summaryrefslogtreecommitdiff
path: root/readconf.c
AgeCommit message (Collapse)Author
2005-07-03Allow ~/.ssh/config to be group-writable, provided that the group inColin Watson
question contains only the file's owner (closes: #314347).
2005-05-30Merge 4.1p1 to the trunk.Colin Watson
2005-05-25Merge 4.0p1 to the trunk.Colin Watson
2005-03-14 - deraadt@cvs.openbsd.org 2005/03/10 22:01:05Darren Tucker
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c readconf.c bufaux.c sftp.c] spacing
2005-03-14 - dtucker@cvs.openbsd.org 2005/03/10 10:15:02Darren Tucker
[readconf.c] Check listen addresses for null, prevents xfree from dying during ClearAllForwardings (bz #996). From Craig Leres, ok markus@
2005-03-05 - djm@cvs.openbsd.org 2005/03/04 08:48:06Damien Miller
[readconf.c] fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@
2005-03-01 - djm@cvs.openbsd.org 2005/03/01 10:40:27Damien Miller
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5] [sshconnect.c sshd.8] add support for hashing host names and addresses added to known_hosts files, to improve privacy of which hosts user have been visiting; ok markus@ deraadt@
2005-03-01 - djm@cvs.openbsd.org 2005/03/01 10:09:52Damien Miller
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h] [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] [sshd_config.5] bz#413: allow optional specification of bind address for port forwardings. Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports.
2005-01-04Merge 3.9p1 to the trunk.Colin Watson
2004-07-17 - deraadt@cvs.openbsd.org 2004/07/11 17:48:47Darren Tucker
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h sshd.c ttymodes.h] spaces
2004-06-18 - djm@cvs.openbsd.org 2004/06/17 15:10:14Damien Miller
[clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5] Add option for confirmation (ControlMaster=ask) via ssh-askpass before opening shared connections; ok markus@
2004-06-15 - djm@cvs.openbsd.org 2004/06/13 15:03:02Damien Miller
[channels.c channels.h clientloop.c clientloop.h includes.h readconf.c] [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5] implement session multiplexing in the client (the server has supported this since 2.0); ok markus@
2004-06-15 - dtucker@cvs.openbsd.org 2004/05/27 00:50:13Damien Miller
[readconf.c] Kill dead code after fatal(); ok djm@
2004-05-02 - djm@cvs.openbsd.org 2004/04/27 09:46:37Darren Tucker
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c ssh_config.5 sshd_config.5] bz #815: implement ability to pass specified environment variables from the client to the server; ok markus@
2004-05-01Merge 3.8.1p1 to the trunk, minus RFC.nroff (#211640).Colin Watson
2004-04-20 - djm@cvs.openbsd.org 2004/04/18 23:10:26Damien Miller
[readconf.c readconf.h ssh-keysign.c ssh.c] perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions
2004-03-10Turn off the new ForwardX11Trusted by default, returning to the semanticsColin Watson
of 3.7 and earlier, since it seems immature and causes far too many problems with existing setups. See README.Debian for details (closes: #237021).
2004-03-08 - markus@cvs.openbsd.org 2004/03/05 10:53:58Damien Miller
[readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c] add IdentitiesOnly; ok djm@, pb@
2004-03-01Merge 3.8p1 to the trunk. This builds and runs, but I haven't tested itColin Watson
extensively yet. ProtocolKeepAlives is now just a compatibility alias for ServerAliveInterval.
2003-12-17 - markus@cvs.openbsd.org 2003/12/16 15:49:51Damien Miller
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1] [ssh.c ssh_config.5] application layer keep alive (ServerAliveInterval ServerAliveCountMax) for ssh(1), similar to the sshd(8) option; ok beck@; with help from jmc and dtucker@
2003-12-17 - markus@cvs.openbsd.org 2003/12/09 21:53:37Damien Miller
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1] [ssh_config.5 sshconnect.c sshd.c sshd_config.5] rename keepalive to tcpkeepalive; the old name causes too much confusion; ok djm, dtucker; with help from jmc@
2003-11-17 - jakob@cvs.openbsd.org 2003/11/12 16:39:58Damien Miller
[dns.c dns.h readconf.c ssh_config.5 sshconnect.c] update SSHFP validation. ok markus@
2003-10-15 - jakob@cvs.openbsd.org 2003/10/14 19:42:10Darren Tucker
[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c] include SSHFP lookup code (not enabled by default). ok markus@
2003-10-15 - markus@cvs.openbsd.org 2003/10/11 08:24:08Darren Tucker
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5] remote x11 clients are now untrusted by default, uses xauth(8) to generate untrusted cookies; ForwardX11Trusted=yes restores old behaviour. ok deraadt; feedback and ok djm/fries
2003-10-15 - markus@cvs.openbsd.org 2003/10/08 15:21:24Darren Tucker
[readconf.c ssh_config.5] default GSS API to no in client, too; ok jakob, deraadt@
2003-09-23Merge 3.7.1p2 to the trunk. I have absolutely no idea yet whether this willColin Watson
work.
2003-09-02 - markus@cvs.openbsd.org 2003/09/01 18:15:50Damien Miller
[readconf.c readconf.h servconf.c servconf.h ssh.c] remove unused kerberos code; ok henning@
2003-09-02 - markus@cvs.openbsd.org 2003/09/01 12:50:46Damien Miller
[readconf.c] rm gssapidelegatecreds alias; never supported before
2003-09-02 - markus@cvs.openbsd.org 2003/08/28 12:54:34Damien Miller
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-01Debian release 3.6.1p2-5.Colin Watson
2003-09-01Debian release 3.6.1p1-1.Colin Watson
2003-09-01Debian release 3.6p1-1.Colin Watson
2003-09-01Debian release 3.5p1-1.Colin Watson
2003-09-01Debian release 3.4p1-1.Colin Watson
2003-08-26 - markus@cvs.openbsd.org 2003/08/22 10:56:09Darren Tucker
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
2003-08-13 - markus@cvs.openbsd.org 2003/08/13 09:07:10Darren Tucker
[readconf.c ssh.c] socks4->socks, since with support both 4 and 5; dtucker@zip.com.au
2003-08-13 - markus@cvs.openbsd.org 2003/08/13 08:46:31Darren Tucker
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5] remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others
2003-08-02 - (dtucker) OpenBSD CVS SyncDarren Tucker
- markus@cvs.openbsd.org 2003/07/22 13:35:22 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. I hope I got this right....
2003-07-03 - djm@cvs.openbsd.org 2003/07/03 08:09:06Darren Tucker
[readconf.c readconf.h ssh-keysign.c ssh.c] fix AddressFamily option in config file, from brent@graveland.net; ok markus@
2003-06-28 - markus@cvs.openbsd.org 2003/06/26 20:08:33Darren Tucker
[readconf.c] do not dump core for 'ssh -o proxycommand host'; ok deraadt@
2003-05-18 - djm@cvs.openbsd.org 2003/05/16 03:27:12Damien Miller
[readconf.c ssh_config ssh_config.5 ssh-keysign.c] add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
2003-05-16 - djm@cvs.openbsd.org 2003/05/15 14:55:25Damien Miller
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c] add a ConnectTimeout option to ssh, based on patch from Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
2003-05-16 - jakob@cvs.openbsd.org 2003/05/15 14:02:47Damien Miller
[readconf.c servconf.c] warn for unsupported config option. ok markus@
2003-05-15 - jakob@cvs.openbsd.org 2003/05/15 04:08:44Damien Miller
[readconf.c servconf.c] disable kerberos when not supported. ok markus@
2003-05-15 - jakob@cvs.openbsd.org 2003/05/15 01:48:10Damien Miller
[readconf.c readconf.h servconf.c servconf.h] always parse kerberos options. ok djm@ markus@ - (djm) Always parse UsePAM
2003-05-15 - jakob@cvs.openbsd.org 2003/05/14 18:16:20Damien Miller
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c] [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c] add experimental support for verifying hos keys using DNS as described in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
2003-05-14 - (djm) OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2003/04/09 12:00:37 [readconf.c] strip trailing whitespace from config lines before parsing. Fixes bz 528; ok markus@
2003-04-09 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/04/02 09:48:07 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] reapply rekeying chage, tested by henning@, ok djm@
2003-04-01 - markus@cvs.openbsd.org 2003/04/01 10:10:23Damien Miller
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] rekeying bugfixes and automatic rekeying: * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying - markus@cvs.openbsd.org 2003/04/01 10:22:21 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] backout rekeying changes (for 3.6.1)
2003-02-24 - markus@cvs.openbsd.org 2003/02/05 09:02:28Damien Miller
[readconf.c] simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@