- jmc@cvs.openbsd.org 2003/10/08 08:27:36

[scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8] scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8) ok deraadt@ markus@
author: Darren Tucker <dtucker@zip.com.au> 2003-10-15 15:50:42 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2003-10-15 15:50:42 +1000
commit: 1f20394e92afa417c1201506f9ae8683170ac496 (patch)
tree: dc4552b853891fb2fba19f404da087062622bf97
parent: 439ce0daf95fef595ba2592d16b17401a8bee135 (diff)
8 files changed, 277 insertions, 157 deletions
diff --git a/ChangeLog b/ChangeLog
index ee86bb7c5..d2c3255c9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+20031015
+ - (dtucker) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2003/10/08 08:27:36
+     [scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8]
+     scp and sftp: add options list and sort options. options list requested
+     by deraadt@
+     sshd: use same format as ssh
+     ssh: remove wrong option from list
+     sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
+     ok deraadt@ markus@
 20031009
 - (dtucker) [sshd_config.5] UsePAM defaults to "no".  ok djm@
@@ -1314,4 +1325,4 @@
 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
   Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.3069 2003/10/09 04:13:53 dtucker Exp $
+$Id: ChangeLog,v 1.3070 2003/10/15 05:50:42 dtucker Exp $
diff --git a/scp.1 b/scp.1
index a971500ee..bdc413337 100644
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.28 2003/06/10 09:12:11 jmc Exp $
+.\" $OpenBSD: scp.1,v 1.29 2003/10/08 08:27:36 jmc Exp $
 .\"
 .Dd September 25, 1999
 .Dt SCP 1
@@ -20,24 +20,24 @@
 .Sh SYNOPSIS
 .Nm scp
 .Bk -words
-.Op Fl pqrvBC1246
+.Op Fl 1246BCpqrv
-.Op Fl F Ar ssh_config
-.Op Fl S Ar program
-.Op Fl P Ar port
 .Op Fl c Ar cipher
+.Op Fl F Ar ssh_config
 .Op Fl i Ar identity_file
 .Op Fl l Ar limit
 .Op Fl o Ar ssh_option
+.Op Fl P Ar port
+.Op Fl S Ar program
 .Sm off
 .Oo
-.Op Ar user@
+.Op Ar user No @
 .Ar host1 No :
 .Oc Ns Ar file1
 .Sm on
 .Op Ar ...
 .Sm off
 .Oo
-.Op Ar user@
+.Op Ar user No @
 .Ar host2 No :
 .Oc Ar file2
 .Sm on
@@ -62,35 +62,24 @@ Copies between two remote hosts are permitted.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
-.It Fl c Ar cipher
+.It Fl 1
-Selects the cipher to use for encrypting the data transfer.
+Forces
-This option is directly passed to
-.Xr ssh 1 .
-.It Fl i Ar identity_file
-Selects the file from which the identity (private key) for RSA
-authentication is read.
-This option is directly passed to
-.Xr ssh 1 .
-.It Fl l Ar limit
-Limits the used bandwidth, specified in Kbit/s.
-.It Fl p
-Preserves modification times, access times, and modes from the
-original file.
-.It Fl r
-Recursively copy entire directories.
-.It Fl v
-Verbose mode.
-Causes
 .Nm
-and
+to use protocol 1.
-.Xr ssh 1
+.It Fl 2
-to print debugging messages about their progress.
+Forces
-This is helpful in
+.Nm
-debugging connection, authentication, and configuration problems.
+to use protocol 2.
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
 .It Fl B
 Selects batch mode (prevents asking for passwords or passphrases).
-.It Fl q
-Disables the progress meter.
 .It Fl C
 Compression enable.
 Passes the
@@ -98,12 +87,85 @@ Passes the
 flag to
 .Xr ssh 1
 to enable compression.
+.It Fl c Ar cipher
+Selects the cipher to use for encrypting the data transfer.
+This option is directly passed to
+.Xr ssh 1 .
 .It Fl F Ar ssh_config
 Specifies an alternative
 per-user configuration file for
 .Nm ssh .
 This option is directly passed to
 .Xr ssh 1 .
+.It Fl i Ar identity_file
+Selects the file from which the identity (private key) for RSA
+authentication is read.
+This option is directly passed to
+.Xr ssh 1 .
+.It Fl l Ar limit
+Limits the used bandwidth, specified in Kbit/s.
