History log of /openssh-portable/servconf.c (Results 1 - 25 of 689)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 91a2135f 06-Sep-2019 naddy@openbsd.org

upstream: Allow prepending a list of algorithms to the default set

by starting the list with the '^' character, e.g.

HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.c

upstream: Allow prepending a list of algorithms to the default set

by starting the list with the '^' character, e.g.

HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com

ok djm@ dtucker@

OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97

show more ...


# e826bbca 18-Apr-2019 dtucker@openbsd.org

upstream: When running sshd -T, assume any attibute not provided by

-C does not match, which allows it to work when sshd_config contains a Match
directive with or without -C. bz#2858, o

upstream: When running sshd -T, assume any attibute not provided by

-C does not match, which allows it to work when sshd_config contains a Match
directive with or without -C. bz#2858, ok djm@

OpenBSD-Commit-ID: 1a701f0a33e3bc96753cfda2fe0b0378520b82eb

show more ...


Revision tags: V_8_0_P1
# d6e5def3 25-Mar-2019 djm@openbsd.org

upstream: whitespace

OpenBSD-Commit-ID: 106e853ae8a477e8385bc53824d3884a8159db07


# fd10cf02 06-Mar-2019 dtucker@openbsd.org

upstream: Move checks for lists of users or groups into their own

function. This is a no-op on OpenBSD but will make things easier in
-portable, eg on systems where these checks should b

upstream: Move checks for lists of users or groups into their own

function. This is a no-op on OpenBSD but will make things easier in
-portable, eg on systems where these checks should be case-insensitive. ok
djm@

OpenBSD-Commit-ID: 8bc9c8d98670e23f8eaaaefe29c1f98e7ba0487e

show more ...


# 37638c75 20-Feb-2019 Corinna Vinschen

Cygwin: implement case-insensitive Unicode user and group name matching

The previous revert enabled case-insensitive user names again. This
patch implements the case-insensitive user an

Cygwin: implement case-insensitive Unicode user and group name matching

The previous revert enabled case-insensitive user names again. This
patch implements the case-insensitive user and group name matching.
To allow Unicode chars, implement the matcher using wchar_t chars in
Cygwin-specific code. Keep the generic code changes as small as possible.
Cygwin: implement case-insensitive Unicode user and group name matching

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

show more ...


# bed1d436 21-Feb-2019 Darren Tucker

Revert unintended parts of previous commit.


# f02afa35 20-Feb-2019 Corinna Vinschen

Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"

This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c.

Signed-off-by: Corinna Vinschen <vinschen@r

Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"

This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

show more ...


# 281ce042 23-Jan-2019 dtucker@openbsd.org

upstream: Always initialize 2nd arg to hpdelim2. It populates that

*ONLY IF* there's a delimiter. If there's not (the common case) it checked
uninitialized memory, which usually passed,

upstream: Always initialize 2nd arg to hpdelim2. It populates that

*ONLY IF* there's a delimiter. If there's not (the common case) it checked
uninitialized memory, which usually passed, but if not would cause spurious
failures when the uninitialized memory happens to contain "/". ok deraadt.

OpenBSD-Commit-ID: 4291611eaf2a53d4c92f4a57c7f267c9f944e0d3

show more ...


# d05ea255 23-Jan-2019 dtucker@openbsd.org

upstream: Remove support for obsolete host/port syntax.

host/port was added in 2001 as an alternative to host:port syntax for
the benefit of IPv6 users. These days there are establised

upstream: Remove support for obsolete host/port syntax.

host/port was added in 2001 as an alternative to host:port syntax for
the benefit of IPv6 users. These days there are establised standards
for this like [::1]:22 and the slash syntax is easily mistaken for CIDR
notation, which OpenSSH now supports for some things. Remove the slash
notation from ListenAddress and PermitOpen. bz#2335, patch from jjelen
at redhat.com, ok markus@

OpenBSD-Commit-ID: fae5f4e23c51a368d6b2d98376069ac2b10ad4b7

show more ...


# 172a592a 19-Jan-2019 djm@openbsd.org

upstream: convert servconf.c to new packet API

with & ok markus@

OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4


# 0fa174eb 19-Jan-2019 djm@openbsd.org

upstream: begin landing remaining refactoring of packet parsing

API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes

upstream: begin landing remaining refactoring of packet parsing

API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4

show more ...


# 928f1231 18-Nov-2018 djm@openbsd.org

upstream: silence (to log level debug2) failure messages when

loading the default hostkeys. Hostkeys explicitly specified in the
configuration or on the command-line are still reported a

upstream: silence (to log level debug2) failure messages when

loading the default hostkeys. Hostkeys explicitly specified in the
configuration or on the command-line are still reported as errors, and
failure to load at least one host key remains a fatal error.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Based on patch from Dag-Erling Smørgrav via
https://github.com/openssh/openssh-portable/pull/103

ok markus@

OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684

show more ...


