Damien Miller
3717cdac60
- (djm) [ssh-rand-helper.c] Needs a bunch of headers
2006-03-15 14:02:36 +11:00
Damien Miller
a623807860
- (djm) [openbsd-compat/sha2.h] Avoid include macro clash with
...
system sha2.h
2006-03-15 14:02:01 +11:00
Damien Miller
627725281e
- (djm) [loginrec.c] Need stat.h
2006-03-15 14:01:11 +11:00
Damien Miller
b3b4ba3fba
- (djm) [regress/.cvsignore] Ignore Makefile here
2006-03-15 13:13:27 +11:00
Damien Miller
41e364bcfa
- (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present
2006-03-15 13:12:41 +11:00
Damien Miller
471e9b3ca6
- (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files
2006-03-15 13:09:18 +11:00
Damien Miller
dcf4ca110e
- (djm) [includes.h] Restore accidentally dropped netinet/in.h
2006-03-15 13:07:48 +11:00
Damien Miller
af87af165f
- (djm) [configure.ac defines.h kex.c md-sha256.c]
...
[openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
[openbsd-compat/sha2.c] First stab at portability glue for SHA256
KEX support, should work with libc SHA256 support or OpenSSL
EVP_sha256 if present
2006-03-15 13:02:28 +11:00
Damien Miller
a63128d1a8
- djm@cvs.openbsd.org 2006/03/07 09:07:40
...
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
Implement the diffie-hellman-group-exchange-sha256 key exchange method
using the SHA256 code in libc (and wrapper to make it into an OpenSSL
EVP), interop tested against CVS PuTTY
NB. no portability bits committed yet
2006-03-15 12:08:28 +11:00
Damien Miller
cc3e8ba3c2
- markus@cvs.openbsd.org 2006/03/14 16:32:48
...
[ssh_config.5 sshd_config.5]
*AliveCountMax applies to protcol v2 only; ok dtucker, djm
2006-03-15 12:06:55 +11:00
Damien Miller
de85a28825
- djm@cvs.openbsd.org 2006/03/14 00:15:39
...
[canohost.c]
log the originating address and not just the name when a reverse
mapping check fails, requested by linux AT linuon.com
2006-03-15 12:06:41 +11:00
Damien Miller
8275fade44
- dtucker@cvs.openbsd.org 2006/03/13 10:26:52
...
[authfile.c authfile.h ssh-add.c]
Make ssh-add check file permissions before attempting to load private
key files multiple times; it will fail anyway and this prevents confusing
multiple prompts and warnings. mindrot #1138 , ok djm@
2006-03-15 12:06:23 +11:00
Damien Miller
306d118f72
- dtucker@cvs.openbsd.org 2006/03/13 10:14:29
...
[misc.c ssh_config.5 sshd_config.5]
Allow config directives to contain whitespace by surrounding them by double
quotes. mindrot #482 , man page help from jmc@, ok djm@
2006-03-15 12:05:59 +11:00
Damien Miller
8056a9d46a
- dtucker@cvs.openbsd.org 2006/03/13 08:43:16
...
[ssh-keygen.c]
Make ssh-keygen handle CR and CRLF line termination when converting IETF
format keys, in adition to vanilla LF. mindrot #1157 , tested by Chris
Pepper, ok djm@
2006-03-15 12:05:40 +11:00
Damien Miller
314dd4b2f3
- dtucker@cvs.openbsd.org 2006/03/13 08:33:00
...
[packet.c]
Set TCP_NODELAY for all connections not just "interactive" ones. Fixes
poor performance and protocol stalls under some network conditions (mindrot
bugs #556 and #981 ). Patch originally from markus@, ok djm@
2006-03-15 12:05:22 +11:00
Damien Miller
b24c2f8e33
- djm@cvs.openbsd.org 2006/03/13 08:16:00
...
[sshd.c]
don't log that we are listening on a socket before the listen() call
actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
2006-03-15 12:04:36 +11:00
Damien Miller
2ecb6bd95d
- djm@cvs.openbsd.org 2006/03/12 04:23:07
...
[ssh.c]
knf nit
2006-03-15 12:03:53 +11:00
Damien Miller
ec04f360eb
- djm@cvs.openbsd.org 2006/03/04 04:12:58
...
[serverloop.c]
move a debug() outside of a signal handler; ok markus@ a little while back
2006-03-15 12:01:34 +11:00
Damien Miller
1cf76d97f9
- djm@cvs.openbsd.org 2006/02/28 01:10:21
...
[session.c]
fix logout recording when privilege separation is disabled, analysis and
patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
NB. ID sync only - patch already in portable
2006-03-15 12:01:14 +11:00
Damien Miller
4aea974a1d
- jmc@cvs.openbsd.org 2006/02/26 18:03:10
...
[ssh_config.5]
comma;
2006-03-15 11:59:39 +11:00
Damien Miller
e3beba231a
- jmc@cvs.openbsd.org 2006/02/26 18:01:13
...
[sshd_config.5]
subsection is pointless here;
2006-03-15 11:59:25 +11:00
Damien Miller
b5282c2f06
- jmc@cvs.openbsd.org 2006/02/26 17:17:18
...
[ssh_config.5]
move PATTERNS to the end of the main body; requested by dtucker
2006-03-15 11:59:08 +11:00
Damien Miller
ac73e51390
- jmc@cvs.openbsd.org 2006/02/25 12:28:34
...
[sshd_config.5]
document the order in which allow/deny directives are processed;
help/ok dtucker
2006-03-15 11:58:49 +11:00
Damien Miller
d450f49d4a
missed in commit message:
...
help/ok dtucker
2006-03-15 11:58:25 +11:00
Damien Miller
9cfbaecb64
- jmc@cvs.openbsd.org 2006/02/25 12:26:17
...
[ssh_config.5]
document the possible values for KbdInteractiveDevices;
2006-03-15 11:57:55 +11:00
Damien Miller
f4f22b54c0
- jmc@cvs.openbsd.org 2006/02/24 23:51:17
...
[sshd_config.5]
oops - bits i missed;
2006-03-15 11:57:25 +11:00
Damien Miller
5b0d63f894
- jmc@cvs.openbsd.org 2006/02/24 23:43:57
...
[sshd_config.5]
some grammar/wording fixes;
2006-03-15 11:56:56 +11:00
Damien Miller
45ee2b91e6
- jmc@cvs.openbsd.org 2006/02/24 23:20:07
...
[ssh_config.5]
some grammar/wording fixes;
2006-03-15 11:56:18 +11:00
Damien Miller
208f1ed6f1
- jmc@cvs.openbsd.org 2006/02/24 20:31:31
...
[ssh.1 ssh_config.5 sshd.8 sshd_config.5]
more consistency fixes;
2006-03-15 11:56:03 +11:00
Damien Miller
1faa713323
- jmc@cvs.openbsd.org 2006/02/24 20:22:16
...
[ssh-keysign.8 ssh_config.5 sshd_config.5]
some consistency fixes;
2006-03-15 11:55:31 +11:00
Damien Miller
c7d5b5e466
- jmc@cvs.openbsd.org 2006/02/24 10:39:52
...
[sshd.8]
signpost to PATTERNS section;
2006-03-15 11:55:08 +11:00
Damien Miller
f54a4b9da5
- jmc@cvs.openbsd.org 2006/02/24 10:37:07
...
[ssh_config.5]
tidy up the refs to PATTERNS;
2006-03-15 11:54:36 +11:00
Damien Miller
0c2079d81f
- jmc@cvs.openbsd.org 2006/02/24 10:33:54
...
[sshd_config.5]
signpost to PATTERNS;
2006-03-15 11:54:21 +11:00
Damien Miller
6def55171f
- jmc@cvs.openbsd.org 2006/02/24 10:25:14
...
[ssh_config.5]
add section on patterns;
from dtucker + myself
2006-03-15 11:54:05 +11:00
Damien Miller
c7b06369a8
- stevesk@cvs.openbsd.org 2006/02/22 00:04:45
...
[canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
[sshconnect.c]
move #include <ctype.h> out of includes.h; ok djm@
2006-03-15 11:53:45 +11:00
Damien Miller
6ff3caddb6
oops, this commit is really:
...
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
[serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
move #include <signal.h> out of includes.h; ok markus@
the previous was:
- stevesk@cvs.openbsd.org 2006/02/20 17:19:54
[auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
[authfile.c clientloop.c includes.h readconf.c scp.c session.c]
[sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
[sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
[sshconnect2.c sshd.c sshpty.c]
move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 11:52:09 +11:00
Damien Miller
f17883e6a0
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
...
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
[serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
Damien Miller
574c41fdb3
- stevesk@cvs.openbsd.org 2006/02/20 16:36:15
...
[authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
move #include <sys/un.h> out of includes.h; ok djm@
2006-03-15 11:40:10 +11:00
Damien Miller
5c853b531f
- jmc@cvs.openbsd.org 2006/02/19 20:12:25
...
[ssh_config.5]
add some vertical space;
2006-03-15 11:37:02 +11:00
Damien Miller
edd0375d82
- jmc@cvs.openbsd.org 2006/02/19 20:05:00
...
[sshd.8]
grammar;
2006-03-15 11:36:45 +11:00
Damien Miller
445121fe8d
- jmc@cvs.openbsd.org 2006/02/19 20:02:17
...
[sshd.8]
sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
2006-03-15 11:36:18 +11:00
Damien Miller
fd725cf585
- jmc@cvs.openbsd.org 2006/02/19 19:52:10
...
[sshd.8]
move the sshrc stuff out of FILES, and into its own section:
FILES is not a good place to document how stuff works;
2006-03-15 11:35:54 +11:00
Damien Miller
adc35b9583
- jmc@cvs.openbsd.org 2006/02/16 09:05:34
...
[sshd.8]
sync some of the FILES entries w/ ssh.1;
2006-03-15 11:35:27 +11:00
Damien Miller
bc1936ad87
- jmc@cvs.openbsd.org 2006/02/15 16:55:33
...
[sshd.8]
remove ietf draft references; RFC list now maintained in ssh.1;
2006-03-15 11:35:05 +11:00
Damien Miller
39a93a3305
- jmc@cvs.openbsd.org 2006/02/15 16:53:20
...
[ssh.1]
remove the IETF draft references and replace them with some updated RFCs;
2006-03-15 11:34:45 +11:00
Damien Miller
0c8d8f68db
- david@cvs.openbsd.org 2006/02/15 05:08:24
...
[sftp-client.c]
typo in comment; ok djm@
2006-03-15 11:34:25 +11:00
Damien Miller
d8702e865d
- jmc@cvs.openbsd.org 2006/02/13 11:27:25
...
[sshd.8]
sort FILES and use a -compact list;
2006-03-15 11:33:56 +11:00
Damien Miller
c8f61cf199
- jmc@cvs.openbsd.org 2006/02/13 11:08:43
...
[sshd.8]
- avoid nasty line split
- `*' does not need to be escaped
2006-03-15 11:33:25 +11:00
Damien Miller
cc00f5e259
- jmc@cvs.openbsd.org 2006/02/13 11:02:26
...
[sshd.8]
turn this into an example ssh_known_hosts file; ok djm
2006-03-15 11:33:00 +11:00
Damien Miller
9a7f201d45
- jmc@cvs.openbsd.org 2006/02/13 10:21:25
...
[sshd.8]
small tweaks for the ssh_known_hosts section;
2006-03-15 11:32:42 +11:00
Damien Miller
7d2ef02f1c
- jmc@cvs.openbsd.org 2006/02/13 10:16:39
...
[sshd.8]
no need to subsection the authorized_keys examples - instead, convert
this to look like an actual file. also use proto 2 keys, and use IETF
example addresses;
2006-03-15 11:32:06 +11:00
Damien Miller
31bdc52325
- jmc@cvs.openbsd.org 2006/02/12 17:57:19
...
[sshd.8]
sort the list of options permissable w/ authorized_keys;
ok djm dtucker
2006-03-15 11:31:44 +11:00
Damien Miller
dcfea27f1b
- jmc@cvs.openbsd.org 2006/02/12 10:52:41
...
[sshd.8]
rework the description of authorized_keys a little;
2006-03-15 11:31:22 +11:00
Damien Miller
20c2ec48c3
- jmc@cvs.openbsd.org 2006/02/12 10:49:44
...
[ssh_config.5]
slight rewording; ok djm
2006-03-15 11:31:01 +11:00
Damien Miller
b59d4fe8b5
- djm@cvs.openbsd.org 2006/02/12 10:44:18
...
[readconf.c]
raise error when the user specifies a RekeyLimit that is smaller than 16
(the smallest of our cipher's blocksize) or big enough to cause integer
wraparound; ok & feedback dtucker@
2006-03-15 11:30:38 +11:00
Damien Miller
3ec54c7e58
- djm@cvs.openbsd.org 2006/02/12 06:45:34
...
[ssh.c ssh_config.5]
add a %l expansion code to the ControlPath, which is filled in with the
local hostname at runtime. Requested by henning@ to avoid some problems
with /home on NFS; ok dtucker@
2006-03-15 11:30:13 +11:00
Damien Miller
3fd019ecca
- otto@cvs.openbsd.org 2006/02/11 19:31:18
...
[atomicio.c]
type correctness; from Ray Lai in PR 5011; ok millert@
2006-03-15 11:29:51 +11:00
Damien Miller
9cf6d077fb
- stevesk@cvs.openbsd.org 2006/02/10 01:44:27
...
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?]
