History log of /openssh-portable/servconf.c (Results 1 - 25 of 711)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 816036f1 18-Oct-2020 djm@openbsd.org

upstream: use the new variant log macros instead of prepending

__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8


# 793b583d 16-Oct-2020 djm@openbsd.org

upstream: LogVerbose keyword for ssh and sshd

Allows forcing maximum debug logging by file/function/line pattern-
lists.

ok markus@

OpenBSD-Commit-ID: c294c25732d1b4fe7

upstream: LogVerbose keyword for ssh and sshd

Allows forcing maximum debug logging by file/function/line pattern-
lists.

ok markus@

OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356

show more ...


Revision tags: V_8_4_P1
# 8372bff3 05-Sep-2020 Sebastian Andrzej Siewior

Remove HAVE_MMAP and BROKEN_MMAP

BROKEN_MMAP is no longer defined since commit
1cfd5c06efb12 ("Remove portability support for mmap")

this commit also removed other HAVE_MMAP

Remove HAVE_MMAP and BROKEN_MMAP

BROKEN_MMAP is no longer defined since commit
1cfd5c06efb12 ("Remove portability support for mmap")

this commit also removed other HAVE_MMAP user. I didn't find anything
that defines HAVE_MMAP. The check does not trigger because compression
on server side is by default COMP_DELAYED (2) so it never triggers.

Remove remaining HAVE_MMAP and BROKEN_MMAP bits.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

show more ...


# 72730249 27-Aug-2020 dtucker@openbsd.org

upstream: Check that the addresses supplied to Match Address and

Match LocalAddress are valid when parsing in config-test mode. This will
catch address/mask mismatches before they cause

upstream: Check that the addresses supplied to Match Address and

Match LocalAddress are valid when parsing in config-test mode. This will
catch address/mask mismatches before they cause problems at runtime. Found by
Daniel Stocker, ok djm@

OpenBSD-Commit-ID: 2d0b10c69fad5d8fda4c703e7c6804935289378b

show more ...


# 801c9f09 26-Aug-2020 djm@openbsd.org

upstream: support for requiring user verified FIDO keys in sshd

This adds a "verify-required" authorized_keys flag and a corresponding
sshd_config option that tells sshd to require that

upstream: support for requiring user verified FIDO keys in sshd

This adds a "verify-required" authorized_keys flag and a corresponding
sshd_config option that tells sshd to require that FIDO keys verify the
user identity before completing the signing/authentication attempt.
Whether or not user verification was performed is already baked into the
signature made on the FIDO token, so this is just plumbing that flag
through and adding ways to require it.

feedback and ok markus@

OpenBSD-Commit-ID: 3a2313aae153e043d57763d766bb6d55c4e276e6

show more ...


# 6d755706 05-Jul-2020 djm@openbsd.org

upstream: some language improvements; ok markus

OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8


# 250246fe 24-Jun-2020 markus@openbsd.org

upstream: support loading big sshd_config files w/o realloc; ok

djm

OpenBSD-Commit-ID: ba9238e810074ac907f0cf8cee1737ac04983171


# 7af1e92c 27-May-2020 djm@openbsd.org

upstream: fix Include before Match in sshd_config; bz#3122 patch

from Jakub Jelen

OpenBSD-Commit-ID: 1b0aaf135fe6732b5d326946042665dd3beba5f4


# 0a9a6116 27-May-2020 djm@openbsd.org

upstream: Do not call process_queued_listen_addrs() for every

included file from sshd_config; patch from Jakub Jelen

OpenBSD-Commit-ID: 0ff603d6f06a7fab4881f12503b53024799d0a49


Revision tags: V_8_3_P1
# 20819b96 24-Apr-2020 Darren Tucker

Error out if given RDomain if unsupported.

If the config contained 'RDomain %D' on a platform that did not support
it, the error would not be detected until runtime resulting in a broken

Error out if given RDomain if unsupported.

If the config contained 'RDomain %D' on a platform that did not support
it, the error would not be detected until runtime resulting in a broken
sshd. Detect this earlier and error out if found. bz#3126, based on a
patch from jjelen at redhat.com, tweaks and ok djm@

show more ...


# f96f17f9 17-Apr-2020 Damien Miller

sys/sysctl.h is only used on OpenBSD

so change the preprocessor test used to include it to check
__OpenBSD__, matching the code that uses the symbols it declares.


# c90f72d2 16-Apr-2020 djm@openbsd.org

upstream: make IgnoreRhosts a tri-state option: "yes" ignore

rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow
.shosts files but not .rhosts. ok dtucker@

O

upstream: make IgnoreRhosts a tri-state option: "yes" ignore

rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow
.shosts files but not .rhosts. ok dtucker@

OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9

show more ...


# 321c7147 16-Apr-2020 djm@openbsd.org

upstream: allow the IgnoreRhosts directive to appear anywhere in a

sshd_config, not just before any Match blocks; bz3148, ok dtucker@

OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a6

upstream: allow the IgnoreRhosts directive to appear anywhere in a

sshd_config, not just before any Match blocks; bz3148, ok dtucker@

OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a62bf3825736e8

show more ...


