Age | Commit message (Expand) | Author |
2014-03-27 | disable weak proposals in sshd, but keep them in ssh; ok djm@ | Markus Friedl |
2014-03-26 | remove libwrap support. ok deraadt djm mfriedl | Ted Unangst |
2014-02-26 | ssh_gssapi_prepare_supported_oids needs GSSAPI | Markus Friedl |
2014-02-26 | bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep | Damien Miller |
2014-02-02 | convert memset of potentially-private data to explicit_bzero() | Damien Miller |
2014-01-31 | replace most bzero with explicit_bzero, except a few that cna be memset | Ted Unangst |
2014-01-29 | use kill(0, ...) instead of killpg(0, ...); on most operating systems | Damien Miller |
2014-01-27 | replace openssl MD5 with our ssh_digest_*; ok djm@ | Markus Friedl |
2014-01-09 | ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient, | Damien Miller |
2013-12-30 | refuse RSA keys from old proprietary clients/servers that use the | Damien Miller |
2013-12-06 | support ed25519 keys (hostkeys and user identities) using the public domain | Markus Friedl |
2013-11-20 | delay closure of in/out fds until after "Bad protocol version | Damien Miller |
2013-11-02 | use curve25519 for default key exchange (curve25519-sha256@libssh.org); | Markus Friedl |
2013-10-23 | include local address and port in "Connection from ..." message (only | Damien Miller |
2013-10-17 | include remote port in bad banner message; bz#2162 | Damien Miller |
2013-10-10 | bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly | Damien Miller |
2013-09-02 | All the instances of arc4random_stir() are bogus, since arc4random() | Theo de Raadt |
2013-08-22 | Stir PRNG after post-accept fork. The child gets a different PRNG state | Damien Miller |
2013-07-19 | add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, | Markus Friedl |
2013-06-05 | When running sshd -D, close stderr unless we have explicitly requesting | Darren Tucker |
2013-05-17 | bye, bye xfree(); ok markus@ | Damien Miller |
2013-05-16 | Fix some "unused result" warnings found via clang and -portable. ok markus@ | Darren Tucker |
2013-05-16 | Add RekeyLimit to sshd with the same syntax as the client allowing rekeying | Darren Tucker |
2013-04-07 | Add -E option to ssh and sshd to append debugging logs to a specified file | Darren Tucker |
2013-04-06 | handle ECONNABORTED for accept(); ok deraadt some time ago... | Markus Friedl |
2013-02-11 | Add openssl version to debug output similar to the client. ok markus@ | Darren Tucker |
2012-11-04 | Support multiple required authentication via an AuthenticationMethods | Damien Miller |
2012-11-04 | Remove default of AuthorizedCommandUser. Administrators are now expected | Damien Miller |
2012-10-30 | new sshd_config option AuthorizedKeysCommand to support fetching | Damien Miller |
2012-07-10 | Turn on systrace sandboxing of pre-auth sshd by default for new installs | Damien Miller |
2012-06-30 | fix a during the load of the sandbox policies (child can still make | Markus Friedl |
2012-05-13 | Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests | Darren Tucker |
2012-04-12 | VersionAddendum option to allow server operators to append some arbitrary | Damien Miller |
2012-04-11 | don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a | Damien Miller |
2011-09-30 | fix inverted test that caused logspam; spotted by henning@ | Damien Miller |
2011-09-30 | don't attempt privsep cleanup when not using privsep; ok markus@ | Darren Tucker |
2011-09-09 | kill the preauth privsep child on fatal errors in the monitor; | Damien Miller |
2011-06-23 | rename sandbox.h => ssh-sandbox.h to make things easier for portable | Damien Miller |
2011-06-22 | introduce sandboxing of the pre-auth privsep child using systrace(4). | Damien Miller |
2011-06-17 | make the pre-auth privsep slave log via a socketpair shared with the | Damien Miller |
2011-04-12 | exit with 0 status on SIGTERM; bz#1879 | Damien Miller |
2011-01-11 | some unsigned long long casts that make things a bit easier for | Damien Miller |
2010-09-22 | add a KexAlgorithms knob to the client and server configuration to allow | Damien Miller |
2010-08-31 | reintroduce commit from tedu@, which I pulled out for release engineering: | Damien Miller |
2010-08-31 | Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and | Damien Miller |
2010-08-16 | backout previous temporarily; discussed with deraadt@ | Damien Miller |
2010-08-12 | OpenSSL_add_all_algorithms is the name of the function we have a man page | Ted Unangst |
2010-04-16 | revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the | Damien Miller |
2010-03-07 | Hold authentication debug messages until after successful authentication. | Darren Tucker |
2010-02-26 | Add support for certificate key types for users and hosts. | Damien Miller |