Age | Commit message (Collapse) | Author |
|
- djm@cvs.openbsd.org 2003/04/09 12:00:37
[readconf.c]
strip trailing whitespace from config lines before parsing.
Fixes bz 528; ok markus@
|
|
- markus@cvs.openbsd.org 2003/04/02 09:48:07
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
reapply rekeying chage, tested by henning@, ok djm@
|
|
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
- markus@cvs.openbsd.org 2003/04/01 10:22:21
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
backout rekeying changes (for 3.6.1)
|
|
[readconf.c]
simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@
|
|
[readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
because HostbasedAuthentication might be enabled based on the
target host and ssh-keysign(8) does not know the remote hostname
and not trust ssh(1) about the hostname, so we add a new option
EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
|
lacking that concept can share it. Patch by vinschen@redhat.com
|
|
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
xmalloc.h]
KNF done automatically while reading....
|
|
[readconf.c ssh.1]
change RhostsRSAAuthentication and RhostsAuthentication default to no
since ssh is no longer setuid root by default; ok markus@
|
|
[readconf.c]
silently ignore deprecated options, since FallBackToRsh might be passed
by remote scp commands.
|
|
[readconf.c]
just warn about Deprecated options for now
|
|
[readconf.c readconf.h ssh.1 ssh.c]
deprecate FallBackToRsh and UseRsh; patch from djm@
|
|
[log.c log.h readconf.c servconf.c]
add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
|
|
[readconf.c servconf.c]
remove #ifdef _PATH_XAUTH/#endif; ok markus@
|
|
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
|
|
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
enum/int type cleanup where it made sense to do so; ok markus@
|
|
[readconf.c readconf.h ssh.1 sshconnect.c]
add NoHostAuthenticationForLocalhost; note that the hostkey is
now check for localhost, too.
|
|
[readconf.c readconf.h scp.c sftp.c ssh.1]
add ClearAllForwardings ssh option and set it in scp and sftp; ok
markus@
|
|
[readconf.c readconf.h ssh.c]
fatal() for nonexistent -Fssh_config. ok markus@
|
|
[readconf.c ssh.1]
validate ports for LocalForward/RemoteForward.
add host/port alternative syntax for IPv6 (like -L/-R).
ok markus@
|
|
[readconf.c]
don't set DynamicForward unless Host matches
|
|
|
|
[authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c
ssh-agent.c ssh.c]
use strings instead of ints for smartcard reader ids
|
|
[readconf.c readconf.h ssh.1 ssh.c]
add 'SmartcardDevice' client option to specify which smartcard device
is used to access a smartcard used for storing the user's private RSA
key. ok markus@.
|
|
[readconf.c ssh.1 ssh.c sshconnect.c]
cleanup connect(); connection_attempts 4 -> 1; from
eivind@freebsd.org
|
|
[readconf.c ssh.1]
enable challenge-response auth by default; ok millert@
|
|
[sshpty.c]
update comment
|
|
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
servconf.c servconf.h session.c sshconnect1.c sshd.c]
Kerberos v5 support for SSH1, mostly from Assar Westerlund
<assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
|
|
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
get rid of known_hosts2, use it for hostkey lookup, but do not
modify.
|
|
[includes.h pathnames.h readconf.c servconf.c]
move the path for xauth to pathnames.h
|
|
[clientloop.c readconf.c ssh.c ssh.h]
don't perform escape processing when ``EscapeChar none''; ok markus@
|
|
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
improved kbd-interactive support. work by per@appgate.com and me
|
|
[readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
implement 'ssh -b bind_address' like 'telnet -b'
|
|
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
|
|
[readconf.c servconf.c]
use fatal() or error() vs. fprintf(); ok markus@
|
|
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
robust port validation; ok markus@ jakob@
|
|
[readconf.c]
typo
|
|
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
sshconnect2.c sshd_config]
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)
|
|
[buffer.c channels.c channels.h readconf.c ssh.c]
allow the ssh client act as a SOCKS4 proxy (dynamic local
portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me.
thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
netscape use localhost:1080 as a socks proxy.
|
|
[readconf.c servconf.c]
correct comment; ok markus@
|
|
- markus@cvs.openbsd.org 2001/03/20 19:10:16
[readconf.c]
default to SSH protocol version 2
|
|
[auth.c readconf.c]
undo /etc/shell and proto 2,1 change for openssh-2.5.2
|
|
[kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
add PreferredAuthentications
|
|
[readconf.c ssh_config]
default to SSH2, now that m68k runs fast
|
|
- markus@cvs.openbsd.org 2001/03/08 00:15:48
[readconf.c ssh.1]
turn off useprivilegedports by default. only rhost-auth needs
this. older sshd's may need this, too.
|
|
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
ssh.c sshconnect.c sshd.c]
log functions should not be passed strings that end in newline as they
get passed on to syslog() and when logging to stderr, do_log() appends
its own newline.
|
|
[readconf.c]
look for id_rsa by default, before id_dsa
|
|
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
1) clean up the MAC support for SSH-2
2) allow you to specify the MAC with 'ssh -m'
3) or the 'MACs' keyword in ssh(d)_config
4) add hmac-{md5,sha1}-96
ok stevesk@, provos@
|
|
[readconf.c]
snprintf
|
|
[readconf.c]
``StrictHostKeyChecking ask'' documentation and small cleanup.
ok markus@
|
|
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
sshconnect1.c sshconnect2.c sshd.c]
rename skey -> challenge response.
auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
|