0b70b54abc
- stevesk@cvs.openbsd.org 2006/02/08 13:15:44
...
[gss-serv.c monitor.c]
small KNF
2006-03-15 11:20:03 +11:00
3a4051e88b
- stevesk@cvs.openbsd.org 2006/02/08 12:32:49
...
[includes.h misc.c]
move #include <netinet/tcp.h> out of includes.h; ok markus@
2006-03-15 11:19:42 +11:00
03e2003a23
- stevesk@cvs.openbsd.org 2006/02/08 12:15:27
...
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
[session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
[sshd.c sshpty.c]
move #include <paths.h> out of includes.h; ok markus@
2006-03-15 11:16:59 +11:00
de6dd0a35f
- stevesk@cvs.openbsd.org 2006/02/07 03:59:20
...
[deattack.c]
duplicate #include
2006-03-15 11:12:38 +11:00
5d77105527
- stevesk@cvs.openbsd.org 2006/02/07 03:47:05
...
[hostfile.c]
"packet.h" not needed
2006-03-15 11:12:13 +11:00
972c84b800
- stevesk@cvs.openbsd.org 2006/02/07 01:52:50
...
[sshtty.c]
"log.h" not needed
2006-03-15 11:11:56 +11:00
99bd21e3fe
- stevesk@cvs.openbsd.org 2006/02/07 01:42:00
...
[channels.c clientloop.c clientloop.h includes.h packet.h]
[serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c]
move #include <termios.h> out of includes.h; ok markus@
2006-03-15 11:11:28 +11:00
2eb6340ddd
- stevesk@cvs.openbsd.org 2006/02/07 01:18:09
...
[includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c]
move #include <sys/queue.h> out of includes.h; ok markus@
2006-03-15 11:09:42 +11:00
015cd79ac5
- stevesk@cvs.openbsd.org 2006/02/07 01:08:04
...
[auth-rhosts.c includes.h]
move #include <netgroup.h> out of includes.h; ok markus@
2006-03-15 11:08:02 +11:00
e93eaaa0d1
- jmc@cvs.openbsd.org 2006/02/06 21:44:47
...
[ssh.1]
make this a little less ambiguous...
2006-03-15 11:05:59 +11:00
9f67a21de6
- msf@cvs.openbsd.org 2006/02/06 15:54:07
...
[ssh.1]
- typo fix
ok jmc@
2006-03-15 11:05:35 +11:00
d1450dbe2a
- (dtucker) [configure.ac] Bug #1171 : Don't use printf("%lld", longlong)
...
since not all platforms support it. Instead, use internal equivalent while
computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf*
as it's no longer required. Tested by Bernhard Simon, ok djm@
2006-03-13 19:06:51 +11:00
f35014af79
typo
2006-03-04 09:00:19 +11:00
890909ec48
- (dtucker) [gss-serv-krb5.c] Bug #1166 : Correct #ifdefs for gssapi_krb5.h
...
includes. Patch from gentoo.riverrat at gmail.com.
2006-03-04 08:59:39 +11:00
18614c254d
- (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a
...
file rather than directory, required as Cygwin will be importing lastlog(1).
Also tightens up permissions on the file. Patch from vinschen@redhat.com .
2006-03-04 08:50:31 +11:00
54b75fe742
- (dtucker) [configure.ac] Bug #1156 : QNX apparently needs SSHD_ACQUIRES_CTTY
...
patch from kraai at ftbfs.org.
2006-02-26 12:31:48 +11:00
a4904f7bf1
- (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
...
reality. Pointed out by tryponraj at gmail.com.
2006-02-23 21:35:30 +11:00
94413cf32b
- (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
...
compile in compat code if required.
2006-02-22 22:24:47 +11:00
3322e0d421
- (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about
...
redefinition of SSLeay_add_all_algorithms.
2006-02-22 00:00:27 +11:00
fabdb6c290
- (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
...
Add optional enabling of OpenSSL's (hardware) Engine support, via
configure --with-ssl-engine. Based in part on a diff by michal at
logix.cz.
2006-02-20 20:17:35 +11:00
4881c371ce
- (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/]
...
Add first attempt at regress tests for compat library. ok djm@
2006-02-19 22:50:20 +11:00
bf209f5901
- (tim) [buildpkg.sh.in] Make the names consistent.
...
s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@
2006-02-13 12:46:44 -08:00
6163350eb9
- (dtucker) [README version.h contrib/caldera/openssh.spec
...
contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version
strings to match 4.3p2 release.
2006-02-12 16:48:56 +11:00
2f993465d4
- (tim) [configure.ac] Bug #1149 . Disable /etc/default/login check for QNX.
2006-02-11 18:37:48 -08:00
84af61555a
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned
...
to silence compiler warning, from vinschen at redhat.com.
2006-02-12 11:59:08 +11:00
988b3fd161
- (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP
...
-> NEED_SETPGRP), reported by Berhard Simon. ok tim@
2006-02-08 22:11:27 +11:00
83d2f5fedf
- (tim) [session.c] Logout records were not updated on systems with
...
post auth privsep disabled due to bug 1086 changes. Analysis and patch
by vinschen at redhat.com. OK tim@, dtucker@.
2006-02-07 15:17:44 -08:00
ac9b0609e1
- (tim) [configure.ac] Remove unnecessary tests for net/if.h and
...
netinet/in_systm.h. OK dtucker@.
2006-02-05 11:27:10 -08:00
70335a6b5f
- (tim) [configure.ac] Bug #1149 . Changes in QNX section only. Patch by
...
kraai at ftbfs.org.
2006-02-04 17:42:58 -08:00
0daad78fab
- (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test
...
for Solaris. OK dtucker@.
2006-02-04 17:33:55 -08:00
fd80ddcb23
- (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
...
AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
by a platform specific check, builtin standard includes tests will be
skipped on the other platforms.
Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
OK tim@, djm@.
2006-02-02 19:11:56 -08:00
cc7c212830
- (dtucker) [configure.ac] Bug #1148 : Fix "crippled AES" test so that it
...
works with picky compilers. Patch from alex.kiernan at thus.net.
2006-02-02 18:44:19 +11:00
bfd52192f3
- (djm) Release OpenSSH 4.3p1
2006-02-01 22:32:17 +11:00
c79824bbab
- markus@cvs.openbsd.org 2006/02/01 11:27:22
...
[version.h]
openssh 4.3
2006-02-01 22:27:31 +11:00
0d689568a4
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Update versions ahead of release
2006-02-01 22:10:47 +11:00
2ac05779f7
- jmc@cvs.openbsd.org 2006/02/01 09:11:41
...
[sshd.8]
small tweak;
2006-02-01 22:05:42 +11:00
8bbdf90f33
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2006/02/01 09:06:50
[sshd.8]
- merge sections on protocols 1 and 2 into a single section
- remove configuration file section
ok markus
2006-02-01 22:05:25 +11:00
e682cb0780
- (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to
...
determine the user's login name - needed for regress tests on Solaris
10 and OpenSolaris
2006-02-01 11:21:01 +11:00
923f1ce0b7
- djm@cvs.openbsd.org 2006/01/31 10:35:43
...
[scp.c]
"scp a b c" shouldn't clobber "c" when it is not a directory, report and
fix from biorn@; ok markus@
2006-01-31 22:11:37 +11:00
50c6eedce3
- djm@cvs.openbsd.org 2006/01/31 10:36:33
...
[scp.sh]
regress test for "scp a b c" where "c" is not a directory
2006-01-31 22:06:41 +11:00
7410ad79f8
- djm@cvs.openbsd.org 2006/01/31 10:23:23
...
[scp.sh]
regression test for CVE-2006-0225 written by dtucker@
2006-01-31 22:06:14 +11:00
0b996462f8
- djm@cvs.openbsd.org 2006/01/27 06:49:21
...
[scp.sh]
regress test for local to local scp copies; ok dtucker@
2006-01-31 22:05:23 +11:00
15a815bb64
- dtucker@cvs.openbsd.org 2005/12/14 04:36:39
...
[regress/scp-ssh-wrapper.sh]
Fix assumption about how many args scp will pass; ok djm@
NB. ID sync only, we already had this
2006-01-31 22:03:11 +11:00
27a0dfaea9
- grunk@cvs.openbsd.org 2005/11/14 21:25:56
...
[regress/agent-getpeereid.sh]
all other scripts in this dir use $SUDO, not 'sudo', so pull this even
ok markus@
2006-01-31 22:02:16 +11:00
10c5fa7e87
- markus@cvs.openbsd.org 2005/06/30 11:02:37
...
[regress/scp.sh]
allow SUDO=sudo; from Alexander Bluhm
2006-01-31 22:01:42 +11:00
ec7b2f12f0
- djm@cvs.openbsd.org 2005/05/24 04:10:54
...
[regress/try-ciphers.sh]
oops, new arcfour modes here too
2006-01-31 21:59:35 +11:00
76be6b8765
- djm@cvs.openbsd.org 2005/05/20 23:14:15
...
[regress/test-exec.sh]
force addressfamily=inet for tests, unbreaking dynamic-forward regress for
recently committed nc SOCKS5 changes
2006-01-31 21:59:01 +11:00
f0cbb3d7cb
- (djm) Sync regress tests to OpenBSD:
...
- dtucker@cvs.openbsd.org 2005/03/10 10:20:39
[regress/forwarding.sh]
Regress test for ClearAllForwardings (bz #994 ); ok markus@
2006-01-31 21:58:23 +11:00
c34940c1f5
- dtucker@cvs.openbsd.org 2005/04/25 09:54:09
...
[regress/multiplex.sh]
Don't call cleanup in multiplex as test-exec will cleanup anyway
found by tim@, ok djm@
NB. ID sync only, we already had this
2006-01-31 21:57:27 +11:00
3eec6b73a2
- djm@cvs.openbsd.org 2006/01/31 10:19:02
...
[misc.c misc.h scp.c sftp.c]
fix local arbitrary command execution vulnerability on local/local and
remote/remote copies (CVE-2006-0225, bz #1094 ), patch by
t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
2006-01-31 21:49:27 +11:00
b5dd55cccc
- jmc@cvs.openbsd.org 2006/01/30 13:37:49
...
[ssh.1]
remove an incorrect sentence;
reported by roumen petrov;
ok djm markus
2006-01-31 21:47:58 +11:00
e204f6aa0d
- reyk@cvs.openbsd.org 2006/01/30 12:22:22
...
[channels.c]
mark channel as write failed or dead instead of read failed on error
of the channel output filter.
ok markus@
2006-01-31 21:47:15 +11:00
bbc59094b9
- jmc@cvs.openbsd.org 2006/01/26 08:47:56
...
[ssh.1]
add a section on verifying host keys in dns;
written with a lot of help from jakob;
feedback dtucker/markus;
ok markus
2006-01-31 21:46:51 +11:00
7602cba59d
- jmc@cvs.openbsd.org 2006/01/25 09:07:22
...
[sshd.8]
move subsections to full sections;
2006-01-31 21:46:20 +11:00
99cc4a8f1e
- jmc@cvs.openbsd.org 2006/01/25 09:04:34
...
[sshd.8]
move the options description up the page, and a few additional tweaks
whilst in here;
ok markus
2006-01-31 21:45:53 +11:00
ddfddf1ba3
- jmc@cvs.openbsd.org 2006/01/20 11:21:45
...
[ssh_config.5]
- word change, agreed w/ markus
- consistency fixes
2006-01-31 21:39:03 +11:00
fbea76400f
- (dtucker) [configure.ac opensshd.init.in] Bug #1144 : Use /bin/sh for the
...
opensshd.init script interpretter if /sbin/sh does not exist. ok tim@
2006-01-30 00:22:39 +11:00
62388b2b63
- dtucker@cvs.openbsd.org 2006/01/20 00:14:55
...
[scp.1 ssh.1 ssh_config.5 sftp.1]
Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
#1056 with feedback from jmc, djm and markus; ok jmc@ djm@
2006-01-20 11:31:47 +11:00
248dd13c46
- jmc@cvs.openbsd.org 2006/01/18 10:53:29
...
[ssh.1]
add a section on ssh-based vpn, based on reyk's README.tun;
2006-01-20 11:30:58 +11:00
94299ec251
- jmc@cvs.openbsd.org 2006/01/15 17:37:05
...
[ssh.1]
correction from deraadt
2006-01-20 11:30:14 +11:00
4a8dc9e297
- jmc@cvs.openbsd.org 2006/01/12 22:34:12
...
[ssh.1]
back out a sentence - AUTHENTICATION already documents this;
2006-01-14 10:10:31 +11:00
e9d001e02b
- jmc@cvs.openbsd.org 2006/01/12 22:26:02
...
[ssh_config.5]
refer to TCP forwarding, rather than TCP/IP forwarding;
2006-01-14 10:10:17 +11:00
7c24b81699
- jmc@cvs.openbsd.org 2006/01/12 22:20:00
...
[sshd.8]
refer to TCP forwarding, rather than TCP/IP forwarding;
2006-01-14 10:09:56 +11:00
8bfaf93f60
- jmc@cvs.openbsd.org 2006/01/12 18:48:48
...
[ssh.1]
refer to `TCP' rather than `TCP/IP' in the context of connection
forwarding;
ok markus
2006-01-14 10:09:30 +11:00
f31771810c
- jmc@cvs.openbsd.org 2006/01/12 14:44:12
...
[ssh.1]
split sections on tcp and x11 forwarding into two sections.
add an example in the tcp section, based on sth i wrote for ssh faq;
help + ok: djm markus dtucker
2006-01-14 10:09:13 +11:00
7e76e1f101
- jmc@cvs.openbsd.org 2006/01/06 13:29:10
...
[ssh.1]
final round of whacking FILES for duplicate info, and some consistency
fixes;
ok djm
2006-01-14 10:08:57 +11:00
e87eb4ce3c
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2006/01/06 13:27:32
[ssh.1]
weed out some duplicate info in the known_hosts FILES entries;
ok djm
2006-01-14 10:08:36 +11:00
e78c6ce8cf
- (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
...
tcpip service so it's always started after IP is up. Patch from
vinschen at redhat.com.
2006-01-10 00:02:44 +11:00
72c5b7d85d
- djm@cvs.openbsd.org 2006/01/05 23:43:53
...
[misc.c]
check that stdio file descriptors are actually closed before clobbering
them in sanitise_stdfd(). problems occurred when a lower numbered fd was
closed, but higher ones weren't. spotted by, and patch tested by
Frédéric Olivié
2006-01-06 14:50:44 +11:00
c27f83a63c
- jmc@cvs.openbsd.org 2006/01/04 19:50:09
...
[ssh.1]
-.Xr gzip 1 ,
2006-01-06 14:50:26 +11:00
128a0f114d
- jmc@cvs.openbsd.org 2006/01/04 19:40:24
...
[ssh.1]
+.Xr ssh-keyscan 1 ,
2006-01-06 14:50:11 +11:00
a246d3b9b2
- jmc@cvs.openbsd.org 2006/01/04 18:45:01
...
[ssh.1]
remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
2006-01-06 14:49:54 +11:00
1bcdb50a3d
- jmc@cvs.openbsd.org 2006/01/04 18:42:46
...
[ssh.1]
chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
entries;
ok markus
2006-01-06 14:49:38 +11:00
4c102eede3
- jmc@cvs.openbsd.org 2006/01/03 16:55:18
...
[ssh.1]
tweak the description of ~/.ssh/environment
2006-01-06 14:49:17 +11:00
fb8ea74116
- jmc@cvs.openbsd.org 2006/01/03 16:52:36
...
[ssh.1]
put FILES in some sort of order: sort by pathname
2006-01-06 14:48:52 +11:00
6aa2290b0c
- jmc@cvs.openbsd.org 2006/01/03 16:35:30
...
[ssh.1]
use a larger width for the ENVIRONMENT list;
2006-01-06 14:48:34 +11:00
7655f5cd9f
- jmc@cvs.openbsd.org 2006/01/03 16:31:10
...
[ssh.1]
move FILES to a -compact list, and make each files an item in that list.
this avoids nastly line wrap when we have long pathnames, and treats
each file as a separate item;
remove the .Pa too, since it is useless.
2006-01-06 14:48:18 +11:00
a969437645
- (djm) [channels.c] clean up harmless merge error, from reyk@
2006-01-04 07:27:50 +11:00
b797770da2
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2006/01/02 17:09:49
[ssh_config.5 sshd_config.5]
some corrections from michael knudsen;
2006-01-03 18:47:31 +11:00
a07a59188a
- jmc@cvs.openbsd.org 2006/01/02 12:31:06
...
[ssh.1]
start to cut some duplicate info from FILES;
help/ok djm
2006-01-02 23:41:37 +11:00
a1d9a18e14
- reyk@cvs.openbsd.org 2006/01/02 07:53:44
...
[misc.c]
clarify tun(4) opening - set the mode and bring the interface up. also
(re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
suggested and ok by djm@
2006-01-02 23:41:21 +11:00
5444618987
- djm@cvs.openbsd.org 2006/01/02 01:20:31
...
[sftp-client.c sftp-common.h sftp-server.c]
use a common max. packet length, no binary change
2006-01-02 23:40:50 +11:00
a210d52235
- stevesk@cvs.openbsd.org 2006/01/01 10:08:48
...
[misc.c]
no trailing "\n" for debug()
2006-01-02 23:40:30 +11:00
3beb852e09
- stevesk@cvs.openbsd.org 2006/01/01 08:59:27
...
[includes.h misc.c]
move <net/if.h>; ok djm@
2006-01-02 23:40:10 +11:00
1164c299f1
- jmc@cvs.openbsd.org 2005/12/31 13:45:19
...
[ssh.1]
.Nm does not require an argument;
2006-01-02 23:38:37 +11:00
14af93ee77
- jmc@cvs.openbsd.org 2005/12/31 13:44:04
...
[ssh.1]
clean up ENVIRONMENT a little;
2006-01-02 23:38:21 +11:00
48c94abf5b
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2005/12/31 10:46:17
[ssh.1]
merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
AUTHENTICATION" sections into "AUTHENTICATION";
some rewording done to make the text read better, plus some
improvements from djm;
ok djm
2006-01-02 23:38:00 +11:00
90cd1c549b
- (djm) [README.tun] Add README.tun, missed during sync of tun(4) support
2006-01-02 20:23:18 +11:00
5df52e89b4
- (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too
2006-01-01 21:15:50 +11:00
bd4e410817
- (djm) [configure.ac] Fix linux/if_tun.h test
2006-01-01 21:03:30 +11:00
2dcddbfaf6
- (djm) [Makefile.in configure.ac includes.h misc.c]
...
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
limited to IPv4 tunnels only, and most versions don't support the
tap(4) device at all.
2006-01-01 19:47:05 +11:00
c4bcc91751
- (djm) [configure.ac] oops, make that linux/if_tun.h
2005-12-31 17:05:58 +11:00
89e03bae5c
- (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does
...
not exist
2005-12-31 16:42:03 +11:00
598bbc2d8f
- (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
...
[serverloop.c ssh.c openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
compatability support for Linux, diff from reyk@
2005-12-31 16:33:36 +11:00
88b25524b8
- stevesk@cvs.openbsd.org 2005/12/31 01:38:45
...
[ssh.1]
document -MM; ok djm@
2005-12-31 16:23:15 +11:00
134eb81383
- jmc@cvs.openbsd.org 2005/12/30 16:59:00
...
[sftp.1]
do not suggest that interactive authentication will work
with the -b flag;
based on a diff from john l. scarfone;
ok djm
2005-12-31 16:22:55 +11:00
077b23864f
- reyk@cvs.openbsd.org 2005/12/30 15:56:37
...
[channels.c channels.h clientloop.c]
add channel output filter interface.
ok djm@, suggested by markus@
2005-12-31 16:22:32 +11:00
5eb137c6d1
- (djm) OpenBSD CVS Sync
...
- stevesk@cvs.openbsd.org 2005/12/28 22:46:06
[canohost.c channels.c clientloop.c]
use 'break-in' for consistency; ok deraadt@ ok and input jmc@
2005-12-31 16:19:53 +11:00
8db70e2398
(tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd
2005-12-28 14:28:08 -08:00
7bff1a9b5e
- djm@cvs.openbsd.org 2005/12/24 02:27:41
...
[session.c sshd.c]
eliminate some code duplicated in privsep and non-privsep paths, and
explicitly clear SIGALRM handler; "groovy" deraadt@
2005-12-24 14:59:12 +11:00
3597821046
- jmc@cvs.openbsd.org 2005/12/23 23:46:23
...
[ssh.1]
less mark up for -c;
2005-12-24 14:56:47 +11:00
2142ba0769
- jmc@cvs.openbsd.org 2005/12/23 14:55:53
...
[ssh.1]
- sync the description of -e w/ synopsis
- simplify the description of -I
- note that -I is only available if support compiled in, and that it
isn't by default
feedback/ok djm@
2005-12-24 14:56:29 +11:00
cf1e342c6c
- jmc@cvs.openbsd.org 2005/12/22 11:23:42
...
[ssh.1]
expand the description of -w somewhat;
help/ok reyk
2005-12-24 14:56:04 +11:00
e8cd741929
- jmc@cvs.openbsd.org 2005/12/22 10:31:40
...
[ssh_config.5]
put the description of "UsePrivilegedPort" in the correct place;
2005-12-24 14:55:47 +11:00
d7f308f6d8
- stevesk@cvs.openbsd.org 2005/12/21 22:44:26
...
[sshd.8]
clarify precedence of -p, Port, ListenAddress; ok and help jmc@
2005-12-24 14:55:16 +11:00
1530f2431c
- jmc@cvs.openbsd.org 2005/12/21 12:53:31
...
[ssh.1]
-Y does X11 forwarding too;
ok markus
2005-12-24 14:54:03 +11:00
9a765b22b7
- jmc@cvs.openbsd.org 2005/12/21 11:57:25
...
[ssh.1]
options now described `above', rather than `later';
2005-12-24 14:53:44 +11:00
329cb01638
- jmc@cvs.openbsd.org 2005/12/21 11:48:16
...
[ssh.1]
-L and -R descriptions are now above, not below, ~C description;
2005-12-24 14:53:23 +11:00
e9b333a544
- jmc@cvs.openbsd.org 2005/12/20 22:09:41
...
[ssh.1]
move info on ssh return values and config files up into the main
description;
2005-12-24 14:53:04 +11:00
52d2061ab0
- jmc@cvs.openbsd.org 2005/12/20 22:02:50
...
[ssh.1]
.Ss -> .Sh: subsections have not made this page more readable
2005-12-24 14:52:36 +11:00
c93a813802
- jmc@cvs.openbsd.org 2005/12/20 21:59:43
...
[ssh.1]
merge the sections on protocols 1 and 2 into one section on
authentication;
feedback djm dtucker
ok deraadt markus dtucker
2005-12-24 14:52:13 +11:00
e9a9b71c6b
- dtucker@cvs.openbsd.org 2005/12/20 04:41:07
...
[ssh.c]
exit(255) on error to match description in ssh(1); bz #1137 ; ok deraadt@
2005-12-20 16:15:51 +11:00
7eba820ca7
- stevesk@cvs.openbsd.org 2005/12/17 21:36:42
...
[ssh_config.5]
spelling: intented -> intended
2005-12-20 16:15:14 +11:00
635518705a
- stevesk@cvs.openbsd.org 2005/12/17 21:13:05
...
[ssh_config.5 session.c]
spelling: fowarding, fowarded
2005-12-20 16:14:15 +11:00
5652924ad9
missed changelog entry
2005-12-20 16:12:24 +11:00
5434cfe368
- jmc@cvs.openbsd.org 2005/12/16 18:14:40
...
[ssh.1]
signpost the protocol sections;
2005-12-20 16:11:35 +11:00
b18c867c9d
- jmc@cvs.openbsd.org 2005/12/16 18:08:53
...
[ssh.1]
simplify a sentence;
2005-12-20 16:10:09 +11:00
d3877b995a
- jmc@cvs.openbsd.org 2005/12/16 18:07:08
...
[ssh.1]
move the option descriptions up the page: start of a restructure;
ok markus deraadt
2005-12-20 16:09:36 +11:00
0d0e8f0173
- (dtucker) OpenBSD CVS Sync
...
- reyk@cvs.openbsd.org 2005/12/13 15:03:02
[serverloop.c]
if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
2005-12-20 16:08:42 +11:00
129d0bb6a6
- (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
...
openbsd-compat/openssl-compat.h] Check for and work around broken AES
ciphers >128bit on (some) Solaris 10 systems. ok djm@
2005-12-19 17:40:40 +11:00
d40c66cf3f
- (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133 : Our
...
snprintf replacement can have a conflicting declaration in HP-UX's system
headers (const vs. no const) so we now check for and work around it. Patch
from the dynamic duo of David Leonard and Ted Percival.
2005-12-17 22:32:03 +11:00
98cfc4ce9d
- (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
...
scp.c also uses, so undef them here.
2005-12-17 22:04:08 +11:00
3154358d66
- dtucker@cvs.openbsd.org 2005/12/30 04:36:39
...
[regress/scp-ssh-wrapper.sh]
Fix assumption about how many args scp will pass; ok djm@
2005-12-14 15:39:20 +11:00
62a31c9fd0
- (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
...
again by providing a sys_tun_open() function for your platform and
setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
OpenBSD's tunnel protocol, which prepends the address family to the
packet
2005-12-13 20:44:13 +11:00
d47c62a714
- markus@cvs.openbsd.org 2005/12/12 13:46:18
...
[channels.c channels.h session.c]
make sure protocol messages for internal channels are ignored.
allow adjust messages for non-open channels; with and ok djm@
2005-12-13 19:33:57 +11:00
7746c391b1
- jmc@cvs.openbsd.org 2005/12/08 21:37:50
...
[ssh_config.5]
new sentence, new line;
2005-12-13 19:33:37 +11:00
7b58e80036
- reyk@cvs.openbsd.org 2005/12/08 18:34:11
...
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
[serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
two changes to the new ssh tunnel support. this breaks compatibility
with the initial commit but is required for a portable approach.
- make the tunnel id u_int and platform friendly, use predefined types.
- support configuration of layer 2 (ethernet) or layer 3
(point-to-point, default) modes. configuration is done using the
Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
in sshd_config(5).
ok djm@, man page bits by jmc@
2005-12-13 19:33:19 +11:00
957d4e430e
- jmc@cvs.openbsd.org 2005/12/08 15:06:29
...
[ssh_config.5]
keep options in order;
2005-12-13 19:30:45 +11:00
4b2319fb85
- jmc@cvs.openbsd.org 2005/12/08 14:59:44
...
[ssh.1 ssh_config.5]
make `!command' a little clearer;
ok reyk
2005-12-13 19:30:27 +11:00
f0c8c15322
- jmc@cvs.openbsd.org 2005/12/07 10:52:13
...
[ssh.1]
- avoid line split in SYNOPSIS
- add args to -w
- kill trailing whitespace
2005-12-13 19:29:58 +11:00
aeb31d6120
- djm@cvs.openbsd.org 2005/12/07 03:52:22
...
[clientloop.c]
reyk forgot to compile with -Werror (missing header)
2005-12-13 19:29:36 +11:00
d27b947178
- reyk@cvs.openbsd.org 2005/12/06 22:38:28
...
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
6dbdb6afee
- jmc@cvs.openbsd.org 2005/11/30 11:45:20
...
[ssh.1]
avoid ambiguities in describing TZ;
ok djm@
2005-12-13 19:25:43 +11:00
c94ebbc723
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2005/11/30 11:18:27
[ssh.1]
timezone -> time zone
2005-12-13 19:25:21 +11:00
7677be5d6c
- (djm) [envpass.sh] Remove regress script that was accidentally committed
...
in top level directory and not noticed for over a year :)
2005-12-01 12:51:59 +11:00
46259d86a2
- (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
...
for UnixWare.
