summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/sshd.c
AgeCommit message (Expand)Author
2014-03-27disable weak proposals in sshd, but keep them in ssh; ok djm@Markus Friedl
2014-03-26remove libwrap support. ok deraadt djm mfriedlTed Unangst
2014-02-26ssh_gssapi_prepare_supported_oids needs GSSAPIMarkus Friedl
2014-02-26bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsepDamien Miller
2014-02-02convert memset of potentially-private data to explicit_bzero()Damien Miller
2014-01-31replace most bzero with explicit_bzero, except a few that cna be memsetTed Unangst
2014-01-29use kill(0, ...) instead of killpg(0, ...); on most operating systemsDamien Miller
2014-01-27replace openssl MD5 with our ssh_digest_*; ok djm@Markus Friedl
2014-01-09ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,Damien Miller
2013-12-30refuse RSA keys from old proprietary clients/servers that use theDamien Miller
2013-12-06support ed25519 keys (hostkeys and user identities) using the public domainMarkus Friedl
2013-11-20delay closure of in/out fds until after "Bad protocol versionDamien Miller
2013-11-02use curve25519 for default key exchange (curve25519-sha256@libssh.org);Markus Friedl
2013-10-23include local address and port in "Connection from ..." message (onlyDamien Miller
2013-10-17include remote port in bad banner message; bz#2162Damien Miller
2013-10-10bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctlyDamien Miller
2013-09-02All the instances of arc4random_stir() are bogus, since arc4random()Theo de Raadt
2013-08-22Stir PRNG after post-accept fork. The child gets a different PRNG stateDamien Miller
2013-07-19add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,Markus Friedl
2013-06-05When running sshd -D, close stderr unless we have explicitly requestingDarren Tucker
2013-05-17bye, bye xfree(); ok markus@Damien Miller
2013-05-16Fix some "unused result" warnings found via clang and -portable. ok markus@Darren Tucker
2013-05-16Add RekeyLimit to sshd with the same syntax as the client allowing rekeyingDarren Tucker
2013-04-07Add -E option to ssh and sshd to append debugging logs to a specified fileDarren Tucker
2013-04-06handle ECONNABORTED for accept(); ok deraadt some time ago...Markus Friedl
2013-02-11Add openssl version to debug output similar to the client. ok markus@Darren Tucker
2012-11-04Support multiple required authentication via an AuthenticationMethodsDamien Miller
2012-11-04Remove default of AuthorizedCommandUser. Administrators are now expectedDamien Miller
2012-10-30new sshd_config option AuthorizedKeysCommand to support fetchingDamien Miller
2012-07-10Turn on systrace sandboxing of pre-auth sshd by default for new installsDamien Miller
2012-06-30fix a during the load of the sandbox policies (child can still makeMarkus Friedl
2012-05-13Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust testsDarren Tucker
2012-04-12VersionAddendum option to allow server operators to append some arbitraryDamien Miller
2012-04-11don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for aDamien Miller
2011-09-30fix inverted test that caused logspam; spotted by henning@Damien Miller
2011-09-30don't attempt privsep cleanup when not using privsep; ok markus@Darren Tucker
2011-09-09kill the preauth privsep child on fatal errors in the monitor;Damien Miller
2011-06-23rename sandbox.h => ssh-sandbox.h to make things easier for portableDamien Miller
2011-06-22introduce sandboxing of the pre-auth privsep child using systrace(4).Damien Miller
2011-06-17make the pre-auth privsep slave log via a socketpair shared with theDamien Miller
2011-04-12exit with 0 status on SIGTERM; bz#1879Damien Miller
2011-01-11some unsigned long long casts that make things a bit easier forDamien Miller
2010-09-22add a KexAlgorithms knob to the client and server configuration to allowDamien Miller
2010-08-31reintroduce commit from tedu@, which I pulled out for release engineering:Damien Miller
2010-08-31Implement Elliptic Curve Cryptography modes for key exchange (ECDH) andDamien Miller
2010-08-16backout previous temporarily; discussed with deraadt@Damien Miller
2010-08-12OpenSSL_add_all_algorithms is the name of the function we have a man pageTed Unangst
2010-04-16revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with theDamien Miller
2010-03-07Hold authentication debug messages until after successful authentication.Darren Tucker
2010-02-26Add support for certificate key types for users and hosts.Damien Miller