Parent Directory
| 
Revision Log
| Links to HEAD: | (view) (download) (annotate) |
| Sticky Revision: |
Revert a local change that sets the default for UsePrivilegeSeparation to "sandbox" instead of "yes". In sandbox mode, the privsep child is unable to load additional libraries and will therefore crash when trying to take advantage of crypto offloading on CPUs that support it.
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
Upgrade OpenSSH to 6.1p1.
Polish diff against upstream. - Revert unneeded whitespace changes. - Revert modifications to loginrec.c, as the upstream version already does the right thing. - Fix indentation and whitespace of local changes. Approved by: des MFC after: 1 month
Upgrade to OpenSSH 5.9p1. MFC after: 3 months
Add support for dynamically adjusted buffers to allow the full use of the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer)
Upgrade to OpenSSH 5.8p2.
Upgrade to OpenSSH 5.6p1.
Upgrade to OpenSSH 5.5p1.
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
Upgrade to OpenSSH 5.3p1.
Upgrade to OpenSSH 5.2p1. MFC after: 3 months
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
Consistently set svn:eol-style.
Merge conflicts. MFC after: 1 week
Merge conflicts.
Resolve conflicts.
Resolve conflicts.
Resolve conflicts
Resolve conflicts.
Pull asbesthos underpants on and disable protocol version 1 by default.
Turn non-PAM password authentication off by default when USE_PAM is defined. Too many users are getting bitten by it.
Egg on my face: UsePAM was off by default. Pointed out by: Sean McNeil <sean@mcneil.com>
Resolve conflicts and remove obsolete files. Sponsored by: registrar.no
Resolve conflicts.
Resolve conflicts.
Resolve conflicts. Sponsored by: DARPA, NAI Labs
Apply FreeBSD's configuration defaults. Sponsored by: DARPA, NAI Labs
Add the VersionAddendum configuration variable. Sponsored by: DARPA, NAI Labs
Forcibly revert to mainline.
Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs
Back out previous commit.
Change default challenge/response behavior of sshd by popular demand. This brings us into sync with the behavior of sshd on other Unix platforms. Submitted by: Joshua Goodall <joshua@roughtrade.net>
1) Surprisingly, "CheckMail" handling code completely removed from this version, so documented "CheckMail" option exists but does nothing. Bring it back to life adding code back. 2) Cosmetique. Reduce number of args in do_setusercontext()
Back out previous backout. It seems I was right to begin with, and DSA is preferrable to RSA (not least because the SECSH draft standard requires DSA while RSA is only recommended).
Knowledgeable persons assure me that RSA is preferable to DSA and that we should transition away from DSA.
Do not attempt to load an ssh2 RSA host key by default.
REALLY correct typo this time. Noticed by: roam
Fix typo (missing paren) affecting KRB4 && KRB5 case. Approved by: des
Unbreak for KRB4 ^ KRB5 case. Sponsored by: DARPA, NAI Labs
Fix conflicts.
Fix conflicts for OpenSSH 2.9.
Add a "VersionAddendum" configuration setting for sshd which allows anyone to easily change the part of the OpenSSH version after the main version number. The FreeBSD-specific version banner could be disabled that way, for example: # Call ourselves plain OpenSSH VersionAddendum
Add code for being compatible with ssh.com's krb5 authentication. It is done by using the same ssh messages for v4 and v5 authentication (since the ssh.com does not now anything about v4) and looking at the contents after unpacking it to see if it is v4 or v5. Based on code from Björn Grönvall <bg@sics.se> PR: misc/20504
Make ConnectionsPerPeriod non-fatal for real.
MFF: Make ConnectionsPerPeriod usage a warning, not fatal.
/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it and giving a dire error to its lingering users.
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website. Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too. This requires at least the following in pam.conf: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so Parts by: Eivind Eklend <eivind@FreeBSD.org>
Resolve conflicts and update for OpenSSH 2.2.0 Reviewed by: gshapiro, peter, green
Turn on X11Forwarding by default on the server. Any risk is to the client, where it is already disabled by default. Reminded by: peter
Increase the default value of LoginGraceTime from 60 seconds to 120 seconds. PR: 20488 Submitted by: rwatson
Forced commit. This is to try and help folks that used the international crypto repo and have slightly different files but with the same version. cvsup in 'checkout mode' has no trouble with this, but cvs can get really silly about it.
Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes)
Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600.
Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but sshd's internal default was 'yes'. (if some cracker managed to trash /etc/ssh/sshd_config, then root logins could be reactivated) Approved by: kris
Allow "DenyUsers" to function.
Resolve conflicts
Resolve conflicts and update for FreeBSD.
Resolve conflicts.
IgnoreUserKnownHosts is a boolean flag, not an integer value. The fix submitted in the attributed PR is identical to the one adopted by OpenBSD. PR: 17027 Submitted by: David Malone <dwmalone@maths.tcd.ie> Obtained from: OpenBSD
1) Add kerberos5 functionality. by Daniel Kouril <kouril@informatics.muni.cz> 2) Add full LOGIN_CAP capability by Andrey Chernov
Add the patches fom ports (QV: ports/security/openssh/patches/patch-*)
This commit was generated by cvs2svn to compensate for changes in r57429, which included commits to RCS files with non-trunk default branches.
Vendor import of OpenSSH.
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
| ViewVC Help | |
| Powered by ViewVC 1.1.27 |