2005-11-28 18:40:34 -08:00
3af2ac56a2
- dtucker@cvs.openbsd.org 2005/11/29 02:04:55
...
[ssh-keygen.c]
Populate default key sizes before checking them; from & ok tim@
2005-11-29 13:10:24 +11:00
660c3405f9
- (tim) [ssh-keygen.c] Move DSA length test after setting default when
...
bits == 0.
2005-11-28 17:45:32 -08:00
ac0c8a533d
- (dtucker) [includes.h] Bug #1122 : __USE_GNU is a glibc internal macro, use
...
_GNU_SOURCE instead. Patch from t8m at centrum.cz.
2005-11-28 22:28:59 +11:00
3a4634f674
- dtucker@cvs.openbsd.org 2005/11/28 06:02:56
...
[ssh-agent.1]
Update agent socket path templates to reflect reality, correct xref for
time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
2005-11-28 17:05:40 +11:00
9f647335d2
[ssh-keygen.1 ssh-keygen.c]
...
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
increase minumum RSA key size to 768 bits and update man page to reflect
these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
ok djm@, grudging ok deraadt@.
2005-11-28 16:41:46 +11:00
b1a8777f3a
- (dtucker) [regress/yes-head.sh] Work around breakage caused by some
...
versions of GNU head. Based on patch from zappaman at buraphalinux.org
2005-11-28 16:41:03 +11:00
91d25a0c45
- (dtucker) [configure.ac] Bug #1126 : AIX 5.2 and 5.3 (and presumably newer,
...
when they're available) need the real UID set otherwise pam_chauthtok will
set ADMCHG after changing the password, forcing the user to change it
again immediately.
2005-11-26 22:24:09 +11:00
e0be30426a
- (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
...
snprintf formats, fixes warnings on some 64 bit platforms. Patch from
shaw at vranix.com, ok djm@
2005-11-25 14:44:55 +11:00
58e298d11b
- (dtucker) [configure.ac] Apply tim's fix for older systems where the
...
resolver state in resolv.h is "state" not "__res_state". With slight
modification by me to also work on old AIXes. ok djm@
2005-11-25 13:14:58 +11:00
faec5ca73f
- (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so
...
many and use them only once. Speeds up testing on older/slower hardware.
2005-11-24 23:18:54 +11:00
79d09fad52
- (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument
...
order in Reliant Unix block. Patch from johane at lysator.liu.se.
2005-11-24 22:34:54 +11:00
57f3915b55
- (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
...
openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
asprintf() implementation, after syncing our {v,}snprintf() implementation
with some extra fixes from Samba's version. With help and debugging from
dtucker and tim; ok dtucker@
2005-11-24 19:58:19 +11:00
efc17470e0
- (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch
...
from shaw at vranix.com.
2005-11-22 19:55:13 +11:00
593bae7e10
- dtucker@cvs.openbsd.org 2005/11/22 03:36:03
...
[hostfile.c]
Correct format/arguments to debug call; spotted by shaw at vranix.com
ok djm@
2005-11-22 19:43:26 +11:00
f4732f6475
- dtucker@cvs.openbsd.org 2005/11/21 09:42:10
...
[auth-krb5.c]
Perform Kerberos calls even for invalid users to prevent leaking
information about account validity. bz #975 , patch originally from
Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
ok markus@
2005-11-22 19:42:42 +11:00
e8400da9d5
- millert@cvs.openbsd.org 2005/11/15 11:59:54
...
[includes.h]
Include sys/queue.h explicitly instead of assuming some other header
will pull it in. At the moment it gets pulled in by sys/select.h
(which ssh has no business including) via event.h. OK markus@
(ID sync only in -portable)
2005-11-22 19:41:33 +11:00
33f86bc284
- deraadt@cvs.openbsd.org 2005/11/12 18:38:15
...
[scp.c]
avoid close(-1), as in rcp; ok cloder
2005-11-22 19:38:06 +11:00
b736d8d829
- deraadt@cvs.openbsd.org 2005/11/12 18:37:59
...
[ssh-add.c]
space
2005-11-22 19:37:08 +11:00
4123636471
- (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
...
is going on.
2005-11-20 14:09:59 +11:00
cb6ecdea6c
- (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
...
test: if sshd takes too long to reconfigure the subsequent connection will
fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
2005-11-12 21:30:07 +11:00
5bfe1687dd
- (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@
2005-11-12 18:42:36 +11:00
3f9545ee67
- (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test.
2005-11-12 15:20:52 +11:00
5a0bdf770c
- (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag.
2005-11-12 14:28:05 +11:00
7cb2a78ae2
- (dtucker) [openbsd-compat/realpath.c] Sync $OpenBSD tag.
2005-11-12 14:14:52 +11:00
16fd99c727
- (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific
...
ifdef lost during sync. Spotted by tim@.
2005-11-12 14:06:29 +11:00
f032435de7
- (dtucker) [configure.ac] Try to get the gcc version number in a way that
...
doesn't change between versions, and use a safer default.
2005-11-10 21:30:36 +11:00
9d30d13922
- (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3.
...
Id and copyright sync only, there were no substantial changes we need.
2005-11-10 19:43:48 +11:00
581203438f
typo
2005-11-10 19:31:37 +11:00
ce1cb1f160
- (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c]
...
-Wall fixes from djm.
2005-11-10 19:31:08 +11:00
30d6974124
- (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4.
...
Id and copyright sync only, there were no substantial changes we need.
2005-11-10 19:29:12 +11:00
fe80d7a068
- (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17.
2005-11-10 17:54:46 +11:00
6f15c07ce3
- (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker.
2005-11-10 17:52:08 +11:00
91b34dc183
- (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8.
2005-11-10 17:42:40 +11:00
ffcd0ecf6b
- (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19.
2005-11-10 17:37:02 +11:00
8f0d8f8ea2
- (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13.
2005-11-10 17:33:00 +11:00
4e8c2490bb
- (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6.
2005-11-10 17:28:35 +11:00
b10b497682
- (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6.
2005-11-10 17:27:25 +11:00
2864039a7c
- (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7.
2005-11-10 17:25:26 +11:00
de9d623960
- (dtucker) [openbsd-compat/inet_nto.c] Update from OpenBSD 1.4 -> 1.6.
2005-11-10 17:23:54 +11:00
c7e05d679a
- (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9.
2005-11-10 17:21:21 +11:00
0a149d19d3
- (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up
...
with OpenBSD code since we don't support platforms without fstat any more.
2005-11-10 17:15:06 +11:00
31ba53e333
- (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14.
2005-11-10 17:11:29 +11:00
50a221ba7a
- (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9.
2005-11-10 17:03:22 +11:00
6524d4f161
- (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25.
2005-11-10 17:02:21 +11:00
d76b4c74f8
- (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5.
2005-11-10 16:58:47 +11:00
dbb631cebe
- (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18.
2005-11-10 16:56:28 +11:00
f5ebfe9f68
- (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7.
2005-11-10 16:48:10 +11:00
f976e6f883
- (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5.
...
Removal of rcsid.
2005-11-10 16:46:26 +11:00
ad1dada0b4
- (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14.
...
Removal of rcsid, will no longer strlcpy parts of the string.
2005-11-10 16:42:51 +11:00
09471d8a1f
- (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7.
...
Removal of rcsid, "whiteout" inode type.
2005-11-10 16:38:54 +11:00
925d1de3fb
- (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker.
2005-11-10 16:31:55 +11:00
5224566303
- (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10.
2005-11-10 16:26:17 +11:00
7f24a0e647
- (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to
...
after the copyright notices. Having them at the top next to the CVSIDs
guarantees a conflict for each and every sync.
2005-11-10 16:18:56 +11:00
80c0d7eb88
- (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal
...
of "register").
2005-11-10 16:05:37 +11:00
e5a2b5288d
- (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI
...
prototypes, removal of "register").
2005-11-10 15:56:44 +11:00
b0288098c9
- (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+
...
since they're not useful right now. Patch from djm@.
2005-11-10 14:46:48 +11:00
618db97fe1
- (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.
...
Patch from djm@.
2005-11-10 14:43:11 +11:00
063ba7455f
- (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c
...
revs 1.7 - 1.9.
2005-11-10 10:38:45 +11:00
32b531067d
- (dtucker) [openbsd-compat/getenv.c] Make __findenv static, remove
...
unnecessary prototype.
2005-11-10 10:13:06 +11:00
b8c89d14bb
- (dtucker) [openbsd-compat/getenv.c] Merge changes for __findenv from
...
OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of
"register").
2005-11-10 10:10:10 +11:00
9b59ada7ca
- (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version,
...
resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
ok dtucker@
2005-11-05 16:56:52 +11:00
3a38c5a856
- (dtucker) [README.platform] Add PAM section.
2005-11-05 16:28:35 +11:00
5fd8b02b44
- djm@cvs.openbsd.org 2005/11/05 05:01:15
...
[bufaux.c]
Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
cs.stanford.edu; ok dtucker@
2005-11-05 16:04:36 +11:00
19bb3a57f8
- djm@cvs.openbsd.org 2005/11/04 05:15:59
...
[kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
remove hardcoded hash lengths in key exchange code, allowing
implementation of KEX methods with different hashes (e.g. SHA-256);
ok markus@ dtucker@ stevesk@
2005-11-05 15:19:35 +11:00
Damien Miller
Darren Tucker
Tim Rice