# 8bdc3bb7 06-Mar-2020 markus@openbsd.org

upstream: fix relative includes in sshd_config; ok djm

OpenBSD-Commit-ID: fa29b0da3c93cbc3a1d4c6bcd58af43c00ffeb5b


Revision tags: V_8_2_P1
# c2bd7f74 31-Jan-2020 djm@openbsd.org

upstream: Add a sshd_config "Include" directive to allow inclusion

of files. This has sensible semantics wrt Match blocks and accepts glob(3)
patterns to specify the included files. Base

upstream: Add a sshd_config "Include" directive to allow inclusion

of files. This has sensible semantics wrt Match blocks and accepts glob(3)
patterns to specify the included files. Based on patch by Jakub Jelen in
bz2468; feedback and ok markus@

OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff

show more ...


# 7f8e66fe 23-Jan-2020 dtucker@openbsd.org

upstream: Make zlib optional. This adds a "ZLIB" build time option

that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@

Ope

upstream: Make zlib optional. This adds a "ZLIB" build time option

that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@

OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910

show more ...


# c4b3a128 22-Jan-2020 dtucker@openbsd.org

upstream: Remove unsupported algorithms from list of defaults at run

time and remove ifdef and distinct settings for OPENSSL=no case.

This will make things much simpler for -portabl

upstream: Remove unsupported algorithms from list of defaults at run

time and remove ifdef and distinct settings for OPENSSL=no case.

This will make things much simpler for -portable where the exact set
of algos depends on the configuration of both OpenSSH and the libcrypto
it's linked against (if any). ok djm@

OpenBSD-Commit-ID: e0116d0183dcafc7a9c40ba5fe9127805c5dfdd2

show more ...


# 3145d38e 15-Dec-2019 djm@openbsd.org

upstream: don't treat HostKeyAgent=none as a path either; avoids

spurious warnings from the cfgparse regress test

OpenBSD-Commit-ID: ba49ea7a5c92b8a16cb9c2e975dbb163853afc54


# 747e2519 15-Dec-2019 djm@openbsd.org

upstream: do not attempt to find an absolute path for sshd_config

SecurityKeyProvider=internal - unbreaks cfgparse regress test

OpenBSD-Commit-ID: d2ddcf525c0dc3c8339522360c10b3c70f

upstream: do not attempt to find an absolute path for sshd_config

SecurityKeyProvider=internal - unbreaks cfgparse regress test

OpenBSD-Commit-ID: d2ddcf525c0dc3c8339522360c10b3c70f1fd641

show more ...


# 56584cce 15-Dec-2019 djm@openbsd.org

upstream: allow security keys to act as host keys as well as user

keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FID

upstream: allow security keys to act as host keys as well as user

keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.

ok markus@

OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c

show more ...


# 0fddf296 24-Nov-2019 djm@openbsd.org

upstream: Add a sshd_config PubkeyAuthOptions directive

This directive has a single valid option "no-touch-required" that
causes sshd to skip checking whether user presence was tested be

upstream: Add a sshd_config PubkeyAuthOptions directive

This directive has a single valid option "no-touch-required" that
causes sshd to skip checking whether user presence was tested before
a security key signature was made (usually by the user touching the
key).

ok markus@

OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de

show more ...


# 01a0670f 31-Oct-2019 djm@openbsd.org

upstream: Separate myproposal.h userauth pubkey types

U2F/FIDO keys are not supported for host authentication, so we need
a separate list for user keys.

feedback & ok markus@

upstream: Separate myproposal.h userauth pubkey types

U2F/FIDO keys are not supported for host authentication, so we need
a separate list for user keys.

feedback & ok markus@

OpenBSD-Commit-ID: 7fe2e6ab85f9f2338866e5af8ca2d312abbf0429

show more ...


Revision tags: V_8_1_P1
# 91a2135f 06-Sep-2019 naddy@openbsd.org

upstream: Allow prepending a list of algorithms to the default set

by starting the list with the '^' character, e.g.

HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.c

upstream: Allow prepending a list of algorithms to the default set

by starting the list with the '^' character, e.g.

HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com

ok djm@ dtucker@

OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97

show more ...


# e826bbca 18-Apr-2019 dtucker@openbsd.org

upstream: When running sshd -T, assume any attibute not provided by

-C does not match, which allows it to work when sshd_config contains a Match
directive with or without -C. bz#2858, o

upstream: When running sshd -T, assume any attibute not provided by

-C does not match, which allows it to work when sshd_config contains a Match
directive with or without -C. bz#2858, ok djm@

OpenBSD-Commit-ID: 1a701f0a33e3bc96753cfda2fe0b0378520b82eb

show more ...


Revision tags: V_8_0_P1
# d6e5def3 25-Mar-2019 djm@openbsd.org

upstream: whitespace

OpenBSD-Commit-ID: 106e853ae8a477e8385bc53824d3884a8159db07


12345678910>>...29