d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
82,807 Commits 4 Branches 49 Tags 2 GiB
9353671693
Commit Graph

251 Commits

Author SHA1 Message Date
nectar
d69c342a45 Update version string since we applied a fix for the UseLogin issue. 2001-12-03 22:47:51 +00:00
nectar
b0b55f7f5f Do not pass user-defined environmental variables to /usr/bin/login. 
Obtained from:	OpenBSD
Approved by:	green
 2001-12-03 00:51:47 +00:00
dwmalone
9a6b4717f3 In the "UseLogin yes" case we need env to be NULL to make sure it 
will be correctly initialised.

PR:		32065
Tested by:	The Anarcat <anarcat@anarcat.dyndns.org>
MFC after:	3 days
 2001-11-19 19:40:14 +00:00
green
e990e27894 Modify a "You don't exist" message, pretty rude for transient YP failures. 2001-09-27 18:54:42 +00:00
assar
6d29950919 fix renamed options in some of the code that was #ifdef AFS 
also print an error if krb5 ticket passing is disabled

Submitted by:	Jonathan Chen <jon@spock.org>
 2001-09-04 13:27:04 +00:00
ps
e7bdb473a8 Backout last change. I didnt follow the thread and made a mistake 
with this.  localisations is a valid spelling.  Oops
 2001-08-27 10:37:50 +00:00
ps
4e55facbeb Correctly spell localizations 2001-08-27 10:20:02 +00:00
green
9f287caebc Update the OpenSSH minor-version string. 
Requested by:	obrien
Reviewed by:	rwatson
 2001-08-16 19:26:19 +00:00
nectar
0e7f0df834 Bug fix: When the client connects to a server and Kerberos 
authentication is  enabled, the  client effectively ignores  any error
from krb5_rd_rep due to a missing branch.

In  theory  this could  result  in  an  ssh  client using  Kerberos  5
authentication accepting  a spoofed  AP-REP.  I doubt  this is  a real
possiblity, however, because  the AP-REP is passed from  the server to
the client via the SSH  encrypted channel.  Any tampering should cause
the decryption or MAC to fail.

Approved by:	green
MFC after:	1 week
 2001-07-13 18:12:13 +00:00
green
961721080a Fix an incorrect conflict resolution which prevented TISAuthentication 
from working right in 2.9.
 2001-07-07 14:19:53 +00:00
green
93a6a41112 Also add a colon to "Bad passphrase, please try again ". 2001-06-29 16:43:13 +00:00
green
5d06029221 Put in a missing colon in the "Enter passphrase" message. 2001-06-29 16:34:14 +00:00
green
fe0162ddb3 Back out the last change which is probably actually a red herring. Argh! 2001-06-26 15:15:22 +00:00
green
c3258d9fdd Don't pointlessly kill a channel because the first (forced) 
non-blocking read returns 0.

Now I can finally tunnel CVSUP again...
 2001-06-26 14:17:35 +00:00
assar
116337ea17 (do_authloop): handle !KRB4 && KRB5 2001-06-16 07:44:17 +00:00
markm
5fa9d6f739 Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does 
not imply that you want, need or have kerberosIV headers.
 2001-06-15 08:12:31 +00:00
green
fdb0c1688a Enable Kerberos 5 support in sshd again. 2001-06-12 03:43:47 +00:00
green
45d207659b Switch to the user's uid before attempting to unlink the auth forwarding 
file, nullifying the effects of a race.

Obtained from:	OpenBSD
 2001-06-08 22:22:09 +00:00
obrien
a26134411c Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason. 2001-05-24 07:22:08 +00:00
obrien
bac609c202 Restore the RSA host key to /etc/ssh/ssh_host_key. 
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
 2001-05-18 18:10:02 +00:00
green
a407780211 If a host would exceed 16 characters in the utmp entry, record only 
it's IP address/base host instead.

