftp(1)
prefers this if available (closes: #308561).
+ Removed the fixed limit of 100 file handles in sftp-server(8).
+ ssh(8) will now skip generation of SSH protocol 1 ephemeral server
keys when in inetd mode and protocol 2 connections are negotiated.
This speeds up protocol 2 connections to inetd-mode servers that
also allow Protocol 1.
+ Accept the PermitRootLogin directive in a sshd_config(5) Match
block. Allows for, e.g. permitting root only from the local network.
+ Reworked sftp(1) argument splitting and escaping to be more
internally consistent (i.e. between sftp commands) and more
consistent with sh(1). Please note that this will change the
interpretation of some quoted strings, especially those with
embedded backslash escape sequences.
+ Support "Banner=none" in sshd_config(5) to disable sending of a
pre-login banner (e.g. in a Match block).
+ ssh(1) ProxyCommands are now executed with $SHELL rather than
/bin/sh.
+ ssh(1)'s ConnectTimeout option is now applied to both the TCP
connection and the SSH banner exchange (previously it just covered
the TCP connection). This allows callers of ssh(1) to better detect
and deal with stuck servers that accept a TCP connection but don't
progress the protocol, and also makes ConnectTimeout useful for
connections via a ProxyCommand.
+ scp(1) incorrectly reported "stalled" on slow copies (closes:
#140828).
+ scp(1) date underflow for timestamps before epoch.
+ ssh(1) used the obsolete SIG DNS RRtype for host keys in DNS,
instead of the current standard RRSIG.
+ Correctly drain ACKs when a sftp(1) upload write fails midway,
avoids a fatal() exit from what should be a recoverable condition.
+ Fixed ssh-keygen(1) selective host key hashing (i.e. "ssh-keygen -HF
hostname") to not include any IP address in the data to be hashed.
+ Make ssh(1) skip listening on the IPv6 wildcard address when a
binding address of 0.0.0.0 is used against an old SSH server that
does not support the RFC4254 syntax for wildcard bind addresses.
+ Enable IPV6_V6ONLY socket option on sshd(8) listen socket, as is
already done for X11/TCP forwarding sockets (closes: #439661).
+ Fix FD leak that could hang a ssh(1) connection multiplexing master.
+ Make ssh(1) -q option documentation consistent with reality.
+ Fixed sshd(8) PAM support not calling pam_session_close(), or
failing to call it with root privileges (closes: #372680).
+ Fix activation of OpenSSL engine support when requested in configure
(LP: #119295).
- 5.1/5.1p1 (http://www.openssh.com/txt/release-5.1):
+ Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1)
and ssh-keygen(1). Visual fingerprint display is controlled by a new
ssh_config(5) option "VisualHostKey". The intent is to render SSH
host keys in a visual form that is amenable to easy recall and
rejection of changed host keys.
+ sshd_config(5) now supports CIDR address/masklen matching in "Match
address" blocks, with a fallback to classic wildcard matching.
+ sshd(8) now supports CIDR matching in ~/.ssh/authorized_keys
from="..." restrictions, also with a fallback to classic wildcard
matching.
+ Added an extended test mode (-T) to sshd(8) to request that it write
its effective configuration to stdout and exit. Extended test mode
also supports the specification of connection parameters (username,
source address and hostname) to test the application of
sshd_config(5) Match rules.
+ ssh(1) now prints the number of bytes transferred and the overall
connection throughput for SSH protocol 2 sessions when in verbose
mode (previously these statistics were displayed for protocol 1
connections only).
+ sftp-server(8) now supports extension methods statvfs@openssh.com
and fstatvfs@openssh.com that implement statvfs(2)-like operations.
+ sftp(1) now has a "df" command to the sftp client that uses the
statvfs@openssh.com to produce a df(1)-like display of filesystem
space and inode utilisation (requires statvfs@openssh.com support on
the server).
+ Added a MaxSessions option to sshd_config(5) to allow control of the
number of multiplexed sessions supported over a single TCP
connection. This allows increasing the number of allowed sessions
above the previous default of 10, disabling connection multiplexing
(MaxSessions=1) or disallowing login/shell/subsystem sessions
entirely (MaxSessions=0).
+ Added a no-more-sessions@openssh.com global request extension that
is sent from ssh(1) to sshd(8) when the client knows that it will
never request another session (i.e. when session multiplexing is
disabled). This allows a server to disallow further session requests
and terminate the session in cases where the client has been
hijacked.
+ ssh-keygen(1) now supports the use of the -l option in combination
with -F to search for a host in ~/.ssh/known_hosts and display its
fingerprint.
