Commit Graph

75 Commits

Author SHA1 Message Date
Darren Tucker a4904f7bf1 - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
reality.  Pointed out by tryponraj at gmail.com.
2006-02-23 21:35:30 +11:00
Damien Miller d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Damien Miller 9786e6e2a0 - markus@cvs.openbsd.org 2005/07/25 11:59:40
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
     [sshconnect2.c sshd.c sshd_config sshd_config.5]
     add a new compression method that delays compression until the user
     has been authenticated successfully and set compression to 'delayed'
     for sshd.
     this breaks older openssh clients (< 3.5) if they insist on
     compression, so you have to re-enable compression in sshd_config.
     ok djm@
2005-07-26 21:54:56 +10:00
Damien Miller 06b75ad56b - djm@cvs.openbsd.org 2005/05/19 02:40:52
[sshd_config]
     whitespace nit, from grunk AT pestilenz.org
2005-05-26 12:12:37 +10:00
Darren Tucker 0f38323222 - djm@cvs.openbsd.org 2004/12/23 23:11:00
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     bz #898: support AddressFamily in sshd_config. from
     peak@argo.troja.mff.cuni.cz; ok deraadt@
2005-01-20 10:57:56 +11:00
Darren Tucker 89413dbafa - dtucker@cvs.openbsd.org 2004/05/23 23:59:53
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
     Add MaxAuthTries sshd config option; ok markus@
2004-05-24 10:36:23 +10:00
Damien Miller 701d0514ee - (djm) Explain consequences of UsePAM=yes a little better in sshd_config;
ok dtucker@
2004-05-23 11:47:58 +10:00
Darren Tucker 0b3b97512f - millert@cvs.openbsd.org 2003/12/29 16:39:50
[sshd_config]
     KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
2003-12-31 11:38:32 +11:00
Darren Tucker 22ef508754 - jakob@cvs.openbsd.org 2003/12/23 16:12:10
[servconf.c servconf.h session.c sshd_config]
     implement KerberosGetAFSToken server option. ok markus@, beck@
2003-12-31 11:37:34 +11:00
Damien Miller 418a386f2b - (djm) Clarify UsePAM consequences a little more 2003-11-06 20:27:51 +11:00
Darren Tucker a49d36e7b9 - markus@cvs.openbsd.org 2003/09/29 20:19:57
[servconf.c sshd_config]
     GSSAPICleanupCreds -> GSSAPICleanupCredentials
2003-10-02 16:20:54 +10:00
Tim Rice d4d1815cae [sshd_config] UsePAM defaults to no. 2003-09-25 19:04:34 -07:00
Damien Miller 1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker 0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Darren Tucker ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker c20c60bc99 - markus@cvs.openbsd.org 2003/07/23 07:42:43
[sshd_config]
     remove AFS; itojun@
2003-08-02 22:31:45 +10:00
Darren Tucker b8dae8ece0 20030622
- (dtucker) OpenBSD CVS Sync
   - djm@cvs.openbsd.org 2003/06/20 05:48:21
     [sshd_config]
     sync some implemented options; ok markus@
2003-06-22 20:48:45 +10:00
Damien Miller 3a961dc0d3 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller e3e71247c3 clarify 2003-05-16 12:00:44 +10:00
Damien Miller 2aa0ab463f - jakob@cvs.openbsd.org 2003/05/15 01:48:10
[readconf.c readconf.h servconf.c servconf.h]
     always parse kerberos options. ok djm@ markus@
 - (djm) Always parse UsePAM
2003-05-15 12:05:28 +10:00
Damien Miller d681d2602c - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/09/25 11:17:16
     [sshd_config]
     sync LoginGraceTime with default
2002-09-27 13:21:57 +10:00
Damien Miller f771ab75f0 - stevesk@cvs.openbsd.org 2002/08/21 19:38:06
[servconf.c sshd.8 sshd_config sshd_config.5]
     change LoginGraceTime default to 1 minute; ok mouring@ markus@
2002-09-04 16:25:52 +10:00
Ben Lindstrom 5d860f02ca - markus@cvs.openbsd.org 2002/07/30 17:03:55
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
     add PermitUserEnvironment (off by default!); from dot@dotat.at;
     ok provos, deraadt
2002-08-01 01:28:38 +00:00
Kevin Steves bdf3e89f1a 20020628
- (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented
   options should contain default value.  from solar.
