aboutsummaryrefslogtreecommitdiff
path: root/security/ssh/files
Commit message (Collapse)AuthorAgeFilesLines
* Sigh, the patch released by ssh.com was wrong (kill() had the argumentsKris Kennaway2001-02-091-1/+1
| | | | | | | | | | | in the wrong order). Fix this, and bump PORTREVISION again. The window was only a few minutes, but this won't disrupt things, and someone may have updated in that window given the prominence of the problem. Obtained from: Matt Power <mhpower@BOS.BINDVIEW.COM> via Bugtraq Notes: svn path=/head/; revision=38157
* Commit fixes for the two recent security problems found by BINDVIEWKris Kennaway2001-02-092-0/+32
| | | | | | | and Core-SDI, and bump PORTREVISION. Notes: svn path=/head/; revision=38156
* Remove dependency on rsaref, comment out RESTRICTED line (but leave itKris Kennaway2000-09-171-8/+5
| | | | | | | | there for reference in case we replace these with a CRYPTO variable), and bump PORTREVISION. Notes: svn path=/head/; revision=32740
* Don't make sshd listen on two ports by default (!) - this "feature" wasKris Kennaway2000-04-211-4/+16
| | | | | | | | | | | | | | silently added on 2000/01/14 as part of the IPv6 support. The default sshd config had sshd listening both on port 22 and port 722 (this was apparently intended to facilitate traffic-shaping in that different queueing priorities could be assigned to ssh sessions on the two ports). Combine two patches into one. Submitted by: peter Notes: svn path=/head/; revision=27835
* Unbreak Kerberos5 support.Kris Kennaway2000-04-211-2/+2
| | | | Notes: svn path=/head/; revision=27834
* Convert patch to unidiff; no functional changes.Kris Kennaway2000-04-211-418/+369
| | | | Notes: svn path=/head/; revision=27833
* Add better sshd startup scripts; specifically, allow restarting andWill Andrews2000-04-051-0/+27
| | | | | | | | | | | | | | | | stopping the server. Martti's submission did not include -h, which I added because if I had added the scripts the way he submitted them, the server wouldn't be started on startup. PR: 10196 Submitted by: Martti Kuparinen <martti.kuparinen@ericsson.com> Reviewed by: kris (partially) No response: maintainers (PR opened February 22, 1999) Notes: svn path=/head/; revision=27351
* - re-enable TCP_NODELAYMunechika SUMIKAWA2000-02-241-41/+30
| | | | | | | | | | | | Submitted by: Arjan.deVet@adv.iae.nl (Arjan de Vet) - do not exit in failure to connect using IPv6 and try to IPv4 when connecting to dualstack hosts. Approved by: torstenb Notes: svn path=/head/; revision=26255
* Make IPv6-enable ssh works on socks environment.Munechika SUMIKAWA2000-02-243-17/+53
| | | | | | | | | | Submitted by: Masahide -mac- NODA <mac@clave.gr.jp> Reviewed by: shin, Robert Muir <rmuir@looksharp.net> Toshihiko Kodama <kodama@ayame.mfd.cs.fujitsu.co.jp> Approved by: torstenb Notes: svn path=/head/; revision=26248
* Make buildable on IPv4-only kernel.Munechika SUMIKAWA2000-02-201-7/+9
| | | | | | | | Specified by: ache Reviewed by: torstenb Notes: svn path=/head/; revision=26042
* Checfor OSVERSION _or_ USE_INET6 when deciding if IPv6 support shouldTorsten Blum2000-02-121-13/+19
| | | | | | | | | | | be added. This is done to support the build on pre 4.0 machines with the KAME IPv6 stack installed. It has been verified to build+work with both 4.0 and 3.4+kame. Org. patch Submitted By: Munechika SUMIKAWA <sumikawa@ebina.hitachi.co.jp> Notes: svn path=/head/; revision=25701
* Add IPv6 support to ssh.Torsten Blum2000-01-1423-123/+4015
| | | | | | | | | | | | | | | | | The IPv6 patch was obtained from the kame repository and has been been writen by KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> Due to the whole mess with different patches it was necessary to include both the IPv6 patch and patch-ssh-1.2.27-bsd.tty.chown in ${PATCHDIR}. Since both patches modify the configure script it was also necessary to rebuild it via autoconf from configure.in. I've decided to use USE_AUTOCONF instead of including the re-build configure script in ${FILESDIR} Obtained from: KAME/WIDE Notes: svn path=/head/; revision=24737
* Default to not allowing root logins. This makes it consistant withWarner Losh1999-11-201-1/+1
| | | | | | | | OpenSSH. Users desiring the old functionality can edit their sshd-config files by hand for new installs. Notes: svn path=/head/; revision=23216
* Don't overflow rsa bits. As seen on bugtraq and elsewhere.Warner Losh1999-11-161-0/+25
| | | | | | | | | Submitted by: drow@false.org Reviewed by: ache PR: 14749 Notes: svn path=/head/; revision=23147
* Turn Root Login on again.Torsten Blum1999-09-101-1/+1
| | | | | | | | It has been changed in rev. 1.4 of this file, but the committer forgot to mention it on the log. Notes: svn path=/head/; revision=21609
* Only use trimdomain() if __FreeBSD_version > 320000Brian Somers1999-06-182-9/+22
| | | | | | | It was available in 3.0 & 3.1 but would truncate at UT_HOSTSIZE-1 Notes: svn path=/head/; revision=19543
* PR: ports/12037SADA Kenji1999-06-159-384/+158
| | | | | | | | | | Submitted by: Issei Suzuki <issei@jp.FreeBSD.ORG> Upgrade to 1.2.27. # I'm not maintainer but it seems that torstenb is too busy to # look the PR and many people want new version ssh port. Notes: svn path=/head/; revision=19489
* Always use trimdomain(), not just #if __FreeBSD_version >= 400004Brian Somers1999-05-072-22/+8
| | | | | | | The port maintainer must be away.... Notes: svn path=/head/; revision=18592
* Reduce the copy of the DISPLAY variable usingBrian Somers1999-04-111-2/+24
| | | | | | | | | trimdomain() so that ``ssh machine.domain xterm'' comes out with a machine name of (say) ``machine:10.0''. Reviewed by: torstenb@ Notes: svn path=/head/; revision=17770
* Call trimdomain() to reduce the size of the ut_hostBrian Somers1999-04-111-0/+31
| | | | | | | | field before reveting to storing an IP number. Reviewed by: torstenb@ Notes: svn path=/head/; revision=17769
* add official kerberos patchAndrey A. Chernov1998-11-101-0/+286
| | | | Notes: svn path=/head/; revision=14446
* Properly reference the rsaref sources, which are required during the buildJordan K. Hubbard1998-10-081-5/+8
| | | | | | | | of ssh now. If anyone knows of a way of making the build dependency here less gross, I'm listening! :) Notes: svn path=/head/; revision=13727
* Repair a linkage problem, whereis the ssh port was trying toChuck Robey1998-09-131-186/+121
| | | | | | | | specify the location of system libs. Reviewed by: Mark Murray, David O'Brien Notes: svn path=/head/; revision=13098
* 1.2.22 -> 1.2.25Dima Ruban1998-06-122-425/+139
| | | | | | | | | | Somebody needs to go through patch-af to check it, since I'm not sure about some of the stuff. This version fixes a security flaw in previous version. Notes: svn path=/head/; revision=11400
* Fix rare DES empty passwords bugAndrey A. Chernov1998-02-131-0/+13
| | | | Notes: svn path=/head/; revision=9707
* Don't print "No mail" for FreeBSD , just print nothingAndrey A. Chernov1998-01-221-3/+15
| | | | Notes: svn path=/head/; revision=9411
* Fix .hushlogin supportAndrey A. Chernov1998-01-221-48/+74
| | | | | | | | | Remove FreeBSD mail check, now done elsewhere in the code Use bsdi code to warn about expired/changed passwords Move misplaced login_close up Notes: svn path=/head/; revision=9410
* Upgrade to ssh 1.2.22. Please send problems with the upgrade to me.Warner Losh1998-01-201-422/+355
| | | | | | | | | | 1.2.22 fixes a security hole with ssh-agent, so users are encouraged to upgrade. OK'd by: Torsten Blum (torstenb@freebsd.org) Notes: svn path=/head/; revision=9384
* Merge in change requested by theo:Warner Losh1997-12-241-1/+1
| | | | | | | | | OpenBSD and FreeBSD now both use rresvport. This is a nop for FreeBSD, but for OpenBSD this picks random port numbers. Submitted by: deraadt@cvs.openbsd.org Notes: svn path=/head/; revision=9175
* Upgrade to 1.2.21Torsten Blum1997-09-161-61/+63
| | | | Notes: svn path=/head/; revision=7923
* Prevent this server error message:John Polstra1997-07-191-0/+13
| | | | | | | | | | | | | | | fatal: Local: Agent socket bind failed: Address already in use It would happen when the server tried to create the Unix domain socket "/tmp/ssh-username/agent-socket-123", if the file already existed. It could already exist if it happened to be left over from a system crash. This patch unlinks the file before attempting the bind operation. I will send this patch to ssh-bugs@cs.hut.fi too. Notes: svn path=/head/; revision=7375