+ ssh-keyscan(1) now defaults to "rsa" (protocol 2) keys, instead of
"rsa1".
+ Added an AllowAgentForwarding option to sshd_config(8) to control
whether authentication agent forwarding is permitted. Note that this
is a loose control, as a client may install their own unofficial
forwarder.
+ ssh(1) and sshd(8): avoid unnecessary malloc/copy/free when
receiving network data, resulting in a ~10% speedup.
+ ssh(1) and sshd(8) will now try additional addresses when connecting
to a port forward destination whose DNS name resolves to more than
one address. The previous behaviour was to try the only first
address and give up if that failed.
+ ssh(1) and sshd(8) now support signalling that channels are
half-closed for writing, through a channel protocol extension
notification "eow@openssh.com". This allows propagation of closed
file descriptors, so that commands such as "ssh -2 localhost od
/bin/ls | true" do not send unnecessary data over the wire.
+ sshd(8): increased the default size of ssh protocol 1 ephemeral keys
from 768 to 1024 bits.
+ When ssh(1) has been requested to fork after authentication ("ssh
-f") with ExitOnForwardFailure enabled, delay the fork until after
replies for any -R forwards have been seen. Allows for robust
detection of -R forward failure when using -f.
+ "Match group" blocks in sshd_config(5) now support negation of
groups. E.g. "Match group staff,!guests".
+ sftp(1) and sftp-server(8) now allow chmod-like operations to set
set[ug]id/sticky bits.
+ The MaxAuthTries option is now permitted in sshd_config(5) match
blocks.
+ Multiplexed ssh(1) sessions now support a subset of the ~ escapes
that are available to a primary connection.
+ ssh(1) connection multiplexing will now fall back to creating a new
connection in most error cases (closes: #352830).
+ Make ssh(1) deal more gracefully with channel requests that fail.
Previously it would optimistically assume that requests would always
succeed, which could cause hangs if they did not (e.g. when the
server runs out of file descriptors).
+ ssh(1) now reports multiplexing errors via the multiplex slave's
stderr where possible (subject to LogLevel in the mux master).
+ Prevent sshd(8) from erroneously applying public key restrictions
leaned from ~/.ssh/authorized_keys to other authentication methods
when public key authentication subsequently fails (LP: #161047).
+ Fixed an UMAC alignment problem that manifested on Itanium
platforms.
|
|
account check failure path. The vulnerable format buffer is supplied
from PAM and should not contain attacker-supplied data.
|
|
[auth1.c auth2.c]
Make protocol 1 MaxAuthTries logic match protocol 2's.
Do not treat the first protocol 2 authentication attempt as
a failure IFF it is for method "none".
Makes MaxAuthTries' user-visible behaviour identical for
protocol 1 vs 2.
ok dtucker@
|
|
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
[monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
[ssh.c sshd.c]
Implement a channel success/failure status confirmation callback
mechanism. Each channel maintains a queue of callbacks, which will
be drained in order (RFC4253 guarantees confirm messages are not
reordered within an channel).
Also includes a abandonment callback to clean up if a channel is
closed without sending confirmation messages. This probably
shouldn't happen in compliant implementations, but it could be
abused to leak memory.
ok markus@ (as part of a larger diff)
|
|
[auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
[monitor.c monitor_wrap.c]
unifdef -DBSD_AUTH
unifdef -USKEY
These options have been in use for some years;
ok markus@ "no objection" millert@
(NB. RCD ID sync only for portable)
|
|
changes not previously backported to 4.3p2:
- 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4):
+ On portable OpenSSH, fix a GSSAPI authentication abort that could be
used to determine the validity of usernames on some platforms.
+ Implemented conditional configuration in sshd_config(5) using the
"Match" directive. This allows some configuration options to be
selectively overridden if specific criteria (based on user, group,
hostname and/or address) are met. So far a useful subset of
post-authentication options are supported and more are expected to
be added in future releases.
+ Add support for Diffie-Hellman group exchange key agreement with a
final hash of SHA256.
+ Added a "ForceCommand" directive to sshd_config(5). Similar to the
command="..." option accepted in ~/.ssh/authorized_keys, this forces
the execution of the specified command regardless of what the user
requested. This is very useful in conjunction with the new "Match"
option.
+ Add a "PermitOpen" directive to sshd_config(5). This mirrors the
permitopen="..." authorized_keys option, allowing fine-grained
control over the port-forwardings that a user is allowed to
establish.
+ Add optional logging of transactions to sftp-server(8).
+ ssh(1) will now record port numbers for hosts stored in
~/.ssh/known_hosts when a non-standard port has been requested
(closes: #50612).
+ Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a
non-zero exit code) when requested port forwardings could not be
established.
+ Extend sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments.
+ Replacement of all integer overflow susceptible invocations of
malloc(3) and realloc(3) with overflow-checking equivalents.
+ Many manpage fixes and improvements.
+ Add optional support for OpenSSL hardware accelerators (engines),
enabled using the --with-ssl-engine configure option.
+ Tokens in configuration files may be double-quoted in order to
contain spaces (closes: #319639).
+ Move a debug() call out of a SIGCHLD handler, fixing a hang when the
session exits very quickly (closes: #307890).
+ Fix some incorrect buffer allocation calculations (closes: #410599).
+ ssh-add doesn't ask for a passphrase if key file permissions are too
liberal (closes: #103677).
+ Likewise, ssh doesn't ask either (closes: #99675).
- 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6):
+ sshd now allows the enabling and disabling of authentication methods
on a per user, group, host and network basis via the Match directive
in sshd_config.
+ Fixed an inconsistent check for a terminal when displaying scp
progress meter (closes: #257524).
+ Fix "hang on exit" when background processes are running at the time
of exit on a ttyful/login session (closes: #88337).
* Update to current GSSAPI patch from
http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch;
install ChangeLog.gssapi.
|
|
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
[auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
[cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
[dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
[md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
[scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
[ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c rc4.diff]
[openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
[openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
[openbsd-compat/port-uw.c]
Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
compile problems reported by rac AT tenzing.org
|
|
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
[auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
[buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
[groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
[key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
[monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
[readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
[serverloop.c session.c session.h sftp-client.c sftp-common.c]
[sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
[ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
[uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
[loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step
NB. portable commit contains everything *except* removing includes.h, as
that will take a fair bit more work as we move headers that are required
for portability workarounds to defines.h. (also, this step wasn't "easy")
|
|
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
[auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
[channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
[kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
[monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
[servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
[uuencode.h xmalloc.c]
move #include <stdio.h> out of includes.h
|
|
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
[auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
[authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
[cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
[compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
[includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
[progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
move #include <string.h> out of includes.h
|
|
[auth1.c serverloop.c session.c sshconnect2.c]
missed some needed #include <unistd.h> when KERBEROS5=no; issue from
massimo@cedoc.mo.it
|
|
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
[buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
[cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
[deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
[kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
[readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
[sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c]
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files
|
|
[auth1.c auth2.c sshd.c]
sprinkle some ARGSUSED for table driven functions (which sometimes
must ignore their args)
|
|
[auth1.c authfd.c channels.c]
spacing
|
|
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die
|
|
|
|
[ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
|
|
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
|
|
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
[sshconnect.c]
spacing
|
|
[auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
|
|
[auth1.c] split protocol 1 auth methods into separate functions, makes
authloop much more readable; fixes and ok markus@ (portable ok &
polish dtucker@)
|
|
- Added SELinux capability, and turned it on be default. Added
restorecon calls in preinst and postinst (should not matter if the
machine is not SELinux aware). By and large, the changes made should
have no effect unless the rules file calls --with-selinux; and even
then there should be no performance hit for machines not actively
running SELinux.
- Modified the preinst and postinst to call restorecon to set the
security context for the generated public key files.
- Added a comment to /etc/pam.d/ssh to indicate that an SELinux system
may want to also include pam_selinux.so.
|
|
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
|
|
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
|
|
subsequently denied by the PAM auth stack, send the PAM message to the
user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2).
ok djm@
|
|
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
sshconnect1.c]
more s/illegal/invalid/
|
|
[auth1.c auth2.c]
bz#899: Don't display invalid usernames in setproctitle
|
|
connections with empty passwords. Patch from davidwu at nbttech.com,
ok djm@
|
|
|
|
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
Add MaxAuthTries sshd config option; ok markus@
|
|
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
sshd.c] removed: mpaux.c mpaux.h
kill some more tiny files; ok deraadt@
|
|
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized
even if keyboard-interactive is not used by the client. Prevents segfaults
in some cases where the user's password is expired (note this is not
considered a security exposure). ok djm@
|
|
|
|
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
|
|
[auth1.c]
remove unused variable (pw). ok djm@
(id sync only - still used in portable)
|
|
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
[auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
[session.c]
standardise arguments to auth methods - they should all take authctxt.
check authctxt->valid rather then pw != NULL; ok markus@
|
|
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
|
|
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
[auth2.c monitor.c]
fix passwd auth for 'username leaks via timing'; with djm@, original
patches from solar
|
|
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
|
|
UsePAM=yes; ok dtucker
|
|
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
|