Submitted by:	brian
 2001-05-15 01:50:40 +00:00
ru
3add9296c0 mdoc(7) police: finished fixing conflicts in revision 1.18. 2001-05-14 18:13:34 +00:00
markm
cdb0cb9ccd Fix make world in the kerberosIV case. 2001-05-11 09:36:17 +00:00
alfred
bd16bfd06f Fix some of the handling in the pam module, don't unregister things 
that were never registered.  At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
 2001-05-09 03:40:37 +00:00
green
9c961719a9 Since PAM is broken, let pam_setcred() failure be non-fatal. 2001-05-08 22:30:18 +00:00
green
3f59c74031 sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc. 2001-05-05 13:48:13 +00:00
green
094816f4b2 Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates. 
(Missing Delta Brigade, tally-ho!)
 2001-05-05 01:12:45 +00:00
green
729aac1a81 Get ssh(1) compiling with MAKE_KERBEROS5. 2001-05-04 04:37:49 +00:00
green
d1f65ecd2b Remove obsoleted files. 2001-05-04 04:15:22 +00:00
green
119a11eb6b Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
green
8acd87ac47 Say "hi" to the latest in the OpenSSH series, version 2.9! 
Happy birthday to:	rwatson
 2001-05-04 03:57:05 +00:00
green
08fd06354d This commit was generated by cvs2svn to compensate for changes in r76259, 
which included commits to RCS files with non-trunk default branches.
 2001-05-04 03:57:05 +00:00
green
461d7e1472 Add a "VersionAddendum" configuration setting for sshd which allows 
anyone to easily change the part of the OpenSSH version after the main
version number.  The FreeBSD-specific version banner could be disabled
that way, for example:

# Call ourselves plain OpenSSH
VersionAddendum
 2001-05-03 00:29:28 +00:00
green
6d6d6e45ee Backout completely canonical lookup modifications. 2001-05-03 00:26:47 +00:00
green
b9a62213ae Suggested by kris, OpenSSH shall have a version designated to note that 
it's not "plain" OpenSSH 2.3.0.
 2001-03-20 02:11:25 +00:00
green
e1c06db961 Make password attacks based on traffic analysis harder by requiring that 
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.

Obtained from:	OpenBSD
 2001-03-20 02:06:40 +00:00
asmodai
355885cfa7 Fix double mention of ssh. 
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.

PR:		25743
Submitted by:	David Wolfskill <dhw@whistle.com>
 2001-03-15 09:24:40 +00:00
green
8b51db0ce8 Don't dump core when an attempt is made to login using protocol 2 with 
an invalid user name.
 2001-03-15 03:15:18 +00:00
assar
95047bd0c5 (try_krb5_authentication): simplify code. from joda@netbsd.org 2001-03-13 04:42:38 +00:00
assar
07c5543bb1 Fix LP64 problem in Kerberos 5 TGT passing. 
Obtained from: NetBSD (done by thorpej@netbsd.org)
 2001-03-12 08:14:22 +00:00
green
f261519030 Reenable the SIGPIPE signal handler default in all cases for spawned 
sessions.
 2001-03-11 02:26:57 +00:00
assar
4e2eb78eca Add code for being compatible with ssh.com's krb5 authentication. 
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR:		misc/20504
 2001-03-04 02:22:04 +00:00
ps
4abb31bd7d Make ConnectionsPerPeriod non-fatal for real. 2001-02-18 01:33:31 +00:00
assar
e25a9ea1d2 update to new heimdal libkrb5 2001-02-13 16:58:04 +00:00
kris
94cb603894 Patches backported from later development version of OpenSSH which prevent 
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.

Reviewed by:	rwatson
 2001-02-12 06:44:51 +00:00
green
c0460ef928 Correctly fill in the sun_len for a sockaddr_sun. 
Submitted by:	Alexander Leidinger <Alexander@leidinger.net>
 2001-02-04 20:23:17 +00:00
green
007d3cc3ed MFS: Don't use the canonical hostname here, too. 2001-02-04 20:16:14 +00:00
green
8ae23e3ef8 MFF: Make ConnectionsPerPeriod usage a warning, not fatal. 2001-02-04 20:15:53 +00:00
green
42801d85d9 Actually propagate back to the rest of the application that a command 
was specified when using -t mode with the SSH client.

Submitted by:	Dima Dorfman <dima@unixfreak.org>
 2001-01-21 05:45:27 +00:00
green
759414f218 /Really/ deprecate ConnectionsPerPeriod, ripping out the code for it 
and giving a dire error to its lingering users.
 2001-01-13 07:57:43 +00:00
green
a121b36822 Fix a long-standing bug that resulted in a dropped session sometimes 
when an X11-forwarded client was closed.  For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really).  Set SIGPIPE's handler to SIG_IGN.
 2001-01-06 21:15:07 +00:00
cvs2svn
5bcde1229c This commit was manufactured by cvs2svn to create branch 
'VENDOR-crypto-openssh'.
 2000-12-05 02:55:13 +00:00
green
ab6b35a1d6 Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd    auth    sufficient      pam_skey.so
sshd    auth    required        pam_unix.so                     try_first_pass
sshd    session required        pam_permit.so

Parts by:	Eivind Eklend <eivind@FreeBSD.org>
 2000-12-05 02:55:12 +00:00
green
6202ac1614 Forgot to remove the old line in the last commit. 2000-12-05 02:41:01 +00:00
green
2aecee364f Import of OpenSSH 2.3.0 (virgin OpenBSD source release). 2000-12-05 02:20:19 +00:00
green
1c5144a169 This commit was generated by cvs2svn to compensate for changes in r69587, 
which included commits to RCS files with non-trunk default branches.
 2000-12-05 02:20:19 +00:00
brian
17a750ff36 Remove duplicate line 
Not responded to by: kris, then green
 2000-12-04 22:57:53 +00:00
green
163406c6e5 In env_destroy(), it is a bad idea to env_swap(self, 0) to switch 
back to the original environ unconditionally.  The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set.  Therefore, don't try to swap the env back
unless the previous env has been initialized.

PR:		bin/22670
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2000-11-25 02:00:35 +00:00
billf
de5ab7abc1 Correct an arguement to ssh_add_identity, this matches what is currently 
in ports/security/openssh/files/pam_ssh.c

PR:		22164
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by:	green
Approved by:	green
 2000-11-25 01:55:42 +00:00
green
0bc5843790 Add login_cap and login_access support. Previously, these FreeBSD-local 
checks were only made when using the 1.x protocol.
 2000-11-14 04:35:03 +00:00
green
100d82038d Import a security fix: the client would allow a server to use its 
ssh-agent or X11 forwarding even if it was disabled.

This is the vendor fix provided, not an actual revision of clientloop.c.

Submitted by:	Markus Friedl <markus@OpenBSD.org> via kris
 2000-11-14 03:51:53 +00:00
green
fb253173ae This commit was generated by cvs2svn to compensate for changes in r68700, 
which included commits to RCS files with non-trunk default branches.
 2000-11-14 03:51:53 +00:00
green
3c8715d5d7 Fix a few style oddities. 2000-09-10 18:04:12 +00:00
green
bb24bb397b Fix a goof in timevaldiff. 2000-09-10 18:03:46 +00:00
kris
c5a4794750 Remove files no longer present in OpenSSH 2.2.0 and beyond 2000-09-10 10:26:07 +00:00
kris
24372e6c10 Resolve conflicts and update for OpenSSH 2.2.0 
Reviewed by:	gshapiro, peter, green
 2000-09-10 09:35:38 +00:00
kris
0ca2bdc2f7 Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 2000-09-10 08:31:17 +00:00
kris
f2912c8208 This commit was generated by cvs2svn to compensate for changes in r65668, 
which included commits to RCS files with non-trunk default branches.
 2000-09-10 08:31:17 +00:00
kris
e4a753d311 Nuke RSAREF support from orbit. 
It's the only way to be sure.
 2000-09-10 00:09:37 +00:00
kris
2450bc1f18 ttyname was not being passed into do_login(), so we were erroneously picking 
up the function definition from unistd.h instead. Use s->tty instead.

Submitted by:	peter
 2000-09-04 08:43:05 +00:00
kris
175e5fe4dd bzero() the struct timeval for paranoia 
Submitted by:	gshapiro
 2000-09-03 07:58:35 +00:00
kris
868b20c6a8 Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody 
was using this feature.
 2000-09-02 07:32:05 +00:00
kris
458b9e5882 Repair a broken conflict resolution in r1.2 which had the effect of nullifying 
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".

Submitted by:	gshapiro
 2000-09-02 05:40:50 +00:00
kris
8b99f6e1dc Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh! 
Submitted by:	gshapiro
 2000-09-02 04:41:33 +00:00
kris
6eee534256 Re-add missing "break" which was lost during a previous patch 
integration. This currently has no effect.

Submitted by:	gshapiro
 2000-09-02 04:37:51 +00:00
kris
42ae81df48 Turn on X11Forwarding by default on the server. Any risk is to the client, 
where it is already disabled by default.

Reminded by:	peter
 2000-09-02 03:49:22 +00:00
kris
3ae9606341 Increase the default value of LoginGraceTime from 60 seconds to 120 
seconds.

PR:		20488
Submitted by:	rwatson
 2000-08-23 09:47:25 +00:00
kris
aba57a02e8 Respect X11BASE to derive the location of xauth(1) 
PR:		17818
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
 2000-08-23 09:39:20 +00:00
asmodai
5209950187 Chalk up another phkmalloc victim. 
It seems as if uninitialised memory was the culprit.

We may want to contribute this back to the OpenSSH project.

Submitted by:	Alexander Leidinger <Alexander@Leidinger.net> on -current.
 2000-08-01 08:07:15 +00:00
asmodai
0a6c762555 Fix a weird typo, is -> are. 
The OpenSSH maintainer probably want to contribute this back to the
real OpenSSH guys.

Submitted by:	Jon Perkin <sketchy@netcraft.com>
 2000-07-27 19:21:15 +00:00
marko
1dcee686be Fixed a minor typo in the header. 
Pointed out by:	asmodai
 2000-07-27 17:21:07 +00:00
marko
674af77794 Committed, Thanks!! 
PR:		20108
Submitted by:	Doug Lee
 2000-07-25 16:49:48 +00:00
peter
d9df5f65de Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes) 2000-07-11 09:54:24 +00:00
peter
5f6efaa063 Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600. 2000-07-11 09:52:14 +00:00
peter
772dd17b51 Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but 
sshd's internal default was 'yes'.  (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)

Approved by: kris
 2000-07-11 09:50:15 +00:00
peter
adeace1395 Make FallBackToRsh off by default. Falling back to rsh by default is 
silly in this day and age.

Approved by: kris
 2000-07-11 09:39:34 +00:00
green
be6e69fbed Allow restarting on SIGHUP when the full path was not given as argv[0]. 
We do have /proc/curproc/file :)
 2000-07-04 06:43:26 +00:00
green
26efc47d38 So /this/ is what has made OpenSSH's SSHv2 support never work right! 
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.
 2000-06-27 21:16:06 +00:00
green
71e9ee0209 Also make sure to close the socket that exceeds your rate limit. 2000-06-26 23:39:26 +00:00
green
9bccae4f2e Make rate limiting work per-listening-socket. Log better messages than 
before for this, requiring a new function (get_ipaddr()).  canohost.c
receives a $FreeBSD$ line.

Suggested by:	Niels Provos <niels@OpenBSD.org>
 2000-06-26 05:44:23 +00:00
kris
4f57b24cfd Fix syntax error in previous commit. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-06-11 21:41:25 +00:00
kris
ad6da2a572 Fix security botch in "UseLogin Yes" case: commands are executed with 
uid 0.

Obtained from:	OpenBSD
 2000-06-10 22:32:57 +00:00
ru
caf976b39e Make `ssh-agent -k' work for csh(1)-like shells. 2000-06-10 14:14:28 +00:00
green
ba3f3c2ac7 Allow "DenyUsers" to function. 2000-06-06 06:16:55 +00:00
kris
a55fcaa060 Resolve conflicts 2000-06-03 09:58:15 +00:00
kris
3639dd9ace Initial import of OpenSSH snapshot from 2000/05/30 
Obtained from:	OpenBSD
 2000-06-03 09:52:37 +00:00
kris
0a76acd42d This commit was generated by cvs2svn to compensate for changes in r61209, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:52:37 +00:00
kris
1e51208074 Resolve conflicts 2000-06-03 09:23:13 +00:00
kris
585dc667de Import from vendor repository. 
Obtained from:	OpenBSD
 2000-06-03 09:20:19 +00:00
kris
780d02839a This commit was generated by cvs2svn to compensate for changes in r61206, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:20:19 +00:00
kris
66c0eb5d8c Bring vendor patches onto the main branch, and resolve conflicts. 2000-06-03 07:31:44 +00:00
kris
e503398156 Import vendor patches: the first is written by 
Brian Feldman <green@FreeBSD.org>

* Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC)
* Disable agent forwarding by default in the client (security risk)

Submitted by:	green
Obtained from:	OpenBSD
 2000-06-03 07:18:09 +00:00
kris
88a84bd92e This commit was generated by cvs2svn to compensate for changes in r61201, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:18:09 +00:00
kris
10badcd8c7 Import vendor patch originally submitted by the below author: don't 
treat failure to create the authentication agent directory in /tmp as
a fatal error, but disable agent forwarding.

