| #
267654 |
|
19-Jun-2014 |
gjb |
Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation |
| #
263970 |
|
31-Mar-2014 |
des |
MFH (r237568, r255422, r255460, r255766, r255767, r255774, r255829,
r256126, r257954, r261320, r261499, r263691, r263712): upgrade to
OpenSSH 6.6p1 via 6.3p1, 6.4p1 and 6.5p1.
Differences relative to head:
- No DNSSEC support since stable/9 does not have LDNS
- Sandboxing off by default, and uses rlimit instead of Capsicum
- ED25519 moved to the bottom of the order of preference to avoid
"new public key" warnings
|
| #
251135 |
|
30-May-2013 |
des |
Pull in OpenSSH 6.2p2 from head.
|
| #
248915 |
|
29-Mar-2013 |
des |
Remove (harmless) duplicate entry for VersionAddendum.
Noticed by: dim@
MFC after: 1 week
|
| #
247485 |
|
28-Feb-2013 |
des |
Pull in OpenSSH 6.1 from head.
|
| #
225736 |
|
22-Sep-2011 |
kensmith |
Copy head to stable/9 as part of 9.0-RELEASE release cycle.
Approved by: re (implicit)
|
| #
224638 |
|
03-Aug-2011 |
brooks |
Add support for dynamically adjusted buffers to allow the full use of
the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links). Bandwidth-delay products up to 64MB are
supported.
Also add support (not compiled by default) for the None cypher. The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line. Additionally, the None cypher will only be activated after
authentication is complete. To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.
This code is a style(9) compliant version of these features extracted
from the patches published at:
http://www.psc.edu/networking/projects/hpn-ssh/
Merging this patch has been a collaboration between me and Bjoern.
Reviewed by: bz
Approved by: re (kib), des (maintainer)
|
| #
221420 |
|
04-May-2011 |
des |
Upgrade to OpenSSH 5.8p2.
|
| #
215116 |
|
11-Nov-2010 |
des |
Upgrade to OpenSSH 5.6p1.
|
| #
207319 |
|
28-Apr-2010 |
des |
Upgrade to OpenSSH 5.5p1.
|
| #
204917 |
|
09-Mar-2010 |
des |
Upgrade to OpenSSH 5.4p1.
MFC after: 1 month
|
| #
197679 |
|
01-Oct-2009 |
des |
Upgrade to OpenSSH 5.3p1.
|
| #
192595 |
|
22-May-2009 |
des |
Upgrade to OpenSSH 5.2p1.
MFC after: 3 months
|
| #
181111 |
|
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
|
| #
181097 |
|
31-Jul-2008 |
des |
Consistently set svn:eol-style.
|
| #
162856 |
|
30-Sep-2006 |
des |
Merge conflicts.
MFC after: 1 week
|
| #
157019 |
|
22-Mar-2006 |
des |
Merge conflicts.
|
| #
149753 |
|
03-Sep-2005 |
des |
Resolve conflicts.
|
| #
147005 |
|
05-Jun-2005 |
des |
Resolve conflicts.
|
| #
137019 |
|
28-Oct-2004 |
des |
Resolve conflicts
|
| #
126277 |
|
26-Feb-2004 |
des |
Resolve conflicts.
|
| #
126271 |
|
26-Feb-2004 |
des |
Pull asbesthos underpants on and disable protocol version 1 by default.
|
| #
126009 |
|
19-Feb-2004 |
des |
Turn non-PAM password authentication off by default when USE_PAM is
defined. Too many users are getting bitten by it.
|
| #
124279 |
|
09-Jan-2004 |
des |
Egg on my face: UsePAM was off by default.
Pointed out by: Sean McNeil <sean@mcneil.com>
|
| #
124211 |
|
07-Jan-2004 |
des |
Resolve conflicts and remove obsolete files.
Sponsored by: registrar.no
|
| #
113911 |
|
23-Apr-2003 |
des |
Resolve conflicts.
|
| #
106130 |
|
29-Oct-2002 |
des |
Resolve conflicts.
|
| #
99063 |
|
29-Jun-2002 |
des |
Resolve conflicts.
Sponsored by: DARPA, NAI Labs
|
| #
99048 |
|
29-Jun-2002 |
des |
Apply FreeBSD's configuration defaults.
Sponsored by: DARPA, NAI Labs
|
| #
99047 |
|
29-Jun-2002 |
des |
Add the VersionAddendum configuration variable.
Sponsored by: DARPA, NAI Labs
|
| #
98941 |
|
27-Jun-2002 |
des |
Forcibly revert to mainline.
|
| #
98684 |
|
23-Jun-2002 |
des |
Resolve conflicts. Known issues:
- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.
Sponsored by: DARPA, NAI Labs
|
| #
95456 |
|
25-Apr-2002 |
des |
Back out previous commit.
|
| #
95431 |
|
25-Apr-2002 |
jkh |
Change default challenge/response behavior of sshd by popular demand.
