| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2010-02-08 | obsolete | Markus Friedl | |
| 2010-02-08 | remove scard | Markus Friedl | |
| 2010-02-08 | remove obsole scard code | Markus Friedl | |
| 2010-02-08 | replace our obsolete smartcard code with PKCS#11. | Markus Friedl | |
| ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev | |||
| 2010-02-02 | make buffer_get_string_ret() really non-fatal in all cases (it was | Damien Miller | |
| using buffer_get_int(), which could fatal() on buffer empty); ok markus dtucker | |||
| 2010-01-30 | fake local addr:port when stdio fowarding as some servers (Tectia at | Damien Miller | |
| least) validate that they are well-formed; reported by imorgan AT nas.nasa.gov ok dtucker | |||
| 2010-01-30 | debug output goes to stderr, not "the system log"; ok markus dtucker | Damien Miller | |
| 2010-01-30 | don't mark channel as read failed if it is already closing; suppresses | Damien Miller | |
| harmless error messages when connecting to SSH.COM Tectia server report by imorgan AT nas.nasa.gov | |||
| 2010-01-29 | kill correct channel (was killing already-dead mux channel, not | Damien Miller | |
| its session channel) | |||
| 2010-01-29 | set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com | Damien Miller | |
| ok dtucker@ | |||
| 2010-01-28 | downgrade an error() to a debug() - this particular case can be hit in | Damien Miller | |
| normal operation for certain sequences of mux slave vs session closure and is harmless | |||
| 2010-01-27 | add missing "p" flag to getopt optstring; | Damien Miller | |
| bz#1704 from imorgan AT nas.nasa.gov | |||
| 2010-01-27 | fix bug introduced in mux rewrite: | Damien Miller | |
| In a mux master, when a socket to a mux slave closes before its server session (as may occur when the slave has been signalled), gracefully close the server session rather than deleting its channel immediately. A server may have more messages on that channel to send (e.g. an exit message) that will fatal() the client if they are sent to a channel that has been prematurely deleted. spotted by imorgan AT nas.nasa.gov | |||
| 2010-01-26 | -Wuninitialized and remove a // comment; from portable | Damien Miller | |
| 2010-01-26 | rewrite ssh(1) multiplexing code to a more sensible protocol. | Damien Miller | |
| The new multiplexing code uses channels for the listener and accepted control sockets to make the mux master non-blocking, so no stalls when processing messages from a slave. avoid use of fatal() in mux master protocol parsing so an errant slave process cannot take down a running master. implement requesting of port-forwards over multiplexed sessions. Any port forwards requested by the slave are added to those the master has established. add support for stdio forwarding ("ssh -W host:port ...") in mux slaves. document master/slave mux protocol so that other tools can use it to control a running ssh(1). Note: there are no guarantees that this protocol won't be incompatibly changed (though it is versioned). feedback Salvador Fandino, dtucker@ channel changes ok markus@ | |||
| 2010-01-18 | s/long long unsigned/unsigned long long/, from tim via portable | Darren Tucker | |
| 2010-01-17 | Correct and clarify ssh-add's password asking behavior. | Ted Unangst | |
| Improved text dtucker and ok jmc | |||
| 2010-01-15 | unused | Markus Friedl | |
| 2010-01-15 | Reset SIGTERM to SIG_DFL before executing ssh, so that even if sftp | Philip Guenthe | |
| inherited SIGTERM as ignored it will still be able to kill the ssh it starts. ok dtucker@ | |||
| 2010-01-14 | use user_from{uid,gid} to lookup up ids since it keeps a small cache. ok djm | Darren Tucker | |
| 2010-01-13 | when using ChrootDirectory, make sure we test for the existence of the | Damien Miller | |
| user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu; ok dtucker | |||
| 2010-01-13 | sftp.1: put ls -h in the right place | Jason McIntyre | |
| sftp.c: as above, plus add -p to get/put, and shorten their arg names to keep the help usage nicely aligned ok djm | |||
| 2010-01-13 | don't append a space after inserting a completion of a directory (i.e. | Damien Miller | |
| a path ending in '/') for a slightly better user experience; ok dtucker@ | |||
| 2010-01-13 | avoid run-time failures when specifying hostkeys via a relative | Damien Miller | |
