| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2014-07-15 | Add support for Unix domain socket forwarding. A remote TCP port | Todd C. Miller | |
| may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@ | |||
| 2014-06-24 | New key API: refactor key-related functions to be more library-like, | Damien Miller | |
| existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. | |||
| 2014-04-29 | make compiling against OpenSSL optional (make OPENSSL=no); | Markus Friedl | |
| reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm | |||
| 2014-04-19 | Delete futile calls to RAND_seed. ok djm | Ted Unangst | |
| 2014-04-18 | OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections | Damien Miller | |
| using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. reported by Aris Adamantiadis; ok markus@ | |||
| 2014-04-12 | avoid crash at exit: check that pmonitor!=NULL before dereferencing; | Damien Miller | |
| bz#2225, patch from kavi AT juniper.net | |||
| 2014-03-27 | disable weak proposals in sshd, but keep them in ssh; ok djm@ | Markus Friedl | |
| 2014-03-26 | remove libwrap support. ok deraadt djm mfriedl | Ted Unangst | |
| 2014-02-26 | ssh_gssapi_prepare_supported_oids needs GSSAPI | Markus Friedl | |
| 2014-02-26 | bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep | Damien Miller | |
| sandboxing, as running this code in the sandbox can cause violations; ok markus@ | |||
| 2014-02-02 | convert memset of potentially-private data to explicit_bzero() | Damien Miller | |
| 2014-01-31 | replace most bzero with explicit_bzero, except a few that cna be memset | Ted Unangst | |
| ok djm dtucker | |||
| 2014-01-29 | use kill(0, ...) instead of killpg(0, ...); on most operating systems | Damien Miller | |
| they are equivalent, but SUSv2 describes the latter as having undefined behaviour; from portable; ok dtucker | |||
| 2014-01-27 | replace openssl MD5 with our ssh_digest_*; ok djm@ | Markus Friedl | |
| 2014-01-09 | ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient, | Damien Miller | |
| deranged and might make some attacks on KEX easier; ok markus@ | |||
| 2013-12-30 | refuse RSA keys from old proprietary clients/servers that use the | Damien Miller | |
| obsolete RSA+MD5 signature scheme. it will still be possible to connect with these clients/servers but only DSA keys will be accepted, and we'll deprecate them entirely in a future release. ok markus@ | |||
| 2013-12-06 | support ed25519 keys (hostkeys and user identities) using the public domain | Markus Friedl | |
| ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@ | |||
| 2013-11-20 | delay closure of in/out fds until after "Bad protocol version | Damien Miller | |
| identification..." message, as get_remote_ipaddr/get_remote_port require them open. | |||
| 2013-11-02 | use curve25519 for default key exchange (curve25519-sha256@libssh.org); | Markus Friedl | |
| initial patch from Aris Adamantiadis; ok djm@ | |||
| 2013-10-23 | include local address and port in "Connection from ..." message (only | Damien Miller | |
| shown at loglevel>=verbose) | |||
| 2013-10-17 | include remote port in bad banner message; bz#2162 | Damien Miller | |
| 2013-10-10 | bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly | Damien Miller | |
| updated; ok dtucker@ | |||
| 2013-09-02 | All the instances of arc4random_stir() are bogus, since arc4random() | Theo de Raadt | |
| does this itself, inside itself, and has for a very long time.. Actually, this was probably reducing the entropy available. ok djm | |||
| 2013-08-22 | Stir PRNG after post-accept fork. The child gets a different PRNG state | Damien Miller | |
| anyway via rexec and explicit privsep reseeds, but it's good to be sure. ok markus@ | |||
| 2013-07-19 | add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, | Markus Friedl | |
| or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974 ok djm@ | |||
| 2013-06-05 | When running sshd -D, close stderr unless we have explicitly requesting | Darren Tucker | |
| logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch so, err, ok dtucker. | |||
| 2013-05-17 | bye, bye xfree(); ok markus@ | Damien Miller | |
| 2013-05-16 | Fix some "unused result" warnings found via clang and -portable. ok markus@ | Darren Tucker | |
| 2013-05-16 | Add RekeyLimit to sshd with the same syntax as the client allowing rekeying | Darren Tucker | |
| based on traffic volume or time. ok djm@, help & ok jmc@ for the man page. | |||
| 2013-04-07 | Add -E option to ssh and sshd to append debugging logs to a specified file | Darren Tucker | |
| instead of stderr or syslog. ok markus@, man page help jmc@ | |||
| 2013-04-06 | handle ECONNABORTED for accept(); ok deraadt some time ago... | Markus Friedl | |
| 2013-02-11 | Add openssl version to debug output similar to the client. ok markus@ | Darren Tucker | |
| 2012-11-04 | Support multiple required authentication via an AuthenticationMethods | Damien Miller | |
| option. This option lists one or more comma-separated lists of authentication method names. Successful completion of all the methods in any list is required for authentication to complete; feedback and ok markus@ | |||
| 2012-11-04 | Remove default of AuthorizedCommandUser. Administrators are now expected | Damien Miller | |
| to explicitly specify a user. feedback and ok markus@ | |||
| 2012-10-30 | new sshd_config option AuthorizedKeysCommand to support fetching | Damien Miller | |
| authorized_keys from a command in addition to (or instead of) from the filesystem. The command is run as the target server user unless another specified via a new AuthorizedKeysCommandUser option. patch originally by jchadima AT redhat.com, reworked by me; feedback and ok markus@ | |||
| 2012-07-10 | Turn on systrace sandboxing of pre-auth sshd by default for new installs | Damien Miller | |
| by shipping a config that overrides the current UsePrivilegeSeparation=yes default. Make it easier to flip the default in the future by adding too. prodded markus@ feedback dtucker@ "get it in" deraadt@ | |||
| 2012-06-30 | fix a during the load of the sandbox policies (child can still make | Markus Friedl | |
| the read-syscall and wait forever for systrace-answers) by replacing the read/write synchronisation with SIGSTOP/SIGCONT; report and help hshoexer@; ok djm@, dtucker@ | |||
| 2012-05-13 | Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests | Darren Tucker | |
| to match. Feedback and ok djm@ markus@. | |||
| 2012-04-12 | VersionAddendum option to allow server operators to append some arbitrary | Damien Miller | |
| text to the SSH-... banner; ok deraadt@ "don't care" markus@ | |||
| 2012-04-11 | don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a | Damien Miller | |
| while; ok deraadt@ markus@ | |||
| 2011-09-30 | fix inverted test that caused logspam; spotted by henning@ | Damien Miller | |
| 2011-09-30 | don't attempt privsep cleanup when not using privsep; ok markus@ | Darren Tucker | |
| 2011-09-09 | kill the preauth privsep child on fatal errors in the monitor; | Damien Miller | |
| ok markus@ | |||
| 2011-06-23 | rename sandbox.h => ssh-sandbox.h to make things easier for portable | Damien Miller | |
| 2011-06-22 | introduce sandboxing of the pre-auth privsep child using systrace(4). | Damien Miller | |
| This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@ | |||
| 2011-06-17 | make the pre-auth privsep slave log via a socketpair shared with the | Damien Miller | |
| monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ | |||
| 2011-04-12 | exit with 0 status on SIGTERM; bz#1879 | Damien Miller | |
| 2011-01-11 | some unsigned long long casts that make things a bit easier for | Damien Miller | |
| portable without resorting to dropping PRIu64 formats everywhere | |||
| 2010-09-22 | add a KexAlgorithms knob to the client and server configuration to allow | Damien Miller | |
| selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@ | |||
| 2010-08-31 | reintroduce commit from tedu@, which I pulled out for release engineering: | Damien Miller | |
| OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |