Age | Commit message (Collapse) | Author |
|
[readconf.c readconf.h ssh-keysign.c ssh.c]
perform strict ownership and modes checks for ~/.ssh/config files,
as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
|
[ssh.c sshd.c]
ssh, sshd: sync version output, ok djm
|
|
[ssh.c]
trim usage to match ssh(1) and look more like unix. ok djm@
|
|
[ssh.c]
increase x11 cookie lifetime to 20 minutes; ok djm
|
|
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
[ssh.c ssh_config.5]
application layer keep alive (ServerAliveInterval ServerAliveCountMax)
for ssh(1), similar to the sshd(8) option; ok beck@; with help from
jmc and dtucker@
|
|
[ssh.c]
don't modify argv for ssh -o; similar to sshd.c 1.283
|
|
[ssh.1 ssh.c]
Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@
|
|
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
|
|
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
remote x11 clients are now untrusted by default, uses xauth(8) to generate
untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
ok deraadt; feedback and ok djm/fries
|
|
[readconf.c readconf.h servconf.c servconf.h ssh.c]
remove unused kerberos code; ok henning@
|
|
-lbroken; ok dtucker
|
|
[readconf.c ssh.c]
socks4->socks, since with support both 4 and 5; dtucker@zip.com.au
|
|
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
|
|
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
|
|
[ssh.c sshd.c]
don't exit on multiple -v or -d; ok deraadt@
|
|
[readconf.c readconf.h ssh-keysign.c ssh.c]
fix AddressFamily option in config file, from brent@graveland.net;
ok markus@
|
|
[ssh.c]
convert hostkeyalias to lowercase, otherwise uppercase aliases will
not match at all; ok henning@
|
|
[scard.c scard.h ssh-agent.c ssh.c]
add sc_get_key_label; larsch at trustcenter.de; bugzilla#591
|
|
|
|
- djm@cvs.openbsd.org 2003/05/15 13:52:10
[ssh.c]
Make "ssh -V" print the OpenSSL version in a human readable form. Patch
from Craig Leres (mindrot at ee.lbl.gov); ok markus@
|
|
|
|
[channels.c clientloop.c serverloop.c session.c ssh.c]
make channel_new() strdup the 'remote_name' (not the caller); ok theo
|
|
|
|
|
|
[ssh.c ssh_config.5]
support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@
|
|
[ssh.c]
Avoid setting optind to 0 as GNU getopt treats that like we do optreset.
markus@ OK
|
|
[scp.c sftp.c ssh.c]
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp;
http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
|
[ssh.c]
debug->debug2
|
|
[ssh.c sshconnect.c]
bugzilla.mindrot.org #223 - ProxyCommands don't exit.
Patch from dtucker@zip.com.au; ok markus@
|
|
[authfd.c authfd.h ssh.c]
don't connect to agent to test for presence if we've previously
connected; ok markus@
|
|
[ssh.c]
shrink initial privilege bracket for setuid case; ok markus@
|
|
[ssh.1 ssh.c]
deprecate -P as UsePrivilegedPort defaults to no now; ok markus@
|
|
[ssh.c]
display a warning from ssh when XAuthLocation does not exist or xauth
returned no authentication data. ok markus@
|
|
[ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
re-enable ssh-keysign's sbit, but make ssh-keysign read
/etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
globally. based on discussions with deraadt, itojun and sommerfeld;
ok itojun@
|
|
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
sshconnect2.c sshd.c]
minor KNF
|
|
[ssh.c]
ssh_connect returns 0 on success
|
|
[ssh.c]
remove unused cruft.
|
|
vinschen@redhat.com
|
|
[ssh.c sshconnect.c sshconnect.h]
no longer use uidswap.[ch] from the ssh client
run less code with euid==0 if ssh is installed setuid root
just switch the euid, don't switch the complete set of groups
(this is only needed by sshd). ok provos@
|
|
[readconf.c readconf.h ssh.1 ssh.c]
deprecate FallBackToRsh and UseRsh; patch from djm@
|
|
[ssh.c]
nuke ptrace comment
|
|
[ssh.c]
add comment about ssh-keysign
|
|
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
|
|
[ssh.c sshd.c]
spelling; abishoff@arc.nasa.gov
|
|
[session.c ssh.c]
don't limit xauth pathlen on client side and longer print length on
server when debug; ok markus@
|
|
[channels.c clientloop.c clientloop.h ssh.c]
request reply (success/failure) for -R style fwd in protocol v2,
depends on ordered replies.
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@
|
|
[ssh.c]
update Copyright
|
|
[ssh.c]
simplify num_identity_files handling
|
|
[scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
change sc_get_key to sc_get_keys and hide smartcard details in scard.c
|
|
[authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
Add PIN-protection for secret key.
|