Commit Graph

88 Commits

Author SHA1 Message Date
Ben Lindstrom c5c15dde32 - markus@cvs.openbsd.org 2002/05/15 21:02:53
[servconf.c sshd.8 sshd_config]
     disable privsep and enable setuid for the 3.2.2 release
2002-05-15 21:37:34 +00:00
Ben Lindstrom bb2ce36d4d - deraadt@cvs.openbsd.org 2002/05/04 02:39:35
[servconf.c sshd.8 sshd_config]
     enable privsep by default; provos ok
(historical)
2002-05-15 21:35:43 +00:00
Damien Miller d7de14b6ad - markus@cvs.openbsd.org 2002/04/22 16:16:53
[servconf.c sshd.8 sshd_config]
     do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
2002-04-23 21:04:51 +10:00
Damien Miller e4ccf100e0 - (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/04/20 09:02:03
     [servconf.c]
     No, afs requires explicit enabling
2002-04-23 20:40:28 +10:00
Damien Miller fd4c9eee25 - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk> 2002-04-13 11:04:40 +10:00
Ben Lindstrom c743134191 - stevesk@cvs.openbsd.org 2002/03/20 19:12:25
[servconf.c servconf.h ssh.h sshd.c]
     for unprivileged user, group do:
     pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw).  ok provos@
2002-03-22 03:11:49 +00:00
Ben Lindstrom 7a7edf77ed - stevesk@cvs.openbsd.org 2002/03/19 03:03:43
[pathnames.h servconf.c servconf.h sshd.c]
     _PATH_PRIVSEP_CHROOT_DIR; ok provos@
2002-03-22 02:42:37 +00:00
Ben Lindstrom 01426a67c8 - stevesk@cvs.openbsd.org 2002/03/18 23:52:51
[servconf.c]
     UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
     provos@
2002-03-22 02:40:03 +00:00
Ben Lindstrom 7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
2002-03-22 02:30:41 +00:00
Damien Miller 3a5b023330 Stupid djm commits experimental code to head instead of branch
revert
2002-03-13 13:19:42 +11:00
Damien Miller 646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00
Damien Miller fcd9320440 - markus@cvs.openbsd.org 2002/02/04 12:15:25
[log.c log.h readconf.c servconf.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
2002-02-05 12:26:34 +11:00
Damien Miller c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller 95c249ff47 - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
     add X11UseLocalhost; ok markus@
2002-02-05 12:11:34 +11:00
Damien Miller 4fbf08a8f0 - stevesk@cvs.openbsd.org 2002/01/22 02:52:41
[servconf.c]
     typo in error message; from djast@cs.toronto.edu
2002-01-22 23:35:09 +11:00
Damien Miller 7fc2373f17 - stevesk@cvs.openbsd.org 2002/01/04 18:14:16
[servconf.c sshd.8]
     protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
     /etc/ssh_host_dsa_key like we have in sshd_config.  ok markus@
2002-01-22 23:19:11 +11:00
Damien Miller f51b0e1a30 - stevesk@cvs.openbsd.org 2002/01/04 17:59:17
[readconf.c servconf.c]
     remove #ifdef _PATH_XAUTH/#endif; ok markus@
2002-01-22 23:18:49 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom ade03f6bad - markus@cvs.openbsd.org 2001/12/06 13:30:06
[servconf.c servconf.h sshd.8 sshd.c]
     add -o to sshd, too. ok deraadt@
 - (bal) Minor white space fix up in servconf.c
2001-12-06 18:22:17 +00:00
Ben Lindstrom 1c37c6a518 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
     minor KNF
2001-12-06 18:00:18 +00:00
Ben Lindstrom 65366a8c76 - stevesk@cvs.openbsd.org 2001/11/17 19:14:34
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
     enum/int type cleanup where it made sense to do so; ok markus@
2001-12-06 16:32:47 +00:00
Damien Miller 527366ccba - markus@cvs.openbsd.org 2001/11/12 11:17:07
[servconf.c]
     enable authorized_keys2 again. tested by fries@
2001-11-14 00:03:14 +11:00
Damien Miller 726273e129 - (djm) Reorder portable-specific server options so that they come first.
This should help reduce diff collisions for new server options (as they
   will appear at the end)
2001-11-12 11:40:11 +11:00
Damien Miller 75413ac499 - markus@cvs.openbsd.org 2001/11/11 13:02:31
[servconf.c]
     make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if AuthorizedKeysFile is specified.
2001-11-12 11:14:35 +11:00
Ben Lindstrom 91e9868e4f - jakob@cvs.openbsd.org 2001/08/16 19:18:34
[servconf.c servconf.h session.c sshd.8]
     deprecate CheckMail. ok markus@
2001-09-12 16:32:14 +00:00
Damien Miller c4b7feabe0 - itojun@cvs.openbsd.org 2001/07/11 00:24:53
[servconf.c]
     make it compilable in all 4 combination of KRB4/KRB5 settings.
     dugsong ok
     XXX isn't it sensitive to the order of -I/usr/include/kerberosIV and
     -I/usr/include/kerberosV?
