Age | Commit message (Collapse) | Author | |
---|---|---|---|
2008-02-11 | bump Mdocdate for pages committed in "febuary", necessary because | Jason McIntyre | |
of a typo in rcs.c; | |||
2008-02-10 | mantion that "internal-sftp" is useful with ForceCommand too | Damien Miller | |
2008-02-09 | missing `)'; | Jason McIntyre | |
2008-02-08 | add sshd_config ChrootDirectory option to chroot(2) users to a directory and | Damien Miller | |
tweak internal sftp server to work with it (no special files in chroot required). ok markus@ | |||
2008-01-01 | Allow PermitRootLogin in a Match block. Allows for, eg, permitting root | Darren Tucker | |
only from the local network. ok markus@, man page bit ok jmc@ | |||
2007-08-23 | Support "Banner=none" to disable displaying of the pre-login banner; | Damien Miller | |
ok dtucker@ deraadt@ | |||
2007-06-08 | oops, here too: put the MAC list into a display, like we do for | Jason McIntyre | |
ciphers, since groff has trouble with wide lines; | |||
2007-06-07 | Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must | Peter Valchev | |
specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@ | |||
2007-05-31 | convert to new .Dd format; | Jason McIntyre | |
2007-03-01 | sort the `match' keywords; | Jason McIntyre | |
2007-03-01 | Remove ChallengeResponseAuthentication support inside a Match | Darren Tucker | |
block as its interaction with KbdInteractive makes it difficult to support. Also, relocate the CR/kbdint option special-case code into servconf. "please commit" djm@, ok markus@ for the relocation. | |||
2007-02-19 | Teach Match how handle config directives that are used before authentication. | Darren Tucker | |
This allows configurations such as permitting password authentication from the local net only while requiring pubkey from offsite. ok djm@, man page bits ok jmc@ | |||
2007-01-02 | do not use lists for SYNOPSIS; | Jason McIntyre | |
from eric s. raymond via brad | |||
2006-08-21 | Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, ok jmc@ djm@ | Darren Tucker | |
2006-08-14 | Add ability to match groups to Match keyword in sshd_config. Feedback djm@, | Darren Tucker | |
stevesk@, ok stevesk@. | |||
2006-07-21 | Make PermitOpen take a list of permitted ports and act more like most other | Darren Tucker | |
keywords (ie the first match is the effective setting). This also makes it easier to override a previously set PermitOpen. ok djm@ | |||
2006-07-19 | Add ForceCommand keyword to sshd_config, equivalent to the "command=" | Darren Tucker | |
key option, man page entry and example in sshd_config. Feedback & ok djm@, man page corrections & ok jmc@ | |||
2006-07-19 | Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to | Darren Tucker | |
Match. ok djm@ | |||
2006-07-18 | Clarify description of Match, with minor correction from jmc@ | Darren Tucker | |
2006-07-18 | mark up angle brackets; | Jason McIntyre | |
2006-07-18 | tweak; ok dtucker | Jason McIntyre | |
2006-07-17 | Add PermitOpen directive to sshd_config which is equivalent to the | Darren Tucker | |
"permitopen" key option. Allows server admin to allow TCP port forwarding only two specific host/port pairs. Useful when combined with Match. If permitopen is used in both sshd_config and a key option, both must allow a given connection before it will be permitted. Note that users can still use external forwarders such as netcat, so to be those must be controlled too for the limits to be effective. Feedback & ok djm@, man page corrections & ok jmc@. | |||
2006-07-12 | - new sentence, new line | Jason McIntyre | |
- s/The the/The/ - kill a bad comma | |||
2006-07-12 | Add support for conditional directives to sshd_config via a "Match" keyword, | Darren Tucker | |
which works similarly to the "Host" directive in ssh_config. Lines after a Match line override the default set in the main section if the condition on the Match line is true, eg AllowTcpForwarding yes Match User anoncvs AllowTcpForwarding no will allow port forwarding by all users except "anoncvs". Currently only a very small subset of directives are supported. ok djm@ | |||
2006-07-06 | support arguments to Subsystem commands; ok markus@ | Damien Miller | |
2006-07-02 | more details and clarity for tun(4) device forwarding; ok and help | Kevin Steves | |
jmc@ | |||
2006-03-14 | *AliveCountMax applies to protcol v2 only; ok dtucker, djm | Markus Friedl | |
2006-03-13 | Allow config directives to contain whitespace by surrounding them by double | Darren Tucker | |
quotes. mindrot #482, man page help from jmc@, ok djm@ | |||
2006-02-26 | subsection is pointless here; | Jason McIntyre | |
2006-02-25 | document the order in which allow/deny directives are processed; | Jason McIntyre | |
help/ok dtucker | |||
2006-02-24 | oops - bits i missed; | Jason McIntyre | |
2006-02-24 | some grammar/wording fixes; | Jason McIntyre | |
2006-02-24 | more consistency fixes; | Jason McIntyre | |
2006-02-24 | some consistency fixes; | Jason McIntyre | |
2006-02-24 | signpost to PATTERNS; | Jason McIntyre | |
2006-01-02 | some corrections from michael knudsen; | Jason McIntyre | |
2005-12-08 | two changes to the new ssh tunnel support. this breaks compatibility | Reyk Floeter | |
with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@ | |||
2005-12-06 | Add support for tun(4) forwarding over OpenSSH, based on an idea and | Reyk Floeter | |
initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others | |||
2005-09-21 | aquire -> acquire, from stevesk@ | Damien Miller | |
2005-07-25 | add a new compression method that delays compression until the user | Markus Friedl | |
has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@ | |||
2005-05-23 | add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; | Damien Miller | |
ok markus@ | |||
2005-05-19 | sort config options, from grunk AT pestilenz.org; ok jmc@ | Damien Miller | |
2005-04-21 | OpenSSH doesn't ever look at the $HOME environment variable, so don't say | Damien Miller | |
that we do (bz #623); ok deraadt@ | |||
2005-03-18 | typo; | Jason McIntyre | |
2005-03-01 | bz#413: allow optional specification of bind address for port forwardings. | Damien Miller | |
Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports. ok markus@ | |||
2005-01-08 | `login'(n) -> `log in'(v); | Jason McIntyre | |
2004-12-23 | bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz | Damien Miller | |
ok deraadt@ | |||
2004-09-15 | mention PrintLastLog only prints last login time for interactive | Jared Yanovich | |
sessions, like PrintMotd mentions. From Michael Knudsen, with wording changed slightly to match the PrintMotd description. ok djm | |||
2004-06-26 | new sentence, new line; | Jason McIntyre | |
2004-06-13 | List supported ciphers in man pages, tidy up ssh -c; | Darren Tucker | |
"looks fine" jmc@, ok markus@ |