#
362908 |
|
03-Jul-2020 |
delphij |
MFC r362642: Don't log normal login_getpwclass(3) result.
|
#
323136 |
|
02-Sep-2017 |
des |
MFH (r322052): Upgrade OpenSSH to 7.5p1.
|
#
323129 |
|
02-Sep-2017 |
des |
MFH (r314527,r314576,r314601,r317998): Upgrade OpenSSH to 7.3p1.
|
#
318402 |
|
17-May-2017 |
lidl |
MFC r318242: Refine and update blacklist support in sshd
Adjust notification points slightly to catch all auth failures, rather than just the ones caused by bad usernames. Modify notification point for bad usernames to send new type of BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.) Add guards to allow library headers to expose the enum of action values.
Reviewed by: des Relnotes: yes Sponsored by: The FreeBSD Foundation
|
#
305476 |
|
06-Sep-2016 |
lidl |
MFC r305065: Add refactored blacklist support to sshd
Change the calls to of blacklist_init() and blacklist_notify to be macros defined in the blacklist_client.h file. This avoids the need for #ifdef USE_BLACKLIST / #endif except in the blacklist.c file.
Remove redundent initialization attempts from within blacklist_notify - everything always goes through blacklistd_init().
Added UseBlacklist option to sshd, which defaults to off. To enable the functionality, use '-o UseBlacklist=yes' on the command line, or uncomment in the sshd_config file.
Approved by: des Sponsored by: The FreeBSD Foundation
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
302182 |
|
24-Jun-2016 |
gjb |
Revert r301551, which added blacklistd(8) to sshd(8).
This change has functional impact, and other concerns raised by the OpenSSH maintainer.
Requested by: des PR: 210479 (related) Approved by: re (marius) Sponsored by: The FreeBSD Foundation
|
#
301551 |
|
07-Jun-2016 |
lidl |
Add blacklist support to sshd
Reviewed by: rpaulo Approved by: rpaulo (earlier version of changes) Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5915
|
#
294332 |
|
19-Jan-2016 |
des |
Upgrade to OpenSSH 6.8p1.
|
#
294328 |
|
19-Jan-2016 |
des |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported.
MFC after: 1 week
|
#
290672 |
|
11-Nov-2015 |
des |
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").
|
#
263712 |
|
25-Mar-2014 |
des |
Upgrade to OpenSSH 6.6p1.
|
#
263691 |
|
24-Mar-2014 |
des |
Add a pre-merge script which reverts mechanical changes such as added $FreeBSD$ tags and man page dates.
Add a post-merge script which reapplies these changes.
Run both scripts to normalize the existing code base. As a result, many files which should have had $FreeBSD$ tags but didn't now have them.
Partly rewrite the upgrade instructions and remove the now outdated list of tricks.
|
#
255767 |
|
21-Sep-2013 |
des |
Upgrade to 6.3p1.
Approved by: re (gjb)
|
#
248619 |
|
22-Mar-2013 |
des |
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
|
#
240075 |
|
03-Sep-2012 |
des |
Upgrade OpenSSH to 6.1p1.
|
#
231584 |
|
13-Feb-2012 |
ed |
Polish diff against upstream.
- Revert unneeded whitespace changes. - Revert modifications to loginrec.c, as the upstream version already does the right thing. - Fix indentation and whitespace of local changes.
Approved by: des MFC after: 1 month
|
#
226046 |
|
05-Oct-2011 |
des |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
|
#
221420 |
|
04-May-2011 |
des |
Upgrade to OpenSSH 5.8p2.
|
#
197679 |
|
01-Oct-2009 |
des |
Upgrade to OpenSSH 5.3p1.
|
#
192595 |
|
22-May-2009 |
des |
Upgrade to OpenSSH 5.2p1.
MFC after: 3 months
|
#
181111 |
|
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed.
MFC after: 6 weeks
|
#
181097 |
|
31-Jul-2008 |
des |
Consistently set svn:eol-style.
|
#
162856 |
|
30-Sep-2006 |
des |
Merge conflicts.
MFC after: 1 week
|
#
157019 |
|
22-Mar-2006 |
des |
Merge conflicts.
|
#
149753 |
|
03-Sep-2005 |
des |
Resolve conflicts.
|
#
147005 |
|
05-Jun-2005 |
des |
Resolve conflicts.
|
#
137019 |
|
28-Oct-2004 |
des |
Resolve conflicts
|
#
128460 |
|
20-Apr-2004 |
des |
Resolve conflicts.
|
#
126277 |
|
26-Feb-2004 |
des |
Resolve conflicts.
|
#
124211 |
|
07-Jan-2004 |
des |
Resolve conflicts and remove obsolete files.
Sponsored by: registrar.no
|
#
113911 |
|
23-Apr-2003 |
des |
Resolve conflicts.
|
#
107860 |
|
14-Dec-2002 |
des |
Add a missing #include "canohost.h".
|
#
106130 |
|
29-Oct-2002 |
des |
Resolve conflicts.
|
#
99053 |
|
29-Jun-2002 |
des |
Apply class-imposed login restrictions.
Sponsored by: DARPA, NAI Labs
|
#
98941 |
|
27-Jun-2002 |
des |
Forcibly revert to mainline.
|
#
98684 |
|
23-Jun-2002 |
des |
Resolve conflicts. Known issues:
- sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by default, in time for DP2.
Sponsored by: DARPA, NAI Labs
|
#
93221 |
|
26-Mar-2002 |
ru |
Switch over to using pam_login_access(8) module in sshd(8). (Fixes static compilation. Reduces diffs to OpenSSH.)
Reviewed by: bde
|
#
92559 |
|
18-Mar-2002 |
des |
Fix conflicts.
|
#
92402 |
|
16-Mar-2002 |
des |
Diff reduction.
Sponsored by: DARPA, NAI Labs
|
#
76262 |
|
04-May-2001 |
green |
Fix conflicts for OpenSSH 2.9.
|
#
74278 |
|
15-Mar-2001 |
green |
Don't dump core when an attempt is made to login using protocol 2 with an invalid user name.
|
#
73400 |
|
04-Mar-2001 |
assar |
Add code for being compatible with ssh.com's krb5 authentication. It is done by using the same ssh messages for v4 and v5 authentication (since the ssh.com does not now anything about v4) and looking at the contents after unpacking it to see if it is v4 or v5. Based on code from Björn Grönvall <bg@sics.se>
PR: misc/20504
|
#
69673 |
|
06-Dec-2000 |
green |
The PAM support for our OpenSSH is sponsored by Enitel ASA.
PAM support by: Eivind Eklund <eivind@FreeBSD.org>
|
#
69591 |
|
05-Dec-2000 |
green |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website.
Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
|
#
68704 |
|
14-Nov-2000 |
green |
Add login_cap and login_access support. Previously, these FreeBSD-local checks were only made when using the 1.x protocol.
|
#
65674 |
|
10-Sep-2000 |
kris |
Resolve conflicts and update for OpenSSH 2.2.0
Reviewed by: gshapiro, peter, green
|
#
63249 |
|
16-Jul-2000 |
peter |
Forced commit. This is to try and help folks that used the international crypto repo and have slightly different files but with the same version. cvsup in 'checkout mode' has no trouble with this, but cvs can get really silly about it.
|
#
62179 |
|
27-Jun-2000 |
green |
So /this/ is what has made OpenSSH's SSHv2 support never work right! In some cases, limits did not get set to the proper class, but instead always to "default", because not all passwd copies were done to completion.
|
#
60576 |
|
15-May-2000 |
kris |
Resolve conflicts and update for FreeBSD.
|
#
60574 |
|
15-May-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r60573, which included commits to RCS files with non-trunk default branches.
|
#
60573 |
|
15-May-2000 |
kris |
Initial import of OpenSSH v2.1.
|