Commit Graph

266 Commits

Author SHA1 Message Date
Damien Miller 98339054f9 - jmc@cvs.openbsd.org 2010/03/05 06:50:35
[ssh.1 sshd.8]
     tweak previous;
2010-03-05 21:30:35 +11:00
Damien Miller a7dab8bfe5 - djm@cvs.openbsd.org 2010/03/04 23:19:29
[ssh.1 sshd.8]
     move section on CA and revoked keys from ssh.1 to sshd.8's known hosts
     format section and rework it a bit; requested by jmc@
2010-03-05 10:42:05 +11:00
Damien Miller cd38c9c555 - djm@cvs.openbsd.org 2010/03/03 22:49:50
[sshd.8]
     the authorized_keys option for CA keys is "cert-authority", not
     "from=cert-authority". spotted by imorgan AT nas.nasa.gov
2010-03-04 21:51:37 +11:00
Damien Miller 15f5b560b1 - jmc@cvs.openbsd.org 2010/02/26 22:09:28
[ssh-keygen.1 ssh.1 sshd.8]
     tweak previous;
2010-03-03 10:25:21 +11:00
Damien Miller 0a80ca190a - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/02/26 20:29:54
     [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
     [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
     [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
     [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
     [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
     [sshconnect2.c sshd.8 sshd.c sshd_config.5]
     Add support for certificate key types for users and hosts.

     OpenSSH certificate key types are not X.509 certificates, but a much
     simpler format that encodes a public key, identity information and
     some validity constraints and signs it with a CA key. CA keys are
     regular SSH keys. This certificate style avoids the attack surface
     of X.509 certificates and is very easy to deploy.

     Certified host keys allow automatic acceptance of new host keys
     when a CA certificate is marked as sh/known_hosts.
     see VERIFYING HOST KEYS in ssh(1) for details.

     Certified user keys allow authentication of users when the signing
     CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
     FILE FORMAT" in sshd(8) for details.

     Certificates are minted using ssh-keygen(1), documentation is in
     the "CERTIFICATES" section of that manpage.

     Documentation on the format of certificates is in the file
     PROTOCOL.certkeys

     feedback and ok markus@
2010-02-27 07:55:05 +11:00
Damien Miller 74d9825c0f - djm@cvs.openbsd.org 2010/01/30 21:08:33
[sshd.8]
     debug output goes to stderr, not "the system log"; ok markus dtucker
2010-02-02 17:01:46 +11:00
Darren Tucker 7a4a76579e - jmc@cvs.openbsd.org 2009/10/08 20:42:12
[sshd_config.5 ssh_config.5 sshd.8 ssh.1]
     some tweaks now that protocol 1 is not offered by default; ok markus
2009-10-11 21:51:40 +11:00
Darren Tucker 5837b51aec - sobrado@cvs.openbsd.org 2009/03/26 08:38:39
[sftp-server.8 sshd.8 ssh-agent.1]
     fix a few typographical errors found by spell(1).
     ok dtucker@, jmc@
2009-06-21 17:52:27 +10:00
Damien Miller 49b78d4fbc - jmc@cvs.openbsd.org 2008/10/03 13:08:12
[sshd.8]
     do not give an example of how to chmod files: we can presume the user
     knows that. removes an ambiguity in the permission of authorized_keys;
     ok deraadt
2008-11-03 19:21:21 +11:00
Darren Tucker 7499b0cca0 - djm@cvs.openbsd.org 2008/07/02 02:24:18
[sshd_config sshd_config.5 sshd.8 servconf.c]
     increase default size of ssh protocol 1 ephemeral key from 768 to 1024
     bits; prodded by & ok dtucker@ ok deraadt@
2008-07-02 22:35:43 +10:00
Darren Tucker 1199673393 - jmc@cvs.openbsd.org 2008/06/11 07:30:37
[sshd.8]
     kill trailing whitespace;
2008-06-13 04:32:00 +10:00
Darren Tucker 896ad5a4e4 - djm@cvs.openbsd.org 2008/06/10 23:06:19
[auth-options.c match.c servconf.c addrmatch.c sshd.8]
     support CIDR address matching in .ssh/authorized_keys from="..." stanzas
     ok and extensive testing dtucker@
2008-06-11 09:34:46 +10:00
Darren Tucker e7f3f75651 - jmc@cvs.openbsd.org 2008/06/10 08:17:40
[sshd.8 sshd.c]
     - update usage()
     - fix SYNOPSIS, and sort options
     - some minor additional fixes
2008-06-10 23:06:01 +10:00
Darren Tucker e7140f20cb - dtucker@cvs.openbsd.org 2008/06/10 04:50:25
[sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8]
     Add extended test mode (-T) and connection parameters for test mode (-C).
     -T causes sshd to write its effective configuration to stdout and exit.
     -C causes any relevant Match rules to be applied before output.  The
     combination allows tesing of the parser and config files.  ok deraadt djm
2008-06-10 23:01:51 +10:00
Damien Miller 13ba9c2439 - jmc@cvs.openbsd.org 2008/03/27 22:37:57
[sshd.8]
     remove trailing whitespace;
2008-04-03 20:52:51 +11:00
Damien Miller 95e80955f2 - djm@cvs.openbsd.org 2008/03/26 21:28:14
[auth-options.c auth-options.h session.c sshd.8]
     add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
2008-03-27 11:03:05 +11:00
Damien Miller 5447eb2454 - jmc@cvs.openbsd.org 2008/02/11 07:58:28
[ssh.1 sshd.8 sshd_config.5]
     bump Mdocdate for pages committed in "febuary", necessary because
     of a typo in rcs.c;
2008-03-27 10:50:21 +11:00
Damien Miller 520e61552a - mcbride@cvs.openbsd.org 2008/02/09 12:15:43
[ssh.1 sshd.8]
     Document the correct permissions for the ~/.ssh/ directory.
     ok jmc
2008-02-10 22:46:22 +11:00
Darren Tucker 1a9176bf22 - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
accounts and that's what the code looks for, so make man page and code
   agree.  Pointed out by Roumen Petrov.
2007-08-17 09:42:32 +10:00
Damien Miller e45796f7b4 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
     [ssh_config.5 sshd.8 sshd_config.5]
     Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
     must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
     compared to hmac-md5. Represents a different approach to message
     authentication to that of HMAC that may be beneficial if HMAC based on
     one of its underlying hash algorithms is found to be vulnerable to a
     new attack.  http://www.ietf.org/rfc/rfc4418.txt
     in conjunction with and OK djm@
2007-06-11 14:01:42 +10:00
Darren Tucker aa4d5eda10 - jmc@cvs.openbsd.org 2007/05/31 19:20:16
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
     ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
     convert to new .Dd format;
     (We will need to teach mdoc2man.awk to understand this too.)
2007-06-05 18:27:13 +10:00
Darren Tucker 04354b97dc - jmc@cvs.openbsd.org 2007/03/20 15:57:15
[sshd.8]
     - let synopsis and description agree for -f
     - sort FILES
     - +.Xr ssh-keyscan 1 ,
     from Igor Sobrado
2007-03-21 20:46:54 +11:00
Damien Miller 5d43d49014 - dtucker@cvs.openbsd.org 2006/08/21 08:15:57
[sshd.8]
     Add more detail about what permissions are and aren't accepted for
     authorized_keys files.  Corrections jmc@, ok djm@, "looks good" jmc@
2006-08-30 11:07:00 +10:00
Damien Miller e275443f66 - dtucker@cvs.openbsd.org 2006/07/19 13:07:10
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
     Add ForceCommand keyword to sshd_config, equivalent to the "command="
     key option, man page entry and example in sshd_config.
     Feedback & ok djm@, man page corrections & ok jmc@
2006-07-24 14:06:47 +10:00
Darren Tucker 1131847684 - jmc@cvs.openbsd.org 2006/07/10 16:04:21
[sshd.8]
     s/and and/and/
2006-07-12 22:07:59 +10:00
Darren Tucker da34553561 - dtucker@cvs.openbsd.org 2006/07/10 12:46:51
[misc.c misc.h sshd.8 sshconnect.c]
     Add port identifier to known_hosts for non-default ports, based originally
     on a patch from Devin Nate in bz#910.
     For any connection using the default port or using a HostKeyAlias the
     format is unchanged, otherwise the host name or address is enclosed
     within square brackets in the same format as sshd's ListenAddress.
     Tested by many, ok markus@.
2006-07-10 23:04:19 +10:00
Damien Miller 208f1ed6f1 - jmc@cvs.openbsd.org 2006/02/24 20:31:31
[ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     more consistency fixes;
2006-03-15 11:56:03 +11:00
Damien Miller c7d5b5e466 - jmc@cvs.openbsd.org 2006/02/24 10:39:52
[sshd.8]
     signpost to PATTERNS section;
2006-03-15 11:55:08 +11:00
Damien Miller edd0375d82 - jmc@cvs.openbsd.org 2006/02/19 20:05:00
[sshd.8]
     grammar;
2006-03-15 11:36:45 +11:00
Damien Miller 445121fe8d - jmc@cvs.openbsd.org 2006/02/19 20:02:17
[sshd.8]
     sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
2006-03-15 11:36:18 +11:00
Damien Miller fd725cf585 - jmc@cvs.openbsd.org 2006/02/19 19:52:10
[sshd.8]
     move the sshrc stuff out of FILES, and into its own section:
     FILES is not a good place to document how stuff works;
2006-03-15 11:35:54 +11:00
Damien Miller adc35b9583 - jmc@cvs.openbsd.org 2006/02/16 09:05:34
[sshd.8]
     sync some of the FILES entries w/ ssh.1;
2006-03-15 11:35:27 +11:00
Damien Miller bc1936ad87 - jmc@cvs.openbsd.org 2006/02/15 16:55:33
[sshd.8]
     remove ietf draft references; RFC list now maintained in ssh.1;
2006-03-15 11:35:05 +11:00
Damien Miller d8702e865d - jmc@cvs.openbsd.org 2006/02/13 11:27:25
[sshd.8]
     sort FILES and use a -compact list;
2006-03-15 11:33:56 +11:00
Damien Miller c8f61cf199 - jmc@cvs.openbsd.org 2006/02/13 11:08:43
[sshd.8]
     - avoid nasty line split
     - `*' does not need to be escaped
2006-03-15 11:33:25 +11:00
Damien Miller cc00f5e259 - jmc@cvs.openbsd.org 2006/02/13 11:02:26
[sshd.8]
     turn this into an example ssh_known_hosts file; ok djm
2006-03-15 11:33:00 +11:00
Damien Miller 9a7f201d45 - jmc@cvs.openbsd.org 2006/02/13 10:21:25
[sshd.8]
     small tweaks for the ssh_known_hosts section;
2006-03-15 11:32:42 +11:00
Damien Miller 7d2ef02f1c - jmc@cvs.openbsd.org 2006/02/13 10:16:39
[sshd.8]
     no need to subsection the authorized_keys examples - instead, convert
     this to look like an actual file. also use proto 2 keys, and use IETF
     example addresses;
2006-03-15 11:32:06 +11:00
Damien Miller 31bdc52325 - jmc@cvs.openbsd.org 2006/02/12 17:57:19
[sshd.8]
     sort the list of options permissable w/ authorized_keys;
     ok djm dtucker
2006-03-15 11:31:44 +11:00
Damien Miller dcfea27f1b - jmc@cvs.openbsd.org 2006/02/12 10:52:41
[sshd.8]
     rework the description of authorized_keys a little;
2006-03-15 11:31:22 +11:00
Damien Miller c47d7e9e19 - jmc@cvs.openbsd.org 2006/02/09 10:10:47
[sshd.8]
     - move some text into a CAVEATS section
     - merge the COMMAND EXECUTION... section into AUTHENTICATION
2006-03-15 11:27:20 +11:00
Damien Miller 2ac05779f7 - jmc@cvs.openbsd.org 2006/02/01 09:11:41
[sshd.8]
     small tweak;
2006-02-01 22:05:42 +11:00
Damien Miller 8bbdf90f33 - (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2006/02/01 09:06:50
     [sshd.8]
     - merge sections on protocols 1 and 2 into a single section
     - remove configuration file section
     ok markus
2006-02-01 22:05:25 +11:00
Damien Miller 7602cba59d - jmc@cvs.openbsd.org 2006/01/25 09:07:22
[sshd.8]
     move subsections to full sections;
2006-01-31 21:46:20 +11:00
Damien Miller 99cc4a8f1e - jmc@cvs.openbsd.org 2006/01/25 09:04:34
[sshd.8]
     move the options description up the page, and a few additional tweaks
     whilst in here;
     ok markus
2006-01-31 21:45:53 +11:00
Damien Miller 7c24b81699 - jmc@cvs.openbsd.org 2006/01/12 22:20:00
[sshd.8]
     refer to TCP forwarding, rather than TCP/IP forwarding;
2006-01-14 10:09:56 +11:00
Damien Miller d7f308f6d8 - stevesk@cvs.openbsd.org 2005/12/21 22:44:26
[sshd.8]
     clarify precedence of -p, Port, ListenAddress; ok and help jmc@
2005-12-24 14:55:16 +11:00
Damien Miller d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Tim Rice 46259d86a2 - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
for UnixWare.
