| Age | Commit message (Collapse) | Author |
|---|
|
ssh -2 localhost od /bin/ls | true
ignoring SIGPIPE by adding a new channel message (EOW) that signals
the peer that we're not interested in any data it might send.
fixes bz #85; discussion, debugging and ok djm@
|
|
for channels with both in- and output closed, since the channel
will go away before we call select();
report, lots of debugging help and ok djm@
|
|
without pipes shutdown-read from the sshd does not trigger
a SIGPIPE when the forked program does a write.
ok djm@
|
|
|
|
making the function names more consistent - making ssh.c and
clientloop.c a fair bit more readable.
ok markus@
|
|
whose DNS name resolves to more than one address. The previous behaviour
was to try the first address and give up.
Reported by stig AT venaas.com in bz#343
great feedback and ok markus@
|
|
with "important" channel requests that fail, in particular command exec,
shell and subsystem requests. Previously we would optimistically assume
that the requests would always succeed, which could cause hangs if they
did not (e.g. when the server runs out of fds) or were unimplemented by
the server (bz #1384)
Also, properly report failing multiplex channel requests via the mux
client stderr (subject to LogLevel in the mux master) - better than
silently failing.
most bits ok markus@ (as part of a larger diff)
|
|
a sshd_config MaxSessions knob. This is useful for disabling
login/shell/subsystem access while leaving port-forwarding working
(MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
simply increasing the number of allows multiplexed sessions.
Because some bozos are sure to configure MaxSessions in excess of the
number of available file descriptors in sshd (which, at peak, might be
as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
on error paths, and make it fail gracefully on out-of-fd conditions -
sending channel errors instead of than exiting with fatal().
bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
ok markus@
|
|
mechanism. Each channel maintains a queue of callbacks, which will
be drained in order (RFC4253 guarantees confirm messages are not
reordered within an channel).
Also includes a abandonment callback to clean up if a channel is
closed without sending confirmation messages. This probably
shouldn't happen in compliant implementations, but it could be
abused to leak memory.
ok markus@ (as part of a larger diff)
|
|
~10% speedup for localhost-scp; ok djm@
|
|
|
|
|
|
context), to specify if agents should be permitted on the server.
As the man page states:
``Note that disabling Agent forwarding does not improve security
unless users are also denied shell access, as they can always install
their own forwarders.''
ok djm@, ok and a mild frown markus@
|
|
larsnooden AT openoffice.org
|
|
|
|
|
|
|
|
fstatvfs@openssh.com that implement statvfs(2)-like operations,
based on a patch from miklos AT szeredi.hu (bz#1399)
also add a "df" command to the sftp client that uses the
statvfs@openssh.com to produce a df(1)-like display of filesystem
space and inode utilisation
ok markus@
|
|
Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@
|
|
|
|
spotted by jmc@
|
|
there). Spotted by Minstrel AT minstrel.org.uk
|
|
|
|
CVE-2008-1483; ok djm@
|
|
|
|
|
|
|
|
|
|
|
|
from dtucker@ ok deraadt@ djm@
|
|
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis
|
|
supports the posix-rename@openssh.com extension.
Note that the old (filexfer) behaviour would refuse to clobber an existing
file. Users who depended on this should adjust their sftp(1) usage.
ok deraadt@ markus@
|
|
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
of alignment; ok kettenis hshoexer
|
|
an extensive discussion with otto, kettenis, millert, and hshoexer
|
|
|
|
parts of the tree need this treatment too); ok djm
|
|
rename() operations. based on patch from miklos AT szeredi.hu in bz#1400;
ok dtucker@ markus@
|
|
keepalive timer (bz #1307). ok markus@
|
|
the user's rc files (if any).
|
|
|
|
being started with an absolute path.
ok djm
|
|
closefrom fds > 2 before shell/command execution
ok markus@
|
|
of a typo in rcs.c;
|
|
home, rather than the user who starts sshd (probably root)
|
|
|
|
ok jmc
|
|
|
|
tweak internal sftp server to work with it (no special files in chroot
required). ok markus@
|
|
|
|
requested by Tamas TEVESZ
ok dtucker
|
