108 Commits

Author SHA1 Message Date
explorer
ad08960f5c When calling krb5_verify_user(), we must restore root's uid, since it will need to read /etc/krb5.keytab. 2001-12-19 10:28:47 +00:00
he
a18ce029f6 Deal with lossage caused by the addition of the netbsd-1-5 branch tag
to these files.

Apparently, the "magic" which causes the latest version on the
vendor branch to appear at the head in the repository broke when
the netbsd-1-5 tag was added.  Thus, merge in the lost revisions from
the vendor tag to work around this.
2001-12-13 15:53:54 +00:00
itojun
e2970b134f sync with openbsd/remove variable name from prototype 2001-12-12 17:24:46 +00:00
itojun
684138909c fix constness difference in prototype and func def. 2001-12-12 17:16:16 +00:00
itojun
718900f830 sync with 3.0.2 2001-12-06 03:54:04 +00:00
itojun
d97f5d9481 OpenSSH 3.0.2 as of 2001/12/06. fixes environment variable passing in UseLogin=yes 2001-12-06 03:46:04 +00:00
thorpej
cce3152281 Deal with an LP64 printf format issue. 2001-11-30 00:46:36 +00:00
itojun
d4b3b8bf82 update version date to 20011127 2001-11-27 04:16:08 +00:00
itojun
f7146cb367 resolve one more conflict 2001-11-27 04:11:23 +00:00
itojun
ce0e2b2976 resolve conflicts on 3.0.1 import 2001-11-27 04:10:22 +00:00
itojun
c0c77d470a OpenSSH 3.0.1 as of 2001/11/27. minor bugfixes only. 2001-11-27 04:03:44 +00:00
itojun
6ececc36b4 openssh 3.0 krb5 auth problem has been plugged,
sync up version number to 3.0.1 so that we can identify it.
2001-11-19 07:39:57 +00:00
itojun
1eb2191d4f fix auth_krb5() error case behavior. found by jhawk, sync with openbsd tree 2001-11-12 05:45:29 +00:00
itojun
29574d25c5 sync with 3.0 as of 2001/11/7. 2001-11-07 06:26:47 +00:00
itojun
29c34cbb94 OpenSSH 3.0 as of 2001/11/7 2001-11-07 06:20:12 +00:00
sommerfeld
9de5bfcf8f Turn on TCP_NODELAY over loopback 2001-10-18 19:46:12 +00:00
itojun
880aff49c4 buffix from openbsd tree: users config should overwrite system config. 2001-10-02 00:39:14 +00:00
itojun
ba613513e8 sync with openssh 2.9.9 around 9/27. 2001-09-27 03:24:01 +00:00
itojun
bcdc367f57 OpenSSH 2.9.9 as of 2001/9/27 2001-09-27 02:00:33 +00:00
itojun
00489c2412 apply the following advisory. 2.9.9 will be imported soon.
Subject: OpenSSH Security Advisory (adv.option)
From: Markus Friedl <markus@openbsd.org>
Message-ID: <20010926231823.A15229@folly>
2001-09-27 00:12:42 +00:00
cjs
d814de63b5 For consistency, make permit_root_login default to PERMIT_NO if not specified
in the config file. Thanks to itojun for pointing this out.
2001-09-03 04:23:10 +00:00
cjs
da09d12c1e Document that PermitRootLogin's default is now "no". 2001-08-31 09:00:29 +00:00
cjs
894936aa50 Do not permit direct root logins. This makes ssh consistent with
NetBSD's default security policy in this area: if you are not on
a secure terminal, you must be able to authenticate as a user in
the "wheel" group before you may attempt to authenticate as root
using the root password.
2001-08-31 08:16:24 +00:00
garbled
7c0934f7f5 While writing sushi's support for sshd.conf, I found out that the manpage
lies wrt to MaxStartups.  Make the manpage match the code.
2001-08-03 02:29:07 +00:00
manu
3f1d5c2789 sshd is now able to log in an user if the filesystem is readonly and the tty
owned by root. Note that the tty still must be mode 620, and sshd does not
check which group owns the tty (more problems here?).
This closes NetBSD PR bin/13499
The fix has been commited to OpenSSH CVS. See OpenBSD's PR user/1946.
2001-07-27 23:34:27 +00:00
wiz
419e44fdc2 Mostly formatting fixes. 2001-06-24 17:44:11 +00:00
veego
7b726945ac There is no photurisd(8). 2001-06-24 17:29:43 +00:00
itojun
69d60502fe upgrade to openssh 2.9, around 2001/6/24 (from openbsd usr.bin/ssh).
- authorized_keys2 and known_hosts2 are obsoleted, and integrated
  into those without "2".
- file name change, /etc/primes -> /etc/moduli
- cleanups
2001-06-23 19:37:38 +00:00
itojun
0d521994cf OpenBSD 2001/6/24 2001-06-23 19:09:44 +00:00
itojun
6cc43ed622 OpenSSH 2.9 as of 2001/6/24 2001-06-23 16:36:22 +00:00
itojun
5324608adc reject expired password/account. warn if interactive && about to expire.
ala login(1).  From: Brian Poole <raj@cerias.purdue.edu>

XXX code duplicate with login(1) - should be solved by BSD AUTH code integration
2001-06-23 08:08:04 +00:00
itojun
fed4515da9 bump netbsd-local version number to identify X11 "cookies" fix 2001-06-20 07:49:45 +00:00
lukem
ab32b074ec If UseLogin is enabled, disable X11Forwarding (since xauth passing doesn't
work in this case, so X11Forwarding is effectively useless). Document this.
Resolves my pr [security/13172].
2001-06-18 10:26:33 +00:00
wiz
b6449b85de Add RCS Id, adapt to NetBSD, fix punctuation and whitespace. 2001-06-15 12:50:44 +00:00
wiz
0cc24e9a9f On note by kleink: Add primes.5 to crypto/dist/ssh instead of share/man/man5.
Import state of 2001-06-14.
2001-06-15 12:47:39 +00:00
itojun
82b8462ccf apply ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch.
sshd(8) allows users to delete arbitrary files named "cookies"
       if X11 forwarding is enabled. X11 forwarding is disabled by
       default.
2001-06-14 02:45:30 +00:00
itojun
f7528da67e make it compile with KRB4 and not with KRB5. from IIJ SEIL team 2001-06-14 02:42:31 +00:00
itojun
de1e278afa $NetBSD$ 2001-05-26 23:26:59 +00:00
itojun
c01f1862d6 prime table for OpenSSH, from OpenBSD etc/primes 2001-05-26 23:24:21 +00:00
itojun
5bb235dbab recover $NetBSD$ 2001-05-15 16:00:32 +00:00
itojun
f4532f2487 upgrade to openssh (openbsd usr.bin/ssh) 2.9, around 5/15/2001. 2001-05-15 15:26:07 +00:00
itojun
72af75e4ce OpenSSH 2.9 as of 2001/5/15 2001-05-15 15:02:20 +00:00
itojun
d9f67f8672 reduce amount of diff with openbsd usr.bin/ssh (for -Wall -Werror clean)
so that we can get rid of local changes.

openssh side do not like static functions so put prototypes into each files
rather than making function static.
2001-05-15 14:50:49 +00:00
onoe
c85f9c433b Do not discard input data from client for channels waiting for connection
establishment.
2001-05-08 03:02:35 +00:00
itojun
b7ab24621c do not attempt to pass null pointer to krb5 library. PR 12683 2001-04-17 12:27:37 +00:00
tron
517c969698 Fix possible core dump in "ssh-add". Patch supplied by Wolfgang Rupprecht
in PR pkg/12669.
2001-04-16 03:10:14 +00:00
itojun
374141fb16 duplicated calls to login_getclass.
From: Jim Bernard <jbernard@mines.edu>
2001-04-11 23:39:46 +00:00
itojun
8acc6b96b1 refer ~/.ssh/id_rsa{.pub,}. sync with openbsd usr.bin/ssh. 2001-04-10 09:15:49 +00:00
itojun
235b9f0c2f upgrade to openssh 2.5.4 (2001/4/10).
major behavior changes: (made in openssh master tree - openbsd usr.bin/ssh)
- ssh(1) now defaults to ssh protocol version 2.
  if you want version 1 to take precedence, use /etc/ssh.conf to override.
- config change: ~/.ssh/id_rsa[12] is now ~/.ssh/id_rsa (changed 4/3)
- forced client rekey for protocol version 2 (~R)
- swap gid when uid swaps.
- ListenAddress syntax can take [foo]:port for IPv6 numerics.
- "ssh -D 1080" allows us to use ssh tunnel as SOCKS4 proxy.
2001-04-10 08:07:54 +00:00
itojun
d5fbc62ac3 OpenSSH 2.5.4 as of 2001/04/10 2001-04-10 07:13:48 +00:00