[sftp.c sshconnect.c sshconnect2.c sshd.c]
move #include <sys/wait.h> out of includes.h; ok markus@
2006-03-15 11:29:24 +11:00
Damien Miller
17e91c0fb0
- stevesk@cvs.openbsd.org 2006/02/10 00:27:13
...
[channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c]
[ssh.c sshd.c sshpty.c]
move #include <sys/ioctl.h> out of includes.h; ok markus@
2006-03-15 11:28:34 +11:00
Damien Miller
c47d7e9e19
- jmc@cvs.openbsd.org 2006/02/09 10:10:47
...
[sshd.8]
- move some text into a CAVEATS section
- merge the COMMAND EXECUTION... section into AUTHENTICATION
2006-03-15 11:27:20 +11:00
Damien Miller
1d90540534
- stevesk@cvs.openbsd.org 2006/02/09 00:32:07
...
[includes.h]
#include <sys/endian.h> not needed; ok djm@
NB. ID Sync only - we still need this (but it may move later)
2006-03-15 11:26:55 +11:00
Damien Miller
88f254b9a5
- stevesk@cvs.openbsd.org 2006/02/08 23:51:24
...
[includes.h scp.c sftp-glob.c sftp-server.c]
move #include <dirent.h> out of includes.h; ok markus@
2006-03-15 11:25:13 +11:00
Damien Miller
68f8e992bf
- stevesk@cvs.openbsd.org 2006/02/08 14:38:18
...
[includes.h packet.c]
move #include <netinet/in_systm.h> and <netinet/ip.h> out of
includes.h; ok markus@
2006-03-15 11:24:12 +11:00
Damien Miller
cd4223c245
- stevesk@cvs.openbsd.org 2006/02/08 14:31:30
...
[includes.h ssh-agent.c ssh-keyscan.c ssh.c]
move #include <sys/resource.h> out of includes.h; ok markus@
2006-03-15 11:22:47 +11:00
Damien Miller
52ab084755
- stevesk@cvs.openbsd.org 2006/02/08 14:16:59
...
[sshconnect.c]
<openssl/bn.h> not needed
2006-03-15 11:20:46 +11:00
Damien Miller
0b70b54abc
- stevesk@cvs.openbsd.org 2006/02/08 13:15:44
...
[gss-serv.c monitor.c]
small KNF
2006-03-15 11:20:03 +11:00
Damien Miller
3a4051e88b
- stevesk@cvs.openbsd.org 2006/02/08 12:32:49
...
[includes.h misc.c]
move #include <netinet/tcp.h> out of includes.h; ok markus@
2006-03-15 11:19:42 +11:00
Damien Miller
03e2003a23
- stevesk@cvs.openbsd.org 2006/02/08 12:15:27
...
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
[session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
[sshd.c sshpty.c]
move #include <paths.h> out of includes.h; ok markus@
2006-03-15 11:16:59 +11:00
Damien Miller
de6dd0a35f
- stevesk@cvs.openbsd.org 2006/02/07 03:59:20
...
[deattack.c]
duplicate #include
2006-03-15 11:12:38 +11:00
Damien Miller
5d77105527
- stevesk@cvs.openbsd.org 2006/02/07 03:47:05
...
[hostfile.c]
"packet.h" not needed
2006-03-15 11:12:13 +11:00
Damien Miller
972c84b800
- stevesk@cvs.openbsd.org 2006/02/07 01:52:50
...
[sshtty.c]
"log.h" not needed
2006-03-15 11:11:56 +11:00
Damien Miller
99bd21e3fe
- stevesk@cvs.openbsd.org 2006/02/07 01:42:00
...
[channels.c clientloop.c clientloop.h includes.h packet.h]
[serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c]
move #include <termios.h> out of includes.h; ok markus@
2006-03-15 11:11:28 +11:00
Damien Miller
2eb6340ddd
- stevesk@cvs.openbsd.org 2006/02/07 01:18:09
...
[includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c]
move #include <sys/queue.h> out of includes.h; ok markus@
2006-03-15 11:09:42 +11:00
Damien Miller
015cd79ac5
- stevesk@cvs.openbsd.org 2006/02/07 01:08:04
...
[auth-rhosts.c includes.h]
move #include <netgroup.h> out of includes.h; ok markus@
2006-03-15 11:08:02 +11:00
Damien Miller
e93eaaa0d1
- jmc@cvs.openbsd.org 2006/02/06 21:44:47
...
[ssh.1]
make this a little less ambiguous...
2006-03-15 11:05:59 +11:00
Damien Miller
9f67a21de6
- msf@cvs.openbsd.org 2006/02/06 15:54:07
...
[ssh.1]
- typo fix
ok jmc@
2006-03-15 11:05:35 +11:00
Darren Tucker
d1450dbe2a
- (dtucker) [configure.ac] Bug #1171 : Don't use printf("%lld", longlong)
...
since not all platforms support it. Instead, use internal equivalent while
computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf*
as it's no longer required. Tested by Bernhard Simon, ok djm@
2006-03-13 19:06:51 +11:00
Darren Tucker
f35014af79
typo
2006-03-04 09:00:19 +11:00
Darren Tucker
890909ec48
- (dtucker) [gss-serv-krb5.c] Bug #1166 : Correct #ifdefs for gssapi_krb5.h
...
includes. Patch from gentoo.riverrat at gmail.com.
2006-03-04 08:59:39 +11:00
Darren Tucker
18614c254d
- (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a
...
file rather than directory, required as Cygwin will be importing lastlog(1).
Also tightens up permissions on the file. Patch from vinschen@redhat.com .
2006-03-04 08:50:31 +11:00
Darren Tucker
54b75fe742
- (dtucker) [configure.ac] Bug #1156 : QNX apparently needs SSHD_ACQUIRES_CTTY
...
patch from kraai at ftbfs.org.
2006-02-26 12:31:48 +11:00
Darren Tucker
a4904f7bf1
- (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
...
reality. Pointed out by tryponraj at gmail.com.
2006-02-23 21:35:30 +11:00
Darren Tucker
94413cf32b
- (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
...
compile in compat code if required.
2006-02-22 22:24:47 +11:00
Darren Tucker
3322e0d421
- (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about
...
redefinition of SSLeay_add_all_algorithms.
2006-02-22 00:00:27 +11:00
Darren Tucker
fabdb6c290
- (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
...
Add optional enabling of OpenSSL's (hardware) Engine support, via
configure --with-ssl-engine. Based in part on a diff by michal at
logix.cz.
2006-02-20 20:17:35 +11:00
Darren Tucker
4881c371ce
- (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/]
...
Add first attempt at regress tests for compat library. ok djm@
2006-02-19 22:50:20 +11:00
Tim Rice
bf209f5901
- (tim) [buildpkg.sh.in] Make the names consistent.
...
s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@
2006-02-13 12:46:44 -08:00
Darren Tucker
6163350eb9
- (dtucker) [README version.h contrib/caldera/openssh.spec
...
contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version
strings to match 4.3p2 release.
