#
272461 |
|
02-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
264692 |
|
20-Apr-2014 |
des |
MFH (r264691): merge upstream patch for EC calculation bug
|
#
264377 |
|
12-Apr-2014 |
des |
MFH (r263712): upgrade openssh to 6.6p1 MFH (r264308): restore p level in debugging output
|
#
262566 |
|
27-Feb-2014 |
des |
MFH (r261320): upgrade openssh to 6.5p1 MFH (r261340): enable sandboxing by default
|
#
258343 |
|
19-Nov-2013 |
des |
MFH (r257954): upgrade to OpenSSH 6.4p1
Approved by: re (kib)
|
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
255767 |
|
21-Sep-2013 |
des |
Upgrade to 6.3p1.
Approved by: re (gjb)
|
#
252338 |
|
28-Jun-2013 |
des |
r251088 reverted the default value for UsePrivilegeSeparation from "sandbox" to "yes", but did not update the documentation to match.
|
#
250739 |
|
17-May-2013 |
des |
Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patched the issues that affected us.
|
#
248619 |
|
22-Mar-2013 |
des |
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
|
#
248465 |
|
18-Mar-2013 |
des |
Keep the default AuthorizedKeysFile setting. Although authorized_keys2 has been deprecated for a while, some people still use it and were unpleasantly surprised by this change.
I may revert this commit at a later date if I can come up with a way to give users who still have authorized_keys2 files sufficient advance warning.
MFC after: ASAP
|
#
240075 |
|
03-Sep-2012 |
des |
Upgrade OpenSSH to 6.1p1.
|
#
226046 |
|
05-Oct-2011 |
des |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
|
#
224638 |
|
03-Aug-2011 |
brooks |
Add support for dynamically adjusted buffers to allow the full use of the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported.
Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf.
This code is a style(9) compliant version of these features extracted from the patches published at:
http://www.psc.edu/networking/projects/hpn-ssh/
Merging this patch has been a collaboration between me and Bjoern.
Reviewed by: bz Approved by: re (kib), des (maintainer)
|
#
221420 |
|
04-May-2011 |
des |
Upgrade to OpenSSH 5.8p2.
|
#
215116 |
|
11-Nov-2010 |
des |
Upgrade to OpenSSH 5.6p1.
|
#
207319 |
|
28-Apr-2010 |
des |
Upgrade to OpenSSH 5.5p1.
|
#
204917 |
|
09-Mar-2010 |
des |
Upgrade to OpenSSH 5.4p1.
MFC after: 1 month
|
#
197957 |
|
11-Oct-2009 |
des |
Remove dupe.
|
#
197679 |
|
01-Oct-2009 |
des |
Upgrade to OpenSSH 5.3p1.
|
#
192595 |
|
22-May-2009 |
des |
Upgrade to OpenSSH 5.2p1.
MFC after: 3 months
|
#
181111 |
|
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed.
MFC after: 6 weeks
|
#
181097 |
|
31-Jul-2008 |
des |
Consistently set svn:eol-style.
|
#
164149 |
|
10-Nov-2006 |
des |
Resolve conflicts.
|
#
162857 |
|
30-Sep-2006 |
des |
Bump version addendum.
MFC after: 1 week
|
#
162856 |
|
30-Sep-2006 |
des |
Merge conflicts.
MFC after: 1 week
|
#
157019 |
|
22-Mar-2006 |
des |
Merge conflicts.
|
#
149753 |
|
03-Sep-2005 |
des |
Resolve conflicts.
|
#
147005 |
|
05-Jun-2005 |
des |
Resolve conflicts.
|
#
137019 |
|
28-Oct-2004 |
des |
Resolve conflicts
|
#
128459 |
|
20-Apr-2004 |
des |
Adjust version number and addendum.
|
#
127033 |
|
15-Mar-2004 |
des |
Correctly document the default value of UsePAM.
|
#
126283 |
|
26-Feb-2004 |
des |
Update VersionAddendum in config files and man pages.
|
#
126277 |
|
26-Feb-2004 |
des |
Resolve conflicts.
|
#
126271 |
|
26-Feb-2004 |
des |
Pull asbesthos underpants on and disable protocol version 1 by default.
|
#
126009 |
|
19-Feb-2004 |
des |
Turn non-PAM password authentication off by default when USE_PAM is defined. Too many users are getting bitten by it.
|
#
124211 |
|
07-Jan-2004 |
des |
Resolve conflicts and remove obsolete files.
