| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2008-07-05 | grammar | Damien Miller | |
| 2008-07-04 | Make protocol 1 MaxAuthTries logic match protocol 2's. | Damien Miller | |
| Do not treat the first protocol 2 authentication attempt as a failure IFF it is for method "none". Makes MaxAuthTries' user-visible behaviour identical for protocol 1 vs 2. ok dtucker@ | |||
| 2008-07-04 | handle EINTR in packet_write_poll()l ok dtucker@ | Damien Miller | |
| 2008-07-04 | Make debug a little clearer. ok djm@ | Darren Tucker | |
| 2008-07-04 | support negation of groups in "Match group" block (bz#1315); ok dtucker@ | Damien Miller | |
| 2008-07-03 | avoid nasty double free; ok dtucker@ djm@ | Otto Moerbeek | |
| 2008-07-02 | When forking after authentication ("ssh -f") with ExitOnForwardFailure | Damien Miller | |
| enabled, delay the fork until after replies for any -R forwards have been seen. Allows for robust detection of -R forward failure when using -f (similar to bz#92); ok dtucker@ | |||
| 2008-07-02 | really really remove the freebie "none" auth try for protocol 2 | Damien Miller | |
| 2008-07-02 | Make protocol 2 MaxAuthTries behaviour a little more sensible: | Damien Miller | |
| Check whether client has exceeded MaxAuthTries before running an authentication method and skip it if they have, previously it would always allow one try (for "none" auth). Preincrement failure count before post-auth test - previously this checked and postincremented, also to allow one "none" try. Together, these two changes always count the "none" auth method which could be skipped by a malicious client (e.g. an SSH worm) to get an extra attempt at a real auth method. They also make MaxAuthTries=0 a useful way to block users entirely (esp. in a sshd_config Match block). Also, move sending of any preauth banner from "none" auth method to the first call to input_userauth_request(), so worms that skip the "none" method get to see it too. | |||
| 2008-07-02 | Merge duplicate host key file checks, based in part on a patch from Rob | Darren Tucker | |
| Holland via bz #1348 . Also checks for non-regular files during protocol 1 RSA auth. ok djm@ | |||
| 2008-07-02 | increase default size of ssh protocol 1 ephemeral key from 768 to 1024 | Damien Miller | |
| bits; prodded by & ok dtucker@ ok deraadt@ | |||
| 2008-07-01 | fix some typos; ok djm@ | Kevin Steves | |
| 2008-07-01 | Send CR LF during protocol banner exchanges, but only for Protocol 2 only, | Darren Tucker | |
| in order to comply with RFC 4253. bz #1443, ok djm@ | |||
| 2008-07-01 | Check ExitOnForwardFailure if forwardings are disabled due to a failed | Darren Tucker | |
| host key check. ok djm@ | |||
| 2008-06-30 | clarify that eow@openssh.com is only sent on session channels | Damien Miller | |
| 2008-06-30 | only send eow@openssh.com notifications for session channels; ok! markus@ | Damien Miller | |
| 2008-06-30 | only pass channel requests on session channels through to the session | Damien Miller | |
| channel handler, avoiding spurious log messages; ok! markus@ | |||
| 2008-06-30 | typo: s/constraint_date/constraint_data/ | Damien Miller | |
| 2008-06-29 | protocol 2 key blobs are strings, not byte arrays | Damien Miller | |
| 2008-06-28 | document the protocol used by ssh-agent; "looks ok" markus@ | Damien Miller | |
| 2008-06-28 | reset global compat flag after processing a protocol 2 signature | Damien Miller | |
| request with the legacy DSA encoding flag set; ok markus | |||
| 2008-06-28 | revert accidental commit (nearly 2 months ago!) that | Damien Miller | |
| unconditionally enabled -Werror and -g | |||
| 2008-06-28 | refuse to add a key that has unknown constraints specified; | Damien Miller | |
| ok markus | |||
| 2008-06-28 | spelling fixes | Damien Miller | |
| 2008-06-26 | add VisualHostKey to the list of options listed in -o; | Jason McIntyre | |
