summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2003-09-01 18:50:00 +0000
committerColin Watson <cjwatson@debian.org>2003-09-01 18:50:00 +0000
commit1501d1e253613aba573e163869a2f704abd73a44 (patch)
tree01cf736a2a33136d2da1d39a5fe4199318dce445
parent8d6b7f4c46de3feb66f704ab483e51ea1a3bb0e1 (diff)
parent053db7da5ce09acdf742789d9d1a05e81d4861d0 (diff)
Debian release 3.6.1p1-1.
-rw-r--r--ChangeLog49
-rw-r--r--Makefile.in2
-rw-r--r--README.privsep2
-rw-r--r--clientloop.c2
-rw-r--r--compat.c22
-rw-r--r--compat.h3
-rw-r--r--configure.ac2
-rw-r--r--contrib/caldera/openssh.spec4
-rw-r--r--contrib/redhat/openssh.spec2
-rw-r--r--contrib/suse/openssh.spec2
-rw-r--r--debian/changelog8
-rw-r--r--debian/control2
-rw-r--r--kex.c5
-rw-r--r--monitor.c2
-rw-r--r--monitor_wrap.c2
-rw-r--r--openbsd-compat/bsd-cray.h2
-rw-r--r--openbsd-compat/bsd-getpeereid.c2
-rw-r--r--openbsd-compat/bsd-snprintf.c9
-rw-r--r--openbsd-compat/fake-getaddrinfo.c2
-rw-r--r--packet.c2
-rw-r--r--packet.h2
-rw-r--r--readconf.c2
-rw-r--r--readconf.h2
-rw-r--r--scp.14
-rw-r--r--serverloop.c2
-rw-r--r--sftp.06
-rw-r--r--sftp.126
-rw-r--r--ssh-add.04
-rw-r--r--ssh-add.19
-rw-r--r--ssh-agent.17
-rw-r--r--ssh-keygen.14
-rw-r--r--ssh-keyscan.120
-rw-r--r--ssh-keysign.86
-rw-r--r--ssh.04
-rw-r--r--ssh.134
-rw-r--r--ssh_config.548
-rw-r--r--sshconnect2.c2
-rw-r--r--sshd_config.530
-rw-r--r--version.h6
39 files changed, 217 insertions, 127 deletions
diff --git a/ChangeLog b/ChangeLog
index 9a7e2ea93..ebde74795 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,20 +1,58 @@
120030401
2 - (djm) OpenBSD CVS Sync
3 - jmc@cvs.openbsd.org 2003/03/28 10:11:43
4 [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
5 [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
6 - killed whitespace
7 - new sentence new line
8 - .Bk for arguments
9 ok markus@
10 - markus@cvs.openbsd.org 2003/04/01 10:10:23
11 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
12 [readconf.h serverloop.c sshconnect2.c]
13 rekeying bugfixes and automatic rekeying:
14 * both client and server rekey _automatically_
15 (a) after 2^31 packets, because after 2^32 packets
16 the sequence number for packets wraps
17 (b) after 2^(blocksize_in_bits/4) blocks
18 (see: draft-ietf-secsh-newmodes-00.txt)
19 (a) and (b) are _enabled_ by default, and only disabled for known
20 openssh versions, that don't support rekeying properly.