+.It Fl o Ar ssh_option
+Can be used to pass options to
+.Nm ssh
+in the format used in
+.Xr ssh_config 5 .
+This is useful for specifying options
+for which there is no separate
+.Nm scp
+command-line flag.
+For full details of the options listed below, and their possible values, see
+.Xr ssh_config 5 .
+.Pp
+.Bl -tag -width Ds -offset indent -compact
+.It AddressFamily
+.It BatchMode
+.It BindAddress
+.It ChallengeResponseAuthentication
+.It CheckHostIP
+.It Cipher
+.It Ciphers
+.It ClearAllForwardings
+.It Compression
+.It CompressionLevel
+.It ConnectionAttempts
+.It ConnectionTimeout
+.It DynamicForward
+.It EscapeChar
+.It ForwardAgent
+.It ForwardX11
+.It GatewayPorts
+.It GlobalKnownHostsFile
+.It GSSAPIAuthentication
+.It GSSAPIDelegateCredentials
+.It Host
+.It HostbasedAuthentication
+.It HostKeyAlgorithms
+.It HostKeyAlias
+.It HostName
+.It IdentityFile
+.It KeepAlive
+.It LocalForward
+.It LogLevel
+.It MACs
+.It NoHostAuthenticationForLocalhost
+.It NumberOfPasswordPrompts
+.It PasswordAuthentication
+.It Port
+.It PreferredAuthentications
+.It Protocol
+.It ProxyCommand
+.It PubkeyAuthentication
+.It RemoteForward
+.It RhostsRSAAuthentication
+.It RSAAuthentication
+.It SmartcardDevice
+.It StrictHostKeyChecking
+.It UsePrivilegedPort
+.It User
+.It UserKnownHostsFile
+.It VerifyHostKeyDNS
+.It XAuthLocation
+.El
 .It Fl P Ar port
 Specifies the port to connect to on the remote host.
 Note that this option is written with a capital
@@ -112,6 +174,13 @@ because
 .Fl p
 is already reserved for preserving the times and modes of the file in
 .Xr rcp 1 .
+.It Fl p
+Preserves modification times, access times, and modes from the
+original file.
+.It Fl q
+Disables the progress meter.
+.It Fl r
+Recursively copy entire directories.
 .It Fl S Ar program
 Name of
 .Ar program
@@ -119,31 +188,15 @@ to use for the encrypted connection.
 The program must understand
 .Xr ssh 1
 options.
-.It Fl o Ar ssh_option
+.It Fl v
-Can be used to pass options to
+Verbose mode.
-.Nm ssh
+Causes
-in the format used in
-.Xr ssh_config 5 .
-This is useful for specifying options
-for which there is no separate
-.Nm scp
-command-line flag.
-.It Fl 1
-Forces
-.Nm
-to use protocol 1.
-.It Fl 2
-Forces
-.Nm
-to use protocol 2.
-.It Fl 4
-Forces
-.Nm
-to use IPv4 addresses only.
-.It Fl 6
-Forces
 .Nm
-to use IPv6 addresses only.
+and
+.Xr ssh 1
+to print debugging messages about their progress.
+This is helpful in
+debugging connection, authentication, and configuration problems.
 .El
 .Sh DIAGNOSTICS
 .Nm
@@ -165,5 +218,4 @@ program in BSD source code from the Regents of the University of
 California.
 .Sh AUTHORS
 .An Timo Rinne Aq tri@iki.fi
-and
 .An Tatu Ylonen Aq ylo@cs.hut.fi
diff --git a/scp.c b/scp.c
index a1f136a1f..364ab2860 100644
--- a/scp.c
+++ b/scp.c
@@ -71,7 +71,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.109 2003/09/19 17:40:20 markus Exp $");
+RCSID("$OpenBSD: scp.c,v 1.110 2003/10/08 08:27:36 jmc Exp $");
 #include "xmalloc.h"
 #include "atomicio.h"
@@ -1019,8 +1019,8 @@ void
 usage(void)
 {
        (void) fprintf(stderr,
-            "usage: scp [-pqrvBC1246] [-F config] [-S program] [-P port]\n"
+            "usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
-            "           [-c cipher] [-i identity] [-l limit] [-o option]\n"
+            "           [-l limit] [-o ssh_option] [-P port] [-S program]\n"
            "           [[user@]host1:]file1 [...] [[user@]host2:]file2\n");
        exit(1);
 }
diff --git a/sftp-server.8 b/sftp-server.8
index 871f83796..42f5d437c 100644
--- a/sftp-server.8
+++ b/sftp-server.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp-server.8,v 1.9 2003/06/10 09:12:11 jmc Exp $
+.\" $OpenBSD: sftp-server.8,v 1.10 2003/10/08 08:27:36 jmc Exp $
 .\"
 .\" Copyright (c) 2000 Markus Friedl.  All rights reserved.
 .\"
@@ -41,11 +41,12 @@ using the
 .Cm Subsystem
 option.
 See
-.Xr sshd 8
+.Xr sshd_config 5
 for more information.
 .Sh SEE ALSO
 .Xr sftp 1 ,
 .Xr ssh 1 ,
+.Xr sshd_config 5 ,
 .Xr sshd 8
 .Rs
 .%A T. Ylonen
diff --git a/sftp.1 b/sftp.1
index 753a4f2b9..05b972e46 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.45 2003/09/02 18:50:06 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.46 2003/10/08 08:27:36 jmc Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -31,15 +31,15 @@
 .Sh SYNOPSIS
 .Nm sftp
 .Bk -words
-.Op Fl vC1
+.Op Fl 1Cv
-.Op Fl b Ar batchfile
-.Op Fl o Ar ssh_option
-.Op Fl s Ar subsystem | sftp_server
 .Op Fl B Ar buffer_size
+.Op Fl b Ar batchfile
 .Op Fl F Ar ssh_config
-.Op Fl P Ar sftp_server path
+.Op Fl o Ar ssh_option
+.Op Fl P Ar sftp_server_path
 .Op Fl R Ar num_requests
 .Op Fl S Ar program
+.Op Fl s Ar subsystem | sftp_server
 .Ar host
 .Ek
 .Nm sftp
@@ -84,6 +84,15 @@ and
 for details).
 The options are as follows:
 .Bl -tag -width Ds
+.It Fl 1
+Specify the use of protocol version 1.
+.It Fl B Ar buffer_size
+Specify the size of the buffer that
+.Nm
+uses when transferring files.
+Larger buffers require fewer round trips at the cost of higher
+memory consumption.
+The default is 32768 bytes.
 .It Fl b Ar batchfile
 Batch mode reads a series of commands from an input
 .Ar batchfile
@@ -104,6 +113,16 @@ prefixing the command with a
 .Sq Ic \-
 character (for example,
 .Ic -rm /tmp/blah* ) .
+.It Fl C
+Enables compression (via ssh's
+.Fl C
+flag).
+.It Fl F Ar ssh_config
+Specifies an alternative
+per-user configuration file for
+.Xr ssh 1 .
+This option is directly passed to
+.Xr ssh 1 .
 .It Fl o Ar ssh_option
 Can be used to pass options to
 .Nm ssh
@@ -115,35 +134,60 @@ for which there is no separate
 command-line flag.
 For example, to specify an alternate port use:
 .Ic sftp -oPort=24 .
-.It Fl s Ar subsystem | sftp_server
+For full details of the options listed below, and their possible values, see
-Specifies the SSH2 subsystem or the path for an sftp server
+.Xr ssh_config 5 .
-on the remote host.
+.Pp
-A path is useful for using
+.Bl -tag -width Ds -offset indent -compact
-.Nm
+.It AddressFamily
-over protocol version 1, or when the remote
+.It BatchMode
-.Xr sshd 8
+.It BindAddress
-does not have an sftp subsystem configured.
+.It ChallengeResponseAuthentication
-.It Fl v
+.It CheckHostIP
-Raise logging level.
+.It Cipher
-This option is also passed to ssh.
+.It Ciphers
-.It Fl B Ar buffer_size
+.It ClearAllForwardings
-Specify the size of the buffer that
+.It Compression
-.Nm
+.It CompressionLevel
-uses when transferring files.
+.It ConnectionAttempts
-Larger buffers require fewer round trips at the cost of higher
+.It ConnectionTimeout
-memory consumption.
+.It DynamicForward
-The default is 32768 bytes.
+.It EscapeChar
-.It Fl C
+.It ForwardAgent
-Enables compression (via ssh's
+.It ForwardX11
-.Fl C
+.It GatewayPorts
-flag).
+.It GlobalKnownHostsFile
-.It Fl F Ar ssh_config
+.It GSSAPIAuthentication
-Specifies an alternative
+.It GSSAPIDelegateCredentials
-per-user configuration file for
+.It Host
-.Xr ssh 1 .