2006-02-12 16:48:56 +11:00
Tim Rice
2f993465d4
- (tim) [configure.ac] Bug #1149 . Disable /etc/default/login check for QNX.
2006-02-11 18:37:48 -08:00
Darren Tucker
84af61555a
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned
...
to silence compiler warning, from vinschen at redhat.com.
2006-02-12 11:59:08 +11:00
Darren Tucker
988b3fd161
- (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP
...
-> NEED_SETPGRP), reported by Berhard Simon. ok tim@
2006-02-08 22:11:27 +11:00
Tim Rice
83d2f5fedf
- (tim) [session.c] Logout records were not updated on systems with
...
post auth privsep disabled due to bug 1086 changes. Analysis and patch
by vinschen at redhat.com. OK tim@, dtucker@.
2006-02-07 15:17:44 -08:00
Tim Rice
ac9b0609e1
- (tim) [configure.ac] Remove unnecessary tests for net/if.h and
...
netinet/in_systm.h. OK dtucker@.
2006-02-05 11:27:10 -08:00
Tim Rice
70335a6b5f
- (tim) [configure.ac] Bug #1149 . Changes in QNX section only. Patch by
...
kraai at ftbfs.org.
2006-02-04 17:42:58 -08:00
Tim Rice
0daad78fab
- (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test
...
for Solaris. OK dtucker@.
2006-02-04 17:33:55 -08:00
Tim Rice
fd80ddcb23
- (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
...
AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
by a platform specific check, builtin standard includes tests will be
skipped on the other platforms.
Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
OK tim@, djm@.
2006-02-02 19:11:56 -08:00
Darren Tucker
cc7c212830
- (dtucker) [configure.ac] Bug #1148 : Fix "crippled AES" test so that it
...
works with picky compilers. Patch from alex.kiernan at thus.net.
2006-02-02 18:44:19 +11:00
Damien Miller
bfd52192f3
- (djm) Release OpenSSH 4.3p1
2006-02-01 22:32:17 +11:00
Damien Miller
c79824bbab
- markus@cvs.openbsd.org 2006/02/01 11:27:22
...
[version.h]
openssh 4.3
2006-02-01 22:27:31 +11:00
Damien Miller
0d689568a4
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Update versions ahead of release
2006-02-01 22:10:47 +11:00
Damien Miller
2ac05779f7
- jmc@cvs.openbsd.org 2006/02/01 09:11:41
...
[sshd.8]
small tweak;
2006-02-01 22:05:42 +11:00
Damien Miller
8bbdf90f33
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2006/02/01 09:06:50
[sshd.8]
- merge sections on protocols 1 and 2 into a single section
- remove configuration file section
ok markus
2006-02-01 22:05:25 +11:00
Damien Miller
e682cb0780
- (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to
...
determine the user's login name - needed for regress tests on Solaris
10 and OpenSolaris
2006-02-01 11:21:01 +11:00
Damien Miller
923f1ce0b7
- djm@cvs.openbsd.org 2006/01/31 10:35:43
...
[scp.c]
"scp a b c" shouldn't clobber "c" when it is not a directory, report and
fix from biorn@; ok markus@
2006-01-31 22:11:37 +11:00
Damien Miller
50c6eedce3
- djm@cvs.openbsd.org 2006/01/31 10:36:33
...
[scp.sh]
regress test for "scp a b c" where "c" is not a directory
2006-01-31 22:06:41 +11:00
Damien Miller
7410ad79f8
- djm@cvs.openbsd.org 2006/01/31 10:23:23
...
[scp.sh]
regression test for CVE-2006-0225 written by dtucker@
2006-01-31 22:06:14 +11:00
Damien Miller
0b996462f8
- djm@cvs.openbsd.org 2006/01/27 06:49:21
...
[scp.sh]
regress test for local to local scp copies; ok dtucker@
2006-01-31 22:05:23 +11:00
Damien Miller
15a815bb64
- dtucker@cvs.openbsd.org 2005/12/14 04:36:39
...
[regress/scp-ssh-wrapper.sh]
Fix assumption about how many args scp will pass; ok djm@
NB. ID sync only, we already had this
2006-01-31 22:03:11 +11:00
Damien Miller
27a0dfaea9
- grunk@cvs.openbsd.org 2005/11/14 21:25:56
...
[regress/agent-getpeereid.sh]
all other scripts in this dir use $SUDO, not 'sudo', so pull this even
ok markus@
2006-01-31 22:02:16 +11:00
Damien Miller
10c5fa7e87
- markus@cvs.openbsd.org 2005/06/30 11:02:37
...
[regress/scp.sh]
allow SUDO=sudo; from Alexander Bluhm
2006-01-31 22:01:42 +11:00
Damien Miller
ec7b2f12f0
- djm@cvs.openbsd.org 2005/05/24 04:10:54
...
[regress/try-ciphers.sh]
oops, new arcfour modes here too
2006-01-31 21:59:35 +11:00
Damien Miller
76be6b8765
- djm@cvs.openbsd.org 2005/05/20 23:14:15
...
[regress/test-exec.sh]
force addressfamily=inet for tests, unbreaking dynamic-forward regress for
recently committed nc SOCKS5 changes
2006-01-31 21:59:01 +11:00
Damien Miller
f0cbb3d7cb
- (djm) Sync regress tests to OpenBSD:
...
- dtucker@cvs.openbsd.org 2005/03/10 10:20:39
[regress/forwarding.sh]
Regress test for ClearAllForwardings (bz #994 ); ok markus@
2006-01-31 21:58:23 +11:00
Damien Miller
c34940c1f5
- dtucker@cvs.openbsd.org 2005/04/25 09:54:09
...
[regress/multiplex.sh]
Don't call cleanup in multiplex as test-exec will cleanup anyway
found by tim@, ok djm@
NB. ID sync only, we already had this
2006-01-31 21:57:27 +11:00
Damien Miller
3eec6b73a2
- djm@cvs.openbsd.org 2006/01/31 10:19:02
...
[misc.c misc.h scp.c sftp.c]
fix local arbitrary command execution vulnerability on local/local and
remote/remote copies (CVE-2006-0225, bz #1094 ), patch by
t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
2006-01-31 21:49:27 +11:00
Damien Miller
b5dd55cccc
- jmc@cvs.openbsd.org 2006/01/30 13:37:49
...
[ssh.1]
remove an incorrect sentence;
reported by roumen petrov;
ok djm markus
2006-01-31 21:47:58 +11:00
Damien Miller
e204f6aa0d
- reyk@cvs.openbsd.org 2006/01/30 12:22:22
...
[channels.c]
mark channel as write failed or dead instead of read failed on error
of the channel output filter.
ok markus@
2006-01-31 21:47:15 +11:00
Damien Miller
bbc59094b9
- jmc@cvs.openbsd.org 2006/01/26 08:47:56
...
[ssh.1]
add a section on verifying host keys in dns;
written with a lot of help from jakob;
feedback dtucker/markus;
ok markus
2006-01-31 21:46:51 +11:00
Damien Miller
7602cba59d
- jmc@cvs.openbsd.org 2006/01/25 09:07:22
...
[sshd.8]
move subsections to full sections;
2006-01-31 21:46:20 +11:00
Damien Miller
99cc4a8f1e
- jmc@cvs.openbsd.org 2006/01/25 09:04:34
...
[sshd.8]
move the options description up the page, and a few additional tweaks
whilst in here;
ok markus
2006-01-31 21:45:53 +11:00
Damien Miller
ddfddf1ba3
- jmc@cvs.openbsd.org 2006/01/20 11:21:45
...
[ssh_config.5]
- word change, agreed w/ markus
- consistency fixes
2006-01-31 21:39:03 +11:00
Darren Tucker
fbea76400f
- (dtucker) [configure.ac opensshd.init.in] Bug #1144 : Use /bin/sh for the
...
opensshd.init script interpretter if /sbin/sh does not exist. ok tim@
2006-01-30 00:22:39 +11:00
Darren Tucker
62388b2b63
- dtucker@cvs.openbsd.org 2006/01/20 00:14:55
...
[scp.1 ssh.1 ssh_config.5 sftp.1]
Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
#1056 with feedback from jmc, djm and markus; ok jmc@ djm@
2006-01-20 11:31:47 +11:00
Darren Tucker
248dd13c46
- jmc@cvs.openbsd.org 2006/01/18 10:53:29
...
[ssh.1]
add a section on ssh-based vpn, based on reyk's README.tun;
2006-01-20 11:30:58 +11:00
Darren Tucker
94299ec251
- jmc@cvs.openbsd.org 2006/01/15 17:37:05
...
[ssh.1]
correction from deraadt
2006-01-20 11:30:14 +11:00
Damien Miller
4a8dc9e297
- jmc@cvs.openbsd.org 2006/01/12 22:34:12
...
[ssh.1]
back out a sentence - AUTHENTICATION already documents this;
2006-01-14 10:10:31 +11:00
Damien Miller
e9d001e02b
- jmc@cvs.openbsd.org 2006/01/12 22:26:02
...
[ssh_config.5]
refer to TCP forwarding, rather than TCP/IP forwarding;
2006-01-14 10:10:17 +11:00
Damien Miller
7c24b81699
- jmc@cvs.openbsd.org 2006/01/12 22:20:00
...
[sshd.8]
refer to TCP forwarding, rather than TCP/IP forwarding;
2006-01-14 10:09:56 +11:00
Damien Miller
8bfaf93f60
- jmc@cvs.openbsd.org 2006/01/12 18:48:48
...
[ssh.1]
refer to `TCP' rather than `TCP/IP' in the context of connection
forwarding;
ok markus
2006-01-14 10:09:30 +11:00
Damien Miller
f31771810c
- jmc@cvs.openbsd.org 2006/01/12 14:44:12
...
[ssh.1]
split sections on tcp and x11 forwarding into two sections.
add an example in the tcp section, based on sth i wrote for ssh faq;
help + ok: djm markus dtucker
2006-01-14 10:09:13 +11:00
Damien Miller
7e76e1f101
- jmc@cvs.openbsd.org 2006/01/06 13:29:10
...
[ssh.1]
final round of whacking FILES for duplicate info, and some consistency
fixes;
ok djm
2006-01-14 10:08:57 +11:00
Damien Miller
e87eb4ce3c
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2006/01/06 13:27:32
[ssh.1]
weed out some duplicate info in the known_hosts FILES entries;
ok djm
2006-01-14 10:08:36 +11:00
Darren Tucker
e78c6ce8cf
- (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
...
tcpip service so it's always started after IP is up. Patch from
vinschen at redhat.com.
2006-01-10 00:02:44 +11:00
Damien Miller
72c5b7d85d
- djm@cvs.openbsd.org 2006/01/05 23:43:53
...
[misc.c]
check that stdio file descriptors are actually closed before clobbering
them in sanitise_stdfd(). problems occurred when a lower numbered fd was
closed, but higher ones weren't. spotted by, and patch tested by
Frédéric Olivié
2006-01-06 14:50:44 +11:00
Damien Miller
c27f83a63c
- jmc@cvs.openbsd.org 2006/01/04 19:50:09
...
[ssh.1]
-.Xr gzip 1 ,
2006-01-06 14:50:26 +11:00
Damien Miller
128a0f114d
- jmc@cvs.openbsd.org 2006/01/04 19:40:24
...
[ssh.1]
+.Xr ssh-keyscan 1 ,
2006-01-06 14:50:11 +11:00
Damien Miller
a246d3b9b2
- jmc@cvs.openbsd.org 2006/01/04 18:45:01
...
[ssh.1]
remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
2006-01-06 14:49:54 +11:00
Damien Miller
1bcdb50a3d
- jmc@cvs.openbsd.org 2006/01/04 18:42:46
...
[ssh.1]
chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
entries;
ok markus
2006-01-06 14:49:38 +11:00
Damien Miller
4c102eede3
- jmc@cvs.openbsd.org 2006/01/03 16:55:18
...
[ssh.1]
tweak the description of ~/.ssh/environment
2006-01-06 14:49:17 +11:00
Damien Miller
fb8ea74116
- jmc@cvs.openbsd.org 2006/01/03 16:52:36
...
[ssh.1]
put FILES in some sort of order: sort by pathname
2006-01-06 14:48:52 +11:00
Damien Miller
6aa2290b0c
- jmc@cvs.openbsd.org 2006/01/03 16:35:30
...
[ssh.1]
use a larger width for the ENVIRONMENT list;
2006-01-06 14:48:34 +11:00
Damien Miller
7655f5cd9f
- jmc@cvs.openbsd.org 2006/01/03 16:31:10
...
[ssh.1]
move FILES to a -compact list, and make each files an item in that list.
this avoids nastly line wrap when we have long pathnames, and treats
each file as a separate item;
remove the .Pa too, since it is useless.
2006-01-06 14:48:18 +11:00
Damien Miller
a969437645
- (djm) [channels.c] clean up harmless merge error, from reyk@
2006-01-04 07:27:50 +11:00
Damien Miller
b797770da2
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2006/01/02 17:09:49
[ssh_config.5 sshd_config.5]
some corrections from michael knudsen;
2006-01-03 18:47:31 +11:00
Damien Miller
a07a59188a
- jmc@cvs.openbsd.org 2006/01/02 12:31:06
...
[ssh.1]
start to cut some duplicate info from FILES;
help/ok djm
2006-01-02 23:41:37 +11:00
Damien Miller
a1d9a18e14
- reyk@cvs.openbsd.org 2006/01/02 07:53:44
...
[misc.c]
clarify tun(4) opening - set the mode and bring the interface up. also
(re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
suggested and ok by djm@
2006-01-02 23:41:21 +11:00
Damien Miller
5444618987
- djm@cvs.openbsd.org 2006/01/02 01:20:31
...
[sftp-client.c sftp-common.h sftp-server.c]
use a common max. packet length, no binary change
2006-01-02 23:40:50 +11:00
Damien Miller
a210d52235
- stevesk@cvs.openbsd.org 2006/01/01 10:08:48
...
[misc.c]
no trailing "\n" for debug()
2006-01-02 23:40:30 +11:00
Damien Miller
3beb852e09
- stevesk@cvs.openbsd.org 2006/01/01 08:59:27
...
[includes.h misc.c]
move <net/if.h>; ok djm@
2006-01-02 23:40:10 +11:00
Damien Miller
1164c299f1
- jmc@cvs.openbsd.org 2005/12/31 13:45:19
...
[ssh.1]
.Nm does not require an argument;
2006-01-02 23:38:37 +11:00
Damien Miller
14af93ee77
- jmc@cvs.openbsd.org 2005/12/31 13:44:04
...
[ssh.1]
clean up ENVIRONMENT a little;
2006-01-02 23:38:21 +11:00
Damien Miller
48c94abf5b
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2005/12/31 10:46:17
[ssh.1]
merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
AUTHENTICATION" sections into "AUTHENTICATION";
some rewording done to make the text read better, plus some
improvements from djm;
ok djm
2006-01-02 23:38:00 +11:00
Damien Miller
90cd1c549b
- (djm) [README.tun] Add README.tun, missed during sync of tun(4) support
2006-01-02 20:23:18 +11:00
Damien Miller
5df52e89b4
- (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too
2006-01-01 21:15:50 +11:00
Damien Miller
bd4e410817
- (djm) [configure.ac] Fix linux/if_tun.h test
2006-01-01 21:03:30 +11:00
Damien Miller
2dcddbfaf6
- (djm) [Makefile.in configure.ac includes.h misc.c]
...
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
limited to IPv4 tunnels only, and most versions don't support the
tap(4) device at all.
2006-01-01 19:47:05 +11:00
Damien Miller
c4bcc91751
- (djm) [configure.ac] oops, make that linux/if_tun.h
2005-12-31 17:05:58 +11:00
Damien Miller
89e03bae5c
- (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does
...
not exist
2005-12-31 16:42:03 +11:00
Damien Miller
598bbc2d8f
- (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
...
[serverloop.c ssh.c openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
compatability support for Linux, diff from reyk@
2005-12-31 16:33:36 +11:00
Damien Miller
88b25524b8
- stevesk@cvs.openbsd.org 2005/12/31 01:38:45
...
[ssh.1]
document -MM; ok djm@
2005-12-31 16:23:15 +11:00
Damien Miller
134eb81383
- jmc@cvs.openbsd.org 2005/12/30 16:59:00
...
[sftp.1]
do not suggest that interactive authentication will work
with the -b flag;
based on a diff from john l. scarfone;
ok djm
2005-12-31 16:22:55 +11:00
Damien Miller
077b23864f
- reyk@cvs.openbsd.org 2005/12/30 15:56:37
...
[channels.c channels.h clientloop.c]
add channel output filter interface.
ok djm@, suggested by markus@
2005-12-31 16:22:32 +11:00
Damien Miller
5eb137c6d1
- (djm) OpenBSD CVS Sync
...
- stevesk@cvs.openbsd.org 2005/12/28 22:46:06
[canohost.c channels.c clientloop.c]
use 'break-in' for consistency; ok deraadt@ ok and input jmc@
2005-12-31 16:19:53 +11:00
Tim Rice
8db70e2398
(tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd
2005-12-28 14:28:08 -08:00
Damien Miller
7bff1a9b5e
- djm@cvs.openbsd.org 2005/12/24 02:27:41
...
[session.c sshd.c]
eliminate some code duplicated in privsep and non-privsep paths, and
explicitly clear SIGALRM handler; "groovy" deraadt@
2005-12-24 14:59:12 +11:00
Damien Miller
3597821046
- jmc@cvs.openbsd.org 2005/12/23 23:46:23
...
[ssh.1]
less mark up for -c;
2005-12-24 14:56:47 +11:00
Damien Miller
2142ba0769
- jmc@cvs.openbsd.org 2005/12/23 14:55:53
...
[ssh.1]
- sync the description of -e w/ synopsis
- simplify the description of -I
- note that -I is only available if support compiled in, and that it
isn't by default
feedback/ok djm@
2005-12-24 14:56:29 +11:00
Damien Miller
cf1e342c6c
- jmc@cvs.openbsd.org 2005/12/22 11:23:42
...
[ssh.1]
expand the description of -w somewhat;
help/ok reyk
2005-12-24 14:56:04 +11:00
Damien Miller
e8cd741929
- jmc@cvs.openbsd.org 2005/12/22 10:31:40
...
[ssh_config.5]
put the description of "UsePrivilegedPort" in the correct place;
2005-12-24 14:55:47 +11:00
Damien Miller
d7f308f6d8
- stevesk@cvs.openbsd.org 2005/12/21 22:44:26
...
[sshd.8]
clarify precedence of -p, Port, ListenAddress; ok and help jmc@
2005-12-24 14:55:16 +11:00
Damien Miller
1530f2431c
- jmc@cvs.openbsd.org 2005/12/21 12:53:31
...
[ssh.1]
-Y does X11 forwarding too;
ok markus
2005-12-24 14:54:03 +11:00
Damien Miller
9a765b22b7
- jmc@cvs.openbsd.org 2005/12/21 11:57:25
...
[ssh.1]
options now described `above', rather than `later';
2005-12-24 14:53:44 +11:00
Damien Miller
329cb01638
- jmc@cvs.openbsd.org 2005/12/21 11:48:16
...
[ssh.1]
-L and -R descriptions are now above, not below, ~C description;
2005-12-24 14:53:23 +11:00
Damien Miller
e9b333a544
- jmc@cvs.openbsd.org 2005/12/20 22:09:41
...
[ssh.1]
move info on ssh return values and config files up into the main
description;
2005-12-24 14:53:04 +11:00
Damien Miller
52d2061ab0
- jmc@cvs.openbsd.org 2005/12/20 22:02:50
...
[ssh.1]
.Ss -> .Sh: subsections have not made this page more readable
2005-12-24 14:52:36 +11:00
Damien Miller
c93a813802
- jmc@cvs.openbsd.org 2005/12/20 21:59:43
...
[ssh.1]
merge the sections on protocols 1 and 2 into one section on
authentication;
feedback djm dtucker
ok deraadt markus dtucker
2005-12-24 14:52:13 +11:00
Darren Tucker
e9a9b71c6b
- dtucker@cvs.openbsd.org 2005/12/20 04:41:07
...
