Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
108,090 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

169 Commits

Author SHA1 Message Date
thorpej b33be07056 Avoid conflict with reserved identifier "log". 2002-12-06 03:39:06 +00:00
manu a2e26d6e11 back out the previous change. We really don't want to enable login on a 
mode 666 tty.
In order to use sshd logins with a read-only /dev, the administrator has to
make the tty mode 600 root/wheel before the partition gets read-only.
 2002-10-15 15:33:04 +00:00
manu 9dc3c4ee08 Re-allow connection when /dev is read-only, and the tty is owned by the 
user or owned by root.
 2002-10-15 15:19:02 +00:00
itojun 173446ddd0 use cast to unsigned long long, instead of PRIu64 
(to make it easier to move the change back to main openssh distribution)
 2002-10-04 02:22:05 +00:00
petrov 31b9b01a31 use PRIu64 for u_int64_t. 2002-10-03 07:41:10 +00:00
itojun ef7d24574a upgrade to openssh 3.5. major changes include: 
- krb4/5 support for privsep (krb5 diff was already applied)

includes fake implementaation of getpeereid() from openssh-portable, which
does nothing useful - need improvement.
 2002-10-01 14:07:26 +00:00
itojun 604e45f4cd OpenSSH 3.5 as of Oct 1, 2002 2002-10-01 13:39:55 +00:00
elric 75bc91b4e4 Changed documentation of the default setting for PermitRootLogin 
to ``no'', to match our actual default setting.

Addresses PR: bin/18445
 2002-09-28 15:07:33 +00:00
itojun 5431e7941f tweak the example $HOME/.ssh/rc script to not show on any cmdline the 
sensitive data it handles. This fixes bug # 402 as reported by
kolya@mit.edu (Nickolai Zeldovich).
 2002-09-25 03:43:19 +00:00
itojun 17e856961c don't quit while creating X11 listening socket. 
address (first) problem described in
http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
 2002-09-17 06:26:18 +00:00
itojun 32e004f92a kerberos support w/ privsep. confirmed to work by lha@stacken.kth.se 2002-09-09 06:45:17 +00:00
itojun a6315c15ad utmpx.ut_id is required. 
PR 17998 with slight modification (deal with ttyname shorter than 4)
 2002-08-20 07:42:53 +00:00
itojun 7bab20a582 bitmask operation audit (s/&&/&/). from openbsd 2002-08-08 15:12:09 +00:00
christos 3fd219f644 add utmpx support. 2002-07-28 23:43:33 +00:00
itojun 24ef72afbf print connect failure on debugging mode. sync w/openbsd 2002-07-12 13:28:36 +00:00
itojun bdfa549223 bark if all connection attemp fails. sync w/openbsd 2002-07-10 10:28:00 +00:00
itojun 92b7524e7d silently connect(2) to next address. sync w/openbsd 2002-07-09 12:04:10 +00:00
itojun a2a47b15ce don't warn even if reverse lookup fails. sync w/openbsd 2002-07-09 12:03:54 +00:00
itojun 9a2478a3b0 /var/empty -> /var/chroot/sshd. PR 17519 2002-07-08 14:39:53 +00:00
itojun 968294e218 >make ssh-keysign read /etc/ssh/ssh_config 
>and exit if HostbasedAuthentication is disabled globally. based on discussions
>with deraadt, itojun and sommerfeld; ok itojun@

sync w/openbsd
 2002-07-03 14:23:13 +00:00
itojun 92ea28e291 >for compression=yes, we fallback to no-compression if the server does 
>not support compression, vice versa for compression=no. ok mouring@
sync w/openbsd
 2002-07-03 10:07:48 +00:00
itojun 673c1a7ac1 >use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) 
>in order to avoid a possible Kocher timing attack pointed out by Charles
>Hannum; ok provos@
 2002-07-03 10:06:39 +00:00
itojun c28e7ac1f6 correct signed/unsigned mixup; openbsd 2002-07-03 10:05:58 +00:00
itojun 8d3378688a pednatic check on command line args. correct signed/unsigned mixup. 
sync w/ openbsd
 2002-07-01 06:17:11 +00:00
itojun 84559971ee make use of xfree() consistent. from openbsd 2002-07-01 05:56:45 +00:00
itojun 11792b93b1 don't use freed memory. sync w/openbsd 2002-07-01 05:54:03 +00:00
itojun 5bdd56b128 sync with 3.4 2002-06-26 14:08:29 +00:00
itojun b8f8e01057 OpenSSH 3.4 around 2002/6/26. 
most significant change:
>make sure # of response matches # of queries, fixes int overflow; from ISS

