Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-07-29 | debian/openssh-server.if-up: Don't block on a finished reload of openssh.service | Martin Pitt | |
This avoids deadlocking with restarting networking. LP: #1584393 | |||
2016-07-29 | Add systemd user unit for graphical sessions that use systemd | Martin Pitt | |
Override the corresponding upstart job in that case. | |||
2016-07-29 | Add debian/agent-launch: Helper script for conditionally starting the SSH ↵ | Martin Pitt | |
agent in the user session Use it in ssh-agent.user-session.upstart. This will also be used in a corresponding systemd user unit. This replaces the backgrounded "ssh-agent -s" with a foreground task which works more nicely with modern init systems for logging/debugging and starting/stopping. Also use a fixed socket file name in $XDG_RUNTIME_DIR -- under both upstart and systemd we can assume this, and it allows restarting the service in a running session. | |||
2016-07-29 | Stop enabling ssh-session-cleanup.service by default; instead, ship it as an ↵ | Colin Watson | |
example and add a section to README.Debian. libpam-systemd >= 230 and "UsePAM yes" should take care of the original problem for most systemd users (thanks, Michael Biebl; closes: #832155). | |||
2016-07-23 | releasing package openssh version 1:7.2p2-7 | Colin Watson | |
2016-07-23 | Add note about upgrade problems. | Colin Watson | |
2016-07-23 | Recommend libpam-systemd from openssh-server. It's a much better solution ↵ | Colin Watson | |
than the above for systemd users, but I'm wary of depending on it in case I cause an assortment of exciting dependency problems on upgrade for non-systemd users. | |||
2016-07-23 | Don't stop the ssh-session-cleanup service on upgrade (closes: #832155). | Colin Watson | |
2016-07-22 | releasing package openssh version 1:7.2p2-6 | Colin Watson | |
2016-07-22 | Fix typo. | Colin Watson | |
2016-07-22 | Stop generating DSA host keys by default (thanks, Santiago Vila; closes: ↵ | Colin Watson | |
#823827). | |||
2016-07-22 | Add a session cleanup script and a systemd unit file to trigger it, which ↵ | Colin Watson | |
serves to terminate SSH sessions cleanly if systemd doesn't do that itself, often because libpam-systemd is not installed (thanks, Vivek Das Mohapatra, Tom Hutter, and others; closes: #751636). | |||
2016-07-22 | Backport upstream patch to close ControlPersist background process stderr ↵ | Colin Watson | |
when not in debug mode or when logging to a file or syslog (closes: #714526). | |||
2016-07-22 | Close #831902. | Colin Watson | |
2016-07-22 | CVE-2016-6210: Mitigate user enumeration via covert timing channel. | Colin Watson | |
2016-06-06 | Retroactively add a NEWS.Debian entry for the UseDNS change in 6.9 (see LP ↵ | Colin Watson | |
#1588457). | |||
2016-05-16 | Set SSH_PROGRAM=/usr/bin/ssh1 when building openssh-client-ssh1 so that scp1 ↵ | Colin Watson | |
works (reported by Olivier MATZ). | |||
2016-05-03 | Copy summary of supported SFTP protocol versions from upstream's PROTOCOL ↵ | Colin Watson | |
file into the openssh-sftp-server package description (closes: #766887). | |||
2016-04-30 | debian/watch: Switch to HTTP (thanks, Nicholas Luedtke; closes: #822997). | Colin Watson | |
2016-04-28 | releasing package openssh version 1:7.2p2-5 | Colin Watson | |
2016-04-28 | Backport upstream patch to unbreak authentication using lone certificate ↵ | Colin Watson | |
keys in ssh-agent: when attempting pubkey auth with a certificate, if no separate private key is found among the keys then try with the certificate key itself (thanks, Paul Querna; LP: #1575961). | |||
2016-04-15 | releasing package openssh version 1:7.2p2-4 | Colin Watson | |
2016-04-15 | Policy version 3.9.7: no changes required. | Colin Watson | |
2016-04-15 | Drop dependency on libnss-files-udeb (closes: #819686). | Colin Watson | |
2016-04-13 | releasing package openssh version 1:7.2p2-3 | Colin Watson | |
2016-04-13 | CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes. | Colin Watson | |
2016-04-06 | Fill in CVE-2016-3115 identifier. | Colin Watson | |
2016-04-03 | Change all openssh.org references to openssh.com (closes: #819213). | Colin Watson | |
2016-03-21 | releasing package openssh version 1:7.2p2-2 | Colin Watson | |
2016-03-21 | Fix kexgss_server to cope with DH_GRP_MIN/DH_GRP_MAX being stricter on the ↵ | Colin Watson | |
server end than the client (thanks, Damien Miller; closes: #817870, LP: #1558576). | |||
2016-03-10 | releasing package openssh version 1:7.2p2-1 | Colin Watson | |
2016-03-10 | New upstream release (7.2p2). | Colin Watson | |
2016-03-10 | releasing package openssh version 1:7.2p1-1 | Colin Watson | |
2016-03-08 | New upstream release (7.2). | Colin Watson | |
2016-01-27 | Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb. | Colin Watson | |
2016-01-17 | releasing package openssh version 1:7.1p2-2 | Colin Watson | |
2016-01-17 | Remove protocol 1 host key generation from openssh-server.postinst (closes: ↵ | Colin Watson | |
#811265). | |||
2016-01-17 | releasing package openssh version 1:7.1p2-1 | Colin Watson | |
2016-01-14 | New upstream release (7.1p2). | Colin Watson | |
2016-01-04 | releasing package openssh version 1:7.1p1-6 | Colin Watson | |
2016-01-04 | Shuffle PROPOSAL_KEX_ALGS mangling for GSSAPI key exchange a little later in ↵ | Colin Watson | |
ssh_kex2 so that it's actually effective (closes: #809696). | |||
2016-01-04 | Allow authenticating as root using gssapi-keyex even with "PermitRootLogin ↵ | Colin Watson | |
prohibit-password" (closes: #809695). | |||
2016-01-04 | Don't call sd_notify when sshd is re-execed (closes: #809035). | Michael Biebl | |
2016-01-04 | Remove explicit "XS-Testsuite: autopkgtest" from debian/control; dpkg-source ↵ | Colin Watson | |
now figures that out automatically based on the existence of debian/tests/control. | |||
2015-12-21 | releasing package openssh version 1:7.1p1-5 | Colin Watson | |
2015-12-21 | Add systemd readiness notification support (closes: #778913). | Michael Biebl | |
2015-12-15 | releasing package openssh version 1:7.1p1-4 | Colin Watson | |
2015-12-15 | Backport upstream patch to unbreak connections with peers that set ↵ | Colin Watson | |
first_kex_follows (LP: #1526357). | |||
2015-12-10 | releasing package openssh version 1:7.1p1-3 | Colin Watson | |
2015-12-10 | Redirect regression test input from /dev/zero, since otherwise conch will ↵ | Colin Watson | |
immediately send EOF. |