2005-11-28 18:40:34 -08:00
Darren Tucker b18f15100a - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended
"*LOCKED*" string) for FreeBSD.  Patch jeremie at le-hen.org and
   senthilkumar_sen at hotpop.com.
2005-10-05 23:02:16 +10:00
Damien Miller ac7ef6a736 - djm@cvs.openbsd.org 2005/06/08 03:50:00
[ssh-keygen.1 ssh-keygen.c sshd.8]
     increase default rsa/dsa key length from 1024 to 2048 bits;
     ok markus@ deraadt@
2005-06-16 13:19:06 +10:00
Damien Miller 167ea5d026 - djm@cvs.openbsd.org 2005/04/21 06:17:50
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
     [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
     variable, so don't say that we do (bz #623); ok deraadt@
2005-05-26 12:04:02 +10:00
Damien Miller 718fd4b9b8 - jmc@cvs.openbsd.org 2005/03/01 14:59:49
[sshd.8]
     new sentence, new line;
     whitespace;
2005-03-02 12:03:23 +11:00
Damien Miller e1776155d1 - djm@cvs.openbsd.org 2005/03/01 10:40:27
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
     [sshconnect.c sshd.8]
     add support for hashing host names and addresses added to known_hosts
     files, to improve privacy of which hosts user have been visiting; ok
     markus@ deraadt@
2005-03-01 21:47:37 +11:00
Damien Miller 70a908ec89 - jmc@cvs.openbsd.org 2005/02/25 10:55:13
[sshd.8]
     add /etc/motd and $HOME/.hushlogin to FILES;
     from michael knudsen;
2005-03-01 21:17:09 +11:00
Darren Tucker 22cc741096 - dtucker@cvs.openbsd.org 2004/12/06 11:41:03
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
     Discard over-length authorized_keys entries rather than complaining when
     they don't decode.  bz #884, with & ok djm@
2004-12-06 22:47:41 +11:00
Darren Tucker db69390817 - markus@cvs.openbsd.org 2004/08/26 16:00:55
[ssh.1 sshd.8]
     get rid of references to rhosts authentication; with jmc@
2004-08-29 16:37:24 +10:00
Darren Tucker 097e1e9a97 - dtucker@cvs.openbsd.org 2004/05/02 11:54:31
[sshd.8]
     Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk
     via Debian; ok djm@
2004-05-02 22:15:08 +10:00
Darren Tucker 1f20394e92 - jmc@cvs.openbsd.org 2003/10/08 08:27:36
[scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8]
     scp and sftp: add options list and sort options. options list requested
     by deraadt@
     sshd: use same format as ssh
     ssh: remove wrong option from list
     sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
     ok deraadt@ markus@
2003-10-15 15:50:42 +10:00
Darren Tucker e41bba5847 - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny
any access to locked accounts.  ok djm@
2003-08-25 11:51:19 +10:00
Darren Tucker ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Damien Miller f1ce505daf - jmc@cvs.openbsd.org 2003/06/10 09:12:11
[scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5]
     [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
     - section reorder
     - COMPATIBILITY merge
     - macro cleanup
     - kill whitespace at EOL
     - new sentence, new line
     ssh pages ok markus@
2003-06-11 22:04:39 +10:00
Damien Miller fbf486b4a6 - jmc@cvs.openbsd.org 2003/05/20 12:09:31
[ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
     new sentence, new line
2003-05-23 18:44:23 +10:00
Damien Miller 3155432cd9 - david@cvs.openbsd.org 2003/04/30 20:41:07
[sshd.8]
     fix invalid .Pf macro usage introduced in previous commit
     ok jmc@ mouring@
2003-05-14 13:44:58 +10:00
Damien Miller 049245d260 - mouring@cvs.openbsd.org 2003/04/30 01:16:20
[sshd.8 sshd_config.5]
     Escape ?, * and ! in .Ql for nroff compatibility.  OpenSSH Portable
     Bug #550 and * escaping suggested by jmc@.