as we have already enabled privsep by default, we should have been safe.
 2002-06-26 14:02:54 +00:00
itojun 603dca2ed2 sync whitespace w/ openbsd tree 2002-06-24 15:47:25 +00:00
itojun bc7b65a647 don't lose information while we cast 2002-06-24 15:46:34 +00:00
agc 7d6a7caf6a Cast arguments so that this file will compile on less forgiving architectures 
like arm32.
 2002-06-24 15:32:58 +00:00
itojun 3ea946f134 sync with openssh 3.3. 
local mods included to make it compile with openssl 0.9.6d.
 2002-06-24 05:48:24 +00:00
itojun 3dfc6702ef clean ssh-keysign build dir before import. 2002-06-24 05:45:17 +00:00
itojun 9486e6fd01 it shouldn't be imported 2002-06-24 05:28:32 +00:00
itojun b5222aff66 OpenSSH 3.3 as of June 24, 2002. 
- ssh is no longer seruid root.  ssh-keyscan is added to read secret host keys.
  protocol version 1 rsh-like authentication is gone.
- FallBackToRsh is deprecated.
 2002-06-24 05:25:39 +00:00
wiz d844f0d7b1 Fix Xrefs. 2002-06-13 00:15:09 +00:00
wiz 78c59017cc Remove photurisd reference. 2002-06-13 00:14:26 +00:00
itojun b745604c00 sync sockaddr_ntop with latest openssh (minor change) 2002-06-09 22:22:55 +00:00
itojun be5f1d082c use getnameinfo on diag printing. sync w/openssh in openbsd 2002-06-08 21:17:57 +00:00
itojun e67961b545 check sshd uid/chroot dir on UsePrivilegeSeparation mode, and die if they 
do not exist.  sync w/openssh
 2002-05-29 23:54:29 +00:00
itojun a5c3041a1b bump date for rhosts auth fix 2002-05-27 13:45:40 +00:00
itojun b274d69ad0 correct rhosts authentication. should fix PR 17023 2002-05-27 13:45:17 +00:00
itojun a46557038c now arc4random is in libc, we don't need to supply local version 2002-05-25 00:29:52 +00:00
itojun e26b1052bb use /var/chroot/sshd instead of /var/empty. suggested by christos 2002-05-16 20:59:35 +00:00
itojun f47caddaf3 turn on privilege separation, as 3.2.1 default do. 
requires sshd uid/gid as well as /var/empty directory.
 2002-05-14 23:33:07 +00:00
itojun ca89359407 sync with 3.2.1 as of 5/13. 
NOTE: privilege separation is turned off by default
as it seems there still are issues with setsid().
 2002-05-13 02:58:17 +00:00
itojun 24255a6a60 OpenSSH 3.2.1 as of 2002/5/13 2002-05-13 02:28:40 +00:00
lukem 244b762de1 Complete the conversion back to the OpenSSH default configuration files of 
"/etc/ssh/ssh_config" (from "/etc/ssh/ssh.conf") for ssh(1) and other
userland tools, and "/etc/ssh/sshd_config (from "/etc/ssh/sshd.conf")
for sshd(8).

etc/postinstall will detect this, and if "fix" is given, rename the files.
 2002-04-29 08:23:34 +00:00
itojun 936168b29d correct afs/kerberos token-passing. notified by markus@openbsd 2002-04-24 01:48:04 +00:00
itojun 34b40b030e sync with openssh 3.2 as of 2002/4/22. 
- privilege separation
- afs/kerberos auth security issue fixed
 2002-04-22 07:59:35 +00:00