[ssh.c]
exit(255) on error to match description in ssh(1); bz #1137 ; ok deraadt@
2005-12-20 16:15:51 +11:00
Darren Tucker
7eba820ca7
- stevesk@cvs.openbsd.org 2005/12/17 21:36:42
...
[ssh_config.5]
spelling: intented -> intended
2005-12-20 16:15:14 +11:00
Darren Tucker
635518705a
- stevesk@cvs.openbsd.org 2005/12/17 21:13:05
...
[ssh_config.5 session.c]
spelling: fowarding, fowarded
2005-12-20 16:14:15 +11:00
Darren Tucker
5652924ad9
missed changelog entry
2005-12-20 16:12:24 +11:00
Darren Tucker
5434cfe368
- jmc@cvs.openbsd.org 2005/12/16 18:14:40
...
[ssh.1]
signpost the protocol sections;
2005-12-20 16:11:35 +11:00
Darren Tucker
b18c867c9d
- jmc@cvs.openbsd.org 2005/12/16 18:08:53
...
[ssh.1]
simplify a sentence;
2005-12-20 16:10:09 +11:00
Darren Tucker
d3877b995a
- jmc@cvs.openbsd.org 2005/12/16 18:07:08
...
[ssh.1]
move the option descriptions up the page: start of a restructure;
ok markus deraadt
2005-12-20 16:09:36 +11:00
Darren Tucker
0d0e8f0173
- (dtucker) OpenBSD CVS Sync
...
- reyk@cvs.openbsd.org 2005/12/13 15:03:02
[serverloop.c]
if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
2005-12-20 16:08:42 +11:00
Darren Tucker
129d0bb6a6
- (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
...
openbsd-compat/openssl-compat.h] Check for and work around broken AES
ciphers >128bit on (some) Solaris 10 systems. ok djm@
2005-12-19 17:40:40 +11:00
Darren Tucker
d40c66cf3f
- (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133 : Our
...
snprintf replacement can have a conflicting declaration in HP-UX's system
headers (const vs. no const) so we now check for and work around it. Patch
from the dynamic duo of David Leonard and Ted Percival.
2005-12-17 22:32:03 +11:00
Darren Tucker
98cfc4ce9d
- (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
...
scp.c also uses, so undef them here.
2005-12-17 22:04:08 +11:00
Darren Tucker
3154358d66
- dtucker@cvs.openbsd.org 2005/12/30 04:36:39
...
[regress/scp-ssh-wrapper.sh]
Fix assumption about how many args scp will pass; ok djm@
2005-12-14 15:39:20 +11:00
Damien Miller
62a31c9fd0
- (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
...
again by providing a sys_tun_open() function for your platform and
setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
OpenBSD's tunnel protocol, which prepends the address family to the
packet
2005-12-13 20:44:13 +11:00
Damien Miller
d47c62a714
- markus@cvs.openbsd.org 2005/12/12 13:46:18
...
[channels.c channels.h session.c]
make sure protocol messages for internal channels are ignored.
allow adjust messages for non-open channels; with and ok djm@
2005-12-13 19:33:57 +11:00
Damien Miller
7746c391b1
- jmc@cvs.openbsd.org 2005/12/08 21:37:50
...
[ssh_config.5]
new sentence, new line;
2005-12-13 19:33:37 +11:00
Damien Miller
7b58e80036
- reyk@cvs.openbsd.org 2005/12/08 18:34:11
...
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
[serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
two changes to the new ssh tunnel support. this breaks compatibility
with the initial commit but is required for a portable approach.
- make the tunnel id u_int and platform friendly, use predefined types.
- support configuration of layer 2 (ethernet) or layer 3
(point-to-point, default) modes. configuration is done using the
Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
in sshd_config(5).
ok djm@, man page bits by jmc@
2005-12-13 19:33:19 +11:00
Damien Miller
957d4e430e
- jmc@cvs.openbsd.org 2005/12/08 15:06:29
...
[ssh_config.5]
keep options in order;
2005-12-13 19:30:45 +11:00
Damien Miller
4b2319fb85
- jmc@cvs.openbsd.org 2005/12/08 14:59:44
...
[ssh.1 ssh_config.5]
make `!command' a little clearer;
ok reyk
2005-12-13 19:30:27 +11:00
Damien Miller
f0c8c15322
- jmc@cvs.openbsd.org 2005/12/07 10:52:13
...
[ssh.1]
- avoid line split in SYNOPSIS
- add args to -w
- kill trailing whitespace
2005-12-13 19:29:58 +11:00
Damien Miller
aeb31d6120
- djm@cvs.openbsd.org 2005/12/07 03:52:22
...
[clientloop.c]
reyk forgot to compile with -Werror (missing header)
2005-12-13 19:29:36 +11:00
Damien Miller
d27b947178
- reyk@cvs.openbsd.org 2005/12/06 22:38:28
...
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Damien Miller
6dbdb6afee
- jmc@cvs.openbsd.org 2005/11/30 11:45:20
...
[ssh.1]
avoid ambiguities in describing TZ;
ok djm@
2005-12-13 19:25:43 +11:00
Damien Miller
c94ebbc723
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2005/11/30 11:18:27
[ssh.1]
timezone -> time zone
2005-12-13 19:25:21 +11:00
Damien Miller
7677be5d6c
- (djm) [envpass.sh] Remove regress script that was accidentally committed
...
in top level directory and not noticed for over a year :)
2005-12-01 12:51:59 +11:00
Tim Rice
46259d86a2
- (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
...
for UnixWare.
2005-11-28 18:40:34 -08:00
Darren Tucker
3af2ac56a2
- dtucker@cvs.openbsd.org 2005/11/29 02:04:55
...
[ssh-keygen.c]
Populate default key sizes before checking them; from & ok tim@
2005-11-29 13:10:24 +11:00
Tim Rice
660c3405f9
- (tim) [ssh-keygen.c] Move DSA length test after setting default when
...
bits == 0.
2005-11-28 17:45:32 -08:00
Darren Tucker
ac0c8a533d
- (dtucker) [includes.h] Bug #1122 : __USE_GNU is a glibc internal macro, use
...
_GNU_SOURCE instead. Patch from t8m at centrum.cz.
2005-11-28 22:28:59 +11:00
Darren Tucker
3a4634f674
- dtucker@cvs.openbsd.org 2005/11/28 06:02:56
...
[ssh-agent.1]
Update agent socket path templates to reflect reality, correct xref for
time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
2005-11-28 17:05:40 +11:00
Darren Tucker
9f647335d2
[ssh-keygen.1 ssh-keygen.c]
...
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
increase minumum RSA key size to 768 bits and update man page to reflect
these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
ok djm@, grudging ok deraadt@.
