Commit Graph

32 Commits

Author SHA1 Message Date
des
108403d091 Fix off-by-one and initialization errors which prevented sshd from
restarting when sent a SIGHUP.

Submitted by:	tegge
Approved by:	re (jhb)
2003-05-28 19:39:33 +00:00
des
58b9db3b6f Resolve conflicts. 2003-04-23 17:13:13 +00:00
des
d37413d05a Force early initialization of the resolver library, since the resolver
configuration files will no longer be available once sshd is chrooted.

PR:		39953, 40894
Submitted by:	dinoex
MFC after:	3 days
2003-01-22 14:12:59 +00:00
des
279b0fa809 Resolve conflicts. 2002-10-29 10:16:02 +00:00
des
72a8e501f7 Resolve conflicts.
Sponsored by:	DARPA, NAI Labs
2002-06-29 11:48:59 +00:00
des
5ba29faa04 Forcibly revert to mainline. 2002-06-27 22:42:11 +00:00
des
fa8aa6dfe7 Resolve conflicts. Known issues:
- sshd fails to set TERM correctly.
 - privilege separation may break PAM and is currently turned off.
 - man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by:	DARPA, NAI Labs
2002-06-23 16:09:08 +00:00
des
6534271ec8 Fix conflicts. 2002-03-18 10:09:43 +00:00
ru
5307ecb83c Make libssh.so useable (undefined reference to IPv4or6).
Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:06:47 +00:00
assar
6d29950919 fix renamed options in some of the code that was #ifdef AFS
also print an error if krb5 ticket passing is disabled

Submitted by:	Jonathan Chen <jon@spock.org>
2001-09-04 13:27:04 +00:00
green
119a11eb6b Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
assar
4e2eb78eca Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR:		misc/20504
2001-03-04 02:22:04 +00:00
kris
94cb603894 Patches backported from later development version of OpenSSH which prevent
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.

Reviewed by:	rwatson
2001-02-12 06:44:51 +00:00
green
759414f218 /Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
and giving a dire error to its lingering users.
2001-01-13 07:57:43 +00:00
green
a121b36822 Fix a long-standing bug that resulted in a dropped session sometimes
when an X11-forwarded client was closed.  For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really).  Set SIGPIPE's handler to SIG_IGN.
2001-01-06 21:15:07 +00:00
green
ab6b35a1d6 Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd    auth    sufficient      pam_skey.so
sshd    auth    required        pam_unix.so                     try_first_pass
sshd    session required        pam_permit.so

Parts by:	Eivind Eklend <eivind@FreeBSD.org>
2000-12-05 02:55:12 +00:00
green
3c8715d5d7 Fix a few style oddities. 2000-09-10 18:04:12 +00:00
green
bb24bb397b Fix a goof in timevaldiff. 2000-09-10 18:03:46 +00:00
kris
24372e6c10 Resolve conflicts and update for OpenSSH 2.2.0
Reviewed by:	gshapiro, peter, green
2000-09-10 09:35:38 +00:00
green
be6e69fbed Allow restarting on SIGHUP when the full path was not given as argv[0].
We do have /proc/curproc/file :)
2000-07-04 06:43:26 +00:00
green
71e9ee0209 Also make sure to close the socket that exceeds your rate limit. 2000-06-26 23:39:26 +00:00
green
9bccae4f2e Make rate limiting work per-listening-socket. Log better messages than
before for this, requiring a new function (get_ipaddr()).  canohost.c
receives a $FreeBSD$ line.

Suggested by:	Niels Provos <niels@OpenBSD.org>
2000-06-26 05:44:23 +00:00
kris
a55fcaa060 Resolve conflicts 2000-06-03 09:58:15 +00:00
kris
de71a10db8 Unbreak Kerberos5 compilation. This still remains untested.
Noticed by:	obrien
2000-05-17 08:06:20 +00:00
kris
a632b4789c Resolve conflicts and update for FreeBSD. 2000-05-15 05:24:25 +00:00
kris
6948a83776 Resolve conflicts. 2000-03-26 07:37:48 +00:00
markm
b0cba82a4f Make LOGIN_CAP work properly. 2000-03-09 14:52:31 +00:00
ume
1294a0b6cf Enable connection logging. FreeBSD's libwrap is IPv6 ready.
OpenSSH is in our source tree, now.  It's a time to enable it.

Reviewed by:	markm, shin
Approved by:	jkh
2000-02-29 19:37:04 +00:00
markm
37dce23afc 1) Add kerberos5 functionality.
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
   by Andrey Chernov
2000-02-28 19:03:50 +00:00
green
522f06fd77 Fix a bug that crawled in pretty recently (from the port). It made
sshd coredump :(
2000-02-25 05:22:14 +00:00
markm
37a38e6638 Add the patches fom ports (QV: ports/security/openssh/patches/patch-*) 2000-02-24 15:29:42 +00:00
markm
fc557ff7d9 Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00