summaryrefslogtreecommitdiff
path: root/usr.bin
AgeCommit message (Collapse)Author
1999-10-14"the french issue", stir RC4 after key usage, ok nielsMarkus Friedl
from planchon@math.polytechnique.fr
1999-10-14fix old connect() race security-bug for ssh-agent and agent-forwardingMarkus Friedl
by removing the connect() junk, with the following restrictions: 1) change the version to "OpenSSH-1.1": agent-forwarding will work only between OpenSSH-1.1 client and OpenSSH-1.1 server 2) renamed the environment variable of OpenSSH-1.1 to "SSH_AUTH_SOCKET", since useing OpenSSH-1.0 ssh-add against the new ssh-agent does not work
1999-10-13age_old_log() now takes an int * as a parameter so it can return -1Todd C. Miller
on failure w/o the caller thinking the difference in mtime is -1. Just set modtime to 0 in this case in the caller which effectively ignores it. This fixes a problem where if there was now foo.0 file newsyslog would rotate an empty file.
1999-10-12-P/UsePrivilegedPort from 1.2.27, it turns of allocation of priv. portMarkus Friedl
and disabled rhosts/rhosts-rsa, ok deraadt@
1999-10-12more: sshd will not start if hostkey readableMarkus Friedl
1999-10-12SilentDeny, don't log/answer refused connections, deraadt@Markus Friedl
1999-10-12setsid() for all connections; millert/markusTheo de Raadt
1999-10-11document StrictModeMarkus Friedl
1999-10-11Allow/Deny Users/Groups, from zzlevo@dd.chalmers.se, ok deraadt@Markus Friedl
1999-10-11UseLogin, default=no, from kpa@gmx.net, ok deraadt@Markus Friedl
1999-10-11document reality (no askpass, ignore group-world-accessible private keys)Markus Friedl
1999-10-11we do not ship ssh-askpassMarkus Friedl
1999-10-11Rewrite in perl for safety and paranoia. It might have been possibleTodd C. Miller
to play tricks with filesnames that include spaces.
1999-10-11make sure ~/.ssh/authorized_keys is not writable for group/world (sshd)Markus Friedl
don't load private keys if they are group/world-{rwx} (ssh,sshd and ssh-add)
1999-10-08Print out the progress meter for 0 length files, too; deraadt@Aaron Campbell
1999-10-07You have Mail. Email fuer Dich. Karsten Patzwaldt <kpa@gmx.net> default=noMarkus Friedl
1999-10-07add skey to sshd:Markus Friedl
1) pass *pw to auth_password() not user_name, do_authentication already keeps private copy of struct passwd for current user. 2) limit authentication attemps to 5, otherwise ssh -o 'NumberOfPasswordPrompts 100000' host lets you enter 100000 passwds 3) make s/key a run-time option in /etc/sshd_config 4) generate fake skeys, for s/key for nonexisting users, too limit auth-tries for nonexisting users, too. Note that % ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host has NO limits in ssh-1.2.27
1999-10-07Some Xr to find(1), locate(1), whatis(1), whereis(1), which(1), etc., asAaron Campbell
appropriate.
1999-10-07Document -q.Aaron Campbell
1999-10-07on static machines, install these as mode 0Theo de Raadt
1999-10-07add -Q flag: says whether ssh RSA check should whine on stdoutTheo de Raadt
1999-10-06scp should not link against kerberos stuffTheo de Raadt
1999-10-06implement client NumberOfPasswordPrompts optionDug Song
1999-10-06force HOST_OK not only for localhost but for localnet, suggested tholo@Niels Provos
some cleanup.
1999-10-05move auth-sockets to private dirMarkus Friedl
delete minfd residua
1999-10-05Mark ParseReadC as inline (from NetBSD)Marc Espie
1999-10-05Efficiency patch from NetBSD:Marc Espie
make spends time freeing data structures right before exiting. So don't bother. Keep the code inside #ifdef, so that it's still there if someone ever wants to use make code inside a library.
1999-10-05Kill unused functions Buf_UngetByte, Buf_UngetBytes, Buf_GetByte, Buf_GetBytes.Marc Espie
Replace the buffer reallocation mechanism with something much more efficient. Originally from NetBSD. Tweaks to the allocator to first loop finding the correct size, then reallocate; change the heuristic to double the size until we're over what's needed by some fixed amount.
1999-10-05util.c only holds compatibility functions that OpenBSD doesn't use.Marc Espie
Keep the file for compatibility, but don't bother compiling it. From NetBsd
1999-10-05Describe the -o option; whs@xs4all.nlAaron Campbell
1999-10-05The .Bl -tag flag expects a -width argument.Aaron Campbell
1999-10-05Improve this man page a bit, but needs more work.Aaron Campbell
1999-10-05clear xauthfile on mkstemp failure. adam@xpert.comDug Song
1999-10-05fix potential xauth raceDug Song
1999-10-05- Put -d in SYNOPSIS.Aaron Campbell
- Fix typo: specifed -> specified. - Some other miscellaneous fixes.
1999-10-05- Fix the progress meter for receiving files, too.Aaron Campbell
- Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
1999-10-05Show filenames in the progress meter while transferring.Aaron Campbell
1999-10-05include licensing infoDug Song
1999-10-05crc32 compensation attack fix from CORE-SDI. "it's not crypto..." -- deraadt@Dug Song
1999-10-04fix shutdown() for sockets, the last one has to close the socketMarkus Friedl
1999-10-04If we can't chdir to the root dir in -execdir, just return insteadTodd C. Miller
of generating an error. Most times this is just because the target is not a directory. Also close an fd leak introduced in the last commit.
1999-10-04Move the chdir/fchdir hack so that it is local to the -execdirTodd C. Miller
function, since that's the only place it needs to be. Doing it for each function caused problems with multiple directories.
1999-10-04more shrinkingTheo de Raadt
1999-10-04nuked minfd. sigh. hope this is the last one.Markus Friedl
1999-10-04nuke minfd/AUTH_FDMarkus Friedl
1999-10-04nuke genminfd/AUTH_FDMarkus Friedl
1999-10-04fix handling of the localhost case. used to be a check against 'localhost',Niels Provos
but we use canonical names, so check against ip address.
1999-10-04nicer defaultTheo de Raadt
1999-10-04more detailTheo de Raadt
1999-10-04and... blowfish is external now tooTheo de Raadt
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-13 07:01:15 +0000