summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/sshd
AgeCommit message (Collapse)Author
2004-08-23Use permanently_set_uid() in ssh and ssh-keysign for consistency, matchesDarren Tucker
change in Portable; ok markus@
2004-06-13implement session multiplexing in the client (the server has supported thisDamien Miller
since 2.0); ok markus@
2003-12-23implement KerberosGetAFSToken server option. ok markus@, beck@Jakob Schlyter
2003-08-24re-organize Makefiles so that static builds actually workTheo de Raadt
2003-08-22nuke "kerberos-2@ssh.com"Markus Friedl
2003-08-22support GSS API user authentication; patches from Simon Wilkinson,Markus Friedl
stripped down and tested by Jakob and myself.
2003-07-16some minor DPADD changesTheo de Raadt
2003-07-15stop using libcom_err, it is built into krb5Theo de Raadt
2003-05-17Don't link with unneeded kerberos librariesHans Insulander
2003-05-14implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@Markus Friedl
server interops with commercial client; ok jakob@ djm@
2003-04-10unbreak linking on elf - stupid kerberosPeter Valchev
2003-04-09Disable Kerberos 4 support.Hans Insulander
ok markus@
2003-02-21move server only kex and monitor code to sshd.Markus Friedl
2002-06-20move configuration file options from ssh.1/sshd.8 toKevin Steves
ssh_config.5/sshd_config.5; ok deraadt@ millert@
2002-06-11no longer use uidswap.[ch] from the ssh clientMarkus Friedl
run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@
2002-05-25split auth2.c into one file per method; ok provos@/deraadt@Markus Friedl
2002-05-11Add missing libraries to bsd.prog.mk (mostly kerberosV)Marc Espie
Use them in DPADD throughout the tree. Fix a few mispells (LIBMATH -> LIBM...) Wipe obsolete lib (LIBRESOLV) Sort added missing libraries, move obsolete stuff apart. Synch documentation in bsd.README ok deraadt@
2002-03-18integrate privilege separated openssh; its turned off by default for now.Niels Provos
work done by me and markus@
2002-03-05and -ldes here tooTheo de Raadt
2001-10-07BSD_AUTH supersedes SKEY, so SKEY is commented out.Markus Friedl
2001-09-10link k5 before k4 (new binutils is more picky than old ld)Jason Wright
2001-06-28Link with libcom_err for kerberos5Hans Insulander
2001-06-26only build Kerberos v5 support with KERBEROS5=yesDug Song
2001-06-26Kerberos v5 support for SSH1, mostly from Assar Westerlund ↵Dug Song
<assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-05-29build in support for BSD authenticationTodd C. Miller
2001-05-18improved kbd-interactive support. work by per@appgate.com and meMarkus Friedl
2001-03-29prepare for rekeying: move DH code to dh.cMarkus Friedl
2001-03-04Rename pty.[ch] -> sshpty.[ch] and login.[ch] to sshlogin.[ch] to avoidDamien Miller
header conflicts in portable; ok markus@
2001-03-03log*.c -> log.cMarkus Friedl
2001-01-29$OpenBSD$Niklas Hallqvist
2001-01-18rename *-skey.c *-chall.c since the files are not skey specificMarkus Friedl
2001-01-181) removes fake skey from sshd, since this will be muchMarkus Friedl
harder with /usr/libexec/auth/login_XXX 2) share/unify code used in ssh-1 and ssh-2 authentication (server side) 3) make addition of BSD_AUTH and other challenge reponse methods easier.
2001-01-13support supplementary group in {Allow,Deny}GroupsMarkus Friedl
from stevesk@pobox.com
2000-10-11add support for s/key (kbd-interactive) to ssh2, based on work by ↵Markus Friedl
mkiernan@avantgo.com and me
2000-10-11First rough implementation of the diffie-hellman group exchange. TheNiels Provos
client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company.
2000-09-03Boring... Add :L modifier to all tweakable variables tests.Marc Espie
Closes PR 1246
2000-08-20Add calls to setusercontext() and login_get*(). We basically callTodd C. Miller
setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
2000-06-18split auth-rsa option parsing into auth-optionsMarkus Friedl
add options support to authorized_keys2
2000-04-26syncMarkus Friedl
2000-03-28split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removalMarkus Friedl
2000-03-14support DESTDIR include fetching; dmTheo de Raadt
2000-03-01order kerberos librariesTheo de Raadt
1999-12-06atomicio() via libTheo de Raadt
1999-12-06move atomicio into it's own file. wrap all socket write()s which were doingTheo de Raadt
write(sock, buf, len) != len, with atomicio() calls.
1999-10-25move common files to ./lib and link libssh.a, tested with and w/o objMarkus Friedl
1999-10-16support for SSH protocol 1.5 which is poorly documented, the RFC.troff lies.Markus Friedl
interops (x11,agent,etc) with 1.2.27 and protocol 1.3
1999-10-07add skey to sshd:Markus Friedl
1) pass *pw to auth_password() not user_name, do_authentication already keeps private copy of struct passwd for current user. 2) limit authentication attemps to 5, otherwise ssh -o 'NumberOfPasswordPrompts 100000' host lets you enter 100000 passwds 3) make s/key a run-time option in /etc/sshd_config 4) generate fake skeys, for s/key for nonexisting users, too limit auth-tries for nonexisting users, too. Note that % ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host has NO limits in ssh-1.2.27
1999-10-06scp should not link against kerberos stuffTheo de Raadt
1999-10-05crc32 compensation attack fix from CORE-SDI. "it's not crypto..." -- deraadt@Dug Song
1999-10-04more shrinkingTheo de Raadt
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-15 21:00:07 +0000