Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-10-09 | tweak previous; | Jason McIntyre | |
2014-10-08 | Tweak config reparsing with host canonicalisation | Damien Miller | |
Make the second pass through the config files always run when hostname canonicalisation is enabled. Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T" Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored). bz#2267 bz#2286; ok markus | |||
2014-10-08 | another -Wpointer-sign from clang | Damien Miller | |
2014-10-08 | fix a few -Wpointer-sign warnings from clang | Damien Miller | |
2014-10-08 | parse cert sections using nested buffers to reduce copies; ok markus | Damien Miller | |
2014-10-06 | correct options in usage(); from mancha1 AT zoho.com | Damien Miller | |
2014-09-09 | mention permissions on tun(4) devices in PermitTunnel documentation; | Damien Miller | |
bz#2273 | |||
2014-09-03 | tighten permissions on pty when the "tty" group does not exist; | Damien Miller | |
pointed out by Corinna Vinschen; ok markus | |||
2014-08-30 | typo. | Igor Sobrado | |
2014-08-30 | improve capitalization for the Ed25519 public-key signature system. | Igor Sobrado | |
ok djm@ | |||
2014-08-21 | Free resources on error in mkstemp and fdopen | doug | |
ok djm@ | |||
2014-08-20 | djm how did you make a typo like that... | Theo de Raadt | |
2014-08-19 | When dumping the server configuration (sshd -T), print correct KEX, | Damien Miller | |
MAC and cipher defaults. Spotted by Iain Morgan | |||
2014-08-19 | ~-expand lcd paths | Damien Miller | |
2014-07-28 | some systems no longer need /dev/log; | Ingo Schwarze | |
issue noticed by jirib; ok deraadt | |||
2014-07-25 | Clear buffer used for handling messages. This prevents keys being | Darren Tucker | |
left in memory after they have been expired or deleted in some cases (but note that ssh-agent is setgid so you would still need root to access them). Pointed out by Kevin Burns, ok deraadt | |||
2014-07-24 | Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@ | Todd C. Miller | |
2014-07-22 | Convert from <sys/endian.h> to the shiney new <endian.h> | Philip Guenther | |
ok dtucker@, who also confirmed that -portable handles this already | |||
2014-07-22 | Prevent spam from key_load_private_pem during hostbased auth. ok djm@ | Darren Tucker | |
2014-07-18 | restore umask around listener socket creation (dropped in streamlocal patch | Damien Miller | |
merge) | |||
2014-07-17 | reflect stdio-forward ("ssh -W host:port ...") failures in exit status. | Damien Miller | |
previously we were always returning 0. bz#2255 reported by Brendan Germain; ok dtucker | |||
2014-07-17 | silence "incorrect passphrase" error spam; reported and ok dtucker@ | Damien Miller | |
2014-07-17 | ifdef SYS_sendsyslog so this will compile without patching on -stable | Damien Miller | |
2014-07-17 | preserve errno across syscall | Damien Miller | |
2014-07-16 | add the streamlocal* options to ssh's -o list; millert says they're | Jason McIntyre | |
irrelevant for scp/sftp; ok markus millert | |||
2014-07-15 | Add support for Unix domain socket forwarding. A remote TCP port | Todd C. Miller | |
may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@ | |||
2014-07-11 | by popular demand, add back hamc-sha1 to server proposal for better compat | Ted Unangst | |
with many clients still in use. ok deraadt | |||
2014-07-11 | Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking, | Theo de Raadt | |
update your kernels and sshd soon.. libc will start using sendsyslog() in about 4 days. | |||
2014-07-09 | fix ssh-add crash while loading more than one key | Sebastian Benoit | |
ok markus@ | |||
2014-07-09 | downgrade more error() to debug() to better match what old authfile.c | Damien Miller | |
did; suppresses spurious errors with hostbased authentication enabled | |||
2014-07-09 | more useful error message when GLOB_NOSPACE occurs; | Damien Miller | |
bz#2254, patch from Orion Poplawski | |||
2014-07-07 | mention that ProxyCommand is executed using shell "exec" to avoid | Damien Miller | |
a lingering process; bz#1977 | |||
2014-07-05 | fix remote-forward cancel regression; ok markus@ | Damien Miller | |
2014-07-03 | remove leakmalloc droppings | Damien Miller | |
2014-07-03 | Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is | Damien Miller | |
executed, mirroring the no-user-rc authorized_keys option; bz#2160; ok markus@ | |||
2014-07-03 | allow explicit ::1 and 127.0.0.1 forwarding bind addresses when | Damien Miller | |
GatewayPorts=no; allows client to choose address family; bz#2222 ok markus@ | |||
2014-07-03 | when rekeying, skip file/DNS lookup if it is the same as the key sent | Damien Miller | |
during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@ | |||
2014-07-03 | Call chacha_ivsetup() immediately before chacha_encrypt_bytes() - this | Joel Sing | |
makes it easier to verify that chacha_encrypt_bytes() is only called once per chacha_ivsetup() call. ok djm@ | |||
2014-07-03 | make the "Too many authentication failures" message include the | Damien Miller | |
user, source address, port and protocol in a format similar to the authentication success / failure messages; bz#2199, ok dtucker | |||
2014-07-03 | escape %C since groff thinks it part of an Rs/Re block; | Jason McIntyre | |
2014-07-03 | Add a %C escape sequence for LocalCommand and ControlPath that expands | Damien Miller | |
to a unique identifer based on a has of the tuple of (local host, remote user, hostname, port). Helps avoid exceeding sockaddr_un's miserly pathname limits for mux control paths. bz#2220, based on patch from mancha1 AT zoho.com; ok markus@ | |||
2014-07-03 | document that -g will only work in the multiplexed case if applied to | Damien Miller | |
the mux master | |||
2014-07-03 | mention '%%' escape sequence in HostName directives and how it may | Damien Miller | |
be used to specify IPv6 link-local addresses | |||
2014-07-03 | forward-declare struct sshbuf so consumers don't need to include sshbuf.h | Damien Miller | |
2014-07-03 | When hashing or removing hosts using ssh-keygen, don't choke on | Damien Miller | |
@revoked markers and don't remove @cert-authority markers; bz#2241, reported by mlindgren AT runelind.net | |||
2014-07-03 | standardise on NI_MAXHOST for gethostname() string lengths; about | Damien Miller | |
1/2 the cases were using it already. Fixes bz#2239 en passant | |||
2014-07-03 | use EVP_Digest() for one-shot hash instead of creating, updating, | Damien Miller | |
finalising and destroying a context. bz#2231, based on patch from Timo Teras | |||
2014-07-03 | make stdout line-buffered; saves partial output getting lost when | Damien Miller | |
ssh-add fatal()s part-way through (e.g. when listing keys from an agent that supports key types that ssh-add doesn't); bz#2234, reported by Phil Pennock | |||
2014-07-03 | Only cleanup agent socket in the main agent process and not in any | Damien Miller | |
subprocesses it may have started (e.g. forked askpass). Fixes agent sockets being zapped when askpass processes fatal(); bz#2236 patch from Dmitry V. Levin | |||
2014-07-03 | make Ed25519 keys' title fit properly in the randomart border; bz#2247 | Damien Miller | |
based on patch from Christian Hesse |