Jan F
|
56091ffa2e
|
add systemd units
|
2011-04-23 16:17:45 +02:00 |
|
Jan F
|
0ecc97b960
|
add systemd units
|
2011-04-23 16:15:56 +02:00 |
|
Jan F
|
d470c46f2b
|
add systemd units
|
2011-04-23 13:43:22 +02:00 |
|
Jan F
|
53f618daef
|
add systemd units
|
2011-04-23 09:13:06 +02:00 |
|
Jan F
|
0e46f275c6
|
the private keys may be 640 root:ssh_keys ssh_keysign is sgid
|
2011-04-22 11:43:01 +02:00 |
|
Jan F
|
e93cf2786f
|
the private keys may be 640 root:ssh_keys ssh_keysign is sgid
|
2011-04-22 11:36:52 +02:00 |
|
Jan F
|
a8dc50b17f
|
the private keys may be 640 root:ssh_keys ssh_keysign is sgid
|
2011-04-21 23:27:01 +02:00 |
|
Jan F
|
1ddd0ee5d7
|
the private keys may be 640 root:ssh_keys ssh_keysign is sgid
|
2011-04-21 17:22:18 +02:00 |
|
Jan F
|
c7ffe02211
|
improving sshd -> passwd transation
|
2011-04-20 21:59:24 +02:00 |
|
Jan F
|
e306854c4d
|
the intermediate context is set to sshd_sftpd_t
do not crash in packet.c if no connection
|
2011-04-15 12:23:36 +02:00 |
|
Jan F
|
439c349423
|
the intermediate context is set to sshd_sftpd_t
do not crash in packet.c if no connection
|
2011-04-05 20:54:56 +02:00 |
|
Jan F
|
8bc65c49b7
|
the intermediate context is set to sshd_sftpd_t
do not crash in packet.c if no connection
|
2011-04-05 20:54:12 +02:00 |
|
Jan F
|
1f6bdc75f1
|
resolve warnings in port_linux.c
|
2011-04-01 09:04:38 +02:00 |
|
Jan F
|
3f220f2863
|
resolve warnings in port_linux.c
|
2011-03-31 21:48:35 +02:00 |
|
Jan F
|
8a77a1dfd5
|
resolve warnings in port_linux.c
|
2011-03-31 13:43:13 +02:00 |
|
Jan F
|
11896aa047
|
add /etc/sysconfig/sshd
|
2011-03-29 23:25:53 +02:00 |
|
Jan F
|
0553df85b0
|
improve reseeding and seed source (documentation)
|
2011-03-28 16:40:17 +02:00 |
|
Jan F
|
91d3b39c03
|
improve reseeding and seed source (cocumentation)
|
2011-03-28 16:19:03 +02:00 |
|
Jan F
|
e6d33e3bc4
|
improve reseeding and seed source (cocumentation)
|
2011-03-27 21:50:47 +02:00 |
|
Jan F
|
39c7b05d62
|
use /dev/random or /dev/urandom for seeding prng
improve periodical reseeding of random generator
|
2011-03-22 22:05:18 +01:00 |
|
Jan F
|
3657adf0ba
|
use /dev/random or /dev/urandom for seeding prng
|
2011-03-22 19:04:37 +01:00 |
|
Jan F
|
0f7ccbf444
|
add periodical reseeding of random generator
change selinux contex for internal sftp in do_usercontext
exit(0) after sigterm
|
2011-03-17 11:31:16 +01:00 |
|
Jan F
|
8fe15092c3
|
add periodical reseeding of random generator
change selinux contex for internal sftp in do_usercontext
exit(0) after sigterm
|
2011-03-17 08:18:17 +01:00 |
|
Jan F
|
f33c99e38b
|
improove ssh-ldap (documentation)
|
2011-03-10 21:59:08 +01:00 |
|
Jan F
|
9992a8e919
|
improove ssh-ldap (documentation)
|
2011-03-10 21:48:09 +01:00 |
|
Jan F
|
9404cdd3e3
|
improove ssh-ldap (documentation)
|
2011-03-10 18:26:11 +01:00 |
|
Jan F
|
a864d61df9
|
improve session keys audit
|
2011-03-10 15:52:21 +01:00 |
|
Jan F
|
ffd063fe18
|
improve session keys audit
|
2011-03-09 09:07:16 +01:00 |
|
Jan F
|
d1fc5c2d41
|
improve session keys audit
|
2011-03-09 08:48:51 +01:00 |
|
Jan F
|
71d3d9c683
|
CVE-2010-4755
|
2011-03-07 20:31:52 +01:00 |
|
Jan F
|
825921b7f3
|
improove ssk-keycat (documentation)
|
2011-03-04 15:22:12 +01:00 |
|
Jan F
|
edc1723011
|
improve audit of logins and auths
|
2011-03-03 10:54:47 +01:00 |
|
Jan F
|
5c54191b0a
|
improove ssk-keycat
|
2011-03-02 07:03:38 +01:00 |
|
Jan F
|
5928f9047b
|
improove ssk-keycat
|
2011-03-01 17:10:09 +01:00 |
|
Jan F
|
1499a28f37
|
improove ssk-keycat
|
2011-03-01 07:44:22 +01:00 |
|
Jan F
|
99f427602c
|
add ssk-keycat
