Replace "trojan horse" with the correct term (MITM).
From maikel at predikkta.com via bz#2822, ok markus@
OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53
The file descriptors for socket, stdin, stdout and stderr
aren't necessarily distinct, so check if they are the same to avoid closing
the same fd several times.
ok djm
OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
certificate options are case-sensitive; fix case on one
that had it wrong.
move a badly-place sentence to a less bad place
OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
1. Move Start-SSHD-TestDaemon and Stop-SSHD-TestDaemon to commonUtils.psm1
2. Fix the timing issue when trying to read the log while it is still locked by the process.
3, Start the service to create the config fold if it is not there.
4. Skip authorizedkey and sshdconfig tests on win7 since the task scheduler cmdlets are not available on win7.
5. rename variables
PowerShell/Win32-OpenSSH#1032
Issue: Ssh-shellhost.exe creates a job object and ties all its child processes to its lifetime. It does not allow the child processes to break away from this job. This restriction is unnecessary.
Fix: Modified job object to allow child processes to break away if they need to.
Fix a logic bug in sshd_exchange_identification which
prevented clients using major protocol version 2 from connecting to the
server. ok millert@
OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
try harder to preserve errno during
ssh_connect_direct() to make the final error message possibly accurate;
bz#2814, ok dtucker@
OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca
unbreak support for clients that advertise a protocol
version of "1.99" (indicating both v2 and v1 support). Busted by me during
SSHv1 purge in r1.358; bz2810, ok dtucker
OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b
don't attempt to force hostnames that are addresses to
lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to
remove ambiguities (e.g. ::0001 => ::1) before they are matched against
known_hosts; bz#2763, ok dtucker@
OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0
avoid modifying pw->pw_passwd; let endpwent() clean up
for us, but keep a scrubbed copy; bz2777, ok dtucker@
OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752
split client/server kex; only ssh-keygen needs
uuencode.o; only scp/sftp use progressmeter.o; ok djm@
OpenBSD-Commit-ID: f2c9feb26963615c4fece921906cf72e248b61ee
* add date in the log file in MM/DD/YYYY format
* changed date format in log file to bigendian ISO 8601 (YYYY-MM-DD) (#256)
The "madendian" MM/DD/YYYY format is not used outside the United States
(and rather irritating elsewhere)
OpenSSh privilege separation model - http://www.citi.umich.edu/u/provos/ssh/privsep.html
Posix_spawn is implemented in POSIX adapter as an alternative to fork() that is heavily used in Privilege separation.
Additional state info is added to sshd to accommodate distinguishing the various modes (privileged monitor, unprivileged child, authenticated child).
Required service state (like config and host keys) is transmitted over pipes from monitor to child processes.
Changes to installation scripts and tests to accomodate new architectural changes
revert stricter key type / signature type checking in
userauth path; too much software generates inconsistent messages, so we need
a better plan.
OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519
use cmp in a loop instead of diff -N to compare
directories. The former works on more platforms for Portable.
OpenBSD-Regress-ID: c3aa72807f9c488e8829a26ae50fe5bcc5b57099
unbreak hostkey rotation; attempting to sign with a
desired signature algorithm of kex->hostkey_alg is incorrect when the key
type isn't capable of making those signatures. ok markus@
OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906
Darren Tucker
dtucker@openbsd.org
tb@openbsd.org
djm@openbsd.org
bagajjal
Manoj Ampalam
Yanbing
Damien Miller
stsp@openbsd.org
naddy@openbsd.org
markus@openbsd.org
Karl Itnic