summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
AgeCommit message (Collapse)Author
2015-10-15fix some signed/unsigned integer type mismatches in formatDamien Miller
strings; reported by Nicholas Lemonias
2015-10-15argument to sshkey_from_private() and sshkey_demote() can't be NULLDamien Miller
2015-10-13apply PubkeyAcceptedKeyTypes filtering earlier, so all skippedDamien Miller
keys are noted before pubkey authentication starts. ok dtucker@
2015-10-13free the correct IV length, don't assume it's always the cipherDamien Miller
blocksize; ok dtucker@
2015-10-09Change all tame callers to namechange to pledge(2).Theo de Raadt
2015-10-07include PubkeyAcceptedKeyTypes in ssh -G config dumpDamien Miller
2015-10-07UsePrivilegeSeparation defaults to sandbox now.Igor Sobrado
ok djm@
2015-10-07don't try to change tun device flags if they are already whatDamien Miller
we need; makes it possible to use tun/tap networking as non- root user if device permissions and interface flags are pre-established; based on patch by Ossi Herrala
2015-10-05some more bzero->explicit_bzero, from Michael McConvilleDamien Miller
2015-10-03switch from using the systrace-based sandbox to the tame-based sandbox.Theo de Raadt
discussed it at length with djm -- i think it is time to give this a trial in snapshots.
2015-10-02fix emailTheo de Raadt
2015-10-02a sandbox using tameTheo de Raadt
ok djm
2015-10-02re-order system calls in order of risk, ok i'll be honest, ordered thisTheo de Raadt
way they look like tame... ok djm
2015-09-25some certificatefile tweaks; ok djmJason McIntyre
2015-09-24add ssh_config CertificateFile option to explicitly listDamien Miller
a certificate; patch from Meghana Bhat on bz#2436; ok markus@
2015-09-22fix two typos.Igor Sobrado
2015-09-21fix possible hang on closed output; bz#2469 reported by Tomas KuthanDamien Miller
ok markus@
2015-09-13- Fix error message: passphrase needs to be at least 5 characters, not 4.tim
- Remove unused function argument. - Remove two unnecessary variables. OK djm@
2015-09-13When adding keys to the agent, don't ignore the comment of keys for which thetim
user is prompted for a passphrase. Tweak and OK djm@
2015-09-11Use explicit_bzero() when zeroing before free()Philip Guenther
from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) ok millert@ djm@
2015-09-11sync -Q in usage() to SYNOPSIS; since it's drastically shorter,Jason McIntyre
i've reformatted the block to sync with the man (80 cols) and saved a line;
2015-09-11tweak previous;Jason McIntyre
2015-09-11Update usage to match man page.Darren Tucker
2015-09-11expand %i in ControlPath to UID; bz#2449Damien Miller
patch from Christian Hesse w/ feedback from dtucker@
2015-09-11mention -Q key-plain and -Q key-cert;Damien Miller
bz#2455 pointed out by Jakub Jelen
2015-09-11more clarity on what AuthorizedKeysFile=none does;Damien Miller
based on diff by Thiebaud Weksteen
2015-09-09openssh_RSA_verify return type is int, so don't make it size_t withinDamien Miller
the function itself with only negative numbers or zero assigned to it. bz#2460
2015-09-04Plug minor memory leaks when options are used more than once. bz#2182,Darren Tucker
patch from Tiago Cunha, ok deraadt djm
2015-09-04full stop belongs outside the brackets, not inside;Jason McIntyre
2015-09-04add a debug2() right before DNS resolution; it's a place whereDamien Miller
ssh could previously silently hang for a while. bz#2433
2015-09-04correct function name in error messagesDamien Miller
2015-09-04better document ExitOnForwardFailure; bz#2444, ok dtucker@Damien Miller
2015-09-04don't record hostbased authentication hostkeys as user keysDamien Miller
in test for multiple authentication with the same key
2015-09-04remove extra newline in nethack-mode hostkey;Damien Miller
from Christian Hesse bz#2686
2015-09-02Fix occurrences of "r = func() != 0" which result in the wrong errorJonathan Gray
codes being returned due to != having higher precedence than =. ok deraadt@ markus@
2015-08-21Improve printing of KEX offers and decisionsDamien Miller
The debug output now labels the client and server offers and the negotiated options. ok markus@
2015-08-21Fix printing (ssh -G ...) of HostKeyAlgorithms=+...Damien Miller
Reported by Bryan Drewery
2015-08-21Fix expansion of HostkeyAlgorithms=+...Damien Miller
Reported by Bryan Drewery
2015-08-21Regen moduliDarren Tucker
2015-08-21Improve size == 0, count == 0 checking in mm_zalloc, which is "array" like.Theo de Raadt
Discussed with tedu, millert, otto.... and ok djm
2015-08-21openssh-7.1Damien Miller
2015-08-21fix inverted logic that broke PermitRootLogin;Damien Miller
reported by Mantas Mikulenas; ok markus@
2015-08-20Do not cast result of malloc/calloc/realloc* if stdlib.h is in scopeTheo de Raadt
ok krw millert
2015-08-20In the certificates section, be consistent about using "host_key"Christian Weisgerber
and "user_key" for the respective key types. ok sthen@ deraadt@
2015-08-19Better compat matching for WinSCP, add compat matching forDamien Miller
FuTTY (fork of PuTTY); ok markus@ deraadt@
2015-08-19fix double-free() in error path of DSA key generation reported byDamien Miller
Mateusz Kocielski; ok markus@
2015-08-19fix free() of uninitialised pointer reported by Mateusz Kocielski;Damien Miller
ok markus@
2015-08-19fixed unlink([uninitialised memory]) reported by Mateusz Kocielski;Damien Miller
ok markus@
2015-08-14match myproposal.h order; from brian conwayJason McIntyre
(i snuck in a tweak while here) ok dtucker
2015-08-06add prohibit-password as a synonymn for without-password, since theTheo de Raadt
without-password is causing too many questions. Harden it to ban all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from djm, ok markus
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-24 13:39:47 +0000