Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
87,745 Commits 606 Branches 0 Tags 3.1 GiB
ed00fe0aee
Commit Graph

96 Commits

Author SHA1 Message Date
itojun
1eb2191d4f fix auth_krb5() error case behavior. found by jhawk, sync with openbsd tree 2001-11-12 05:45:29 +00:00
itojun
29574d25c5 sync with 3.0 as of 2001/11/7. 2001-11-07 06:26:47 +00:00
itojun
29c34cbb94 OpenSSH 3.0 as of 2001/11/7 2001-11-07 06:20:12 +00:00
sommerfeld
9de5bfcf8f Turn on TCP_NODELAY over loopback 2001-10-18 19:46:12 +00:00
itojun
880aff49c4 buffix from openbsd tree: users config should overwrite system config. 2001-10-02 00:39:14 +00:00
itojun
ba613513e8 sync with openssh 2.9.9 around 9/27. 2001-09-27 03:24:01 +00:00
itojun
bcdc367f57 OpenSSH 2.9.9 as of 2001/9/27 2001-09-27 02:00:33 +00:00
itojun
00489c2412 apply the following advisory. 2.9.9 will be imported soon. 
Subject: OpenSSH Security Advisory (adv.option)
From: Markus Friedl <markus@openbsd.org>
Message-ID: <20010926231823.A15229@folly>
 2001-09-27 00:12:42 +00:00
cjs
d814de63b5 For consistency, make permit_root_login default to PERMIT_NO if not specified 
in the config file. Thanks to itojun for pointing this out.
 2001-09-03 04:23:10 +00:00
cjs
da09d12c1e Document that PermitRootLogin's default is now "no". 2001-08-31 09:00:29 +00:00
cjs
894936aa50 Do not permit direct root logins. This makes ssh consistent with 
NetBSD's default security policy in this area: if you are not on
a secure terminal, you must be able to authenticate as a user in
the "wheel" group before you may attempt to authenticate as root
using the root password.
 2001-08-31 08:16:24 +00:00
garbled
7c0934f7f5 While writing sushi's support for sshd.conf, I found out that the manpage 
lies wrt to MaxStartups.  Make the manpage match the code.
 2001-08-03 02:29:07 +00:00
manu
3f1d5c2789 sshd is now able to log in an user if the filesystem is readonly and the tty 
owned by root. Note that the tty still must be mode 620, and sshd does not
check which group owns the tty (more problems here?).
This closes NetBSD PR bin/13499
The fix has been commited to OpenSSH CVS. See OpenBSD's PR user/1946.
 2001-07-27 23:34:27 +00:00
wiz
419e44fdc2 Mostly formatting fixes. 2001-06-24 17:44:11 +00:00
veego
7b726945ac There is no photurisd(8). 2001-06-24 17:29:43 +00:00
itojun
69d60502fe upgrade to openssh 2.9, around 2001/6/24 (from openbsd usr.bin/ssh). 
- authorized_keys2 and known_hosts2 are obsoleted, and integrated
  into those without "2".
- file name change, /etc/primes -> /etc/moduli
- cleanups
 2001-06-23 19:37:38 +00:00
itojun
0d521994cf OpenBSD 2001/6/24 2001-06-23 19:09:44 +00:00
itojun
6cc43ed622 OpenSSH 2.9 as of 2001/6/24 2001-06-23 16:36:22 +00:00
itojun
5324608adc reject expired password/account. warn if interactive && about to expire. 
ala login(1).  From: Brian Poole <raj@cerias.purdue.edu>

XXX code duplicate with login(1) - should be solved by BSD AUTH code integration
 2001-06-23 08:08:04 +00:00
itojun
fed4515da9 bump netbsd-local version number to identify X11 "cookies" fix 2001-06-20 07:49:45 +00:00
lukem
ab32b074ec If UseLogin is enabled, disable X11Forwarding (since xauth passing doesn't 
work in this case, so X11Forwarding is effectively useless). Document this.
Resolves my pr [security/13172].
 2001-06-18 10:26:33 +00:00
wiz
b6449b85de Add RCS Id, adapt to NetBSD, fix punctuation and whitespace. 2001-06-15 12:50:44 +00:00
wiz
0cc24e9a9f On note by kleink: Add primes.5 to crypto/dist/ssh instead of share/man/man5. 
Import state of 2001-06-14.
 2001-06-15 12:47:39 +00:00
itojun
82b8462ccf apply ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch. 
sshd(8) allows users to delete arbitrary files named "cookies"
       if X11 forwarding is enabled. X11 forwarding is disabled by
       default.
 2001-06-14 02:45:30 +00:00
itojun
f7528da67e make it compile with KRB4 and not with KRB5. from IIJ SEIL team 2001-06-14 02:42:31 +00:00
itojun
de1e278afa $NetBSD$ 2001-05-26 23:26:59 +00:00
itojun
c01f1862d6 prime table for OpenSSH, from OpenBSD etc/primes 2001-05-26 23:24:21 +00:00
itojun
5bb235dbab recover $NetBSD$ 2001-05-15 16:00:32 +00:00
itojun
f4532f2487 upgrade to openssh (openbsd usr.bin/ssh) 2.9, around 5/15/2001. 2001-05-15 15:26:07 +00:00
itojun
72af75e4ce OpenSSH 2.9 as of 2001/5/15 2001-05-15 15:02:20 +00:00
itojun
d9f67f8672 reduce amount of diff with openbsd usr.bin/ssh (for -Wall -Werror clean) 
so that we can get rid of local changes.

