Darren Tucker
47eede77ed
- deraadt@cvs.openbsd.org 2005/03/10 22:01:05
...
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
readconf.c bufaux.c sftp.c]
spacing
2005-03-14 23:08:12 +11:00
Damien Miller
f91ee4c3de
- djm@cvs.openbsd.org 2005/03/01 10:09:52
...
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
[misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
[sshd_config.5]
bz#413: allow optional specification of bind address for port forwardings.
Patch originally by Dan Astorian, but worked on by several people
Adds GatewayPorts=clientspecified option on server to allow remote
forwards to bind to client-specified ports.
2005-03-01 21:24:33 +11:00
Darren Tucker
0f38323222
- djm@cvs.openbsd.org 2004/12/23 23:11:00
...
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
bz #898 : support AddressFamily in sshd_config. from
peak@argo.troja.mff.cuni.cz ; ok deraadt@
2005-01-20 10:57:56 +11:00
Darren Tucker
137e9c97e0
- dtucker@cvs.openbsd.org 2004/08/13 11:09:24
...
[servconf.c]
Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr
ok markus@, djm@
2004-08-13 21:30:24 +10:00
Darren Tucker
9fbac71905
- dtucker@cvs.openbsd.org 2004/08/11 11:09:54
...
[servconf.c]
Fix minor leak; "looks right" deraadt@
2004-08-12 22:41:44 +10:00
Darren Tucker
fc9597034b
- deraadt@cvs.openbsd.org 2004/07/11 17:48:47
...
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
sshd.c ttymodes.h]
spaces
2004-07-17 16:12:08 +10:00
Darren Tucker
645ab757bd
- djm@cvs.openbsd.org 2004/06/24 19:30:54
...
[servconf.c servconf.h sshd.c]
re-exec sshd on accept(); initial work, final debugging and ok markus@
2004-06-25 13:33:20 +10:00
Darren Tucker
89413dbafa
- dtucker@cvs.openbsd.org 2004/05/23 23:59:53
...
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
Add MaxAuthTries sshd config option; ok markus@
2004-05-24 10:36:23 +10:00
Darren Tucker
06f2bd8bde
- deraadt@cvs.openbsd.org 2004/05/08 00:01:37
...
[auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c
tildexpand.c], removed: sshtty.h tildexpand.h
make two tiny header files go away; djm ok
2004-05-13 16:06:46 +10:00
Darren Tucker
46bc075474
- djm@cvs.openbsd.org 2004/04/27 09:46:37
...
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
ssh_config.5 sshd_config.5]
bz #815 : implement ability to pass specified environment variables from
the client to the server; ok markus@
2004-05-02 22:11:30 +10:00
Darren Tucker
3c78c5ed2f
- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
...
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
include kafs.h unless necessary. From deengert at anl.gov.
For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
2004-01-23 22:03:10 +11:00
Darren Tucker
409cb328c1
- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
...
Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@
2004-01-05 22:36:51 +11:00
Darren Tucker
22ef508754
- jakob@cvs.openbsd.org 2003/12/23 16:12:10
...
[servconf.c servconf.h session.c sshd_config]
implement KerberosGetAFSToken server option. ok markus@, beck@
2003-12-31 11:37:34 +11:00
Damien Miller
12c150e7e0
- markus@cvs.openbsd.org 2003/12/09 21:53:37
...
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
2003-12-17 16:31:10 +11:00
Darren Tucker
a49d36e7b9
- markus@cvs.openbsd.org 2003/09/29 20:19:57
...
[servconf.c sshd_config]
GSSAPICleanupCreds -> GSSAPICleanupCredentials
2003-10-02 16:20:54 +10:00
Damien Miller
5c3a55846a
- (djm) Sync with V_3_7 branch:
...
- (djm) Fix SSH1 challenge kludge
- (djm) Bug #671 : Fix builds on OpenBSD
- (djm) Bug #676 : Fix PAM stack corruption
- (djm) Fix bad free() in PAM code
- (djm) Don't call pam_end before pam_init
- (djm) Enable build with old OpenSSL again
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2003-09-23 22:12:38 +10:00
Damien Miller
fb10e9abe8
- markus@cvs.openbsd.org 2003/09/01 18:15:50
...
[readconf.c readconf.h servconf.c servconf.h ssh.c]
remove unused kerberos code; ok henning@
2003-09-02 22:58:22 +10:00
Damien Miller
1a0c0b9621
- markus@cvs.openbsd.org 2003/08/28 12:54:34
...
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker
0efd155c3c
- markus@cvs.openbsd.org 2003/08/22 10:56:09
...
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Damien Miller
30912f7259
- (djm) Bug #629 : Mark ssh_config option "pamauthenticationviakbdint"
...
as deprecated. Remove mention from README.privsep. Patch from
aet AT cc.hut.fi
2003-08-26 10:48:14 +10:00
Darren Tucker
ec960f2c93
- markus@cvs.openbsd.org 2003/08/13 08:46:31
...
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker
6aaa58c470
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
2003-08-02 22:24:49 +10:00
Damien Miller
865173ee03
- (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from
...
simon@sxw.org.uk (Also matches a change in OpenBSD a while ago)
2003-06-04 19:06:59 +10:00
Damien Miller
3a961dc0d3
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller
6ac2c48a19
- (djm) Add warning for UsePAM when built without PAM support
2003-05-16 11:42:35 +10:00
Damien Miller
f9b3feb847
- jakob@cvs.openbsd.org 2003/05/15 14:02:47
...
