djm [Fri, 16 May 2003 01:39:04 +0000 (01:39 +0000)]
- djm@cvs.openbsd.org 2003/05/15 14:55:25
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
add a ConnectTimeout option to ssh, based on patch from
Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
djm [Fri, 16 May 2003 01:38:00 +0000 (01:38 +0000)]
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/05/15 13:52:10
[ssh.c]
Make "ssh -V" print the OpenSSL version in a human readable form. Patch
from Craig Leres (mindrot at ee.lbl.gov); ok markus@
djm [Thu, 15 May 2003 03:49:58 +0000 (03:49 +0000)]
- mouring@cvs.openbsd.org 2003/05/15 03:43:59
[sftp-int.c sftp.c]
Teach ls how to display multiple column display and allow users
to return to single column format via 'ls -1'. OK @djm
djm [Thu, 15 May 2003 03:49:21 +0000 (03:49 +0000)]
- mouring@cvs.openbsd.org 2003/05/15 03:43:59
[sftp-int.c]
Teach ls how to display multiple column display and allow users
to return to single column format via 'ls -1'. OK @djm
djm [Thu, 15 May 2003 00:19:46 +0000 (00:19 +0000)]
- jakob@cvs.openbsd.org 2003/05/14 18:16:20
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
[dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
add experimental support for verifying hos keys using DNS as described
in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
ok markus@ and henning@
djm [Wed, 14 May 2003 09:31:12 +0000 (09:31 +0000)]
- markus@cvs.openbsd.org 2003/05/14 08:57:49
[monitor.c]
http://bugzilla.mindrot.org/show_bug.cgi?id=560
Privsep child continues to run after monitor killed.
Pass monitor signals through to child; Darren Tucker
djm [Wed, 14 May 2003 03:47:37 +0000 (03:47 +0000)]
- markus@cvs.openbsd.org 2003/05/14 02:15:47
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
server interops with commercial client; ok jakob@ djm@
djm [Wed, 14 May 2003 03:47:07 +0000 (03:47 +0000)]
- djm@cvs.openbsd.org 2003/05/14 01:00:44
[sftp.1]
emphasise the batchmode functionality and make reference to pubkey auth,
both of which are FAQs; ok markus@
djm [Wed, 14 May 2003 03:46:00 +0000 (03:46 +0000)]
- markus@cvs.openbsd.org 2003/05/12 16:55:37
[sshconnect2.c]
for pubkey authentication try the user keys in the following order:
1. agent keys that are found in the config file
2. other agent keys
3. keys that are only listed in the config file
this helps when an agent has many keys, where the server might
close the connection before the correct key is used. report & ok pb@
djm [Wed, 14 May 2003 03:45:42 +0000 (03:45 +0000)]
- markus@cvs.openbsd.org 2003/05/11 20:30:25
[channels.c clientloop.c serverloop.c session.c ssh.c]
make channel_new() strdup the 'remote_name' (not the caller); ok theo
djm [Wed, 14 May 2003 03:45:22 +0000 (03:45 +0000)]
- markus@cvs.openbsd.org 2003/05/11 16:56:48
[authfile.c ssh-keygen.c]
change key_load_public to try to read a public from:
rsa1 private or rsa1 public and ssh2 keys.
this makes ssh-keygen -e fail for ssh1 keys more gracefully
for example; report from itojun (netbsd pr 20550).
- (djm) Add back radix.o (used by AFS support), after it went missing from
Makefile many moons ago
- (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
- (djm) Fix blibpath specification for AIX/gcc
- (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
- itojun@cvs.openbsd.org 2003/04/08 20:21:29
[*.c *.h]
rename log() into logit() to avoid name conflict. markus ok, from
netbsd
- (djm) XXX - Performed locally using:
"perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h"
- (djm) Fix up missing include for packet.c
- millert@cvs.openbsd.org 2003/04/07 21:58:05
[progressmeter.c]
The UCB copyright here is incorrect. This code did not originate
at UCB, it was written by Luke Mewburn. Updated the copyright at
the author's request. markus@ OK
- itojun@cvs.openbsd.org 2003/04/03 07:25:27
[progressmeter.c]
$OpenBSD$
- itojun@cvs.openbsd.org 2003/04/03 10:17:35
[progressmeter.c]
remove $OpenBSD$, as other *.c does not have it.
- markus@cvs.openbsd.org 2003/04/01 10:10:23
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
- markus@cvs.openbsd.org 2003/04/01 10:22:21
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
backout rekeying changes (for 3.6.1)