Age | Commit message (Expand) | Author |
2012-11-04 | Remove default of AuthorizedCommandUser. Administrators are now expected | Damien Miller |
2012-10-30 | new sshd_config option AuthorizedKeysCommand to support fetching | Damien Miller |
2012-07-10 | Turn on systrace sandboxing of pre-auth sshd by default for new installs | Damien Miller |
2012-06-30 | fix a during the load of the sandbox policies (child can still make | Markus Friedl |
2012-05-13 | Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests | Darren Tucker |
2012-04-12 | VersionAddendum option to allow server operators to append some arbitrary | Damien Miller |
2012-04-11 | don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a | Damien Miller |
2011-09-30 | fix inverted test that caused logspam; spotted by henning@ | Damien Miller |
2011-09-30 | don't attempt privsep cleanup when not using privsep; ok markus@ | Darren Tucker |
2011-09-09 | kill the preauth privsep child on fatal errors in the monitor; | Damien Miller |
2011-06-23 | rename sandbox.h => ssh-sandbox.h to make things easier for portable | Damien Miller |
2011-06-22 | introduce sandboxing of the pre-auth privsep child using systrace(4). | Damien Miller |
2011-06-17 | make the pre-auth privsep slave log via a socketpair shared with the | Damien Miller |
2011-04-12 | exit with 0 status on SIGTERM; bz#1879 | Damien Miller |
2011-01-11 | some unsigned long long casts that make things a bit easier for | Damien Miller |
2010-09-22 | add a KexAlgorithms knob to the client and server configuration to allow | Damien Miller |
2010-08-31 | reintroduce commit from tedu@, which I pulled out for release engineering: | Damien Miller |
2010-08-31 | Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and | Damien Miller |
2010-08-16 | backout previous temporarily; discussed with deraadt@ | Damien Miller |
2010-08-12 | OpenSSL_add_all_algorithms is the name of the function we have a man page | Ted Unangst |
2010-04-16 | revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the | Damien Miller |
2010-03-07 | Hold authentication debug messages until after successful authentication. | Darren Tucker |
2010-02-26 | Add support for certificate key types for users and hosts. | Damien Miller |
2010-01-29 | set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com | Damien Miller |
2010-01-13 | avoid run-time failures when specifying hostkeys via a relative | Damien Miller |
2010-01-09 | Remove RoutingDomain from ssh since it's now not needed. It can be replaced | Darren Tucker |
2010-01-09 | Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs | Darren Tucker |
2009-10-28 | Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. | Reyk Floeter |
2009-05-28 | Keep track of number of bytes read and written. Needed for upcoming | Andreas Gunnarsson |
2009-01-22 | make a2port() return -1 when it encounters an invalid port number | Damien Miller |
2008-10-30 | don't need to #include "monitor_fdpass.h" | Kevin Steves |
2008-07-10 | sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@ | Markus Friedl |
2008-07-01 | Send CR LF during protocol banner exchanges, but only for Protocol 2 only, | Darren Tucker |
2008-06-14 | ensure default umask disallows at least group and world write; ok djm@ | Darren Tucker |
2008-06-14 | wrap long line at 80 chars | Darren Tucker |
2008-06-12 | Make keepalive timeouts apply while waiting for a packet, particularly during | Darren Tucker |
2008-06-10 | - update usage() | Jason McIntyre |
2008-06-10 | Add extended test mode (-T) and connection parameters for test mode (-C). | Darren Tucker |
2008-05-08 | Implement a channel success/failure status confirmation callback | Damien Miller |
2008-04-13 | Use arc4random_buf() when requesting more than a single word of output | Damien Miller |
2008-02-14 | When started in configuration test mode (-t) do not check that sshd is | Marc Balmer |
2008-02-13 | rekey arc4random and OpenSSL RNG in postauth child | Damien Miller |
2007-12-31 | When in inetd mode, have sshd generate a Protocol 1 ephemeral server | Darren Tucker |
2007-12-27 | Add a small helper function to consistently handle the EAI_SYSTEM error | Darren Tucker |
2007-05-22 | zap double include; from p_nowaczyk AT o2.pl | Damien Miller |
2007-03-09 | Move C/R -> kbdint special case to after the defaults have been | Darren Tucker |
2007-02-21 | Clear alarm() before restarting sshd on SIGHUP. Without this, if there's | Darren Tucker |
2006-11-06 | add missing checks for openssl return codes; with & ok djm@ | Markus Friedl |
2006-08-18 | delay authentication related cleanups until we're authenticated and | Markus Friedl |
2006-08-18 | make signal handler termination path shorter; risky code pointed out by | Theo de Raadt |