Submitted by:	Jan Koum <jkb@yahoo-inc.com>
 2000-06-03 07:06:14 +00:00
kris
89aaaa3ccb This commit was generated by cvs2svn to compensate for changes in r61199, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:06:14 +00:00
kris
e1e1f53651 Import vendor fix: "fix key_read() for uuencoded keys w/o '='" 
This bug caused OpenSSH not to recognise some of the DSA keys it
generated.

Submitted by:	Christian Weisgerber <naddy@mips.inka.de>
Obtained from:	OpenBSD
 2000-06-03 06:51:30 +00:00
kris
27503968d8 Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken 
from the openssh port)

Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
 2000-05-30 09:03:15 +00:00
jake
961b97d434 Back out the previous change to the queue(3) interface. 
It was not discussed and should probably not happen.

Requested by:		msmith and others
 2000-05-26 02:09:24 +00:00
jake
d93fbc9916 Change the way that the queue(3) structures are declared; don't assume that 
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
 2000-05-23 20:41:01 +00:00
ache
b102c893de Turn on CheckMail to be more login-compatible by default 2000-05-23 06:06:54 +00:00
brian
0e085590db Don't USE_PIPES 
Spammed by: peter
Submitted by: mkn@uk.FreeBSD.org
 2000-05-22 09:51:18 +00:00
kris
ecdf63b33e Correct two stupid typos in the DSA key location. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-05-18 06:04:23 +00:00
kris
de71a10db8 Unbreak Kerberos5 compilation. This still remains untested. 
Noticed by:	obrien
 2000-05-17 08:06:20 +00:00
kris
40816e5260 Oops, rename S/Key to Opie in line with FreeBSD usage. 2000-05-15 06:11:30 +00:00
kris
866470d785 Create a DSA host key if one does not already exist, and teach sshd_config 
about it.
 2000-05-15 05:40:27 +00:00
kris
a632b4789c Resolve conflicts and update for FreeBSD. 2000-05-15 05:24:25 +00:00
kris
4dc8aa85ce Initial import of OpenSSH v2.1. 2000-05-15 04:37:24 +00:00
kris
8cf8ce7bb1 This commit was generated by cvs2svn to compensate for changes in r60573, 
which included commits to RCS files with non-trunk default branches.
 2000-05-15 04:37:24 +00:00
nik
b8783e88c4 Note that X11 Forwarding is off by default. 
PR:             docs/17566
Submitted by:   Keith Stevenson <ktstev01@louisville.edu>
 2000-04-30 22:41:58 +00:00
kris
77771891cb Fix a memory leak. 
PR:		17360
Submitted by:	Andrew J. Korty <ajk@iu.edu>
 2000-03-29 08:24:37 +00:00
kris
9b205c3441 #include <ssl/foo.h> -> #include <openssl/foo.h> 2000-03-26 10:00:28 +00:00
kris
6948a83776 Resolve conflicts. 2000-03-26 07:37:48 +00:00
kris
b201b15ee1 Virgin import of OpenSSH sources dated 2000/03/25 2000-03-26 07:07:24 +00:00
kris
e46dd7a5de This commit was generated by cvs2svn to compensate for changes in r58582, 
which included commits to RCS files with non-trunk default branches.
 2000-03-26 07:07:24 +00:00
brian
64f92723d4 Use pipe() instead of socketpair() in sshd when communicating 
with the client.
This allows ppp/ssh style tunnels to function again.

Ok'd by:	markk
Submitted by:	markk@knigma.org
 2000-03-24 15:39:37 +00:00
mpp
b064529634 Fix a few spelling errors. 2000-03-24 02:26:54 +00:00
sheldonh
7889147802 IgnoreUserKnownHosts is a boolean flag, not an integer value. 
The fix submitted in the attributed PR is identical to the one
adopted by OpenBSD.

