djm [Tue, 3 Jun 2003 03:06:18 +0000 (03:06 +0000)]
a - millert@cvs.openbsd.org 2003/06/03 02:56:16
[scp.c]
Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.
djm [Tue, 3 Jun 2003 00:25:48 +0000 (00:25 +0000)]
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
dtucker [Fri, 30 May 2003 07:43:42 +0000 (07:43 +0000)]
- (dtucker) Define SSHD_ACQUIRES_CTTY for NCR MP-RAS and Reliant Unix.
I'm pretty sure these are required. I also want to add -D_XOPEN_SOURCE=1
-D_XOPEN_SOURCE_EXTENDED=1 to CPPFLAGS for MP-RAS but I haven't had confirmation
that it will not break anything else.
djm [Sun, 18 May 2003 10:53:59 +0000 (10:53 +0000)]
- markus@cvs.openbsd.org 2003/05/17 04:27:52
[cipher.c cipher-ctr.c myproposal.h]
experimental support for aes-ctr modes from
http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt
ok djm@
djm [Fri, 16 May 2003 01:39:04 +0000 (01:39 +0000)]
- djm@cvs.openbsd.org 2003/05/15 14:55:25
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
add a ConnectTimeout option to ssh, based on patch from
Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
djm [Fri, 16 May 2003 01:38:00 +0000 (01:38 +0000)]
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/05/15 13:52:10
[ssh.c]
Make "ssh -V" print the OpenSSL version in a human readable form. Patch
from Craig Leres (mindrot at ee.lbl.gov); ok markus@
djm [Thu, 15 May 2003 03:49:58 +0000 (03:49 +0000)]
- mouring@cvs.openbsd.org 2003/05/15 03:43:59
[sftp-int.c sftp.c]
Teach ls how to display multiple column display and allow users
to return to single column format via 'ls -1'. OK @djm
djm [Thu, 15 May 2003 03:49:21 +0000 (03:49 +0000)]
- mouring@cvs.openbsd.org 2003/05/15 03:43:59
[sftp-int.c]
Teach ls how to display multiple column display and allow users
to return to single column format via 'ls -1'. OK @djm
djm [Thu, 15 May 2003 00:19:46 +0000 (00:19 +0000)]
- jakob@cvs.openbsd.org 2003/05/14 18:16:20
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
[dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
add experimental support for verifying hos keys using DNS as described
in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
ok markus@ and henning@
djm [Wed, 14 May 2003 09:31:12 +0000 (09:31 +0000)]
- markus@cvs.openbsd.org 2003/05/14 08:57:49
[monitor.c]
http://bugzilla.mindrot.org/show_bug.cgi?id=560
Privsep child continues to run after monitor killed.
Pass monitor signals through to child; Darren Tucker
djm [Wed, 14 May 2003 03:47:37 +0000 (03:47 +0000)]
- markus@cvs.openbsd.org 2003/05/14 02:15:47
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
server interops with commercial client; ok jakob@ djm@
djm [Wed, 14 May 2003 03:47:07 +0000 (03:47 +0000)]
- djm@cvs.openbsd.org 2003/05/14 01:00:44
[sftp.1]
emphasise the batchmode functionality and make reference to pubkey auth,
both of which are FAQs; ok markus@
djm [Wed, 14 May 2003 03:46:00 +0000 (03:46 +0000)]
- markus@cvs.openbsd.org 2003/05/12 16:55:37
[sshconnect2.c]
for pubkey authentication try the user keys in the following order:
1. agent keys that are found in the config file
2. other agent keys
3. keys that are only listed in the config file
this helps when an agent has many keys, where the server might
close the connection before the correct key is used. report & ok pb@
djm [Wed, 14 May 2003 03:45:42 +0000 (03:45 +0000)]
- markus@cvs.openbsd.org 2003/05/11 20:30:25
[channels.c clientloop.c serverloop.c session.c ssh.c]
make channel_new() strdup the 'remote_name' (not the caller); ok theo
djm [Wed, 14 May 2003 03:45:22 +0000 (03:45 +0000)]
- markus@cvs.openbsd.org 2003/05/11 16:56:48
[authfile.c ssh-keygen.c]
change key_load_public to try to read a public from:
rsa1 private or rsa1 public and ssh2 keys.
this makes ssh-keygen -e fail for ssh1 keys more gracefully
for example; report from itojun (netbsd pr 20550).