- beck@cvs.openbsd.org 2001/04/13 22:46:54
[channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
Add options ClientAliveInterval and ClientAliveCountMax to sshd.
This gives the ability to do a "keepalive" via the encrypted channel
which can't be spoofed (unlike TCP keepalives). Useful for when you want
to use ssh connections to authenticate people for something, and know
relatively quickly when they are no longer authenticated. Disabled
by default (of course). ok markus@
- lebel@cvs.openbsd.org 2001/04/11 16:25:30
[sshd.8 sshd.c]
implement the -e option into sshd:
-e When this option is specified, sshd will send the output to the
standard error instead of the system log.
markus@ OK.
- markus@cvs.openbsd.org 2001/04/09 15:12:23
[ssh-add.c]
passphrase caching: ssh-add tries last passphrase, clears passphrase if
not successful and after last try.
based on discussions with espie@, jakob@, ... and code from jakob@ and
wolfgang@wsrcc.com
- markus@cvs.openbsd.org 2001/04/07 08:55:18
[buffer.c channels.c channels.h readconf.c ssh.c]
allow the ssh client act as a SOCKS4 proxy (dynamic local
portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me.
thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
netscape use localhost:1080 as a socks proxy.
- markus@cvs.openbsd.org 2001/04/06 21:00:17
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
do gid/groups-swap in addition to uid-swap, should help if /home/group
is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
to olar@openwall.com is comments. we had many requests for this.
- markus@cvs.openbsd.org 2001/04/05 23:39:20
[serverloop.c]
keep the ssh session even if there is no active channel.
this is more in line with the protocol spec and makes
ssh -N -L 1234:server:110 host
more useful.
based on discussion with <mats@mindbright.se> long time ago
and recent mail from <res@shore.net>
- stevesk@cvs.openbsd.org 2001/04/05 15:48:18
[canohost.c canohost.h session.c]
move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@
- markus@cvs.openbsd.org 2001/04/04 14:34:58
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
enable server side rekeying + some rekey related clientup.
todo: we should not send any non-KEX messages after we send KEXINIT
- markus@cvs.openbsd.org 2001/04/04 00:06:54
[clientloop.c sshconnect2.c]
enable client rekeying
(1) force rekeying with ~R, or
(2) if the server requests rekeying.
works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
- markus@cvs.openbsd.org 2001/04/03 23:32:12
[kex.c kex.h packet.c sshconnect2.c sshd.c]
undo parts of recent my changes: main part of keyexchange does not
need dispatch-callbacks, since application data is delayed until
the keyexchange completes (if i understand the drafts correctly).
add some infrastructure for re-keying.
- markus@cvs.openbsd.org 2001/04/03 19:53:29
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
move kex to kex*.c, used dispatch_set() callbacks for kex. should
make rekeying easier.
djm [Fri, 30 Mar 2001 00:49:35 +0000 (00:49 +0000)]
- OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2001/03/29 21:06:21
[sshconnect2.c sshd.c]
need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
djm [Fri, 30 Mar 2001 00:47:14 +0000 (00:47 +0000)]
- (djm) OpenBSD CVS Sync
- provos@cvs.openbsd.org 2001/03/28 21:59:41
[kex.c kex.h sshconnect2.c sshd.c]
forgot to include min and max params in hash, okay markus@
mouring [Thu, 29 Mar 2001 00:36:16 +0000 (00:36 +0000)]
- provos@cvs.openbsd.org 2001/03/27 17:46:50
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
make dh group exchange more flexible, allow min and max group size,
okay markus@, deraadt@
mouring [Thu, 29 Mar 2001 00:32:56 +0000 (00:32 +0000)]
- markus@cvs.openbsd.org 2001/03/27 10:57:00
[compat.c compat.h ssh-rsa.c]
some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
signatures in SSH protocol 2, ok djm@
djm [Wed, 28 Mar 2001 03:03:42 +0000 (03:03 +0000)]
- (djm) Reorder tests and library inclusion for Krb4/AFS to try to
resolve linking conflicts with libcrypto. Report and suggested fix
from Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
djm [Tue, 27 Mar 2001 06:12:24 +0000 (06:12 +0000)]
- (djm) Reestablish PAM credentials (which can be supplemental group
memberships) after initgroups() blows them away. Report and suggested
fix from Nalin Dahyabhai <nalin@redhat.com>
mouring [Mon, 26 Mar 2001 05:45:53 +0000 (05:45 +0000)]
- stevesk@cvs.openbsd.org 2001/03/25 13:16:11
[servconf.c servconf.h session.c sshd.8 sshd_config]
PrintLastLog option; from chip@valinux.com with some minor
changes by me. ok markus@