openssh-portable

Commit Graph

Author	SHA1	Message	Date
Damien Miller	d27b947178	- reyk@cvs.openbsd.org 2005/12/06 22:38:28 [auth-options.c auth-options.h channels.c channels.h clientloop.c] [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] [sshconnect.h sshd.8 sshd_config sshd_config.5] Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others	2005-12-13 19:29:02 +11:00
Damien Miller	9786e6e2a0	- markus@cvs.openbsd.org 2005/07/25 11:59:40 [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] [sshconnect2.c sshd.c sshd_config sshd_config.5] add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@	2005-07-26 21:54:56 +10:00
Damien Miller	06b75ad56b	- djm@cvs.openbsd.org 2005/05/19 02:40:52 [sshd_config] whitespace nit, from grunk AT pestilenz.org	2005-05-26 12:12:37 +10:00
Darren Tucker	0f38323222	- djm@cvs.openbsd.org 2004/12/23 23:11:00 [servconf.c servconf.h sshd.c sshd_config sshd_config.5] bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz; ok deraadt@	2005-01-20 10:57:56 +11:00
Darren Tucker	89413dbafa	- dtucker@cvs.openbsd.org 2004/05/23 23:59:53 [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5] Add MaxAuthTries sshd config option; ok markus@	2004-05-24 10:36:23 +10:00
Damien Miller	701d0514ee	- (djm) Explain consequences of UsePAM=yes a little better in sshd_config; ok dtucker@	2004-05-23 11:47:58 +10:00
Darren Tucker	0b3b97512f	- millert@cvs.openbsd.org 2003/12/29 16:39:50 [sshd_config] KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK	2003-12-31 11:38:32 +11:00
Darren Tucker	22ef508754	- jakob@cvs.openbsd.org 2003/12/23 16:12:10 [servconf.c servconf.h session.c sshd_config] implement KerberosGetAFSToken server option. ok markus@, beck@	2003-12-31 11:37:34 +11:00
Damien Miller	418a386f2b	- (djm) Clarify UsePAM consequences a little more	2003-11-06 20:27:51 +11:00
Darren Tucker	a49d36e7b9	- markus@cvs.openbsd.org 2003/09/29 20:19:57 [servconf.c sshd_config] GSSAPICleanupCreds -> GSSAPICleanupCredentials	2003-10-02 16:20:54 +10:00
Tim Rice	d4d1815cae	[sshd_config] UsePAM defaults to no.	2003-09-25 19:04:34 -07:00
Damien Miller	1a0c0b9621	- markus@cvs.openbsd.org 2003/08/28 12:54:34 [auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...	2003-09-02 22:51:17 +10:00
Darren Tucker	0efd155c3c	- markus@cvs.openbsd.org 2003/08/22 10:56:09 [auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.	2003-08-26 11:49:55 +10:00
Darren Tucker	ec960f2c93	- markus@cvs.openbsd.org 2003/08/13 08:46:31 [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5] remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others	2003-08-13 20:37:05 +10:00
Darren Tucker	c20c60bc99	- markus@cvs.openbsd.org 2003/07/23 07:42:43 [sshd_config] remove AFS; itojun@	2003-08-02 22:31:45 +10:00
Darren Tucker	b8dae8ece0	20030622 - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2003/06/20 05:48:21 [sshd_config] sync some implemented options; ok markus@	2003-06-22 20:48:45 +10:00
Damien Miller	3a961dc0d3	- (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too	2003-06-03 10:25:48 +10:00
Damien Miller	e3e71247c3	clarify	2003-05-16 12:00:44 +10:00
Damien Miller	2aa0ab463f	- jakob@cvs.openbsd.org 2003/05/15 01:48:10 [readconf.c readconf.h servconf.c servconf.h] always parse kerberos options. ok djm@ markus@ - (djm) Always parse UsePAM	2003-05-15 12:05:28 +10:00
Damien Miller	d681d2602c	- (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/09/25 11:17:16 [sshd_config] sync LoginGraceTime with default	2002-09-27 13:21:57 +10:00
Damien Miller	f771ab75f0	- stevesk@cvs.openbsd.org 2002/08/21 19:38:06 [servconf.c sshd.8 sshd_config sshd_config.5] change LoginGraceTime default to 1 minute; ok mouring@ markus@	2002-09-04 16:25:52 +10:00
Ben Lindstrom	5d860f02ca	- markus@cvs.openbsd.org 2002/07/30 17:03:55 [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5] add PermitUserEnvironment (off by default!); from dot@dotat.at; ok provos, deraadt	2002-08-01 01:28:38 +00:00
Kevin Steves	bdf3e89f1a	20020628 - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented options should contain default value. from solar.	2002-06-27 16:59:50 +00:00
Ben Lindstrom	1b8d730b7d	- markus@cvs.openbsd.org 2002/06/20 23:37:12 [sshd_config] add Compression	2002-06-21 01:11:36 +00:00
Ben Lindstrom	9721e92ba8	- stevesk@cvs.openbsd.org 2002/06/20 20:03:34 [ssh_config sshd_config] refer to config file man page	2002-06-21 01:06:03 +00:00
Ben Lindstrom	fb62a69488	- markus@cvs.openbsd.org 2002/05/15 21:56:38 [servconf.c sshd.8 sshd_config] re-enable privsep and disable setuid for post-3.2.2	2002-06-06 19:47:11 +00:00
