Dag-Erling Smørgrav
1ec0d75429
Resolve conflicts.
2004-02-26 10:52:33 +00:00
Dag-Erling Smørgrav
028c324ac8
Pull asbesthos underpants on and disable protocol version 1 by default.
2004-02-26 10:24:07 +00:00
Dag-Erling Smørgrav
b909c84bf2
Turn non-PAM password authentication off by default when USE_PAM is
...
defined. Too many users are getting bitten by it.
2004-02-19 15:53:31 +00:00
Dag-Erling Smørgrav
f0477b2653
Egg on my face: UsePAM was off by default.
...
Pointed out by: Sean McNeil <sean@mcneil.com>
2004-01-09 08:07:12 +00:00
Dag-Erling Smørgrav
cf2b5f3b6d
Resolve conflicts and remove obsolete files.
...
Sponsored by: registrar.no
2004-01-07 11:16:27 +00:00
Dag-Erling Smørgrav
e73e9afa91
Resolve conflicts.
2003-04-23 17:13:13 +00:00
Dag-Erling Smørgrav
f388f5ef26
Resolve conflicts.
2002-10-29 10:16:02 +00:00
Dag-Erling Smørgrav
a82e551f0f
Resolve conflicts.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 11:48:59 +00:00
Dag-Erling Smørgrav
975616f046
Apply FreeBSD's configuration defaults.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:51:56 +00:00
Dag-Erling Smørgrav
db58a8e40c
Add the VersionAddendum configuration variable.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:49:57 +00:00
Dag-Erling Smørgrav
989dd127e4
Forcibly revert to mainline.
2002-06-27 22:42:11 +00:00
Dag-Erling Smørgrav
80628bacb0
Resolve conflicts. Known issues:
...
- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.
Sponsored by: DARPA, NAI Labs
2002-06-23 16:09:08 +00:00
Dag-Erling Smørgrav
8024187191
Back out previous commit.
2002-04-25 16:53:25 +00:00
Jordan K. Hubbard
44493e088a
Change default challenge/response behavior of sshd by popular demand.
...
This brings us into sync with the behavior of sshd on other Unix platforms.
Submitted by: Joshua Goodall <joshua@roughtrade.net>
2002-04-25 05:59:53 +00:00
Andrey A. Chernov
b36e10eee6
1) Surprisingly, "CheckMail" handling code completely removed from this
...
version, so documented "CheckMail" option exists but does nothing.
Bring it back to life adding code back.
2) Cosmetique. Reduce number of args in do_setusercontext()
2002-04-20 09:26:43 +00:00
Dag-Erling Smørgrav
cd3dfe6d6e
Back out previous backout. It seems I was right to begin with, and DSA is
...
preferrable to RSA (not least because the SECSH draft standard requires
DSA while RSA is only recommended).
2002-04-12 15:52:10 +00:00
Dag-Erling Smørgrav
8f8855cff0
Knowledgeable persons assure me that RSA is preferable to DSA and that we
...
should transition away from DSA.
2002-04-11 22:04:40 +00:00
Dag-Erling Smørgrav
9c0adca3e7
Do not attempt to load an ssh2 RSA host key by default.
2002-04-11 16:08:02 +00:00
Jacques Vidrine
7fd1ca3b0c
REALLY correct typo this time.
...
Noticed by: roam
2002-03-26 12:27:43 +00:00
Jacques Vidrine
26241f6368
Fix typo (missing paren) affecting KRB4 && KRB5 case.
...
Approved by: des
2002-03-25 14:55:41 +00:00
Dag-Erling Smørgrav
1d9e2b0ad5
Unbreak for KRB4 ^ KRB5 case.
...
Sponsored by: DARPA, NAI Labs
2002-03-19 16:44:11 +00:00
Dag-Erling Smørgrav
af12a3e74a
Fix conflicts.
2002-03-18 10:09:43 +00:00
Brian Feldman
ca3176e7c8
Fix conflicts for OpenSSH 2.9.
2001-05-04 04:14:23 +00:00
Brian Feldman
933ca70f8f
Add a "VersionAddendum" configuration setting for sshd which allows
...
anyone to easily change the part of the OpenSSH version after the main
version number. The FreeBSD-specific version banner could be disabled
that way, for example:
# Call ourselves plain OpenSSH
VersionAddendum
2001-05-03 00:29:28 +00:00
Assar Westerlund
cb96ab3672
Add code for being compatible with ssh.com's krb5 authentication.
...
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>
PR: misc/20504
2001-03-04 02:22:04 +00:00
Paul Saab
8e97fe726f
Make ConnectionsPerPeriod non-fatal for real.
2001-02-18 01:33:31 +00:00
Brian Feldman
895b03b1e8
MFF: Make ConnectionsPerPeriod usage a warning, not fatal.
2001-02-04 20:15:53 +00:00
Brian Feldman
ea0187039a
/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
...
and giving a dire error to its lingering users.
2001-01-13 07:57:43 +00:00
Brian Feldman
099584266b
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
...
new features description elided in favor of checking out their
website.
Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
2000-12-05 02:55:12 +00:00
Kris Kennaway
c2d3a5594b
Resolve conflicts and update for OpenSSH 2.2.0
...
Reviewed by: gshapiro, peter, green
2000-09-10 09:35:38 +00:00
Kris Kennaway
1610cd7fa6
Turn on X11Forwarding by default on the server. Any risk is to the client,
...
where it is already disabled by default.
Reminded by: peter
2000-09-02 03:49:22 +00:00
Kris Kennaway
b87db7cec0
Increase the default value of LoginGraceTime from 60 seconds to 120
...
seconds.
PR: 20488
Submitted by: rwatson
2000-08-23 09:47:25 +00:00
Peter Wemm
365c420eb1
Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes)
2000-07-11 09:54:24 +00:00
Peter Wemm
44de2297a4
Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600.
2000-07-11 09:52:14 +00:00
Peter Wemm
e213d985b2
Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but
...
sshd's internal default was 'yes'. (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)
Approved by: kris
2000-07-11 09:50:15 +00:00
Brian Feldman
2803b77e52
Allow "DenyUsers" to function.
2000-06-06 06:16:55 +00:00
Kris Kennaway
c322fe352d
Resolve conflicts
2000-06-03 09:58:15 +00:00
Kris Kennaway
e8aafc91b5
Resolve conflicts and update for FreeBSD.
2000-05-15 05:24:25 +00:00
Kris Kennaway
3c6ae11886
Resolve conflicts.
2000-03-26 07:37:48 +00:00
Sheldon Hearn
962a3f4e81
IgnoreUserKnownHosts is a boolean flag, not an integer value.
...
The fix submitted in the attributed PR is identical to the one
adopted by OpenBSD.
PR: 17027
Submitted by: David Malone <dwmalone@maths.tcd.ie>
Obtained from: OpenBSD
2000-03-22 09:36:35 +00:00
Mark Murray
fe5fd0173b
1) Add kerberos5 functionality.
...
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
by Andrey Chernov
2000-02-28 19:03:50 +00:00
Mark Murray
42f71286cd
Add the patches fom ports (QV: ports/security/openssh/patches/patch-*)
2000-02-24 15:29:42 +00:00
Mark Murray
511b41d2a1
Vendor import of OpenSSH.
2000-02-24 14:29:47 +00:00