Dag-Erling Smørgrav
43e73ba0c2
Change the FreeBSD version addendum to "FreeBSD-20020402". This shortens
...
the version string to 28 characters, which is below the 40-character limit
specified in the proposed SECSH standard. Some servers, however (like the
one built into the Foundry BigIron line of switches) will hang when
confronted with a version string longer than 24 characters, so some users
may need to shorten it further.
Sponsored by: DARPA, NAI Labs
2002-04-02 21:53:54 +00:00
Dag-Erling Smørgrav
9e2cbe04ff
Make the various ssh clients understand the VersionAddendum option.
...
Submitted by: pb
2002-04-02 21:48:51 +00:00
Ruslan Ermilov
2735cfee64
Switch over to using pam_login_access(8) module in sshd(8).
...
(Fixes static compilation. Reduces diffs to OpenSSH.)
Reviewed by: bde
2002-03-26 12:52:28 +00:00
Jacques Vidrine
7fd1ca3b0c
REALLY correct typo this time.
...
Noticed by: roam
2002-03-26 12:27:43 +00:00
Jacques Vidrine
26241f6368
Fix typo (missing paren) affecting KRB4 && KRB5 case.
...
Approved by: des
2002-03-25 14:55:41 +00:00
Dag-Erling Smørgrav
f0cf488b75
We keep moduli(5) in /etc/ssh, not /etc.
2002-03-23 19:26:21 +00:00
Dag-Erling Smørgrav
6b11d510fd
Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job.
...
Sponsored by: DARPA, NAI Labs
2002-03-21 12:55:21 +00:00
Dag-Erling Smørgrav
fe49ecbc93
Use the "sshd" service instead of "csshd". The latter was only needed
...
because of bugs (incorrect design decisions, actually) in Linux-PAM.
Sponsored by: DARPA, NAI Labs
2002-03-21 12:23:09 +00:00
Dag-Erling Smørgrav
da4dc1eeb5
Use PAM instead of S/Key (or OPIE) for SSH2.
...
Sponsored by: DARPA, NAI Labs
2002-03-21 12:18:27 +00:00
Dag-Erling Smørgrav
97ec1da11a
Note that portions of this software were
...
Sponsored by: DARPA, NAI Labs
2002-03-20 22:10:10 +00:00
Dag-Erling Smørgrav
3a17de1501
- Change the prompt from "S/Key Password: " to "OPIE Password: "
...
- If the user doesn't have an OPIE key, don't challenge him. This is
a workaround until I get PAM to work properly with ssh2.
Sponsored by: DARPA, NAI Labs
2002-03-20 22:02:02 +00:00
Dag-Erling Smørgrav
1d9e2b0ad5
Unbreak for KRB4 ^ KRB5 case.
...
Sponsored by: DARPA, NAI Labs
2002-03-19 16:44:11 +00:00
Dag-Erling Smørgrav
8bf26f5d41
Revive this file (which is used for opie rather than skey)
2002-03-18 10:31:33 +00:00
Dag-Erling Smørgrav
af12a3e74a
Fix conflicts.
2002-03-18 10:09:43 +00:00
Dag-Erling Smørgrav
996836565f
This commit was generated by cvs2svn to compensate for changes in r92555,
...
which included commits to RCS files with non-trunk default branches.
2002-03-18 09:55:03 +00:00
Dag-Erling Smørgrav
ae1f160d56
Vendor import of OpenSSH 3.1
2002-03-18 09:55:03 +00:00
Dag-Erling Smørgrav
a681ab0abe
Diff reduction.
...
Sponsored by: DARPA, NAI Labs
2002-03-16 08:03:48 +00:00
Jacques Vidrine
1acac5eba8
Update version string.
2002-03-07 14:36:28 +00:00
Jacques Vidrine
d96f3089f2
Fix off-by-one error.
...
Obtained from: OpenBSD
2002-03-05 14:27:19 +00:00
Brian Feldman
885a59f2e0
Use login_getpwclass() instead of login_getclass() so that default
...
mapping of user login classes works.
Obtained from: TrustedBSD project
Sponsored by: DARPA, NAI Labs
2002-02-27 22:36:30 +00:00
Ruslan Ermilov
fd4ca9e02d
Make libssh.so useable (undefined reference to IPv4or6).
...
Reviewed by: des, markm
Approved by: markm
2002-01-23 15:06:47 +00:00
Brian Feldman
27e5f9f620
Fix a coredump bug occurring if ssh-keygen attempts to change the password
...
on a DSA key.
Submitted by: ian j hart <ianjhart@ntlworld.com>
2002-01-07 15:55:20 +00:00
Jacques Vidrine
eb5bc300e8
Update version string since we applied a fix for the UseLogin issue.
2001-12-03 22:47:51 +00:00
Jacques Vidrine
1c5093bbbc
Do not pass user-defined environmental variables to /usr/bin/login.
