Commit Graph

4711 Commits

Author SHA1 Message Date
Damien Miller
bd4e410817 - (djm) [configure.ac] Fix linux/if_tun.h test 2006-01-01 21:03:30 +11:00
Damien Miller
2dcddbfaf6 - (djm) [Makefile.in configure.ac includes.h misc.c]
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
         for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
         limited to IPv4 tunnels only, and most versions don't support the
         tap(4) device at all.
2006-01-01 19:47:05 +11:00
Damien Miller
c4bcc91751 - (djm) [configure.ac] oops, make that linux/if_tun.h 2005-12-31 17:05:58 +11:00
Damien Miller
89e03bae5c - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does
not exist
2005-12-31 16:42:03 +11:00
Damien Miller
598bbc2d8f - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
[serverloop.c ssh.c openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
   compatability support for Linux, diff from reyk@
2005-12-31 16:33:36 +11:00
Damien Miller
88b25524b8 - stevesk@cvs.openbsd.org 2005/12/31 01:38:45
[ssh.1]
     document -MM; ok djm@
2005-12-31 16:23:15 +11:00
Damien Miller
134eb81383 - jmc@cvs.openbsd.org 2005/12/30 16:59:00
[sftp.1]
     do not suggest that interactive authentication will work
     with the -b flag;
     based on a diff from john l. scarfone;
     ok djm
2005-12-31 16:22:55 +11:00
Damien Miller
077b23864f - reyk@cvs.openbsd.org 2005/12/30 15:56:37
[channels.c channels.h clientloop.c]
     add channel output filter interface.
     ok djm@, suggested by markus@
2005-12-31 16:22:32 +11:00
Damien Miller
5eb137c6d1 - (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2005/12/28 22:46:06
     [canohost.c channels.c clientloop.c]
     use 'break-in' for consistency; ok deraadt@ ok and input jmc@
2005-12-31 16:19:53 +11:00
Tim Rice
8db70e2398 (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd 2005-12-28 14:28:08 -08:00
Damien Miller
7bff1a9b5e - djm@cvs.openbsd.org 2005/12/24 02:27:41
[session.c sshd.c]
     eliminate some code duplicated in privsep and non-privsep paths, and
     explicitly clear SIGALRM handler; "groovy" deraadt@
2005-12-24 14:59:12 +11:00
Damien Miller
3597821046 - jmc@cvs.openbsd.org 2005/12/23 23:46:23
[ssh.1]
     less mark up for -c;
2005-12-24 14:56:47 +11:00
Damien Miller
2142ba0769 - jmc@cvs.openbsd.org 2005/12/23 14:55:53
[ssh.1]
     - sync the description of -e w/ synopsis
     - simplify the description of -I
     - note that -I is only available if support compiled in, and that it
     isn't by default
     feedback/ok djm@
2005-12-24 14:56:29 +11:00
Damien Miller
cf1e342c6c - jmc@cvs.openbsd.org 2005/12/22 11:23:42
[ssh.1]
     expand the description of -w somewhat;
     help/ok reyk
2005-12-24 14:56:04 +11:00
Damien Miller
e8cd741929 - jmc@cvs.openbsd.org 2005/12/22 10:31:40
[ssh_config.5]
     put the description of "UsePrivilegedPort" in the correct place;
2005-12-24 14:55:47 +11:00
Damien Miller
d7f308f6d8 - stevesk@cvs.openbsd.org 2005/12/21 22:44:26
[sshd.8]
     clarify precedence of -p, Port, ListenAddress; ok and help jmc@
2005-12-24 14:55:16 +11:00
Damien Miller
1530f2431c - jmc@cvs.openbsd.org 2005/12/21 12:53:31
[ssh.1]
     -Y does X11 forwarding too;
     ok markus
2005-12-24 14:54:03 +11:00
Damien Miller
9a765b22b7 - jmc@cvs.openbsd.org 2005/12/21 11:57:25
[ssh.1]
     options now described `above', rather than `later';
2005-12-24 14:53:44 +11:00
Damien Miller
329cb01638 - jmc@cvs.openbsd.org 2005/12/21 11:48:16
[ssh.1]
     -L and -R descriptions are now above, not below, ~C description;
2005-12-24 14:53:23 +11:00
Damien Miller
e9b333a544 - jmc@cvs.openbsd.org 2005/12/20 22:09:41
[ssh.1]
     move info on ssh return values and config files up into the main
     description;
2005-12-24 14:53:04 +11:00
Damien Miller
52d2061ab0 - jmc@cvs.openbsd.org 2005/12/20 22:02:50
[ssh.1]
     .Ss -> .Sh: subsections have not made this page more readable
2005-12-24 14:52:36 +11:00
Damien Miller
c93a813802 - jmc@cvs.openbsd.org 2005/12/20 21:59:43
[ssh.1]
     merge the sections on protocols 1 and 2 into one section on
     authentication;
     feedback djm dtucker
     ok deraadt markus dtucker
2005-12-24 14:52:13 +11:00
Darren Tucker
e9a9b71c6b - dtucker@cvs.openbsd.org 2005/12/20 04:41:07
[ssh.c]
     exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
2005-12-20 16:15:51 +11:00
Darren Tucker
7eba820ca7 - stevesk@cvs.openbsd.org 2005/12/17 21:36:42
[ssh_config.5]
     spelling: intented -> intended
2005-12-20 16:15:14 +11:00
Darren Tucker
635518705a - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
[ssh_config.5 session.c]
     spelling: fowarding, fowarded
2005-12-20 16:14:15 +11:00
Darren Tucker
5652924ad9 missed changelog entry 2005-12-20 16:12:24 +11:00
Darren Tucker
