Damien Miller
12c150e7e0
- markus@cvs.openbsd.org 2003/12/09 21:53:37
...
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
2003-12-17 16:31:10 +11:00
Damien Miller
150b55745b
- jakob@cvs.openbsd.org 2003/11/12 16:39:58
...
[dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
update SSHFP validation. ok markus@
2003-11-17 21:19:29 +11:00
Darren Tucker
dda19d63ff
- jakob@cvs.openbsd.org 2003/10/14 19:42:10
...
[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
include SSHFP lookup code (not enabled by default). ok markus@
2003-10-15 16:00:47 +10:00
Darren Tucker
0a118da00e
- markus@cvs.openbsd.org 2003/10/11 08:24:08
...
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
remote x11 clients are now untrusted by default, uses xauth(8) to generate
untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
ok deraadt; feedback and ok djm/fries
2003-10-15 15:54:32 +10:00
Darren Tucker
a044f47679
- markus@cvs.openbsd.org 2003/10/08 15:21:24
...
[readconf.c ssh_config.5]
default GSS API to no in client, too; ok jakob, deraadt@
2003-10-15 15:52:03 +10:00
Damien Miller
fb10e9abe8
- markus@cvs.openbsd.org 2003/09/01 18:15:50
...
[readconf.c readconf.h servconf.c servconf.h ssh.c]
remove unused kerberos code; ok henning@
2003-09-02 22:58:22 +10:00
Damien Miller
84d03efdf7
- markus@cvs.openbsd.org 2003/09/01 12:50:46
...
[readconf.c]
rm gssapidelegatecreds alias; never supported before
2003-09-02 22:57:27 +10:00
Damien Miller
1a0c0b9621
- markus@cvs.openbsd.org 2003/08/28 12:54:34
...
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker
0efd155c3c
- markus@cvs.openbsd.org 2003/08/22 10:56:09
...
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Darren Tucker
1c52ee3e6f
- markus@cvs.openbsd.org 2003/08/13 09:07:10
...
[readconf.c ssh.c]
socks4->socks, since with support both 4 and 5; dtucker@zip.com.au
2003-08-13 20:38:36 +10:00
Darren Tucker
ec960f2c93
- markus@cvs.openbsd.org 2003/08/13 08:46:31
...
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker
6aaa58c470
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
2003-08-02 22:24:49 +10:00
Darren Tucker
0a4f04b5b2
- djm@cvs.openbsd.org 2003/07/03 08:09:06
...
[readconf.c readconf.h ssh-keysign.c ssh.c]
fix AddressFamily option in config file, from brent@graveland.net ;
ok markus@
2003-07-03 20:37:47 +10:00
Darren Tucker
a99c1b77ab
- markus@cvs.openbsd.org 2003/06/26 20:08:33
...
[readconf.c]
do not dump core for 'ssh -o proxycommand host'; ok deraadt@
2003-06-28 12:40:12 +10:00
Damien Miller
20a8f97b03
- djm@cvs.openbsd.org 2003/05/16 03:27:12
...
[readconf.c ssh_config ssh_config.5 ssh-keysign.c]
add AddressFamily option to ssh_config (like -4, -6 on commandline).
Portable bug #534 ; ok markus@
2003-05-18 20:50:30 +10:00
Damien Miller
b78d5eb6c5
- djm@cvs.openbsd.org 2003/05/15 14:55:25
...
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
add a ConnectTimeout option to ssh, based on patch from
Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
2003-05-16 11:39:04 +10:00
Damien Miller
f9b3feb847
- jakob@cvs.openbsd.org 2003/05/15 14:02:47
...
[readconf.c servconf.c]
warn for unsupported config option. ok markus@
2003-05-16 11:38:32 +10:00
Damien Miller
d248b5bd1b
- jakob@cvs.openbsd.org 2003/05/15 04:08:44
...
[readconf.c servconf.c]
disable kerberos when not supported. ok markus@
2003-05-15 14:15:23 +10:00
Damien Miller
2aa0ab463f
- jakob@cvs.openbsd.org 2003/05/15 01:48:10
...
