#
6d13e39a |
| 08-May-2008 |
djm <djm@openbsd.org> |
Make the maximum number of sessions run-time controllable via a sshd_config MaxSessions knob. This is useful for disabling login/shell/subsystem access while leaving port-forwarding working (MaxSessi
Make the maximum number of sessions run-time controllable via a sshd_config MaxSessions knob. This is useful for disabling login/shell/subsystem access while leaving port-forwarding working (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or simply increasing the number of allows multiplexed sessions.
Because some bozos are sure to configure MaxSessions in excess of the number of available file descriptors in sshd (which, at peak, might be as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds on error paths, and make it fail gracefully on out-of-fd conditions - sending channel errors instead of than exiting with fatal().
bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
ok markus@
show more ...
|
#
92543ec8 |
| 07-May-2008 |
pyr <pyr@openbsd.org> |
push the sshd_config bits in, spotted by ajacoutot@
|
#
d5a37c29 |
| 08-Feb-2008 |
djm <djm@openbsd.org> |
add sshd_config ChrootDirectory option to chroot(2) users to a directory and tweak internal sftp server to work with it (no special files in chroot required). ok markus@
|
#
e43cb4b6 |
| 23-Aug-2007 |
djm <djm@openbsd.org> |
Support "Banner=none" to disable displaying of the pre-login banner; ok dtucker@ deraadt@
|
#
dbfcc0f3 |
| 19-Mar-2007 |
djm <djm@openbsd.org> |
Disable the legacy SSH protocol 1 for new installations via a configuration override. In the future, we will change the server's default itself so users who need the legacy protocol will need to turn
Disable the legacy SSH protocol 1 for new installations via a configuration override. In the future, we will change the server's default itself so users who need the legacy protocol will need to turn it on explicitly
show more ...
|
#
fd1ba1e0 |
| 19-Jul-2006 |
dtucker <dtucker@openbsd.org> |
Add ForceCommand keyword to sshd_config, equivalent to the "command=" key option, man page entry and example in sshd_config. Feedback & ok djm@, man page corrections & ok jmc@
|
#
a7fea580 |
| 06-Dec-2005 |
reyk <reyk@openbsd.org> |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections,
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
show more ...
|
#
b24e4443 |
| 25-Jul-2005 |
markus <markus@openbsd.org> |
add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd.
this breaks older openssh clients (< 3.5) if they i
add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd.
this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
show more ...
|
#
ba706949 |
| 19-May-2005 |
djm <djm@openbsd.org> |
whitespace nit, from grunk AT pestilenz.org
|
#
44e4b552 |
| 23-Dec-2004 |
djm <djm@openbsd.org> |
bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz ok deraadt@
|
#
7b76b7cc |
| 23-May-2004 |
dtucker <dtucker@openbsd.org> |
Add MaxAuthTries sshd config option; ok markus@
|
#
4f920f5c |
| 29-Dec-2003 |
millert <millert@openbsd.org> |
KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
|
#
ae9a8f8e |
| 23-Dec-2003 |
jakob <jakob@openbsd.org> |
implement KerberosGetAFSToken server option. ok markus@, beck@
|
#
5eab2c80 |
| 29-Sep-2003 |
markus <markus@openbsd.org> |
GSSAPICleanupCreds -> GSSAPICleanupCredentials
|
#
343f923b |
| 28-Aug-2003 |
markus <markus@openbsd.org> |
remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
|
#
c9017d5d |
| 22-Aug-2003 |
markus <markus@openbsd.org> |
support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
|
#
261c4a3e |
| 13-Aug-2003 |
markus <markus@openbsd.org> |
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others
|
#
26949d71 |
| 23-Jul-2003 |
markus <markus@openbsd.org> |
remove AFS; itojun@
|
#
ad436a83 |
| 20-Jun-2003 |
djm <djm@openbsd.org> |
sync some implemented options; ok markus@
|
#
6338240c |
| 02-Jun-2003 |
markus <markus@openbsd.org> |
deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyRev
deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
show more ...
|
#
f534884a |
| 25-Sep-2002 |
markus <markus@openbsd.org> |
sync LoginGraceTime with default
|
#
fb52b80f |
| 21-Aug-2002 |
stevesk <stevesk@openbsd.org> |
change LoginGraceTime default to 1 minute; ok mouring@ markus@
|
#
47ca1b5e |
| 30-Jul-2002 |
markus <markus@openbsd.org> |
add PermitUserEnvironment (off by default!); from dot@dotat.at; ok provos, deraadt
|
#
b6b9f503 |
| 20-Jun-2002 |
markus <markus@openbsd.org> |
add Compression
|
#
758b9712 |
| 20-Jun-2002 |
stevesk <stevesk@openbsd.org> |
refer to config file man page
|