+.It HostbasedAuthentication
-This option is directly passed to
+.It HostKeyAlgorithms
-.Xr ssh 1 .
+.It HostKeyAlias
-.It Fl P Ar sftp_server path
+.It HostName
+.It IdentityFile
+.It KeepAlive
+.It LocalForward
+.It LogLevel
+.It MACs
+.It NoHostAuthenticationForLocalhost
+.It NumberOfPasswordPrompts
+.It PasswordAuthentication
+.It Port
+.It PreferredAuthentications
+.It Protocol
+.It ProxyCommand
+.It PubkeyAuthentication
+.It RemoteForward
+.It RhostsRSAAuthentication
+.It RSAAuthentication
+.It SmartcardDevice
+.It StrictHostKeyChecking
+.It UsePrivilegedPort
+.It User
+.It UserKnownHostsFile
+.It VerifyHostKeyDNS
+.It XAuthLocation
+.El
+.It Fl P Ar sftp_server_path
 Connect directly to a local sftp server
 (rather than via
 .Xr ssh 1 )
@@ -160,8 +204,17 @@ to use for the encrypted connection.
 The program must understand
 .Xr ssh 1
 options.
-.It Fl 1
+.It Fl s Ar subsystem | sftp_server
-Specify the use of protocol version 1.
+Specifies the SSH2 subsystem or the path for an sftp server
+on the remote host.
+A path is useful for using
+.Nm
+over protocol version 1, or when the remote
+.Xr sshd 8
+does not have an sftp subsystem configured.
+.It Fl v
+Raise logging level.
+This option is also passed to ssh.
 .El
 .Sh INTERACTIVE COMMANDS
 Once in interactive mode,
@@ -170,16 +223,13 @@ understands a set of commands similar to those of
 .Xr ftp 1 .
 Commands are case insensitive and pathnames may be enclosed in quotes if they
 contain spaces.
-.Bl -tag -width Ds
+.Bl -tag -width "lmdir path"
 .It Ic bye
 Quit
 .Nm sftp .
 .It Ic cd Ar path
 Change remote directory to
 .Ar path .
-.It Ic lcd Ar path
-Change local directory to
-.Ar path .
 .It Ic chgrp Ar grp Ar path
 Change group of file
 .Ar path
@@ -219,6 +269,9 @@ flag is specified, then the file's full permission and access time are
 copied too.
 .It Ic help
 Display help text.
+.It Ic lcd Ar path
+Change local directory to
+.Ar path .
 .It Ic lls Op Ar ls-options Op Ar path
 Display local directory listing of either
 .Ar path
@@ -280,12 +333,12 @@ Rename remote file from
 .Ar oldpath
 to
 .Ar newpath .
-.It Ic rmdir Ar path
-Remove remote directory specified by
-.Ar path .
 .It Ic rm Ar path
 Delete remote file specified by
 .Ar path .
+.It Ic rmdir Ar path
+Remove remote directory specified by
+.Ar path .
 .It Ic symlink Ar oldpath Ar newpath
 Create a symbolic link from
 .Ar oldpath
@@ -305,6 +358,7 @@ Escape to local shell.
 Synonym for help.
 .El
 .Sh SEE ALSO
+.Xr ftp 1 ,
 .Xr scp 1 ,
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
diff --git a/sftp.c b/sftp.c
index c2a6593b8..fddc6875f 100644
--- a/sftp.c
+++ b/sftp.c
@@ -24,7 +24,7 @@
 #include "includes.h"
-RCSID("$OpenBSD: sftp.c,v 1.37 2003/07/10 20:05:55 markus Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.38 2003/10/08 08:27:36 jmc Exp $");
 #include "buffer.h"
 #include "xmalloc.h"
@@ -112,10 +112,12 @@ usage(void)
        extern char *__progname;
        fprintf(stderr,
-            "usage: %s [-vC1] [-b batchfile] [-o ssh_option] [-s subsystem | sftp_server]\n"
+            "usage: %s [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]\n"
-            "            [-B buffer_size] [-F ssh_config] [-P sftp_server path]\n"
+            "            [-o ssh_option] [-P sftp_server_path] [-R num_requests]\n"
-            "            [-R num_requests] [-S program]\n"
+            "            [-S program] [-s subsystem | sftp_server] host\n"
-            "            [user@]host[:file [file]]\n", __progname);
+            "       %s [[user@]host[:file [file]]]\n"
+            "       %s [[user@]host[:dir[/]]]\n"
+            "       %s -b batchfile [user@]host\n", __progname, __progname, __progname, __progname);
        exit(1);
 }
diff --git a/ssh.1 b/ssh.1
index 21e573b6d..2ba7fa6fd 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.176 2003/09/29 11:40:51 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.177 2003/10/08 08:27:36 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -621,7 +621,6 @@ For full details of the options listed below, and their possible values, see
 .It ConnectionAttempts
 .It ConnectionTimeout
 .It DynamicForward
-.It EnableSSHKeysign
 .It EscapeChar
 .It ForwardAgent
 .It ForwardX11
diff --git a/sshd.8 b/sshd.8
index 0eeea6666..34413e2a7 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.199 2003/08/13 08:46:31 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.200 2003/10/08 08:27:36 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -44,7 +44,7 @@
 .Sh SYNOPSIS
 .Nm sshd
 .Bk -words
-.Op Fl deiqtD46
+.Op Fl 46Ddeiqt
 .Op Fl b Ar bits
 .Op Fl f Ar config_file
 .Op Fl g Ar login_grace_time
@@ -78,9 +78,7 @@ This implementation of
 supports both SSH protocol version 1 and 2 simultaneously.
