Commit Graph

276 Commits

Author SHA1 Message Date
Brian Feldman
313cb084c4 Suggested by kris, OpenSSH shall have a version designated to note that
it's not "plain" OpenSSH 2.3.0.
2001-03-20 02:11:25 +00:00
Brian Feldman
e0fbb1d2de Make password attacks based on traffic analysis harder by requiring that
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.

Obtained from:	OpenBSD
2001-03-20 02:06:40 +00:00
Nick Sayer
989efc86f5 Fix core noted in -stable with 'auth disable SRA'.
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
2001-03-18 09:44:25 +00:00
Jeroen Ruigrok van der Werven
f7191d4fae Fix double mention of ssh.
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.

PR:		25743
Submitted by:	David Wolfskill <dhw@whistle.com>
2001-03-15 09:24:40 +00:00
Brian Feldman
e4fe1ca667 Don't dump core when an attempt is made to login using protocol 2 with
an invalid user name.
2001-03-15 03:15:18 +00:00
Assar Westerlund
aeccfe991a (try_krb5_authentication): simplify code. from joda@netbsd.org 2001-03-13 04:42:38 +00:00
Assar Westerlund
a16a9b0f1e Fix LP64 problem in Kerberos 5 TGT passing.
Obtained from: NetBSD (done by thorpej@netbsd.org)
2001-03-12 08:14:22 +00:00
Assar Westerlund
bb330cd01e enable auto-negotiation of encrypt and decrypt 2001-03-12 03:54:48 +00:00
Assar Westerlund
02c9ff5b94 initialize pointers to NULL and sized to 0 to avoid free:ing invalid memory.
PR:		bin/20779
2001-03-12 03:48:03 +00:00
Brian Feldman
46c9472cd6 Reenable the SIGPIPE signal handler default in all cases for spawned
sessions.
2001-03-11 02:26:57 +00:00
Mark Murray
a4f378438c Remove stuff that is really "ports material", generated files and
stuff for other OS's. Also remove stuff (libraries) that are
already present in FreeBSD and must not get mixed up in our
code.
2001-03-04 07:26:45 +00:00
Mark Murray
c21f532945 Trim down the source tree a bit. We shouldn't have blatantly
uncompilable bits in here (like X stuff), nor should we have
too much "ports material".
2001-03-04 07:06:39 +00:00
Assar Westerlund
cb96ab3672 Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR:		misc/20504
2001-03-04 02:22:04 +00:00
Kris Kennaway
b64f39b655 Resolve conflicts 2001-02-18 03:23:30 +00:00
Kris Kennaway
a991678294 This commit was generated by cvs2svn to compensate for changes in r72613,
which included commits to RCS files with non-trunk default branches.
2001-02-18 03:17:36 +00:00
Kris Kennaway
de7cdddab1 Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10 2001-02-18 03:17:36 +00:00
Paul Saab
8e97fe726f Make ConnectionsPerPeriod non-fatal for real. 2001-02-18 01:33:31 +00:00
Mark Murray
93f09f075a Fix a "make world"-breaking inconsistency for those folks making
a world with both KRB4 and KRB5.
2001-02-14 19:54:36 +00:00
Assar Westerlund
0346cda4f9 nuke conflict markers 2001-02-13 22:40:28 +00:00
Assar Westerlund
c9e3f8cfb9 update to new heimdal libkrb5 2001-02-13 16:58:04 +00:00
Assar Westerlund
47085b17ae fix conflicts in heimdal 0.3e import 2001-02-13 16:52:56 +00:00
Assar Westerlund
c25d7ab741 This commit was generated by cvs2svn to compensate for changes in r72445,
which included commits to RCS files with non-trunk default branches.
2001-02-13 16:46:19 +00:00
Assar Westerlund
5e9cd1ae3e import of heimdal 0.3e 2001-02-13 16:46:19 +00:00
Kris Kennaway
a09221f83c Patches backported from later development version of OpenSSH which prevent
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.

