*** empty log message ***

Rev: doc/TODO:1.69 Rev: doc/lsh.texinfo:1.4

* empty log message *
Rev: doc/TODO:1.69 Rev: doc/lsh.texinfo:1.4
bc553e59 · Niels Möller · 18c0d86e · bc553e59 · bc553e59
Commit bc553e59 authored Feb 06, 2000 by Niels Möller
--- a/doc/TODO
+++ b/doc/TODO
@@ -301,10 +301,6 @@ See if we can do without the "reason" argument to close callbacks.

 Current bugs (Bazsi):

-I've encountered a bug in remote (-R) forwarding in lshd. My proxy didn't
-handle forwarded-tcpip channels, and refused to open such a channel. lshd
-crashes if this channel cannot be opened with an unhandled exception.
-
 * 0.2.6 doesn't remember the listening socket of an -L option as a resource,
 so when the connection is closed (logout from the shell), lsh hangs on the
 listening socket, and connecting to it results in a segfault (most
@@ -315,15 +311,12 @@ probably because the connection struct had been freed by the gc)
 proxy patches I made this possible adding a struct exception_handler **e to
 channel_request_command's format method.

-/* FIXME: The new fd object should be added to the same resource list
- * as the old one. Perhaps the conenction code in io.c should reuse
- * the fd object in some way? */
-static void
-do_connect_continue(struct fd_callback **s, int fd)
-
 static void do_free_zstream(z_stream *z)
 {
  /* FIXME: Let opaque be a pointer to a struct, as it is not portable
   * to cast between void * and a function pointer. */
  /* Call deflateEnd() or inflateEnd(). But which? We use the opague
   * pointer, as we don't use that for anything else. */
+
+Try to unify the handling of queued channel requests and global
+requests. 
--- a/doc/lsh.texinfo
+++ b/doc/lsh.texinfo
@@ -535,6 +535,27 @@ arcfour.
 @comment  node-name,  next,  previous,  up
 @section Host authentication options

+As described earlier @pxref{Threats}, proper authentication of the
+remote host is crucial to protect the connection against
+Man-in-the-middle attacks. By default, @code{lsh} verifies the server's
+claimed host key against the @dfn{Acess Control Lists} in
+@file{~/.lsh/known_hosts}. If the remote host cannot be authenticated,
+the connection is dropped.
+
+The options that change this behaviour are
+
+@table @option
+@item --host-db
+Specifies the location of the @acronym{ACL} file.
+
+@item --sloppy-host-authentication
+@item --strict-host-authentication
+@item --capture-to
+
+@end table
+
+
+
 @node Userauth options, Action options, Hostauth options, Invoking lsh
 @comment  node-name,  next,  previous,  up
 @section User authentication options