summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
AgeCommit message (Collapse)Author
2014-10-09tweak previous;Jason McIntyre
2014-10-08Tweak config reparsing with host canonicalisationDamien Miller
Make the second pass through the config files always run when hostname canonicalisation is enabled. Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T" Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored). bz#2267 bz#2286; ok markus
2014-10-08another -Wpointer-sign from clangDamien Miller
2014-10-08fix a few -Wpointer-sign warnings from clangDamien Miller
2014-10-08parse cert sections using nested buffers to reduce copies; ok markusDamien Miller
2014-10-06correct options in usage(); from mancha1 AT zoho.comDamien Miller
2014-09-09mention permissions on tun(4) devices in PermitTunnel documentation;Damien Miller
bz#2273
2014-09-03tighten permissions on pty when the "tty" group does not exist;Damien Miller
pointed out by Corinna Vinschen; ok markus
2014-08-30typo.Igor Sobrado
2014-08-30improve capitalization for the Ed25519 public-key signature system.Igor Sobrado
ok djm@
2014-08-21Free resources on error in mkstemp and fdopendoug
ok djm@
2014-08-20djm how did you make a typo like that...Theo de Raadt
2014-08-19When dumping the server configuration (sshd -T), print correct KEX,Damien Miller
MAC and cipher defaults. Spotted by Iain Morgan
2014-08-19~-expand lcd pathsDamien Miller
2014-07-28some systems no longer need /dev/log;Ingo Schwarze
issue noticed by jirib; ok deraadt
2014-07-25Clear buffer used for handling messages. This prevents keys beingDarren Tucker
left in memory after they have been expired or deleted in some cases (but note that ssh-agent is setgid so you would still need root to access them). Pointed out by Kevin Burns, ok deraadt
2014-07-24Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@Todd C. Miller
2014-07-22Convert from <sys/endian.h> to the shiney new <endian.h>Philip Guenther
ok dtucker@, who also confirmed that -portable handles this already
2014-07-22Prevent spam from key_load_private_pem during hostbased auth. ok djm@Darren Tucker
2014-07-18restore umask around listener socket creation (dropped in streamlocal patchDamien Miller
merge)
2014-07-17reflect stdio-forward ("ssh -W host:port ...") failures in exit status.Damien Miller
previously we were always returning 0. bz#2255 reported by Brendan Germain; ok dtucker
2014-07-17silence "incorrect passphrase" error spam; reported and ok dtucker@Damien Miller
2014-07-17ifdef SYS_sendsyslog so this will compile without patching on -stableDamien Miller
2014-07-17preserve errno across syscallDamien Miller
2014-07-16add the streamlocal* options to ssh's -o list; millert says they'reJason McIntyre
irrelevant for scp/sftp; ok markus millert
2014-07-15Add support for Unix domain socket forwarding. A remote TCP portTodd C. Miller
may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
2014-07-11by popular demand, add back hamc-sha1 to server proposal for better compatTed Unangst
with many clients still in use. ok deraadt
2014-07-11Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking,Theo de Raadt
update your kernels and sshd soon.. libc will start using sendsyslog() in about 4 days.
2014-07-09fix ssh-add crash while loading more than one keySebastian Benoit
ok markus@
2014-07-09downgrade more error() to debug() to better match what old authfile.cDamien Miller
did; suppresses spurious errors with hostbased authentication enabled
2014-07-09more useful error message when GLOB_NOSPACE occurs;Damien Miller
bz#2254, patch from Orion Poplawski
2014-07-07mention that ProxyCommand is executed using shell "exec" to avoidDamien Miller
a lingering process; bz#1977
2014-07-05fix remote-forward cancel regression; ok markus@Damien Miller
2014-07-03remove leakmalloc droppingsDamien Miller
2014-07-03Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc isDamien Miller
executed, mirroring the no-user-rc authorized_keys option; bz#2160; ok markus@
2014-07-03allow explicit ::1 and 127.0.0.1 forwarding bind addresses whenDamien Miller
GatewayPorts=no; allows client to choose address family; bz#2222 ok markus@
2014-07-03when rekeying, skip file/DNS lookup if it is the same as the key sentDamien Miller
during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@
2014-07-03Call chacha_ivsetup() immediately before chacha_encrypt_bytes() - thisJoel Sing
makes it easier to verify that chacha_encrypt_bytes() is only called once per chacha_ivsetup() call. ok djm@
2014-07-03make the "Too many authentication failures" message include theDamien Miller
user, source address, port and protocol in a format similar to the authentication success / failure messages; bz#2199, ok dtucker
2014-07-03escape %C since groff thinks it part of an Rs/Re block;Jason McIntyre
2014-07-03Add a %C escape sequence for LocalCommand and ControlPath that expandsDamien Miller
to a unique identifer based on a has of the tuple of (local host, remote user, hostname, port). Helps avoid exceeding sockaddr_un's miserly pathname limits for mux control paths. bz#2220, based on patch from mancha1 AT zoho.com; ok markus@
2014-07-03document that -g will only work in the multiplexed case if applied toDamien Miller
the mux master
2014-07-03mention '%%' escape sequence in HostName directives and how it mayDamien Miller
be used to specify IPv6 link-local addresses
2014-07-03forward-declare struct sshbuf so consumers don't need to include sshbuf.hDamien Miller
2014-07-03When hashing or removing hosts using ssh-keygen, don't choke onDamien Miller
@revoked markers and don't remove @cert-authority markers; bz#2241, reported by mlindgren AT runelind.net
2014-07-03standardise on NI_MAXHOST for gethostname() string lengths; aboutDamien Miller
1/2 the cases were using it already. Fixes bz#2239 en passant
2014-07-03use EVP_Digest() for one-shot hash instead of creating, updating,Damien Miller
finalising and destroying a context. bz#2231, based on patch from Timo Teras
2014-07-03make stdout line-buffered; saves partial output getting lost whenDamien Miller
ssh-add fatal()s part-way through (e.g. when listing keys from an agent that supports key types that ssh-add doesn't); bz#2234, reported by Phil Pennock
2014-07-03Only cleanup agent socket in the main agent process and not in anyDamien Miller
subprocesses it may have started (e.g. forked askpass). Fixes agent sockets being zapped when askpass processes fatal(); bz#2236 patch from Dmitry V. Levin
2014-07-03make Ed25519 keys' title fit properly in the randomart border; bz#2247Damien Miller
based on patch from Christian Hesse