Brian Feldman
313cb084c4
Suggested by kris, OpenSSH shall have a version designated to note that
...
it's not "plain" OpenSSH 2.3.0.
2001-03-20 02:11:25 +00:00
Brian Feldman
e0fbb1d2de
Make password attacks based on traffic analysis harder by requiring that
...
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.
Obtained from: OpenBSD
2001-03-20 02:06:40 +00:00
Nick Sayer
989efc86f5
Fix core noted in -stable with 'auth disable SRA'.
...
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
2001-03-18 09:44:25 +00:00
Jeroen Ruigrok van der Werven
f7191d4fae
Fix double mention of ssh.
...
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.
PR: 25743
Submitted by: David Wolfskill <dhw@whistle.com>
2001-03-15 09:24:40 +00:00
Brian Feldman
e4fe1ca667
Don't dump core when an attempt is made to login using protocol 2 with
...
an invalid user name.
2001-03-15 03:15:18 +00:00
Assar Westerlund
aeccfe991a
(try_krb5_authentication): simplify code. from joda@netbsd.org
2001-03-13 04:42:38 +00:00
Assar Westerlund
a16a9b0f1e
Fix LP64 problem in Kerberos 5 TGT passing.
...
Obtained from: NetBSD (done by thorpej@netbsd.org )
2001-03-12 08:14:22 +00:00
Assar Westerlund
bb330cd01e
enable auto-negotiation of encrypt and decrypt
2001-03-12 03:54:48 +00:00
Assar Westerlund
02c9ff5b94
initialize pointers to NULL and sized to 0 to avoid free:ing invalid memory.
...
PR: bin/20779
2001-03-12 03:48:03 +00:00
Brian Feldman
46c9472cd6
Reenable the SIGPIPE signal handler default in all cases for spawned
...
sessions.
2001-03-11 02:26:57 +00:00
Mark Murray
a4f378438c
Remove stuff that is really "ports material", generated files and
...
stuff for other OS's. Also remove stuff (libraries) that are
already present in FreeBSD and must not get mixed up in our
code.
2001-03-04 07:26:45 +00:00
Mark Murray
c21f532945
Trim down the source tree a bit. We shouldn't have blatantly
...
uncompilable bits in here (like X stuff), nor should we have
too much "ports material".
2001-03-04 07:06:39 +00:00
Assar Westerlund
cb96ab3672
Add code for being compatible with ssh.com's krb5 authentication.
...
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>
PR: misc/20504
2001-03-04 02:22:04 +00:00
Kris Kennaway
b64f39b655
Resolve conflicts
2001-02-18 03:23:30 +00:00
Kris Kennaway
a991678294
This commit was generated by cvs2svn to compensate for changes in r72613,
...
which included commits to RCS files with non-trunk default branches.
2001-02-18 03:17:36 +00:00
Kris Kennaway
de7cdddab1
Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10
2001-02-18 03:17:36 +00:00
Paul Saab
8e97fe726f
Make ConnectionsPerPeriod non-fatal for real.
2001-02-18 01:33:31 +00:00
Mark Murray
93f09f075a
Fix a "make world"-breaking inconsistency for those folks making
...
a world with both KRB4 and KRB5.
2001-02-14 19:54:36 +00:00
Assar Westerlund
0346cda4f9
nuke conflict markers
2001-02-13 22:40:28 +00:00
Assar Westerlund
c9e3f8cfb9
update to new heimdal libkrb5
2001-02-13 16:58:04 +00:00
Assar Westerlund
47085b17ae
fix conflicts in heimdal 0.3e import
2001-02-13 16:52:56 +00:00
Assar Westerlund
c25d7ab741
This commit was generated by cvs2svn to compensate for changes in r72445,
...
which included commits to RCS files with non-trunk default branches.
2001-02-13 16:46:19 +00:00
Assar Westerlund
5e9cd1ae3e
import of heimdal 0.3e
2001-02-13 16:46:19 +00:00
Kris Kennaway
a09221f83c
Patches backported from later development version of OpenSSH which prevent
...
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.
Reviewed by: rwatson
2001-02-12 06:44:51 +00:00
Kris Kennaway
e0834d8749
Note that crypto/ is not used to build in, people should see secure/
...
instead.
2001-02-10 04:47:47 +00:00
Jeroen Ruigrok van der Werven
2b081e30cf
Synch: Add $FreeBSD$.
2001-02-07 21:58:16 +00:00
Jeroen Ruigrok van der Werven
2fa72ea7d4
Fix typo: compatability -> compatibility.
...
Compatability is not an existing english word.
2001-02-06 12:05:58 +00:00
Jeroen Ruigrok van der Werven
9a01d32bfd
Fix typo: seperate -> separate.
...
Seperate does not exist in the english language.
Submitted to look at by: kris
2001-02-06 10:39:38 +00:00
Jeroen Ruigrok van der Werven
2cdd9c0332
Fix typo: wierd -> weird.
...
There is no such thing as wierd in the english language.
2001-02-06 09:32:26 +00:00
Brian Feldman
ffd692be66
Correctly fill in the sun_len for a sockaddr_sun.
...
Submitted by: Alexander Leidinger <Alexander@leidinger.net>
2001-02-04 20:23:17 +00:00
Brian Feldman
a61d605eda
MFS: Don't use the canonical hostname here, too.
2001-02-04 20:16:14 +00:00
Brian Feldman
895b03b1e8
MFF: Make ConnectionsPerPeriod usage a warning, not fatal.
2001-02-04 20:15:53 +00:00
Ruslan Ermilov
f78fa00345
mdoc(7) police: split punctuation characters + misc fixes.
2001-02-01 17:12:45 +00:00
Brian Feldman
926581ede3
Actually propagate back to the rest of the application that a command
...
was specified when using -t mode with the SSH client.
Submitted by: Dima Dorfman <dima@unixfreak.org>
2001-01-21 05:45:27 +00:00
Brian Feldman
ea0187039a
/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
...
and giving a dire error to its lingering users.
2001-01-13 07:57:43 +00:00
Ruslan Ermilov
72c60cff38
Prepare for mdoc(7)NG.
2001-01-10 16:51:28 +00:00
Brian Feldman
39567f8cee
Fix a long-standing bug that resulted in a dropped session sometimes
...
when an X11-forwarded client was closed. For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really). Set SIGPIPE's handler to SIG_IGN.
2001-01-06 21:15:07 +00:00
Assar Westerlund
6e3caa0833
fix conflicts from merge
2000-12-29 21:16:01 +00:00
Assar Westerlund
2a9bc9996c
This commit was generated by cvs2svn to compensate for changes in r70494,
...
which included commits to RCS files with non-trunk default branches.
2000-12-29 21:00:22 +00:00
Assar Westerlund
5ad8ddfb6f
import krb4-1.0.5
2000-12-29 21:00:22 +00:00
Assar Westerlund
ee695f07e2
merge fix from vendor for not overwriting old ticket file
2000-12-10 21:01:33 +00:00
Assar Westerlund
45afb7befd
This commit was generated by cvs2svn to compensate for changes in r69836,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:01:33 +00:00
Assar Westerlund
7a7ff9f80d
merge fix from vendor for removing buffer overrun
2000-12-10 21:00:35 +00:00
Assar Westerlund
a623f068e0
This commit was generated by cvs2svn to compensate for changes in r69833,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:00:35 +00:00
Assar Westerlund
fcbc584c3b
merge fix from vendor for not looking at environment variables
2000-12-10 20:59:35 +00:00
Assar Westerlund
46c48c19a2
This commit was generated by cvs2svn to compensate for changes in r69830,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 20:59:35 +00:00
Assar Westerlund
ba688fa510
(scrub_env): change to only accept a listed set of variables,
...
including only non-filename contents for TERMCAP
2000-12-10 20:50:20 +00:00
Brian Feldman
099584266b
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
...
new features description elided in favor of checking out their
website.
Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
2000-12-05 02:55:12 +00:00
Brian Feldman
386879a128
Forgot to remove the old line in the last commit.
2000-12-05 02:41:01 +00:00
Brian Feldman
803a607983
This commit was generated by cvs2svn to compensate for changes in r69587,
...
which included commits to RCS files with non-trunk default branches.
2000-12-05 02:20:19 +00:00