 Ralf S. Engelschall
|
2ff596cbd0
fix FSL matching
|
24 年 前 |
 Michael Schloh von Bennewitz
|
f4c7099877
Added fsl logic to buildconf, and removed fakesyslog inclusion.
|
24 年 前 |
|
Ralf S. Engelschall
|
14276946e2
Woohhooo: apply the new package classification system. (CORE, BASE, PLUS, PRIV, EVAL, JUNK). A description of them follows on the website soon.
|
24 年 前 |
|
Michael Schloh von Bennewitz
|
a5052fd9a1
Converge packages openssh and scanssh to the same category.
|
24 年 前 |
|
Ralf S. Engelschall
|
bd832a4bd0
add quaterly brain-dead chroot support (dedicated to Thomas Rohde)
|
24 年 前 |
|
Ralf S. Engelschall
|
ea86d8d783
1. "ssh-keysign" has to be setuid root in order to allow "ssh" (which is not setuid root) to read the host keys (which are readable only by root) in SSH2 host based authentication. 2. use an empty subdir for the priviledge separation and make only this one owned by root (as required by Linux)
|
24 年 前 |
|
Ralf S. Engelschall
|
5a5f47a9d7
After longer thinking and comparing what FreeBSD and NetBSD did, finally revert to the old state by kicking out the UsePrivilegeSeparation and Compression default value guessing because: 1. we are predestined to fail in general because we cannot do it correctly by just looking at the platform id. 2. UsePrivilegeSeparation is nice from a paranoid security point of view but OTOH really is too brand-new and internally limits or even breaks the OpenSSH functionality too dramatically. People who are paranoid enough and can live with this can feel free to change the "no" to a "yes" in their sshd_config easily. 3. it is nasty to have a package "openssh" shipping with totally different default configuration (using "UsePrivilegeSeparation yes" makes a large difference under run-time!) on different platforms. This is nasty and we really want a single default config independent of a platform. So, unless "UsePrivilegeSeparation yes" works equally on all our plaforms and without such dramatical restrictions (Compression, PAM, etc) and internal brokeness we will stay with the _default_ config of "UsePrivilegeSeparation no". Once Privilege Separation is really ready for a global deployment, we are happy to enable it by default again.
|
24 年 前 |
|
Christoph Schug
|
c90c4fed9d
sshd will not start up if var directory does not belong to root
|
24 年 前 |
|
Ralf S. Engelschall
|
e2fe66c48a
upgrading package: openssh 3.3p1 -> 3.4p1
|
24 年 前 |
|
Ralf S. Engelschall
|
a0d8a24c1d
fix run-time under the new "privilege separation" world order
|
24 年 前 |
|
Ralf S. Engelschall
|
1044fa3efd
upgrading package: openssh 3.2.3p1 -> 3.3p1
|
24 年 前 |
|
Ralf S. Engelschall
|
7e66136f24
remove -lcrypt and do not unpack twice
|
24 年 前 |
|
Ralf S. Engelschall
|
53519f2c84
enhance fakesyslog for Tru64 compatibility
|
24 年 前 |
|
Ralf S. Engelschall
|
9752b1edbe
- create SSHv2 RSA in addition to SSHv1 RSA server key - generate server keys with 2048 bits instead of 1024 - create ~/.ssh/agent file with mode 600 instead of mode 700 - cleanup ssh_config and sshd_config files - default to "Protocol 2,1" in server and "Protocol 1,2" in client
|
24 年 前 |
|
Ralf S. Engelschall
|
d9746ff4e0
strip trailing whitespaces
|
24 年 前 |
 Thomas Lotterer
|
ade86a6bec
upgrading package: openssh 3.2.2p1 -> 3.2.3p1
|
24 年 前 |
|
Ralf S. Engelschall
|
ed001c8c8d
"uselogin" does not work on Solaris and prevents the use of X11 Forwarding on other platforms like FreeBSD. So get rid of this stuff and stick with OpenSSH's internal login procedure (which OTOH already supports esoteric things like FreeBSD's login.conf).
|
24 年 前 |
|
Ralf S. Engelschall
|
45af20caf7
upgrading openssh upstream version from 3.1p1 to 3.2.2p1
|
24 年 前 |
|
Ralf S. Engelschall
|
ab6dc2a846
include my ssh-keyman utility
|
24 年 前 |
|
Ralf S. Engelschall
|
907195a0b6
pam is disabled by default, more concise output
|
24 年 前 |
|
Ralf S. Engelschall
|
34fd0a2d48
- make option defaults really defaults - fix PAM support
|
24 年 前 |
|
Ralf S. Engelschall
|
ddab102081
fix dependencies
|
24 年 前 |
|
Ralf S. Engelschall
|
90c666cab2
- switch to PAM disabled by default - if PAM is enabled, use "pam"/"PAM" package
|
24 年 前 |
|
Ralf S. Engelschall
|
be691b102c
"rijndael" was renamed to "aes" in OpenSSH 3.1p1 because that's the official name of this cipher now that AES is a standard.
|
24 年 前 |
|
Christoph Schug
|
9113a37e36
Removed chroot patch I added earlier today cause Ralf doesn't seem to be happy with some kind of experimental patches even if they are optional. But nevertheless, upgrade to OpenSSH 3.1p1.
|
24 年 前 |
|
Christoph Schug
|
55c5dfa9dc
Added optional chroot patch. Note that this is not the one from the contrib directory. The contrib patch doesn't seem to be in sync with the release so I added a revised one by Hank Leininger from the openssh-unix-dev list.
|
24 年 前 |
|
Ralf S. Engelschall
|
41d5de1a8b
Switch to l_{s,m,r,n}{usr,grp}.
|
24 年 前 |
|
Ralf S. Engelschall
|
287fdaf837
replace double-quotes by single-quotes in substs if possible
|
24 年 前 |
|
Ralf S. Engelschall
|
12d877545e
just to make sure...
|
24 年 前 |
|
Ralf S. Engelschall
|
82d71497c0
add flexible ssh-askpass support
|
24 年 前 |
