Commit Graph

54 Commits

Author SHA1 Message Date
Darren Tucker
a4904f7bf1 - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
reality.  Pointed out by tryponraj at gmail.com.
2006-02-23 21:35:30 +11:00
Damien Miller
b797770da2 - (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2006/01/02 17:09:49
     [ssh_config.5 sshd_config.5]
     some corrections from michael knudsen;
2006-01-03 18:47:31 +11:00
Damien Miller
7b58e80036 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
     [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
     two changes to the new ssh tunnel support. this breaks compatibility
     with the initial commit but is required for a portable approach.
     - make the tunnel id u_int and platform friendly, use predefined types.
     - support configuration of layer 2 (ethernet) or layer 3
     (point-to-point, default) modes. configuration is done using the
     Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
     restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
     in sshd_config(5).
     ok djm@, man page bits by jmc@
2005-12-13 19:33:19 +11:00
Damien Miller
d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Darren Tucker
e2dd2d5baa - djm@cvs.openbsd.org 2005/09/21 23:36:54
[sshd_config.5]
     aquire -> acquire, from stevesk@
2005-10-03 18:19:06 +10:00
Damien Miller
9786e6e2a0 - markus@cvs.openbsd.org 2005/07/25 11:59:40
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
     [sshconnect2.c sshd.c sshd_config sshd_config.5]
     add a new compression method that delays compression until the user
     has been authenticated successfully and set compression to 'delayed'
     for sshd.
     this breaks older openssh clients (< 3.5) if they insist on
     compression, so you have to re-enable compression in sshd_config.
     ok djm@
2005-07-26 21:54:56 +10:00
Damien Miller
3710f278ae - djm@cvs.openbsd.org 2005/05/23 23:32:46
[cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5]
     add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes;
     ok markus@
2005-05-26 12:19:17 +10:00
Damien Miller
1594ad5a78 - djm@cvs.openbsd.org 2005/05/19 02:39:55
[sshd_config.5]
     sort config options, from grunk AT pestilenz.org; ok jmc@
2005-05-26 12:12:19 +10:00
Damien Miller
167ea5d026 - djm@cvs.openbsd.org 2005/04/21 06:17:50
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
     [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
     variable, so don't say that we do (bz #623); ok deraadt@
2005-05-26 12:04:02 +10:00
Darren Tucker
83d5a9866d - jmc@cvs.openbsd.org 2005/03/18 17:05:00
[sshd_config.5]
     typo;
2005-03-31 21:33:50 +10:00
Damien Miller
f91ee4c3de - djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
     [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
     [sshd_config.5]
     bz#413: allow optional specification of bind address for port forwardings.
     Patch originally by Dan Astorian, but worked on by several people
     Adds GatewayPorts=clientspecified option on server to allow remote
     forwards to bind to client-specified ports.
2005-03-01 21:24:33 +11:00
Darren Tucker
9dca099aec - (dtucker) [sshd_config.5] Bug #701: remove warning about
keyboard-interactive since this is no longer the case.
2005-02-01 19:16:45 +11:00
Darren Tucker
b3509014ce - jmc@cvs.openbsd.org 2005/01/08 00:41:19
[sshd_config.5]
     `login'(n) -> `log in'(v);
2005-01-20 11:01:46 +11:00
Darren Tucker
0f38323222 - djm@cvs.openbsd.org 2004/12/23 23:11:00
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     bz #898: support AddressFamily in sshd_config. from
     peak@argo.troja.mff.cuni.cz; ok deraadt@
2005-01-20 10:57:56 +11:00
Darren Tucker
7cc5c23817 - jaredy@cvs.openbsd.org 2004/09/15 03:25:41
[sshd_config.5]
     mention PrintLastLog only prints last login time for interactive
     sessions, like PrintMotd mentions.
     From Michael Knudsen, with wording changed slightly to match the
     PrintMotd description.
     ok djm
2004-11-05 20:06:59 +11:00
Damien Miller
26213e556b - jmc@cvs.openbsd.org 2004/06/26 09:14:40
[sshd_config.5]
     new sentence, new line;
2004-06-30 22:39:34 +10:00
Damien Miller
05202ffe21 - dtucker@cvs.openbsd.org 2004/06/13 14:01:42
[ssh.1 ssh_config.5 sshd_config.5]
     List supported ciphers in man pages, tidy up ssh -c;
     "looks fine" jmc@, ok markus@
2004-06-15 10:30:39 +10:00
Darren Tucker
89413dbafa - dtucker@cvs.openbsd.org 2004/05/23 23:59:53
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
     Add MaxAuthTries sshd config option; ok markus@
2004-05-24 10:36:23 +10:00
Darren Tucker
1dcff9a3a8 - (dtucker) [sshd.8] Bug #843: Add warning about PasswordAuthentication to
UsePAM section.  Parts from djm@ and jmc@.
2004-05-13 16:51:40 +10:00
Darren Tucker
b2a601cc99 - jmc@cvs.openbsd.org 2004/04/28 07:02:56
[sshd_config.5]
     remove unnecessary .Pp;
2004-05-02 22:13:20 +10:00
Darren Tucker
1e0c9bf9fb - djm@cvs.openbsd.org 2004/04/28 05:17:10
[ssh_config.5 sshd_config.5]
     manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu)
2004-05-02 22:12:48 +10:00
Darren Tucker
46bc075474 - djm@cvs.openbsd.org 2004/04/27 09:46:37
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
     ssh_config.5 sshd_config.5]
     bz #815: implement ability to pass specified environment variables from
     the client to the server; ok markus@
2004-05-02 22:11:30 +10:00
Darren Tucker
96cc26b614 - (dtucker) [sshd_config.5] Add PermitRootLogin without-password warning
from bug #701 (text from jfh at cise.ufl.edu).
2004-04-14 13:04:35 +10:00
Damien Miller
8448e66770 - dtucker@cvs.openbsd.org 2004/03/08 10:18:57
[sshd_config.5]
     Document KerberosGetAFSToken;  ok markus@
2004-03-08 23:13:15 +11:00
Damien Miller
05a75b6e5b - jmc@cvs.openbsd.org 2004/02/17 19:35:21
[sshd_config.5]
     remove cruft left over from RhostsAuthentication removal;
     ok markus@
2004-02-18 14:31:23 +11:00
Damien Miller
12c150e7e0 - markus@cvs.openbsd.org 2003/12/09 21:53:37
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
     rename keepalive to tcpkeepalive; the old name causes too much
     confusion; ok djm, dtucker; with help from jmc@
2003-12-17 16:31:10 +11:00
Damien Miller
a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Darren Tucker
6c0c0705e3 - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ 2003-10-09 14:13:53 +10:00
Damien Miller
9b7b03b270 - markus@cvs.openbsd.org 2003/09/01 09:50:04
[sshd_config.5]
     gss kex is not supported; sxw@inf.ed.ac.uk
2003-09-02 22:57:05 +10:00
Damien Miller
1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker
0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Darren Tucker
ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker
6aaa58c470 - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/07/22 13:35:22
     [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
     monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
     ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
     remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
     test+ok henning@
 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.

