summaryrefslogtreecommitdiff
path: root/sshd_config.5
AgeCommit message (Collapse)Author
2007-06-11 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34Damien Miller
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1] [ssh_config.5 sshd.8 sshd_config.5] Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
2007-06-05 - jmc@cvs.openbsd.org 2007/05/31 19:20:16Darren Tucker
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1 ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8] convert to new .Dd format; (We will need to teach mdoc2man.awk to understand this too.)
2007-03-06 - OpenBSD CVS SyncDamien Miller
- jmc@cvs.openbsd.org 2007/03/01 16:19:33 [sshd_config.5] sort the `match' keywords;
2007-03-01 - dtucker@cvs.openbsd.org 2007/03/01 10:28:02Darren Tucker
[auth2.c sshd_config.5 servconf.c] Remove ChallengeResponseAuthentication support inside a Match block as its interaction with KbdInteractive makes it difficult to support. Also, relocate the CR/kbdint option special-case code into servconf. "please commit" djm@, ok markus@ for the relocation.
2007-02-19 - dtucker@cvs.openbsd.org 2007/02/19 10:45:58Darren Tucker
[monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5] Teach Match how handle config directives that are used before authentication. This allows configurations such as permitting password authentication from the local net only while requiring pubkey from offsite. ok djm@, man page bits ok jmc@
2007-01-05 - jmc@cvs.openbsd.org 2007/01/02 09:57:25Damien Miller
[sshd_config.5] do not use lists for SYNOPSIS; from eric s. raymond via brad
2006-08-30 - (djm) OpenBSD CVS SyncDamien Miller
- dtucker@cvs.openbsd.org 2006/08/21 08:14:01 [sshd_config.5] Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, ok jmc@ djm@
2006-08-19 - dtucker@cvs.openbsd.org 2006/08/14 12:40:25Damien Miller
[servconf.c servconf.h sshd_config.5] Add ability to match groups to Match keyword in sshd_config. Feedback djm@, stevesk@, ok stevesk@.
2006-07-24 - dtucker@cvs.openbsd.org 2006/07/21 12:43:36Damien Miller
[channels.c channels.h servconf.c servconf.h sshd_config.5] Make PermitOpen take a list of permitted ports and act more like most other keywords (ie the first match is the effective setting). This also makes it easier to override a previously set PermitOpen. ok djm@
2006-07-24 - dtucker@cvs.openbsd.org 2006/07/19 13:07:10Damien Miller
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5] Add ForceCommand keyword to sshd_config, equivalent to the "command=" key option, man page entry and example in sshd_config. Feedback & ok djm@, man page corrections & ok jmc@
2006-07-24 - dtucker@cvs.openbsd.org 2006/07/19 08:56:41Damien Miller
[servconf.c sshd_config.5] Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to Match. ok djm@
2006-07-24 - dtucker@cvs.openbsd.org 2006/07/18 08:22:23Damien Miller
[sshd_config.5] Clarify description of Match, with minor correction from jmc@
2006-07-24 - jmc@cvs.openbsd.org 2006/07/18 08:03:09Damien Miller
[ssh-agent.1 sshd_config.5] mark up angle brackets;
2006-07-24 - jmc@cvs.openbsd.org 2006/07/18 07:50:40Damien Miller
[sshd_config.5] tweak; ok dtucker
2006-07-24 - dtucker@cvs.openbsd.org 2006/07/17 12:06:00Damien Miller
[channels.c channels.h servconf.c sshd_config.5] Add PermitOpen directive to sshd_config which is equivalent to the "permitopen" key option. Allows server admin to allow TCP port forwarding only two specific host/port pairs. Useful when combined with Match. If permitopen is used in both sshd_config and a key option, both must allow a given connection before it will be permitted. Note that users can still use external forwarders such as netcat, so to be those must be controlled too for the limits to be effective. Feedback & ok djm@, man page corrections & ok jmc@.
2006-07-24 - jmc@cvs.openbsd.org 2006/07/12 13:39:55Damien Miller
[sshd_config.5] - new sentence, new line - s/The the/The/ - kill a bad comma
2006-07-12 - dtucker@cvs.openbsd.org 2006/07/12 11:34:58Darren Tucker
[sshd.c servconf.h servconf.c sshd_config.5 auth.c] Add support for conditional directives to sshd_config via a "Match" keyword, which works similarly to the "Host" directive in ssh_config. Lines after a Match line override the default set in the main section if the condition on the Match line is true, eg AllowTcpForwarding yes Match User anoncvs AllowTcpForwarding no will allow port forwarding by all users except "anoncvs". Currently only a very small subset of directives are supported. ok djm@
2006-07-10 - djm@cvs.openbsd.org 2006/07/06 10:47:05Damien Miller
[servconf.c servconf.h session.c sshd_config.5] support arguments to Subsystem commands; ok markus@
2006-07-10 - stevesk@cvs.openbsd.org 2006/07/02 17:12:58Damien Miller
[ssh.1 ssh.c ssh_config.5 sshd_config.5] more details and clarity for tun(4) device forwarding; ok and help jmc@
2006-07-03* Document KeepAlive->TCPKeepAlive renaming in sshd_config(5) (closes:Colin Watson
https://launchpad.net/bugs/50702).
2006-05-12* Update to current GSSAPI patch fromColin Watson
http://www.sxw.org.uk/computing/patches/openssh-4.3p2-gsskex-20060223.patch (closes: #352042).