| path by prepending the cwd in these cases; bz#1290; ok dtucker@ | |||
| 2010-01-13 | support '-h' (human-readable units) for sftp's ls command, just like | Damien Miller | |
| ls(1); ok dtucker@ | |||
| 2010-01-13 | Make HostBased authentication work with a ProxyCommand. bz #1569, patch | Darren Tucker | |
| from imorgan at nas nasa gov, ok djm@ | |||
| 2010-01-13 | Ignore and log any Protocol 1 keys where the claimed size is not equal to | Darren Tucker | |
| the actual size. Noted by Derek Martin, ok djm@ | |||
| 2010-01-13 | Fix a couple of typos/mispellings in comments | Darren Tucker | |
| 2010-01-12 | Add explicit stat so we reliably detect nologin with bad perms. ok djm markus | Darren Tucker | |
| 2010-01-12 | add a buffer_get_string_ptr_ret() that does the same as | Damien Miller | |
| buffer_get_string_ptr() but does not fatal() on error; ok dtucker@ | |||
| 2010-01-12 | Do not allow logins if /etc/nologin exists but is not readable by the user | Darren Tucker | |
| logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@ | |||
| 2010-01-12 | delete with extreme prejudice a debug() that fired with every keypress; | Damien Miller | |
| ok dtucker deraadt | |||
| 2010-01-12 | avoid spinning when fd passing on nonblocking sockets by calling poll() | Damien Miller | |
| in the EINTR/EAGAIN path, much like we do in atomicio; ok dtucker@ | |||
| 2010-01-12 | Fix bug introduced in r1.78 (incorrect brace location) that broke key auth. | Darren Tucker | |
| Patch from joachim joachimschipper nl. | |||
| 2010-01-11 | when converting keys, truncate key comments at 72 chars as per RFC4716; | Damien Miller | |
| bz#1630 reported by tj AT castaglia.org; ok markus@ | |||
| 2010-01-11 | Do not prompt for a passphrase if we fail to open a keyfile, and log the | Darren Tucker | |
| reason the open failed to debug. bz #1693, found by tj AT castaglia org, ok djm@ | |||
| 2010-01-11 | Add a 'netcat mode' (ssh -W). This connects stdio on the client to a single | Darren Tucker | |
| port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz #1618, man page help from jmc@, ok markus@ | |||
| 2010-01-10 | Output a debug if we can't open an existing keyfile. bz#1694, ok djm@ | Darren Tucker | |
| 2010-01-10 | Add ChrootDirectory to sshd.c test-mode output | Darren Tucker | |
| 2010-01-09 | Remove RoutingDomain from ssh since it's now not needed. It can be replaced | Darren Tucker | |
| with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@ | |||
| 2010-01-09 | Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs | Darren Tucker | |
| itself. Prevents two HUPs in quick succession from resulting in sshd dying. bz#1692, patch from Colin Watson via Ubuntu. | |||
| 2010-01-09 | Prevent sftp from derefing a null pointer when given a "-" without a command. | Darren Tucker | |
| Also, allow whitespace to follow a "-". bz#1691, path from Colin Watson via Debian. ok djm@ deraadt@ | |||
| 2010-01-09 | Remove a PRIu64 format string that snuck in with roaming. ok djm@ | Darren Tucker | |
| 2010-01-09 | quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we | Damien Miller | |
| usually don't actually have a tty to read/set; bz#1686 ok dtucker@ | |||
| 2010-01-09 | bad place to forget a comma... | Jason McIntyre | |
| 2010-01-09 | tweak language | Damien Miller | |
| 2010-01-09 | add a 'read-only' mode to sftp-server(8) that disables open in write mode | Damien Miller | |
| and all other fs-modifying protocol methods. bz#430 ok dtucker@ | |||
| 2010-01-08 | Fix two warnings: possibly used unitialized and use a nul byte instead of | Darren Tucker | |
| NULL pointer. ok djm@ | |||
| 2010-01-04 | bz#1566 don't unnecessarily dup() in and out fds for sftp-server; ok markus@ | Damien Miller | |
| 2010-01-04 | Implement tab-completion of commands, local and remote filenames for sftp. | Damien Miller | |
| Hacked on and off for some time by myself, mouring, Carlos Silva (via 2009 Google Summer of Code) and polished to a fine sheen by myself again. It should deal more-or-less correctly with the ikky corner-cases presented by quoted filenames, but the UI could still be slightly improved. In particular, it is quite slow for remote completion on large directories. bz#200; ok markus@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |