path: root/meta/recipes-connectivity/openssh/openssh
Commit message (Collapse)AuthorAgeFilesLines
* openssh: configuration updatesDan McGregor2015-02-033-9/+26
| | | | | | | | Rebase sshd_config and ssh_config with openssh upstream. Check for the ed25519 key in the systemd keygen service. Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca> Signed-off-by: Ross Burton <ross.burton@intel.com>
* openssh: upgrade to 6.7p1Paul Eggleton2015-01-073-163/+0
| | | | | | | | | | | * Drop two CVE patches already handled upstream. * Drop nostrip.patch which no longer applies and use the existing --disable-strip configure option instead. * OpenSSH 6.7+ no longer supports tcp wrappers. We could apply the Debian patch to add support back in, but it seems best to follow upstream here unless we have a good reason to do otherwise. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
* openssh: drop already applied patchPaul Eggleton2014-11-201-22/+0
| | | | | | | This patch was part of the 6.6p1 release. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: avoid screen sessions being killed on disconnect with systemdPaul Eggleton2014-10-181-0/+1
| | | | | | | | | | | | Tell systemd just to kill the sshd process when the ssh connection drops instead of the entire cgroup for sshd, so that any screen sessions (and more to the point, processes within them) do not get killed. (This is what the Fedora sshd service file does, and what we're already doing in the dropbear service file). Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* openssh: use pidfile in initscriptRichard Tollerton2014-07-191-5/+7
| | | | | | | | | | | | | | | | | | | | | | Stopping sshd must only kill the listening (top-level) daemon; it must not stop any other sshd process, because those are forked ssh connections which may include e.g. the connection that called /etc/init.d/sshd stop. This initscript uses "start-stop-daemon -x <exe>" for starting/stopping. When that is provided by busybox, this behavior is broken: `/etc/init.d/sshd stop` stops *all* sshd processes. This was caused by a fix to busybox 1.20: 17eedcad9406c43beddab3906c8c693626c351fb "ssd: compat: match -x EXECUTABLE by /proc/pid/exe too". The fix is to use a pidfile. All initscripts in upstream openssh do this, as does dropbear. Acked-by: Gratian Crisan <gratian.crisan@ni.com> Acked-by: Ken Sharp <ken.sharp@ni.com> Signed-off-by: Richard Tollerton <rich.tollerton@ni.com> Signed-off-by: Ben Shelton <ben.shelton@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: avoid checking empty passwords to mess up with PAM modulesChen Qi2014-07-031-0/+30
| | | | | | | | | | | | | | | | | | | | | Previously, even if PAM is enabled for ssh, the daemon still tries to authenticate an empty password. This leads to authentication failure which would mess up with PAM modules. As a result, if 'UsePAM', 'PermitEmptyPasswords' and 'PasswordAuthentication' are enabled, no user can login correctly. We would meet the following error message at the client side. Write failed: Broken Pipe This patch fixes the above problem by checking whether PAM is enabled before authenticating an empty password. After all, if PAM is enabled, the task of authenticating passwords should be handled to PAM modules. [YOCTO #6466] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix for CVE-2014-2653Chen Qi2014-05-131-0/+114
| | | | | | | | | The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix for CVE-2014-2532Chen Qi2014-05-131-0/+22
| | | | | | | | | | sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: add /var/log/lastlog to volatile listSaul Wold2014-05-081-0/+1
| | | | | | | | | The /var/log/messages reports /var/log/lastlog as missing, since openssh needs this file, create it as a volatile. [YOCTO #6172] Signed-off-by: Saul Wold <sgw@linux.intel.com>
* openssh: enable ptest supportMaxin B. John2014-04-252-0/+68
| | | | | | | Install openssh test-suite and run it as ptest. Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Update init file to add ED25519 Key generationSaul Wold2014-03-191-1/+6
| | | | | | | [YOCTO #5983] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: upgrade to 6.5p1Paul Eggleton2014-02-2810-0/+363
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>