Commit Graph

99 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
144a80bd9a Try to check whether each key file exists before adding it, and bail out
if we didn't find any of them.  This reduces log spam about key files for
deprecated algorithms, which we look for but don't generate.

PR:		208254
MFC after:	3 days
2016-08-08 10:46:18 +00:00
Dag-Erling Smørgrav
9ded33068e Remove DSA from default cipher list and disable SSH1.
Upstream did this a long time ago, but we kept DSA and SSH1 in FreeBSD for
reasons which boil down to POLA.  Now is a good time to catch up.

MFC after:	3 days
Relnotes:	yes
2016-08-03 16:08:21 +00:00
Dag-Erling Smørgrav
acc1a9ef83 Upgrade to OpenSSH 7.2p2. 2016-03-11 00:15:29 +00:00
Dag-Erling Smørgrav
c4cd1fa410 Switch UseDNS back on 2016-01-27 13:40:44 +00:00
Dag-Erling Smørgrav
6f3513465d Instead of removing the NoneEnabled option, mark it as unsupported.
(should have done this in r291198, but didn't think of it until now)
2016-01-22 13:13:46 +00:00
Dag-Erling Smørgrav
eccfee6ebc Upgrade to OpenSSH 7.0p1. 2016-01-20 22:57:10 +00:00
Dag-Erling Smørgrav
557f75e54a Upgrade to OpenSSH 6.9p1. 2016-01-19 18:55:44 +00:00
Dag-Erling Smørgrav
9860d96e8f Re-add HPN configuration options as deprecated options to avoid breaking
existing configurations that use them.  Note that there is no functional
difference between OpenSSH with HPN and OpenSSH without HPN.
2016-01-19 18:38:17 +00:00
Dag-Erling Smørgrav
bc5531debe Upgrade to OpenSSH 6.8p1. 2016-01-19 18:28:23 +00:00
Dag-Erling Smørgrav
a0ee8cc636 Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after:	1 week
2016-01-19 16:18:26 +00:00
Dag-Erling Smørgrav
60c59fad88 As previously threatened, remove the HPN patch from OpenSSH. 2016-01-19 14:38:20 +00:00
Dag-Erling Smørgrav
1765946ba9 Retire the NONE cipher option. 2015-11-23 12:48:13 +00:00
Dag-Erling Smørgrav
5bec830e40 Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). 2015-11-11 13:26:47 +00:00
Dag-Erling Smørgrav
b83788ff87 Upgrade to OpenSSH 6.6p1. 2014-03-25 11:05:34 +00:00
Dag-Erling Smørgrav
2b1970f362 Turn sandboxing on by default. 2014-02-01 00:07:16 +00:00
Dag-Erling Smørgrav
f7167e0ea0 Upgrade to OpenSSH 6.5p1. 2014-01-31 13:12:02 +00:00
Dag-Erling Smørgrav
e4a9863fb7 Upgrade to 6.3p1.
Approved by:	re (gjb)
2013-09-21 21:36:09 +00:00
Dag-Erling Smørgrav
c89ea4d72b Revert a local change that sets the default for UsePrivilegeSeparation to
"sandbox" instead of "yes".  In sandbox mode, the privsep child is unable
to load additional libraries and will therefore crash when trying to take
advantage of crypto offloading on CPUs that support it.
2013-05-29 00:19:58 +00:00
Dag-Erling Smørgrav
6888a9be56 Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
2013-03-22 17:55:38 +00:00
Dag-Erling Smørgrav
462c32cb8d Upgrade OpenSSH to 6.1p1. 2012-09-03 16:51:41 +00:00
Ed Schouten
35762f5913 Polish diff against upstream.
- Revert unneeded whitespace changes.
- Revert modifications to loginrec.c, as the upstream version already
  does the right thing.
- Fix indentation and whitespace of local changes.

Approved by:	des
MFC after:	1 month
2012-02-13 11:59:59 +00:00
Dag-Erling Smørgrav
e146993e33 Upgrade to OpenSSH 5.9p1.
MFC after:	3 months
2011-10-05 22:08:17 +00:00
Brooks Davis
8998619212 Add support for dynamically adjusted buffers to allow the full use of
the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links).  Bandwidth-delay products up to 64MB are
supported.

Also add support (not compiled by default) for the None cypher.  The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line.  Additionally, the None cypher will only be activated after
authentication is complete.  To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.

