| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Do not treat the first protocol 2 authentication attempt as
a failure IFF it is for method "none".
Makes MaxAuthTries' user-visible behaviour identical for
protocol 1 vs 2.
ok dtucker@
|
|
|
|
|
|
|
|
|
|
|
|
enabled, delay the fork until after replies for any -R forwards have
been seen. Allows for robust detection of -R forward failure when
using -f (similar to bz#92); ok dtucker@
|
|
|
|
Check whether client has exceeded MaxAuthTries before running
an authentication method and skip it if they have, previously it
would always allow one try (for "none" auth).
Preincrement failure count before post-auth test - previously this
checked and postincremented, also to allow one "none" try.
Together, these two changes always count the "none" auth method
which could be skipped by a malicious client (e.g. an SSH worm)
to get an extra attempt at a real auth method. They also make
MaxAuthTries=0 a useful way to block users entirely (esp. in a
sshd_config Match block).
Also, move sending of any preauth banner from "none" auth method
to the first call to input_userauth_request(), so worms that skip
the "none" method get to see it too.
|
|
Holland via bz #1348 . Also checks for non-regular files during protocol
1 RSA auth. ok djm@
|
|
bits; prodded by & ok dtucker@ ok deraadt@
|
|
|
|
in order to comply with RFC 4253. bz #1443, ok djm@
|
|
host key check. ok djm@
|
|
ok and tweaks by fgsch
manual page by jmc
|
|
|
|
|
|
channel handler, avoiding spurious log messages; ok! markus@
|
|
|
|
and the state-related pf(4) ioctls, and make functions in state creation and
destruction paths more robust in error conditions.
All values in struct pfsync_state now in network byte order, as with pfsync.
testing by david
ok henning, systat parts ok canacar
|
|
|
|
|
|
|
|
request with the legacy DSA encoding flag set; ok markus
|
|
unconditionally enabled -Werror and -g
|
|
ok markus
|
|
was in fact set, instead of ALWAYS checking them out no matter what.
spotted & diff tested by naddy@
|
|
|
|
ok joris
|
|
ok joris
|
|
ok jmc@
|
|
Igor Zinovik - but fixed in a better way by myself.
ok tobias@
|
|
|
|
CheckHostIP to an own config option named VisualHostKey.
While there, fix the behaviour that ssh would draw a random art picture
on every newly seen host even when the option was not enabled.
prodded by deraadt@, discussions,
help and ok markus@ djm@ dtucker@
|
|
are of the expected "safe prime" structure and have had
appropriate primality tests performed;
feedback and ok dtucker@
|
|
|
|
bits. Note that this only affects explicit setting of modes (e.g. via
sftp(1)'s chmod command) and not file transfers. (bz#1310)
ok deraadt@ at c2k8
|
|
Not sure what's more surprising: how long it took for NetBSD to
catch up to the rest of the BSDs (including UCB), or the amount of
code that NetBSD has claimed for itself without attributing to the
actual authors.
OK deraadt@
|
|
able to continue multiple transfers with -C; ok millert@
while here fix some comments (!SMALL vs. SMALL stuff), and add
missing
|
|
- use argv[0] for "Confirm with", as other confirm()s do
- fix confirm cases, pass force=1 for mdelete and mabort too, fixes
a bug when you end up deleting all files when you ^C, instead of
getting a confirmation
- add reput command, that will allow to continue transfer uploads
- add -c for mget and mput, that will allow to continue multiple
transfers
- fix a bug when you use restart command together with put. the
progressmeter would start from zero, and eta would show fictional
time. this actually allows reput/put -c to have correct progressmeter
too
- document everything
discussed with, suggestions, reminded to ifdef SMALL the code so
we're able to fit in floppies, and ok millert@, and jmc@
|
|
|
|
ok grunk@ djm@
|
|
entire file. much help from kurt, and tested by many
|
|
|
|
- Empty brackets forbidden in C99.
- ? : and skipping middle argument is both disallowed and considered bad
programming habit.
OK ray@, xsa@.
|
|
|
|
in TAO mode. For WAVE files we should skip header.
ok and comments by fgsch
|
|
us to maintain multiple hash tables concurrently.
immediatly start using it to keep track of what directories
we have already created and what CVS dirs we already created so
we do not recreate them when we do not need to.
we will be switching more internals to use this soon.
rejoice for cheaper lookups.
ok tobias@
|
|
which is always '?'; ok djm@
|