Ben Lindstrom	c5c15dde32	- markus@cvs.openbsd.org 2002/05/15 21:02:53 [servconf.c sshd.8 sshd_config] disable privsep and enable setuid for the 3.2.2 release	2002-05-15 21:37:34 +00:00
Ben Lindstrom	bb2ce36d4d	- deraadt@cvs.openbsd.org 2002/05/04 02:39:35 [servconf.c sshd.8 sshd_config] enable privsep by default; provos ok (historical)	2002-05-15 21:35:43 +00:00
Damien Miller	d7de14b6ad	- markus@cvs.openbsd.org 2002/04/22 16:16:53 [servconf.c sshd.8 sshd_config] do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@	2002-04-23 21:04:51 +10:00
Damien Miller	7a8558d3ea	- stevesk@cvs.openbsd.org 2002/04/21 16:19:27 [sshd.8 sshd_config] document default AFSTokenPassing no; ok deraadt@	2002-04-23 20:51:15 +10:00
Ben Lindstrom	fa1336ff47	- markus@cvs.openbsd.org 2002/03/21 20:51:12 [sshd_config] add privsep (off)	2002-03-22 03:40:58 +00:00
Ben Lindstrom	351e919690	- (bal) Update sshd_config CVSID	2002-02-26 17:49:55 +00:00
Damien Miller	95ca7e9f1f	- deraadt@cvs.openbsd.org 2002/02/19 02:50:59 [sshd_config] stategy is not an english word	2002-02-19 15:29:02 +11:00
Damien Miller	05eda437a6	- (djm) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2002/02/09 17:37:34 [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1] move ssh config files to /etc/ssh - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match	2002-02-10 18:32:28 +11:00
Damien Miller	c5d8635d6a	- markus@cvs.openbsd.org 2002/01/29 14:32:03 [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config] s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@	2002-02-05 12:13:41 +11:00
Damien Miller	95c249ff47	- stevesk@cvs.openbsd.org 2002/01/27 14:57:46 [channels.c servconf.c servconf.h session.c sshd.8 sshd_config] add X11UseLocalhost; ok markus@	2002-02-05 12:11:34 +11:00
Tim Rice	1e2c600892	[configure.ac] fix logic on when ssh-rand-helper is installed. [sshd_config] put back in line that tells what PATH was compiled into sshd.	2002-01-30 22:14:03 -08:00
Damien Miller	2bec5c1543	- stevesk@cvs.openbsd.org 2002/01/16 17:40:23 [sshd_config] The stategy now used for options in the default sshd_config shipped with OpenSSH is to specify options with their default value where possible, but leave them commented. Uncommented options change a default value. Subsystem is currently the only default option changed. ok markus@	2002-01-22 23:32:07 +11:00
Damien Miller	9f0f5c64bc	- deraadt@cvs.openbsd.org 2001/12/19 07:18:56 [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else	2001-12-21 14:45:46 +11:00
Ben Lindstrom	15da033b34	- mouring@cvs.openbsd.org 2001/09/20 20:57:51 [sshd_config] CheckMail removed. OKed stevesk@	2001-09-20 23:15:44 +00:00
Ben Lindstrom	f96704d4ef	- markus@cvs.openbsd.org 2001/06/22 21:55:49 [auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config ssh-keygen.1] merge authorized_keys2 into authorized_keys. authorized_keys2 is used for backward compat. (just append authorized_keys2 to authorized_keys).	2001-06-25 04:17:12 +00:00
Ben Lindstrom	c4b7225b8d	- markus@cvs.openbsd.org 2001/05/31 13:08:04 [sshd_config] group options and add some more comments	2001-06-09 01:09:51 +00:00
Ben Lindstrom	bfb3a0e973	- markus@cvs.openbsd.org 2001/05/20 17:20:36 [auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8 sshd_config] configurable authorized_keys{,2} location; originally from peter@; ok djm@	2001-06-05 20:25:05 +00:00
Damien Miller	f815442116	- (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt' (default: off), implies KbdInteractiveAuthentication. Suggestion from markus@	2001-04-25 22:44:14 +10:00
Ben Lindstrom	bdc2beb678	- (bal) CVS ID fix up and slight manpage fix from OpenBSD tree.	2001-04-16 02:11:52 +00:00
Ben Lindstrom	5eabda303a	- markus@cvs.openbsd.org 2001/04/12 19:15:26 [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd_config] implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)	2001-04-12 23:34:34 +00:00
Ben Lindstrom	7bfff36ca3	- stevesk@cvs.openbsd.org 2001/03/25 13:16:11 [servconf.c servconf.h session.c sshd.8 sshd_config] PrintLastLog option; from chip@valinux.com with some minor changes by me. ok markus@	2001-03-26 05:45:53 +00:00
Tim Rice	59ea0a0efd	make sure $bindir is in USER_PATH so scp will work	2001-03-10 13:50:45 -08:00
Ben Lindstrom	4b00c8b40b	- deraadt@cvs.openbsd.org 2001/02/24 10:37:26 [sshd_config] ssh2 rsa key before dsa key	2001-03-05 06:05:35 +00:00
Ben Lindstrom	531a445c3a	- deraadt@cvs.openbsd.org 2001/02/22 18:09:06 [sshd_config] activate RSA 2 key	2001-03-05 05:17:18 +00:00

1 2

74 Commits