5434cfe368 - jmc@cvs.openbsd.org 2005/12/16 18:14:40
[ssh.1]
     signpost the protocol sections;
2005-12-20 16:11:35 +11:00
Darren Tucker
ff9f484f45 - jmc@cvs.openbsd.org 2005/12/16 18:12:22
[ssh.1]
     make the description of -c a little nicer;
2005-12-20 16:10:45 +11:00
Darren Tucker
b18c867c9d - jmc@cvs.openbsd.org 2005/12/16 18:08:53
[ssh.1]
     simplify a sentence;
2005-12-20 16:10:09 +11:00
Darren Tucker
d3877b995a - jmc@cvs.openbsd.org 2005/12/16 18:07:08
[ssh.1]
     move the option descriptions up the page: start of a restructure;
     ok markus deraadt
2005-12-20 16:09:36 +11:00
Darren Tucker
0d0e8f0173 - (dtucker) OpenBSD CVS Sync
- reyk@cvs.openbsd.org 2005/12/13 15:03:02
     [serverloop.c]
     if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
2005-12-20 16:08:42 +11:00
Darren Tucker
129d0bb6a6 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
openbsd-compat/openssl-compat.h] Check for and work around broken AES
   ciphers >128bit on (some) Solaris 10 systems.  ok djm@
2005-12-19 17:40:40 +11:00
Darren Tucker
d40c66cf3f - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our
snprintf replacement can have a conflicting declaration in HP-UX's system
   headers (const vs. no const) so we now check for and work around it.  Patch
   from the dynamic duo of David Leonard and Ted Percival.
2005-12-17 22:32:03 +11:00
Darren Tucker
98cfc4ce9d - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
scp.c also uses, so undef them here.
2005-12-17 22:04:08 +11:00
Darren Tucker
3154358d66 - dtucker@cvs.openbsd.org 2005/12/30 04:36:39
[regress/scp-ssh-wrapper.sh]
     Fix assumption about how many args scp will pass; ok djm@
2005-12-14 15:39:20 +11:00
Damien Miller
62a31c9fd0 - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
again by providing a sys_tun_open() function for your platform and
   setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
   OpenBSD's tunnel protocol, which prepends the address family to the
   packet
2005-12-13 20:44:13 +11:00
Damien Miller
d47c62a714 - markus@cvs.openbsd.org 2005/12/12 13:46:18
[channels.c channels.h session.c]
     make sure protocol messages for internal channels are ignored.
     allow adjust messages for non-open channels; with and ok djm@
2005-12-13 19:33:57 +11:00
Damien Miller
7746c391b1 - jmc@cvs.openbsd.org 2005/12/08 21:37:50
[ssh_config.5]
     new sentence, new line;
2005-12-13 19:33:37 +11:00
Damien Miller
7b58e80036 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
     [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
     two changes to the new ssh tunnel support. this breaks compatibility
     with the initial commit but is required for a portable approach.
     - make the tunnel id u_int and platform friendly, use predefined types.
     - support configuration of layer 2 (ethernet) or layer 3
     (point-to-point, default) modes. configuration is done using the
     Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
     restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
     in sshd_config(5).
     ok djm@, man page bits by jmc@
2005-12-13 19:33:19 +11:00
Damien Miller
957d4e430e - jmc@cvs.openbsd.org 2005/12/08 15:06:29
[ssh_config.5]
     keep options in order;
2005-12-13 19:30:45 +11:00
Damien Miller
4b2319fb85 - jmc@cvs.openbsd.org 2005/12/08 14:59:44
[ssh.1 ssh_config.5]
     make `!command' a little clearer;
     ok reyk
2005-12-13 19:30:27 +11:00
Damien Miller
f0c8c15322 - jmc@cvs.openbsd.org 2005/12/07 10:52:13
[ssh.1]
     - avoid line split in SYNOPSIS
     - add args to -w
     - kill trailing whitespace
2005-12-13 19:29:58 +11:00
Damien Miller
aeb31d6120 - djm@cvs.openbsd.org 2005/12/07 03:52:22
[clientloop.c]
     reyk forgot to compile with -Werror (missing header)
2005-12-13 19:29:36 +11:00
Damien Miller
d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Damien Miller
6dbdb6afee - jmc@cvs.openbsd.org 2005/11/30 11:45:20
[ssh.1]
     avoid ambiguities in describing TZ;
     ok djm@
2005-12-13 19:25:43 +11:00
Damien Miller
c94ebbc723 - (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2005/11/30 11:18:27
     [ssh.1]
     timezone -> time zone
2005-12-13 19:25:21 +11:00
Darren Tucker
1bbbf24f4c Bump release note URL 2005-12-01 22:21:04 +11:00
Damien Miller
7677be5d6c - (djm) [envpass.sh] Remove regress script that was accidentally committed
in top level directory and not noticed for over a year :)
2005-12-01 12:51:59 +11:00
Tim Rice
46259d86a2 - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
for UnixWare.
2005-11-28 18:40:34 -08:00
Darren Tucker
3af2ac56a2 - dtucker@cvs.openbsd.org 2005/11/29 02:04:55
[ssh-keygen.c]
     Populate default key sizes before checking them; from & ok tim@
2005-11-29 13:10:24 +11:00