2006-03-15 - markus@cvs.openbsd.org 2006/03/14 16:32:48Damien Miller
[ssh_config.5 sshd_config.5] *AliveCountMax applies to protcol v2 only; ok dtucker, djm
2006-03-15 - dtucker@cvs.openbsd.org 2006/03/13 10:14:29Damien Miller
[misc.c ssh_config.5 sshd_config.5] Allow config directives to contain whitespace by surrounding them by double quotes. mindrot #482, man page help from jmc@, ok djm@
2006-03-15 - jmc@cvs.openbsd.org 2006/02/26 18:01:13Damien Miller
[sshd_config.5] subsection is pointless here;
2006-03-15 - jmc@cvs.openbsd.org 2006/02/25 12:28:34Damien Miller
[sshd_config.5] document the order in which allow/deny directives are processed; help/ok dtucker
2006-03-15 - jmc@cvs.openbsd.org 2006/02/24 23:51:17Damien Miller
[sshd_config.5] oops - bits i missed;
2006-03-15 - jmc@cvs.openbsd.org 2006/02/24 23:43:57Damien Miller
[sshd_config.5] some grammar/wording fixes;
2006-03-15 - jmc@cvs.openbsd.org 2006/02/24 20:31:31Damien Miller
[ssh.1 ssh_config.5 sshd.8 sshd_config.5] more consistency fixes;
2006-03-15 - jmc@cvs.openbsd.org 2006/02/24 20:22:16Damien Miller
[ssh-keysign.8 ssh_config.5 sshd_config.5] some consistency fixes;
2006-03-15 - jmc@cvs.openbsd.org 2006/02/24 10:33:54Damien Miller
[sshd_config.5] signpost to PATTERNS;
2006-02-23 - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect currentDarren Tucker
reality. Pointed out by tryponraj at gmail.com.
2006-01-03 - (djm) OpenBSD CVS SyncDamien Miller
- jmc@cvs.openbsd.org 2006/01/02 17:09:49 [ssh_config.5 sshd_config.5] some corrections from michael knudsen;
2005-12-13 - reyk@cvs.openbsd.org 2005/12/08 18:34:11Damien Miller
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c] [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] two changes to the new ssh tunnel support. this breaks compatibility with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@
2005-12-13 - reyk@cvs.openbsd.org 2005/12/06 22:38:28Damien Miller
[auth-options.c auth-options.h channels.c channels.h clientloop.c] [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] [sshconnect.h sshd.8 sshd_config sshd_config.5] Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-10-03 - djm@cvs.openbsd.org 2005/09/21 23:36:54Darren Tucker
[sshd_config.5] aquire -> acquire, from stevesk@
2005-07-26 - markus@cvs.openbsd.org 2005/07/25 11:59:40Damien Miller
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] [sshconnect2.c sshd.c sshd_config sshd_config.5] add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
2005-05-26 - djm@cvs.openbsd.org 2005/05/23 23:32:46Damien Miller
[cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5] add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
2005-05-26 - djm@cvs.openbsd.org 2005/05/19 02:39:55Damien Miller
[sshd_config.5] sort config options, from grunk AT pestilenz.org; ok jmc@
2005-05-26 - djm@cvs.openbsd.org 2005/04/21 06:17:50Damien Miller
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8] [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment variable, so don't say that we do (bz #623); ok deraadt@
2005-03-31 - jmc@cvs.openbsd.org 2005/03/18 17:05:00Darren Tucker
[sshd_config.5] typo;
2005-03-01 - djm@cvs.openbsd.org 2005/03/01 10:09:52Damien Miller
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h] [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] [sshd_config.5] bz#413: allow optional specification of bind address for port forwardings. Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports.
2005-02-01 - (dtucker) [sshd_config.5] Bug #701: remove warning aboutDarren Tucker
keyboard-interactive since this is no longer the case.
2005-01-20 - jmc@cvs.openbsd.org 2005/01/08 00:41:19Darren Tucker
[sshd_config.5] `login'(n) -> `log in'(v);
2005-01-20 - djm@cvs.openbsd.org 2004/12/23 23:11:00Darren Tucker
[servconf.c servconf.h sshd.c sshd_config sshd_config.5] bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz; ok deraadt@
2004-11-05 - jaredy@cvs.openbsd.org 2004/09/15 03:25:41Darren Tucker
[sshd_config.5] mention PrintLastLog only prints last login time for interactive sessions, like PrintMotd mentions. From Michael Knudsen, with wording changed slightly to match the PrintMotd description. ok djm
2004-06-30 - jmc@cvs.openbsd.org 2004/06/26 09:14:40Damien Miller
[sshd_config.5] new sentence, new line;
2004-06-15 - dtucker@cvs.openbsd.org 2004/06/13 14:01:42Damien Miller
[ssh.1 ssh_config.5 sshd_config.5] List supported ciphers in man pages, tidy up ssh -c; "looks fine" jmc@, ok markus@
2004-05-24 - dtucker@cvs.openbsd.org 2004/05/23 23:59:53Darren Tucker
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5] Add MaxAuthTries sshd config option; ok markus@
2004-05-13 - (dtucker) [sshd.8] Bug #843: Add warning about PasswordAuthentication toDarren Tucker
UsePAM section. Parts from djm@ and jmc@.
2004-05-02 - jmc@cvs.openbsd.org 2004/04/28 07:02:56Darren Tucker
[sshd_config.5] remove unnecessary .Pp;