| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok djm markus
|
| |
|
|
|
|
| |
as addresses before looking them up for canonicalisation.
fixes bz#2074 and avoids needless DNS lookups in some cases;
ok markus
|
| |
|
|
| |
ok markus@
|
| |
|
|
| |
hostkey algorithms order in myproposal.h; ok markus@
|
| |
|
|
| |
ok deraadt@ millert@ tedu@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the second pass through the config files always run when
hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match
blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration
and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse
phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
| |
|
|
|
| |
previously we were always returning 0. bz#2255 reported by Brendan
Germain; ok dtucker
|
| |
|
|
|
|
|
|
| |
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
|
| |
|
|
|
|
|
|
|
|
| |
to a unique identifer based on a has of the tuple of (local host,
remote user, hostname, port).
Helps avoid exceeding sockaddr_un's miserly pathname limits for mux
control paths.
bz#2220, based on patch from mancha1 AT zoho.com; ok markus@
|
| |
|
|
| |
with gerhard@, ok djm@
|
| |
|
|
|
|
| |
ProxyCommand in use; continue and allow the ProxyCommand to
connect anyway (e.g. to a host with a name outside the DNS
behind a bastion)
|
| |
|
|
|
| |
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm
|
| |
|
|
| |
ok dtucker@ markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the hostname. This allows users to write configurations that always
refer to canonical hostnames, e.g.
CanonicalizeHostname yes
CanonicalDomains int.example.org example.org
CanonicalizeFallbackLocal no
Host *.int.example.org
Compression off
Host *.example.org
User djm
ok markus@
|
| |
|
|
|
| |
canonicalisation to unbreak case-sensitive matching of ssh_config;
reported by Ike Devolder; ok markus@
|
| |
|
|
| |
ok djm dtucker
|
| | |
|
| |
|
|
|
| |
ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@
|
| |
|
|
|
|
|
|
| |
- Ar was a poor choice for the arguments to -Q. i've chosen an admittedly equally
poor Cm, at least consistent with the rest of the docs. also no need for multiple
instances
- zap a now redundant Nm
- usage() sync
|
| |
|
|
|
| |
case-sensitive
ok dtucker markus djm
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC
to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS:
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
but differs in layout used for the MAC calculation and the use of a
second ChaCha20 instance to separately encrypt packet lengths.
Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
ok markus@ naddy@
|
| |
|
|
| |
the default has not been overridden. ok markus@
|
| |
|
|
| |
freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
|
| |
|
|
|
| |
resolve hostnames when a ProxyCommand is set unless the user has forced
canonicalisation; spotted by Iain Morgan
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
e.g. authorized_keys; pointed out by naddy@
|
| |
|
|
|
|
|
|
|
|
| |
search path of domain suffixes to use to convert unqualified host names
to fully-qualified ones for host key matching.
This is particularly useful for host certificates, which would otherwise
need to list unqualified names alongside fully-qualified ones (and this
causes a number of problems).
"looks fine" markus@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
add multistate option partsing to readconf.c, similar to servconf.c's
existing code.
move checking of options that accept "none" as an argument to readconf.c
add a lowercase() function and use it instead of explicit tolower() in
loops
part of a larger diff that was ok markus@
|
| |
|
|
| |
user and result of arbitrary commands. "nice work" markus@
|
| |
|
|
|
|
| |
it is fully detached from its controlling terminal. based on debugging
and patch from tedu@
ok dtucker@ "be careful" deraadt@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
algorithms to ssh. Includes some refactoring of KEX and key type handling
to be table-driven; ok markus@
|
| |
|
|
| |
instead of stderr or syslog. ok markus@, man page help jmc@
|
| | |
|
| |
|
|
| |
version)
|
| |
|
|
| |
ok djm, deraadt.
|
| |
|
|
| |
were default options, and don't warn if the latter are missing. ok markus@
|
| |
|
|
|
| |
are correctly picked up. bz#1995 patch from przemoc AT gmail.com;
ok dtucker@
|
| | |
|
| |
|
|
|
| |
was incorrectly requesting the forward in both the control master and
slave. skip requesting it in the master to fix. ok markus@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
1) send the actual listen port in the open message (instead of 0).
this allows multiple forwardings with a dynamic listen port
2) update the matching permit-open entry, so we can identify where
to connect to
report: den at skbkontur.ru and P. Szczygielski
feedback and ok djm@
|
| |
|
|
|
| |
socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
the cancellation of the specified forwardings; ok markus@
|
deraadt
djm
krw
jmc
millert
markus
tedu
dtucker