[readconf.c readconf.h servconf.c servconf.h]
always parse kerberos options. ok djm@ markus@
- (djm) Always parse UsePAM
2003-05-15 12:05:28 +10:00
Damien Miller
37876e913a
- jakob@cvs.openbsd.org 2003/05/14 18:16:20
...
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
[dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
add experimental support for verifying hos keys using DNS as described
in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
ok markus@ and henning@
2003-05-15 10:19:46 +10:00
Damien Miller
c652cac5f7
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2003/04/09 12:00:37
[readconf.c]
strip trailing whitespace from config lines before parsing.
Fixes bz 528; ok markus@
2003-05-14 13:40:54 +10:00
Damien Miller
a5539d2698
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/04/02 09:48:07
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
reapply rekeying chage, tested by henning@, ok djm@
2003-04-09 20:50:06 +10:00
Damien Miller
2dc074ef4b
- markus@cvs.openbsd.org 2003/04/01 10:10:23
...
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
- markus@cvs.openbsd.org 2003/04/01 10:22:21
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
backout rekeying changes (for 3.6.1)
2003-04-01 21:43:39 +10:00
Damien Miller
61f08ac35a
- markus@cvs.openbsd.org 2003/02/05 09:02:28
...
[readconf.c]
simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@
2003-02-24 11:56:27 +11:00
Ben Lindstrom
b6df73b06a
- markus@cvs.openbsd.org 2002/11/07 22:08:07
...
[readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
because HostbasedAuthentication might be enabled based on the
target host and ssh-keysign(8) does not know the remote hostname
and not trust ssh(1) about the hostname, so we add a new option
EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
2002-11-09 15:52:31 +00:00
Ben Lindstrom
99a4e14fe0
- (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms
...
lacking that concept can share it. Patch by vinschen@redhat.com
2002-07-09 14:06:40 +00:00
Ben Lindstrom
cb72e4f6d2
- deraadt@cvs.openbsd.org 2002/06/19 00:27:55
...
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
xmalloc.h]
KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
Ben Lindstrom
2bf8276393
- stevesk@cvs.openbsd.org 2002/06/10 17:45:20
...
[readconf.c ssh.1]
change RhostsRSAAuthentication and RhostsAuthentication default to no
since ssh is no longer setuid root by default; ok markus@
2002-06-11 15:53:05 +00:00
Ben Lindstrom
2e17b08e48
- markus@cvs.openbsd.org 2002/06/08 12:46:14
...
[readconf.c]
silently ignore deprecated options, since FallBackToRsh might be passed
by remote scp commands.
2002-06-09 20:13:27 +00:00
Ben Lindstrom
1c2bafebb3
- markus@cvs.openbsd.org 2002/06/08 05:40:01
...
[readconf.c]
just warn about Deprecated options for now
2002-06-09 20:04:50 +00:00
Ben Lindstrom
4daea86fd4
- markus@cvs.openbsd.org 2002/06/08 05:17:01
...
[readconf.c readconf.h ssh.1 ssh.c]
deprecate FallBackToRsh and UseRsh; patch from djm@
2002-06-09 20:04:02 +00:00
Damien Miller
fcd9320440
- markus@cvs.openbsd.org 2002/02/04 12:15:25
...
[log.c log.h readconf.c servconf.c]
add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
fixes arm/netbsd; based on patch from bjh21@netbsd.org ; ok djm@
2002-02-05 12:26:34 +11:00
Damien Miller
f51b0e1a30
- stevesk@cvs.openbsd.org 2002/01/04 17:59:17
...
[readconf.c servconf.c]
remove #ifdef _PATH_XAUTH/#endif; ok markus@
2002-01-22 23:18:49 +11:00
Damien Miller
9f0f5c64bc
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
...
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom
65366a8c76
- stevesk@cvs.openbsd.org 2001/11/17 19:14:34
...
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
enum/int type cleanup where it made sense to do so; ok markus@
2001-12-06 16:32:47 +00:00
Ben Lindstrom
3cecc9a41f
- markus@cvs.openbsd.org 2001/10/01 21:51:16
...
