summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/sshd.c
AgeCommit message (Expand)Author
2012-11-04Remove default of AuthorizedCommandUser. Administrators are now expectedDamien Miller
2012-10-30new sshd_config option AuthorizedKeysCommand to support fetchingDamien Miller
2012-07-10Turn on systrace sandboxing of pre-auth sshd by default for new installsDamien Miller
2012-06-30fix a during the load of the sandbox policies (child can still makeMarkus Friedl
2012-05-13Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust testsDarren Tucker
2012-04-12VersionAddendum option to allow server operators to append some arbitraryDamien Miller
2012-04-11don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for aDamien Miller
2011-09-30fix inverted test that caused logspam; spotted by henning@Damien Miller
2011-09-30don't attempt privsep cleanup when not using privsep; ok markus@Darren Tucker
2011-09-09kill the preauth privsep child on fatal errors in the monitor;Damien Miller
2011-06-23rename sandbox.h => ssh-sandbox.h to make things easier for portableDamien Miller
2011-06-22introduce sandboxing of the pre-auth privsep child using systrace(4).Damien Miller
2011-06-17make the pre-auth privsep slave log via a socketpair shared with theDamien Miller
2011-04-12exit with 0 status on SIGTERM; bz#1879Damien Miller
2011-01-11some unsigned long long casts that make things a bit easier forDamien Miller
2010-09-22add a KexAlgorithms knob to the client and server configuration to allowDamien Miller
2010-08-31reintroduce commit from tedu@, which I pulled out for release engineering:Damien Miller
2010-08-31Implement Elliptic Curve Cryptography modes for key exchange (ECDH) andDamien Miller
2010-08-16backout previous temporarily; discussed with deraadt@Damien Miller
2010-08-12OpenSSL_add_all_algorithms is the name of the function we have a man pageTed Unangst
2010-04-16revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with theDamien Miller
2010-03-07Hold authentication debug messages until after successful authentication.Darren Tucker
2010-02-26Add support for certificate key types for users and hosts.Damien Miller
2010-01-29set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.comDamien Miller
2010-01-13avoid run-time failures when specifying hostkeys via a relativeDamien Miller
2010-01-09Remove RoutingDomain from ssh since it's now not needed. It can be replacedDarren Tucker
2010-01-09Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execsDarren Tucker
2009-10-28Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.Reyk Floeter
2009-05-28Keep track of number of bytes read and written. Needed for upcomingAndreas Gunnarsson
2009-01-22make a2port() return -1 when it encounters an invalid port numberDamien Miller
2008-10-30don't need to #include "monitor_fdpass.h"Kevin Steves
2008-07-10sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@Markus Friedl
2008-07-01Send CR LF during protocol banner exchanges, but only for Protocol 2 only,Darren Tucker
2008-06-14ensure default umask disallows at least group and world write; ok djm@Darren Tucker
2008-06-14wrap long line at 80 charsDarren Tucker
2008-06-12Make keepalive timeouts apply while waiting for a packet, particularly duringDarren Tucker
2008-06-10- update usage()Jason McIntyre
2008-06-10Add extended test mode (-T) and connection parameters for test mode (-C).Darren Tucker
2008-05-08Implement a channel success/failure status confirmation callbackDamien Miller
2008-04-13Use arc4random_buf() when requesting more than a single word of outputDamien Miller
2008-02-14When started in configuration test mode (-t) do not check that sshd isMarc Balmer
2008-02-13rekey arc4random and OpenSSL RNG in postauth childDamien Miller
2007-12-31When in inetd mode, have sshd generate a Protocol 1 ephemeral serverDarren Tucker
2007-12-27Add a small helper function to consistently handle the EAI_SYSTEM errorDarren Tucker
2007-05-22zap double include; from p_nowaczyk AT o2.plDamien Miller
2007-03-09Move C/R -> kbdint special case to after the defaults have beenDarren Tucker
2007-02-21Clear alarm() before restarting sshd on SIGHUP. Without this, if there'sDarren Tucker
2006-11-06add missing checks for openssl return codes; with & ok djm@Markus Friedl
2006-08-18delay authentication related cleanups until we're authenticated andMarkus Friedl
2006-08-18make signal handler termination path shorter; risky code pointed out byTheo de Raadt