Reviewed by:	rwatson
2001-02-12 06:44:51 +00:00
Kris Kennaway
e0834d8749 Note that crypto/ is not used to build in, people should see secure/
instead.
2001-02-10 04:47:47 +00:00
Jeroen Ruigrok van der Werven
2b081e30cf Synch: Add $FreeBSD$. 2001-02-07 21:58:16 +00:00
Jeroen Ruigrok van der Werven
2fa72ea7d4 Fix typo: compatability -> compatibility.
Compatability is not an existing english word.
2001-02-06 12:05:58 +00:00
Jeroen Ruigrok van der Werven
9a01d32bfd Fix typo: seperate -> separate.
Seperate does not exist in the english language.

Submitted to look at by:	kris
2001-02-06 10:39:38 +00:00
Jeroen Ruigrok van der Werven
2cdd9c0332 Fix typo: wierd -> weird.
There is no such thing as wierd in the english language.
2001-02-06 09:32:26 +00:00
Brian Feldman
ffd692be66 Correctly fill in the sun_len for a sockaddr_sun.
Submitted by:	Alexander Leidinger <Alexander@leidinger.net>
2001-02-04 20:23:17 +00:00
Brian Feldman
a61d605eda MFS: Don't use the canonical hostname here, too. 2001-02-04 20:16:14 +00:00
Brian Feldman
895b03b1e8 MFF: Make ConnectionsPerPeriod usage a warning, not fatal. 2001-02-04 20:15:53 +00:00
Ruslan Ermilov
f78fa00345 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 17:12:45 +00:00
Brian Feldman
926581ede3 Actually propagate back to the rest of the application that a command
was specified when using -t mode with the SSH client.

Submitted by:	Dima Dorfman <dima@unixfreak.org>
2001-01-21 05:45:27 +00:00
Brian Feldman
ea0187039a /Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
and giving a dire error to its lingering users.
2001-01-13 07:57:43 +00:00
Ruslan Ermilov
72c60cff38 Prepare for mdoc(7)NG. 2001-01-10 16:51:28 +00:00
Brian Feldman
39567f8cee Fix a long-standing bug that resulted in a dropped session sometimes
when an X11-forwarded client was closed.  For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really).  Set SIGPIPE's handler to SIG_IGN.
2001-01-06 21:15:07 +00:00
Assar Westerlund
6e3caa0833 fix conflicts from merge 2000-12-29 21:16:01 +00:00
Assar Westerlund
2a9bc9996c This commit was generated by cvs2svn to compensate for changes in r70494,
which included commits to RCS files with non-trunk default branches.
2000-12-29 21:00:22 +00:00
Assar Westerlund
5ad8ddfb6f import krb4-1.0.5 2000-12-29 21:00:22 +00:00
Assar Westerlund
ee695f07e2 merge fix from vendor for not overwriting old ticket file 2000-12-10 21:01:33 +00:00
Assar Westerlund
45afb7befd This commit was generated by cvs2svn to compensate for changes in r69836,
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:01:33 +00:00
Assar Westerlund
7a7ff9f80d merge fix from vendor for removing buffer overrun 2000-12-10 21:00:35 +00:00
Assar Westerlund
a623f068e0 This commit was generated by cvs2svn to compensate for changes in r69833,
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:00:35 +00:00
Assar Westerlund
fcbc584c3b merge fix from vendor for not looking at environment variables 2000-12-10 20:59:35 +00:00
Assar Westerlund
46c48c19a2 This commit was generated by cvs2svn to compensate for changes in r69830,
which included commits to RCS files with non-trunk default branches.
2000-12-10 20:59:35 +00:00
Assar Westerlund
ba688fa510 (scrub_env): change to only accept a listed set of variables,
including only non-filename contents for TERMCAP
2000-12-10 20:50:20 +00:00
Brian Feldman
099584266b Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd    auth    sufficient      pam_skey.so
sshd    auth    required        pam_unix.so                     try_first_pass
sshd    session required        pam_permit.so

Parts by:	Eivind Eklend <eivind@FreeBSD.org>
2000-12-05 02:55:12 +00:00
Brian Feldman
386879a128 Forgot to remove the old line in the last commit. 2000-12-05 02:41:01 +00:00
Brian Feldman
803a607983 This commit was generated by cvs2svn to compensate for changes in r69587,
which included commits to RCS files with non-trunk default branches.
2000-12-05 02:20:19 +00:00