Darren Tucker
a4904f7bf1
- (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
...
reality. Pointed out by tryponraj at gmail.com.
2006-02-23 21:35:30 +11:00
Damien Miller
d27b947178
- reyk@cvs.openbsd.org 2005/12/06 22:38:28
...
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Damien Miller
9786e6e2a0
- markus@cvs.openbsd.org 2005/07/25 11:59:40
...
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
[sshconnect2.c sshd.c sshd_config sshd_config.5]
add a new compression method that delays compression until the user
has been authenticated successfully and set compression to 'delayed'
for sshd.
this breaks older openssh clients (< 3.5) if they insist on
compression, so you have to re-enable compression in sshd_config.
ok djm@
2005-07-26 21:54:56 +10:00
Damien Miller
06b75ad56b
- djm@cvs.openbsd.org 2005/05/19 02:40:52
...
[sshd_config]
whitespace nit, from grunk AT pestilenz.org
2005-05-26 12:12:37 +10:00
Darren Tucker
0f38323222
- djm@cvs.openbsd.org 2004/12/23 23:11:00
...
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
bz #898 : support AddressFamily in sshd_config. from
peak@argo.troja.mff.cuni.cz ; ok deraadt@
2005-01-20 10:57:56 +11:00
Darren Tucker
89413dbafa
- dtucker@cvs.openbsd.org 2004/05/23 23:59:53
...
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
Add MaxAuthTries sshd config option; ok markus@
2004-05-24 10:36:23 +10:00
Damien Miller
701d0514ee
- (djm) Explain consequences of UsePAM=yes a little better in sshd_config;
...
ok dtucker@
2004-05-23 11:47:58 +10:00
Darren Tucker
0b3b97512f
- millert@cvs.openbsd.org 2003/12/29 16:39:50
...
[sshd_config]
KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
2003-12-31 11:38:32 +11:00
Darren Tucker
22ef508754
- jakob@cvs.openbsd.org 2003/12/23 16:12:10
...
[servconf.c servconf.h session.c sshd_config]
implement KerberosGetAFSToken server option. ok markus@, beck@
2003-12-31 11:37:34 +11:00
Damien Miller
418a386f2b
- (djm) Clarify UsePAM consequences a little more
2003-11-06 20:27:51 +11:00
Darren Tucker
a49d36e7b9
- markus@cvs.openbsd.org 2003/09/29 20:19:57
...
[servconf.c sshd_config]
GSSAPICleanupCreds -> GSSAPICleanupCredentials
2003-10-02 16:20:54 +10:00
Tim Rice
d4d1815cae
[sshd_config] UsePAM defaults to no.
2003-09-25 19:04:34 -07:00
Damien Miller
1a0c0b9621
- markus@cvs.openbsd.org 2003/08/28 12:54:34
...
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker
0efd155c3c
- markus@cvs.openbsd.org 2003/08/22 10:56:09
...
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Darren Tucker
ec960f2c93
- markus@cvs.openbsd.org 2003/08/13 08:46:31
...
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker
c20c60bc99
- markus@cvs.openbsd.org 2003/07/23 07:42:43
...
[sshd_config]
remove AFS; itojun@
2003-08-02 22:31:45 +10:00
Darren Tucker
b8dae8ece0
20030622
...
- (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/06/20 05:48:21
[sshd_config]
sync some implemented options; ok markus@
2003-06-22 20:48:45 +10:00
Damien Miller
3a961dc0d3
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller
e3e71247c3
clarify
2003-05-16 12:00:44 +10:00
Damien Miller
2aa0ab463f
- jakob@cvs.openbsd.org 2003/05/15 01:48:10
...
[readconf.c readconf.h servconf.c servconf.h]
always parse kerberos options. ok djm@ markus@
- (djm) Always parse UsePAM
2003-05-15 12:05:28 +10:00
Damien Miller
d681d2602c
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2002/09/25 11:17:16
[sshd_config]
sync LoginGraceTime with default
2002-09-27 13:21:57 +10:00
Damien Miller
f771ab75f0
- stevesk@cvs.openbsd.org 2002/08/21 19:38:06
...
[servconf.c sshd.8 sshd_config sshd_config.5]
change LoginGraceTime default to 1 minute; ok mouring@ markus@
2002-09-04 16:25:52 +10:00
Ben Lindstrom
5d860f02ca
- markus@cvs.openbsd.org 2002/07/30 17:03:55
...
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
add PermitUserEnvironment (off by default!); from dot@dotat.at ;
ok provos, deraadt
2002-08-01 01:28:38 +00:00
Kevin Steves
bdf3e89f1a
20020628
...
- (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented
options should contain default value. from solar.
2002-06-27 16:59:50 +00:00
Ben Lindstrom
1b8d730b7d
- markus@cvs.openbsd.org 2002/06/20 23:37:12
...
[sshd_config]
add Compression
2002-06-21 01:11:36 +00:00
Ben Lindstrom
9721e92ba8
- stevesk@cvs.openbsd.org 2002/06/20 20:03:34
...
[ssh_config sshd_config]
refer to config file man page
2002-06-21 01:06:03 +00:00
Ben Lindstrom
fb62a69488
- markus@cvs.openbsd.org 2002/05/15 21:56:38
...