2002-06-27 16:59:50 +00:00
Ben Lindstrom 1b8d730b7d - markus@cvs.openbsd.org 2002/06/20 23:37:12
[sshd_config]
     add Compression
2002-06-21 01:11:36 +00:00
Ben Lindstrom 9721e92ba8 - stevesk@cvs.openbsd.org 2002/06/20 20:03:34
[ssh_config sshd_config]
     refer to config file man page
2002-06-21 01:06:03 +00:00
Ben Lindstrom fb62a69488 - markus@cvs.openbsd.org 2002/05/15 21:56:38
[servconf.c sshd.8 sshd_config]
     re-enable privsep and disable setuid for post-3.2.2
2002-06-06 19:47:11 +00:00
Ben Lindstrom c5c15dde32 - markus@cvs.openbsd.org 2002/05/15 21:02:53
[servconf.c sshd.8 sshd_config]
     disable privsep and enable setuid for the 3.2.2 release
2002-05-15 21:37:34 +00:00
Ben Lindstrom bb2ce36d4d - deraadt@cvs.openbsd.org 2002/05/04 02:39:35
[servconf.c sshd.8 sshd_config]
     enable privsep by default; provos ok
(historical)
2002-05-15 21:35:43 +00:00
Damien Miller d7de14b6ad - markus@cvs.openbsd.org 2002/04/22 16:16:53
[servconf.c sshd.8 sshd_config]
     do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
2002-04-23 21:04:51 +10:00
Damien Miller 7a8558d3ea - stevesk@cvs.openbsd.org 2002/04/21 16:19:27
[sshd.8 sshd_config]
     document default AFSTokenPassing no; ok deraadt@
2002-04-23 20:51:15 +10:00
Ben Lindstrom fa1336ff47 - markus@cvs.openbsd.org 2002/03/21 20:51:12
[sshd_config]
     add privsep (off)
2002-03-22 03:40:58 +00:00
Ben Lindstrom 351e919690 - (bal) Update sshd_config CVSID 2002-02-26 17:49:55 +00:00
Damien Miller 95ca7e9f1f - deraadt@cvs.openbsd.org 2002/02/19 02:50:59
[sshd_config]
     stategy is not an english word
2002-02-19 15:29:02 +11:00
Damien Miller 05eda437a6 - (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/02/09 17:37:34
     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
     move ssh config files to /etc/ssh
 - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
2002-02-10 18:32:28 +11:00
Damien Miller c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller 95c249ff47 - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
     add X11UseLocalhost; ok markus@
2002-02-05 12:11:34 +11:00
Tim Rice 1e2c600892 [configure.ac] fix logic on when ssh-rand-helper is installed.
[sshd_config] put back in line that tells what PATH was compiled into sshd.
2002-01-30 22:14:03 -08:00
Damien Miller 2bec5c1543 - stevesk@cvs.openbsd.org 2002/01/16 17:40:23
[sshd_config]
     The stategy now used for options in the default sshd_config shipped
     with OpenSSH is to specify options with their default value where
     possible, but leave them commented.  Uncommented options change a
     default value.  Subsystem is currently the only default option
     changed.  ok markus@
2002-01-22 23:32:07 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom 15da033b34 - mouring@cvs.openbsd.org 2001/09/20 20:57:51
[sshd_config]
     CheckMail removed.  OKed stevesk@
2001-09-20 23:15:44 +00:00
Ben Lindstrom f96704d4ef - markus@cvs.openbsd.org 2001/06/22 21:55:49
[auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
      ssh-keygen.1]
     merge authorized_keys2 into authorized_keys.
     authorized_keys2 is used for backward compat.
     (just append authorized_keys2 to authorized_keys).
2001-06-25 04:17:12 +00:00
Ben Lindstrom c4b7225b8d - markus@cvs.openbsd.org 2001/05/31 13:08:04
[sshd_config]
     group options and add some more comments
2001-06-09 01:09:51 +00:00
Ben Lindstrom bfb3a0e973 - markus@cvs.openbsd.org 2001/05/20 17:20:36
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
      sshd_config]
     configurable authorized_keys{,2} location; originally from peter@;
     ok djm@
2001-06-05 20:25:05 +00:00
Damien Miller f815442116 - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
(default: off), implies KbdInteractiveAuthentication. Suggestion from
   markus@
2001-04-25 22:44:14 +10:00
Ben Lindstrom bdc2beb678 - (bal) CVS ID fix up and slight manpage fix from OpenBSD tree. 2001-04-16 02:11:52 +00:00
Ben Lindstrom 5eabda303a - markus@cvs.openbsd.org 2001/04/12 19:15:26
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
      compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
      servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
      sshconnect2.c sshd_config]
     implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
     similar to RhostRSAAuthentication unless you enable (the experimental)
     HostbasedUsesNameFromPacketOnly option.  please test. :)
2001-04-12 23:34:34 +00:00
Ben Lindstrom 7bfff36ca3 - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
[servconf.c servconf.h session.c sshd.8 sshd_config]
     PrintLastLog option; from chip@valinux.com with some minor
     changes by me.  ok markus@
2001-03-26 05:45:53 +00:00
Tim Rice 59ea0a0efd make sure $bindir is in USER_PATH so scp will work 2001-03-10 13:50:45 -08:00
Ben Lindstrom 4b00c8b40b - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
[sshd_config]
     ssh2 rsa key before dsa key
2001-03-05 06:05:35 +00:00