summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
AgeCommit message (Collapse)Author
2013-03-08allow "ssh -f none ..." ok markus@Damien Miller
2013-03-07add submethod support to AuthenticationMethods; ok and freedback djm@Markus Friedl
2013-03-07reconstruct the original username that was sent by the client, which mayDamien Miller
have included a style (e.g. "root:skey") when checking public key signatures. Fixes public key and hostbased auth when the client specified a style; ok markus@
2013-03-06g/c unused variable (-Wunused)Damien Miller
2013-03-06fatal() when ChrootDirectory specified by running without root privileges;Damien Miller
ok markus@
2013-03-05reset pubkey order on partial success; ok djm@Markus Friedl
2013-02-22Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlierDamien Miller
version)
2013-02-22support ProxyCommand=- (stdin/out already point to the proxy); ok djm@Markus Friedl
2013-02-22Don't complain if IdentityFiles specified in system-wide configs are missing.Darren Tucker
ok djm, deraadt.
2013-02-19Remove bogus include. ok djmDarren Tucker
2013-02-17Keep track of which IndentityFile options were manually supplied and whichDarren Tucker
were default options, and don't warn if the latter are missing. ok markus@
2013-02-15Warn more loudly if an IdentityFile provided by the user cannot be read.Darren Tucker
bz #1981, ok djm@
2013-02-14Correct error message that had a typo and was logging the wrong thing;Damien Miller
patch from Petr Lautrbach
2013-02-11Add openssl version to debug output similar to the client. ok markus@Darren Tucker
2013-02-10record "Received disconnect" messages at ERROR rather than INFO priority,Damien Miller
since they are abnormal and result in a non-zero ssh exit status; patch from Iain Morgan in bz#2057; ok dtucker@
2013-02-10append to moduli file when screening candidates rather than overwriting.Damien Miller
allows resumption of interrupted screen; patch from Christophe Garault in bz#1957; ok dtucker@
2013-02-10openssh 6.2Markus Friedl
2013-02-08fix NULL deref when built without libedit and control charactersDamien Miller
entered as command; debugging and patch from Iain Morgan an Loganaden Velvindron in bz#1956
2013-02-06Fix comment, from jfree.e1 at gmailDarren Tucker
2013-02-06Change default of MaxStartups to 10:30:100 to start doing random earlyDarren Tucker
drop at 10 connections up to 100 connections. This will make it harder to DoS as CPUs have come a long way since the original value was set back in 2000. Prompted by nion at debian org, ok markus@
2013-01-27actually use the xrealloc() return value; spotted by xi.wang AT gmail.comDamien Miller
2013-01-26remove ACSS, now that it is gone from libcrypto tooDamien Miller
2013-01-25redo last commit without the vi-vomit that snuck in:Damien Miller
skip serial lookup when cert's serial number is zero (now with 100% better comment)
2013-01-25Revert last. Breaks due to likely typo. Let djm@ fix later.Kenneth R Westerback
ok djm@ via dlg@
2013-01-24skip serial lookup when cert's serial number is zeroDamien Miller
2013-01-24fix handling of (unused) KRL signatures; skip string in correct bufferDamien Miller
2013-01-19RB_INSERT does not remove existing elments; ok djm@Markus Friedl
2013-01-19fix some formatting; ok djmJason McIntyre
2013-01-18command-line (adj.) -> command line (n.);Jason McIntyre
2013-01-18add -Q to the options list; ok djmJason McIntyre
2013-01-18tweak previous;Jason McIntyre
2013-01-18-u before -V in usage();Jason McIntyre
2013-01-18tweak previous;Jason McIntyre
2013-01-18fix KRL generation bug for list sectionsDamien Miller
2013-01-18RCD IDs help us keep portable in synchDamien Miller
2013-01-17add support for Key Revocation Lists (KRLs). These are a compact way toDamien Miller
represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@
2013-01-12improve error message for integrity failure in AES-GCM modes; ok markus@Damien Miller
2013-01-09correctly initialise fingerprint type for fingerprinting PKCS#11 keysDamien Miller
2013-01-08support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)Markus Friedl
ok and feedback djm@
2013-01-04sftp-server.8: add argument name to -dJason McIntyre
sftp-server.c: add -d to usage() ok djm
2013-01-03allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...Damien Miller
ok markus@
2013-01-03allow specification of an alternate start directory for sftp-server(8)Damien Miller
"I like this" markus@
2013-01-03fix description of MAC calculation for EtM modes; ok markus@Damien Miller
2013-01-03add a couple of ServerOptions members that should be copied to the privsepDamien Miller
child (for consistency, in this case they happen only to be accessed in the monitor); ok dtucker@
2013-01-02correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINEDDamien Miller
bz#2051 from david AT lechnology.com
2013-01-02channel_setup_local_fwd_listener() returns 0 on failure, not -veDamien Miller
bz#2055 reported by mathieu.lacage AT gmail.com
2012-12-14use correct string in error message; from rustybsd at gmx.frDarren Tucker
2012-12-12use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolledChristian Weisgerber
counter mode code; ok djm@
2012-12-12reset incoming_packet buffer for each new packet in EtM-case, too;Markus Friedl
this happens if packets are parsed only parially (e.g. ignore messages sent when su/sudo turn off echo); noted by sthen/millert
2012-12-11fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@Stuart Henderson
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-01 20:40:03 +0000