1. 09 Feb, 2014 2 commits
    • Jonathan David Amery's avatar
      "LogLevel SILENT" compatibility · bbddcd71
      Jonathan David Amery authored
      "LogLevel SILENT" (-qq) was introduced in Debian openssh 1:3.0.1p1-1 to
      match the behaviour of non-free SSH, in which -q does not suppress fatal
      errors.  However, this was unintentionally broken in 1:4.6p1-2 and nobody
      complained, so we've dropped most of it.  The parts that remain are basic
      configuration file compatibility, and an adjustment to "Pseudo-terminal will
      not be allocated ..." which should be split out into a separate patch.
      Author: Matthew Vernon <matthew@debian.org>
      Author: Colin Watson <cjwatson@debian.org>
      Last-Update: 2013-09-14
      Patch-Name: syslog-level-silent.patch
    • Colin Watson's avatar
      Reject vulnerable keys to mitigate Debian OpenSSL flaw · 8909ff0e
      Colin Watson authored
      In 2008, Debian (and derived distributions such as Ubuntu) shipped an
      OpenSSL package with a flawed random number generator, causing OpenSSH to
      generate only a very limited set of keys which were subject to private half
      precomputation.  To mitigate this, this patch checks key authentications
      against a blacklist of known-vulnerable keys, and adds a new ssh-vulnkey
      program which can be used to explicitly check keys against that blacklist.
      See CVE-2008-0166.
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469
      Last-Update: 2013-09-14
      Patch-Name: ssh-vulnkey.patch
  2. 25 Jul, 2013 1 commit
  3. 20 Jul, 2013 1 commit
  4. 18 Jul, 2013 1 commit
  5. 01 Jun, 2013 1 commit
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/17 00:13:13 · a627d42e
      Darren Tucker authored
           [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
           ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
           gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
           auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
           servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
           auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
           sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
           kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
           kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
           monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
           ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
           sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
           ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
           dns.c packet.c readpass.c authfd.c moduli.c]
           bye, bye xfree(); ok markus@
  6. 23 Apr, 2013 4 commits
  7. 05 Apr, 2013 6 commits
  8. 06 Jul, 2012 1 commit
  9. 02 Jul, 2012 1 commit
  10. 03 Nov, 2011 2 commits
  11. 02 Oct, 2011 1 commit
    • Darren Tucker's avatar
      - markus@cvs.openbsd.org 2011/09/23 07:45:05 · 68afb8c5
      Darren Tucker authored
           [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c     version.h]
           unbreak remote portforwarding with dynamic allocated listen ports:
           1) send the actual listen port in the open message (instead of 0).
              this allows multiple forwardings with a dynamic listen port
           2) update the matching permit-open entry, so we can identify where
              to connect to
           report: den at skbkontur.ru and P. Szczygielski
           feedback and ok djm@
  12. 22 Sep, 2011 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/09/09 22:46:44 · f6dff7cd
      Damien Miller authored
           [channels.c channels.h clientloop.h mux.c ssh.c]
           support for cancelling local and remote port forwards via the multiplex
           socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
           the cancellation of the specified forwardings; ok markus@
  13. 05 Aug, 2011 1 commit
  14. 22 Jun, 2011 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/06/22 22:08:42 · 6d7b4377
      Damien Miller authored
           [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
           hook up a channel confirm callback to warn the user then requested X11
           forwarding was refused by the server; ok markus@
  15. 03 Jun, 2011 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/06/03 00:54:38 · ea2c1a4d
      Damien Miller authored
          bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
          AT googlemail.com; ok dtucker@
          NB. includes additional portability code to enable setproctitle emulation
          on platforms that don't support it.
  16. 29 May, 2011 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/05/24 07:15:47 · 295ee63a
      Damien Miller authored
           [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
           Remove undocumented legacy options UserKnownHostsFile2 and
           GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
           accept multiple paths per line and making their defaults include
           known_hosts2; ok markus
  17. 14 May, 2011 3 commits
  18. 05 May, 2011 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/04/17 22:42:42 · 6c3eec7a
      Damien Miller authored
           [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
           allow graceful shutdown of multiplexing: request that a mux server
           removes its listener socket and refuse future multiplexing requests;
           ok markus@
    • Damien Miller's avatar
      - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] · f22019bd
      Damien Miller authored
         [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
         [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
         [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
         [regress/README.regress] Remove ssh-rand-helper and all its
         tentacles. PRNGd seeding has been rolled into entropy.c directly.
         Thanks to tim@ for testing on affected platforms.
  19. 25 Jan, 2011 1 commit
  20. 06 Jan, 2011 1 commit
  21. 01 Dec, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/11/29 23:45:51 · d925dcd8
      Damien Miller authored
           [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
           [sshconnect.h sshconnect2.c]
           automatically order the hostkeys requested by the client based on
           which hostkeys are already recorded in known_hosts. This avoids
           hostkey warnings when connecting to servers with new ECDSA keys
           that are preferred by default; with markus@
  22. 20 Nov, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/11/13 23:27:51 · 0dac6fb6
      Damien Miller authored
           [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
           [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
           allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
           hardcoding lowdelay/throughput.
           bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
  23. 07 Oct, 2010 1 commit
  24. 24 Sep, 2010 1 commit
  25. 10 Sep, 2010 3 commits