Commit Graph

57 Commits

Author SHA1 Message Date
des
c995370269 Upgrade to OpenSSH 7.4p1. 2017-03-06 01:37:05 +00:00
lidl
7235884959 Add refactored blacklist support to sshd
Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file.  This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by:	des
Approved by:	des
MFC after:		1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D7051
2016-08-30 14:09:24 +00:00
des
9b2207f860 Upgrade to OpenSSH 7.0p1. 2016-01-20 22:57:10 +00:00
des
b856a45731 Upgrade to OpenSSH 6.9p1. 2016-01-19 18:55:44 +00:00
des
7a7bc643b5 Upgrade to OpenSSH 6.8p1. 2016-01-19 18:28:23 +00:00
des
14172c52f8 Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after:	1 week
2016-01-19 16:18:26 +00:00
des
43b4a69321 As previously threatened, remove the HPN patch from OpenSSH. 2016-01-19 14:38:20 +00:00
des
24641fd80b Retire the NONE cipher option. 2015-11-23 12:48:13 +00:00
des
ae82763de4 Upgrade to OpenSSH 6.6p1. 2014-03-25 11:05:34 +00:00
des
7573e91b12 Upgrade to OpenSSH 6.5p1. 2014-01-31 13:12:02 +00:00
des
cda41f674d Upgrade to 6.3p1.
Approved by:	re (gjb)
2013-09-21 21:36:09 +00:00
des
b291eafe8d Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
2013-03-22 17:55:38 +00:00
des
00f3582ac6 Upgrade OpenSSH to 6.1p1. 2012-09-03 16:51:41 +00:00
des
038442ad80 Upgrade to OpenSSH 5.9p1.
MFC after:	3 months
2011-10-05 22:08:17 +00:00
brooks
28f5522cfe Fix two more $FreeBSD$ keywords.
Reported by:	pluknet
Approved by:	re (implicit)
2011-08-03 20:21:52 +00:00
brooks
0f65fdcb29 Add support for dynamically adjusted buffers to allow the full use of
the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links).  Bandwidth-delay products up to 64MB are
supported.

Also add support (not compiled by default) for the None cypher.  The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line.  Additionally, the None cypher will only be activated after
authentication is complete.  To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.

This code is a style(9) compliant version of these features extracted
from the patches published at:

http://www.psc.edu/networking/projects/hpn-ssh/

Merging this patch has been a collaboration between me and Bjoern.

Reviewed by:	bz
Approved by:	re (kib), des (maintainer)
2011-08-03 19:14:22 +00:00
des
ee2afa8165 Upgrade to OpenSSH 5.8p2. 2011-05-04 07:34:44 +00:00
des
59d1af2322 Upgrade to OpenSSH 5.6p1. 2010-11-11 11:46:19 +00:00
des
c3510f9e73 Upgrade to OpenSSH 5.4p1.
MFC after:	1 month
2010-03-09 19:16:43 +00:00
des
8bf56a9772 Upgrade to OpenSSH 5.2p1.
MFC after:	3 months
2009-05-22 18:46:28 +00:00
des
b7aa600c41 Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch.  One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago.  This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after:	6 weeks
2008-08-01 02:48:36 +00:00
des
ab05c9d6e0 More files which no longer have any local changes. 2008-08-01 01:32:56 +00:00
des
f1596419c2 Properly flatten openssh/dist. 2008-07-22 19:01:18 +00:00
des
666aa9cc16 Revert part of 180714 - the intent was to flatten dist, not to nuke it. 2008-07-22 18:58:19 +00:00
des
624d93001f Flatten the OpenSSH vendor tree for 3.x and newer. 2008-07-22 17:13:05 +00:00
des
4ff234ef46 Merge conflicts.
MFC after:	1 week
2006-09-30 13:38:06 +00:00
des
2f35ce4773 Vendor import of OpenSSH 4.4p1. 2006-09-30 13:29:51 +00:00
des
7c07891caf Merge conflicts. 2006-03-22 20:41:37 +00:00
des
448503722a Vendor import of OpenSSH 4.3p1. 2006-03-22 19:46:12 +00:00
des
983ad11a1c Resolve conflicts. 2005-06-05 15:46:09 +00:00
des
11a09ab416 Vendor import of OpenSSH 4.0p1. 2005-06-05 15:40:50 +00:00
des
a744ec13ad Resolve conflicts 2004-10-28 16:11:31 +00:00
des
d5d493f03a Vendor import of OpenSSH 3.9p1. 2004-10-28 16:03:53 +00:00
des
124c4a1415 Resolve conflicts. 2004-02-26 10:52:33 +00:00
des
7d1750f1d6 Vendor import of OpenSSH 3.8p1. 2004-02-26 10:38:49 +00:00
des
7545fb1c7e Resolve conflicts and remove obsolete files.
Sponsored by:	registrar.no
2004-01-07 11:16:27 +00:00
des
b5d16e7138 Vendor import of OpenSSH 3.7.1p2. 2004-01-07 11:10:17 +00:00
des
279b0fa809 Resolve conflicts. 2002-10-29 10:16:02 +00:00
des
099d1a58f7 Vendor import of OpenSSH-portable 3.5p1. 2002-10-29 09:43:00 +00:00
des
5ba29faa04 Forcibly revert to mainline. 2002-06-27 22:42:11 +00:00
des
bb02848f18 Vendor import of OpenSSH 3.3p1. 2002-06-27 22:31:32 +00:00
des
fa8aa6dfe7 Resolve conflicts. Known issues:
- sshd fails to set TERM correctly.
 - privilege separation may break PAM and is currently turned off.
 - man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by:	DARPA, NAI Labs
2002-06-23 16:09:08 +00:00
des
610201f50f Vendor import of OpenSSH 3.3. 2002-06-23 14:01:54 +00:00
des
6534271ec8 Fix conflicts. 2002-03-18 10:09:43 +00:00
des
2fc4a48897 Vendor import of OpenSSH 3.1 2002-03-18 09:55:03 +00:00
green
119a11eb6b Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
green
8acd87ac47 Say "hi" to the latest in the OpenSSH series, version 2.9!
Happy birthday to:	rwatson
2001-05-04 03:57:05 +00:00
assar
4e2eb78eca Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR:		misc/20504
2001-03-04 02:22:04 +00:00
green
ab6b35a1d6 Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd    auth    sufficient      pam_skey.so
sshd    auth    required        pam_unix.so                     try_first_pass
sshd    session required        pam_permit.so

Parts by:	Eivind Eklend <eivind@FreeBSD.org>
2000-12-05 02:55:12 +00:00
green
2aecee364f Import of OpenSSH 2.3.0 (virgin OpenBSD source release). 2000-12-05 02:20:19 +00:00