PR:		17027
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
Obtained from:	OpenBSD
 2000-03-22 09:36:35 +00:00
kris
0d170b1596 Add a new function stub to libcrypto() which resolves to a symbol in 
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.

This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'

This is a 4.0-RELEASE candidate.
 2000-03-13 09:55:53 +00:00
kris
d675ea707a Various manpage style/grammar/formatting cleanups 
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>, jedgar
PR:		17292 (remainder of)
 2000-03-13 00:17:43 +00:00
nik
2ace392884 - typos 
- Add double spaces following full stops to improve typeset output
- mdoc-ification.  (Though I'm uncertain whether option values and
  contents should be .Dq or something else).
- Fix a missed /etc/ssh change
- Expand wording on RandomSeed and behaviour when X11 isn't forwarded.
- Change examples to literal mode.
- Trim trailing whitespace

PR:		docs/17292
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
 2000-03-10 11:48:49 +00:00
markm
b0cba82a4f Make LOGIN_CAP work properly. 2000-03-09 14:52:31 +00:00
kris
8141458379 /etc -> /etc/ssh 
Submitted by:	Ben Smithurst <ben@scientia.demon.co.uk>
 2000-03-08 03:44:00 +00:00
jhay
94eda357d0 MFI: Use krb5 functions in krb5 files. 
Reviewed by:	markm
 2000-03-03 20:31:58 +00:00
green
ead1658802 Turn off X11 forwarding in the client. X11 forwarding in the server by 
default should probably also get turned on, now.

Requested by:	kris
Obtained from:	OpenBSD
 2000-03-03 05:58:39 +00:00
ume
1294a0b6cf Enable connection logging. FreeBSD's libwrap is IPv6 ready. 
OpenSSH is in our source tree, now.  It's a time to enable it.

Reviewed by:	markm, shin
Approved by:	jkh
 2000-02-29 19:37:04 +00:00
markm
37dce23afc 1) Add kerberos5 functionality. 
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
   by Andrey Chernov
 2000-02-28 19:03:50 +00:00
brian
499e159c08 Don't put truncated hostnames in utmp 
Approved by: jkh
 2000-02-28 18:51:30 +00:00
peter
eb77fcb95c Redo this with a repo copy from the original file and reset the 
__PREFIX__ markers.
 2000-02-26 09:59:14 +00:00
peter
18bcb8d297 oops, update path to /etc/ssh/ssh_host_key 2000-02-26 02:24:38 +00:00
peter
7abc89037f Merge from internat.freebsd.org; move ssh files from /etc to /etc/ssh 2000-02-25 14:25:10 +00:00
green
522f06fd77 Fix a bug that crawled in pretty recently (from the port). It made 
sshd coredump :(
 2000-02-25 05:22:14 +00:00
peter
8e4001f110 Fix garbage in SSH_PROGRAM (only on freefall, not internat) 2000-02-25 04:41:06 +00:00
green
83bac1a374 Make "CheckHostIP" default to off. This was proposed on -security and 
earlier IRC, but despite my inital feeling against it, this seems
the more proper thing to do.

Proposed by:	rwatson
 2000-02-25 03:04:29 +00:00
green
129e6a7558 The includes must be <openssl/.*\.h>, not <ssl/.*\.h>. 2000-02-25 01:53:12 +00:00
markm
ccef1c20fc remove more ports crud. 2000-02-24 23:54:00 +00:00
markm
190eabf199 remove ports junk 2000-02-24 23:46:38 +00:00
markm
37a38e6638 Add the patches fom ports (QV: ports/security/openssh/patches/patch-*) 2000-02-24 15:29:42 +00:00
markm
fc557ff7d9 Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
markm
606d31b1ec This commit was generated by cvs2svn to compensate for changes in r57429, 
which included commits to RCS files with non-trunk default branches.
 2000-02-24 14:29:47 +00:00
green
8b8214b6d3 Upgrade to the pam_ssh module, version 1.1.. 
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used.  XDM and its variants
should now work without modification.  Note that the new code uses
the macros in <sys/queue.h>.

Submitted by:	Andrew J. Korty <ajk@iu.edu>
 1999-12-28 05:32:54 +00:00