2001-07-14 12:20:32 +10:00
Damien Miller 4085785276 - OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2001/07/08 15:23:38
     [servconf.c]
     fix ``MaxStartups max''; ok markus@
2001-07-14 12:17:33 +10:00
Kevin Steves 27fd19291a whitespace sync 2001-07-04 18:29:14 +00:00
Ben Lindstrom eb7a84c49e - dugsong@cvs.openbsd.org 2001/06/26 17:41:49
[servconf.c]
     #include <kafs.h>
2001-07-04 04:48:36 +00:00
Ben Lindstrom ec95ed9b4c - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
      servconf.c servconf.h session.c sshconnect1.c sshd.c]
     Kerberos v5 support for SSH1, mostly from Assar Westerlund
     <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-07-04 04:21:14 +00:00
Ben Lindstrom bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
2001-06-25 05:01:22 +00:00
Ben Lindstrom 1bf11f6af7 - markus@cvs.openbsd.org 2001/06/08 15:25:40
[includes.h pathnames.h readconf.c servconf.c]
     move the path for xauth to pathnames.h
2001-06-09 01:48:01 +00:00
Ben Lindstrom bfb3a0e973 - markus@cvs.openbsd.org 2001/05/20 17:20:36
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
      sshd_config]
     configurable authorized_keys{,2} location; originally from peter@;
     ok djm@
2001-06-05 20:25:05 +00:00
Ben Lindstrom 1bda4c835e - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
[misc.c misc.h servconf.c sshd.8 sshd.c]
     sshd command-line arguments and configuration file options that
     specify time may be expressed using a sequence of the form:
     time[qualifier], where time is a positive integer value and qualifier
     is one of the following:
         <none>,s,m,h,d,w
     Examples:
         600     600 seconds (10 minutes)
         10m     10 minutes
         1h30m   1 hour 30 minutes (90 minutes)
     ok markus@
2001-06-05 19:59:08 +00:00
Ben Lindstrom 551ea37576 - markus@cvs.openbsd.org 2001/05/18 14:13:29
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
      readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
     improved kbd-interactive support. work by per@appgate.com and me
2001-06-05 18:56:16 +00:00
Ben Lindstrom a6218b81ca - stevesk@cvs.openbsd.org 2001/05/03 21:43:01
[servconf.c]
     remove "\n" from fatal()
2001-05-03 22:39:11 +00:00
Damien Miller f815442116 - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
(default: off), implies KbdInteractiveAuthentication. Suggestion from
   markus@
2001-04-25 22:44:14 +10:00
Ben Lindstrom b5cdc66438 - stevesk@cvs.openbsd.org 2001/04/15 21:28:35
[readconf.c servconf.c]
     use fatal() or error() vs. fprintf(); ok markus@
2001-04-16 02:13:26 +00:00
Ben Lindstrom 5744dc421d - beck@cvs.openbsd.org 2001/04/13 22:46:54
[channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
     Add options ClientAliveInterval and ClientAliveCountMax to sshd.
     This gives the ability to do a "keepalive" via the encrypted channel
     which can't be spoofed (unlike TCP keepalives). Useful for when you want
     to use ssh connections to authenticate people for something, and know
     relatively quickly when they are no longer authenticated. Disabled
     by default (of course). ok markus@
2001-04-13 23:28:01 +00:00
Ben Lindstrom 19066a112b - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
     robust port validation; ok markus@ jakob@
2001-04-12 23:39:26 +00:00
Ben Lindstrom 5eabda303a - markus@cvs.openbsd.org 2001/04/12 19:15:26
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
      compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
      servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
      sshconnect2.c sshd_config]
     implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
     similar to RhostRSAAuthentication unless you enable (the experimental)
     HostbasedUsesNameFromPacketOnly option.  please test. :)
2001-04-12 23:34:34 +00:00
Ben Lindstrom c510af40e3 - stevesk@cvs.openbsd.org 2001/04/06 22:25:25
[servconf.c]
     in addition to:
     ListenAddress host|ipv4_addr|ipv6_addr
     permit:
     ListenAddress [host|ipv4_addr|ipv6_addr]:port
     ListenAddress host|ipv4_addr:port
     sshd.8 updates coming.  ok markus@
2001-04-07 17:25:48 +00:00
Ben Lindstrom 3704c2612a - stevesk@cvs.openbsd.org 2001/04/02 14:20:23
[readconf.c servconf.c]
     correct comment; ok markus@
2001-04-02 18:20:03 +00:00
Ben Lindstrom 7bfff36ca3 - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
[servconf.c servconf.h session.c sshd.8 sshd_config]
     PrintLastLog option; from chip@valinux.com with some minor
     changes by me.  ok markus@
2001-03-26 05:45:53 +00:00
Ben Lindstrom 35f1f4e2b8 - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
[servconf.c]
     sync error message; ok markus@
2001-03-06 01:02:41 +00:00
Ben Lindstrom 6df8ef4196 - millert@cvs.openbsd.org 2001/03/04 17:42:28
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
      ssh.c sshconnect.c sshd.c]
     log functions should not be passed strings that end in newline as they
     get passed on to syslog() and when logging to stderr, do_log() appends
     its own newline.
2001-03-05 07:47:23 +00:00
Ben Lindstrom d9cae22d1a - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
[servconf.c sshd.8]
     kill obsolete RandomSeed; ok markus@ deraadt@
2001-03-05 07:42:03 +00:00
Ben Lindstrom 33a3cc30eb - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
[servconf.c]
     grammar; slade@shore.net
2001-03-05 05:07:52 +00:00
Ben Lindstrom d8a9021f36 - markus@cvs.openbsd.org 2001/02/12 16:16:23
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
      ssh-keygen.c sshd.8]
     PermitRootLogin={yes,without-password,forced-commands-only,no}
     (before this change, root could login even if PermitRootLogin==no)
2001-02-15 03:08:27 +00:00
Ben Lindstrom 06b33aa0e8 - markus@cvs.openbsd.org 2001/02/11 12:59:25
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
     1) clean up the MAC support for SSH-2
     2) allow you to specify the MAC with 'ssh -m'
     3) or the 'MACs' keyword in ssh(d)_config
     4) add hmac-{md5,sha1}-96
             ok stevesk@, provos@
2001-02-15 03:01:59 +00:00