I hope I got this right....
2003-08-02 22:24:49 +10:00
Darren Tucker
91cf261bd5 20030622
- (dtucker) OpenBSD CVS Sync
   - djm@cvs.openbsd.org 2003/06/20 05:47:58
     [sshd_config.5]
     sync description of protocol 2 cipher proposal; ok markus
2003-06-22 20:46:53 +10:00
Damien Miller
f1ce505daf - jmc@cvs.openbsd.org 2003/06/10 09:12:11
[scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5]
     [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
     - section reorder
     - COMPATIBILITY merge
     - macro cleanup
     - kill whitespace at EOL
     - new sentence, new line
     ssh pages ok markus@
2003-06-11 22:04:39 +10:00
Damien Miller
3a961dc0d3 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller
fbf486b4a6 - jmc@cvs.openbsd.org 2003/05/20 12:09:31
[ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
     new sentence, new line
2003-05-23 18:44:23 +10:00
Damien Miller
2e193e29f0 Put in alphabetical order 2003-05-14 15:13:03 +10:00
Damien Miller
4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
049245d260 - mouring@cvs.openbsd.org 2003/04/30 01:16:20
[sshd.8 sshd_config.5]
     Escape ?, * and ! in .Ql for nroff compatibility.  OpenSSH Portable
     Bug #550 and * escaping suggested by jmc@.
2003-05-14 13:44:42 +10:00
Damien Miller
495dca3518 - (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2003/03/28 10:11:43
     [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
     [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
     - killed whitespace
     - new sentence new line
     - .Bk for arguments
     ok markus@
2003-04-01 21:42:14 +10:00
Damien Miller
5a93add673 - (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2003/01/23 08:58:47
     [sshd_config.5]
     typos; ok millert@
2003-01-24 11:34:52 +11:00
Damien Miller
101c4a7bc9 - stevesk@cvs.openbsd.org 2002/09/16 20:12:11
[sshd_config.5]
     more details on X11Forwarding security issues and threats; ok markus@
2002-09-19 11:51:21 +10:00
Damien Miller
c13486300d - (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/09/04 18:52:42
     [servconf.c sshd.8 sshd_config.5]
     default LoginGraceTime to 2m; 1m may be too short for slow systems.
     ok markus@
2002-09-05 14:35:14 +10:00
Damien Miller
05913badf3 - stevesk@cvs.openbsd.org 2002/08/29 22:54:10
[ssh_config.5 sshd_config.5]
     state XAuthLocation is a full pathname
2002-09-04 16:51:03 +10:00
Damien Miller
f771ab75f0 - stevesk@cvs.openbsd.org 2002/08/21 19:38:06
[servconf.c sshd.8 sshd_config sshd_config.5]
     change LoginGraceTime default to 1 minute; ok mouring@ markus@
2002-09-04 16:25:52 +10:00
Ben Lindstrom
bd9bf38b00 - stevesk@cvs.openbsd.org 2002/08/12 17:30:35
[ssh.1 sshd.8 sshd_config.5]
     more PermitUserEnvironment; ok markus@
2002-08-20 18:54:20 +00:00
Ben Lindstrom
15b6120e63 - stevesk@cvs.openbsd.org 2002/08/09 17:41:12
[sshd_config.5]
     proxy vs. fake display
2002-08-20 18:44:24 +00:00
Ben Lindstrom
1f8cf4f4fb - stevesk@cvs.openbsd.org 2002/08/09 17:21:42
[sshd_config.5]
     use Op for mdoc conformance; from esr@golux.thyrsus.com
     ok aaron@
2002-08-20 18:43:27 +00:00
Ben Lindstrom
5d860f02ca - markus@cvs.openbsd.org 2002/07/30 17:03:55
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
     add PermitUserEnvironment (off by default!); from dot@dotat.at;
     ok provos, deraadt
2002-08-01 01:28:38 +00:00