summaryrefslogtreecommitdiff
path: root/readconf.c
Commit message (Collapse)AuthorAgeFilesLines
* - djm@cvs.openbsd.org 2004/06/17 15:10:14Damien Miller2004-06-181-2/+2
| | | | | | [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5] Add option for confirmation (ControlMaster=ask) via ssh-askpass before opening shared connections; ok markus@
* - djm@cvs.openbsd.org 2004/06/13 15:03:02Damien Miller2004-06-151-2/+16
| | | | | | | [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c] [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5] implement session multiplexing in the client (the server has supported this since 2.0); ok markus@
* - dtucker@cvs.openbsd.org 2004/05/27 00:50:13Damien Miller2004-06-151-8/+3
| | | | | [readconf.c] Kill dead code after fatal(); ok djm@
* - djm@cvs.openbsd.org 2004/04/27 09:46:37Darren Tucker2004-05-021-1/+17
| | | | | | | [readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c ssh_config.5 sshd_config.5] bz #815: implement ability to pass specified environment variables from the client to the server; ok markus@
* - djm@cvs.openbsd.org 2004/04/18 23:10:26Damien Miller2004-04-201-4/+19
| | | | | | | [readconf.c readconf.h ssh-keysign.c ssh.c] perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions
* - markus@cvs.openbsd.org 2004/03/05 10:53:58Damien Miller2004-03-081-2/+10
| | | | | [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c] add IdentitiesOnly; ok djm@, pb@
* - markus@cvs.openbsd.org 2003/12/16 15:49:51Damien Miller2003-12-171-2/+19
| | | | | | | | [clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1] [ssh.c ssh_config.5] application layer keep alive (ServerAliveInterval ServerAliveCountMax) for ssh(1), similar to the sshd(8) option; ok beck@; with help from jmc and dtucker@
* - markus@cvs.openbsd.org 2003/12/09 21:53:37Damien Miller2003-12-171-9/+10
| | | | | | | [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1] [ssh_config.5 sshconnect.c sshd.c sshd_config.5] rename keepalive to tcpkeepalive; the old name causes too much confusion; ok djm, dtucker; with help from jmc@
* - jakob@cvs.openbsd.org 2003/11/12 16:39:58Damien Miller2003-11-171-2/+3
| | | | | [dns.c dns.h readconf.c ssh_config.5 sshconnect.c] update SSHFP validation. ok markus@
* - jakob@cvs.openbsd.org 2003/10/14 19:42:10Darren Tucker2003-10-151-5/+1
| | | | | [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c] include SSHFP lookup code (not enabled by default). ok markus@
* - markus@cvs.openbsd.org 2003/10/11 08:24:08Darren Tucker2003-10-151-2/+10
| | | | | | | [readconf.c readconf.h ssh.1 ssh.c ssh_config.5] remote x11 clients are now untrusted by default, uses xauth(8) to generate untrusted cookies; ForwardX11Trusted=yes restores old behaviour. ok deraadt; feedback and ok djm/fries
* - markus@cvs.openbsd.org 2003/10/08 15:21:24Darren Tucker2003-10-151-2/+2
| | | | | [readconf.c ssh_config.5] default GSS API to no in client, too; ok jakob, deraadt@
* - markus@cvs.openbsd.org 2003/09/01 18:15:50Damien Miller2003-09-021-16/+1
| | | | | [readconf.c readconf.h servconf.c servconf.h ssh.c] remove unused kerberos code; ok henning@
* - markus@cvs.openbsd.org 2003/09/01 12:50:46Damien Miller2003-09-021-2/+1
| | | | | [readconf.c] rm gssapidelegatecreds alias; never supported before
* - markus@cvs.openbsd.org 2003/08/28 12:54:34Damien Miller2003-09-021-6/+1
| | | | | | | | [auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
* - markus@cvs.openbsd.org 2003/08/22 10:56:09Darren Tucker2003-08-261-2/+24
| | | | | | | | | [auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
* - markus@cvs.openbsd.org 2003/08/13 09:07:10Darren Tucker2003-08-131-2/+2
| | | | | [readconf.c ssh.c] socks4->socks, since with support both 4 and 5; dtucker@zip.com.au
* - markus@cvs.openbsd.org 2003/08/13 08:46:31Darren Tucker2003-08-131-12/+3
| | | | | | | [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5] remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others
* - (dtucker) OpenBSD CVS SyncPOST_KRB4_REMOVALDarren Tucker2003-08-021-14/+3
| | | | | | | | | | | | | - markus@cvs.openbsd.org 2003/07/22 13:35:22 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. I hope I got this right....
* - djm@cvs.openbsd.org 2003/07/03 08:09:06Darren Tucker2003-07-031-5/+10
| | | | | | [readconf.c readconf.h ssh-keysign.c ssh.c] fix AddressFamily option in config file, from brent@graveland.net; ok markus@
* - markus@cvs.openbsd.org 2003/06/26 20:08:33Darren Tucker2003-06-281-1/+3
| | | | | [readconf.c] do not dump core for 'ssh -o proxycommand host'; ok deraadt@
* - djm@cvs.openbsd.org 2003/05/16 03:27:12Damien Miller2003-05-181-1/+16
| | | | | | [readconf.c ssh_config ssh_config.5 ssh-keysign.c] add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
* - djm@cvs.openbsd.org 2003/05/15 14:55:25Damien Miller2003-05-161-2/+18
| | | | | | [readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c] add a ConnectTimeout option to ssh, based on patch from Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
* - jakob@cvs.openbsd.org 2003/05/15 14:02:47Damien Miller2003-05-161-14/+24
| | | | | [readconf.c servconf.c] warn for unsupported config option. ok markus@
* - jakob@cvs.openbsd.org 2003/05/15 04:08:44Damien Miller2003-05-151-1/+13
| | | | | [readconf.c servconf.c] disable kerberos when not supported. ok markus@
* - jakob@cvs.openbsd.org 2003/05/15 01:48:10Damien Miller2003-05-151-34/+6
| | | | | | [readconf.c readconf.h servconf.c servconf.h] always parse kerberos options. ok djm@ markus@ - (djm) Always parse UsePAM
* - jakob@cvs.openbsd.org 2003/05/14 18:16:20Damien Miller2003-05-151-2/+10
| | | | | | | | [key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c] [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c] add experimental support for verifying hos keys using DNS as described in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
* - (djm) OpenBSD CVS SyncDamien Miller2003-05-141-1/+8
| | | | | | | - djm@cvs.openbsd.org 2003/04/09 12:00:37 [readconf.c] strip trailing whitespace from config lines before parsing. Fixes bz 528; ok markus@
* - (djm) OpenBSD CVS SyncDamien Miller2003-04-091-2/+31
| | | | | | | - markus@cvs.openbsd.org 2003/04/02 09:48:07 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] reapply rekeying chage, tested by henning@, ok djm@
* - markus@cvs.openbsd.org 2003/04/01 10:10:23Damien Miller2003-04-011-1/+1
| | | | | | | | | | | | | | | | | | | [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] rekeying bugfixes and automatic rekeying: * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying - markus@cvs.openbsd.org 2003/04/01 10:22:21 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] backout rekeying changes (for 3.6.1)
* - markus@cvs.openbsd.org 2003/02/05 09:02:28Damien Miller2003-02-241-11/+6
| | | | | [readconf.c] simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@
* - markus@cvs.openbsd.org 2002/11/07 22:08:07Ben Lindstrom2002-11-091-1/+10
| | | | | | | | | [readconf.c readconf.h ssh-keysign.8 ssh-keysign.c] we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
* - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platformsBen Lindstrom2002-07-091-1/+1
| | | | lacking that concept can share it. Patch by vinschen@redhat.com
* - deraadt@cvs.openbsd.org 2002/06/19 00:27:55Ben Lindstrom2002-06-211-2/+2
| | | | | | | | | [auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c xmalloc.h] KNF done automatically while reading....