2005-11-28 16:41:46 +11:00
Darren Tucker
b1a8777f3a
- (dtucker) [regress/yes-head.sh] Work around breakage caused by some
...
versions of GNU head. Based on patch from zappaman at buraphalinux.org
2005-11-28 16:41:03 +11:00
Darren Tucker
91d25a0c45
- (dtucker) [configure.ac] Bug #1126 : AIX 5.2 and 5.3 (and presumably newer,
...
when they're available) need the real UID set otherwise pam_chauthtok will
set ADMCHG after changing the password, forcing the user to change it
again immediately.
2005-11-26 22:24:09 +11:00
Darren Tucker
e0be30426a
- (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
...
snprintf formats, fixes warnings on some 64 bit platforms. Patch from
shaw at vranix.com, ok djm@
2005-11-25 14:44:55 +11:00
Darren Tucker
58e298d11b
- (dtucker) [configure.ac] Apply tim's fix for older systems where the
...
resolver state in resolv.h is "state" not "__res_state". With slight
modification by me to also work on old AIXes. ok djm@
2005-11-25 13:14:58 +11:00
Darren Tucker
faec5ca73f
- (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so
...
many and use them only once. Speeds up testing on older/slower hardware.
2005-11-24 23:18:54 +11:00
Darren Tucker
79d09fad52
- (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument
...
order in Reliant Unix block. Patch from johane at lysator.liu.se.
2005-11-24 22:34:54 +11:00
Damien Miller
57f3915b55
- (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
...
openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
asprintf() implementation, after syncing our {v,}snprintf() implementation
with some extra fixes from Samba's version. With help and debugging from
dtucker and tim; ok dtucker@
2005-11-24 19:58:19 +11:00
Darren Tucker
efc17470e0
- (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch
...
from shaw at vranix.com.
2005-11-22 19:55:13 +11:00
Darren Tucker
593bae7e10
- dtucker@cvs.openbsd.org 2005/11/22 03:36:03
...
[hostfile.c]
Correct format/arguments to debug call; spotted by shaw at vranix.com
ok djm@
2005-11-22 19:43:26 +11:00
Darren Tucker
f4732f6475
- dtucker@cvs.openbsd.org 2005/11/21 09:42:10
...
[auth-krb5.c]
Perform Kerberos calls even for invalid users to prevent leaking
information about account validity. bz #975 , patch originally from
Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
ok markus@
2005-11-22 19:42:42 +11:00
Darren Tucker
e8400da9d5
- millert@cvs.openbsd.org 2005/11/15 11:59:54
...
[includes.h]
Include sys/queue.h explicitly instead of assuming some other header
will pull it in. At the moment it gets pulled in by sys/select.h
(which ssh has no business including) via event.h. OK markus@
(ID sync only in -portable)
2005-11-22 19:41:33 +11:00
Darren Tucker
33f86bc284
- deraadt@cvs.openbsd.org 2005/11/12 18:38:15
...
[scp.c]
avoid close(-1), as in rcp; ok cloder
2005-11-22 19:38:06 +11:00
Darren Tucker
b736d8d829
- deraadt@cvs.openbsd.org 2005/11/12 18:37:59
...
[ssh-add.c]
space
2005-11-22 19:37:08 +11:00
Darren Tucker
4123636471
- (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
...
is going on.
2005-11-20 14:09:59 +11:00
Darren Tucker
cb6ecdea6c
- (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
...
test: if sshd takes too long to reconfigure the subsequent connection will
fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
2005-11-12 21:30:07 +11:00
Darren Tucker
5bfe1687dd
- (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@
2005-11-12 18:42:36 +11:00
Darren Tucker
3f9545ee67
- (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test.
2005-11-12 15:20:52 +11:00
Darren Tucker
5a0bdf770c
- (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag.
2005-11-12 14:28:05 +11:00
Darren Tucker
7cb2a78ae2
- (dtucker) [openbsd-compat/realpath.c] Sync $OpenBSD tag.
2005-11-12 14:14:52 +11:00
Darren Tucker
16fd99c727
- (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific
...
ifdef lost during sync. Spotted by tim@.
2005-11-12 14:06:29 +11:00
Darren Tucker
f032435de7
- (dtucker) [configure.ac] Try to get the gcc version number in a way that
...
doesn't change between versions, and use a safer default.
2005-11-10 21:30:36 +11:00
Darren Tucker
9d30d13922
- (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3.
...
Id and copyright sync only, there were no substantial changes we need.
2005-11-10 19:43:48 +11:00
Darren Tucker
581203438f
typo
2005-11-10 19:31:37 +11:00
Darren Tucker
ce1cb1f160
- (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c]
...
-Wall fixes from djm.
2005-11-10 19:31:08 +11:00
Darren Tucker
30d6974124
- (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4.
...
Id and copyright sync only, there were no substantial changes we need.
2005-11-10 19:29:12 +11:00
Darren Tucker
fe80d7a068
- (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17.
2005-11-10 17:54:46 +11:00
Darren Tucker
6f15c07ce3
- (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker.
2005-11-10 17:52:08 +11:00
Darren Tucker
91b34dc183
- (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8.
2005-11-10 17:42:40 +11:00
Darren Tucker
ffcd0ecf6b
- (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19.
2005-11-10 17:37:02 +11:00
Darren Tucker
8f0d8f8ea2
- (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13.
2005-11-10 17:33:00 +11:00
Darren Tucker
4e8c2490bb
- (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6.
2005-11-10 17:28:35 +11:00
Darren Tucker
b10b497682
- (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6.
2005-11-10 17:27:25 +11:00
Darren Tucker
2864039a7c
- (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7.
2005-11-10 17:25:26 +11:00
Darren Tucker
de9d623960
- (dtucker) [openbsd-compat/inet_nto.c] Update from OpenBSD 1.4 -> 1.6.
2005-11-10 17:23:54 +11:00
Darren Tucker
c7e05d679a
- (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9.
2005-11-10 17:21:21 +11:00
Darren Tucker
0a149d19d3
- (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up
...
with OpenBSD code since we don't support platforms without fstat any more.
2005-11-10 17:15:06 +11:00
Darren Tucker
31ba53e333
- (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14.
2005-11-10 17:11:29 +11:00
Darren Tucker
50a221ba7a
- (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9.
2005-11-10 17:03:22 +11:00
Darren Tucker
6524d4f161
- (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25.
2005-11-10 17:02:21 +11:00
Darren Tucker
d76b4c74f8
- (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5.
2005-11-10 16:58:47 +11:00
Darren Tucker
dbb631cebe
- (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18.
2005-11-10 16:56:28 +11:00
Darren Tucker
f5ebfe9f68
- (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7.
2005-11-10 16:48:10 +11:00
Darren Tucker
f976e6f883
- (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5.
...
Removal of rcsid.
2005-11-10 16:46:26 +11:00
Darren Tucker
ad1dada0b4
- (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14.
...
Removal of rcsid, will no longer strlcpy parts of the string.
2005-11-10 16:42:51 +11:00