| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-01-09 | correctly initialise fingerprint type for fingerprinting PKCS#11 keys | Damien Miller | |
| 2013-01-08 | support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) | Markus Friedl | |
| ok and feedback djm@ | |||
| 2013-01-04 | sftp-server.8: add argument name to -d | Jason McIntyre | |
| sftp-server.c: add -d to usage() ok djm | |||
| 2013-01-03 | allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ... | Damien Miller | |
| ok markus@ | |||
| 2013-01-03 | allow specification of an alternate start directory for sftp-server(8) | Damien Miller | |
| "I like this" markus@ | |||
| 2013-01-03 | fix description of MAC calculation for EtM modes; ok markus@ | Damien Miller | |
| 2013-01-03 | add a couple of ServerOptions members that should be copied to the privsep | Damien Miller | |
| child (for consistency, in this case they happen only to be accessed in the monitor); ok dtucker@ | |||
| 2013-01-02 | correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED | Damien Miller | |
| bz#2051 from david AT lechnology.com | |||
| 2013-01-02 | channel_setup_local_fwd_listener() returns 0 on failure, not -ve | Damien Miller | |
| bz#2055 reported by mathieu.lacage AT gmail.com | |||
| 2012-12-14 | use correct string in error message; from rustybsd at gmx.fr | Darren Tucker | |
| 2012-12-12 | use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled | Christian Weisgerber | |
| counter mode code; ok djm@ | |||
| 2012-12-12 | reset incoming_packet buffer for each new packet in EtM-case, too; | Markus Friedl | |
| this happens if packets are parsed only parially (e.g. ignore messages sent when su/sudo turn off echo); noted by sthen/millert | |||
| 2012-12-11 | fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@ | Stuart Henderson | |
| 2012-12-11 | add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms | Markus Friedl | |
| that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@ | |||
| 2012-12-11 | drain the log messages after receiving the keystate from the unpriv | Markus Friedl | |
| child. otherwise it might block while sending. ok djm@ | |||
| 2012-12-07 | Cast signal to int for logging. A no-op on openbsd (they're always ints) | Darren Tucker | |
| but will prevent warnings in portable. ok djm@ | |||
| 2012-12-05 | prevent double-free of comment; ok djm@ | Markus Friedl | |
| 2012-12-03 | tweak previous; | Jason McIntyre | |
| 2012-12-03 | Fix compilation with -Wall -Werror (trivial type fixes) | Damien Miller | |
| 2012-12-02 | make AllowTcpForwarding accept "local" and "remote" in addition to its | Damien Miller | |
| current "yes"/"no" to allow the server to specify whether just local or remote TCP forwarding is enabled. ok markus@ | |||
| 2012-12-02 | make deleting explicit keys "ssh-add -d" symmetric with adding keys - | Damien Miller | |
| try to delete the corresponding certificate too and respect the -k option to allow deleting of the key only; feedback and ok markus@ | |||
| 2012-12-02 | Fixes logging of partial authentication when privsep is enabled | Damien Miller | |
| Previously, we recorded "Failed xxx" since we reset authenticated before calling auth_log() in auth2.c. This adds an explcit "Partial" state. Add a "submethod" to auth_log() to report which submethod is used for keyboard-interactive. Fix multiple authentication when one of the methods is keyboard-interactive. ok markus@ | |||
| 2012-12-02 | Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. | Damien Miller | |
| This allows control of which keys are offered from tokens using IdentityFile. ok markus@ | |||
| 2012-11-14 | allow the full range of unsigned serial numbers; 'fine' deraadt@ | Damien Miller | |
| 2012-11-14 | fix username passed to helper program | Damien Miller | |
| prepare stdio fds before closefrom() spotted by landry@ | |||
| 2012-11-04 | Support multiple required authentication via an AuthenticationMethods | Damien Miller | |
| option. This option lists one or more comma-separated lists of authentication method names. Successful completion of all the methods in any list is required for authentication to complete; feedback and ok markus@ | |||
| 2012-11-04 | Remove default of AuthorizedCommandUser. Administrators are now expected | Damien Miller | |
| to explicitly specify a user. feedback and ok markus@ | |||
| 2012-10-31 | tweak previous; | Jason McIntyre | |
| 2012-10-30 | new sshd_config option AuthorizedKeysCommand to support fetching | Damien Miller | |
| authorized_keys from a command in addition to (or instead of) from the filesystem. The command is run as the target server user unless another specified via a new AuthorizedKeysCommandUser option. patch originally by jchadima AT redhat.com, reworked by me; feedback and ok markus@ | |||
| 2012-10-05 | fix signed vs unsigned warning; feedback & ok: djm@ | Markus Friedl | |
| 2012-10-04 | add umac128 variant; ok djm@ at n2k12 | Markus Friedl | |
| 2012-10-02 | fix -z option, broken in revision 1.215 | Damien Miller | |
| 2012-10-01 | pasto; ok djm@ | Christian Weisgerber | |
| 2012-09-26 | last stage of rfc changes, using consistent Rs/Re blocks, and moving the | Jason McIntyre | |
| references into a STANDARDS section; | |||
| 2012-09-21 | Fix handling of filenames containing escaped globbing characters and escape | Darren Tucker | |
| "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm. | |||
| 2012-09-21 | Fix improper handling of absolute paths when PWD is part of the completed | Darren Tucker | |
| path. Patch from Jean-Marc Robert via tech@, ok djm. | |||
| 2012-09-18 | Add bounds check on sftp tab-completion. Part of a patch from from Jean-Marc | Darren Tucker | |
| Robert via tech@, ok djm | |||
| 2012-09-17 | clear old keys on rekeing; ok djm | Markus Friedl | |
| 2012-09-17 | an XXX for later | Damien Miller | |
| 2012-09-14 | remove unused variable | Markus Friedl | |
| 2012-09-13 | Fix comment line length | Darren Tucker | |
| 2012-09-07 | when muxmaster is run with -N, make it shut down gracefully when a client | Darren Tucker | |
| sends it "-O stop" rather than hanging around. ok djm@ | |||
| 2012-09-07 | Merge escape help text for ~v and ~V; ok djm@ | Darren Tucker | |
| 2012-09-07 | Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@ | Darren Tucker | |
| 2012-09-06 | missing letter in previous; | Jason McIntyre | |
| 2012-09-06 | Make the escape command help (~?) context sensitive so that only commands | Darren Tucker | |
| that will work in the current session are shown. ok markus@ | |||
| 2012-09-06 | Put help text for ~v and ~V around the correct way | Darren Tucker | |
| 2012-09-06 | Add ~v and ~V escape sequences to raise and lower the logging level | Darren Tucker | |
| respectively. Man page help from jmc, ok deraadt jmc | |||
| 2012-08-24 | comment about bsd.own.mk is now false; ok markus | Theo de Raadt | |
| 2012-08-17 | Send client banner immediately, rather than waiting for the server to | Damien Miller | |
| move first for SSH protocol 2 connections (the default). Patch based on one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |