djm [Thu, 3 Oct 2002 01:54:35 +0000 (01:54 +0000)]
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/10/01 20:34:12
[ssh-agent.c]
allow root to access the agent, since there is no protection from root.
- (djm) OpenBSD CVS Sync
- mickey@cvs.openbsd.org 2002/09/27 10:42:09
[compat.c compat.h sshd.c]
add a generic match for a prober, such as sie big brother;
idea from stevesk@; markus@ ok
- todd@cvs.openbsd.org 2002/09/24 20:59:44
[sshd.8]
tweak the example $HOME/.ssh/rc script to not show on any cmdline the
sensitive data it handles. This fixes bug # 402 as reported by
kolya@mit.edu (Nickolai Zeldovich).
ok markus@ and stevesk@
- (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/09/23 20:46:27
[canohost.c]
change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for
non-sockets; fixes a problem passing NULL to snprintf(). ok markus@
tim [Mon, 23 Sep 2002 23:54:10 +0000 (23:54 +0000)]
[configure.ac] s/return/exit/ patch by dtucker@zip.com.au
From autoconf guidelines:
"Test programs should exit, not return, from main, because on some
systems (old Suns, at least) the argument to return in main is ignored."
- stevesk@cvs.openbsd.org 2002/09/20 18:41:29
[auth.c]
log illegal user here for missing privsep case (ssh2).
this is executed in the monitor. ok markus@
- itojun@cvs.openbsd.org 2002/09/17 07:47:02
[channels.c]
don't quit while creating X11 listening socket.
http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
got from portable. markus ok
- stevesk@cvs.openbsd.org 2002/09/13 19:23:09
[channels.c sshconnect.c sshd.c]
remove use of SO_LINGER, it should not be needed. error check
SO_REUSEADDR. fixup comments. ok markus@
- djm@cvs.openbsd.org 2002/09/11 22:41:50
[sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h]
[sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c]
support for short/long listings and globbing in "ls"; ok markus@
- stevesk@cvs.openbsd.org 2002/09/11 18:27:26
[authfd.c authfd.h ssh.c]
don't connect to agent to test for presence if we've previously
connected; ok markus@
- markus@cvs.openbsd.org 2002/09/09 14:54:15
[channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c]
signed vs unsigned from -pedantic; ok henning@
- itojun@cvs.openbsd.org 2002/09/09 06:48:06
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
[monitor_wrap.c monitor_wrap.h]
kerberos support for privsep. confirmed to work by lha@stacken.kth.se
patch from markus
- (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/09/04 18:52:42
[servconf.c sshd.8 sshd_config.5]
default LoginGraceTime to 2m; 1m may be too short for slow systems.
ok markus@
- stevesk@cvs.openbsd.org 2002/08/29 15:57:25
[monitor.c session.c sshlogin.c sshlogin.h]
pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
NOTE: there are also p-specific parts to this patch. ok markus@
- markus@cvs.openbsd.org 2002/08/22 21:33:58
[auth1.c auth2.c]
auth_root_allowed() is handled by the monitor in the privsep case,
so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
mouring [Tue, 20 Aug 2002 18:40:03 +0000 (18:40 +0000)]
- markus@cvs.openbsd.org 2002/08/02 22:20:30
[ssh-rsa.c]
replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser
for authentication; ok deraadt/djm
mouring [Tue, 20 Aug 2002 18:38:02 +0000 (18:38 +0000)]
- marc@cvs.openbsd.org 2002/08/02 16:00:07
[ssh.1 sshd.8]
note that .ssh/environment is only read when
allowed (PermitUserEnvironment in sshd_config).
OK markus@
mouring [Tue, 20 Aug 2002 18:36:25 +0000 (18:36 +0000)]
- millert@cvs.openbsd.org 2002/08/02 14:43:15
[monitor.c monitor_mm.c]
Change mm_zalloc() sanity checks to be more in line with what
we do in calloc() and add a check to monitor_mm.c.
OK provos@ and markus@
mouring [Thu, 1 Aug 2002 01:21:56 +0000 (01:21 +0000)]
- markus@cvs.openbsd.org 2002/07/24 16:11:18
[hostfile.c hostfile.h sshconnect.c]
print out all known keys for a host if we get a unknown host key,
see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4
the ssharp mitm tool attacks users in a similar way, so i'd like to
pointed out again:
A MITM attack is always possible if the ssh client prints:
The authenticity of host 'bla' can't be established.
(protocol version 2 with pubkey authentication allows you to detect
MITM attacks)