Age | Commit message (Collapse) | Author |
|
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
sshd.c ttymodes.h]
spaces
|
|
[servconf.c servconf.h sshd.c]
re-exec sshd on accept(); initial work, final debugging and ok markus@
|
|
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
Add MaxAuthTries sshd config option; ok markus@
|
|
[auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c
tildexpand.c], removed: sshtty.h tildexpand.h
make two tiny header files go away; djm ok
|
|
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
ssh_config.5 sshd_config.5]
bz #815: implement ability to pass specified environment variables from
the client to the server; ok markus@
|
|
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
include kafs.h unless necessary. From deengert at anl.gov.
For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
|
|
Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@
|
|
[servconf.c servconf.h session.c sshd_config]
implement KerberosGetAFSToken server option. ok markus@, beck@
|
|
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
|
|
[servconf.c sshd_config]
GSSAPICleanupCreds -> GSSAPICleanupCredentials
|
|
- (djm) Fix SSH1 challenge kludge
- (djm) Bug #671: Fix builds on OpenBSD
- (djm) Bug #676: Fix PAM stack corruption
- (djm) Fix bad free() in PAM code
- (djm) Don't call pam_end before pam_init
- (djm) Enable build with old OpenSSL again
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
|
[readconf.c readconf.h servconf.c servconf.h ssh.c]
remove unused kerberos code; ok henning@
|
|
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
|
|
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
|
|
as deprecated. Remove mention from README.privsep. Patch from
aet AT cc.hut.fi
|
|
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
|
|
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
|
|
simon@sxw.org.uk (Also matches a change in OpenBSD a while ago)
|
|
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
|
|
|
|
[readconf.c servconf.c]
warn for unsupported config option. ok markus@
|
|
|
|
[readconf.c servconf.c]
disable kerberos when not supported. ok markus@
|
|
[readconf.c readconf.h servconf.c servconf.h]
always parse kerberos options. ok djm@ markus@
- (djm) Always parse UsePAM
|
|
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
|
|
|
|
|
|
[servconf.c]
print sshd_config filename in debug2 mode.
|
|
- stevesk@cvs.openbsd.org 2002/09/04 18:52:42
[servconf.c sshd.8 sshd_config.5]
default LoginGraceTime to 2m; 1m may be too short for slow systems.
ok markus@
|
|
[servconf.c sshd.8 sshd_config sshd_config.5]
change LoginGraceTime default to 1 minute; ok mouring@ markus@
|
|
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
add PermitUserEnvironment (off by default!); from dot@dotat.at;
ok provos, deraadt
|
|
openbsd-compat/Makefile.in] support compression on platforms that
have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c
Based on patch from nalin@redhat.com of code extracted from Owl's package
|
|
Post 'event' we will add more options.
|
|
[bufaux.c servconf.c]
minor KNF. things the fingers do while you read
|
|
useprivilegeseparation=yes and compression=yes
|
|
[servconf.c servconf.h session.c sshd.c]
allow Compression=yes/no in sshd_config
|
|
[servconf.c sshd.8 sshd_config]
re-enable privsep and disable setuid for post-3.2.2
|
|
[servconf.c sshd.8 sshd_config]
disable privsep and enable setuid for the 3.2.2 release
|
|
[servconf.c sshd.8 sshd_config]
enable privsep by default; provos ok
(historical)
|
|
[servconf.c sshd.8 sshd_config]
do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
|
|
- deraadt@cvs.openbsd.org 2002/04/20 09:02:03
[servconf.c]
No, afs requires explicit enabling
|
|
|
|
[servconf.c servconf.h ssh.h sshd.c]
for unprivileged user, group do:
pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
|
|
[pathnames.h servconf.c servconf.h sshd.c]
_PATH_PRIVSEP_CHROOT_DIR; ok provos@
|
|
[servconf.c]
UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
provos@
|
|
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
|
|
revert
|
|
PAM, Cygwin and OSF SIA will not work for sure
|
|
[log.c log.h readconf.c servconf.c]
add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
|
|
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|