| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- now in protocol2:
Background ssh at logout when waiting for forwarded connection / X11 sessions
to terminate
disabled -DSKEY
from Changelog (not complete):
20011115
- (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
<djast@cs.toronto.edu> Fix from markus@
- (djm) Release 3.0.1p1
20011113
- (djm) Fix early (and double) free of remote user when using Kerberos.
Patch from Simon Wilkinson <simon@sxw.org.uk>
- (djm) AIX login{success,failed} changes. Move loginsuccess call to
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
K.Wolkersdorfer@fz-juelich.de and others
- (djm) OpenBSD CVS Sync
- dugsong@cvs.openbsd.org 2001/11/11 18:47:10
[auth-krb5.c]
fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
art@, deraadt@ ok
- markus@cvs.openbsd.org 2001/11/12 11:17:07
[servconf.c]
enable authorized_keys2 again. tested by fries@
20011112
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/10/24 08:41:41
[sshd.c]
mention remote port in debug message
- markus@cvs.openbsd.org 2001/10/24 08:51:35
[clientloop.c ssh.c]
ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
- markus@cvs.openbsd.org 2001/10/24 19:57:40
[clientloop.c]
make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
- markus@cvs.openbsd.org 2001/10/25 21:14:32
[ssh-keygen.1 ssh-keygen.c]
better docu for fingerprinting, ok deraadt@
- markus@cvs.openbsd.org 2001/10/29 19:27:15
[sshconnect2.c]
hostbased: check for client hostkey before building chost
- markus@cvs.openbsd.org 2001/11/07 16:03:17
[packet.c packet.h sshconnect2.c]
pad using the padding field from the ssh2 packet instead of sending
extra ignore messages. tested against several other ssh servers.
- markus@cvs.openbsd.org 2001/11/07 21:40:21
[ssh-rsa.c]
ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
- markus@cvs.openbsd.org 2001/11/07 22:10:28
[ssh-dss.c ssh-rsa.c]
missing free and sync dss/rsa code.
- markus@cvs.openbsd.org 2001/11/07 22:53:21
[channels.h]
crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
- markus@cvs.openbsd.org 2001/11/08 10:51:08
[readpass.c]
don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
- markus@cvs.openbsd.org 2001/11/10 13:22:42
[ssh-rsa.c]
KNF (unexpand)
- markus@cvs.openbsd.org 2001/11/11 13:02:31
[servconf.c]
make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if
AuthorizedKeysFile is specified.
20011109
- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
if permit_empty_passwd == 0 so null password check cannot be bypassed.
jayaraj@amritapuri.com OpenBSD bug 2168
|
| |
|
|
| |
It does no harm, so a second bump of PORTVERSION is not needed.
|
| |
|
|
|
|
| |
- Bumped PORTREVISION
Submitted by: ryanb@goddamnbastard.org
|
| |
|
|
|
|
| |
- convert portname into lowercase
- PREFIX support for default sshd_config
- security-patch for cookie files obsolete
|
| |
|
|
|
| |
PR: 28921
Submitted by: aito@sets.ne.jp
|
| |
|
|
|
|
|
|
|
|
|
|
| |
when used standard login via telnet or console
However when used openssh, then sshd does not setup LANG & MM_CHARSET into envir
onment for user in russian class
Code for this operation did not exists in openssh port !
PR: 21146
Submitted by: odip@bionet.nsc.ru
|
| |
|
|
|
|
| |
Forwarded by dwcjr
Submitted by: Udo.Schweigert@cert.siemens.de
|
| |
|
|
|
|
|
| |
file, nullifying the effects of a race.
- Bump PORTREVISION
Submitted by: green@FreeBSD.org
|
| |
|
|
|
|
|
|
|
|
|
| |
- Features:
Possible use of sftp/sftp-server with older FreeBSD releases.
Use a newer version independently from the Base system.
Easier to test and fix possible security bugs.
- Bugs:
build of pam_ssm.so isn't be supported any more
Any file named "cookie" can be deleted by this and any older "sshd"
with X11 Forwarding.
|
| |
|
|
| |
PORTREVISION.
|
| |
|
|
|
|
|
| |
Michal Zalewski of the Bindview RAZOR Team, and some patches to hopefully
deal with compilation on older versions of FreeBSD.
Submitted by: alfred
|
| |
|
|
| |
forwarding requests.
|
| |
|
|
|
|
| |
ports-based OpenSSH. OpenSSH has been in the base system for more
than long enough to justify not having to maintain two separate
FreeBSD versions of OpenSSH.
|
| |
|
|
| |
Mostly submitted by: Mark A Gebert <geeb@thugsrus.org>
|
| | |
|
| |
|
|
|
|
|
| |
think that it's good to immediately switch to the newest API, despite
the old API call being left deliberately compatible so that that wouldn't
have to happen. OpenSSL_add_all_algorithms() is now, again,
SSLeay_add_all_algorithms.
|
| |
|
|
|
|
| |
so turn off use_login if there's a command.
Submitted by: Vadim Vygonets <vadik@cs.huji.ac.il>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
not needed for the port.
Big thanks to Issei-san for doing the majority of the work necessary for
this upgrade!
Submitted by: Issei Suzuki <issei@jp.FreeBSD.org>
|
| |
|
|
|
| |
this release is mostly the support for lots of ssh2. Note that SSH2 is
not fully supported here yet, but it's mostly there; see README.openssh2.
|
| | |
|
| |
|
|
| |
PR: ports/17491
|
| | |
|
| |
|
|
|
|
|
|
|
| |
For green's honor, the patch I sent him for review was correct.
But because it is one line fix, I hand merged it into my
cvs committing environment, and then mistake happend.
This time, I applied correct fix which should have been aplied
at last commit.
|
| | |
|
| |
|
|
|
|
| |
install(1)s.
Submitted by: Jim Archuleta <JimArchuleta@usa.net>
|
| |
|
|
|
|
|
| |
Without this fix, still query to AAAA recored happens even if
-4 options is specified.
Reviewed by: green
|
| |
|
|
|
| |
addresses, the client couldn't connect to the server via IPv4 because
the client gave up on first rresevport_af().
|
| |
|
|
| |
Submitted by: kris
|
| |
|
|
| |
Suggested by: green
|
| |
|
|
|
|
|
|
| |
- add 'ipv6' on CATEGORIES
- use ${OSVERSION} instead of ${USE_INET6} for checking getaddrinfo()
existence.
- fix broken ${ECHO_MSG}
- avoid duplicate copying rcmd.c
|
| |
|
|
|
|
| |
for people after what time my system was previously made. Sorry.
Submitted by: sumikawa
|
| |
|
|
|
|
|
|
| |
IPv6 support!!
Thank you very much, Sumikawa san.
Submitted by: Munechika SUMIKAWA <sumikawa@ebina.hitachi.co.jp>
|
| |
|
|
|
|
|
|
|
|
| |
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used. XDM and its variants
should now work without modification. Note that the new code uses
the macros in <sys/queue.h>.
Submitted by: Andrew J. Korty <ajk@iu.edu>
|
| |
|
|
|
|
|
|
|
| |
The version is now 1.2.1, from 1.2. You can mv your old distfiles/OpenSSH-1.2
dir to distfiles/OpenSSH-1.2.1, if you want to not waste time/space.
Some minor nits have been fixed, and a couple bugs. One sizeof(len)
should have just been len, and, in markus's words,
"fix get_remote_port() and friends for sshd -i".
|
| |
|
|
|
|
|
|
|
|
| |
updated to today's snapshot of OpenSSH.
Various updates from the latest ${CVS_DATE}, and requisite patch
changes, are the "big new thing". Nothing major has changed; the
biggest ones would be using atomicio() in a lot of places and a
fix for a SIGHUP not updating sshd(8)'s configuration until the
next connection.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenBSD OpenSSH front), add ConnectionsPerPeriod to prevent DoS via
running the system out of resources. In reality, this wouldn't
be a full DoS, but would make a system slower, but this is a better
thing to do than let the system get loaded down.
So here we are, rate-limiting. The default settings are now:
Five connections are allowed to authenticate (and not be rejected) in
a period of ten seconds.
One minute is given for login grace time.
More work in this area is being done by alfred@FreeBSD.org and
markus@OpenBSD.org, at the very least. This is, essentially, a
stopgap solution; however, it is a properly implemented and documented
one, and has an easily modifiable framework.
|
| |
|
|
| |
come, soon.
|
| |
|
|
|
|
|
|
|
| |
"login auth sufficient pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)
PR: 15158
Submitted by: Andrew J. Korty <ajk@waterspout.com>
Reviewed by: obrien
|
| |
|
|
|
|
|
| |
change of KNFization being finalized :)
Patches had to be modified, but should look "better" according to
style(9), now.
|
| |
|
|
|
|
| |
problem several people have reported with make.conf setting ${CFLAGS}.
Partially submitted by: Jos Backus <Jos.Backus@nl.origin-it.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
obsoleting a couple patches (it's the same code, though, except for
additions).
This also brings in KNFization of everything (please hold the cheering
down :) and made me reroll all my patches.
My patches have been almost entirely rewritten. The places are the
same, but the code's rewritten. It fits with the style (KNF) now,
and looks better.
I've also added strlcat.c to the build, which, just like strlcpy.c, is
necessary for compatibility with older libcs. After strlcat() snuck
into the OpenSSH code recently, this would prevent OpenSSH from
building on (e.g.) FreeBSD 3.2. Adding it to ssh/lib/ makes it work
yet again :)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add "ignorelogin" login.conf functionality to sshd.
The biggest change: new port functionality. Making "fetchsrctarball"
will soon work for those of you who cannot use CVS to get OpenSSH.
Mark Murray, the savior he is :), will use "make makesrctarball" and
put the snapshots of OpenSSH source in the proper place.
The current ${MASTER_SITES} is just a guess at where the snapshot
files could be hosted; something definite should be worked out very
soon.
|
| |
|
|
| |
Submitted by: peter
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Move sshd.sh to files and ${INSTALL_SCRIPT}/${PERL} -pi it.
Clean up the Makefile's style a bit (MNF anyone? :)
Add WWW: to pkg/DESCR.
Change MASTER_SITES back to CVS_SITES to avoid problems with
MASTER_SITE_OVERRIDE.
Parts submitted by: Christian Weisgerber <naddy@mips.rhein-neckar.de>, Robert Muir <rmuir@gibralter.net>
|
| |
|
|
|
|
| |
is now done in post-patch.
Submitted by: Anton Berezin <tobez@plab.ku.dk>, Christian Weisgerber <naddy@unix-ag.uni-kl.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update to to the current time for OpenSSH. The notable commit given to me
for this new date is:
(provos@cvs.openbsd.org)
usr.bin/ssh : hostfile.c
in known_hosts key lookup the entry for the bits does not need to match, all
the information is contained in n and e. This solves the problem with buggy
servers announcing the wrong modulus length. markus and me.
|
| |
|
|
| |
nonexistant). Also, add the Makefile hooks for AFS, Kerberos, and S/Key.
|