21 * client option 'RekeyLimit'
22 * do not reply to requests during rekeying
23 - markus@cvs.openbsd.org 2003/04/01 10:22:21
24 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
25 [readconf.h serverloop.c sshconnect2.c]
26 backout rekeying changes (for 3.6.1)
27 - markus@cvs.openbsd.org 2003/04/01 10:31:26
28 [compat.c compat.h kex.c]
29 bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
30 tested by ho@ and myself
31 - markus@cvs.openbsd.org 2003/04/01 10:56:46
32 [version.h]
33 3.6.1
34 - (djm) Crank spec file versions
35 - (djm) Release 3.6.1p1
36
120030326 3720030326
2 - (djm) OpenBSD CVS Sync 38 - (djm) OpenBSD CVS Sync
3 - deraadt@cvs.openbsd.org 2003/03/26 04:02:51 39 - deraadt@cvs.openbsd.org 2003/03/26 04:02:51
4 [sftp-server.c] 40 [sftp-server.c]
5 one last fix to the tree: race fix broke stuff; pr 3169; 41 one last fix to the tree: race fix broke stuff; pr 3169;
6 srp@srparish.net, help from djm 42 srp@srparish.net, help from djm
43
4420030325
7 - (djm) Fix getpeerid support for 64 bit BE systems. From 45 - (djm) Fix getpeerid support for 64 bit BE systems. From
8 Arnd Bergmann <arndb@de.ibm.com> 46 Arnd Bergmann <arndb@de.ibm.com>
9 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
10 Report from murple@murple.net, diagnosis from dtucker@zip.com.au
11 - Release 3.6p1
12 47
1320030324 4820030324
14 - (djm) OpenBSD CVS Sync 49 - (djm) OpenBSD CVS Sync
15 - markus@cvs.openbsd.org 2003/03/23 19:02:00 50 - markus@cvs.openbsd.org 2003/03/23 19:02:00
16 [monitor.c] 51 [monitor.c]
17 unbreak rekeying for privsep; ok millert@ 52 unbreak rekeying for privsep; ok millert@
53 - Release 3.6p1
54 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
55 Report from murple@murple.net, diagnosis from dtucker@zip.com.au
18 56
1920030320 5720030320
20 - (djm) OpenBSD CVS Sync 58 - (djm) OpenBSD CVS Sync
@@ -29,10 +67,9 @@
29 - (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved 67 - (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved
30 guessing rules) 68 guessing rules)
31 - (bal) Disable Privsep for Tru64 after pre-authentication due to issues 69 - (bal) Disable Privsep for Tru64 after pre-authentication due to issues
32 with SIA. Also, clean up of tru64 support patch by Chris Adams 70 with SIA. Also, clean up of tru64 support patch by Chris Adams
33 <cmadams@hiwaay.net> 71 <cmadams@hiwaay.net>
34 - (tim) [contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files 72 - (tim) [contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files
35 section.
36 73
3720030318 7420030318
38 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 75 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
@@ -1258,4 +1295,4 @@
1258 save auth method before monitor_reset_key_state(); bugzilla bug #284; 1295 save auth method before monitor_reset_key_state(); bugzilla bug #284;
1259 ok provos@ 1296 ok provos@
1260 1297
1261$Id: ChangeLog,v 1.2633.2.9 2003/03/26 05:03:05 djm Exp $ 1298$Id: ChangeLog,v 1.2648 2003/04/01 11:47:16 djm Exp $
diff --git a/Makefile.in b/Makefile.in
index b94eae158..6702eb96e 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.227.2.1 2003/03/21 00:51:35 mouring Exp $ 1# $Id: Makefile.in,v 1.228 2003/03/21 00:34:34 mouring Exp $
2 2
3# uncomment if you run a non bourne compatable shell. Ie. csh 3# uncomment if you run a non bourne compatable shell. Ie. csh
4#SHELL = @SH@ 4#SHELL = @SH@
diff --git a/README.privsep b/README.privsep
index e92af2c41..e8bf1db34 100644
--- a/README.privsep
+++ b/README.privsep
@@ -62,4 +62,4 @@ process 1005 is the sshd process listening for new connections.
62process 6917 is the privileged monitor process, 6919 is the user owned 62process 6917 is the privileged monitor process, 6919 is the user owned
63sshd process and 6921 is the shell process. 63sshd process and 6921 is the shell process.