|
2011-02-28 16:42:58 +01:00 |
|
Jan F
|
b934981de5
|
reenable auth-keys ldap backend
|
2011-02-25 12:07:01 +01:00 |
|
Jan F
|
48446f1f1b
|
another audit improovements
|
2011-02-25 09:30:56 +01:00 |
|
Jan F
|
aefa65dfca
|
another audit improovements
|
2011-02-24 14:25:14 +01:00 |
|
Jan F
|
f9ff105e58
|
another audit improovements
|
2011-02-24 14:17:34 +01:00 |
|
Jan F
|
1732b09b93
|
another audit improovements
|
2011-02-23 10:23:28 +01:00 |
|
Jan F
|
842f4397cd
|
another audit improovements
|
2011-02-22 15:07:26 +01:00 |
|
Jan F
|
9cefae06b0
|
another audit improovements
|
2011-02-21 19:33:56 +01:00 |
|
Jan F
|
2c1a4adbdd
|
improve audit of server ket management
|
2011-02-17 17:54:23 +01:00 |
|
Jan F
|
b9127ef973
|
improve audit of logins and auths
|
2011-02-16 23:36:59 +01:00 |
|
Jan F
|
483c73337b
|
improve audit of logins and auths
|
2011-02-16 17:30:51 +01:00 |
|
Jan F
|
003cb0b27f
|
- bump openssh version to 5.8p1
|
2011-02-14 15:32:49 +01:00 |
|
Dennis Gilmore
|
fa335ee67e
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
2011-02-08 21:31:13 -06:00 |
|
Jan F
|
cfb0f30feb
|
- clean the data structures in the non privileged process
- clean the data structures when roaming
|
2011-02-07 20:47:23 +01:00 |
|
Jan F
|
865391f74f
|
- clean the data structures when roaming
|
2011-02-07 09:21:27 +01:00 |
|
Jan F
|
ee23b09ac6
|
- clean the data structures in the privileged process
|
2011-02-02 10:18:01 +01:00 |
|
Jan F
|
f32d86bd8a
|
- clean the data structures in the privileged process
|
2011-02-02 09:28:26 +01:00 |
|
Jan F
|
6f931660c8
|
- clean the data structures in the privileged process
|
2011-01-31 17:04:10 +01:00 |
|
Jan F
|
f00e4a3ddc
|
- clean the data structures before exit net process
|
2011-01-25 14:06:13 +01:00 |
|
Jan F
|
af8738486c
|
- make audit compatible with the fips mode
|
2011-01-16 23:50:01 +01:00 |
|
Jan F
|
377ba3cfce
|
- add audit of destruction the server keys
|
2011-01-14 10:20:53 +01:00 |
|
Jan F
|
9828ffb5fc
|
- add audit of destruction the server keys
|
2011-01-14 10:18:17 +01:00 |
|
Jan F
|
92eab14042
|
- add audit of destruction the server keys
|
2011-01-14 09:45:08 +01:00 |
|
Jan F
|
5c20fa8d2d
|
- add audit of destruction the session keys
|
2011-01-12 11:09:58 +01:00 |
|
Jan F. Chadima
|
a7cb7d2954
|
- reenable run sshd as non root user
- renable rekeying
|
2010-10-28 13:04:45 +02:00 |
|
Jan F
|
436639ac40
|
- reapair clientloop crash (#627332)
- properly restore euid in case connect to the ssh-agent socket fails
|
2010-11-24 08:24:42 +01:00 |
|
Jan F
|
bb5eb00d2d
|
- properly restore euid in case connect to the ssh-agent socket fails
|
2010-11-24 07:49:04 +01:00 |
|
Jan F. Chadima
|
d2ed53bfc6
|
- striped read permissions from suid and sgid binaries
- properly restore euid in case connect to the ssh-agent socket fails
|
2010-10-10 05:43:12 +02:00 |
|
Jan F
|
7c53d7e5af
|
- used upstream version of the biguid patch
|
2010-11-15 14:01:18 +01:00 |
|
Jan F
|
82036abfa2
|
- improoved kuserok patch
|
2010-11-15 10:35:33 +01:00 |
|
Jan F
|
5daee12df3
|
- add auditing the host based key ussage
- repait X11 abstract layer socket (#648896)
|
2010-11-05 17:31:30 +01:00 |
|
Jan F. Chadima
|
f44bdee1ed
|
- add auditing the kex result
|
2010-09-21 05:36:25 +02:00 |
|
Jan F
|
f8f722ebad
|
- add auditing the key ussage
|
2010-11-02 21:10:16 +01:00 |
|
Jan F
|
0f4c82ee87
|
- add auditing the key ussage
|
2010-11-02 13:10:33 +01:00 |
|
Jan F
|
2d0bc8b9f6
|
- update gsskex patch (#645389)
|
2010-10-22 15:45:07 +02:00 |
|
Jan F
|
ba25ecfbc7
|
