Age | Commit message (Collapse) | Author |
|
[sshd_config sshd_config.5 sshd.8 servconf.c]
increase default size of ssh protocol 1 ephemeral key from 768 to 1024
bits; prodded by & ok dtucker@ ok deraadt@
|
|
[sshd.8]
kill trailing whitespace;
|
|
[auth-options.c match.c servconf.c addrmatch.c sshd.8]
support CIDR address matching in .ssh/authorized_keys from="..." stanzas
ok and extensive testing dtucker@
|
|
[sshd.8 sshd.c]
- update usage()
- fix SYNOPSIS, and sort options
- some minor additional fixes
|
|
[sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8]
Add extended test mode (-T) and connection parameters for test mode (-C).
-T causes sshd to write its effective configuration to stdout and exit.
-C causes any relevant Match rules to be applied before output. The
combination allows tesing of the parser and config files. ok deraadt djm
|
|
[sshd.8]
remove trailing whitespace;
|
|
[auth-options.c auth-options.h session.c sshd.8]
add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
|
|
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
|
|
[ssh.1 sshd.8]
Document the correct permissions for the ~/.ssh/ directory.
ok jmc
|
|
accounts and that's what the code looks for, so make man page and code
agree. Pointed out by Roumen Petrov.
|
|
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
[ssh_config.5 sshd.8 sshd_config.5]
Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
compared to hmac-md5. Represents a different approach to message
authentication to that of HMAC that may be beneficial if HMAC based on
one of its underlying hash algorithms is found to be vulnerable to a
new attack. http://www.ietf.org/rfc/rfc4418.txt
in conjunction with and OK djm@
|
|
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
convert to new .Dd format;
(We will need to teach mdoc2man.awk to understand this too.)
|
|
[sshd.8]
- let synopsis and description agree for -f
- sort FILES
- +.Xr ssh-keyscan 1 ,
from Igor Sobrado
|
|
[sshd.8]
Add more detail about what permissions are and aren't accepted for
authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@
|
|
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
Add ForceCommand keyword to sshd_config, equivalent to the "command="
key option, man page entry and example in sshd_config.
Feedback & ok djm@, man page corrections & ok jmc@
|
|
[sshd.8]
s/and and/and/
|
|
[misc.c misc.h sshd.8 sshconnect.c]
Add port identifier to known_hosts for non-default ports, based originally
on a patch from Devin Nate in bz#910.
For any connection using the default port or using a HostKeyAlias the
format is unchanged, otherwise the host name or address is enclosed
within square brackets in the same format as sshd's ListenAddress.
Tested by many, ok markus@.
|
|
[ssh.1 ssh_config.5 sshd.8 sshd_config.5]
more consistency fixes;
|
|
[sshd.8]
signpost to PATTERNS section;
|
|
[sshd.8]
grammar;
|
|
[sshd.8]
sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
|
|
[sshd.8]
move the sshrc stuff out of FILES, and into its own section:
FILES is not a good place to document how stuff works;
|
|
[sshd.8]
sync some of the FILES entries w/ ssh.1;
|
|
[sshd.8]
remove ietf draft references; RFC list now maintained in ssh.1;
|
|
[sshd.8]
sort FILES and use a -compact list;
|
|
[sshd.8]
- avoid nasty line split
- `*' does not need to be escaped
|
|
[sshd.8]
turn this into an example ssh_known_hosts file; ok djm
|
|
[sshd.8]
small tweaks for the ssh_known_hosts section;
|
|
[sshd.8]
no need to subsection the authorized_keys examples - instead, convert
this to look like an actual file. also use proto 2 keys, and use IETF
example addresses;
|
|
[sshd.8]
sort the list of options permissable w/ authorized_keys;
ok djm dtucker
|
|
[sshd.8]
rework the description of authorized_keys a little;
|
|
[sshd.8]
- move some text into a CAVEATS section
- merge the COMMAND EXECUTION... section into AUTHENTICATION
|
|
[sshd.8]
small tweak;
|
|
- jmc@cvs.openbsd.org 2006/02/01 09:06:50
[sshd.8]
- merge sections on protocols 1 and 2 into a single section
- remove configuration file section
ok markus
|
|
[sshd.8]
move subsections to full sections;
|
|
[sshd.8]
move the options description up the page, and a few additional tweaks
whilst in here;
ok markus
|
|
[sshd.8]
refer to TCP forwarding, rather than TCP/IP forwarding;
|
|
[sshd.8]
clarify precedence of -p, Port, ListenAddress; ok and help jmc@
|
|
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
|
for UnixWare.
|
|
"*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
senthilkumar_sen at hotpop.com.
|
|
[ssh-keygen.1 ssh-keygen.c sshd.8]
increase default rsa/dsa key length from 1024 to 2048 bits;
ok markus@ deraadt@
|
|
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
[sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
variable, so don't say that we do (bz #623); ok deraadt@
|
|
[sshd.8]
new sentence, new line;
whitespace;
|
|
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
[sshconnect.c sshd.8]
add support for hashing host names and addresses added to known_hosts
files, to improve privacy of which hosts user have been visiting; ok
markus@ deraadt@
|
|
[sshd.8]
add /etc/motd and $HOME/.hushlogin to FILES;
from michael knudsen;
|
|
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
Discard over-length authorized_keys entries rather than complaining when
they don't decode. bz #884, with & ok djm@
|
|
[ssh.1 sshd.8]
get rid of references to rhosts authentication; with jmc@
|
|
[sshd.8]
Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk
via Debian; ok djm@
|
|
[scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8]
scp and sftp: add options list and sort options. options list requested
by deraadt@
sshd: use same format as ssh
ssh: remove wrong option from list
sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|