Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
85,760 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

91 Commits

Author SHA1 Message Date
itojun ba613513e8 sync with openssh 2.9.9 around 9/27. 2001-09-27 03:24:01 +00:00
itojun bcdc367f57 OpenSSH 2.9.9 as of 2001/9/27 2001-09-27 02:00:33 +00:00
itojun 00489c2412 apply the following advisory. 2.9.9 will be imported soon. 
Subject: OpenSSH Security Advisory (adv.option)
From: Markus Friedl <markus@openbsd.org>
Message-ID: <20010926231823.A15229@folly>
 2001-09-27 00:12:42 +00:00
cjs d814de63b5 For consistency, make permit_root_login default to PERMIT_NO if not specified 
in the config file. Thanks to itojun for pointing this out.
 2001-09-03 04:23:10 +00:00
cjs da09d12c1e Document that PermitRootLogin's default is now "no". 2001-08-31 09:00:29 +00:00
cjs 894936aa50 Do not permit direct root logins. This makes ssh consistent with 
NetBSD's default security policy in this area: if you are not on
a secure terminal, you must be able to authenticate as a user in
the "wheel" group before you may attempt to authenticate as root
using the root password.
 2001-08-31 08:16:24 +00:00
garbled 7c0934f7f5 While writing sushi's support for sshd.conf, I found out that the manpage 
lies wrt to MaxStartups.  Make the manpage match the code.
 2001-08-03 02:29:07 +00:00
manu 3f1d5c2789 sshd is now able to log in an user if the filesystem is readonly and the tty 
owned by root. Note that the tty still must be mode 620, and sshd does not
check which group owns the tty (more problems here?).
This closes NetBSD PR bin/13499
The fix has been commited to OpenSSH CVS. See OpenBSD's PR user/1946.
 2001-07-27 23:34:27 +00:00
wiz 419e44fdc2 Mostly formatting fixes. 2001-06-24 17:44:11 +00:00
veego 7b726945ac There is no photurisd(8). 2001-06-24 17:29:43 +00:00
itojun 69d60502fe upgrade to openssh 2.9, around 2001/6/24 (from openbsd usr.bin/ssh). 
- authorized_keys2 and known_hosts2 are obsoleted, and integrated
  into those without "2".
- file name change, /etc/primes -> /etc/moduli
- cleanups
 2001-06-23 19:37:38 +00:00
itojun 0d521994cf OpenBSD 2001/6/24 2001-06-23 19:09:44 +00:00
itojun 6cc43ed622 OpenSSH 2.9 as of 2001/6/24 2001-06-23 16:36:22 +00:00
itojun 5324608adc reject expired password/account. warn if interactive && about to expire. 
ala login(1).  From: Brian Poole <raj@cerias.purdue.edu>

XXX code duplicate with login(1) - should be solved by BSD AUTH code integration
 2001-06-23 08:08:04 +00:00
itojun fed4515da9 bump netbsd-local version number to identify X11 "cookies" fix 2001-06-20 07:49:45 +00:00
lukem ab32b074ec If UseLogin is enabled, disable X11Forwarding (since xauth passing doesn't 
work in this case, so X11Forwarding is effectively useless). Document this.
Resolves my pr [security/13172].
 2001-06-18 10:26:33 +00:00
wiz b6449b85de Add RCS Id, adapt to NetBSD, fix punctuation and whitespace. 2001-06-15 12:50:44 +00:00
wiz 0cc24e9a9f On note by kleink: Add primes.5 to crypto/dist/ssh instead of share/man/man5. 
Import state of 2001-06-14.
 2001-06-15 12:47:39 +00:00
itojun 82b8462ccf apply ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch. 
sshd(8) allows users to delete arbitrary files named "cookies"
       if X11 forwarding is enabled. X11 forwarding is disabled by
       default.
 2001-06-14 02:45:30 +00:00
itojun f7528da67e make it compile with KRB4 and not with KRB5. from IIJ SEIL team 2001-06-14 02:42:31 +00:00
itojun de1e278afa $NetBSD$ 2001-05-26 23:26:59 +00:00
itojun c01f1862d6 prime table for OpenSSH, from OpenBSD etc/primes 2001-05-26 23:24:21 +00:00
itojun 5bb235dbab recover $NetBSD$ 2001-05-15 16:00:32 +00:00
itojun f4532f2487 upgrade to openssh (openbsd usr.bin/ssh) 2.9, around 5/15/2001. 2001-05-15 15:26:07 +00:00
itojun 72af75e4ce OpenSSH 2.9 as of 2001/5/15 2001-05-15 15:02:20 +00:00
itojun d9f67f8672 reduce amount of diff with openbsd usr.bin/ssh (for -Wall -Werror clean) 
so that we can get rid of local changes.

