| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-11-12 | Prevent integer overflow when ridiculously large ConnectTimeout is | Darren Tucker | |
| specified, capping the effective value (for most platforms) at 24 days. bz#3229, ok djm@ | |||
| 2020-11-11 | fix logic error that broke URI parsing in ProxyJump directives; | Damien Miller | |
| ok dtucker@ | |||
| 2020-11-10 | Free the previously allocated msg buffer after writing it out. | Claudio Jeker | |
| OK djm@ | |||
| 2020-11-08 | unbreak; missing NULL check | Damien Miller | |
| 2020-11-08 | when requesting a security key touch on stderr, inform the user once | Damien Miller | |
| the touch has been recorded; requested by claudio@ ok markus@ | |||
| 2020-11-08 | Add a comment documenting the source of the moduli group sizes. | Darren Tucker | |
| 2020-11-08 | Replace WITH_OPENSSL ifdefs in log calls with a macro. The log calls | Darren Tucker | |
| are themselves now macros, and preprocessor directives inside macro arguments are undefined behaviour which some compilers (eg old GCCs) choke on. It also makes the code tidier. ok deraadt@ | |||
| 2020-11-03 | fold consecutive '*' wildcards to mitigate combinatorial explosion | Damien Miller | |
| of recursive searches; ok dtucker | |||
| 2020-10-30 | print reason in fatal error message when kex_assemble_namelist() fails | Damien Miller | |
| 2020-10-29 | fix sshd_config SetEnv directive inside Match blocks; part of github | Damien Miller | |
| PR#201 from github user manuelm | |||
| 2020-10-29 | fix type of nid in type_bits_valid(); github PR#202 from github user | Damien Miller | |
| thingsconnected | |||
| 2020-10-29 | whitespace; no code change | Damien Miller | |
| 2020-10-29 | UpdateHostkeys: fixed/better detection of host keys that exist under | Damien Miller | |
| other names and addresses; spotted by and debugged with lots of help from jca@ | |||
| 2020-10-26 | Minor man page fixes (capitalization, commas) identified by the | Darren Tucker | |
| manpage-l10n project via bz#3223. feedback deraadt@, ok jmc@ | |||
| 2020-10-19 | Adapt XMSS to new logging infrastructure. With markus@, ok djm@. | Darren Tucker | |
| 2020-10-19 | fix SEGV on fatal() errors spotted by dtucker@ | Damien Miller | |
| 2020-10-18 | use the new variant log macros instead of prepending __func__ and | Damien Miller | |
| appending ssh_err(r) manually; ok markus@ | |||
| 2020-10-18 | variants of the log methods that append a ssherr.h string from | Damien Miller | |
| a supplied error code; ok markus@ | |||
| 2020-10-18 | remove a level of macro indirection; ok markus@ | Damien Miller | |
| 2020-10-18 | add some variant log.h calls that prepend the calling function | Damien Miller | |
| name; ok markus@ | |||
| 2020-10-17 | make the log functions that exit (sshlogdie(), sshfatal(), etc) have | Damien Miller | |
| identical signatures. Makes things a bit more consistent... | |||
| 2020-10-16 | add space between macro arg and punctuation; | Jason McIntyre | |
| 2020-10-16 | LogVerbose keyword for ssh and sshd | Damien Miller | |
| Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@ | |||
| 2020-10-16 | revised log infrastructure for OpenSSH | Damien Miller | |
| log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists. ok markus@ | |||
| 2020-10-16 | use do_log2 instead of function pointers to different log functions | Damien Miller | |
| 2020-10-14 | make UpdateHostkeys still more conservative: refuse to proceed if | Damien Miller | |
| one of the keys offered by the server is already in known_hosts under another name. This avoid collisions between address entries for different host aliases when CheckHostIP=yes Also, do not attempt to fix known_hosts with incomplete host/ip matches when there are no new or deprecated hostkeys. | |||
| 2020-10-12 | Zap unused family parameter from ssh_connect_direct() | kn | |
| sshconnect.c r1.241 from 2013 made it unused; found while reading code. OK djm | |||
| 2020-10-11 | UpdateHostkeys: check for keys under other names | Damien Miller | |
| Stop UpdateHostkeys from automatically removing deprecated keys from known_hosts files if the same keys exist under a different name or address to the host that is being connected to. This avoids UpdateHostkeys from making known_hosts inconsistent in some cases. For example, multiple host aliases sharing address-based known_hosts on different lines, or hosts that resolves to multiple addresses. ok markus@ | |||
| 2020-10-11 | UpdateHostkeys: better CheckHostIP handling | Damien Miller | |
| When preparing to update the known_hosts file, fully check both entries for both the host and the address (if CheckHostIP enabled) and ensure that, at the end of the operation, entries for both are recorded. Make sure this works with HashKnownHosts too, which requires maintaining a list of entry-types seen across the whole file for each key. ok markus@ | |||
| 2020-10-11 | UpdateHostkeys: better detect manual host entries | Damien Miller | |
| Disable UpdateHostkeys if the known_hosts line has more than two entries in the pattern-list. ssh(1) only writes "host" or "host,ip" lines so anything else was added by a different tool or by a human. ok markus@ | |||
| 2020-10-08 | don't misdetect comma-separated hostkey names as wildcards; | Damien Miller | |
| spotted by naddy@ | |||
| 2020-10-08 | clarify conditions for UpdateHostkeys | Damien Miller | |
| 2020-10-07 | Disable UpdateHostkeys when hostkey checking fails | Damien Miller | |
| If host key checking fails (i.e. a wrong host key is recorded for the server) and the user elects to continue (via StrictHostKeyChecking=no), then disable UpdateHostkeys for the session. reminded by Mark D. Baushke; ok markus@ | |||
| 2020-10-07 | Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug | Damien Miller | |
| When all of UpdateHostkeys, HashKnownHosts and ChechHostIP were enabled and new host keys were learned, known_hosts IP entries were not being recorded for new host keys. reported by matthieu@ ok markus@ | |||
| 2020-10-07 | don't UpdateHostkeys when the hostkey is verified by the | Damien Miller | |
| GlobalKnownHostsFile file, support only UserKnownHostsFile matches suggested by Mark D. Baushke; feedback and ok markus@ | |||
| 2020-10-07 | revert kex->flags cert hostkey downgrade back to a plain key | Damien Miller | |
| (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@ | |||
| 2020-10-07 | simply disable UpdateHostkeys when a certificate successfully | Damien Miller | |
| authenticated the host; simpler than the complicated plumbing via kex->flags we have now. ok markus@ | |||
| 2020-10-07 | disable UpdateHostkeys by default if VerifyHostKeyDNS is enabled; | Damien Miller | |
| suggested by Mark D. Baushke | |||
| 2020-10-06 | Agent protocol draft is now at rev 4. ok djm@ | Darren Tucker | |
| 2020-10-04 | when ordering host key algorithms in the client, consider the ECDSA | Damien Miller | |
| key subtype; ok markus@ | |||
| 2020-10-04 | Allow full range of UIDs and GIDs for sftp chown and chgrp on 32bit | Darren Tucker | |
| platforms instead of being limited by LONG_MAX. bz#3206, found by booking00 at sina.cn, ok markus@ | |||
| 2020-10-03 | There are lots of place where we want to redirect stdin, stdout | Damien Miller | |
| and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@ | |||
| 2020-10-03 | enable UpdateHostkeys by default when the configuration has not | Damien Miller | |
| overridden UserKnownHostsFile; ok markus@ "The timing is perfect" deraadt@ | |||
| 2020-10-03 | disable UpdateHostkeys when a wildcard hostname pattern is | Damien Miller | |
| encountered or when a certificate host key is in use. feedback/ok markus@ | |||
| 2020-10-03 | record when the host key checking code downgrades a certificate host | Damien Miller | |
| key to a plain key. This occurs when the user connects to a host with a certificate host key but no corresponding CA key configured in known_hosts; feedback and ok markus@ | |||
| 2020-10-03 | prefer ed25519 signature algorithm variants to ECDSA; ok markus@ | Damien Miller | |
| 2020-10-03 | want time.h here too | Damien Miller | |
| 2020-10-03 | split introductory paragraph, and insert ominous words about the glob | Theo de Raadt | |
| issue, which cannot be fully fixed and really requires completely replacing scp with a completely different subsystem. team effort to find the right words.. | |||
| 2020-09-30 | Regen moduli. | Darren Tucker | |
| 2020-09-27 | openssh 8.4 | Damien Miller | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |