freebsd-skq

Author	SHA1	Message	Date
kris	6eee534256	Re-add missing "break" which was lost during a previous patch integration. This currently has no effect. Submitted by: gshapiro	2000-09-02 04:37:51 +00:00
kris	42ae81df48	Turn on X11Forwarding by default on the server. Any risk is to the client, where it is already disabled by default. Reminded by: peter	2000-09-02 03:49:22 +00:00
kris	3ae9606341	Increase the default value of LoginGraceTime from 60 seconds to 120 seconds. PR: 20488 Submitted by: rwatson	2000-08-23 09:47:25 +00:00
kris	aba57a02e8	Respect X11BASE to derive the location of xauth(1) PR: 17818 Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>	2000-08-23 09:39:20 +00:00
kris	c433a0e2f8	This commit was generated by cvs2svn to compensate for changes in r64593, which included commits to RCS files with non-trunk default branches.	2000-08-13 05:23:23 +00:00
kris	e5f617598c	Fix setproctitle() and syslog() vulnerabilities.	2000-08-13 05:23:23 +00:00
kris	e5795f1541	Fix benign bugs due to missing format string in err() and warn(). Approved by: assar (vendor :-)	2000-08-13 04:46:54 +00:00
kris	cab37673f6	This commit was generated by cvs2svn to compensate for changes in r64583, which included commits to RCS files with non-trunk default branches.	2000-08-13 04:46:54 +00:00
kris	f7413271b5	Fix setproctitle() vulnerability in non-compiled code.	2000-08-13 04:35:43 +00:00
asmodai	5209950187	Chalk up another phkmalloc victim. It seems as if uninitialised memory was the culprit. We may want to contribute this back to the OpenSSH project. Submitted by: Alexander Leidinger <Alexander@Leidinger.net> on -current.	2000-08-01 08:07:15 +00:00
alex	0a765c451d	Crypto sources are no longer export controlled: Explain, why crypto sources are still in crypto/. Reviewed by: markm	2000-07-31 12:24:13 +00:00
asmodai	0a6c762555	Fix a weird typo, is -> are. The OpenSSH maintainer probably want to contribute this back to the real OpenSSH guys. Submitted by: Jon Perkin <sketchy@netcraft.com>	2000-07-27 19:21:15 +00:00
marko	1dcee686be	Fixed a minor typo in the header. Pointed out by: asmodai	2000-07-27 17:21:07 +00:00
marko	674af77794	Committed, Thanks!! PR: 20108 Submitted by: Doug Lee	2000-07-25 16:49:48 +00:00
ume	0abc0cfcd6	Fix buffer size of ALIGNed buffer. PR: bin/20053 Submitted by: Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>	2000-07-20 14:54:04 +00:00
assar	f816d255fa	merge in syslog fixes, do not call syslog with variabel as format string	2000-07-20 05:43:55 +00:00
peter	e2062d0bd5	Add missing $FreeBSD$ to files that are NOT still on vendor a branch.	2000-07-16 05:48:49 +00:00
nsayer	f0ebc4fdd1	Fix 'telnet -X sra' coredump PR# 19835	2000-07-11 15:04:05 +00:00
peter	d9df5f65de	Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes)	2000-07-11 09:54:24 +00:00
peter	5f6efaa063	Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600.	2000-07-11 09:52:14 +00:00
peter	772dd17b51	Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but sshd's internal default was 'yes'. (if some cracker managed to trash /etc/ssh/sshd_config, then root logins could be reactivated) Approved by: kris	2000-07-11 09:50:15 +00:00
peter	adeace1395	Make FallBackToRsh off by default. Falling back to rsh by default is silly in this day and age. Approved by: kris	2000-07-11 09:39:34 +00:00
kris	a5aaf7609c	Don't call printf with no format string.	2000-07-10 05:16:59 +00:00
ume	4eacfb7489	Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA change (getaddrinfo.c rev 1.12).	2000-07-08 05:22:00 +00:00
itojun	1fcab4244d	sync with usr.bin/telnet/commands.c 1.21 -> 1.22. pierre.dampure@alveley.org	2000-07-07 12:35:05 +00:00
green	be6e69fbed	Allow restarting on SIGHUP when the full path was not given as argv[0]. We do have /proc/curproc/file :)	2000-07-04 06:43:26 +00:00
green	26efc47d38	So /this/ is what has made OpenSSH's SSHv2 support never work right! In some cases, limits did not get set to the proper class, but instead always to "default", because not all passwd copies were done to completion.	2000-06-27 21:16:06 +00:00
