summaryrefslogtreecommitdiff
path: root/ssh_config.5
AgeCommit message (Collapse)Author
2007-06-13* Document the SILENT loglevel in sftp-server(8), ssh_config(5), andColin Watson
sshd_config(5).
2007-06-12* New upstream release (closes: #395507, #397961, #420035). ImportantColin Watson
changes not previously backported to 4.3p2: - 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4): + On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. + Implemented conditional configuration in sshd_config(5) using the "Match" directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. So far a useful subset of post-authentication options are supported and more are expected to be added in future releases. + Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256. + Added a "ForceCommand" directive to sshd_config(5). Similar to the command="..." option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new "Match" option. + Add a "PermitOpen" directive to sshd_config(5). This mirrors the permitopen="..." authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish. + Add optional logging of transactions to sftp-server(8). + ssh(1) will now record port numbers for hosts stored in ~/.ssh/known_hosts when a non-standard port has been requested (closes: #50612). + Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established. + Extend sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments. + Replacement of all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents. + Many manpage fixes and improvements. + Add optional support for OpenSSL hardware accelerators (engines), enabled using the --with-ssl-engine configure option. + Tokens in configuration files may be double-quoted in order to contain spaces (closes: #319639). + Move a debug() call out of a SIGCHLD handler, fixing a hang when the session exits very quickly (closes: #307890). + Fix some incorrect buffer allocation calculations (closes: #410599). + ssh-add doesn't ask for a passphrase if key file permissions are too liberal (closes: #103677). + Likewise, ssh doesn't ask either (closes: #99675). - 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6): + sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. + Fixed an inconsistent check for a terminal when displaying scp progress meter (closes: #257524). + Fix "hang on exit" when background processes are running at the time of exit on a ttyful/login session (closes: #88337). * Update to current GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch; install ChangeLog.gssapi.
2007-02-19 - jmc@cvs.openbsd.org 2007/01/10 13:23:22Darren Tucker
[ssh_config.5] do not use a list for SYNOPSIS; this is actually part of a larger report sent by eric s. raymond and forwarded by brad, but i only read half of it. spotted by brad.
2006-08-05 - jmc@cvs.openbsd.org 2006/07/27 08:00:50Damien Miller
[ssh_config.5] avoid confusing wording in HashKnownHosts: originally spotted by alan amesbury; ok deraadt
2006-07-12 - markus@cvs.openbsd.org 2006/07/11 18:50:48Darren Tucker
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c channels.h readconf.c] add ExitOnForwardFailure: terminate the connection if ssh(1) cannot set up all requested dynamic, local, and remote port forwardings. ok djm, dtucker, stevesk, jmc
2006-07-10 - stevesk@cvs.openbsd.org 2006/07/02 17:12:58Damien Miller
[ssh.1 ssh.c ssh_config.5 sshd_config.5] more details and clarity for tun(4) device forwarding; ok and help jmc@
2006-06-13 - jmc@cvs.openbsd.org 2006/05/29 16:10:03Damien Miller
[ssh_config.5] oops - previous was too long; split the list of auths up
2006-06-13 - dtucker@cvs.openbsd.org 2006/05/29 12:54:08Damien Miller
[ssh_config.5] Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
2006-05-12* Update to current GSSAPI patch fromColin Watson
http://www.sxw.org.uk/computing/patches/openssh-4.3p2-gsskex-20060223.patch (closes: #352042).
2006-05-12Merge 4.3p2 to the trunk.Colin Watson
2006-03-31 - djm@cvs.openbsd.org 2006/03/31 09:13:56Damien Miller
[ssh_config.5] remote user escape is %r not %h; spotted by jmc@
2006-03-31 - jmc@cvs.openbsd.org 2006/03/31 09:09:30Damien Miller
[ssh_config.5] kill trailing whitespace;
2006-03-31 - djm@cvs.openbsd.org 2006/03/30 10:41:25Damien Miller
[ssh.c ssh_config.5] add percent escape chars to the IdentityFile option, bz #1159 based on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
2006-03-15 - markus@cvs.openbsd.org 2006/03/14 16:32:48Damien Miller
[ssh_config.5 sshd_config.5] *AliveCountMax applies to protcol v2 only; ok dtucker, djm
2006-03-15 - dtucker@cvs.openbsd.org 2006/03/13 10:14:29Damien Miller
[misc.c ssh_config.5 sshd_config.5] Allow config directives to contain whitespace by surrounding them by double quotes. mindrot #482, man page help from jmc@, ok djm@
2006-03-15 - jmc@cvs.openbsd.org 2006/02/26 18:03:10Damien Miller
[ssh_config.5] comma;
2006-03-15 - jmc@cvs.openbsd.org 2006/02/26 17:17:18Damien Miller
[ssh_config.5] move PATTERNS to the end of the main body; requested by dtucker
2006-03-15 - jmc@cvs.openbsd.org 2006/02/25 12:26:17Damien Miller