64 64
65$Id: README.privsep,v 1.10.6.1 2003/03/21 01:15:18 mouring Exp $ 65$Id: README.privsep,v 1.11 2003/03/21 01:18:09 mouring Exp $
diff --git a/clientloop.c b/clientloop.c
index abfde2f3a..9549dadd4 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
59 */ 59 */
60 60
61#include "includes.h" 61#include "includes.h"
62RCSID("$OpenBSD: clientloop.c,v 1.105 2002/11/18 16:43:44 markus Exp $"); 62RCSID("$OpenBSD: clientloop.c,v 1.107 2003/04/01 10:22:21 markus Exp $");
63 63
64#include "ssh.h" 64#include "ssh.h"
65#include "ssh1.h" 65#include "ssh1.h"
diff --git a/compat.c b/compat.c
index 757b0e679..5e1774ab6 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $"); 26RCSID("$OpenBSD: compat.c,v 1.66 2003/04/01 10:31:26 markus Exp $");
27 27
28#include "buffer.h" 28#include "buffer.h"
29#include "packet.h" 29#include "packet.h"
@@ -85,10 +85,12 @@ compat_datafellows(const char *version)
85 { "*MindTerm*", 0 }, 85 { "*MindTerm*", 0 },
86 { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 86 { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
87 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 87 SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
88 SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, 88 SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
89 SSH_BUG_FIRSTKEX },
89 { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 90 { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
90 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 91 SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
91 SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, 92 SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
93 SSH_BUG_FIRSTKEX },
92 { "2.0.13*," 94 { "2.0.13*,"
93 "2.0.14*," 95 "2.0.14*,"
94 "2.0.15*," 96 "2.0.15*,"
@@ -100,26 +102,28 @@ compat_datafellows(const char *version)
100 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 102 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
101 SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| 103 SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
102 SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| 104 SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
103 SSH_BUG_DUMMYCHAN }, 105 SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
104 { "2.0.11*," 106 { "2.0.11*,"
105 "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 107 "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
106 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 108 SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
107 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 109 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
108 SSH_BUG_PKAUTH|SSH_BUG_PKOK| 110 SSH_BUG_PKAUTH|SSH_BUG_PKOK|
109 SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| 111 SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
110 SSH_BUG_DUMMYCHAN }, 112 SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
111 { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 113 { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
112 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 114 SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
113 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 115 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
114 SSH_BUG_PKAUTH|SSH_BUG_PKOK| 116 SSH_BUG_PKAUTH|SSH_BUG_PKOK|
115 SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| 117 SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
116 SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN }, 118 SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN|
119 SSH_BUG_FIRSTKEX },
117 { "2.2.0*," 120 { "2.2.0*,"
118 "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG| 121 "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG|
119 SSH_BUG_RSASIGMD5 }, 122 SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX },
120 { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 }, 123 { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
124 SSH_BUG_FIRSTKEX },
121 { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ 125 { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
122 { "2.*", SSH_BUG_DEBUG }, 126 { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX },
123 { "3.0.*", SSH_BUG_DEBUG }, 127 { "3.0.*", SSH_BUG_DEBUG },
124 { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, 128 { "3.0 SecureCRT*", SSH_OLD_SESSIONID },
125 { "1.7 SecureFX*", SSH_OLD_SESSIONID }, 129 { "1.7 SecureFX*", SSH_OLD_SESSIONID },
diff --git a/compat.h b/compat.h
index 9299805af..881e450d3 100644
--- a/compat.h
+++ b/compat.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $ */ 1/* $OpenBSD: compat.h,v 1.34 2003/04/01 10:31:26 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
@@ -55,6 +55,7 @@
55#define SSH_BUG_EXTEOF 0x00200000 55#define SSH_BUG_EXTEOF 0x00200000
56#define SSH_BUG_K5USER 0x00400000 56#define SSH_BUG_K5USER 0x00400000
57#define SSH_BUG_PROBE 0x00800000 57#define SSH_BUG_PROBE 0x00800000
58#define SSH_BUG_FIRSTKEX 0x01000000
58 59
59void enable_compat13(void); 60void enable_compat13(void);
60void enable_compat20(void); 61void enable_compat20(void);
diff --git a/configure.ac b/configure.ac
index 48a98d319..47fef0cbe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.111.2.2 2003/03/21 01:15:18 mouring Exp $ 1# $Id: configure.ac,v 1.113 2003/03/21 01:18:09 mouring Exp $
2 2
3AC_INIT 3AC_INIT
4AC_CONFIG_SRCDIR([ssh.c]) 4AC_CONFIG_SRCDIR([ssh.c])
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index e70ac8f37..142d30d88 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,7 +17,7 @@
17#old cvs stuff. please update before use. may be deprecated. 17#old cvs stuff. please update before use. may be deprecated.
18%define use_stable 1 18%define use_stable 1
19%if %{use_stable} 19%if %{use_stable}
20 %define version 3.6p1 20 %define version 3.6.1p1
21 %define cvs %{nil} 21 %define cvs %{nil}
22 %define release 2 22 %define release 2
23%else 23%else
@@ -364,4 +364,4 @@ fi
364* Mon Jan 01 1998 ... 364* Mon Jan 01 1998 ...
