| #
323134 |
|
02-Sep-2017 |
des |
MFH (r314306,r314720): Upgrade OpenSSH to 7.4p1.
|
| #
323129 |
|
02-Sep-2017 |
des |
MFH (r314527,r314576,r314601,r317998): Upgrade OpenSSH to 7.3p1.
|
| #
318402 |
|
17-May-2017 |
lidl |
MFC r318242: Refine and update blacklist support in sshd
Adjust notification points slightly to catch all auth failures, rather
than just the ones caused by bad usernames. Modify notification point
for bad usernames to send new type of BLACKLIST_BAD_USER. (Support in
libblacklist will be forthcoming soon.) Add guards to allow library
headers to expose the enum of action values.
Reviewed by: des
Relnotes: yes
Sponsored by: The FreeBSD Foundation
|
| #
314072 |
|
22-Feb-2017 |
lidl |
MFC r313965:
Only notify blacklistd for successful logins in auth.c
Before this change, every pass through auth.c resulted in a
call to blacklist_notify().
In a normal remote login, there would be a failed login flagged for
the printing of the "xxx login:" prompt, before the remote user
could enter a password.
If the user successfully entered a good password, then a good login
would be flagged, and everything would be OK.
If the user entered an incorrect password, there would be another
failed login flagged in auth1.c (or auth2.c) for the actual bad
password attempt. Finally, when sshd got around to issuing the
second "xxx login:" prompt, there would be yet another failed login
notice sent to blacklistd.
So, if there was a 3 bad logins limit set (the default), the system
would actually block the address after the first bad password attempt.
Reported by: Rick Adams
Reviewed by: des
Sponsored by: The FreeBSD Foundation
|
| #
305476 |
|
06-Sep-2016 |
lidl |
MFC r305065: Add refactored blacklist support to sshd
Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.
Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().
Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.
Approved by: des
Sponsored by: The FreeBSD Foundation
|
| #
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.
Additional commits post-branch will follow.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation |
| #
302182 |
|
24-Jun-2016 |
gjb |
Revert r301551, which added blacklistd(8) to sshd(8).
This change has functional impact, and other concerns raised
by the OpenSSH maintainer.
Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
|
| #
301551 |
|
07-Jun-2016 |
lidl |
Add blacklist support to sshd
Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915
|
| #
294496 |
|
21-Jan-2016 |
des |
Upgrade to OpenSSH 7.1p2.
|
| #
294464 |
|
20-Jan-2016 |
des |
Upgrade to OpenSSH 7.0p1.
|
| #
294336 |
|
19-Jan-2016 |
des |
Upgrade to OpenSSH 6.9p1.
|
| #
294332 |
|
19-Jan-2016 |
des |
Upgrade to OpenSSH 6.8p1.
|
| #
294328 |
|
19-Jan-2016 |
des |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.
MFC after: 1 week
|
| #
290672 |
|
11-Nov-2015 |
des |
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").
|
| #
263691 |
|
24-Mar-2014 |
des |
Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.
Add a post-merge script which reapplies these changes.
Run both scripts to normalize the existing code base. As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.
Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.
|
| #
255767 |
|
21-Sep-2013 |
des |
Upgrade to 6.3p1.
Approved by: re (gjb)
|
| #
248619 |
|
22-Mar-2013 |
des |
Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
|
| #
240075 |
|
03-Sep-2012 |
des |
Upgrade OpenSSH to 6.1p1.
|
| #
226046 |
|
05-Oct-2011 |
des |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
|
| #
221420 |
|
04-May-2011 |
des |
Upgrade to OpenSSH 5.8p2.
|
| #
215116 |
|
11-Nov-2010 |
des |
Upgrade to OpenSSH 5.6p1.
|
| #
204917 |
|
09-Mar-2010 |
des |
Upgrade to OpenSSH 5.4p1.
MFC after: 1 month
|
| #
192595 |
|
22-May-2009 |
des |
Upgrade to OpenSSH 5.2p1.
MFC after: 3 months
|
| #
181111 |
|
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
|
| #
181097 |
|
31-Jul-2008 |
des |
Consistently set svn:eol-style.
|
| #
164149 |
|
10-Nov-2006 |
des |
Resolve conflicts.
|
| #
162856 |
|
30-Sep-2006 |
des |
Merge conflicts.
MFC after: 1 week
|
| #
149753 |
|
03-Sep-2005 |
des |
Resolve conflicts.
|
| #
147005 |
|
05-Jun-2005 |
des |
Resolve conflicts.
|
| #
137019 |
|
28-Oct-2004 |
des |
Resolve conflicts
|
| #
126277 |
|
26-Feb-2004 |
des |
Resolve conflicts.
|
| #
124211 |
|
07-Jan-2004 |
des |
Resolve conflicts and remove obsolete files.
Sponsored by: registrar.no
|
| #
113911 |
|
23-Apr-2003 |
des |
Resolve conflicts.
|
| #
106130 |
|
29-Oct-2002 |
des |
Resolve conflicts.
|
| #
100838 |
|
28-Jul-2002 |
fanf |
Use login_getpwclass() instead of login_getclass() so that the root
vs. default login class distinction is made correctly.
PR: 37416
Approved by: des
MFC after: 4 days
|
| #
98941 |
|
27-Jun-2002 |
des |
Forcibly revert to mainline.
|
| #
98684 |
|
23-Jun-2002 |
des |
Resolve conflicts. Known issues:
- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.
Sponsored by: DARPA, NAI Labs
|
| #
92559 |
|
18-Mar-2002 |
des |
Fix conflicts.
|
| #
76262 |
|
04-May-2001 |
green |
Fix conflicts for OpenSSH 2.9.
|
| #
69591 |
|
05-Dec-2000 |
green |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.
Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
|
| #
65674 |
|
10-Sep-2000 |
kris |
Resolve conflicts and update for OpenSSH 2.2.0
Reviewed by: gshapiro, peter, green
|
| #
63249 |
|
16-Jul-2000 |
peter |
Forced commit. This is to try and help folks that used the international
crypto repo and have slightly different files but with the same version.
cvsup in 'checkout mode' has no trouble with this, but cvs can get really
silly about it.
|
| #
61212 |
|
03-Jun-2000 |
kris |
Resolve conflicts
|
| #
60576 |
|
15-May-2000 |
kris |
Resolve conflicts and update for FreeBSD.
|
| #
60574 |
|
15-May-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r60573,
which included commits to RCS files with non-trunk default branches.
|
| #
60573 |
|
15-May-2000 |
kris |
Initial import of OpenSSH v2.1.
|