# 2a35862e 15-Nov-2018 djm@openbsd.org

upstream: use path_absolute() for pathname checks; from Manoj Ampalam

OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925


Revision tags: V_7_9_P1
# 0cbed248 20-Sep-2018 djm@openbsd.org

upstream: actually make CASignatureAlgorithms available as a config

option

OpenBSD-Commit-ID: 93fa7ff58314ed7b1ab7744090a6a91232e6ae52


# 86e5737c 19-Sep-2018 djm@openbsd.org

upstream: Add sshd_config CASignatureAlgorithms option to allow

control over which signature algorithms a CA may use when signing
certificates. In particular, this allows a sshd to ban c

upstream: Add sshd_config CASignatureAlgorithms option to allow

control over which signature algorithms a CA may use when signing
certificates. In particular, this allows a sshd to ban certificates signed
with RSA/SHA1.

ok markus@

OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac

show more ...


Revision tags: V_7_8_P1
# 1b9dd4aa 12-Aug-2018 djm@openbsd.org

upstream: better diagnosics on alg list assembly errors; ok

deraadt@ markus@

OpenBSD-Commit-ID: 5a557e74b839daf13cc105924d2af06a1560faee


# 87f08be0 19-Jul-2018 Damien Miller

Remove support for S/Key

Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM

Remove support for S/Key

Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM or BSD Auth.

show more ...


# 5467fbcb 11-Jul-2018 markus@openbsd.org

upstream: remove legacy key emulation layer; ok djm@

OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d


# c3cb7790 09-Jul-2018 markus@openbsd.org

upstream: sshd: switch config to sshbuf API; ok djm@

OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd


# 168b46f4 09-Jul-2018 sf@openbsd.org

upstream: Revert previous two commits

It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:

date: 2018/07/06 09:06:14; au

upstream: Revert previous two commits

It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:

date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
Rename COMP_DELAYED to COMP_ZLIB

Only delayed compression is supported nowadays.

ok markus@

date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
Remove leftovers from pre-authentication compression

Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.

ok markus@

OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772

show more ...


# ab39267f 06-Jul-2018 sf@openbsd.org

upstream: Rename COMP_DELAYED to COMP_ZLIB

Only delayed compression is supported nowadays.

ok markus@

OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821


# 312d2f28 04-Jul-2018 djm@openbsd.org

upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA

signature work - returns ability to add/remove/specify algorithms by
wildcard.

Algorithm lists are now fully expa

upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA

signature work - returns ability to add/remove/specify algorithms by
wildcard.

Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.

Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.

(lots of) feedback, ok markus@

OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207

show more ...


# 95344c25 03-Jul-2018 djm@openbsd.org

upstream: allow sshd_config PermitUserEnvironment to accept a

pattern-list of whitelisted environment variable names in addition to yes|no.

bz#1800, feedback and ok markus@

upstream: allow sshd_config PermitUserEnvironment to accept a

pattern-list of whitelisted environment variable names in addition to yes|no.

bz#1800, feedback and ok markus@

OpenBSD-Commit-ID: 77dc2b468e0bf04b53f333434ba257008a1fdf24

show more ...


# 87ddd676 18-Jun-2018 djm@openbsd.org

upstream: allow bare port numbers to appear in PermitListen directives,

e.g.

PermitListen 2222 8080

is equivalent to:

PermitListen *:2222 *:8080

Some bonu

upstream: allow bare port numbers to appear in PermitListen directives,

e.g.

PermitListen 2222 8080

is equivalent to:

PermitListen *:2222 *:8080

Some bonus manpage improvements, mostly from markus@

"looks fine" markus@

OpenBSD-Commit-ID: 6546b0cc5aab7f53d65ad0a348ca0ae591d6dd24

show more ...


# 28013759 08-Jun-2018 djm@openbsd.org

upstream: add a SetEnv directive for sshd_config to allow an

administrator to explicitly specify environment variables set in sessions
started by sshd. These override the default environ

upstream: add a SetEnv directive for sshd_config to allow an

administrator to explicitly specify environment variables set in sessions
started by sshd. These override the default environment and any variables set
by user configuration (PermitUserEnvironment, etc), but not the SSH_*
variables set by sshd itself.

ok markus@

OpenBSD-Commit-ID: b6a96c0001ccd7dd211df6cae9e961c20fd718c0

show more ...


12345678910>>...28