...
Obtained from: OpenBSD
Approved by: green
2001-12-03 00:51:47 +00:00
David Malone
46fdbb8ad4
In the "UseLogin yes" case we need env to be NULL to make sure it
...
will be correctly initialised.
PR: 32065
Tested by: The Anarcat <anarcat@anarcat.dyndns.org>
MFC after: 3 days
2001-11-19 19:40:14 +00:00
Brian Feldman
ccf35be189
Modify a "You don't exist" message, pretty rude for transient YP failures.
2001-09-27 18:54:42 +00:00
Assar Westerlund
1f131ac4bd
fix renamed options in some of the code that was #ifdef AFS
...
also print an error if krb5 ticket passing is disabled
Submitted by: Jonathan Chen <jon@spock.org>
2001-09-04 13:27:04 +00:00
Paul Saab
20a18c35f4
Backout last change. I didnt follow the thread and made a mistake
...
with this. localisations is a valid spelling. Oops
2001-08-27 10:37:50 +00:00
Paul Saab
95576c53ef
Correctly spell localizations
2001-08-27 10:20:02 +00:00
Brian Feldman
0e513252b5
Update the OpenSSH minor-version string.
...
Requested by: obrien
Reviewed by: rwatson
2001-08-16 19:26:19 +00:00
Jacques Vidrine
b33edd3956
Bug fix: When the client connects to a server and Kerberos
...
authentication is enabled, the client effectively ignores any error
from krb5_rd_rep due to a missing branch.
In theory this could result in an ssh client using Kerberos 5
authentication accepting a spoofed AP-REP. I doubt this is a real
possiblity, however, because the AP-REP is passed from the server to
the client via the SSH encrypted channel. Any tampering should cause
the decryption or MAC to fail.
Approved by: green
MFC after: 1 week
2001-07-13 18:12:13 +00:00
Brian Feldman
d9769eeead
Fix an incorrect conflict resolution which prevented TISAuthentication
...
from working right in 2.9.
2001-07-07 14:19:53 +00:00
Brian Feldman
a15906e7aa
Also add a colon to "Bad passphrase, please try again ".
2001-06-29 16:43:13 +00:00
Brian Feldman
69b8e053cb
Put in a missing colon in the "Enter passphrase" message.
2001-06-29 16:34:14 +00:00
Brian Feldman
0c82706bc0
Back out the last change which is probably actually a red herring. Argh!
2001-06-26 15:15:22 +00:00
Brian Feldman
c3e2f3baec
Don't pointlessly kill a channel because the first (forced)
...
non-blocking read returns 0.
Now I can finally tunnel CVSUP again...
2001-06-26 14:17:35 +00:00
Assar Westerlund
07de0e4353
(do_authloop): handle !KRB4 && KRB5
2001-06-16 07:44:17 +00:00
Mark Murray
7e40a391bc
Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does
...
not imply that you want, need or have kerberosIV headers.
2001-06-15 08:12:31 +00:00
Brian Feldman
e7edf5a116
Enable Kerberos 5 support in sshd again.
2001-06-12 03:43:47 +00:00
Brian Feldman
e9fd63dfdd
Switch to the user's uid before attempting to unlink the auth forwarding
...
file, nullifying the effects of a race.
Obtained from: OpenBSD
2001-06-08 22:22:09 +00:00
David E. O'Brien
e8f64f5ebf
Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason.
2001-05-24 07:22:08 +00:00
David E. O'Brien
d3ebe37cd0
Restore the RSA host key to /etc/ssh/ssh_host_key.
...
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
2001-05-18 18:10:02 +00:00
Brian Feldman
62c931e0a4
If a host would exceed 16 characters in the utmp entry, record only
...
it's IP address/base host instead.
Submitted by: brian
2001-05-15 01:50:40 +00:00
Ruslan Ermilov
bb60401e7a
mdoc(7) police: finished fixing conflicts in revision 1.18.
2001-05-14 18:13:34 +00:00
Mark Murray
fa83754c4e
Fix make world in the kerberosIV case.
2001-05-11 09:36:17 +00:00
Alfred Perlstein
2c917d39b2
Fix some of the handling in the pam module, don't unregister things
...
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.
Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
2001-05-09 03:40:37 +00:00
Brian Feldman
00e38eaf7f
Since PAM is broken, let pam_setcred() failure be non-fatal.
2001-05-08 22:30:18 +00:00
Brian Feldman
3817a12c9b
sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc.
2001-05-05 13:48:13 +00:00
Brian Feldman
4c5de86978
Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
...
(Missing Delta Brigade, tally-ho!)
2001-05-05 01:12:45 +00:00
Brian Feldman
87767895f0
Get ssh(1) compiling with MAKE_KERBEROS5.
2001-05-04 04:37:49 +00:00