2003-05-14 13:44:42 +10:00
Damien Miller ffadc583f6 - jmc@cvs.openbsd.org 2003/01/31 21:54:40
[sshd.8]
     typos; sshd(8): help and ok markus@
     help and ok millert@
2003-02-24 11:52:26 +11:00
Damien Miller dcbb6c2dc9 - todd@cvs.openbsd.org 2002/09/24 20:59:44
[sshd.8]
     tweak the example $HOME/.ssh/rc script to not show on any cmdline the
     sensitive data it handles. This fixes bug # 402 as reported by
     kolya@mit.edu (Nickolai Zeldovich).
     ok markus@ and stevesk@
2002-09-25 12:20:52 +10:00
Damien Miller 86247e2798 - stevesk@cvs.openbsd.org 2002/09/16 22:03:13
[sshd.8]
     reference moduli(5) in FILES /etc/moduli.
2002-09-19 11:51:53 +10:00
Damien Miller c13486300d - (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/09/04 18:52:42
     [servconf.c sshd.8 sshd_config.5]
     default LoginGraceTime to 2m; 1m may be too short for slow systems.
     ok markus@
2002-09-05 14:35:14 +10:00
Damien Miller f771ab75f0 - stevesk@cvs.openbsd.org 2002/08/21 19:38:06
[servconf.c sshd.8 sshd_config sshd_config.5]
     change LoginGraceTime default to 1 minute; ok mouring@ markus@
2002-09-04 16:25:52 +10:00
Damien Miller b83df8d505 - espie@cvs.openbsd.org 2002/08/21 11:20:59
[sshd.8]
     `RSA' updated to refer to `public key', where it matters.
     okay markus@
2002-09-04 16:24:55 +10:00
Ben Lindstrom bd9bf38b00 - stevesk@cvs.openbsd.org 2002/08/12 17:30:35
[ssh.1 sshd.8 sshd_config.5]
     more PermitUserEnvironment; ok markus@
2002-08-20 18:54:20 +00:00
Ben Lindstrom dc7adf2670 - marc@cvs.openbsd.org 2002/08/02 16:00:07
[ssh.1 sshd.8]
     note that .ssh/environment is only read when
     allowed (PermitUserEnvironment in sshd_config).
     OK markus@
2002-08-20 18:38:02 +00:00
Ben Lindstrom 959de99aa0 - stevesk@cvs.openbsd.org 2002/06/22 16:45:29
[ssh-agent.1 sshd.8 sshd_config.5]
     use process ID vs. pid/PID/process identifier
2002-06-23 00:35:25 +00:00
Ben Lindstrom 624e3f2065 - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
[sshd.8]
     add /var/empty in FILES section
2002-06-23 00:32:57 +00:00
Ben Lindstrom 9f04903c50 - stevesk@cvs.openbsd.org 2002/06/20 19:56:07
[ssh.1 sshd.8]
     move configuration file options from ssh.1/sshd.8 to
     ssh_config.5/sshd_config.5; ok deraadt@ millert@
2002-06-21 00:59:05 +00:00
Ben Lindstrom 20abb75f53 - stevesk@cvs.openbsd.org 2002/05/29 03:06:30
[ssh.1 sshd.8]
     spelling
2002-06-06 20:45:33 +00:00
Ben Lindstrom fb62a69488 - markus@cvs.openbsd.org 2002/05/15 21:56:38
[servconf.c sshd.8 sshd_config]
     re-enable privsep and disable setuid for post-3.2.2
2002-06-06 19:47:11 +00:00
Ben Lindstrom c5c15dde32 - markus@cvs.openbsd.org 2002/05/15 21:02:53
[servconf.c sshd.8 sshd_config]
     disable privsep and enable setuid for the 3.2.2 release
2002-05-15 21:37:34 +00:00
Ben Lindstrom c57bbf158d - millert@cvs.openbsd.org 2002/05/06 23:34:33
[ssh.1 sshd.8]
     Kill/adjust r(login|exec)d? references now that those are no longer in
     the tree.
