d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
71,912 Commits 4 Branches 49 Tags 2 GiB
7282a3b32e
Commit Graph

167 Commits

Author SHA1 Message Date
peter
772dd17b51 Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but 
sshd's internal default was 'yes'.  (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)

Approved by: kris
 2000-07-11 09:50:15 +00:00
peter
adeace1395 Make FallBackToRsh off by default. Falling back to rsh by default is 
silly in this day and age.

Approved by: kris
 2000-07-11 09:39:34 +00:00
green
be6e69fbed Allow restarting on SIGHUP when the full path was not given as argv[0]. 
We do have /proc/curproc/file :)
 2000-07-04 06:43:26 +00:00
green
26efc47d38 So /this/ is what has made OpenSSH's SSHv2 support never work right! 
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.
 2000-06-27 21:16:06 +00:00
green
71e9ee0209 Also make sure to close the socket that exceeds your rate limit. 2000-06-26 23:39:26 +00:00
green
9bccae4f2e Make rate limiting work per-listening-socket. Log better messages than 
before for this, requiring a new function (get_ipaddr()).  canohost.c
receives a $FreeBSD$ line.

Suggested by:	Niels Provos <niels@OpenBSD.org>
 2000-06-26 05:44:23 +00:00
kris
4f57b24cfd Fix syntax error in previous commit. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-06-11 21:41:25 +00:00
kris
ad6da2a572 Fix security botch in "UseLogin Yes" case: commands are executed with 
uid 0.

Obtained from:	OpenBSD
 2000-06-10 22:32:57 +00:00
ru
caf976b39e Make `ssh-agent -k' work for csh(1)-like shells. 2000-06-10 14:14:28 +00:00
green
ba3f3c2ac7 Allow "DenyUsers" to function. 2000-06-06 06:16:55 +00:00
kris
a55fcaa060 Resolve conflicts 2000-06-03 09:58:15 +00:00
kris
3639dd9ace Initial import of OpenSSH snapshot from 2000/05/30 
Obtained from:	OpenBSD
 2000-06-03 09:52:37 +00:00
kris
0a76acd42d This commit was generated by cvs2svn to compensate for changes in r61209, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:52:37 +00:00
kris
1e51208074 Resolve conflicts 2000-06-03 09:23:13 +00:00
kris
585dc667de Import from vendor repository. 
Obtained from:	OpenBSD
 2000-06-03 09:20:19 +00:00
kris
780d02839a This commit was generated by cvs2svn to compensate for changes in r61206, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:20:19 +00:00
kris
66c0eb5d8c Bring vendor patches onto the main branch, and resolve conflicts. 2000-06-03 07:31:44 +00:00
kris
e503398156 Import vendor patches: the first is written by 
Brian Feldman <green@FreeBSD.org>

* Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC)
* Disable agent forwarding by default in the client (security risk)

Submitted by:	green
Obtained from:	OpenBSD
 2000-06-03 07:18:09 +00:00
kris
88a84bd92e This commit was generated by cvs2svn to compensate for changes in r61201, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:18:09 +00:00
kris
10badcd8c7 Import vendor patch originally submitted by the below author: don't 
treat failure to create the authentication agent directory in /tmp as
a fatal error, but disable agent forwarding.

Submitted by:	Jan Koum <jkb@yahoo-inc.com>
 2000-06-03 07:06:14 +00:00
kris
89aaaa3ccb This commit was generated by cvs2svn to compensate for changes in r61199, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:06:14 +00:00
kris
e1e1f53651 Import vendor fix: "fix key_read() for uuencoded keys w/o '='" 
This bug caused OpenSSH not to recognise some of the DSA keys it
generated.

Submitted by:	Christian Weisgerber <naddy@mips.inka.de>
Obtained from:	OpenBSD
 2000-06-03 06:51:30 +00:00
kris
27503968d8 Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken 
from the openssh port)

Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
 2000-05-30 09:03:15 +00:00
jake
961b97d434 Back out the previous change to the queue(3) interface. 
It was not discussed and should probably not happen.

Requested by:		msmith and others
 2000-05-26 02:09:24 +00:00
jake
d93fbc9916 Change the way that the queue(3) structures are declared; don't assume that 
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
 2000-05-23 20:41:01 +00:00
ache
b102c893de Turn on CheckMail to be more login-compatible by default 2000-05-23 06:06:54 +00:00
brian
0e085590db Don't USE_PIPES 
Spammed by: peter
Submitted by: mkn@uk.FreeBSD.org
 2000-05-22 09:51:18 +00:00
kris
ecdf63b33e Correct two stupid typos in the DSA key location. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-05-18 06:04:23 +00:00
kris
de71a10db8 Unbreak Kerberos5 compilation. This still remains untested. 
Noticed by:	obrien
 2000-05-17 08:06:20 +00:00
kris
40816e5260 Oops, rename S/Key to Opie in line with FreeBSD usage. 2000-05-15 06:11:30 +00:00
kris
866470d785 Create a DSA host key if one does not already exist, and teach sshd_config 
about it.
 2000-05-15 05:40:27 +00:00
kris
a632b4789c Resolve conflicts and update for FreeBSD. 2000-05-15 05:24:25 +00:00
kris
4dc8aa85ce Initial import of OpenSSH v2.1. 2000-05-15 04:37:24 +00:00
kris
8cf8ce7bb1 This commit was generated by cvs2svn to compensate for changes in r60573, 
which included commits to RCS files with non-trunk default branches.
 2000-05-15 04:37:24 +00:00
nik
b8783e88c4 Note that X11 Forwarding is off by default. 
PR:             docs/17566
Submitted by:   Keith Stevenson <ktstev01@louisville.edu>
 2000-04-30 22:41:58 +00:00
kris
77771891cb Fix a memory leak. 
PR:		17360
Submitted by:	Andrew J. Korty <ajk@iu.edu>
 2000-03-29 08:24:37 +00:00
kris
9b205c3441 #include <ssl/foo.h> -> #include <openssl/foo.h> 2000-03-26 10:00:28 +00:00
kris
6948a83776 Resolve conflicts. 2000-03-26 07:37:48 +00:00
kris
b201b15ee1 Virgin import of OpenSSH sources dated 2000/03/25 2000-03-26 07:07:24 +00:00
kris
e46dd7a5de This commit was generated by cvs2svn to compensate for changes in r58582, 
which included commits to RCS files with non-trunk default branches.
 2000-03-26 07:07:24 +00:00
brian
64f92723d4 Use pipe() instead of socketpair() in sshd when communicating 
with the client.
This allows ppp/ssh style tunnels to function again.

Ok'd by:	markk
Submitted by:	markk@knigma.org
 2000-03-24 15:39:37 +00:00
mpp
b064529634 Fix a few spelling errors. 2000-03-24 02:26:54 +00:00
sheldonh
7889147802 IgnoreUserKnownHosts is a boolean flag, not an integer value. 
The fix submitted in the attributed PR is identical to the one
adopted by OpenBSD.

PR:		17027
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
Obtained from:	OpenBSD
 2000-03-22 09:36:35 +00:00
kris
0d170b1596 Add a new function stub to libcrypto() which resolves to a symbol in 
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.

This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'

This is a 4.0-RELEASE candidate.
 2000-03-13 09:55:53 +00:00
kris
d675ea707a Various manpage style/grammar/formatting cleanups 
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>, jedgar
PR:		17292 (remainder of)
 2000-03-13 00:17:43 +00:00
nik
2ace392884 - typos 
- Add double spaces following full stops to improve typeset output
- mdoc-ification.  (Though I'm uncertain whether option values and
  contents should be .Dq or something else).
- Fix a missed /etc/ssh change
- Expand wording on RandomSeed and behaviour when X11 isn't forwarded.
- Change examples to literal mode.
- Trim trailing whitespace

PR:		docs/17292
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
 2000-03-10 11:48:49 +00:00
markm
b0cba82a4f Make LOGIN_CAP work properly. 2000-03-09 14:52:31 +00:00
kris
8141458379 /etc -> /etc/ssh 
Submitted by:	Ben Smithurst <ben@scientia.demon.co.uk>
 2000-03-08 03:44:00 +00:00
jhay
94eda357d0 MFI: Use krb5 functions in krb5 files. 
Reviewed by:	markm
 2000-03-03 20:31:58 +00:00
green
ead1658802 Turn off X11 forwarding in the client. X11 forwarding in the server by 
default should probably also get turned on, now.

Requested by:	kris
Obtained from:	OpenBSD
 2000-03-03 05:58:39 +00:00
ume
1294a0b6cf Enable connection logging. FreeBSD's libwrap is IPv6 ready. 
OpenSSH is in our source tree, now.  It's a time to enable it.

Reviewed by:	markm, shin
Approved by:	jkh
 2000-02-29 19:37:04 +00:00
markm
37dce23afc 1) Add kerberos5 functionality. 
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
   by Andrey Chernov
 2000-02-28 19:03:50 +00:00
brian
499e159c08 Don't put truncated hostnames in utmp 
Approved by: jkh
 2000-02-28 18:51:30 +00:00
peter
eb77fcb95c Redo this with a repo copy from the original file and reset the 
__PREFIX__ markers.
 2000-02-26 09:59:14 +00:00
peter
18bcb8d297 oops, update path to /etc/ssh/ssh_host_key 2000-02-26 02:24:38 +00:00
peter
7abc89037f Merge from internat.freebsd.org; move ssh files from /etc to /etc/ssh 2000-02-25 14:25:10 +00:00
green
522f06fd77 Fix a bug that crawled in pretty recently (from the port). It made 
sshd coredump :(
 2000-02-25 05:22:14 +00:00
peter
8e4001f110 Fix garbage in SSH_PROGRAM (only on freefall, not internat) 2000-02-25 04:41:06 +00:00
green
83bac1a374 Make "CheckHostIP" default to off. This was proposed on -security and 
earlier IRC, but despite my inital feeling against it, this seems
the more proper thing to do.

Proposed by:	rwatson
 2000-02-25 03:04:29 +00:00
green
129e6a7558 The includes must be <openssl/.*\.h>, not <ssl/.*\.h>. 2000-02-25 01:53:12 +00:00
markm
ccef1c20fc remove more ports crud. 2000-02-24 23:54:00 +00:00
markm
190eabf199 remove ports junk 2000-02-24 23:46:38 +00:00
markm
37a38e6638 Add the patches fom ports (QV: ports/security/openssh/patches/patch-*) 2000-02-24 15:29:42 +00:00
markm
fc557ff7d9 Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
markm
606d31b1ec This commit was generated by cvs2svn to compensate for changes in r57429, 
which included commits to RCS files with non-trunk default branches.
 2000-02-24 14:29:47 +00:00
green
8b8214b6d3 Upgrade to the pam_ssh module, version 1.1.. 
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used.  XDM and its variants
should now work without modification.  Note that the new code uses
the macros in <sys/queue.h>.

Submitted by:	Andrew J. Korty <ajk@iu.edu>
 1999-12-28 05:32:54 +00:00
green
bcc4466e40 Add the PAM SSH RSA key authentication module. For example, you can add, 
"login  auth    sufficient      pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)

PR:		15158
Submitted by:	Andrew J. Korty <ajk@waterspout.com>
Reviewed by:	obrien
 1999-11-29 07:09:44 +00:00