[readconf.c readconf.h ssh.1 sshconnect.c]
add NoHostAuthenticationForLocalhost; note that the hostkey is
now check for localhost, too.
2001-10-03 17:39:38 +00:00
Ben Lindstrom
2b7a0e953e
- stevesk@cvs.openbsd.org 2001/09/19 19:24:19
...
[readconf.c readconf.h scp.c sftp.c ssh.1]
add ClearAllForwardings ssh option and set it in scp and sftp; ok
markus@
2001-09-20 00:57:55 +00:00
Ben Lindstrom
edc0cf26d1
- stevesk@cvs.openbsd.org 2001/09/03 20:58:33
...
[readconf.c readconf.h ssh.c]
fatal() for nonexistent -Fssh_config. ok markus@
2001-09-12 18:32:20 +00:00
Ben Lindstrom
62c25a43db
- stevesk@cvs.openbsd.org 2001/08/30 16:04:35
...
[readconf.c ssh.1]
validate ports for LocalForward/RemoteForward.
add host/port alternative syntax for IPv6 (like -L/-R).
ok markus@
2001-09-12 18:01:59 +00:00
Ben Lindstrom
525a09389e
- markus@cvs.openbsd.org 2001/08/28 09:51:26
...
[readconf.c]
don't set DynamicForward unless Host matches
2001-09-12 17:35:27 +00:00
Ben Lindstrom
d0ff40847d
- (bal) Fixed stray code in readconf.c that went in by mistake.
2001-08-15 22:58:59 +00:00
Ben Lindstrom
f7db3bb64c
- markus@cvs.openbsd.org 2001/08/01 22:03:33
...
[authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c
ssh-agent.c ssh.c]
use strings instead of ints for smartcard reader ids
2001-08-06 21:35:51 +00:00
Ben Lindstrom
ae996bf7d1
- jakob@cvs.openbsd.org 2001/07/31 09:28:44
...
[readconf.c readconf.h ssh.1 ssh.c]
add 'SmartcardDevice' client option to specify which smartcard device
is used to access a smartcard used for storing the user's private RSA
key. ok markus@.
2001-08-06 21:27:53 +00:00
Ben Lindstrom
f9cedb9ca0
- markus@cvs.openbsd.org 2001/07/25 14:35:18
...
[readconf.c ssh.1 ssh.c sshconnect.c]
cleanup connect(); connection_attempts 4 -> 1; from
eivind@freebsd.org
2001-08-06 21:07:11 +00:00
Ben Lindstrom
0076d75c25
- markus@cvs.openbsd.org 2001/07/22 22:04:19
...
[readconf.c ssh.1]
enable challenge-response auth by default; ok millert@
2001-08-06 20:53:26 +00:00
Ben Lindstrom
c88785efc8
- markus@cvs.openbsd.org 2001/07/22 21:32:27
...
[sshpty.c]
update comment
2001-08-06 20:47:23 +00:00
Ben Lindstrom
ec95ed9b4c
- dugsong@cvs.openbsd.org 2001/06/26 16:15:25
...
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
servconf.c servconf.h session.c sshconnect1.c sshd.c]
Kerberos v5 support for SSH1, mostly from Assar Westerlund
<assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-07-04 04:21:14 +00:00
Ben Lindstrom
d6481ea49a
- markus@cvs.openbsd.org 2001/06/23 02:34:33
...
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
get rid of known_hosts2, use it for hostkey lookup, but do not
modify.
2001-06-25 04:37:41 +00:00
Ben Lindstrom
1bf11f6af7
- markus@cvs.openbsd.org 2001/06/08 15:25:40
...
[includes.h pathnames.h readconf.c servconf.c]
move the path for xauth to pathnames.h
2001-06-09 01:48:01 +00:00
Ben Lindstrom
2b1f71baee
- stevesk@cvs.openbsd.org 2001/05/24 18:57:53
...
[clientloop.c readconf.c ssh.c ssh.h]
don't perform escape processing when ``EscapeChar none''; ok markus@
2001-06-05 20:32:21 +00:00