| 2008-06-26 | Move SSH Fingerprint Visualization away from sharing the config option | Alexander von Gernler | |
| CheckHostIP to an own config option named VisualHostKey. While there, fix the behaviour that ssh would draw a random art picture on every newly seen host even when the option was not enabled. prodded by deraadt@, discussions, help and ok markus@ djm@ dtucker@ | |||
| 2008-06-26 | when loading moduli from /etc/moduli in sshd(8), check that they | Damien Miller | |
| are of the expected "safe prime" structure and have had appropriate primality tests performed; feedback and ok dtucker@ | |||
| 2008-06-26 | allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky | Damien Miller | |
| bits. Note that this only affects explicit setting of modes (e.g. via sftp(1)'s chmod command) and not file transfers. (bz#1310) ok deraadt@ at c2k8 | |||
| 2008-06-25 | add key length to visual fingerprint; zap magical constants; | Otto Moerbeek | |
| ok grunk@ djm@ | |||
| 2008-06-21 | use optopt to get invalid flag, instead of return value of getopt, | Martynas Venckus | |
| which is always '?'; ok djm@ | |||
| 2008-06-16 | Rename the isatty argument to is_tty so we don't shadow isatty(3). | Darren Tucker | |
| ok markus@ | |||
| 2008-06-15 | don't call isatty() on a pty master, instead pass a flag down to | Damien Miller | |
| channel_set_fds() indicating that te fds refer to a tty. Fixes a hang on exit on Solaris (bz#1463) in portable but is actually a generic bug; ok dtucker deraadt markus | |||
| 2008-06-15 | Allow MaxAuthTries within a Match block. ok djm@ | Darren Tucker | |
| 2008-06-15 | MaxSessions is allowed in a Match block too | Darren Tucker | |
| 2008-06-14 | Mention that scp follows symlinks during -r. bz #1466, from nectar at apple | Darren Tucker | |
| 2008-06-14 | suppress the warning message from chdir(homedir) failures | Damien Miller | |
| when chrooted (bz#1461); ok dtucker | |||
| 2008-06-14 | ensure default umask disallows at least group and world write; ok djm@ | Darren Tucker | |
| 2008-06-14 | wrap long line at 80 chars | Darren Tucker | |
| 2008-06-13 | Explain the use of SSH fpr visualization using random art, and cite the | Alexander von Gernler | |
| original scientific paper inspiring that technique. Much help with English and nroff by jmc@, thanks. | |||
| 2008-06-13 | Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@ | Darren Tucker | |
| 2008-06-13 | Friendlier error messages for mux fallback. ok djm@ | Darren Tucker | |
| 2008-06-13 | Include unistd.h for close(), prevents warnings in -portable | Darren Tucker | |
| 2008-06-13 | Clear key options in the monitor on failed authentication, prevents | Darren Tucker | |
| applying additional restrictions to non-pubkey authentications in the case where pubkey fails but another method subsequently succeeds. bz #1472, found by Colin Watson, ok markus@ djm@ | |||
| 2008-06-13 | compile on older gcc; no decl after code | Theo de Raadt | |
| 2008-06-13 | refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not | Damien Miller | |
| regular files; report from Solar Designer via Colin Watson in bz#1471 ok dtucker@ deraadt@ | |||
| 2008-06-13 | upcast uid to long with matching %ld, prevents warnings in portable | Darren Tucker | |
| 2008-06-13 | upcast another size_t to u_long to match format | Darren Tucker | |
| 2008-06-13 | upcast size_t to u_long to match format arg; ok djm@ | Darren Tucker | |
| 2008-06-13 | fall back to creating a new TCP connection on most multiplexing errors | Damien Miller | |
| (socket connect fail, invalid version, refused permittion, corrupted messages, etc.); bz #1329 ok dtucker@ | |||
| 2008-06-13 | replace __dead with __attribute__((noreturn)), makes things a little easier | Darren Tucker | |
| to port. Also, add it to sigdie(). ok djm@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |