itojun
8acc6b96b1
refer ~/.ssh/id_rsa{.pub,}. sync with openbsd usr.bin/ssh.
2001-04-10 09:15:49 +00:00
itojun
235b9f0c2f
upgrade to openssh 2.5.4 (2001/4/10).
...
major behavior changes: (made in openssh master tree - openbsd usr.bin/ssh)
- ssh(1) now defaults to ssh protocol version 2.
if you want version 1 to take precedence, use /etc/ssh.conf to override.
- config change: ~/.ssh/id_rsa[12] is now ~/.ssh/id_rsa (changed 4/3)
- forced client rekey for protocol version 2 (~R)
- swap gid when uid swaps.
- ListenAddress syntax can take [foo]:port for IPv6 numerics.
- "ssh -D 1080" allows us to use ssh tunnel as SOCKS4 proxy.
2001-04-10 08:07:54 +00:00
itojun
d5fbc62ac3
OpenSSH 2.5.4 as of 2001/04/10
2001-04-10 07:13:48 +00:00
wiz
8626516b97
Prefer logical mark-up in one place.
2001-04-09 13:01:11 +00:00
wiz
18a4938209
Fix date.
2001-04-09 12:49:14 +00:00
wiz
f1e8ff0ae6
Fix date.
2001-04-09 12:42:35 +00:00
thorpej
dfaae5d853
Fix markup bug accidentally un-done in 0.3e merge fixup.
2001-04-07 22:20:33 +00:00
thorpej
f4872dded4
Reduce diffs with 0.3e (mostly, complete the merge).
2001-04-07 21:29:20 +00:00
thorpej
9ad709dc65
More mishaps from the 0.3e merge.
2001-04-07 21:03:51 +00:00
wiz
14dbdf5518
Negative exit code cleanup: Replace exit(-x) with exit(x).
...
As seen on tech-userlevel.
2001-04-06 11:13:45 +00:00
itojun
01692d62bf
0.3e import leftover. heimdal experts, please check.
2001-04-06 10:10:21 +00:00
itojun
500c4f040b
sync HEAD with v0-3e tag. it seems that it was left behind when heimdal
...
0.3e is imported. without this change, lib/libhdb does not compile.
PR12560
2001-04-06 08:32:35 +00:00
thorpej
6158847f3d
Prevent a NULL-pointer deref when making a TGS_REP for a ticket
...
renewal.
Patch from Assar via private mail.
2001-04-06 04:39:31 +00:00
thorpej
d545f30495
Merge April 4, 2001 racoon/libipsec.
2001-04-04 19:36:39 +00:00
thorpej
089a40db4b
Import racoon/libipsec as of April 4, 2001.
2001-04-04 19:33:00 +00:00
wiz
6b5ab77765
fo -> for
2001-04-02 18:25:34 +00:00
wiz
7d378dde0d
It's vs. Its.
2001-04-02 17:28:29 +00:00
lukem
315c0a92f9
if debugging (i.e, -v), use options.level instead of SYSLOG_LEVEL_INFO
...
to the first call to log_init(), otherwise debug messages from config
file parsing won't appear. (this seems to have been broken in recent
versions of openssh)
2001-04-02 03:53:36 +00:00
thorpej
6fe37483a3
Set the KRB5CCNAME envrironment variable in the child if we received
...
forwarded Kerberos 5 credentials, so that the process that needs them
can actually find them.
2001-03-28 03:31:52 +00:00
thorpej
8ab184566c
When we receive forwarded Kerberos credentials, stuff them into
...
a file credential cache (rather than a memory credential cache)
so that they're useful.
2001-03-28 03:17:23 +00:00
thorpej
2651b336ba
Somewhat crude hack to make Kerberos 5 credential forwarding work.
2001-03-28 03:02:51 +00:00
thorpej
2f7b0c6c27
Print useful Kerberos error messages.
2001-03-27 03:58:02 +00:00
itojun
0265b9e0c2
redo 1.1 -> 1.2. on RAND_file_name(), return /dev/urandom by default.