[servconf.c sshd.8 sshd_config]
re-enable privsep and disable setuid for post-3.2.2
2002-06-06 19:47:11 +00:00
Ben Lindstrom
c5c15dde32
- markus@cvs.openbsd.org 2002/05/15 21:02:53
...
[servconf.c sshd.8 sshd_config]
disable privsep and enable setuid for the 3.2.2 release
2002-05-15 21:37:34 +00:00
Ben Lindstrom
bb2ce36d4d
- deraadt@cvs.openbsd.org 2002/05/04 02:39:35
...
[servconf.c sshd.8 sshd_config]
enable privsep by default; provos ok
(historical)
2002-05-15 21:35:43 +00:00
Damien Miller
d7de14b6ad
- markus@cvs.openbsd.org 2002/04/22 16:16:53
...
[servconf.c sshd.8 sshd_config]
do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
2002-04-23 21:04:51 +10:00
Damien Miller
7a8558d3ea
- stevesk@cvs.openbsd.org 2002/04/21 16:19:27
...
[sshd.8 sshd_config]
document default AFSTokenPassing no; ok deraadt@
2002-04-23 20:51:15 +10:00
Ben Lindstrom
fa1336ff47
- markus@cvs.openbsd.org 2002/03/21 20:51:12
...
[sshd_config]
add privsep (off)
2002-03-22 03:40:58 +00:00
Ben Lindstrom
351e919690
- (bal) Update sshd_config CVSID
2002-02-26 17:49:55 +00:00
Damien Miller
95ca7e9f1f
- deraadt@cvs.openbsd.org 2002/02/19 02:50:59
...
[sshd_config]
stategy is not an english word
2002-02-19 15:29:02 +11:00
Damien Miller
05eda437a6
- (djm) OpenBSD CVS Sync
...
- deraadt@cvs.openbsd.org 2002/02/09 17:37:34
[pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
move ssh config files to /etc/ssh
- (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
2002-02-10 18:32:28 +11:00
Damien Miller
c5d8635d6a
- markus@cvs.openbsd.org 2002/01/29 14:32:03
...
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller
95c249ff47
- stevesk@cvs.openbsd.org 2002/01/27 14:57:46
...
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
add X11UseLocalhost; ok markus@
2002-02-05 12:11:34 +11:00
Tim Rice
1e2c600892
[configure.ac] fix logic on when ssh-rand-helper is installed.
...
[sshd_config] put back in line that tells what PATH was compiled into sshd.
2002-01-30 22:14:03 -08:00
Damien Miller
2bec5c1543
- stevesk@cvs.openbsd.org 2002/01/16 17:40:23
...
[sshd_config]
The stategy now used for options in the default sshd_config shipped
with OpenSSH is to specify options with their default value where
possible, but leave them commented. Uncommented options change a
default value. Subsystem is currently the only default option
changed. ok markus@
2002-01-22 23:32:07 +11:00
Damien Miller
9f0f5c64bc
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
...
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom
15da033b34
- mouring@cvs.openbsd.org 2001/09/20 20:57:51
...
[sshd_config]
CheckMail removed. OKed stevesk@
2001-09-20 23:15:44 +00:00
Ben Lindstrom
f96704d4ef
- markus@cvs.openbsd.org 2001/06/22 21:55:49
...
[auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
ssh-keygen.1]
merge authorized_keys2 into authorized_keys.
authorized_keys2 is used for backward compat.
(just append authorized_keys2 to authorized_keys).
2001-06-25 04:17:12 +00:00
Ben Lindstrom
c4b7225b8d
- markus@cvs.openbsd.org 2001/05/31 13:08:04
...
[sshd_config]
group options and add some more comments
2001-06-09 01:09:51 +00:00
Ben Lindstrom
bfb3a0e973
- markus@cvs.openbsd.org 2001/05/20 17:20:36
...
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
sshd_config]
configurable authorized_keys{,2} location; originally from peter@;
ok djm@
2001-06-05 20:25:05 +00:00
Damien Miller
f815442116
- (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
...
(default: off), implies KbdInteractiveAuthentication. Suggestion from
markus@
2001-04-25 22:44:14 +10:00
Ben Lindstrom
bdc2beb678
- (bal) CVS ID fix up and slight manpage fix from OpenBSD tree.
2001-04-16 02:11:52 +00:00
Ben Lindstrom
5eabda303a
- markus@cvs.openbsd.org 2001/04/12 19:15:26
...
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
sshconnect2.c sshd_config]
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)
2001-04-12 23:34:34 +00:00
Ben Lindstrom
7bfff36ca3
- stevesk@cvs.openbsd.org 2001/03/25 13:16:11
...
[servconf.c servconf.h session.c sshd.8 sshd_config]
PrintLastLog option; from chip@valinux.com with some minor
changes by me. ok markus@
2001-03-26 05:45:53 +00:00
Tim Rice
59ea0a0efd
make sure $bindir is in USER_PATH so scp will work
2001-03-10 13:50:45 -08:00
Ben Lindstrom
4b00c8b40b
- deraadt@cvs.openbsd.org 2001/02/24 10:37:26
...
[sshd_config]
ssh2 rsa key before dsa key
2001-03-05 06:05:35 +00:00