Age | Commit message (Collapse) | Author |
|
[ssh_config.5]
clean up after previous macro removal;
|
|
[ssh_config.5]
ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@
|
|
[ssh_config.5]
document KbdInteractiveAuthentication in ssh_config.5;
patch from dkg AT fifthhorseman.net
|
|
[ssh_config.5]
tun device forwarding now honours ExitOnForwardFailure; ok markus@
|
|
[ssh_config.5]
put the MAC list into a display, like we do for ciphers,
since groff has trouble handling wide lines;
|
|
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
[ssh_config.5 sshd.8 sshd_config.5]
Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
compared to hmac-md5. Represents a different approach to message
authentication to that of HMAC that may be beneficial if HMAC based on
one of its underlying hash algorithms is found to be vulnerable to a
new attack. http://www.ietf.org/rfc/rfc4418.txt
in conjunction with and OK djm@
|
|
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
convert to new .Dd format;
(We will need to teach mdoc2man.awk to understand this too.)
|
|
[ssh_config.5]
do not use a list for SYNOPSIS;
this is actually part of a larger report sent by eric s. raymond
and forwarded by brad, but i only read half of it. spotted by brad.
|
|
[ssh_config.5]
avoid confusing wording in HashKnownHosts:
originally spotted by alan amesbury;
ok deraadt
|
|
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
channels.h readconf.c]
add ExitOnForwardFailure: terminate the connection if ssh(1)
cannot set up all requested dynamic, local, and remote port
forwardings. ok djm, dtucker, stevesk, jmc
|
|
[ssh.1 ssh.c ssh_config.5 sshd_config.5]
more details and clarity for tun(4) device forwarding; ok and help
jmc@
|
|
[ssh_config.5]
oops - previous was too long; split the list of auths up
|
|
[ssh_config.5]
Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
|
|
[ssh_config.5]
remote user escape is %r not %h; spotted by jmc@
|
|
[ssh_config.5]
kill trailing whitespace;
|
|
[ssh.c ssh_config.5]
add percent escape chars to the IdentityFile option, bz #1159 based
on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
|
|
[ssh_config.5 sshd_config.5]
*AliveCountMax applies to protcol v2 only; ok dtucker, djm
|
|
[misc.c ssh_config.5 sshd_config.5]
Allow config directives to contain whitespace by surrounding them by double
quotes. mindrot #482, man page help from jmc@, ok djm@
|
|
[ssh_config.5]
comma;
|
|
[ssh_config.5]
move PATTERNS to the end of the main body; requested by dtucker
|
|
[ssh_config.5]
document the possible values for KbdInteractiveDevices;
|
|
[ssh_config.5]
some grammar/wording fixes;
|
|
[ssh.1 ssh_config.5 sshd.8 sshd_config.5]
more consistency fixes;
|
|
[ssh-keysign.8 ssh_config.5 sshd_config.5]
some consistency fixes;
|
|
[ssh_config.5]
tidy up the refs to PATTERNS;
|
|
[ssh_config.5]
add section on patterns;
from dtucker + myself
|
|
[ssh_config.5]
add some vertical space;
|
|
[ssh_config.5]
slight rewording; ok djm
|
|
[ssh.c ssh_config.5]
add a %l expansion code to the ControlPath, which is filled in with the
local hostname at runtime. Requested by henning@ to avoid some problems
with /home on NFS; ok dtucker@
|
|
[ssh_config.5]
- word change, agreed w/ markus
- consistency fixes
|
|
[scp.1 ssh.1 ssh_config.5 sftp.1]
Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
#1056 with feedback from jmc, djm and markus; ok jmc@ djm@
|
|
[ssh_config.5]
refer to TCP forwarding, rather than TCP/IP forwarding;
|
|
- jmc@cvs.openbsd.org 2006/01/02 17:09:49
[ssh_config.5 sshd_config.5]
some corrections from michael knudsen;
|
|
[ssh_config.5]
put the description of "UsePrivilegedPort" in the correct place;
|
|
[ssh_config.5]
spelling: intented -> intended
|
|
[ssh_config.5 session.c]
spelling: fowarding, fowarded
|
|
[ssh_config.5]
new sentence, new line;
|
|
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
[serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
two changes to the new ssh tunnel support. this breaks compatibility
with the initial commit but is required for a portable approach.
- make the tunnel id u_int and platform friendly, use predefined types.
- support configuration of layer 2 (ethernet) or layer 3
(point-to-point, default) modes. configuration is done using the
Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
in sshd_config(5).
ok djm@, man page bits by jmc@
|
|
[ssh_config.5]
keep options in order;
|
|
[ssh.1 ssh_config.5]
make `!command' a little clearer;
ok reyk
|
|
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
|
[ssh_config.5]
remove trailing whitespace;
|
|
[ssh_config.5]
mention control socket fallback behaviour, reported by
tryponraj AT gmail.com
|
|
[ssh_config.5 ssh.1]
mention ability to specify bind_address for DynamicForward and -D options;
bz#1077 spotted by Haruyama Seigo
|
|
[ssh_config.5]
new sentence, new line;
|
|
[ssh_config.5]
change BindAddress to match recent ssh -b change; prompted by markus@
|
|
[ssh_config.5]
fix Xr and a little grammar;
|
|
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
implement support for X11 and agent forwarding over multiplex slave
connections. Because of protocol limitations, the slave connections inherit
the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
their own.
ok dtucker@ "put it in" deraadt@
|
|
[ssh.c ssh_config.5]
allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
|
|
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
add ControlMaster=auto/autoask options to support opportunistic
multiplexing; tested avsm@ and jakob@, ok markus@
|