[ssh_config.5] document the possible values for KbdInteractiveDevices;
2006-03-15 - jmc@cvs.openbsd.org 2006/02/24 23:20:07Damien Miller
[ssh_config.5] some grammar/wording fixes;
2006-03-15 - jmc@cvs.openbsd.org 2006/02/24 20:31:31Damien Miller
[ssh.1 ssh_config.5 sshd.8 sshd_config.5] more consistency fixes;
2006-03-15 - jmc@cvs.openbsd.org 2006/02/24 20:22:16Damien Miller
[ssh-keysign.8 ssh_config.5 sshd_config.5] some consistency fixes;
2006-03-15 - jmc@cvs.openbsd.org 2006/02/24 10:37:07Damien Miller
[ssh_config.5] tidy up the refs to PATTERNS;
2006-03-15 - jmc@cvs.openbsd.org 2006/02/24 10:25:14Damien Miller
[ssh_config.5] add section on patterns; from dtucker + myself
2006-03-15 - jmc@cvs.openbsd.org 2006/02/19 20:12:25Damien Miller
[ssh_config.5] add some vertical space;
2006-03-15 - jmc@cvs.openbsd.org 2006/02/12 10:49:44Damien Miller
[ssh_config.5] slight rewording; ok djm
2006-03-15 - djm@cvs.openbsd.org 2006/02/12 06:45:34Damien Miller
[ssh.c ssh_config.5] add a %l expansion code to the ControlPath, which is filled in with the local hostname at runtime. Requested by henning@ to avoid some problems with /home on NFS; ok dtucker@
2006-01-31 - jmc@cvs.openbsd.org 2006/01/20 11:21:45Damien Miller
[ssh_config.5] - word change, agreed w/ markus - consistency fixes
2006-01-20 - dtucker@cvs.openbsd.org 2006/01/20 00:14:55Darren Tucker
[scp.1 ssh.1 ssh_config.5 sftp.1] Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot #1056 with feedback from jmc, djm and markus; ok jmc@ djm@
2006-01-14 - jmc@cvs.openbsd.org 2006/01/12 22:26:02Damien Miller
[ssh_config.5] refer to TCP forwarding, rather than TCP/IP forwarding;
2006-01-03 - (djm) OpenBSD CVS SyncDamien Miller
- jmc@cvs.openbsd.org 2006/01/02 17:09:49 [ssh_config.5 sshd_config.5] some corrections from michael knudsen;
2005-12-24 - jmc@cvs.openbsd.org 2005/12/22 10:31:40Damien Miller
[ssh_config.5] put the description of "UsePrivilegedPort" in the correct place;
2005-12-20 - stevesk@cvs.openbsd.org 2005/12/17 21:36:42Darren Tucker
[ssh_config.5] spelling: intented -> intended
2005-12-20 - stevesk@cvs.openbsd.org 2005/12/17 21:13:05Darren Tucker
[ssh_config.5 session.c] spelling: fowarding, fowarded
2005-12-13 - jmc@cvs.openbsd.org 2005/12/08 21:37:50Damien Miller
[ssh_config.5] new sentence, new line;
2005-12-13 - reyk@cvs.openbsd.org 2005/12/08 18:34:11Damien Miller
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c] [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] two changes to the new ssh tunnel support. this breaks compatibility with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@
2005-12-13 - jmc@cvs.openbsd.org 2005/12/08 15:06:29Damien Miller
[ssh_config.5] keep options in order;
2005-12-13 - jmc@cvs.openbsd.org 2005/12/08 14:59:44Damien Miller
[ssh.1 ssh_config.5] make `!command' a little clearer; ok reyk
2005-12-13 - reyk@cvs.openbsd.org 2005/12/06 22:38:28Damien Miller
[auth-options.c auth-options.h channels.c channels.h clientloop.c] [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] [sshconnect.h sshd.8 sshd_config sshd_config.5] Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-11-05 - jmc@cvs.openbsd.org 2005/10/30 08:43:47Damien Miller
[ssh_config.5] remove trailing whitespace;
2005-11-05 - djm@cvs.openbsd.org 2005/10/30 01:23:19Damien Miller
[ssh_config.5] mention control socket fallback behaviour, reported by tryponraj AT gmail.com
2005-10-03 - djm@cvs.openbsd.org 2005/09/19 11:37:34Darren Tucker
[ssh_config.5 ssh.1] mention ability to specify bind_address for DynamicForward and -D options; bz#1077 spotted by Haruyama Seigo
2005-09-14Merge 4.2p1 to the trunk.Colin Watson
2005-07-14 - jmc@cvs.openbsd.org 2005/07/08 12:53:10Darren Tucker
[ssh_config.5] new sentence, new line;
2005-07-14 - dtucker@cvs.openbsd.org 2005/07/08 10:20:41Darren Tucker
[ssh_config.5] change BindAddress to match recent ssh -b change; prompted by markus@
2005-07-06 - jmc@cvs.openbsd.org 2005/07/04 11:29:51Damien Miller
[ssh_config.5] fix Xr and a little grammar;
2005-07-06 - djm@cvs.openbsd.org 2005/07/04 00:58:43Damien Miller
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5] implement support for X11 and agent forwarding over multiplex slave connections. Because of protocol limitations, the slave connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding their own. ok dtucker@ "put it in" deraadt@
2005-07-03document change in ~/.ssh/config group-writability restrictionsColin Watson
2005-06-26 - djm@cvs.openbsd.org 2005/06/18 04:30:36Damien Miller
[ssh.c ssh_config.5] allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
2005-06-16 - djm@cvs.openbsd.org 2005/06/08 11:25:09Damien Miller
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5] add ControlMaster=auto/autoask options to support opportunistic multiplexing; tested avsm@ and jakob@, ok markus@
2005-06-16 - djm@cvs.openbsd.org 2005/06/06 11:20:36Damien Miller
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c] introduce a generic %foo expansion function. replace existing % expansion and add expansion to ControlPath; ok markus@