| Age | Commit message (Collapse) | Author |
|---|
|
(i.e. before the logging system is initialised).
|
|
changes not previously backported to 4.3p2:
- 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4):
+ On portable OpenSSH, fix a GSSAPI authentication abort that could be
used to determine the validity of usernames on some platforms.
+ Implemented conditional configuration in sshd_config(5) using the
"Match" directive. This allows some configuration options to be
selectively overridden if specific criteria (based on user, group,
hostname and/or address) are met. So far a useful subset of
post-authentication options are supported and more are expected to
be added in future releases.
+ Add support for Diffie-Hellman group exchange key agreement with a
final hash of SHA256.
+ Added a "ForceCommand" directive to sshd_config(5). Similar to the
command="..." option accepted in ~/.ssh/authorized_keys, this forces
the execution of the specified command regardless of what the user
requested. This is very useful in conjunction with the new "Match"
option.
+ Add a "PermitOpen" directive to sshd_config(5). This mirrors the
permitopen="..." authorized_keys option, allowing fine-grained
control over the port-forwardings that a user is allowed to
establish.
+ Add optional logging of transactions to sftp-server(8).
+ ssh(1) will now record port numbers for hosts stored in
~/.ssh/known_hosts when a non-standard port has been requested
(closes: #50612).
+ Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a
non-zero exit code) when requested port forwardings could not be
established.
+ Extend sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments.
+ Replacement of all integer overflow susceptible invocations of
malloc(3) and realloc(3) with overflow-checking equivalents.
+ Many manpage fixes and improvements.
+ Add optional support for OpenSSL hardware accelerators (engines),
enabled using the --with-ssl-engine configure option.
+ Tokens in configuration files may be double-quoted in order to
contain spaces (closes: #319639).
+ Move a debug() call out of a SIGCHLD handler, fixing a hang when the
session exits very quickly (closes: #307890).
+ Fix some incorrect buffer allocation calculations (closes: #410599).
+ ssh-add doesn't ask for a passphrase if key file permissions are too
liberal (closes: #103677).
+ Likewise, ssh doesn't ask either (closes: #99675).
- 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6):
+ sshd now allows the enabling and disabling of authentication methods
on a per user, group, host and network basis via the Match directive
in sshd_config.
+ Fixed an inconsistent check for a terminal when displaying scp
progress meter (closes: #257524).
+ Fix "hang on exit" when background processes are running at the time
of exit on a ttyful/login session (closes: #88337).
* Update to current GSSAPI patch from
http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch;
install ChangeLog.gssapi.
|
|
[ssh-keygen.1 ssh.1]
add rfc 4716 (public key format); ok jmc
|
|
delegation (closes: #401483).
|
|
- otto@cvs.openbsd.org 2006/10/28 18:08:10
[ssh.1]
correct/expand example of usage of -w; ok jmc@ stevesk@
|
|
[ssh-keyscan.1 ssh.1]
Change "a SSH" to "an SSH". Hurray, I'm not the only one who
pronounces "SSH" as "ess-ess-aich".
OK jmc@ and stevesk@.
|
|
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
channels.h readconf.c]
add ExitOnForwardFailure: terminate the connection if ssh(1)
cannot set up all requested dynamic, local, and remote port
forwardings. ok djm, dtucker, stevesk, jmc
|
|
[clientloop.c ssh.1]
use -KR[bind_address:]port here; ok djm@
|
|
[ssh.1 ssh.c ssh_config.5 sshd_config.5]
more details and clarity for tun(4) device forwarding; ok and help
jmc@
|
|
[ssh.1]
add GSSAPI to the list of authentication methods supported;
|
|
|
|
[ssh.1]
simplify SSHFP example; ok jmc@
|
|
[ssh.1]
Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs
that OpenSSH supports
|
|
[ssh.1 ssh_config.5 sshd.8 sshd_config.5]
more consistency fixes;
|
|
[ssh.1]
remove the IETF draft references and replace them with some updated RFCs;
|
|
[ssh.1]
make this a little less ambiguous...
|
|
[ssh.1]
- typo fix
ok jmc@
|
|
[ssh.1]
remove an incorrect sentence;
reported by roumen petrov;
ok djm markus
|
|
[ssh.1]
add a section on verifying host keys in dns;
written with a lot of help from jakob;
feedback dtucker/markus;
ok markus
|
|
[scp.1 ssh.1 ssh_config.5 sftp.1]
Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
#1056 with feedback from jmc, djm and markus; ok jmc@ djm@
|
|
[ssh.1]
add a section on ssh-based vpn, based on reyk's README.tun;
|
|
[ssh.1]
correction from deraadt
|
|
[ssh.1]
back out a sentence - AUTHENTICATION already documents this;
|
|
[ssh.1]
refer to `TCP' rather than `TCP/IP' in the context of connection
forwarding;
ok markus
|
|
[ssh.1]
split sections on tcp and x11 forwarding into two sections.
add an example in the tcp section, based on sth i wrote for ssh faq;
help + ok: djm markus dtucker
|
|
[ssh.1]
final round of whacking FILES for duplicate info, and some consistency
fixes;
ok djm
|
|
- jmc@cvs.openbsd.org 2006/01/06 13:27:32
[ssh.1]
weed out some duplicate info in the known_hosts FILES entries;
ok djm
|
|
[ssh.1]
-.Xr gzip 1 ,
|
|
[ssh.1]
+.Xr ssh-keyscan 1 ,
|
|
[ssh.1]
remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
|
|
[ssh.1]
chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
entries;
ok markus
|
|
[ssh.1]
tweak the description of ~/.ssh/environment
|
|
[ssh.1]
put FILES in some sort of order: sort by pathname
|
|
[ssh.1]
use a larger width for the ENVIRONMENT list;
|
|
[ssh.1]
move FILES to a -compact list, and make each files an item in that list.
this avoids nastly line wrap when we have long pathnames, and treats
each file as a separate item;
remove the .Pa too, since it is useless.
|
|
[ssh.1]
start to cut some duplicate info from FILES;
help/ok djm
|
|
[ssh.1]
.Nm does not require an argument;
|
|
[ssh.1]
clean up ENVIRONMENT a little;
|
|
- jmc@cvs.openbsd.org 2005/12/31 10:46:17
[ssh.1]
merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
AUTHENTICATION" sections into "AUTHENTICATION";
some rewording done to make the text read better, plus some
improvements from djm;
ok djm
|
|
[ssh.1]
document -MM; ok djm@
|
|
[ssh.1]
less mark up for -c;
|
|
[ssh.1]
- sync the description of -e w/ synopsis
- simplify the description of -I
- note that -I is only available if support compiled in, and that it
isn't by default
feedback/ok djm@
|
|
[ssh.1]
expand the description of -w somewhat;
help/ok reyk
|
|
[sshd.8]
clarify precedence of -p, Port, ListenAddress; ok and help jmc@
|
|
[ssh.1]
options now described `above', rather than `later';
|
|
[ssh.1]
-L and -R descriptions are now above, not below, ~C description;
|
|
[ssh.1]
move info on ssh return values and config files up into the main
description;
|
|
[ssh.1]
.Ss -> .Sh: subsections have not made this page more readable
|
|
[ssh.1]
merge the sections on protocols 1 and 2 into one section on
authentication;
feedback djm dtucker
ok deraadt markus dtucker
|
|
[ssh.1]
signpost the protocol sections;
|