[readconf.c servconf.c]
warn for unsupported config option. ok markus@
2003-05-16 11:38:32 +10:00
Damien Miller
156cbe8c67
- (djm) Enable UsePAM when built --with-pam
2003-05-15 14:16:41 +10:00
Damien Miller
d248b5bd1b
- jakob@cvs.openbsd.org 2003/05/15 04:08:44
...
[readconf.c servconf.c]
disable kerberos when not supported. ok markus@
2003-05-15 14:15:23 +10:00
Damien Miller
2aa0ab463f
- jakob@cvs.openbsd.org 2003/05/15 01:48:10
...
[readconf.c readconf.h servconf.c servconf.h]
always parse kerberos options. ok djm@ markus@
- (djm) Always parse UsePAM
2003-05-15 12:05:28 +10:00
Damien Miller
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
Damien Miller
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
Damien Miller
9f82c8fa4f
- markus@cvs.openbsd.org 2003/02/21 09:05:53
...
[servconf.c]
print sshd_config filename in debug2 mode.
2003-02-24 12:04:33 +11:00
Damien Miller
c13486300d
- (djm) OpenBSD CVS Sync
...
- stevesk@cvs.openbsd.org 2002/09/04 18:52:42
[servconf.c sshd.8 sshd_config.5]
default LoginGraceTime to 2m; 1m may be too short for slow systems.
ok markus@
2002-09-05 14:35:14 +10:00
Damien Miller
f771ab75f0
- stevesk@cvs.openbsd.org 2002/08/21 19:38:06
...
[servconf.c sshd.8 sshd_config sshd_config.5]
change LoginGraceTime default to 1 minute; ok mouring@ markus@
2002-09-04 16:25:52 +10:00
Ben Lindstrom
5d860f02ca
- markus@cvs.openbsd.org 2002/07/30 17:03:55
...
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
add PermitUserEnvironment (off by default!); from dot@dotat.at ;
ok provos, deraadt
2002-08-01 01:28:38 +00:00
Tim Rice
40017b0e7a
(bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c
...
openbsd-compat/Makefile.in] support compression on platforms that
have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c
Based on patch from nalin@redhat.com of code extracted from Owl's package
2002-07-14 13:36:49 -07:00
Ben Lindstrom
6b0c96ab59
- (bal) if mmap() is substandard, don't allow compression on server side.
...
Post 'event' we will add more options.
2002-06-25 03:22:03 +00:00
Ben Lindstrom
e135363422
- deraadt@cvs.openbsd.org 2002/06/23 09:46:51
...
[bufaux.c servconf.c]
minor KNF. things the fingers do while you read
2002-06-23 21:29:23 +00:00
Damien Miller
4903eb4b74
- (djm) Warn and disable compression on platforms which can't handle both
...
useprivilegeseparation=yes and compression=yes
2002-06-21 16:20:44 +10:00
Ben Lindstrom
23e0f667f8
- markus@cvs.openbsd.org 2002/06/20 23:05:56
...
[servconf.c servconf.h session.c sshd.c]
allow Compression=yes/no in sshd_config
2002-06-21 01:09:47 +00:00
Ben Lindstrom
fb62a69488
- markus@cvs.openbsd.org 2002/05/15 21:56:38
...
[servconf.c sshd.8 sshd_config]
re-enable privsep and disable setuid for post-3.2.2
2002-06-06 19:47:11 +00:00
Ben Lindstrom
c5c15dde32
- markus@cvs.openbsd.org 2002/05/15 21:02:53
...
[servconf.c sshd.8 sshd_config]
disable privsep and enable setuid for the 3.2.2 release
2002-05-15 21:37:34 +00:00
Ben Lindstrom
bb2ce36d4d
- deraadt@cvs.openbsd.org 2002/05/04 02:39:35
...
[servconf.c sshd.8 sshd_config]
enable privsep by default; provos ok
(historical)
2002-05-15 21:35:43 +00:00
Damien Miller
d7de14b6ad
- markus@cvs.openbsd.org 2002/04/22 16:16:53
...
[servconf.c sshd.8 sshd_config]
do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
2002-04-23 21:04:51 +10:00
Damien Miller
e4ccf100e0
- (djm) OpenBSD CVS Sync
...
- deraadt@cvs.openbsd.org 2002/04/20 09:02:03
[servconf.c]
No, afs requires explicit enabling
2002-04-23 20:40:28 +10:00
Damien Miller
fd4c9eee25
- (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk>
2002-04-13 11:04:40 +10:00
Ben Lindstrom
c743134191
- stevesk@cvs.openbsd.org 2002/03/20 19:12:25
...
[servconf.c servconf.h ssh.h sshd.c]
for unprivileged user, group do:
pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
2002-03-22 03:11:49 +00:00
Ben Lindstrom
7a7edf77ed
- stevesk@cvs.openbsd.org 2002/03/19 03:03:43
...
[pathnames.h servconf.c servconf.h sshd.c]
_PATH_PRIVSEP_CHROOT_DIR; ok provos@
2002-03-22 02:42:37 +00:00
Ben Lindstrom
01426a67c8
- stevesk@cvs.openbsd.org 2002/03/18 23:52:51
...
[servconf.c]
UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
provos@
2002-03-22 02:40:03 +00:00