summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh (follow)
Commit message (Collapse)AuthorAgeFilesLines
* fix some signed/unsigned integer type mismatches in formatdjm2015-10-154-9/+9
| | | | strings; reported by Nicholas Lemonias
* argument to sshkey_from_private() and sshkey_demote() can't be NULLdjm2015-10-151-7/+3
|
* apply PubkeyAcceptedKeyTypes filtering earlier, so all skippeddjm2015-10-131-8/+15
| | | | keys are noted before pubkey authentication starts. ok dtucker@
* free the correct IV length, don't assume it's always the cipherdjm2015-10-131-2/+2
| | | | blocksize; ok dtucker@
* Change all tame callers to namechange to pledge(2).deraadt2015-10-092-6/+6
|
* include PubkeyAcceptedKeyTypes in ssh -G config dumpdjm2015-10-071-1/+2
|
* UsePrivilegeSeparation defaults to sandbox now.sobrado2015-10-071-4/+9
| | | | ok djm@
* don't try to change tun device flags if they are already whatdjm2015-10-071-22/+33
| | | | | | we need; makes it possible to use tun/tap networking as non- root user if device permissions and interface flags are pre-established; based on patch by Ossi Herrala
* some more bzero->explicit_bzero, from Michael McConvilledjm2015-10-052-7/+7
|
* switch from using the systrace-based sandbox to the tame-based sandbox.deraadt2015-10-031-2/+2
| | | | | discussed it at length with djm -- i think it is time to give this a trial in snapshots.
* fix emailderaadt2015-10-021-2/+2
|
* a sandbox using tamederaadt2015-10-021-0/+71
| | | | ok djm
* re-order system calls in order of risk, ok i'll be honest, ordered thisderaadt2015-10-021-12/+19
| | | | | way they look like tame... ok djm
* some certificatefile tweaks; ok djmjmc2015-09-253-7/+9
|
* add ssh_config CertificateFile option to explicitly listdjm2015-09-247-25/+226
| | | | a certificate; patch from Meghana Bhat on bz#2436; ok markus@
* fix two typos.sobrado2015-09-221-4/+4
|
* fix possible hang on closed output; bz#2469 reported by Tomas Kuthandjm2015-09-211-2/+3
| | | | ok markus@
* - Fix error message: passphrase needs to be at least 5 characters, not 4.tim2015-09-135-28/+20
| | | | | | | - Remove unused function argument. - Remove two unnecessary variables. OK djm@
* When adding keys to the agent, don't ignore the comment of keys for which thetim2015-09-131-9/+8
| | | | | | user is prompted for a passphrase. Tweak and OK djm@
* Use explicit_bzero() when zeroing before free()guenther2015-09-111-1/+1
| | | | | from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) ok millert@ djm@
* sync -Q in usage() to SYNOPSIS; since it's drastically shorter,jmc2015-09-111-6/+4
| | | | | i've reformatted the block to sync with the man (80 cols) and saved a line;
* tweak previous;jmc2015-09-111-3/+4
|
* Update usage to match man page.dtucker2015-09-111-2/+2
|
* expand %i in ControlPath to UID; bz#2449djm2015-09-112-6/+9
| | | | patch from Christian Hesse w/ feedback from dtucker@
* mention -Q key-plain and -Q key-cert;djm2015-09-111-5/+9
| | | | bz#2455 pointed out by Jakub Jelen
* more clarity on what AuthorizedKeysFile=none does;djm2015-09-112-5/+8
| | | | based on diff by Thiebaud Weksteen
* openssh_RSA_verify return type is int, so don't make it size_t withindjm2015-09-091-3/+3
| | | | | the function itself with only negative numbers or zero assigned to it. bz#2460
* Plug minor memory leaks when options are used more than once. bz#2182,dtucker2015-09-042-12/+11
| | | | patch from Tiago Cunha, ok deraadt djm
* full stop belongs outside the brackets, not inside;jmc2015-09-041-2/+2
|
* add a debug2() right before DNS resolution; it's a place wheredjm2015-09-041-1/+2
| | | | ssh could previously silently hang for a while. bz#2433
* correct function name in error messagesdjm2015-09-041-3/+3
|
* better document ExitOnForwardFailure; bz#2444, ok dtucker@djm2015-09-041-3/+10
|
* don't record hostbased authentication hostkeys as user keysdjm2015-09-041-2/+2
| | | | in test for multiple authentication with the same key
* remove extra newline in nethack-mode hostkey;djm2015-09-041-2/+2
| | | | from Christian Hesse bz#2686
* Fix occurrences of "r = func() != 0" which result in the wrong errorjsg2015-09-024-17/+17
| | | | | | codes being returned due to != having higher precedence than =. ok deraadt@ markus@
* Improve printing of KEX offers and decisionsdjm2015-08-211-19/+38
| | | | | The debug output now labels the client and server offers and the negotiated options. ok markus@
* Fix printing (ssh -G ...) of HostKeyAlgorithms=+...djm2015-08-211-2/+6
| | | | Reported by Bryan Drewery
* Fix expansion of HostkeyAlgorithms=+...djm2015-08-211-3/+3
| | | | Reported by Bryan Drewery
* Regen modulidtucker2015-08-217-266/+252
|
* Improve size == 0, count == 0 checking in mm_zalloc, which is "array" like.deraadt2015-08-211-8/+3
| | | | Discussed with tedu, millert, otto.... and ok djm
* openssh-7.1djm2015-08-211-2/+2
|
* fix inverted logic that broke PermitRootLogin;djm2015-08-211-2/+2
| | | | reported by Mantas Mikulenas; ok markus@
* Do not cast result of malloc/calloc/realloc* if stdlib.h is in scopederaadt2015-08-207-18/+18
| | | | ok krw millert
* In the certificates section, be consistent about using "host_key"naddy2015-08-201-4/+4
| | | | and "user_key" for the respective key types. ok sthen@ deraadt@
* Better compat matching for WinSCP, add compat matching fordjm2015-08-191-2/+13
| | | | FuTTY (fork of PuTTY); ok markus@ deraadt@
* fix double-free() in error path of DSA key generation reported bydjm2015-08-191-2/+1
| | | | Mateusz Kocielski; ok markus@
* fix free() of uninitialised pointer reported by Mateusz Kocielski;djm2015-08-191-1/+5
| | | | ok markus@
* fixed unlink([uninitialised memory]) reported by Mateusz Kocielski;djm2015-08-191-2/+3
| | | | ok markus@
* match myproposal.h order; from brian conwayjmc2015-08-142-8/+8
| | | | | | (i snuck in a tweak while here) ok dtucker
* add prohibit-password as a synonymn for without-password, since thederaadt2015-08-064-9/+15
| | | | | | without-password is causing too many questions. Harden it to ban all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from djm, ok markus
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.