...
RAND_{load,write}_file() takes care of device file case. from openbsd.
2001-03-26 18:08:25 +00:00
itojun
522ac04d08
backout 1.1 -> 1.2 (use /dev/urandom if no value can be found),
...
/dev/urandom is not a normal file - there'll be no EOF.
noticed by Manuel Bouyer.
2001-03-21 19:49:50 +00:00
simonb
08e4590096
Cast to (long long) when using "%lld" in a printf format.
2001-03-21 00:11:06 +00:00
itojun
37da3c3c3c
sync with openssh 2.5.2 (from openbsd usr.bin/ssh, not from portable).
2001-03-19 20:03:24 +00:00
itojun
7617bcad07
OpenSSH 2.5.2 as of 3/19/2001, from openbsd usr.bin/ssh
2001-03-19 19:42:00 +00:00
thorpej
9ab0878e2a
If we get a KRB5KRB_AP_ERR_BAD_INTEGRITY on a TGS req with
...
a key usage of KRB5_KU_TGS_REQ_AUTH, then try again with a
key usage of KRB5_KU_AP_REQ_AUTH. This addresses an interop
issue between new kinit(1) (0.3e) and older KDCs (such as 0.3a).
Patch from assar@netbsd.org ; see discussion on current-users.
2001-03-12 19:25:51 +00:00
joda
bee147163e
simplify the krb5 code somewhat
2001-03-12 17:56:36 +00:00
thorpej
3fba4682aa
Fix LP64 problem in Kerberos 5 TGT passing.
2001-03-09 06:28:30 +00:00
thorpej
ca0ffe95fb
Merge 2002/03/08 racoon import.
2001-03-08 22:27:52 +00:00
thorpej
29f3673b42
KAME racoon as of 2001/03/08.
2001-03-08 22:18:05 +00:00
thorpej
ac356314da
Document:
...
- forwardable ([libdefaults] and [realms])
- proxiable ([libdefaults] and [realms])
- date_format ([libdefaults])
- srv_lookup ([libdefaults])
- srv_try_txt ([libdefaults])
- scan_interfaces ([libdefaults])
- fcache_version ([libdefaults])
2001-03-08 17:53:46 +00:00
thorpej
bda8951f6b
Plug some memory leaks.
2001-03-08 04:12:08 +00:00
assar
e625c71295
add krb5 support to ssh/sshd. based on code initially from Daniel Kouril <kouril@informatics.muni.cz> and Björn Grönvall <bg@sics.se>
2001-03-04 00:41:27 +00:00
jmc
bacb2758e0
Change keymatlen to size_t to match prototype for str2val.
2001-02-25 03:50:05 +00:00
itojun
96863758b7
remove WARNS=0. from enami
2001-02-22 03:11:24 +00:00
itojun
82ff942844
document complex_bundle. sync with kame
2001-02-22 02:42:43 +00:00
itojun
a5316a5fa5
sync with 2/22 code. -B and -Z,
...
bundle proposal interpretation, and some other fixes.
XXX WARNS?=0 in racoon/Makefile is necessary to compile yacc-generated files
(static function, generated by yacc, is never used).
2001-02-22 02:33:06 +00:00
itojun
98857d7198
KAME racoon as of 2001/2/22
2001-02-22 02:21:12 +00:00
itojun
1317273fae
sync up with 2.5.1.
...
this fixes backward compatibility breakage against 1.2.18 - 1.2.22.
2001-02-19 12:13:04 +00:00
itojun
10400c1d11
OpenSSH 2.5.1 as of 2001/2/19
2001-02-19 12:09:12 +00:00
itojun
c83dc32a4c
sync up with 2.5.0. simulate echobacks, X11 display name check, sftp upgrdes.
2001-02-16 15:48:34 +00:00
itojun
f02c06e047
OpenSSH 2.5.0 as of 2001/2/17
2001-02-16 15:41:22 +00:00
joda
ce75fa5829
removed in 0.3e
2001-02-16 15:34:39 +00:00
itojun
72b00a4178
take the safest side, mandate rnd(4).
2001-02-14 04:46:58 +00:00
itojun
788df94479
update import date.
2001-02-14 01:22:02 +00:00
itojun
531a3ed838
sync with 2/14.
...
openssh changes:
- SIGWINCH propagated correctly
- mitigate SSH1 traffic analysis
- sprintf -> snprintf and lots of other cleanups
netbsd local changes:
- include OpenBSD RCSID into binary again, which helps us diagnose later.
2001-02-14 01:06:48 +00:00
itojun
da62f78331
OpenSSH 2.3.2 as of 2001/2/14
2001-02-14 00:53:01 +00:00
assar
43c24b8340
undef ECHO to avoid a warning from the lex-generated code
2001-02-11 17:59:15 +00:00
assar
7a01412798
fix merg-up
2001-02-11 17:58:27 +00:00
assar
657da009a2
fix texinfo mark-up bug
2001-02-11 17:56:09 +00:00
assar
465ad8fda9
fix merge-ups
2001-02-11 16:08:41 +00:00
assar
be890e9bcf
fix merge conflicts
2001-02-11 14:13:07 +00:00
assar
7a16662ba0
import of heimdal 0.3e
2001-02-11 13:51:06 +00:00
itojun
a7b1b8e49c
make sure to zero-fill malloced region. sync with openbsd/usr.bin/ssh
2001-02-09 14:39:47 +00:00
itojun
19fb6ccf8d
comment: function are named "arc4"foo just for easy porting.
2001-02-09 00:44:35 +00:00
itojun
e3045c89d8
sync with 2.3.2.
2001-02-08 19:02:14 +00:00
itojun
e5eae0162b
OpenSSH 2.3.2 as of 2001/2/9
2001-02-08 18:55:32 +00:00
itojun
7f8fa38080
authentication mistake in SSHv2 + pubkey, from markus.
...
REBUILD AND RESTART SSHD NOW.
(vulnerability window for netbsd-current - < 48hours)
2001-02-08 18:17:24 +00:00
itojun
fbfaba7e44
%30s is too short for IPv6 addrssses.
2001-02-08 10:08:53 +00:00
itojun
54bdd08634
fix size_t -> int cast. need checking with alpha...
2001-02-07 18:05:23 +00:00
itojun
3614dcc87c
unsigned long long -> %llu, not %qd
2001-02-07 18:01:30 +00:00
itojun
31c0f02be2
update date string
2001-02-07 17:07:07 +00:00
itojun
1f5cfca3e6
sync crypto/dist/ssh with re-importorted tree. try to minimize diffs
...
with openssh tree to ease future upgrade. re-do local changes, including:
- prototype pedants
- IgnoreRootRhosts
- login.conf user validation
some of the local changes that weren't used are omitted for now. we may
need to revisit those afterwards.
it adds "sftp".
2001-02-07 17:05:31 +00:00
itojun
9d3aa44a65
OpenSSH 2.3.1 as of 2001/2/8
2001-02-07 16:46:40 +00:00
christos
a132b86864
remove redundant declarations
2001-02-04 22:55:26 +00:00
thorpej
78463fc818
Remove the pid file upon exit.
2001-02-04 20:15:52 +00:00
christos
c9b3202d16
remove/avoid redundand declarations.
2001-02-04 18:04:03 +00:00
christos
ef5d120e44
remove redundant decls.
2001-02-04 18:03:03 +00:00
christos
e745af3d91
remove redundant declarations.
2001-02-04 18:02:30 +00:00
christos
9b24735fd3
ifdef out redundant declaration of crypt(3); we don't need it.
2001-02-04 18:01:48 +00:00
christos
28473bf6be
remove redundant prototypes.
2001-02-04 18:00:31 +00:00
thorpej
848d04a86c
Merge the notsnap20010129 import.
2001-01-30 02:08:54 +00:00
thorpej
05d9e5e0e0
Update racoon from today's KAME sources. Includes memory leak
...
fixes in the GSSAPI support code.
2001-01-30 02:04:39 +00:00
itojun
2d889f0dc5
have safeputchar() for tcpdump/packet-isakmp.c. reported by bernd,
...
sync with kame.
2001-01-28 17:17:56 +00:00
itojun
21ecf40da9
BIND 8.2.3
2001-01-27 08:07:35 +00:00
thorpej
b6abea6f2b
Merge notsnap20010126 import.
2001-01-26 23:56:18 +00:00
thorpej
034d969067
Bring in latest racoon/libipsec from KAME (not part of a snap
...
kit). Includes a few bugfixes from, including a re-key problem
and memory leak when doing GSSAPI authentication for Phase 1.
Also some better config file documentation.
2001-01-26 23:53:26 +00:00
jdolecek
f17efc018b
complete the paragraph about HostKey directive, reword slighly
2001-01-24 22:59:11 +00:00
thorpej
16915b1818
Merge conflicts from notsnap20010124 import.
2001-01-24 18:18:32 +00:00
thorpej
1e7bdbcad4
Bring in latest racoon/libipsec from KAME (not part of a snap
...
kit). Includes several racoon bugfixes, including ones that
fix coredumps when using GSSAPI authentication for Phase 1.
2001-01-24 18:10:22 +00:00
itojun
6530b069f5
fix to PR 11320 (ssh-askpass gets invoked forever if we don't have
...
control terminal). from markus@openbsd
2001-01-21 02:44:05 +00:00
hubertf
cbd751b376
Sync with localsrc: The default is "ForwardX11 no".
2001-01-20 03:38:19 +00:00
itojun
096913193b
disable s/key authentication request (from client) by default, to prevent
...
confusing fake s/key challenge to show up.
per recent discussion on tech-userlevel.
2001-01-18 13:37:17 +00:00
itojun
f08806ada3
fix printf format for u_int64_t
2001-01-17 11:35:38 +00:00
simonb
3cc4829557
Fix printf format with sizeof().
2001-01-16 02:20:19 +00:00
toshii
a230982a45
Catch up with sshd config file entry changes.
...
Now we need to explicitly set DSA key location to use protocol version 2.
2001-01-15 06:13:08 +00:00
itojun
a98ee796df
$NetBSD$
2001-01-14 05:28:01 +00:00
itojun
a0f7a7d829
crypto/dist/ssh: resolve conflicts with 2.3.0/20010105.
...
usr.bin/ssh: add ssh-keyscan and sftp-server into SUBDIR.
2001-01-14 05:22:31 +00:00
itojun
bfbf0e0d31
NetBSD Secure Shell, based on OpenSSH 2.3.0 around 1/5/2001
2001-01-14 04:49:51 +00:00
lukem
286bcc01a3
don't use LOG_CONS
2001-01-11 02:58:05 +00:00
christos
339f061e38
remove redundant decls
2001-01-07 23:21:44 +00:00
mycroft
feb89c799a
Add a COMPATIBILITY section, mentioning the lossage with IDEA-encrypted keys.
2001-01-07 20:48:06 +00:00
christos
6b02df2bb5
remove redundant decl.
2001-01-07 05:44:03 +00:00
christos
1473c569f5
eliminated redundant decl.
2001-01-07 00:01:16 +00:00
christos
2c1245f292
eliminate redundant declarations.
2001-01-06 23:30:57 +00:00
itojun
cbf1717a72
do not allow outsider from injecting syslog entry anonymously.
...
log peer's ip address instead.
openbsd PR 1600.
2001-01-05 06:33:36 +00:00
itojun
b1375d5035
do not look at environment variables if issetugid() == 0.
...
use random number device file as the default value.
from openbsd.
2001-01-05 06:22:32 +00:00
lukem
f819878ce7
use more standard %ll_ in favour of %q_
2001-01-04 15:39:50 +00:00