| Age | Commit message (Collapse) | Author |
|---|
|
[auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
remove support for authorized_keys2; it is a relic from the early days
of protocol v.2 support and has been undocumented for many years;
ok markus@
|
|
[authfile.c]
despam debug() logs by detecting that we are trying to load a private key
in key_try_load_public() and returning early; ok markus@
|
|
[PROTOCOL.mux clientloop.c clientloop.h mux.c]
improve our behaviour when TTY allocation fails: if we are in
RequestTTY=auto mode (the default), then do not treat at TTY
allocation error as fatal but rather just restore the local TTY
to cooked mode and continue. This is more graceful on devices that
never allocate TTYs.
If RequestTTY is set to "yes" or "force", then failure to allocate
a TTY is fatal.
ok markus@
|
|
[ssh.1]
+.It RequestTTY
|
|
[ssh_config.5]
- tweak previous
- come consistency fixes
ok djm
|
|
[PROTOCOL.mux]
fix numbering; from bert.wesarg AT googlemail.com
|
|
[ssh.c]
fix dropping from previous diff
|
|
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
Add a RequestTTY ssh_config option to allow configuration-based
control over tty allocation (like -t/-T); ok markus@
|
|
[readconf.c ssh_config.5]
support negated Host matching, e.g.
Host *.example.org !c.example.org
User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
ok markus@
|
|
[ssh.c ssh_config.5]
add a %L expansion (short-form of the local host name) for ControlPath;
sync some more expansions with LocalCommand; ok markus@
|
|
[packet.c packet.h]
set traffic class for IPv6 traffic as we do for IPv4 TOS;
patch from lionel AT mamane.lu via Colin Watson in bz#1855;
ok markus@
|
|
[sshconnect2.c]
fix memory leak; bz#1849 ok dtucker@
|
|
[sftp.1]
mention that IPv6 addresses must be enclosed in square brackets;
bz#1845
|
|
[sshd_config]
clarify language about overriding defaults. bz#1892, from Petr Cerny
|
|
[mux.c]
gracefully fall back when ControlPath is too large for a
sockaddr_un. ok markus@ as part of a larger diff
|
|
--with-ssl-engine which was broken with the change from deprecated
SSLeay_add_all_algorithms(). ok djm
|
|
for closefrom() in test code. Report from Dan Wallis via Gentoo.
|
|
|
|
so autoreconf 2.68 is happy.
|
|
[authfile.c authfile.h ssh-add.c]
allow "ssh-add - < key"; feedback and ok markus@
|
|
[ssh-keygen.c]
certificate options are supposed to be packed in lexical order of
option name (though we don't actually enforce this at present).
Move one up that was out of sequence
|
|
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
allow graceful shutdown of multiplexing: request that a mux server
removes its listener socket and refuse future multiplexing requests;
ok markus@
|
|
[ssh-keygen.1]
mention valid -b sizes for ECDSA keys; bz#1862
|
|
[ssh-keygen.1]
improve wording; bz#1861
|
|
[sshd.c]
exit with 0 status on SIGTERM; bz#1879
|
|
[ssh-keygen.c]
fix -Wshadow
|
|
[misc.c misc.h servconf.c]
print ipqos friendly string for sshd -T; ok markus
# sshd -Tf sshd_config|grep ipqos
ipqos lowdelay throughput
|
|
[ssh-keygen.c]
use strcasecmp() for "clear" cert permission option also; ok djm
|
|
[ssh-keygen.1]
zap trailing whitespace;
|
|
[ssh-keygen.c]
remove -d, documentation removed >10 years ago; ok markus
|
|
[ssh-keygen.1]
-q not used in /etc/rc now so remove statement.
|
|
[ssh-keygen.1 ssh-keygen.c]
Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa)
for which host keys do not exist, generate the host keys with the
default key file path, an empty passphrase, default bits for the key
type, and default comment. This will be used by /etc/rc to generate
new host keys. Idea from deraadt.
ok deraadt
|
|
[ssh-keyscan.c]
use timerclear macro
ok djm@
|
|
[auth.h]
allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
|
|
- djm@cvs.openbsd.org 2011/03/10 02:52:57
[auth2-gss.c auth2.c]
allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
|
|
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
[ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
[regress/README.regress] Remove ssh-rand-helper and all its
tentacles. PRNGd seeding has been rolled into entropy.c directly.
Thanks to tim@ for testing on affected platforms.
|
|
definitions.
|
|
"It is recommended that your private key files are NOT accessible by others."
since there is no way to skip this check; bz#1878
|
|
|
|
Cygwin-specific service installer script ssh-host-config. The actual
functionality is the same, the revisited version is just more
exact when it comes to check for problems which disallow to run
certain aspects of the script. So, part of this script and the also
rearranged service helper script library "csih" is to check if all
the tools required to run the script are available on the system.
The new script also is more thorough to inform the user why the
script failed. Patch from vinschen at redhat com.
|
|
[ssh-keysign.c]
make hostbased auth with ECDSA keys work correctly. Based on patch
by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
|
generation and simplify. Patch from Corinna Vinschen.
|
|
selinux code. Patch from Leonardo Chiquitto.
|
|
[contrib/suse/openssh.spec] update versions in docs and spec files.
- Release OpenSSH 5.8p1
|
|
[version.h]
openssh-5.8
|
|
[key.c]
fix uninitialised nonce variable; reported by Mateusz Kocielski
|
|
[PROTOCOL.mux]
cut'n'pasto; from bert.wesarg AT googlemail.com
|
|
before attempting setfscreatecon(). Check whether matchpathcon()
succeeded before using its result. Patch from cjwatson AT debian.org;
bz#1851
|
|
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
space changes for consistency/readability. Makes autoconf 2.68 happy.
"Nice work" djm
|
|
- (tim) [config.guess config.sub] Sync with upstream.
|
