| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adjust notification points slightly to catch all auth failures, rather
than just the ones caused by bad usernames. Modify notification point
for bad usernames to send new type of BLACKLIST_BAD_USER. (Support in
libblacklist will be forthcoming soon.) Add guards to allow library
headers to expose the enum of action values.
Reviewed by: des
Relnotes: yes
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only notify blacklistd for successful logins in auth.c
Before this change, every pass through auth.c resulted in a
call to blacklist_notify().
In a normal remote login, there would be a failed login flagged for
the printing of the "xxx login:" prompt, before the remote user
could enter a password.
If the user successfully entered a good password, then a good login
would be flagged, and everything would be OK.
If the user entered an incorrect password, there would be another
failed login flagged in auth1.c (or auth2.c) for the actual bad
password attempt. Finally, when sshd got around to issuing the
second "xxx login:" prompt, there would be yet another failed login
notice sent to blacklistd.
So, if there was a 3 bad logins limit set (the default), the system
would actually block the address after the first bad password attempt.
Reported by: Rick Adams
Reviewed by: des
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.
Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().
Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.
Approved by: des
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
| |
This change has functional impact, and other concerns raised
by the OpenSSH maintainer.
Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
| |
Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915
|
| | |
|
| | |
|
| |\ |
|
| |\ \
| |/ |
|
| |\ \
| |/
| |
| |
| |
| | |
upstream) and a number of security fixes which we had already backported.
MFC after: 1 week
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
$FreeBSD$ tags and man page dates.
Add a post-merge script which reapplies these changes.
Run both scripts to normalize the existing code base. As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.
Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.
|
| |\ \
| |/
| |
| | |
Approved by: re (gjb)
|
| |\ \
| |/
| |
| | |
for a key revocation list and more fine-grained authentication control.
|
| | | |
|
| |\ \
| |/
| |
| | |
MFC after: 3 months
|
| |\ \
| |/ |
|
| |\ \
| |/ |
|
| |\ \
| |/
| |
| | |
MFC after: 1 month
|
| |\ \
| |/
| |
| | |
MFC after: 3 months
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Happy birthday to: rwatson
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Obtained from: OpenBSD
|
| | | |
|
| | |
| |
| |
| | |
MFC after: 1 week
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Sponsored by: registrar.no
|
