Age | Commit message (Collapse) | Author |
|
[servconf.c sshd.8 sshd_config]
re-enable privsep and disable setuid for post-3.2.2
|
|
[servconf.c sshd.8 sshd_config]
disable privsep and enable setuid for the 3.2.2 release
|
|
[servconf.c sshd.8 sshd_config]
enable privsep by default; provos ok
(historical)
|
|
[servconf.c sshd.8 sshd_config]
do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
|
|
- deraadt@cvs.openbsd.org 2002/04/20 09:02:03
[servconf.c]
No, afs requires explicit enabling
|
|
|
|
[servconf.c servconf.h ssh.h sshd.c]
for unprivileged user, group do:
pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
|
|
[pathnames.h servconf.c servconf.h sshd.c]
_PATH_PRIVSEP_CHROOT_DIR; ok provos@
|
|
[servconf.c]
UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
provos@
|
|
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
|
|
revert
|
|
PAM, Cygwin and OSF SIA will not work for sure
|
|
[log.c log.h readconf.c servconf.c]
add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
|
|
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
|
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
add X11UseLocalhost; ok markus@
|
|
[servconf.c]
typo in error message; from djast@cs.toronto.edu
|
|
[servconf.c sshd.8]
protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
/etc/ssh_host_dsa_key like we have in sshd_config. ok markus@
|
|
[readconf.c servconf.c]
remove #ifdef _PATH_XAUTH/#endif; ok markus@
|
|
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
|
|
[servconf.c servconf.h sshd.8 sshd.c]
add -o to sshd, too. ok deraadt@
- (bal) Minor white space fix up in servconf.c
|
|
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
minor KNF
|
|
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
enum/int type cleanup where it made sense to do so; ok markus@
|
|
[servconf.c]
enable authorized_keys2 again. tested by fries@
|
|
This should help reduce diff collisions for new server options (as they
will appear at the end)
|
|
[servconf.c]
make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if AuthorizedKeysFile is specified.
|
|
[servconf.c servconf.h session.c sshd.8]
deprecate CheckMail. ok markus@
|
|
[servconf.c]
make it compilable in all 4 combination of KRB4/KRB5 settings.
dugsong ok
XXX isn't it sensitive to the order of -I/usr/include/kerberosIV and
-I/usr/include/kerberosV?
|
|
- stevesk@cvs.openbsd.org 2001/07/08 15:23:38
[servconf.c]
fix ``MaxStartups max''; ok markus@
|
|
|
|
[servconf.c]
#include <kafs.h>
|
|
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
servconf.c servconf.h session.c sshconnect1.c sshd.c]
Kerberos v5 support for SSH1, mostly from Assar Westerlund
<assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
|
|
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
readpass.c scp.c servconf.c serverloop.c session.c sftp.c
sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
ssh-keygen.c ssh-keyscan.c]
more strict prototypes. raise warning level in Makefile.inc.
markus ok'ed
TODO; cleanup headers
|
|
[includes.h pathnames.h readconf.c servconf.c]
move the path for xauth to pathnames.h
|
|
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
sshd_config]
configurable authorized_keys{,2} location; originally from peter@;
ok djm@
|
|
[misc.c misc.h servconf.c sshd.8 sshd.c]
sshd command-line arguments and configuration file options that
specify time may be expressed using a sequence of the form:
time[qualifier], where time is a positive integer value and qualifier
is one of the following:
<none>,s,m,h,d,w
Examples:
600 600 seconds (10 minutes)
10m 10 minutes
1h30m 1 hour 30 minutes (90 minutes)
ok markus@
|
|
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
improved kbd-interactive support. work by per@appgate.com and me
|
|
[servconf.c]
remove "\n" from fatal()
|
|
(default: off), implies KbdInteractiveAuthentication. Suggestion from
markus@
|
|
[readconf.c servconf.c]
use fatal() or error() vs. fprintf(); ok markus@
|
|
[channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
Add options ClientAliveInterval and ClientAliveCountMax to sshd.
This gives the ability to do a "keepalive" via the encrypted channel
which can't be spoofed (unlike TCP keepalives). Useful for when you want
to use ssh connections to authenticate people for something, and know
relatively quickly when they are no longer authenticated. Disabled
by default (of course). ok markus@
|
|
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
robust port validation; ok markus@ jakob@
|
|
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
sshconnect2.c sshd_config]
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)
|
|
[servconf.c]
in addition to:
ListenAddress host|ipv4_addr|ipv6_addr
permit:
ListenAddress [host|ipv4_addr|ipv6_addr]:port
ListenAddress host|ipv4_addr:port
sshd.8 updates coming. ok markus@
|
|
[readconf.c servconf.c]
correct comment; ok markus@
|
|
[servconf.c servconf.h session.c sshd.8 sshd_config]
PrintLastLog option; from chip@valinux.com with some minor
changes by me. ok markus@
|
|
[servconf.c]
sync error message; ok markus@
|
|
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
ssh.c sshconnect.c sshd.c]
log functions should not be passed strings that end in newline as they
get passed on to syslog() and when logging to stderr, do_log() appends
its own newline.
|
|
[servconf.c sshd.8]
kill obsolete RandomSeed; ok markus@ deraadt@
|
|
[servconf.c]
grammar; slade@shore.net
|
|
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
ssh-keygen.c sshd.8]
PermitRootLogin={yes,without-password,forced-commands-only,no}
(before this change, root could login even if PermitRootLogin==no)
|