green	71e9ee0209	Also make sure to close the socket that exceeds your rate limit.	2000-06-26 23:39:26 +00:00
green	9bccae4f2e	Make rate limiting work per-listening-socket. Log better messages than before for this, requiring a new function (get_ipaddr()). canohost.c receives a $FreeBSD$ line. Suggested by: Niels Provos <niels@OpenBSD.org>	2000-06-26 05:44:23 +00:00
markm	2fe0472e39	MFI. This is a documentation-only, diffreducing patch, that if invoked will cause breakage. US Users - DO NOT try to turn on IDEA - the sources are not included.	2000-06-24 06:50:58 +00:00
markm	58b7870cc7	Grrr. I hate CVS. These were supposed to be committed when I did the IDEA fix earlier today. Bring back IDEA from the dead (but not compiled by default).	2000-06-19 21:09:27 +00:00
markm	940ce492dc	Re-add IDEA. This is not actually built unless asked for by the user. (To avoid patent hassles).	2000-06-19 13:59:34 +00:00
kris	4f57b24cfd	Fix syntax error in previous commit. Submitted by: Udo Schweigert <ust@cert.siemens.de>	2000-06-11 21:41:25 +00:00
kris	ad6da2a572	Fix security botch in "UseLogin Yes" case: commands are executed with uid 0. Obtained from: OpenBSD	2000-06-10 22:32:57 +00:00
ru	caf976b39e	Make `ssh-agent -k' work for csh(1)-like shells.	2000-06-10 14:14:28 +00:00
green	ba3f3c2ac7	Allow "DenyUsers" to function.	2000-06-06 06:16:55 +00:00
kris	a55fcaa060	Resolve conflicts	2000-06-03 09:58:15 +00:00
kris	3639dd9ace	Initial import of OpenSSH snapshot from 2000/05/30 Obtained from: OpenBSD	2000-06-03 09:52:37 +00:00
kris	0a76acd42d	This commit was generated by cvs2svn to compensate for changes in r61209, which included commits to RCS files with non-trunk default branches.	2000-06-03 09:52:37 +00:00
kris	1e51208074	Resolve conflicts	2000-06-03 09:23:13 +00:00
kris	585dc667de	Import from vendor repository. Obtained from: OpenBSD	2000-06-03 09:20:19 +00:00
kris	780d02839a	This commit was generated by cvs2svn to compensate for changes in r61206, which included commits to RCS files with non-trunk default branches.	2000-06-03 09:20:19 +00:00
kris	66c0eb5d8c	Bring vendor patches onto the main branch, and resolve conflicts.	2000-06-03 07:31:44 +00:00
kris	e503398156	Import vendor patches: the first is written by Brian Feldman <green@FreeBSD.org> * Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC) * Disable agent forwarding by default in the client (security risk) Submitted by: green Obtained from: OpenBSD	2000-06-03 07:18:09 +00:00
kris	88a84bd92e	This commit was generated by cvs2svn to compensate for changes in r61201, which included commits to RCS files with non-trunk default branches.	2000-06-03 07:18:09 +00:00
kris	10badcd8c7	Import vendor patch originally submitted by the below author: don't treat failure to create the authentication agent directory in /tmp as a fatal error, but disable agent forwarding. Submitted by: Jan Koum <jkb@yahoo-inc.com>	2000-06-03 07:06:14 +00:00
kris	89aaaa3ccb	This commit was generated by cvs2svn to compensate for changes in r61199, which included commits to RCS files with non-trunk default branches.	2000-06-03 07:06:14 +00:00
kris	e1e1f53651	Import vendor fix: "fix key_read() for uuencoded keys w/o '='" This bug caused OpenSSH not to recognise some of the DSA keys it generated. Submitted by: Christian Weisgerber <naddy@mips.inka.de> Obtained from: OpenBSD	2000-06-03 06:51:30 +00:00
kris	27503968d8	Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken from the openssh port) Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>	2000-05-30 09:03:15 +00:00
jake	961b97d434	Back out the previous change to the queue(3) interface. It was not discussed and should probably not happen. Requested by: msmith and others	2000-05-26 02:09:24 +00:00
jake	d93fbc9916	Change the way that the queue(3) structures are declared; don't assume that the type argument to _HEAD and _ENTRY is a struct. Suggested by: phk Reviewed by: phk Approved by: mdodd	2000-05-23 20:41:01 +00:00
ache	b102c893de	Turn on CheckMail to be more login-compatible by default	2000-05-23 06:06:54 +00:00