This code is a style(9) compliant version of these features extracted
from the patches published at:

http://www.psc.edu/networking/projects/hpn-ssh/

Merging this patch has been a collaboration between me and Bjoern.

Reviewed by:	bz
Approved by:	re (kib), des (maintainer)
2011-08-03 19:14:22 +00:00
Dag-Erling Smørgrav
4a421b6336 Upgrade to OpenSSH 5.8p2. 2011-05-04 07:34:44 +00:00
Dag-Erling Smørgrav
e2f6069c09 Upgrade to OpenSSH 5.6p1. 2010-11-11 11:46:19 +00:00
Dag-Erling Smørgrav
8ad9b54a6d Upgrade to OpenSSH 5.5p1. 2010-04-28 10:36:33 +00:00
Dag-Erling Smørgrav
b15c83408c Upgrade to OpenSSH 5.4p1.
MFC after:	1 month
2010-03-09 19:16:43 +00:00
Dag-Erling Smørgrav
7aee6ffee0 Upgrade to OpenSSH 5.3p1. 2009-10-01 17:12:52 +00:00
Dag-Erling Smørgrav
cce7d3464f Upgrade to OpenSSH 5.2p1.
MFC after:	3 months
2009-05-22 18:46:28 +00:00
Dag-Erling Smørgrav
d4af9e693f Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch.  One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago.  This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after:	6 weeks
2008-08-01 02:48:36 +00:00
Dag-Erling Smørgrav
e3ae3b098d Properly flatten openssh/dist. 2008-07-22 19:01:18 +00:00
Dag-Erling Smørgrav
333ee03933 Merge conflicts.
MFC after:	1 week
2006-09-30 13:38:06 +00:00
Dag-Erling Smørgrav
761efaa70c Vendor import of OpenSSH 4.4p1. 2006-09-30 13:29:51 +00:00
Dag-Erling Smørgrav
b74df5b26f Merge conflicts. 2006-03-22 20:41:37 +00:00
Dag-Erling Smørgrav
021d409f5b Vendor import of OpenSSH 4.3p1. 2006-03-22 19:46:12 +00:00
Dag-Erling Smørgrav
d4ecd10857 Resolve conflicts. 2005-09-03 07:04:25 +00:00
Dag-Erling Smørgrav
043840df5b Vendor import of OpenSSH 4.2p1. 2005-09-03 06:59:33 +00:00
Dag-Erling Smørgrav
aa49c9264c Resolve conflicts. 2005-06-05 15:46:09 +00:00
Dag-Erling Smørgrav
4518870c72 Vendor import of OpenSSH 4.1p1. 2005-06-05 15:41:57 +00:00
Dag-Erling Smørgrav
5e8dbd04ef Vendor import of OpenSSH 4.0p1. 2005-06-05 15:40:50 +00:00
Dag-Erling Smørgrav
21e764df0c Resolve conflicts 2004-10-28 16:11:31 +00:00
Dag-Erling Smørgrav
d74d50a84b Vendor import of OpenSSH 3.9p1. 2004-10-28 16:03:53 +00:00
Dag-Erling Smørgrav
1ec0d75429 Resolve conflicts. 2004-02-26 10:52:33 +00:00
Dag-Erling Smørgrav
efcad6b72f Vendor import of OpenSSH 3.8p1. 2004-02-26 10:38:49 +00:00
Dag-Erling Smørgrav
028c324ac8 Pull asbesthos underpants on and disable protocol version 1 by default. 2004-02-26 10:24:07 +00:00
Dag-Erling Smørgrav
b909c84bf2 Turn non-PAM password authentication off by default when USE_PAM is
defined.  Too many users are getting bitten by it.
2004-02-19 15:53:31 +00:00
Dag-Erling Smørgrav
f0477b2653 Egg on my face: UsePAM was off by default.
Pointed out by:	Sean McNeil <sean@mcneil.com>
2004-01-09 08:07:12 +00:00
Dag-Erling Smørgrav
cf2b5f3b6d Resolve conflicts and remove obsolete files.
Sponsored by:	registrar.no
2004-01-07 11:16:27 +00:00
Dag-Erling Smørgrav
d95e11bf7e Vendor import of OpenSSH 3.7.1p2. 2004-01-07 11:10:17 +00:00
Dag-Erling Smørgrav
e73e9afa91 Resolve conflicts. 2003-04-23 17:13:13 +00:00