* Handle expired and changed password timeouts nowAndrey A. Chernov1997-06-111-19/+70
| | | | Notes: svn path=/head/; revision=6862
* login_getclass() -> login_getpwclass().David Nugent1997-05-101-2/+2
| | | | Notes: svn path=/head/; revision=6441
* Fix 3 error with login.confAndrey A. Chernov1997-05-021-24/+38
| | | | | | | | | | 1) pw->pw_class was always zero since not copied 2) login_getuserclass() used instead of login_getclass(), so default class always returned 3) env pointer can be redefined at the moment of setusercontext() call Notes: svn path=/head/; revision=6379
* Update from ssh-1.2.19 to ssh-1.2.20. All patches applied still, I justPeter Wemm1997-04-254-62/+62
| | | | | | | | | | | | regenerated them to fix the line numbers. Also, I added two commented out options in Makefile, one to tell sshd that a group writeable homedir is OK because all users are in their own group, and the other is to allow an unencrypted connection (which is dangerous since it can lead to compromise of keys), but on a secure network it's damn useful for backups etc. Notes: svn path=/head/; revision=6293
* Disable extended LOGIN_CAP $MAIL processing until it will be fixedAndrey A. Chernov1997-04-161-1/+1
| | | | | | | | properly. In old variant /var/mail/root was always checked instead of /var/mail/<user> Notes: svn path=/head/; revision=6223
* Upgrade to 1.2.19Andrey A. Chernov1997-04-164-74/+147
| | | | Notes: svn path=/head/; revision=6222
* Fix argument parsing loop in ssh-agent (original 1.2.18 bug)Andrey A. Chernov1997-04-011-0/+13
| | | | Notes: svn path=/head/; revision=6082
* Upgrade to 1.2.18Andrey A. Chernov1997-03-286-186/+187
| | | | Notes: svn path=/head/; revision=6051
* Add LOGIN_CAP abilitiesAndrey A. Chernov1997-02-275-37/+237
| | | | | | | Submitted by: davidn Notes: svn path=/head/; revision=5763
* Make one of our changes for -current work on 2.1. In -current, rresvport()Peter Wemm1996-12-271-1/+2
| | | | | | | | | | ignores it's argument (it's meaningless, the kernel keeps the state), but 2.1.x use it. ssh was effectively giving a random port to 2.1. Originally noticed by: John Polstra <jdp@polstra.com> Notes: svn path=/head/; revision=5106
* 1.2.16 --> 1.2.17Adam David1996-11-201-13/+13
| | | | | | | (new agent forwarding protocol that is said to work this time) Notes: svn path=/head/; revision=4614
* Remove my ptys patch, because this code is unused, openpty is used insteadAndrey A. Chernov1996-11-121-15/+35
| | | | | | | | | Mimic login more closely now: 1) Put usual Copyright line 2) You have mail Notes: svn path=/head/; revision=4414
* Use BSD naming convention for pty names, it fixes two problems:Andrey A. Chernov1996-11-121-0/+19
| | | | | | | | 1) Too many false open syscalls on pty allocation 2) (more serious) ssh not use about half of available ptys Notes: svn path=/head/; revision=4412
* Change syslog facility from DAEMON to AUTHAndrey A. Chernov1996-11-021-0/+19
| | | | Notes: svn path=/head/; revision=4249
* Use system shared libgmp nowAndrey A. Chernov1996-10-242-89/+183
| | | | Notes: svn path=/head/; revision=4148
* It fixes a really annoying errorAndrey A. Chernov1996-10-171-0/+32
| | | | | | | | | | | reporting bug which happens if the remote end uses tcp_wrappers to control sshd access (it says something like "read: no such file or directory" or "read: permission denied" instead of "connection closed"). I already sent it in to the ssh mailing list. Submitted by: fenner Notes: svn path=/head/; revision=4020
* Upgrade to official 1.2.16Andrey A. Chernov1996-10-162-64/+89
| | | | | | | Fix PLIST Notes: svn path=/head/; revision=3997
* Have ssh use rresvport() to get a privileged socket instead of doing itPeter Wemm1996-08-121-0/+26
| | | | | | | itself. This means it obeys the portrange sysctl's. Notes: svn path=/head/; revision=3583
* Back out andrews change - 1.2.14.1 is not an official ssh release.Torsten Blum1996-07-182-67/+65
| | | | Notes: svn path=/head/; revision=3400