Commit bc553e59 authored by Niels Möller's avatar Niels Möller
Browse files

*** empty log message ***

Rev: doc/TODO:1.69
Rev: doc/lsh.texinfo:1.4
parent 18c0d86e
......@@ -301,10 +301,6 @@ See if we can do without the "reason" argument to close callbacks.
Current bugs (Bazsi):
I've encountered a bug in remote (-R) forwarding in lshd. My proxy didn't
handle forwarded-tcpip channels, and refused to open such a channel. lshd
crashes if this channel cannot be opened with an unhandled exception.
* 0.2.6 doesn't remember the listening socket of an -L option as a resource,
so when the connection is closed (logout from the shell), lsh hangs on the
listening socket, and connecting to it results in a segfault (most
......@@ -315,15 +311,12 @@ probably because the connection struct had been freed by the gc)
proxy patches I made this possible adding a struct exception_handler **e to
channel_request_command's format method.
/* FIXME: The new fd object should be added to the same resource list
* as the old one. Perhaps the conenction code in io.c should reuse
* the fd object in some way? */
static void
do_connect_continue(struct fd_callback **s, int fd)
static void do_free_zstream(z_stream *z)
/* FIXME: Let opaque be a pointer to a struct, as it is not portable
* to cast between void * and a function pointer. */
/* Call deflateEnd() or inflateEnd(). But which? We use the opague
* pointer, as we don't use that for anything else. */
Try to unify the handling of queued channel requests and global
......@@ -535,6 +535,27 @@ arcfour.
@comment node-name, next, previous, up
@section Host authentication options
As described earlier @pxref{Threats}, proper authentication of the
remote host is crucial to protect the connection against
Man-in-the-middle attacks. By default, @code{lsh} verifies the server's
claimed host key against the @dfn{Acess Control Lists} in
@file{~/.lsh/known_hosts}. If the remote host cannot be authenticated,
the connection is dropped.
The options that change this behaviour are
@table @option
@item --host-db
Specifies the location of the @acronym{ACL} file.
@item --sloppy-host-authentication
@item --strict-host-authentication
@item --capture-to
@end table
@node Userauth options, Action options, Hostauth options, Invoking lsh
@comment node-name, next, previous, up
@section User authentication options
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment