djm [Tue, 22 Jan 2002 12:05:59 +0000 (12:05 +0000)]
- djm@cvs.openbsd.org 2001/12/21 10:06:43
[ssh-add.1 ssh-add.c]
Try all standard key files (id_rsa, id_dsa, identity) when invoked with
no arguments; ok markus@
djm [Tue, 22 Jan 2002 10:57:53 +0000 (10:57 +0000)]
- (djm) autoconf hacking:
- We don't support --without-zlib currently, so don't allow it.
- Rework cryptographic random number support detection. We now detect
whether OpenSSL seeds itself. If it does, then we don't bother with
the ssh-rand-helper program. You can force the use of ssh-rand-helper
using the --with-rand-helper configure argument
- Simplify and clean up ssh-rand-helper configuration
djm [Mon, 21 Jan 2002 12:44:12 +0000 (12:44 +0000)]
- (djm) Rework ssh-rand-helper:
- Reduce quantity of ifdef code, in preparation for ssh_rand_conf
- Always seed from system calls, even when doing PRNGd seeding
- Tidy and comment #define knobs
- Remove unused facility for multiple runs through command list
- KNF, cleanup, update copyright
djm [Mon, 7 Jan 2002 23:59:32 +0000 (23:59 +0000)]
- (djm) Merge Cygwin copy_environment with do_pam_environment, removing
fixed env var size limit in the process. Report from Corinna Vinschen
<vinschen@redhat.com>
djm [Sun, 23 Dec 2001 14:41:47 +0000 (14:41 +0000)]
- (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from
solar@openwall.com
- (djm) Rework entropy code. If the OpenSSL PRNG is has not been
internally seeded, execute a subprogram "ssh-rand-helper" to obtain
some entropy for us. Rewrite the old in-process entropy collecter as
an example ssh-rand-helper.
- (djm) Always perform ssh_prng_cmds path lookups in configure, even if
we don't end up using ssh_prng_cmds (so we always get a valid file)
djm [Fri, 21 Dec 2001 04:00:19 +0000 (04:00 +0000)]
- djm@cvs.openbsd.org 2001/12/20 22:50:24
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
[dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
[sshconnect2.c]
Conformance fix: we should send failing packet sequence number when
responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
yakk@yakk.dot.net; ok markus@
djm [Fri, 21 Dec 2001 03:58:35 +0000 (03:58 +0000)]
- markus@cvs.openbsd.org 2001/12/20 16:37:29
[channels.c channels.h session.c]
setup x11 listen socket for just one connect if the client requests so.
(v2 only, but the openssh client does not support this feature).
djm [Fri, 21 Dec 2001 03:56:54 +0000 (03:56 +0000)]
- stevesk@cvs.openbsd.org 2001/12/19 17:16:13
[authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c]
change the buffer/packet interface to use void* vs. char*; ok markus@
djm [Fri, 21 Dec 2001 03:53:11 +0000 (03:53 +0000)]
- markus@cvs.openbsd.org 2001/12/19 16:09:39
[serverloop.c]
fix race between SIGCHLD and select with an additional pipe. writing
to the pipe on SIGCHLD wakes up select(). using pselect() is not
portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
initial idea by pmenage@ensim.com; ok deraadt@, djm@
djm [Fri, 21 Dec 2001 01:52:39 +0000 (01:52 +0000)]
- jakob@cvs.openbsd.org 2001/12/18 10:06:24
[auth-rsa.c]
log fingerprint on successful public key authentication, simplify usage of key structs; ok markus@
djm [Fri, 21 Dec 2001 01:39:51 +0000 (01:39 +0000)]
- stevesk@cvs.openbsd.org 2001/12/08 17:49:28
[channels.c pathnames.h]
use only one path to X11 UNIX domain socket vs. an array of paths
to try. report from djast@cs.toronto.edu. ok markus@
djm [Thu, 20 Dec 2001 23:28:07 +0000 (23:28 +0000)]
- (djm) Add option to gnome-ssh-askpass to stop it from grabbing the X
server. I have found this necessary to avoid server hangs with X input
extensions (e.g. kinput2). Enable by setting the environment variable
"GNOME_SSH_ASKPASS_NOGRAB"
stevesk [Wed, 19 Dec 2001 17:58:01 +0000 (17:58 +0000)]
- (stevesk) OpenBSD CVS sync X11 localhost display
- stevesk@cvs.openbsd.org 2001/11/29 14:10:51
[channels.h channels.c session.c]
sshd X11 fake server will now listen on localhost by default:
$ echo $DISPLAY
localhost:12.0
$ netstat -an|grep 6012
tcp 0 0 127.0.0.1.6012 *.* LISTEN
tcp6 0 0 ::1.6012 *.* LISTEN
sshd_config gatewayports=yes can be used to revert back to the old
behavior. will control this with another option later. ok markus@
- stevesk@cvs.openbsd.org 2001/12/19 08:43:11
[includes.h session.c]
handle utsname.nodename case for FamilyLocal X authorization; ok markus@
mouring [Thu, 6 Dec 2001 18:22:17 +0000 (18:22 +0000)]
- markus@cvs.openbsd.org 2001/12/06 13:30:06
[servconf.c servconf.h sshd.8 sshd.c]
add -o to sshd, too. ok deraadt@
- (bal) Minor white space fix up in servconf.c
mouring [Thu, 6 Dec 2001 17:55:26 +0000 (17:55 +0000)]
- itojun@cvs.openbsd.org 2001/12/05 03:56:39
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
sshconnect2.c]
make it compile with more strict prototype checking
mouring [Thu, 6 Dec 2001 17:45:19 +0000 (17:45 +0000)]
- stevesk@cvs.openbsd.org 2001/11/30 20:39:28
[ssh.c]
sscanf() length dependencies are clearer now; can also shrink proto
and data if desired, but i have not done that. ok markus@
mouring [Thu, 6 Dec 2001 17:41:25 +0000 (17:41 +0000)]
- markus@cvs.openbsd.org 2001/11/29 22:08:48
[auth-rsa.c]
fix protocol error: send 'failed' message instead of a 2nd challenge
(happens if the same key is in authorized_keys twice).
reported Ralf_Meister@genua.de; ok djm@
mouring [Thu, 6 Dec 2001 16:32:47 +0000 (16:32 +0000)]
- stevesk@cvs.openbsd.org 2001/11/17 19:14:34
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
enum/int type cleanup where it made sense to do so; ok markus@
tim [Tue, 27 Nov 2001 01:19:43 +0000 (01:19 +0000)]
[contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c,
openbsd-compat/bsd-cygwin_util.h, openbsd-compat/daemon.c]
Allow SSHD to install as service under WIndows 9x/Me
[configure.ac] Fix to allow linking against PCRE on Cygwin
Patches by Corinna Vinschen <vinschen@redhat.com>
djm [Tue, 13 Nov 2001 12:46:18 +0000 (12:46 +0000)]
- (djm) AIX login{success,failed} changes. Move loginsuccess call to
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
K.Wolkersdorfer@fz-juelich.de and others
djm [Mon, 12 Nov 2001 00:40:11 +0000 (00:40 +0000)]
- (djm) Reorder portable-specific server options so that they come first.
This should help reduce diff collisions for new server options (as they
will appear at the end)
djm [Mon, 12 Nov 2001 00:06:32 +0000 (00:06 +0000)]
- markus@cvs.openbsd.org 2001/11/09 18:59:23
[clientloop.c serverloop.c]
don't memset too much memory, ok millert@
original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
djm [Mon, 12 Nov 2001 00:06:06 +0000 (00:06 +0000)]
- markus@cvs.openbsd.org 2001/11/08 20:02:24
[auth.c]
don't print ROOT in CAPS for the authentication messages, i.e.
Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
becomes
Accepted publickey for root from 127.0.0.1 port 42734 ssh2
djm [Mon, 12 Nov 2001 00:02:52 +0000 (00:02 +0000)]
- markus@cvs.openbsd.org 2001/11/07 16:03:17
[packet.c packet.h sshconnect2.c]
pad using the padding field from the ssh2 packet instead of sending
extra ignore messages. tested against several other ssh servers.
stevesk [Fri, 9 Nov 2001 20:22:16 +0000 (20:22 +0000)]
- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
if permit_empty_passwd == 0 so null password check cannot be bypassed.
jayaraj@amritapuri.com OpenBSD bug 2168
andersk / openssh.git / log
