| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2010-03-01 | zap what seems to be a left-over debug message; ok markus@ | Otto Moerbeek | |
| 2010-02-26 | tweak previous; | Jason McIntyre | |
| 2010-02-26 | Add support for certificate key types for users and hosts. | Damien Miller | |
| OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@ | |||
| 2010-02-24 | Add $OpenBSD$ tags in comments, our portable-syncing scripts use these | Damien Miller | |
| 2010-02-21 | dlclose() call should also be #ifdef HAVE_DLOPEN | Theo de Raadt | |
| 2010-02-20 | unbreak build for NOPIC systems; noticed, help and ok deraadt@ | Markus Friedl | |
| 2010-02-19 | gcc2 requires decls before code | Theo de Raadt | |
| 2010-02-11 | correct comment | Damien Miller | |
| 2010-02-11 | libarary -> library; | Jason McIntyre | |
| 2010-02-10 | pkcs#11 is no longer optional; improve wording; ok jmc@ | Markus Friedl | |
| 2010-02-09 | enable PKCS#11 code; ok djm | Markus Friedl | |
| 2010-02-09 | fix whitespace; from jmc@ | Markus Friedl | |
| 2010-02-09 | add manpage; ok djm@ | Markus Friedl | |
| 2010-02-09 | unbreak ChrootDirectory+internal-sftp by skipping check for executable shell | Damien Miller | |
| when chrooting; reported by danh AT wzrd.com; ok dtucker@ | |||
| 2010-02-09 | constify the arguments to buffer_len, buffer_ptr and buffer_dump | Damien Miller | |
| 2010-02-09 | fix -Wall | Damien Miller | |
| 2010-02-09 | fallout from PKCS#11: unbreak -D | Damien Miller | |
| 2010-02-08 | tweak previous; ok markus | Jason McIntyre | |
| 2010-02-08 | obsolete | Markus Friedl | |
| 2010-02-08 | remove scard | Markus Friedl | |
| 2010-02-08 | remove obsole scard code | Markus Friedl | |
| 2010-02-08 | replace our obsolete smartcard code with PKCS#11. | Markus Friedl | |
| ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev | |||
| 2010-02-02 | make buffer_get_string_ret() really non-fatal in all cases (it was | Damien Miller | |
| using buffer_get_int(), which could fatal() on buffer empty); ok markus dtucker | |||
| 2010-01-30 | fake local addr:port when stdio fowarding as some servers (Tectia at | Damien Miller | |
| least) validate that they are well-formed; reported by imorgan AT nas.nasa.gov ok dtucker | |||
| 2010-01-30 | debug output goes to stderr, not "the system log"; ok markus dtucker | Damien Miller | |
| 2010-01-30 | don't mark channel as read failed if it is already closing; suppresses | Damien Miller | |
| harmless error messages when connecting to SSH.COM Tectia server report by imorgan AT nas.nasa.gov | |||
| 2010-01-29 | kill correct channel (was killing already-dead mux channel, not | Damien Miller | |
| its session channel) | |||
| 2010-01-29 | set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com | Damien Miller | |
| ok dtucker@ | |||
| 2010-01-28 | downgrade an error() to a debug() - this particular case can be hit in | Damien Miller | |
| normal operation for certain sequences of mux slave vs session closure and is harmless | |||
| 2010-01-27 | add missing "p" flag to getopt optstring; | Damien Miller | |
| bz#1704 from imorgan AT nas.nasa.gov | |||
| 2010-01-27 | fix bug introduced in mux rewrite: | Damien Miller | |
| In a mux master, when a socket to a mux slave closes before its server session (as may occur when the slave has been signalled), gracefully close the server session rather than deleting its channel immediately. A server may have more messages on that channel to send (e.g. an exit message) that will fatal() the client if they are sent to a channel that has been prematurely deleted. spotted by imorgan AT nas.nasa.gov | |||
| 2010-01-26 | -Wuninitialized and remove a // comment; from portable | Damien Miller | |
| 2010-01-26 | rewrite ssh(1) multiplexing code to a more sensible protocol. | Damien Miller | |
| The new multiplexing code uses channels for the listener and accepted control sockets to make the mux master non-blocking, so no stalls when processing messages from a slave. avoid use of fatal() in mux master protocol parsing so an errant slave process cannot take down a running master. implement requesting of port-forwards over multiplexed sessions. Any port forwards requested by the slave are added to those the master has established. add support for stdio forwarding ("ssh -W host:port ...") in mux slaves. document master/slave mux protocol so that other tools can use it to control a running ssh(1). Note: there are no guarantees that this protocol won't be incompatibly changed (though it is versioned). feedback Salvador Fandino, dtucker@ channel changes ok markus@ | |||
| 2010-01-18 | s/long long unsigned/unsigned long long/, from tim via portable | Darren Tucker | |
| 2010-01-17 | Correct and clarify ssh-add's password asking behavior. | Ted Unangst | |
| Improved text dtucker and ok jmc | |||
| 2010-01-15 | unused | Markus Friedl | |
| 2010-01-15 | Reset SIGTERM to SIG_DFL before executing ssh, so that even if sftp | Philip Guenthe | |
| inherited SIGTERM as ignored it will still be able to kill the ssh it starts. ok dtucker@ | |||
| 2010-01-14 | use user_from{uid,gid} to lookup up ids since it keeps a small cache. ok djm | Darren Tucker | |
| 2010-01-13 | when using ChrootDirectory, make sure we test for the existence of the | Damien Miller | |
| user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu; ok dtucker | |||
| 2010-01-13 | sftp.1: put ls -h in the right place | Jason McIntyre | |
| sftp.c: as above, plus add -p to get/put, and shorten their arg names to keep the help usage nicely aligned ok djm | |||
| 2010-01-13 | don't append a space after inserting a completion of a directory (i.e. | Damien Miller | |
| a path ending in '/') for a slightly better user experience; ok dtucker@ | |||
| 2010-01-13 | avoid run-time failures when specifying hostkeys via a relative | Damien Miller | |
| path by prepending the cwd in these cases; bz#1290; ok dtucker@ | |||
| 2010-01-13 | support '-h' (human-readable units) for sftp's ls command, just like | Damien Miller | |
| ls(1); ok dtucker@ | |||
| 2010-01-13 | Make HostBased authentication work with a ProxyCommand. bz #1569, patch | Darren Tucker | |
| from imorgan at nas nasa gov, ok djm@ | |||
| 2010-01-13 | Ignore and log any Protocol 1 keys where the claimed size is not equal to | Darren Tucker | |
| the actual size. Noted by Derek Martin, ok djm@ | |||
| 2010-01-13 | Fix a couple of typos/mispellings in comments | Darren Tucker | |
| 2010-01-12 | Add explicit stat so we reliably detect nologin with bad perms. ok djm markus | Darren Tucker | |
| 2010-01-12 | add a buffer_get_string_ptr_ret() that does the same as | Damien Miller | |
| buffer_get_string_ptr() but does not fatal() on error; ok dtucker@ | |||
| 2010-01-12 | Do not allow logins if /etc/nologin exists but is not readable by the user | Darren Tucker | |
| logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@ | |||
| 2010-01-12 | delete with extreme prejudice a debug() that fired with every keypress; | Damien Miller | |
| ok dtucker deraadt | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |