cjs
d814de63b5
For consistency, make permit_root_login default to PERMIT_NO if not specified
...
in the config file. Thanks to itojun for pointing this out.
2001-09-03 04:23:10 +00:00
simonb
8d327e93bf
Include <string.h> for memcpy() prototype.
2001-09-02 08:45:22 +00:00
itojun
ee42f09d5b
upgrade to KAME 2001/8/31.
2001-08-31 10:36:08 +00:00
itojun
9e9f5f3086
KAME as of 2001/8/31
2001-08-31 09:59:03 +00:00
cjs
da09d12c1e
Document that PermitRootLogin's default is now "no".
2001-08-31 09:00:29 +00:00
cjs
894936aa50
Do not permit direct root logins. This makes ssh consistent with
...
NetBSD's default security policy in this area: if you are not on
a secure terminal, you must be able to authenticate as a user in
the "wheel" group before you may attempt to authenticate as root
using the root password.
2001-08-31 08:16:24 +00:00
itojun
e99543f805
validate certs correctly. sync with kame
2001-08-06 08:17:40 +00:00
itojun
0f6cbd66d3
need string.h for alpha. from chuck
2001-08-06 05:48:50 +00:00
itojun
d4d587fb31
(should) fix build on alpha. From: Chuck Silvers <chuq@chuq.com>
2001-08-05 18:52:13 +00:00
garbled
7c0934f7f5
While writing sushi's support for sshd.conf, I found out that the manpage
...
lies wrt to MaxStartups. Make the manpage match the code.
2001-08-03 02:29:07 +00:00
itojun
5abda287b4
Get rid of "Os KAME".
2001-08-02 12:19:45 +00:00
itojun
366bd307b0
sync with 2001/8/2 KAME racoon/libipsec.
2001-08-02 12:15:00 +00:00
itojun
7295c743a4
bring in latest racoon/libipsec from KAME. lots of lots of stability fixes.
2001-08-02 12:06:08 +00:00
manu
3f1d5c2789
sshd is now able to log in an user if the filesystem is readonly and the tty
...
owned by root. Note that the tty still must be mode 620, and sshd does not
check which group owns the tty (more problems here?).
This closes NetBSD PR bin/13499
The fix has been commited to OpenSSH CVS. See OpenBSD's PR user/1946.
2001-07-27 23:34:27 +00:00
assar
76371341d1
remove a (potentially) double free
2001-07-18 21:54:56 +00:00
itojun
7fc834dc03
upgrade to 0.9.6b. no shlib major/minor bump is necessary.
2001-07-11 06:50:53 +00:00
itojun
0eb42056bd
OpenSSL 0.9.6b
2001-07-11 03:54:20 +00:00
itojun
a549080f85
OpenSSL 0.9.6b
2001-07-11 03:53:32 +00:00
itojun
7d076b538c
fix PRNG weakness. the workaround presented on bugtraq posting.
2001-07-10 14:01:26 +00:00
wiz
7615e78c24
Remove formatted man pages.
2001-07-08 19:20:55 +00:00
hubertf
f5bb393643
add missing .El
2001-07-05 20:47:31 +00:00
hubertf
d8ec602681
Note: just because our macros/groff/whatever terminates .Bl internall for a
...
new .Sh doesn't mean the ending .El should be omitted
2001-06-26 00:52:59 +00:00
hubertf
d91e447e6b
PRevent one of these:
...
List open at EOF -- A .Bl directive has no matching .El
2001-06-25 23:37:27 +00:00
wiz
419e44fdc2
Mostly formatting fixes.
2001-06-24 17:44:11 +00:00
veego
7b726945ac
There is no photurisd(8).
2001-06-24 17:29:43 +00:00
assar
f9feddfb52
add string.h, noted by Staffan Thomen <duck@multi.fi>
2001-06-23 22:42:43 +00:00
itojun
69d60502fe
upgrade to openssh 2.9, around 2001/6/24 (from openbsd usr.bin/ssh).
...
- authorized_keys2 and known_hosts2 are obsoleted, and integrated
into those without "2".
- file name change, /etc/primes -> /etc/moduli
- cleanups
2001-06-23 19:37:38 +00:00
itojun
0d521994cf
OpenBSD 2001/6/24
2001-06-23 19:09:44 +00:00
itojun
6cc43ed622
OpenSSH 2.9 as of 2001/6/24
2001-06-23 16:36:22 +00:00
itojun
5324608adc
reject expired password/account. warn if interactive && about to expire.
...
ala login(1). From: Brian Poole <raj@cerias.purdue.edu>
XXX code duplicate with login(1) - should be solved by BSD AUTH code integration
2001-06-23 08:08:04 +00:00
itojun
fed4515da9
bump netbsd-local version number to identify X11 "cookies" fix
2001-06-20 07:49:45 +00:00
assar
4b1c7f1857
update generated heimdal include files for 0.3f
...
update Makefile infrastructure for 0.3f
bump shared library versions
fix some merge problems
2001-06-20 02:01:18 +00:00
assar
df54fb31c9
merge in conflicts after 0.3f import
2001-06-19 22:39:52 +00:00
assar
c6c55d41cd
import of heimdal 0.3f
2001-06-19 22:08:08 +00:00
assar
f9ab899fe6
import of heimdal 0.3f
2001-06-19 22:07:32 +00:00
lukem
ab32b074ec
If UseLogin is enabled, disable X11Forwarding (since xauth passing doesn't
...
work in this case, so X11Forwarding is effectively useless). Document this.
Resolves my pr [security/13172].
2001-06-18 10:26:33 +00:00
wiz
b6449b85de
Add RCS Id, adapt to NetBSD, fix punctuation and whitespace.
2001-06-15 12:50:44 +00:00
wiz
0cc24e9a9f
On note by kleink: Add primes.5 to crypto/dist/ssh instead of share/man/man5.
...
Import state of 2001-06-14.
2001-06-15 12:47:39 +00:00
itojun
82b8462ccf
apply ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch.
...
sshd(8) allows users to delete arbitrary files named "cookies"
if X11 forwarding is enabled. X11 forwarding is disabled by
default.
2001-06-14 02:45:30 +00:00
itojun
f7528da67e
make it compile with KRB4 and not with KRB5. from IIJ SEIL team
2001-06-14 02:42:31 +00:00
wiz
71a78ab6ea
Note that HEIMDAL should be removed after '.Os' in man pages on import.
2001-06-05 17:08:07 +00:00
joda
8f12cb2799
not yet operational Heimdal import script
2001-06-05 17:04:24 +00:00
wiz
5e80b5d2de
Remove trailing dot in Nd.
2001-06-05 12:19:35 +00:00
wiz
4abaa1bb50
No argument for .Os.
2001-06-05 11:11:07 +00:00
wiz
04065ff226
No argument for .Os.
2001-06-05 10:13:54 +00:00
wiz
48a36de9c0
Don't give .Os an argument, not even 'NetBSD' (default includes version).
2001-06-05 10:08:03 +00:00
itojun
59dea86dc0
disable DNSSEC build, for two reasons. (1) restrictive license
...
(2) due to protocol changes BIND8 DNSSEC code is not really useful
2001-05-27 04:39:40 +00:00
itojun
de1e278afa
$NetBSD$
2001-05-26 23:26:59 +00:00
itojun
c01f1862d6
prime table for OpenSSH, from OpenBSD etc/primes
2001-05-26 23:24:21 +00:00
itojun
900d6f1790
BIND 8.2.4
2001-05-17 20:45:58 +00:00