brian	0e085590db	Don't USE_PIPES Spammed by: peter Submitted by: mkn@uk.FreeBSD.org	2000-05-22 09:51:18 +00:00
kris	ecdf63b33e	Correct two stupid typos in the DSA key location. Submitted by: Udo Schweigert <ust@cert.siemens.de>	2000-05-18 06:04:23 +00:00
kris	de71a10db8	Unbreak Kerberos5 compilation. This still remains untested. Noticed by: obrien	2000-05-17 08:06:20 +00:00
kris	40816e5260	Oops, rename S/Key to Opie in line with FreeBSD usage.	2000-05-15 06:11:30 +00:00
kris	866470d785	Create a DSA host key if one does not already exist, and teach sshd_config about it.	2000-05-15 05:40:27 +00:00
kris	a632b4789c	Resolve conflicts and update for FreeBSD.	2000-05-15 05:24:25 +00:00
kris	4dc8aa85ce	Initial import of OpenSSH v2.1.	2000-05-15 04:37:24 +00:00
kris	8cf8ce7bb1	This commit was generated by cvs2svn to compensate for changes in r60573, which included commits to RCS files with non-trunk default branches.	2000-05-15 04:37:24 +00:00
nik	b8783e88c4	Note that X11 Forwarding is off by default. PR: docs/17566 Submitted by: Keith Stevenson <ktstev01@louisville.edu>	2000-04-30 22:41:58 +00:00
markm	3e04080f8a	MFF: catch up with FreeFall	2000-04-19 21:20:54 +00:00
kris	a0eba154d3	If stderr is closed, report the error message about missing libraries via syslog instead. Reviewed by: jkh	2000-04-18 06:25:24 +00:00
markm	f8f9ad64d4	Internat diff reducer.	2000-04-16 17:49:31 +00:00
markm	893841d237	Virgin import of OpenSSL v0.9.5a	2000-04-16 16:03:07 +00:00
markm	fcef4a7a75	This commit was generated by cvs2svn to compensate for changes in r59281, which included commits to RCS files with non-trunk default branches.	2000-04-16 16:03:07 +00:00
kris	6b5aa79169	Resolve conflicts.	2000-04-13 07:15:03 +00:00
kris	54c77f990d	Initial import of OpenSSL 0.9.5a	2000-04-13 06:33:22 +00:00
kris	40ba664ca8	This commit was generated by cvs2svn to compensate for changes in r59191, which included commits to RCS files with non-trunk default branches.	2000-04-13 06:33:22 +00:00
kris	0acc851007	Correct a typo and interchanged library names Submitted by: Ben Rosengart <ben@narcissus.net> Matthew D. Fuller <fullermd@futuresouth.com>	2000-04-05 04:09:51 +00:00
kris	77771891cb	Fix a memory leak. PR: 17360 Submitted by: Andrew J. Korty <ajk@iu.edu>	2000-03-29 08:24:37 +00:00
kris	9b205c3441	#include <ssl/foo.h> -> #include <openssl/foo.h>	2000-03-26 10:00:28 +00:00
kris	6948a83776	Resolve conflicts.	2000-03-26 07:37:48 +00:00
kris	b201b15ee1	Virgin import of OpenSSH sources dated 2000/03/25	2000-03-26 07:07:24 +00:00
kris	e46dd7a5de	This commit was generated by cvs2svn to compensate for changes in r58582, which included commits to RCS files with non-trunk default branches.	2000-03-26 07:07:24 +00:00
kris	977254a1c1	Don't refer to the openssl handbook chapter by name - the doc guys keep jamming new chapters in front of it :)	2000-03-25 07:28:18 +00:00
brian	64f92723d4	Use pipe() instead of socketpair() in sshd when communicating with the client. This allows ppp/ssh style tunnels to function again. Ok'd by: markk Submitted by: markk@knigma.org	2000-03-24 15:39:37 +00:00
mpp	b064529634	Fix a few spelling errors.	2000-03-24 02:26:54 +00:00
sheldonh	7889147802	IgnoreUserKnownHosts is a boolean flag, not an integer value. The fix submitted in the attributed PR is identical to the one adopted by OpenBSD. PR: 17027 Submitted by: David Malone <dwmalone@maths.tcd.ie> Obtained from: OpenBSD	2000-03-22 09:36:35 +00:00
kris	0d170b1596	Add a new function stub to libcrypto() which resolves to a symbol in the librsa* library and reports which version of the library (OpenSSL/RSAREF) is being used. This is then used in openssh to detect the failure case of RSAREF and a RSA key >1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai led.' This is a 4.0-RELEASE candidate.	2000-03-13 09:55:53 +00:00
kris	d675ea707a	Various manpage style/grammar/formatting cleanups Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>, jedgar PR: 17292 (remainder of)	2000-03-13 00:17:43 +00:00
