Darren Tucker
e730118bf4
- andreas@cvs.openbsd.org 2009/10/24 11:22:37
...
[roaming_common.c]
Do the actual suspend/resume in the client. This won't be useful until
the server side supports roaming.
Most code from Martin Forssen, maf at appgate dot com. Some changes by
me and markus@
ok markus@
2010-01-08 16:53:31 +11:00
Darren Tucker
f9e6eb8f22
- andreas@cvs.openbsd.org 2009/10/24 11:19:17
...
[ssh2.h]
Define the KEX messages used when resuming a suspended connection.
ok markus@
2010-01-08 16:52:32 +11:00
Darren Tucker
e32cf43106
- andreas@cvs.openbsd.org 2009/10/24 11:15:29
...
[clientloop.c]
client_loop() must detect if the session has been suspended and resumed,
and take appropriate action in that case.
From Martin Forssen, maf at appgate dot com
ok markus@
2010-01-08 16:51:40 +11:00
Darren Tucker
36331b5d6c
- andreas@cvs.openbsd.org 2009/10/24 11:13:54
...
[sshconnect2.c kex.h kex.c]
Let the client detect if the server supports roaming by looking
for the resume@appgate.com kex algorithm.
ok markus@
2010-01-08 16:50:41 +11:00
Darren Tucker
b7b17be4c0
- andreas@cvs.openbsd.org 2009/10/24 11:11:58
...
[roaming.h]
Declarations needed for upcoming changes.
ok markus@
2010-01-08 16:49:52 +11:00
Tim Rice
880ab0d84e
- (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
...
Gzip all man pages. Patch from Corinna Vinschen.
2009-12-26 15:40:47 -08:00
Darren Tucker
1bf3503c9d
- (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]
...
Bug #1583 : Use system's kerberos principal name on AIX if it's available.
Based on a patch from and tested by Miguel Sanders.
2009-12-21 10:49:21 +11:00
Darren Tucker
c8802aac28
- (dtucker) Bug #1470 : Disable OOM-killing of the listening sshd on Linux,
...
based on a patch from Vaclav Ovsik and Colin Watson. ok djm.
2009-12-08 13:39:48 +11:00
Darren Tucker
d35e0ef616
- (dtucker) Bug #1677 : add conditionals around the source for ssh-askpass.
2009-12-07 11:32:36 +11:00
Darren Tucker
1533311f4c
- (dtucker) Bug #1160 : use pkg-config for opensc config if it's available.
...
Tested by Martin Paljak.
2009-12-07 11:15:43 +11:00
Tim Rice
53e9974007
- (tim) [opensshd.init.in] If PidFile is set in sshd_config, use it.
...
Bug 1628. OK dtucker@
2009-11-20 19:32:15 -08:00
Damien Miller
409661f0d9
- (djm) [ssh-rand-helper.c] Print error and usage() when passed command-
...
line arguments as none are supported. Exit when passed unrecognised
commandline flags. bz#1568 from gson AT araneus.fi
2009-11-20 15:16:35 +11:00
Damien Miller
2191e04549
- (djm) [contrib/gnome-ssh-askpass2.c] Make askpass dialog desktop-modal.
...
bz#1645, patch from jchadima AT redhat.com
2009-11-18 17:51:59 +11:00
Damien Miller
04ee0f8f12
- (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
...
set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
report and fix from jan.kratochvil AT redhat.com
2009-11-18 17:48:30 +11:00
Darren Tucker
df6578bb4d
- (dtucker) [authfile.c] Fall back to 3DES for the encryption of private
...
keys when built with OpenSSL versions that don't do AES.
2009-11-07 16:03:14 +11:00
Darren Tucker
e89ed1cfca
- (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with
...
older versions of OpenSSL.
2009-11-05 20:43:16 +11:00
Darren Tucker
4d6656b103
- (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637 : if selinux
...
is enabled set the security context to "sftpd_t" before running the
internal sftp server Based on a patch from jchadima at redhat.
2009-10-24 15:04:12 +11:00
Darren Tucker
6ac91a7c83
- (dtucker) [mdoc2man.awk] Teach it to understand the .Ux macro.
2009-10-24 11:52:42 +11:00
Darren Tucker
199ee6ff07
- dtucker@cvs.openbsd.org 2009/10/24 00:48:34
...
[ssh-keygen.1]
ssh-keygen now uses AES-128 for private keys
2009-10-24 11:50:17 +11:00
Darren Tucker
2f29a8caba
- djm@cvs.openbsd.org 2009/10/23 01:57:11
...
[sshconnect2.c]
disallow a hostile server from checking jpake auth by sending an
out-of-sequence success message. (doesn't affect code enabled by default)
2009-10-24 11:47:58 +11:00
Darren Tucker
dfb9b71650
- djm@cvs.openbsd.org 2009/10/22 22:26:13
...
[authfile.c]
switch from 3DES to AES-128 for encryption of passphrase-protected
SSH protocol 2 private keys; ok several
2009-10-24 11:46:43 +11:00
Darren Tucker
98c9aec30e
- sobrado@cvs.openbsd.org 2009/10/22 15:02:12
...
[ssh-agent.1 ssh-add.1 ssh.1]
write UNIX-domain in a more consistent way; while here, replace a
few remaining ".Tn UNIX" macros with ".Ux" ones.
pointed out by ratchov@, thanks!
ok jmc@
2009-10-24 11:42:44 +11:00
Darren Tucker
ae69e1d010
- sobrado@cvs.openbsd.org 2009/10/22 12:35:53
...
[ssh.1 ssh-agent.1 ssh-add.1]
use the UNIX-related macros (.At and .Ux) where appropriate.
ok jmc@
2009-10-24 11:41:34 +11:00
Darren Tucker
49b7e23545
- sobrado@cvs.openbsd.org 2009/10/17 12:10:39
...
[sftp-server.c]
sort flags.
2009-10-24 11:41:05 +11:00
Darren Tucker
1b118881b8
- (dtucker) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2009/10/11 23:03:15
[hostfile.c]
mention the host name that we are looking for in check_host_in_hostfile()
2009-10-24 11:40:32 +11:00
Darren Tucker
e23a79cbed
- markus@cvs.openbsd.org 2009/10/08 18:04:27
...
[regress/test-exec.sh]
re-enable protocol v1 for the tests.
2009-10-12 09:37:22 +11:00
Darren Tucker
438b47320c
- dtucker@cvs.openbsd.org 2009/10/11 10:41:26
...
[sftp-client.c]
d_type isn't portable so use lstat to get dirent modes. Suggested by and
"looks sane" deraadt@
2009-10-11 21:52:10 +11:00
Darren Tucker
7a4a76579e
- jmc@cvs.openbsd.org 2009/10/08 20:42:12
...
[sshd_config.5 ssh_config.5 sshd.8 ssh.1]
some tweaks now that protocol 1 is not offered by default; ok markus
2009-10-11 21:51:40 +11:00
Darren Tucker
bad5076bb5
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2009/10/08 14:03:41
[sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
disable protocol 1 by default (after a transition period of about 10 years)
ok deraadt
2009-10-11 21:51:08 +11:00
Darren Tucker
c182d99376
- (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
...
dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
lstat.
2009-10-11 21:50:20 +11:00
Darren Tucker
538738d861
- (dtucker) d_type is not mandated by POSIX, so add fallback code using
...
stat(), needed on at least cygwin.
2009-10-07 18:56:10 +11:00
Darren Tucker
4adeac764e
- (dtucker) [configure.ac sftp-client.c] DOTTIF is in fs/ffs/dir.h on at
...
least dragonflybsd.
2009-10-07 15:49:48 +11:00
Darren Tucker
a25ab01845
- (dtucker) [regress/portnum.sh] Import new test.
2009-10-07 11:00:58 +11:00
Darren Tucker
b99c6e1499
fix id
2009-10-07 10:58:40 +11:00
Darren Tucker
b707a24382
- dtucker@cvs.openbsd.org 2009/10/06 23:51:49
...
[regress/ssh2putty.sh]
Add OpenBSD tag to make syncs easier
2009-10-07 10:54:31 +11:00
Darren Tucker
c863895e0a
- djm@cvs.openbsd.org 2009/08/20 18:43:07
...
[ssh-com-sftp.sh]
fix one sftp -D ... => sftp -P ... conversion that I missed; from Carlos
Silva for Google Summer of Code
2009-10-07 10:46:29 +11:00
Darren Tucker
ed6b0c5fc2
- djm@cvs.openbsd.org 2009/08/13 01:11:55
...
[sftp-batch.sh sftp-badcmds.sh sftp.sh sftp-cmds.sh sftp-glob.sh]
date: 2009/08/13 01:11:19; author: djm; state: Exp; lines: +10 -7
Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path",
add "-P port" to match scp(1). Fortunately, the -P option is only really
used by our regression scripts.
part of larger patch from carlosvsilvapt@gmail.com for his Google Summer
of Code work; ok deraadt markus
2009-10-07 10:43:57 +11:00
Darren Tucker
287b9329c5
- djm@cvs.openbsd.org 2009/08/13 00:57:17
...
[regress/Makefile]
regression test for port number parsing. written as part of the a2port
change that went into 5.2 but I forgot to commit it at the time...
2009-10-07 10:31:56 +11:00
Darren Tucker
7988553585
- dtucker@cvs.openbsd.org 2009/05/05 07:51:36
...
[regress/multiplex.sh]
Always specify ssh_config for multiplex tests: prevents breakage caused
by options in ~/.ssh/config. From Dan Peterson.
2009-10-07 10:30:57 +11:00
Darren Tucker
7023d161d8
- djm@cvs.openbsd.org 2008/12/07 22:17:48
...
[regress/addrmatch.sh]
match string "passwordauthentication" only at start of line, not anywhere
in sshd -T output
2009-10-07 10:30:06 +11:00
Darren Tucker
695ed397a5
- djm@cvs.openbsd.org 2009/10/06 04:46:40
...
[session.c]
bz#1596: fflush(NULL) before exec() to ensure that everying (motd
in particular) has made it out before the streams go away.
2009-10-07 09:02:18 +11:00
Darren Tucker
759cb2a49a
- grunk@cvs.openbsd.org 2009/10/01 11:37:33
...
[dh.c]
fix a cast
ok djm@ markus@
2009-10-07 09:01:50 +11:00
Darren Tucker
72473c6b09
- djm@cvs.openbsd.org 2009/09/01 14:43:17
...
[ssh-agent.c]
fix a race condition in ssh-agent that could result in a wedged or
spinning agent: don't read off the end of the allocated fd_sets, and
don't issue blocking read/write on agent sockets - just fall back to
select() on retriable read/write errors. bz#1633 reported and tested
by "noodle10000 AT googlemail.com"; ok dtucker@ markus@
2009-10-07 09:01:03 +11:00
Darren Tucker
7bee06ab3b
- djm@cvs.openbsd.org 2009/08/31 21:01:29
...
[sftp-server.8]
document -e and -h; prodded by jmc@
2009-10-07 08:47:47 +11:00
Darren Tucker
30359e19ec
- djm@cvs.openbsd.org 2009/08/31 20:56:02
...
[sftp-server.c]
check correct variable for error message, spotted by martynas@
2009-10-07 08:47:24 +11:00
Darren Tucker
893d73549d
- djm@cvs.openbsd.org 2009/08/27 17:44:52
...
[authfd.c ssh-add.c authfd.h]
Do not fall back to adding keys without contraints (ssh-add -c / -t ...)
when the agent refuses the constrained add request. This was a useful
migration measure back in 2002 when constraints were new, but just
adds risk now.
bz #1612 , report and patch from dkg AT fifthhorseman.net; ok markus@
2009-10-07 08:47:02 +11:00
Darren Tucker
6b286a4682
- djm@cvs.openbsd.org 2009/08/27 17:43:00
...
[sftp-server.8]
allow setting an explicit umask on the commandline to override whatever
default the user has. bz#1229; ok dtucker@ deraadt@ markus@
2009-10-07 08:46:21 +11:00
Darren Tucker
9bcd25b78b
- djm@cvs.openbsd.org 2009/08/27 17:33:49
...
[ssh-keygen.c]
force use of correct hash function for random-art signature display
as it was inheriting the wrong one when bubblebabble signatures were
activated; bz#1611 report and patch from fwojcik+openssh AT besh.com;
ok markus@
2009-10-07 08:45:48 +11:00
Darren Tucker
7dc4850ce8
- djm@cvs.openbsd.org 2009/08/27 17:28:52
...
[sftp-server.c]
allow setting an explicit umask on the commandline to override whatever
default the user has. bz#1229; ok dtucker@ deraadt@ markus@
2009-10-07 08:44:42 +11:00
Darren Tucker
8ec4fd8e3c
- dtucker@cvs.openbsd.org 2009/08/20 23:54:28
...
[mux.c]
subsystem_flag is defined in ssh.c so it's extern; ok djm
2009-10-07 08:39:57 +11:00