summaryrefslogtreecommitdiff
path: root/servconf.c
AgeCommit message (Collapse)Author
2006-03-26 - djm@cvs.openbsd.org 2006/03/19 02:24:05Damien Miller
[dh.c readconf.c servconf.c] potential NULL pointer dereferences detected by Coverity via elad AT netbsd.org; ok deraadt@
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
2005-12-13 - reyk@cvs.openbsd.org 2005/12/08 18:34:11Damien Miller
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c] [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] two changes to the new ssh tunnel support. this breaks compatibility with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@
2005-12-13 - reyk@cvs.openbsd.org 2005/12/06 22:38:28Damien Miller
[auth-options.c auth-options.h channels.c channels.h clientloop.c] [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] [sshconnect.h sshd.8 sshd_config sshd_config.5] Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-08-12 - dtucker@cvs.openbsd.org 2005/08/06 10:03:12Damien Miller
[servconf.c] Unbreak sshd ListenAddress for bare IPv6 addresses.
2005-07-26 - markus@cvs.openbsd.org 2005/07/25 11:59:40Damien Miller
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] [sshconnect2.c sshd.c sshd_config sshd_config.5] add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
2005-06-17 - djm@cvs.openbsd.org 2005/06/17 02:44:33Damien Miller
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean
2005-05-26 - markus@cvs.openbsd.org 2005/05/16 15:30:51Damien Miller
[readconf.c servconf.c] check return value from strdelim() for NULL (AddressFamily); mpech
2005-03-14 - deraadt@cvs.openbsd.org 2005/03/10 22:01:05Darren Tucker
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c readconf.c bufaux.c sftp.c] spacing
2005-03-01 - djm@cvs.openbsd.org 2005/03/01 10:09:52Damien Miller
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h] [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] [sshd_config.5] bz#413: allow optional specification of bind address for port forwardings. Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports.
2005-01-20 - djm@cvs.openbsd.org 2004/12/23 23:11:00Darren Tucker
[servconf.c servconf.h sshd.c sshd_config sshd_config.5] bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz; ok deraadt@
2004-08-13 - dtucker@cvs.openbsd.org 2004/08/13 11:09:24Darren Tucker
[servconf.c] Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr ok markus@, djm@
2004-08-12 - dtucker@cvs.openbsd.org 2004/08/11 11:09:54Darren Tucker
[servconf.c] Fix minor leak; "looks right" deraadt@
2004-07-17 - deraadt@cvs.openbsd.org 2004/07/11 17:48:47Darren Tucker
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h sshd.c ttymodes.h] spaces
2004-06-25 - djm@cvs.openbsd.org 2004/06/24 19:30:54Darren Tucker
[servconf.c servconf.h sshd.c] re-exec sshd on accept(); initial work, final debugging and ok markus@
2004-05-24 - dtucker@cvs.openbsd.org 2004/05/23 23:59:53Darren Tucker
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5] Add MaxAuthTries sshd config option; ok markus@
2004-05-13 - deraadt@cvs.openbsd.org 2004/05/08 00:01:37Darren Tucker
[auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c tildexpand.c], removed: sshtty.h tildexpand.h make two tiny header files go away; djm ok
2004-05-02 - djm@cvs.openbsd.org 2004/04/27 09:46:37Darren Tucker
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c ssh_config.5 sshd_config.5] bz #815: implement ability to pass specified environment variables from the client to the server; ok markus@
2004-01-23 - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]Darren Tucker
Change AFS symbol to USE_AFS to prevent namespace collisions, do not include kafs.h unless necessary. From deengert at anl.gov. For consistency, all of the libkafs bits are now inside "#if defined(KRB5) && defined(USE_AFS)".
