head	1.6;
access;
symbols
	RELEASE_4_5_0:1.5
	RELEASE_4_4_0:1.5
	RELEASE_4_3_0:1.5
	RELEASE_4_2_0:1.5
	RELEASE_4_1_1:1.4
	RELEASE_4_1_0:1.4
	RELEASE_3_5_0:1.4
	RELEASE_4_0_0:1.4
	RELEASE_3_4_0:1.4
	openssh_1_2:1.1.1.1
	OPENBSD:1.1.1;
locks; strict;
comment	@# @;


1.6
date	2002.03.12.17.54.07;	author dinoex;	state dead;
branches;
next	1.5;

1.5
date	2000.11.04.23.04.25;	author green;	state Exp;
branches;
next	1.4;

1.4
date	99.12.06.06.32.22;	author green;	state Exp;
branches;
next	1.3;

1.3
date	99.11.24.03.36.22;	author green;	state dead;
branches;
next	1.2;

1.2
date	99.11.09.12.43.45;	author green;	state Exp;
branches;
next	1.1;

1.1
date	99.11.08.06.20.53;	author green;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	99.11.08.06.20.53;	author green;	state Exp;
branches;
next	;


desc
@@


1.6
log
@Rename Patches to make navigation much more easier.
@
text
@--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/sshd.8	Tue Nov 23 18:58:38 1999
+++ sshd.8	Sun Dec  5 22:59:58 1999
@@@@ -453,8 +478,9 @@@@
 If the login is on a tty, records login time.
 .It
 Checks
-.Pa /etc/nologin ;
-if it exists, prints contents and quits
+.Pa /etc/nologin and
+.Pa /var/run/nologin ;
+if one exists, it prints the contents and quits
 (unless root).
 .It
 Changes to run with normal user privileges.
@


1.5
log
@Update to OpenSSH 2.2.0.  This is an end-of-life update for the
ports-based OpenSSH.  OpenSSH has been in the base system for more
than long enough to justify not having to maintain two separate
FreeBSD versions of OpenSSH.
@
text
@@


1.4
log
@In the meantime (while things are being worked and decided on on the
OpenBSD OpenSSH front), add ConnectionsPerPeriod to prevent DoS via
running the system out of resources.  In reality, this wouldn't
be a full DoS, but would make a system slower, but this is a better
thing to do than let the system get loaded down.
   So here we are, rate-limiting.  The default settings are now:
Five connections are allowed to authenticate (and not be rejected) in
a period of ten seconds.
One minute is given for login grace time.
   More work in this area is being done by alfred@@FreeBSD.org and
markus@@OpenBSD.org, at the very least.  This is, essentially, a
stopgap solution;  however, it is a properly implemented and documented
one, and has an easily modifiable framework.
@
text
@a2 32
@@@@ -220,6 +220,31 @@@@
 should check for new mail for interactive logins.
 The default is
 .Dq no .
+.It Cm ConnectionsPerPeriod
+This keyword allows for rate-limiting of connections, and
+is followed by two numbers in the format
+.Dq n/s ,
+where
+.Ar n
+is the number of connections from a certain address group
+accepted per period of
+.Ar s
+seconds.  Any connection after the number
+.Ar n
+connection in the period of
+.Ar s
+seconds will be dropped, and an informational message will be logged.
+A connection will belong to a certain group, of which there are 13
+by default, according to its IP address.
+The default for this keyword is
+.Dq 0/0 ,
+and rate-limiting can be explicitly turned off by using an
+.Ar n
+parameter of
+.Ql 0
+and any
+.Ar s
+parameter.
 .It Cm DenyGroups
 This keyword can be followed by a number of group names, separated
 by spaces.  Users whose primary group matches one of the patterns
@


1.3
log
@Update the CVS_DATE.  This brings in support for TIS authentication,
obsoleting a couple patches (it's the same code, though, except for
additions).

This also brings in KNFization of everything (please hold the cheering
down :) and made me reroll all my patches.

My patches have been almost entirely rewritten.  The places are the
same, but the code's rewritten.  It fits with the style (KNF) now,
and looks better.

I've also added strlcat.c to the build, which, just like strlcpy.c, is
necessary for compatibility with older libcs.  After strlcat() snuck
into the OpenSSH code recently, this would prevent OpenSSH from
building on (e.g.) FreeBSD 3.2.  Adding it to ssh/lib/ makes it work
yet again :)
@
text
@d1 46
a46 27
--- ssh-agent/Makefile.orig	Thu Oct 28 03:32:00 1999
+++ ssh-agent/Makefile	Tue Nov  9 06:41:50 1999
@@@@ -2,20 +2,14 @@@@
 
 PROG=	ssh-agent
 BINOWN=	root
+BINMODE=555
 
-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
-	${MACHINE_ARCH} == "hppa")
-BINMODE=0000
-.else
-BINMODE?=555
-.endif
-
-BINDIR=	/usr/bin
-MAN=	ssh-agent.1
+BINDIR=	/bin
+MAN1=	ssh-agent.1
 
 SRCS=	ssh-agent.c log-client.c
 
 .include <bsd.prog.mk>
 
-LDADD+=	-lcrypto -lutil -lz
+LDADD+=	-lutil -lz ${CRYPTOLIBS}
 DPADD+=	${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ}
@


1.2
log
@Make some various cleanups.  Note that I did not add RESTRICTED since this is
in no way cryptographically encumbered code.  The fact that it's
redistributed by me from freefall is completely coincidental.

Submitted by:	obrien, Christian Weisgerber <naddy@@unix-ag.uni-kl.de>
@
text
@@


1.1
log
@Initial revision
@
text
@d1 3
a3 6
diff -ru /home/green/ssh/ssh-agent/Makefile ./ssh-agent/Makefile
--- /home/green/ssh/ssh-agent/Makefile	Thu Oct 28 03:32:00 1999
+++ ./ssh-agent/Makefile	Mon Nov  8 00:13:41 1999
@@@@ -10,12 +10,12 @@@@
 BINMODE?=555
 .endif
d5 11
@


1.1.1.1
log
@Say hello to OpenSSH!  It's more secure, has a better license, and
is actively maintained by members of the OpenBSD project.
@
text
@@