This brings us into sync with the behavior of sshd on other Unix platforms.
Submitted by: Joshua Goodall <joshua@roughtrade.net>
|
| #
95119 |
|
20-Apr-2002 |
ache |
1) Surprisingly, "CheckMail" handling code completely removed from this
version, so documented "CheckMail" option exists but does nothing.
Bring it back to life adding code back.
2) Cosmetique. Reduce number of args in do_setusercontext()
|
| #
94511 |
|
12-Apr-2002 |
des |
Back out previous backout. It seems I was right to begin with, and DSA is
preferrable to RSA (not least because the SECSH draft standard requires
DSA while RSA is only recommended).
|
| #
94464 |
|
11-Apr-2002 |
des |
Knowledgeable persons assure me that RSA is preferable to DSA and that we
should transition away from DSA.
|
| #
94438 |
|
11-Apr-2002 |
des |
Do not attempt to load an ssh2 RSA host key by default.
|
| #
93216 |
|
26-Mar-2002 |
nectar |
REALLY correct typo this time.
Noticed by: roam
|
| #
93155 |
|
25-Mar-2002 |
nectar |
Fix typo (missing paren) affecting KRB4 && KRB5 case.
Approved by: des
|
| #
92708 |
|
19-Mar-2002 |
des |
Unbreak for KRB4 ^ KRB5 case.
Sponsored by: DARPA, NAI Labs
|
| #
92559 |
|
18-Mar-2002 |
des |
Fix conflicts.
|
| #
76262 |
|
04-May-2001 |
green |
Fix conflicts for OpenSSH 2.9.
|
| #
76227 |
|
02-May-2001 |
green |
Add a "VersionAddendum" configuration setting for sshd which allows
anyone to easily change the part of the OpenSSH version after the main
version number. The FreeBSD-specific version banner could be disabled
that way, for example:
# Call ourselves plain OpenSSH
VersionAddendum
|
| #
73400 |
|
04-Mar-2001 |
assar |
Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>
PR: misc/20504
|
| #
72586 |
|
17-Feb-2001 |
ps |
Make ConnectionsPerPeriod non-fatal for real.
|
| #
72020 |
|
04-Feb-2001 |
green |
MFF: Make ConnectionsPerPeriod usage a warning, not fatal.
|
| #
70990 |
|
13-Jan-2001 |
green |
/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
and giving a dire error to its lingering users.
|
| #
69591 |
|
05-Dec-2000 |
green |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.
Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
|
| #
65674 |
|
10-Sep-2000 |
kris |
Resolve conflicts and update for OpenSSH 2.2.0
Reviewed by: gshapiro, peter, green
|
| #
65357 |
|
02-Sep-2000 |
kris |
Turn on X11Forwarding by default on the server. Any risk is to the client,
where it is already disabled by default.
Reminded by: peter
|
| #
65022 |
|
23-Aug-2000 |
kris |
Increase the default value of LoginGraceTime from 60 seconds to 120
seconds.
PR: 20488
Submitted by: rwatson
|
| #
63249 |
|
16-Jul-2000 |
peter |
Forced commit. This is to try and help folks that used the international
crypto repo and have slightly different files but with the same version.
cvsup in 'checkout mode' has no trouble with this, but cvs can get really
silly about it.
|
| #
62944 |
|
11-Jul-2000 |
peter |
Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes)
|
| #
62943 |
|
11-Jul-2000 |
peter |
Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600.
|
| #
62942 |
|
11-Jul-2000 |
peter |
Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but
sshd's internal default was 'yes'. (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)
Approved by: kris
|
| #
61320 |
|
06-Jun-2000 |
green |
Allow "DenyUsers" to function.
|
| #
61212 |
|
03-Jun-2000 |
kris |
Resolve conflicts
|
| #
60576 |
|
15-May-2000 |
kris |
Resolve conflicts and update for FreeBSD.
|
| #
58585 |
|
26-Mar-2000 |
kris |
Resolve conflicts.
|
| #
58463 |
|
22-Mar-2000 |
sheldonh |
IgnoreUserKnownHosts is a boolean flag, not an integer value.
The fix submitted in the attributed PR is identical to the one
adopted by OpenBSD.
PR: 17027
Submitted by: David Malone <dwmalone@maths.tcd.ie>
Obtained from: OpenBSD
|
| #
57565 |
|
28-Feb-2000 |
markm |
1) Add kerberos5 functionality.
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
by Andrey Chernov
|
| #
57432 |
|
24-Feb-2000 |
markm |
Add the patches fom ports (QV: ports/security/openssh/patches/patch-*)
|
| #
57430 |
|
24-Feb-2000 |
markm |
This commit was generated by cvs2svn to compensate for changes in r57429,
which included commits to RCS files with non-trunk default branches.
|
| #
57429 |
|
24-Feb-2000 |
markm |
Vendor import of OpenSSH.
|