/dragonfly/crypto/openssh/ |
H A D | ssh-sandbox.h | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | moduli.5 | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | sandbox-rlimit.c | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | README.DELETED | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | PROTOCOL.mux | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | ssh-pkcs11-helper.c | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | mux.c | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | authfile.h | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | log.c | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | log.h | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | mac.c | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | monitor.h | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | pathnames.h | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | entropy.c | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | clientloop.h | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | sshd_config | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | ssh.1 | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | ssh_config.5 | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | myproposal.h | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | ssh-keygen.1 | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | sshd_config.5 | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | authfd.c | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | ssh-add.c | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | auth2-pubkey.c | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|
H A D | auth2.c | 1c188a7f Tue Sep 20 22:19:10 GMT 2011 Peter Avalos <pavalos@dragonflybsd.org> Import OpenSSH-5.9p1.
* Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child from forking or opening new network connections.
* Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8)
* The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
* ssh(1) now warns when a server refuses X11 forwarding
* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). bz#1855
* ssh_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
* ssh_config(5) "Host" options now support negated Host matching, e.g.
Host *.example.org !c.example.org User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
* ssh_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
* sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244
* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialization scripts.
* ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ..."
* ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key"
* ssh-keysign(8) now signs hostbased authentication challenges correctly using ECDSA keys; bz#1858
* sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6); bz#1847a
* ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close; bz#1883 and bz#1911
* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892 1900 1905 1913
|