| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
installed, the host key is published in an SSHFP RR secured with DNSSEC,
and VerifyHostKeyDNS=yes, then ssh will no longer prompt for host key
verification (closes: #572049).
|
|
|
|
- Add a Homepage field.
|
|
introduced to match the behaviour of non-free SSH, in which -q does not
suppress fatal errors, but matching the behaviour of OpenSSH upstream is
much more important nowadays. We no longer document that -q does not
suppress fatal errors (closes: #280609). Migrate "LogLevel SILENT" to
"LogLevel QUIET" in sshd_config on upgrade.
|
|
the two patchlevel nybbles now, which is sufficient to address the
original reason this change was introduced, and it appears that any
change in the major/minor/fix nybbles would involve a new libssl package
name. (We'd still lose if the status nybble were ever changed, but that
would mean somebody had packaged a development/beta version rather than
a proper release, which doesn't appear to be normal practice.)
|
|
itself non-OOM-killable, and doesn't require configuration to avoid log
spam in virtualisation containers (closes: #555625).
|
|
- After a transition period of about 10 years, this release disables SSH
protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
- Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is enabled by default in the Debian
packaging, since it now doesn't involve additional library
dependencies (closes: #231472, LP: #16918).
- Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (closes: #482806).
- Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
- Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian
package, this overlaps with the key blacklisting facility added in
openssh 1:4.7p1-9, but with different file formats and slightly
different scopes; for the moment, I've roughly merged the two.)
- Various multiplexing improvements, including support for requesting
port-forwardings via the multiplex protocol (closes: #360151).
- Allow setting an explicit umask on the sftp-server(8) commandline to
override whatever default the user has (closes: #496843).
- Many sftp client improvements, including tab-completion, more options,
and recursive transfer support for get/put (LP: #33378). The old
mget/mput commands never worked properly and have been removed
(closes: #270399, #428082).
- Do not prompt for a passphrase if we fail to open a keyfile, and log
the reason why the open failed to debug (closes: #431538).
- Prevent sftp from crashing when given a "-" without a command. Also,
allow whitespace to follow a "-" (closes: #531561).
|
|
/usr/bin/X11/xauth (thanks, Aron Griffis; closes: #575725, LP: #8440).
xauth no longer depends on x11-common, so we're no longer guaranteed to
have the /usr/bin/X11 symlink available. I was taking advantage of the
/usr/bin/X11 symlink to smooth X's move to /usr/bin, but this is far
enough in the past now that it's probably safe to just use /usr/bin.
|
|
|
|
3.8.1p1-1. Simon Wilkinson refused this patch since the old gssapi
mechanism was removed due to a serious security hole, and since these
versions of ssh-krb5 are no longer security-supported by Debian I don't
think there's any point keeping client compatibility for them.
|
|
we're using a source format that permits this, rather than messing
around with uudecode.
|
|
patches apply with offsets.
|
|
|
|
|
|
expected non-free SSH.
|
|
Support for this was removed in 1:4.7p1-2.
|
|
|
|
debian/rules for the benefit of those checking out the package from
revision control.
* All patches are now maintained separately and tagged according to DEP-3.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
calls. This only applied to Linux 2.2, which it's no longer feasible to
run anyway (see 1:5.2p1-2 changelog).
|
|
- Do not fall back to adding keys without contraints (ssh-add -c / -t
...) when the agent refuses the constrained add request. This was a
useful migration measure back in 2002 when constraints were new, but
just adds risk now (LP: #209447).
|
|
* Update to GSSAPI patch from
http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch.
|
|
|
|
|
|
to allow sshd to run without the Debian-specific extra version in the
initial protocol handshake (closes: #562048).
|
|
|
|
descriptor passing when running on Linux 2.0. The previous stable
release of Debian dropped support for Linux 2.4, let alone 2.0, so this
very likely has no remaining users depending on it.
|
|
|
|
|
|
- After sshd receives a SIGHUP, ignore subsequent HUPs while sshd
re-execs itself. Prevents two HUPs in quick succession from resulting
in sshd dying (LP: #497781).
|
|
|
|
|
|
|
|
|
|
/etc/ssh/sshd_config, and add UsePAM commentary from upstream-shipped
configuration file (closes: #415008, although unfortunately this will
only be conveniently visible on new installations).
|
|
#513417).
|
|
non-BSD systems (closes: #154434).
|
|
rsh, based on suggestions from Reuben Thomas (closes: #512198).
|
|
|
|
|
|
are no longer particularly feasible anyway (closes: #420682).
|