openssh side do not like static functions so put prototypes into each files
rather than making function static.
 2001-05-15 14:50:49 +00:00
onoe
c85f9c433b Do not discard input data from client for channels waiting for connection 
establishment.
 2001-05-08 03:02:35 +00:00
itojun
b7ab24621c do not attempt to pass null pointer to krb5 library. PR 12683 2001-04-17 12:27:37 +00:00
tron
517c969698 Fix possible core dump in "ssh-add". Patch supplied by Wolfgang Rupprecht 
in PR pkg/12669.
 2001-04-16 03:10:14 +00:00
itojun
374141fb16 duplicated calls to login_getclass. 
From: Jim Bernard <jbernard@mines.edu>
 2001-04-11 23:39:46 +00:00
itojun
8acc6b96b1 refer ~/.ssh/id_rsa{.pub,}. sync with openbsd usr.bin/ssh. 2001-04-10 09:15:49 +00:00
itojun
235b9f0c2f upgrade to openssh 2.5.4 (2001/4/10). 
major behavior changes: (made in openssh master tree - openbsd usr.bin/ssh)
- ssh(1) now defaults to ssh protocol version 2.
  if you want version 1 to take precedence, use /etc/ssh.conf to override.
- config change: ~/.ssh/id_rsa[12] is now ~/.ssh/id_rsa (changed 4/3)
- forced client rekey for protocol version 2 (~R)
- swap gid when uid swaps.
- ListenAddress syntax can take [foo]:port for IPv6 numerics.
- "ssh -D 1080" allows us to use ssh tunnel as SOCKS4 proxy.
 2001-04-10 08:07:54 +00:00
itojun
d5fbc62ac3 OpenSSH 2.5.4 as of 2001/04/10 2001-04-10 07:13:48 +00:00
wiz
18a4938209 Fix date. 2001-04-09 12:49:14 +00:00
lukem
315c0a92f9 if debugging (i.e, -v), use options.level instead of SYSLOG_LEVEL_INFO 
to the first call to log_init(), otherwise debug messages from config
file parsing won't appear. (this seems to have been broken in recent
versions of openssh)
 2001-04-02 03:53:36 +00:00
thorpej
6fe37483a3 Set the KRB5CCNAME envrironment variable in the child if we received 
forwarded Kerberos 5 credentials, so that the process that needs them
can actually find them.
 2001-03-28 03:31:52 +00:00
thorpej
8ab184566c When we receive forwarded Kerberos credentials, stuff them into 
a file credential cache (rather than a memory credential cache)
so that they're useful.
 2001-03-28 03:17:23 +00:00
thorpej
2651b336ba Somewhat crude hack to make Kerberos 5 credential forwarding work. 2001-03-28 03:02:51 +00:00
thorpej
2f7b0c6c27 Print useful Kerberos error messages. 2001-03-27 03:58:02 +00:00
simonb
08e4590096 Cast to (long long) when using "%lld" in a printf format. 2001-03-21 00:11:06 +00:00
itojun
37da3c3c3c sync with openssh 2.5.2 (from openbsd usr.bin/ssh, not from portable). 2001-03-19 20:03:24 +00:00
itojun
7617bcad07 OpenSSH 2.5.2 as of 3/19/2001, from openbsd usr.bin/ssh 2001-03-19 19:42:00 +00:00
joda
bee147163e simplify the krb5 code somewhat 2001-03-12 17:56:36 +00:00
thorpej
3fba4682aa Fix LP64 problem in Kerberos 5 TGT passing. 2001-03-09 06:28:30 +00:00
assar
e625c71295 add krb5 support to ssh/sshd. based on code initially from Daniel Kouril <kouril@informatics.muni.cz> and Björn Grönvall <bg@sics.se> 2001-03-04 00:41:27 +00:00