| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
had to remove manpage path corrections patch (patch-ac) because
I don't have time till after Friday to work on this port more.
Notes:
svn path=/head/; revision=23708
|
|
|
|
|
|
|
|
|
| |
never be taken.
Pointed out by : maintainer.
Notes:
svn path=/head/; revision=23672
|
|
|
|
| |
Notes:
svn path=/head/; revision=23668
|
|
|
|
|
|
|
|
|
|
|
| |
so that there is no need to have commands such as /usr/bin/su in the
restricted environment. Access to the file system is restricted to
the newroot subtree and privileges are restricted to those of the
newuser account (which must be a known account in the unrestricted
environment).
Notes:
svn path=/head/; revision=23667
|
|
|
|
| |
Notes:
svn path=/head/; revision=23659
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
updated to today's snapshot of OpenSSH.
Various updates from the latest ${CVS_DATE}, and requisite patch
changes, are the "big new thing". Nothing major has changed; the
biggest ones would be using atomicio() in a lot of places and a
fix for a SIGHUP not updating sshd(8)'s configuration until the
next connection.
Notes:
svn path=/head/; revision=23652
|
|
|
|
|
|
|
| |
This speeds up OS scans.
Notes:
svn path=/head/; revision=23650
|
|
|
|
| |
Notes:
svn path=/head/; revision=23644
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenBSD OpenSSH front), add ConnectionsPerPeriod to prevent DoS via
running the system out of resources. In reality, this wouldn't
be a full DoS, but would make a system slower, but this is a better
thing to do than let the system get loaded down.
So here we are, rate-limiting. The default settings are now:
Five connections are allowed to authenticate (and not be rejected) in
a period of ten seconds.
One minute is given for login grace time.
More work in this area is being done by alfred@FreeBSD.org and
markus@OpenBSD.org, at the very least. This is, essentially, a
stopgap solution; however, it is a properly implemented and documented
one, and has an easily modifiable framework.
Notes:
svn path=/head/; revision=23622
|
|
|
|
|
|
|
|
|
|
|
| |
reality, though. One file, cipher.c, calls cryptographic routines
from external libraries. This really cannot encumber OpenSSH in
any case, but I put RESTRICTED back since it would give people a
false hope of being able to install the OpenSSH package but
not the requisite, RESTRICTED (so nonexistant) openssl package.
Notes:
svn path=/head/; revision=23621
|
|
|
|
|
|
|
| |
Reviewed by: Maintainer
Notes:
svn path=/head/; revision=23620
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reasons:
1. It's not crypto.
2. It links with crypto.
a. That crypto is in the public domain.
b. Linking with crypto does not constitute cryptography.
3. Even if it were crypto, the description of the entire protocol, etc.,
is in the public domain. The RFC is PD in the USA, and the white paper
in Europe.
4. Precedence? Even if it were crypto, the Bernstein case has set
precedence for allowing export of that. But it's not even crypto.
Notes:
svn path=/head/; revision=23619
|
|
|
|
|
|
|
| |
come, soon.
Notes:
svn path=/head/; revision=23572
|
|
|
|
| |
Notes:
svn path=/head/; revision=23554
|
|
|
|
| |
Notes:
svn path=/head/; revision=23544
|
|
|
|
| |
Notes:
svn path=/head/; revision=23543
|
|
|
|
| |
Notes:
svn path=/head/; revision=23542
|
|
|
|
| |
Notes:
svn path=/head/; revision=23541
|
|
|
|
| |
Notes:
svn path=/head/; revision=23540
|
|
|
|
| |
Notes:
svn path=/head/; revision=23525
|
|
|
|
|
|
|
|
|
|
|
| |
Submitted by: Anders Nordby <anders@fix.no>
Import the plugins for nessus, network security scanner program.
WWW: http://www.nessus.org/
Notes:
svn path=/head/; revision=23524
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submitted by: Anders Nordby <anders@fix.no>
NASL is a scripting language designed for the Nessus security scanner. Its
aim is to allow anyone to write a test for a given security hole in a few
minutes, to allow people to share their tests without having to worry
about their operating system, and to garantee everyone that a NASL script
can not do anything nasty except performing a given security test against
a given target.
NASL is not a powerful scripting language. Its purpose is to make scripts
that are security tests. So, do not expect to write a third generation web
server in this language, nor a file conversion utility. Use perl, python
or whatever scripting language to do this.
WWW: http://www.nessus.org/doc/nasl.html
Notes:
svn path=/head/; revision=23523
|
|
|
|
|
|
|
|
| |
Submitted by: Anders Nordby <anders@fix.no>
Split nessus-libraries from nessus port.
Notes:
svn path=/head/; revision=23522
|
|
|
|
|
|
|
|
|
| |
Submitted by: maintainer
Update to 0.99.1, and disable nessus for compiling in -current.
Original patch submitted by the maintainer, and some fixes from me.