2002-05-15 21:36:45 +00:00
Ben Lindstrom bb2ce36d4d - deraadt@cvs.openbsd.org 2002/05/04 02:39:35
[servconf.c sshd.8 sshd_config]
     enable privsep by default; provos ok
(historical)
2002-05-15 21:35:43 +00:00
Damien Miller d7de14b6ad - markus@cvs.openbsd.org 2002/04/22 16:16:53
[servconf.c sshd.8 sshd_config]
     do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
2002-04-23 21:04:51 +10:00
Damien Miller 7a8558d3ea - stevesk@cvs.openbsd.org 2002/04/21 16:19:27
[sshd.8 sshd_config]
     document default AFSTokenPassing no; ok deraadt@
2002-04-23 20:51:15 +10:00
Ben Lindstrom a11e270115 - stevesk@cvs.openbsd.org 2002/04/05 20:56:21
[sshd.8]
     clarify sshrc some and handle X11UseLocalhost=yes; ok markus@
2002-04-05 22:18:48 +00:00
Ben Lindstrom 0d0be02a29 - stevesk@cvs.openbsd.org 2002/03/29 19:16:22
[sshd.8]
     RSA key modulus size minimum 768; ok markus@
2002-04-02 20:39:29 +00:00
Ben Lindstrom f181384a6b - markus@cvs.openbsd.org 2002/03/26 11:34:49
[ssh.1 sshd.8]
     update to recent drafts
2002-03-27 17:18:31 +00:00
Ben Lindstrom 85520a6705 - stevesk@cvs.openbsd.org 2002/03/19 05:23:08
[sshd.8]
     Banner has no default.
2002-03-22 02:44:40 +00:00
Ben Lindstrom 191c8e5eb9 - provos@cvs.openbsd.org 2002/03/18 17:59:09
[sshd.8]
     document UsePrivilegeSeparation
2002-03-22 02:37:50 +00:00
Ben Lindstrom 000dda5373 - provos@cvs.openbsd.org 2002/03/18 17:53:08
[sshd.8]
     credits for privsep
2002-03-22 02:33:12 +00:00
Ben Lindstrom ea03db9dbb - stevesk@cvs.openbsd.org 2002/02/28 20:46:10
[sshd.8]
     -u0 DNS for user@host
2002-03-05 01:38:57 +00:00
Ben Lindstrom 778bf55d89 - stevesk@cvs.openbsd.org 2002/02/28 20:36:42
[sshd.8]
     DenyUsers allows user@host pattern also
2002-03-05 01:37:12 +00:00
Damien Miller afcc22542e - deraadt@cvs.openbsd.org 2002/02/10 01:07:05
[readconf.h sshd.8]
     more /etc/ssh; openbsd@davidkrause.com
2002-02-10 18:32:55 +11:00
Damien Miller 05eda437a6 - (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/02/09 17:37:34
     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
     move ssh config files to /etc/ssh
 - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
2002-02-10 18:32:28 +11:00
Damien Miller 9749c0c972 - stevesk@cvs.openbsd.org 2002/02/03 22:35:57
[ssh.1 sshd.8]
     some KeepAlive cleanup/clarify; ok markus@
2002-02-05 12:23:58 +11:00
Damien Miller c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller 95c249ff47 - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
     add X11UseLocalhost; ok markus@
2002-02-05 12:11:34 +11:00
Damien Miller df64a682f1 - stevesk@cvs.openbsd.org 2002/01/18 20:46:34
[sshd.8]
     clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
     allard@oceanpark.com; ok markus@
2002-01-22 23:33:45 +11:00
Damien Miller 9c3f9505d9 - stevesk@cvs.openbsd.org 2002/01/18 17:14:16
[sshd.8]
     correct Ciphers default; paola.mannaro@ubs.com
2002-01-22 23:33:15 +11:00
Damien Miller 70972eb388 - stevesk@cvs.openbsd.org 2002/01/05 21:51:56
[ssh.1 sshd.8]
     some missing and misplaced periods
2002-01-22 23:19:55 +11:00
Damien Miller 7fc2373f17 - stevesk@cvs.openbsd.org 2002/01/04 18:14:16
[servconf.c sshd.8]
     protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
     /etc/ssh_host_dsa_key like we have in sshd_config.  ok markus@
2002-01-22 23:19:11 +11:00