2004-01-05 - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]Darren Tucker
Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@
2003-12-31 - jakob@cvs.openbsd.org 2003/12/23 16:12:10Darren Tucker
[servconf.c servconf.h session.c sshd_config] implement KerberosGetAFSToken server option. ok markus@, beck@
2003-12-17 - markus@cvs.openbsd.org 2003/12/09 21:53:37Damien Miller
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1] [ssh_config.5 sshconnect.c sshd.c sshd_config.5] rename keepalive to tcpkeepalive; the old name causes too much confusion; ok djm, dtucker; with help from jmc@
2003-10-02 - markus@cvs.openbsd.org 2003/09/29 20:19:57Darren Tucker
[servconf.c sshd_config] GSSAPICleanupCreds -> GSSAPICleanupCredentials
2003-09-23 - (djm) Sync with V_3_7 branch:Damien Miller
- (djm) Fix SSH1 challenge kludge - (djm) Bug #671: Fix builds on OpenBSD - (djm) Bug #676: Fix PAM stack corruption - (djm) Fix bad free() in PAM code - (djm) Don't call pam_end before pam_init - (djm) Enable build with old OpenSSL again - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2003-09-02 - markus@cvs.openbsd.org 2003/09/01 18:15:50Damien Miller
[readconf.c readconf.h servconf.c servconf.h ssh.c] remove unused kerberos code; ok henning@
2003-09-02 - markus@cvs.openbsd.org 2003/08/28 12:54:34Damien Miller
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-08-26 - markus@cvs.openbsd.org 2003/08/22 10:56:09Darren Tucker
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
2003-08-26 - (djm) Bug #629: Mark ssh_config option "pamauthenticationviakbdint"Damien Miller
as deprecated. Remove mention from README.privsep. Patch from aet AT cc.hut.fi
2003-08-13 - markus@cvs.openbsd.org 2003/08/13 08:46:31Darren Tucker
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5] remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others
2003-08-02 - (dtucker) OpenBSD CVS SyncDarren Tucker
- markus@cvs.openbsd.org 2003/07/22 13:35:22 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. I hope I got this right....
2003-06-04 - (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch fromDamien Miller
simon@sxw.org.uk (Also matches a change in OpenBSD a while ago)
2003-06-03 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-05-16 - (djm) Add warning for UsePAM when built without PAM supportDamien Miller
2003-05-16 - jakob@cvs.openbsd.org 2003/05/15 14:02:47Damien Miller
[readconf.c servconf.c] warn for unsupported config option. ok markus@
2003-05-15 - (djm) Enable UsePAM when built --with-pamDamien Miller
2003-05-15 - jakob@cvs.openbsd.org 2003/05/15 04:08:44Damien Miller
[readconf.c servconf.c] disable kerberos when not supported. ok markus@
2003-05-15 - jakob@cvs.openbsd.org 2003/05/15 01:48:10Damien Miller
[readconf.c readconf.h servconf.c servconf.h] always parse kerberos options. ok djm@ markus@ - (djm) Always parse UsePAM
2003-05-14 - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller
over usage of PAM. This allows non-root use of sshd when built with --with-pam
2003-05-14 - (djm) RCSID sync w/ OpenBSDDamien Miller
2003-04-09*** empty log message ***Damien Miller
2003-02-24 - markus@cvs.openbsd.org 2003/02/21 09:05:53Damien Miller
[servconf.c] print sshd_config filename in debug2 mode.
2002-09-05 - (djm) OpenBSD CVS SyncDamien Miller
- stevesk@cvs.openbsd.org 2002/09/04 18:52:42 [servconf.c sshd.8 sshd_config.5] default LoginGraceTime to 2m; 1m may be too short for slow systems. ok markus@
2002-09-04 - stevesk@cvs.openbsd.org 2002/08/21 19:38:06Damien Miller
[servconf.c sshd.8 sshd_config sshd_config.5] change LoginGraceTime default to 1 minute; ok mouring@ markus@
2002-08-01 - markus@cvs.openbsd.org 2002/07/30 17:03:55Ben Lindstrom
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5] add PermitUserEnvironment (off by default!); from dot@dotat.at; ok provos, deraadt
2002-07-14 (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.cTim Rice
openbsd-compat/Makefile.in] support compression on platforms that have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c Based on patch from nalin@redhat.com of code extracted from Owl's package
2002-06-25 - (bal) if mmap() is substandard, don't allow compression on server side.Ben Lindstrom
Post 'event' we will add more options.
2002-06-23 - deraadt@cvs.openbsd.org 2002/06/23 09:46:51Ben Lindstrom
[bufaux.c servconf.c] minor KNF. things the fingers do while you read
2002-06-21 - (djm) Warn and disable compression on platforms which can't handle bothDamien Miller
useprivilegeseparation=yes and compression=yes
2002-06-21 - markus@cvs.openbsd.org 2002/06/20 23:05:56Ben Lindstrom
[servconf.c servconf.h session.c sshd.c] allow Compression=yes/no in sshd_config
2002-06-06 - markus@cvs.openbsd.org 2002/05/15 21:56:38Ben Lindstrom
[servconf.c sshd.8 sshd_config] re-enable privsep and disable setuid for post-3.2.2