Notes:
svn path=/head/; revision=23521
|
|
|
|
|
|
|
| |
Submitted by: Brent <brent@kearneys.ca>
Notes:
svn path=/head/; revision=23507
|
|
|
|
|
|
|
|
|
|
|
|
| |
"login auth sufficient pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)
PR: 15158
Submitted by: Andrew J. Korty <ajk@waterspout.com>
Reviewed by: obrien
Notes:
svn path=/head/; revision=23497
|
|
|
|
|
|
|
|
|
|
| |
change of KNFization being finalized :)
Patches had to be modified, but should look "better" according to
style(9), now.
Notes:
svn path=/head/; revision=23479
|
|
|
|
|
|
|
|
|
| |
problem several people have reported with make.conf setting ${CFLAGS}.
Partially submitted by: Jos Backus <Jos.Backus@nl.origin-it.com>
Notes:
svn path=/head/; revision=23476
|
|
|
|
|
|
|
| |
Submitted by: sascha@schumann.cx
Notes:
svn path=/head/; revision=23462
|
|
|
|
|
|
|
| |
Suggested by: kris
Notes:
svn path=/head/; revision=23423
|
|
|
|
| |
Notes:
svn path=/head/; revision=23404
|
|
|
|
|
|
|
|
|
|
| |
A Perl interface to the PAM library.
PR: 14137
Submitted by: Matt Behrens <matt@zigg.com>
Notes:
svn path=/head/; revision=23403
|
|
|
|
| |
Notes:
svn path=/head/; revision=23333
|
|
|
|
|
|
|
| |
Submitted by: Issei Suzuki <issei@jp.freebsd.org>
Notes:
svn path=/head/; revision=23332
|
|
|
|
|
|
|
|
| |
PR: 15059
Submitted by: Maintainer
Notes:
svn path=/head/; revision=23303
|
|
|
|
| |
Notes:
svn path=/head/; revision=23297
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
obsoleting a couple patches (it's the same code, though, except for
additions).
This also brings in KNFization of everything (please hold the cheering
down :) and made me reroll all my patches.
My patches have been almost entirely rewritten. The places are the
same, but the code's rewritten. It fits with the style (KNF) now,
and looks better.
I've also added strlcat.c to the build, which, just like strlcpy.c, is
necessary for compatibility with older libcs. After strlcat() snuck
into the OpenSSH code recently, this would prevent OpenSSH from
building on (e.g.) FreeBSD 3.2. Adding it to ssh/lib/ makes it work
yet again :)
Notes:
svn path=/head/; revision=23296
|
|
|
|
|
|
|
| |
Submitted by: Larry Baird <lab@gta.com>
Notes:
svn path=/head/; revision=23275
|
|
|
|
|
|
|
|
| |
syntax. Run ssh-keygen for ssh_host_key on port install, not just
package install.
Notes:
svn path=/head/; revision=23263
|
|
|
|
|
|
|
| |
mirroring system. The tarball was fine, but the extraction was not
Notes:
svn path=/head/; revision=23262
|
|
|
|
|
|
|
| |
Submitted by: markm
Notes:
svn path=/head/; revision=23253
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Added "firewall mode" timing optimizations which can decrease the
amount of time neccessary to SYN or connect scan some heavily filtered
hosts.
* Changed "TCP Ping" to use a random ACK value rather than 0 (an IDS
called Snort was using this to detect Nmap TCP pings).
* better FDDI support
* changes which should lead to tremendous speedups against some firewalled
hosts.
Notes:
svn path=/head/; revision=23252
|
|
|
|
| |
Notes:
svn path=/head/; revision=23245
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add "ignorelogin" login.conf functionality to sshd.
The biggest change: new port functionality. Making "fetchsrctarball"
will soon work for those of you who cannot use CVS to get OpenSSH.
Mark Murray, the savior he is :), will use "make makesrctarball" and
put the snapshots of OpenSSH source in the proper place.
The current ${MASTER_SITES} is just a guess at where the snapshot
files could be hosted; something definite should be worked out very
soon.
Notes:
svn path=/head/; revision=23238
|
|
|
|
|
|
|
|
|
| |
transform.
Prompted by: deraadt
Notes:
svn path=/head/; revision=23223
|
|
|
|
|
|
|
|
| |
OpenSSH. Users desiring the old functionality can edit their
sshd-config files by hand for new installs.
Notes:
svn path=/head/; revision=23216
|
|
|
|
|
|
|
| |
Submitted by: peter
Notes:
svn path=/head/; revision=23210
|
|
|
|
| |
Notes:
svn path=/head/; revision=23209
|
|
|
|
| |
Notes:
svn path=/head/; revision=23208
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Put sshd.sh installation in the pre-install, ssh_host_key generation
back in the PLIST, and check for ssh_config, too. This port now
works much better as a package. The configuration files and sshd.sh
are also part of the package, and as such removed on deinstall.
The proper upgrade procedure from one OpenSSH version to a newer one is:
chflags schg /usr/local/etc/ssh* # preserve them from deletion
cd /usr/ports/security/openssh
make all deinstall reinstall clean
Partially submitted by: peter
Notes:
svn path=/head/; revision=23206
|