* - stevesk@cvs.openbsd.org 2002/06/10 17:45:20Ben Lindstrom2002-06-111-3/+3
| | | | | | [readconf.c ssh.1] change RhostsRSAAuthentication and RhostsAuthentication default to no since ssh is no longer setuid root by default; ok markus@
* - markus@cvs.openbsd.org 2002/06/08 12:46:14Ben Lindstrom2002-06-091-3/+3
| | | | | | [readconf.c] silently ignore deprecated options, since FallBackToRsh might be passed by remote scp commands.
* - markus@cvs.openbsd.org 2002/06/08 05:40:01Ben Lindstrom2002-06-091-2/+2
| | | | | [readconf.c] just warn about Deprecated options for now
* - markus@cvs.openbsd.org 2002/06/08 05:17:01Ben Lindstrom2002-06-091-23/+13
| | | | | [readconf.c readconf.h ssh.1 ssh.c] deprecate FallBackToRsh and UseRsh; patch from djm@
* - markus@cvs.openbsd.org 2002/02/04 12:15:25Damien Miller2002-02-051-5/+5
| | | | | | [log.c log.h readconf.c servconf.c] add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1, fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
* - stevesk@cvs.openbsd.org 2002/01/04 17:59:17Damien Miller2002-01-221-3/+1
| | | | | [readconf.c servconf.c] remove #ifdef _PATH_XAUTH/#endif; ok markus@
* - deraadt@cvs.openbsd.org 2001/12/19 07:18:56Damien Miller2001-12-211-16/+16
| | | | | | | | | | | | [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else
* - stevesk@cvs.openbsd.org 2001/11/17 19:14:34Ben Lindstrom2001-12-061-2/+2
| | | | | [auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c] enum/int type cleanup where it made sense to do so; ok markus@
* - markus@cvs.openbsd.org 2001/10/01 21:51:16Ben Lindstrom2001-10-031-2/+10
| | | | | | [readconf.c readconf.h ssh.1 sshconnect.c] add NoHostAuthenticationForLocalhost; note that the hostkey is now check for localhost, too.
* - stevesk@cvs.openbsd.org 2001/09/19 19:24:19Ben Lindstrom2001-09-201-2/+24
| | | | | | [readconf.c readconf.h scp.c sftp.c ssh.1] add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
* - stevesk@cvs.openbsd.org 2001/09/03 20:58:33Ben Lindstrom2001-09-121-4/+5
| | | | | [readconf.c readconf.h ssh.c] fatal() for nonexistent -Fssh_config. ok markus@
* - stevesk@cvs.openbsd.org 2001/08/30 16:04:35Ben Lindstrom2001-09-121-31/+24
| | | | | | | [readconf.c ssh.1] validate ports for LocalForward/RemoteForward. add host/port alternative syntax for IPv6 (like -L/-R). ok markus@
* - markus@cvs.openbsd.org 2001/08/28 09:51:26Ben Lindstrom2001-09-121-2/+3
| | | | | [readconf.c] don't set DynamicForward unless Host matches
* - (bal) Fixed stray code in readconf.c that went in by mistake.Ben Lindstrom2001-08-151-2/+2
|
* - markus@cvs.openbsd.org 2001/08/01 22:03:33Ben Lindstrom2001-08-061-4/+4
| | | | | | [authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c ssh-agent.c ssh.c] use strings instead of ints for smartcard reader ids
* - jakob@cvs.openbsd.org 2001/07/31 09:28:44Ben Lindstrom2001-08-061-2/+8
| | | | | | | [readconf.c readconf.h ssh.1 ssh.c] add 'SmartcardDevice' client option to specify which smartcard device is used to access a smartcard used for storing the user's private RSA key. ok markus@.