[misc.c misc.h scp.c sftp.c]
fix local arbitrary command execution vulnerability on local/local and
remote/remote copies (CVE-2006-0225, bz #1094), patch by
t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
[serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
two changes to the new ssh tunnel support. this breaks compatibility
with the initial commit but is required for a portable approach.
- make the tunnel id u_int and platform friendly, use predefined types.
- support configuration of layer 2 (ethernet) or layer 3
(point-to-point, default) modes. configuration is done using the
Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
in sshd_config(5).
ok djm@, man page bits by jmc@
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
implement support for X11 and agent forwarding over multiplex slave
connections. Because of protocol limitations, the slave connections inherit
the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
their own.
ok dtucker@ "put it in" deraadt@
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
[misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
[sshd_config.5]
bz#413: allow optional specification of bind address for port forwardings.
Patch originally by Dan Astorian, but worked on by several people
Adds GatewayPorts=clientspecified option on server to allow remote
forwards to bind to client-specified ports.
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
Discard over-length authorized_keys entries rather than complaining when
they don't decode. bz #884, with & ok djm@
[clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
Add option for confirmation (ControlMaster=ask) via ssh-askpass before
opening shared connections; ok markus@
[auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c
tildexpand.c], removed: sshtty.h tildexpand.h
make two tiny header files go away; djm ok
- stevesk@cvs.openbsd.org 2002/01/24 21:09:25
[channels.c misc.c misc.h packet.c]
add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).
no nagle changes just yet; ok djm@ markus@
[misc.c misc.h servconf.c sshd.8 sshd.c]
sshd command-line arguments and configuration file options that
specify time may be expressed using a sequence of the form:
time[qualifier], where time is a positive integer value and qualifier
is one of the following:
<none>,s,m,h,d,w
Examples:
600 600 seconds (10 minutes)
10m 10 minutes
1h30m 1 hour 30 minutes (90 minutes)
ok markus@