openssh side do not like static functions so put prototypes into each files
rather than making function static.
 2001-05-15 14:50:49 +00:00
onoe c85f9c433b Do not discard input data from client for channels waiting for connection 
establishment.
 2001-05-08 03:02:35 +00:00
itojun b7ab24621c do not attempt to pass null pointer to krb5 library. PR 12683 2001-04-17 12:27:37 +00:00
tron 517c969698 Fix possible core dump in "ssh-add". Patch supplied by Wolfgang Rupprecht 
in PR pkg/12669.
 2001-04-16 03:10:14 +00:00
itojun 374141fb16 duplicated calls to login_getclass. 
From: Jim Bernard <jbernard@mines.edu>
 2001-04-11 23:39:46 +00:00
itojun 8acc6b96b1 refer ~/.ssh/id_rsa{.pub,}. sync with openbsd usr.bin/ssh. 2001-04-10 09:15:49 +00:00
itojun 235b9f0c2f upgrade to openssh 2.5.4 (2001/4/10). 
major behavior changes: (made in openssh master tree - openbsd usr.bin/ssh)
- ssh(1) now defaults to ssh protocol version 2.
  if you want version 1 to take precedence, use /etc/ssh.conf to override.
- config change: ~/.ssh/id_rsa[12] is now ~/.ssh/id_rsa (changed 4/3)
- forced client rekey for protocol version 2 (~R)
- swap gid when uid swaps.
- ListenAddress syntax can take [foo]:port for IPv6 numerics.
- "ssh -D 1080" allows us to use ssh tunnel as SOCKS4 proxy.
 2001-04-10 08:07:54 +00:00
itojun d5fbc62ac3 OpenSSH 2.5.4 as of 2001/04/10 2001-04-10 07:13:48 +00:00
wiz 18a4938209 Fix date. 2001-04-09 12:49:14 +00:00
lukem 315c0a92f9 if debugging (i.e, -v), use options.level instead of SYSLOG_LEVEL_INFO 
to the first call to log_init(), otherwise debug messages from config
file parsing won't appear. (this seems to have been broken in recent
versions of openssh)
 2001-04-02 03:53:36 +00:00
thorpej 6fe37483a3 Set the KRB5CCNAME envrironment variable in the child if we received 
forwarded Kerberos 5 credentials, so that the process that needs them
can actually find them.
 2001-03-28 03:31:52 +00:00
thorpej 8ab184566c When we receive forwarded Kerberos credentials, stuff them into 
a file credential cache (rather than a memory credential cache)
so that they're useful.
 2001-03-28 03:17:23 +00:00
thorpej 2651b336ba Somewhat crude hack to make Kerberos 5 credential forwarding work. 2001-03-28 03:02:51 +00:00
thorpej 2f7b0c6c27 Print useful Kerberos error messages. 2001-03-27 03:58:02 +00:00
simonb 08e4590096 Cast to (long long) when using "%lld" in a printf format. 2001-03-21 00:11:06 +00:00
itojun 37da3c3c3c sync with openssh 2.5.2 (from openbsd usr.bin/ssh, not from portable). 2001-03-19 20:03:24 +00:00
itojun 7617bcad07 OpenSSH 2.5.2 as of 3/19/2001, from openbsd usr.bin/ssh 2001-03-19 19:42:00 +00:00
joda bee147163e simplify the krb5 code somewhat 2001-03-12 17:56:36 +00:00
thorpej 3fba4682aa Fix LP64 problem in Kerberos 5 TGT passing. 2001-03-09 06:28:30 +00:00
assar e625c71295 add krb5 support to ssh/sshd. based on code initially from Daniel Kouril <kouril@informatics.muni.cz> and Björn Grönvall <bg@sics.se> 2001-03-04 00:41:27 +00:00
itojun 1317273fae sync up with 2.5.1. 
this fixes backward compatibility breakage against 1.2.18 - 1.2.22.
 2001-02-19 12:13:04 +00:00
itojun 10400c1d11 OpenSSH 2.5.1 as of 2001/2/19 2001-02-19 12:09:12 +00:00
itojun c83dc32a4c sync up with 2.5.0. simulate echobacks, X11 display name check, sftp upgrdes. 2001-02-16 15:48:34 +00:00
itojun f02c06e047 OpenSSH 2.5.0 as of 2001/2/17 2001-02-16 15:41:22 +00:00
itojun 72b00a4178 take the safest side, mandate rnd(4). 2001-02-14 04:46:58 +00:00