nik	2ace392884	- typos - Add double spaces following full stops to improve typeset output - mdoc-ification. (Though I'm uncertain whether option values and contents should be .Dq or something else). - Fix a missed /etc/ssh change - Expand wording on RandomSeed and behaviour when X11 isn't forwarded. - Change examples to literal mode. - Trim trailing whitespace PR: docs/17292 Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>	2000-03-10 11:48:49 +00:00
markm	b0cba82a4f	Make LOGIN_CAP work properly.	2000-03-09 14:52:31 +00:00
kris	8141458379	/etc -> /etc/ssh Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>	2000-03-08 03:44:00 +00:00
jhay	94eda357d0	MFI: Use krb5 functions in krb5 files. Reviewed by: markm	2000-03-03 20:31:58 +00:00
shin	1b7dce690e	Replace structure copy form ifreq obtained by SIOCGIFADDR to memcpy(), to avoid unaligned access trap on alpha. Approved by: jkh	2000-03-03 13:05:00 +00:00
shin	b284df6e2f	CMSG_XXX macros alignment fixes to follow RFC2292. Approved by: jkh	2000-03-03 12:50:46 +00:00
green	ead1658802	Turn off X11 forwarding in the client. X11 forwarding in the server by default should probably also get turned on, now. Requested by: kris Obtained from: OpenBSD	2000-03-03 05:58:39 +00:00
kris	b3d817cd57	Update the wording on the error message when libcrypto.so can't find an RSA library. Reviewed by: peter, jkh	2000-03-02 06:21:02 +00:00
ume	1294a0b6cf	Enable connection logging. FreeBSD's libwrap is IPv6 ready. OpenSSH is in our source tree, now. It's a time to enable it. Reviewed by: markm, shin Approved by: jkh	2000-02-29 19:37:04 +00:00
markm	37dce23afc	1) Add kerberos5 functionality. by Daniel Kouril <kouril@informatics.muni.cz> 2) Add full LOGIN_CAP capability by Andrey Chernov	2000-02-28 19:03:50 +00:00
brian	499e159c08	Don't put truncated hostnames in utmp Approved by: jkh	2000-02-28 18:51:30 +00:00
peter	4f3a50153f	Sync with internat.freebsd.org; weak symbols vs static libs == trouble	2000-02-26 16:57:17 +00:00
peter	8d6551c752	Merge from internat.freebsd.org; move VERBOSE_STUBS to a better spot.	2000-02-26 14:20:18 +00:00
peter	95cacb19a9	Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing) Reorganize and unify libcrypto's interface so that the RSA implementation is chosen at runtime via dlopen(). This is a checkpoint and may require more tweaks still.	2000-02-26 13:19:18 +00:00
peter	58c2a78aa2	Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing) Reorganize and unify libcrypto's interface so that the RSA implementation is chosen at runtime via dlopen(). This is a checkpoint and may require more tweaks still.	2000-02-26 13:13:03 +00:00
peter	527ba28c8f	At great personal risk (to my already fragile sanity), reorganize the rsa stubs for libcrypto. libcrypto.so now uses dlopen() to implement the backends for either the native or rsaref implemented RSA code. This involves: - unifying the libcrypto and openssl(1) source so there is no #ifdef RSAref variations. - using weak symbols and dlopen()/dlsym() routines to access the rsa method vectors. Releases will enable the user to choose International, US (rsaref) or no RSA code at install time. 'make world' will DTRT depending on whether you have the international or US source. For US users, you must either install rsaref (the port or package) or (if you don't fear RSA Inc) use the (superior) International rsa_eay.c code. This has been discussed at great length by the affected folks and even we have a great deal of confusion. This is a checkpoint so we can tune the results. This works for me in all permutations I can think of and should result in a CD/ftp 'release' just about doing the right thing now.	2000-02-26 13:06:55 +00:00
peter	eb77fcb95c	Redo this with a repo copy from the original file and reset the __PREFIX__ markers.	2000-02-26 09:59:14 +00:00
peter	18bcb8d297	oops, update path to /etc/ssh/ssh_host_key	2000-02-26 02:24:38 +00:00
peter	7abc89037f	Merge from internat.freebsd.org; move ssh files from /etc to /etc/ssh	2000-02-25 14:25:10 +00:00

1 2 3 4 5

245 Commits