| #
362908 |
|
03-Jul-2020 |
delphij |
MFC r362642: Don't log normal login_getpwclass(3) result.
|
| #
323136 |
|
02-Sep-2017 |
des |
MFH (r322052): Upgrade OpenSSH to 7.5p1.
|
| #
323129 |
|
02-Sep-2017 |
des |
MFH (r314527,r314576,r314601,r317998): Upgrade OpenSSH to 7.3p1.
|
| #
318402 |
|
17-May-2017 |
lidl |
MFC r318242: Refine and update blacklist support in sshd
Adjust notification points slightly to catch all auth failures, rather
than just the ones caused by bad usernames. Modify notification point
for bad usernames to send new type of BLACKLIST_BAD_USER. (Support in
libblacklist will be forthcoming soon.) Add guards to allow library
headers to expose the enum of action values.
Reviewed by: des
Relnotes: yes
Sponsored by: The FreeBSD Foundation
|
| #
305476 |
|
06-Sep-2016 |
lidl |
MFC r305065: Add refactored blacklist support to sshd
Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.
Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().
Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.
Approved by: des
Sponsored by: The FreeBSD Foundation
|
| #
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.
Additional commits post-branch will follow.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation |
| #
302182 |
|
24-Jun-2016 |
gjb |
Revert r301551, which added blacklistd(8) to sshd(8).
This change has functional impact, and other concerns raised
by the OpenSSH maintainer.
Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
|
| #
301551 |
|
07-Jun-2016 |
lidl |
Add blacklist support to sshd
Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915
|
| #
294332 |
|
19-Jan-2016 |
des |
Upgrade to OpenSSH 6.8p1.
|
| #
294328 |
|
19-Jan-2016 |
des |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.
MFC after: 1 week
|
| #
290672 |
|
11-Nov-2015 |
des |
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").
|
| #
263712 |
|
25-Mar-2014 |
des |
Upgrade to OpenSSH 6.6p1.
|
| #
263691 |
|
24-Mar-2014 |
des |
Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.
Add a post-merge script which reapplies these changes.
Run both scripts to normalize the existing code base. As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.
Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.
|
| #
255767 |
|
21-Sep-2013 |
des |
Upgrade to 6.3p1.
Approved by: re (gjb)
|
| #
248619 |
|
22-Mar-2013 |
des |
Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
|
| #
240075 |
|
03-Sep-2012 |
des |
Upgrade OpenSSH to 6.1p1.
|
| #
231584 |
|
13-Feb-2012 |
ed |
Polish diff against upstream.
- Revert unneeded whitespace changes.
- Revert modifications to loginrec.c, as the upstream version already
does the right thing.
- Fix indentation and whitespace of local changes.
Approved by: des
MFC after: 1 month
|
| #
226046 |
|
05-Oct-2011 |
des |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
|
| #
221420 |
|
04-May-2011 |
des |
Upgrade to OpenSSH 5.8p2.
|
| #
197679 |
|
01-Oct-2009 |
des |
Upgrade to OpenSSH 5.3p1.
|
| #
192595 |
|
22-May-2009 |
des |
Upgrade to OpenSSH 5.2p1.
MFC after: 3 months
|
| #
181111 |
|
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
|
| #
181097 |
|
31-Jul-2008 |
des |
Consistently set svn:eol-style.
|
| #
162856 |
|
30-Sep-2006 |
des |
Merge conflicts.
MFC after: 1 week
|
| #
157019 |
|
22-Mar-2006 |
des |
Merge conflicts.
|
| #
149753 |
|
03-Sep-2005 |
des |
Resolve conflicts.
|
| #
147005 |
|
05-Jun-2005 |
des |
Resolve conflicts.
|
| #
137019 |
|
28-Oct-2004 |
des |
Resolve conflicts
|
| #
128460 |
|
20-Apr-2004 |
des |
Resolve conflicts.
|
| #
126277 |
|
26-Feb-2004 |
des |
Resolve conflicts.
|
| #
124211 |
|
07-Jan-2004 |
des |
Resolve conflicts and remove obsolete files.
Sponsored by: registrar.no
|
| #
113911 |
|
23-Apr-2003 |
des |
Resolve conflicts.
|
| #
107860 |
|
14-Dec-2002 |
des |
Add a missing #include "canohost.h".
|
| #
106130 |
|
29-Oct-2002 |
des |
Resolve conflicts.
|
| #
99053 |
|
29-Jun-2002 |
des |
Apply class-imposed login restrictions.
Sponsored by: DARPA, NAI Labs
|
| #
98941 |
|
27-Jun-2002 |
des |
Forcibly revert to mainline.
|
| #
98684 |
|
23-Jun-2002 |
des |
Resolve conflicts. Known issues:
- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.
Sponsored by: DARPA, NAI Labs
|
| #
93221 |
|
26-Mar-2002 |
ru |
Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation. Reduces diffs to OpenSSH.)
Reviewed by: bde
|
| #
92559 |
|
18-Mar-2002 |
des |
Fix conflicts.
|
| #
92402 |
|
16-Mar-2002 |
des |
Diff reduction.
Sponsored by: DARPA, NAI Labs
|
| #
76262 |
|
04-May-2001 |
green |
Fix conflicts for OpenSSH 2.9.
|
| #
74278 |
|
15-Mar-2001 |
green |
Don't dump core when an attempt is made to login using protocol 2 with
an invalid user name.
|
| #
73400 |
|
04-Mar-2001 |
assar |
Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>
PR: misc/20504
|
| #
69673 |
|
06-Dec-2000 |
green |
The PAM support for our OpenSSH is sponsored by Enitel ASA.
PAM support by: Eivind Eklund <eivind@FreeBSD.org>
|
| #
69591 |
|
05-Dec-2000 |
green |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.
Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
|
| #
68704 |
|
14-Nov-2000 |
green |
Add login_cap and login_access support. Previously, these FreeBSD-local
checks were only made when using the 1.x protocol.
|
| #
65674 |
|
10-Sep-2000 |
kris |
Resolve conflicts and update for OpenSSH 2.2.0
Reviewed by: gshapiro, peter, green
|
| #
63249 |
|
16-Jul-2000 |
peter |
Forced commit. This is to try and help folks that used the international
crypto repo and have slightly different files but with the same version.
cvsup in 'checkout mode' has no trouble with this, but cvs can get really
silly about it.
|
| #
62179 |
|
27-Jun-2000 |
green |
So /this/ is what has made OpenSSH's SSHv2 support never work right!
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.
|
| #
60576 |
|
15-May-2000 |
kris |
Resolve conflicts and update for FreeBSD.
|
| #
60574 |
|
15-May-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r60573,
which included commits to RCS files with non-trunk default branches.
|
| #
60573 |
|
15-May-2000 |
kris |
Initial import of OpenSSH v2.1.
|