Age | Commit message (Collapse) | Author |
|
- Add GSSAPI key exchange support from
http://www.sxw.org.uk/computing/patches/openssh.html (thanks, Stephen
Frost).
|
|
|
|
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
[sshconnect2.c sshd.c sshd_config sshd_config.5]
add a new compression method that delays compression until the user
has been authenticated successfully and set compression to 'delayed'
for sshd.
this breaks older openssh clients (< 3.5) if they insist on
compression, so you have to re-enable compression in sshd_config.
ok djm@
|
|
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
|
|
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
[bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
[kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
[servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
[ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
make this -Wsign-compare clean; ok avsm@ markus@
NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
NB2. more work may be needed to make portable Wsign-compare clean
|
|
[canohost.c channels.c sshd.c]
don't exit if getpeername fails for forwarded ports; bugzilla #1054;
ok djm
|
|
|
|
[sshd.c]
avoid harmless logspam by not performing setsockopt() on non-socket;
ok markus@
|
|
behaviour
|
|
|
|
handling of password expiry messages returned by AIX's authentication
routines, originally reported by robvdwal at sara.nl.
|
|
events earlier, prevents mm_request_send errors reported by Matt Goebel.
|
|
[sshd.c]
Provide reason in error message if getnameinfo fails; ok markus@
|
|
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
|
|
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
|
|
the process. Since we also unset KRB5CCNAME at startup, if it's set after
authentication it must have been set by the platform's native auth system.
This was already done for AIX; this enables it for the general case.
|
|
[auth-passwd.c sshd.c]
Warn in advance for password and account expiry; initialize loginmsg
buffer earlier and clear it after privsep fork. ok and help dtucker@
markus@
|
|
[sshd.c]
Make debugging output continue after reexec; ok djm@
|
|
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
bz #898: support AddressFamily in sshd_config. from
peak@argo.troja.mff.cuni.cz; ok deraadt@
|
|
|
|
[sshd.c]
these printf args are no longer double; ok deraadt@ markus@
|
|
[sshd.c]
use less doubles in daemons; markus@ ok
|
|
banner. Suggested by deraadt@, ok mouring@, dtucker@
|
|
[sshd.c]
don't erroneously close stdin for !reexec case, from Dave Johnson;
ok markus@
|
|
messages generated before the postauth privsep split.
|
|
[sshd.c]
Don't try to close startup_pipe if it's not open; ok djm@
|
|
[sshd.c]
call setsid() _before_ re-exec
|
|
|
|
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
Move "Last logged in at.." message generation to the monitor, right
before recording the new login. Fixes missing lastlog message when
/var/log/lastlog is not world-readable and incorrect datestamp when
multiple sessions are used (bz #463); much assistance & ok markus@
|
|
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
sshd.c ttymodes.h]
spaces
|
|
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces
diff vs OpenBSD; ok mouring@, tested by tim@ too.
|
|
[sshd.c]
initialise some fd variables to -1, djm@ ok
|
|
- djm@cvs.openbsd.org 2004/06/25 18:43:36
[sshd.c]
fix broken fd handling in the re-exec fallback path, particularly when
/dev/crypto is in use; ok deraadt@ markus@
|
|
|
|
[sshd.c]
only perform tcp wrappers checks when the incoming connection is on a
socket. silences useless warnings from regress tests that use
proxycommand="sshd -i". prompted by david@ ok markus@
|
|
[servconf.c servconf.h sshd.c]
re-exec sshd on accept(); initial work, final debugging and ok markus@
|
|
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
[sshd.c]
set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
|
|
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
[ssh-keyscan.c sshconnect2.c sshd.c]
implement diffie-hellman-group14-sha1 kex method (trivial extension to
existing diffie-hellman-group1-sha1); ok markus@
|
|
|
|
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
sshd.c] removed: mpaux.c mpaux.h
kill some more tiny files; ok deraadt@
|
|
|
|
[ssh.c sshd.c]
ssh, sshd: sync version output, ok djm
|
|
[sshd.c]
trim usage; ok deraadt
|
|
|
|
- markus@cvs.openbsd.org 2004/03/03 06:47:52
[sshd.c]
change proctiltle after accept(2); ok henning, deraadt, djm
|
|
openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being
inherited by the child. ok djm@
|
|
platforms (eg SCO, HP-UX) with logging in the wrong TZ.
|
|
extensively yet.
ProtocolKeepAlives is now just a compatibility alias for
ServerAliveInterval.
|
|
[sshd.c]
typo in comment
|
|
[sshd.c]
backout revision 1.279; set listen socket to non-block; ok henning.
|