- rebase linux audit according to upstream
|
2010-10-20 11:52:05 +02:00 |
|
Jan F. Chadima
|
cf74d509bc
|
- add missing headers to linux audit
|
2010-08-31 21:47:07 +02:00 |
|
Jan F
|
faae1e801d
|
- audit module now uses openssh audit framevork
|
2010-09-29 09:17:40 +02:00 |
|
Jan F
|
cae7368913
|
- Add the GSSAPI kuserok switch to the kuserok patch
|
2010-09-15 19:21:47 +02:00 |
|
Jan F
|
46c77f5af2
|
- Add the GSSAPI kuserok switch to the kuserok patch
|
2010-09-15 15:55:55 +02:00 |
|
Jan F
|
4c4aa13bbb
|
- Repaired the kuserok patch
|
2010-09-15 10:07:41 +02:00 |
|
Jan F
|
abe4bc8a6b
|
- Repaired the problem with puting entries with very big uid into lastlog
|
2010-09-13 14:22:31 +02:00 |
|
Jan F
|
10c6ac8404
|
- Repaired the problem with puting entries with very big uid into lastlog
|
2010-09-13 13:08:30 +02:00 |
|
Jan F
|
ce0606e548
|
- Repaired the problem with puting entries with very big uid into lastlog
|
2010-09-13 13:02:01 +02:00 |
|
Jan F
|
2bdd0209d2
|
- Merging selabel patch with the upstream version. (#632914)
|
2010-09-13 11:40:52 +02:00 |
|
Jan F
|
84d568abcc
|
- Merging selabel patch with the upstream version. (#632914)
|
2010-09-13 11:38:26 +02:00 |
|
Jan F
|
93909d91af
|
- Tweaking selabel batch to work properly without selinux rules loaded. (#632914)
|
2010-09-13 10:26:50 +02:00 |
|
Tomas Mraz
|
13fa787ecc
|
- Make fipscheck hmacs compliant with FHS - requires new fipscheck
|
2010-09-08 09:00:22 +02:00 |
|
Jan F
|
f7e15d5204
|
- Added -z relro -z now to LDFLAGS
|
2010-09-08 08:41:29 +02:00 |
|
Jan F. Chadima
|
c6801b909e
|
- Rebased to openssh5.6p1
- Added -z relro -z now to LDFLAGS
|
2010-08-12 07:41:58 +02:00 |
|
Jan F. Chadima
|
1b8a267cb9
|
Upgrade to openssh-5.6p1
|
2010-08-03 02:41:49 +02:00 |
|
Jan F. Chadima
|
98ba34ae05
|
upgrade to openssh-5.6p1
|
2010-08-03 01:10:26 +02:00 |
|
Jan F. Chadima
|
7818e56d62
|
- merged with newer bugzilla's version of authorized keys command patch
|
2010-07-07 13:48:36 +00:00 |
|
Jan F. Chadima
|
eb358aa2e5
|
- improved the x11 patch according to upstream (#598671)
|
2010-06-30 14:50:51 +00:00 |
|
Jan F. Chadima
|
a3dee6b29d
|
- improved the x11 patch (#598671)
|
2010-06-25 12:08:42 +00:00 |
|
Jan F. Chadima
|
41a56c5d4d
|
- changed _PATH_UNIX_X to unexistent file name (#598671)
|
2010-06-24 07:02:37 +00:00 |
|
Jan F. Chadima
|
411b917379
|
- sftp works in deviceless chroot again (broken from 5.5p1-3)
|
2010-06-23 13:53:38 +00:00 |
|
Jan F. Chadima
|
59d42d3dc6
|
- add option to switch out krb5_kuserok
|
2010-06-08 10:06:35 +00:00 |
|
Jan F. Chadima
|
2fd105489c
|
- synchronize uid and gid for the user sshd
|
2010-05-21 13:23:44 +00:00 |
|
Jan F. Chadima
|
b1a625a446
|
- Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8)
|
2010-05-20 07:02:32 +00:00 |
|
Jan F. Chadima
|
99d9a391f4
|
- Repair the reference in man ssh-ldap-helper(8)
- Repair the PubkeyAgent section in sshd_config(5)
- Provide example ldap.conf
|
2010-05-14 08:19:04 +00:00 |
|
Jan F. Chadima
|
86b2d1c41c
|
- Make the Ldap configuration widely compatible
- create the aditional docs for LDAP support.
|
2010-05-13 14:25:38 +00:00 |
|
Jan F. Chadima
|
222d52deed
|
- Make the Ldap configuration widely compatible
- create the aditional docs for LDAP support.
|
2010-05-13 13:53:16 +00:00 |
|
Jan F. Chadima
|
4669c37784
|
- Make LDAP config elements TLS_CACERT and TLS_REQCERT compatiple with
pam_ldap (#589360)
|
2010-05-06 14:01:16 +00:00 |
|
Jan F. Chadima
|
b6bdf18518
|
- Make LDAP config element tls_checkpeer compatiple with nss_ldap (#589360)
|
2010-05-06 09:39:44 +00:00 |
|