 .Nm
 works as follows:
-.Pp
 .Ss SSH protocol version 1
-.Pp
 Each host has a host-specific RSA key
 (normally 1024 bits) used to identify the host.
 Additionally, when
@@ -92,7 +90,7 @@ Whenever a client connects, the daemon responds with its public
 host and server keys.
 The client compares the
 RSA host key against its own database to verify that it has not changed.
-The client then generates a 256 bit random number.
+The client then generates a 256-bit random number.
 It encrypts this
 random number using both the host key and the server key, and sends
 the encrypted number to the server.
@@ -107,9 +105,9 @@ to use from those offered by the server.
 .Pp
 Next, the server and the client enter an authentication dialog.
 The client tries to authenticate itself using
-.Pa .rhosts
+.Em .rhosts
 authentication,
-.Pa .rhosts
+.Em .rhosts
 authentication combined with RSA host
 authentication, RSA challenge-response authentication, or password
 based authentication.
@@ -137,7 +135,8 @@ or
 .Ql \&*NP\&*
 ).
 .Pp
-Rhosts authentication is normally disabled
+.Em rhosts
+authentication is normally disabled
 because it is fundamentally insecure, but can be enabled in the server
 configuration file if desired.
 System security is not improved unless
@@ -150,9 +149,7 @@ are disabled (thus completely disabling
 and
 .Xr rsh
 into the machine).
-.Pp
 .Ss SSH protocol version 2
-.Pp
 Version 2 works similarly:
 Each host has a host-specific key (RSA or DSA) used to identify the host.
 However, when the daemon starts, it does not generate a server key.
@@ -160,7 +157,7 @@ Forward security is provided through a Diffie-Hellman key agreement.
 This key agreement results in a shared session key.
 .Pp
 The rest of the session is encrypted using a symmetric cipher, currently
-128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit AES.
+128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
 The client selects the encryption algorithm
 to use from those offered by the server.
 Additionally, session integrity is provided
@@ -171,9 +168,7 @@ Protocol version 2 provides a public key based
 user (PubkeyAuthentication) or
 client host (HostbasedAuthentication) authentication method,
 conventional password authentication and challenge response based methods.
-.Pp
 .Ss Command execution and data forwarding
-.Pp
 If the client successfully authenticates itself, a dialog for
 preparing the session is entered.
 At this time the client may request
@@ -192,8 +187,9 @@ connections have been closed, the server sends command exit status to
 the client, and both sides exit.
 .Pp
 .Nm
-can be configured using command-line options or a configuration
+can be configured using command-line options or a configuration file
-file.
+(by default
+.Xr sshd_config 5 ) .
 Command-line options override values specified in the
 configuration file.
 .Pp
@@ -205,9 +201,23 @@ by executing itself with the name it was started as, i.e.,
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
 .It Fl b Ar bits
 Specifies the number of bits in the ephemeral protocol version 1
 server key (default 768).
+.It Fl D
+When this option is specified,
+.Nm
+will not detach and does not become a daemon.
+This allows easy monitoring of
+.Nm sshd .
 .It Fl d
 Debug mode.
 The server sends verbose debug output to the system
@@ -267,7 +277,7 @@ be feasible.