Sponsored by: registrar.no
|
#
120413 |
|
24-Sep-2003 |
des |
Update version string.
|
#
113911 |
|
23-Apr-2003 |
des |
Resolve conflicts.
|
#
110692 |
|
11-Feb-2003 |
des |
document the current default value for VersionAddendum.
|
#
106463 |
|
05-Nov-2002 |
des |
Document the current default value for VersionAddendum.
|
#
106130 |
|
29-Oct-2002 |
des |
Resolve conflicts.
|
#
100715 |
|
26-Jul-2002 |
fanf |
FreeBSD doesn't use the host RSA key by default.
Reviewed by: des
|
#
99315 |
|
02-Jul-2002 |
des |
Two FreeBSD-specific nits in comments: - ChallengeResponseAuthentication controls PAM, not S/Key - We don't honor PAMAuthenticationViaKbdInt, because the code path it controls doesn't make sense for us, so don't mention it.
Sponsored by: DARPA, NAI Labs
|
#
99132 |
|
30-Jun-2002 |
des |
Forgot to update the addendum in the config files.
|
#
99051 |
|
29-Jun-2002 |
des |
Document FreeBSD defaults.
Sponsored by: DARPA, NAI Labs
|
#
98941 |
|
27-Jun-2002 |
des |
Forcibly revert to mainline.
|
#
98684 |
|
23-Jun-2002 |
des |
Resolve conflicts. Known issues:
- sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by default, in time for DP2.
Sponsored by: DARPA, NAI Labs
|
#
95894 |
|
01-May-2002 |
obrien |
Usual after-import fixup of SCM IDs.
|
#
95456 |
|
25-Apr-2002 |
des |
Back out previous commit.
|
#
95431 |
|
25-Apr-2002 |
jkh |
Change default challenge/response behavior of sshd by popular demand. This brings us into sync with the behavior of sshd on other Unix platforms.
Submitted by: Joshua Goodall <joshua@roughtrade.net>
|
#
93701 |
|
02-Apr-2002 |
des |
Change the FreeBSD version addendum to "FreeBSD-20020402". This shortens the version string to 28 characters, which is below the 40-character limit specified in the proposed SECSH standard. Some servers, however (like the one built into the Foundry BigIron line of switches) will hang when confronted with a version string longer than 24 characters, so some users may need to shorten it further.
Sponsored by: DARPA, NAI Labs
|
#
92559 |
|
18-Mar-2002 |
des |
Fix conflicts.
|
#
76820 |
|
18-May-2001 |
obrien |
Restore the RSA host key to /etc/ssh/ssh_host_key. Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
|
#
76292 |
|
05-May-2001 |
green |
sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc.
|
#
76262 |
|
04-May-2001 |
green |
Fix conflicts for OpenSSH 2.9.
|
#
70990 |
|
13-Jan-2001 |
green |
/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it and giving a dire error to its lingering users.
|
#
69591 |
|
05-Dec-2000 |
green |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website.
Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
|
#
65674 |
|
10-Sep-2000 |
kris |
Resolve conflicts and update for OpenSSH 2.2.0
Reviewed by: gshapiro, peter, green
|
#
65357 |
|
02-Sep-2000 |
kris |
Turn on X11Forwarding by default on the server. Any risk is to the client, where it is already disabled by default.
Reminded by: peter
|
#
65022 |
|
23-Aug-2000 |
kris |
Increase the default value of LoginGraceTime from 60 seconds to 120 seconds.
PR: 20488 Submitted by: rwatson
|
#
63249 |
|
16-Jul-2000 |
peter |
Forced commit. This is to try and help folks that used the international crypto repo and have slightly different files but with the same version. cvsup in 'checkout mode' has no trouble with this, but cvs can get really silly about it.
|
#
60813 |
|
23-May-2000 |
ache |
Turn on CheckMail to be more login-compatible by default
|
#
60678 |
|
18-May-2000 |
kris |
Correct two stupid typos in the DSA key location.
Submitted by: Udo Schweigert <ust@cert.siemens.de>
|
#
60578 |
|
15-May-2000 |
kris |
Create a DSA host key if one does not already exist, and teach sshd_config about it.
|
#
60576 |
|
15-May-2000 |
kris |
Resolve conflicts and update for FreeBSD.
|
#
57493 |
|
26-Feb-2000 |
peter |
oops, update path to /etc/ssh/ssh_host_key
|
#
57462 |
|
24-Feb-2000 |
markm |
remove ports junk
|
#
57432 |
|
24-Feb-2000 |
markm |
Add the patches fom ports (QV: ports/security/openssh/patches/patch-*)
|
#
57430 |
|
24-Feb-2000 |
markm |
This commit was generated by cvs2svn to compensate for changes in r57429, which included commits to RCS files with non-trunk default branches.
|
#
57429 |
|
24-Feb-2000 |
markm |
Vendor import of OpenSSH.
|