#
323134 |
|
02-Sep-2017 |
des |
MFH (r314306,r314720): Upgrade OpenSSH to 7.4p1.
|
#
323129 |
|
02-Sep-2017 |
des |
MFH (r314527,r314576,r314601,r317998): Upgrade OpenSSH to 7.3p1.
|
#
318402 |
|
17-May-2017 |
lidl |
MFC r318242: Refine and update blacklist support in sshd
Adjust notification points slightly to catch all auth failures, rather than just the ones caused by bad usernames. Modify notification point for bad usernames to send new type of BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.) Add guards to allow library headers to expose the enum of action values.
Reviewed by: des Relnotes: yes Sponsored by: The FreeBSD Foundation
|
#
314072 |
|
22-Feb-2017 |
lidl |
MFC r313965:
Only notify blacklistd for successful logins in auth.c
Before this change, every pass through auth.c resulted in a call to blacklist_notify().
In a normal remote login, there would be a failed login flagged for the printing of the "xxx login:" prompt, before the remote user could enter a password.
If the user successfully entered a good password, then a good login would be flagged, and everything would be OK.
If the user entered an incorrect password, there would be another failed login flagged in auth1.c (or auth2.c) for the actual bad password attempt. Finally, when sshd got around to issuing the second "xxx login:" prompt, there would be yet another failed login notice sent to blacklistd.
So, if there was a 3 bad logins limit set (the default), the system would actually block the address after the first bad password attempt.
Reported by: Rick Adams Reviewed by: des Sponsored by: The FreeBSD Foundation
|
#
305476 |
|
06-Sep-2016 |
lidl |
MFC r305065: Add refactored blacklist support to sshd
Change the calls to of blacklist_init() and blacklist_notify to be macros defined in the blacklist_client.h file. This avoids the need for #ifdef USE_BLACKLIST / #endif except in the blacklist.c file.
Remove redundent initialization attempts from within blacklist_notify - everything always goes through blacklistd_init().
Added UseBlacklist option to sshd, which defaults to off. To enable the functionality, use '-o UseBlacklist=yes' on the command line, or uncomment in the sshd_config file.
Approved by: des Sponsored by: The FreeBSD Foundation
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
302182 |
|
24-Jun-2016 |
gjb |
Revert r301551, which added blacklistd(8) to sshd(8).
This change has functional impact, and other concerns raised by the OpenSSH maintainer.
Requested by: des PR: 210479 (related) Approved by: re (marius) Sponsored by: The FreeBSD Foundation
|
#
301551 |
|
07-Jun-2016 |
lidl |
Add blacklist support to sshd
Reviewed by: rpaulo Approved by: rpaulo (earlier version of changes) Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5915
|
#
294496 |
|
21-Jan-2016 |
des |
Upgrade to OpenSSH 7.1p2.
|
#
294464 |
|
20-Jan-2016 |
des |
Upgrade to OpenSSH 7.0p1.
|
#
294336 |
|
19-Jan-2016 |
des |
Upgrade to OpenSSH 6.9p1.
|
#
294332 |
|
19-Jan-2016 |
des |
Upgrade to OpenSSH 6.8p1.
|
#
294328 |
|
19-Jan-2016 |
des |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported.
MFC after: 1 week
|
#
290672 |
|
11-Nov-2015 |
des |
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").
|
#
263691 |
|
24-Mar-2014 |
des |
Add a pre-merge script which reverts mechanical changes such as added $FreeBSD$ tags and man page dates.
Add a post-merge script which reapplies these changes.
Run both scripts to normalize the existing code base. As a result, many files which should have had $FreeBSD$ tags but didn't now have them.
Partly rewrite the upgrade instructions and remove the now outdated list of tricks.
|
#
255767 |
|
21-Sep-2013 |
des |
Upgrade to 6.3p1.
Approved by: re (gjb)
|
#
248619 |
|
22-Mar-2013 |
des |
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
|
#
240075 |
|
03-Sep-2012 |
des |
Upgrade OpenSSH to 6.1p1.
|
#
226046 |
|
05-Oct-2011 |
des |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
|
#
221420 |
|
04-May-2011 |
des |
Upgrade to OpenSSH 5.8p2.
|
#
215116 |
|
11-Nov-2010 |
des |
Upgrade to OpenSSH 5.6p1.
|
#
204917 |
|
09-Mar-2010 |
des |
Upgrade to OpenSSH 5.4p1.
MFC after: 1 month
|
#
192595 |
|
22-May-2009 |
des |
Upgrade to OpenSSH 5.2p1.
MFC after: 3 months
|
#
181111 |
|
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed.
MFC after: 6 weeks
|
#
181097 |
|
31-Jul-2008 |
des |
Consistently set svn:eol-style.
|
#
164149 |
|
10-Nov-2006 |
des |
Resolve conflicts.
|
#
162856 |
|
30-Sep-2006 |
des |
Merge conflicts.
MFC after: 1 week
|
#
149753 |
|
03-Sep-2005 |
des |
Resolve conflicts.
|
#
147005 |
|
05-Jun-2005 |
des |
Resolve conflicts.
|
#
137019 |
|
28-Oct-2004 |
des |
Resolve conflicts
|
#
126277 |
|
26-Feb-2004 |
des |
Resolve conflicts.
|
#
124211 |
|
07-Jan-2004 |
des |
Resolve conflicts and remove obsolete files.
Sponsored by: registrar.no
|
#
113911 |
|
23-Apr-2003 |
des |
Resolve conflicts.
|
#
106130 |
|
29-Oct-2002 |
des |
Resolve conflicts.
|
#
100838 |
|
28-Jul-2002 |
fanf |
Use login_getpwclass() instead of login_getclass() so that the root vs. default login class distinction is made correctly.
PR: 37416 Approved by: des MFC after: 4 days
|
#
98941 |
|
27-Jun-2002 |
des |
Forcibly revert to mainline.
|
#
98684 |
|
23-Jun-2002 |
des |
Resolve conflicts. Known issues:
- sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by default, in time for DP2.
Sponsored by: DARPA, NAI Labs
|
#
92559 |
|
18-Mar-2002 |
des |
Fix conflicts.
|
#
76262 |
|
04-May-2001 |
green |
Fix conflicts for OpenSSH 2.9.
|
#
69591 |
|
05-Dec-2000 |
green |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website.
Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
|
#
65674 |
|
10-Sep-2000 |
kris |
Resolve conflicts and update for OpenSSH 2.2.0
Reviewed by: gshapiro, peter, green
|
#
63249 |
|
16-Jul-2000 |
peter |
Forced commit. This is to try and help folks that used the international crypto repo and have slightly different files but with the same version. cvsup in 'checkout mode' has no trouble with this, but cvs can get really silly about it.
|
#
61212 |
|
03-Jun-2000 |
kris |
Resolve conflicts
|
#
60576 |
|
15-May-2000 |
kris |
Resolve conflicts and update for FreeBSD.
|
#
60574 |
|
15-May-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r60573, which included commits to RCS files with non-trunk default branches.
|
#
60573 |
|
15-May-2000 |
kris |
Initial import of OpenSSH v2.1.
|