 Specifies how often the ephemeral protocol version 1 server key is
 regenerated (default 3600 seconds, or one hour).
 The motivation for regenerating the key fairly
-often is that the key is not stored anywhere, and after about an hour,
+often is that the key is not stored anywhere, and after about an hour
 it becomes impossible to recover the key for decrypting intercepted
 communications even if the machine is cracked into or physically
 seized.
@@ -276,6 +286,8 @@ A value of zero indicates that the key will never be regenerated.
 Can be used to give options in the format used in the configuration file.
 This is useful for specifying options for which there is no separate
 command-line flag.
+For full details of the options, and their values, see
+.Xr sshd_config 5 .
 .It Fl p Ar port
 Specifies the port on which the server listens for connections
 (default 22).
@@ -325,20 +337,6 @@ USER@HOST pattern in
 .Cm AllowUsers
 or
 .Cm DenyUsers .
-.It Fl D
-When this option is specified
-.Nm
-will not detach and does not become a daemon.
-This allows easy monitoring of
-.Nm sshd .
-.It Fl 4
-Forces
-.Nm
-to use IPv4 addresses only.
-.It Fl 6
-Forces
-.Nm
-to use IPv6 addresses only.
 .El
 .Sh CONFIGURATION FILE
 .Nm
@@ -375,9 +373,9 @@ Changes to run with normal user privileges.
 .It
 Sets up basic environment.
 .It
-Reads
+Reads the file
-.Pa $HOME/.ssh/environment
+.Pa $HOME/.ssh/environment ,
-if it exists and users are allowed to change their environment.
+if it exists, and users are allowed to change their environment.
 See the
 .Cm PermitUserEnvironment
 option in
@@ -516,7 +514,7 @@ Limit local
 port forwarding such that it may only connect to the specified host and
 port.
 IPv6 addresses can be specified with an alternative syntax:
-.Ar host/port .
+.Ar host Ns / Ns Ar port .
 Multiple
 .Cm permitopen
 options may be applied separated by commas.
@@ -524,13 +522,13 @@ No pattern matching is performed on the specified hostnames,
 they must be literal domains or addresses.
 .El
 .Ss Examples
-1024 33 12121.\|.\|.\|312314325 ylo@foo.bar
+1024 33 12121...312314325 ylo@foo.bar
 .Pp
-from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
+from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
 .Pp
-command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
+command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi
 .Pp
-permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323
+permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
 .Sh SSH_KNOWN_HOSTS FILE FORMAT
 The
 .Pa /etc/ssh/ssh_known_hosts
@@ -588,7 +586,7 @@ or by taking
 and adding the host names at the front.
 .Ss Examples
 .Bd -literal
-closenet,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
+closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
 cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
 .Ed
 .Sh FILES
@@ -647,7 +645,7 @@ and/or
 .Pa id_rsa.pub
 files into this file, as described in
 .Xr ssh-keygen 1 .
-.It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
+.It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts"
 These files are consulted when using rhosts with RSA host
 authentication or protocol version 2 hostbased authentication
 to check the public key of the host.
@@ -681,7 +679,7 @@ The file must
 be writable only by the user; it is recommended that it not be
 accessible by others.
 .Pp
-If is also possible to use netgroups in the file.
+It is also possible to use netgroups in the file.
 Either host or user
 name may be of the form +@groupname to specify all hosts or all users
 in the group.
@@ -693,7 +691,7 @@ However, this file is
 not used by rlogin and rshd, so using this permits access using SSH only.
 .It Pa /etc/hosts.equiv
 This file is used during
-.Pa .rhosts
+.Em rhosts
 authentication.
 In the simplest form, this file contains host names, one per line.
 Users on
@@ -800,9 +798,12 @@ This file should be writable only by root, and should be world-readable.
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
+.Xr chroot 2 ,
+.Xr hosts_access 5 ,
 .Xr login.conf 5 ,
 .Xr moduli 5 ,
 .Xr sshd_config 5 ,
+.Xr inetd 8 ,
 .Xr sftp-server 8
 .Rs
 .%A T. Ylonen
author	Darren Tucker <dtucker@zip.com.au>	2003-10-15 15:50:42 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2003-10-15 15:50:42 +1000
commit	1f20394e92afa417c1201506f9ae8683170ac496 (patch)
tree	dc4552b853891fb2fba19f404da087062622bf97
parent	439ce0daf95fef595ba2592d16b17401a8bee135 (diff)