365Template Version: 1.31 365Template Version: 1.31
366 366
367$Id: openssh.spec,v 1.39.2.2 2003/03/21 04:52:56 tim Exp $ 367$Id: openssh.spec,v 1.42 2003/04/01 11:46:53 djm Exp $
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index f71c0b261..7488357fb 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 3.6p1 1%define ver 3.6.1p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 55de013dc..194dbb7d1 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
1Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 1Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
2Name: openssh 2Name: openssh
3Version: 3.6p1 3Version: 3.6.1p1
4URL: http://www.openssh.com/ 4URL: http://www.openssh.com/
5Release: 1 5Release: 1
6Source0: openssh-%{version}.tar.gz 6Source0: openssh-%{version}.tar.gz
diff --git a/debian/changelog b/debian/changelog
index 532567f8d..cc9ad5184 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
1openssh (1:3.6.1p1-1) unstable; urgency=low
2
3 * New upstream release (thanks, Laurence J. Lane).
4 * debian/control: ssh-askpass-gnome is now Section: gnome, following the
5 override file.
6
7 -- Colin Watson <cjwatson@debian.org> Wed, 2 Apr 2003 00:51:02 +0100
8
1openssh (1:3.6p1-1) unstable; urgency=low 9openssh (1:3.6p1-1) unstable; urgency=low
2 10
3 * New upstream release. 11 * New upstream release.
diff --git a/debian/control b/debian/control
index 5a69855e2..1cfb93d58 100644
--- a/debian/control
+++ b/debian/control
@@ -33,7 +33,7 @@ Description: Secure rlogin/rsh/rcp replacement (OpenSSH)
33 be illegal to use any encryption at all without a special permit. 33 be illegal to use any encryption at all without a special permit.
34 34
35Package: ssh-askpass-gnome 35Package: ssh-askpass-gnome
36Section: x11 36Section: gnome
37Priority: optional 37Priority: optional
38Architecture: any 38Architecture: any
39Depends: ${shlibs:Depends}, ssh (>=1:1.2pre7-4) | ssh-krb5 39Depends: ${shlibs:Depends}, ssh (>=1:1.2pre7-4) | ssh-krb5
diff --git a/kex.c b/kex.c
index 2c1cacfec..b070ccf42 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kex.c,v 1.54 2003/02/16 17:09:57 markus Exp $"); 26RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $");
27 27
28#include <openssl/crypto.h> 28#include <openssl/crypto.h>
29 29
@@ -392,7 +392,8 @@ kex_choose_conf(Kex *kex)
392 kex->we_need = need; 392 kex->we_need = need;
393 393
394 /* ignore the next message if the proposals do not match */ 394 /* ignore the next message if the proposals do not match */
395 if (first_kex_follows && !proposals_match(my, peer)) { 395 if (first_kex_follows && !proposals_match(my, peer) &&
396 !(datafellows & SSH_BUG_FIRSTKEX)) {
396 type = packet_read(); 397 type = packet_read();
397 debug2("skipping next packet (type %u)", type); 398 debug2("skipping next packet (type %u)", type);
398 } 399 }
diff --git a/monitor.c b/monitor.c
index 3d7dcaf86..bcd007e60 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor.c,v 1.34 2003/03/23 19:02:00 markus Exp $"); 28RCSID("$OpenBSD: monitor.c,v 1.36 2003/04/01 10:22:21 markus Exp $");
29 29
30#include <openssl/dh.h> 30#include <openssl/dh.h>
31 31
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 1395a32f4..c9714138a 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor_wrap.c,v 1.22 2003/02/16 17:30:33 markus Exp $"); 28RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $");
29 29
30#include <openssl/bn.h> 30#include <openssl/bn.h>
31#include <openssl/dh.h> 31#include <openssl/dh.h>
diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h
index 68947c92f..a09954f2f 100644
--- a/openbsd-compat/bsd-cray.h
+++ b/openbsd-compat/bsd-cray.h
@@ -1,5 +1,5 @@
1/* 1/*
2 * $Id: bsd-cray.h,v 1.6.2.1 2003/03/21 01:07:45 mouring Exp $ 2 * $Id: bsd-cray.h,v 1.7 2003/03/21 01:05:38 mouring Exp $
3 * 3 *
4 * bsd-cray.h 4 * bsd-cray.h
5 * 5 *
diff --git a/openbsd-compat/bsd-getpeereid.c b/openbsd-compat/bsd-getpeereid.c
index 3f554e72a..bcda2c155 100644
--- a/openbsd-compat/bsd-getpeereid.c
+++ b/openbsd-compat/bsd-getpeereid.c
@@ -24,7 +24,7 @@
24 24
25#include "includes.h" 25#include "includes.h"
26 26
27RCSID("$Id: bsd-getpeereid.c,v 1.1.4.1 2003/03/26 05:02:47 djm Exp $"); 27RCSID("$Id: bsd-getpeereid.c,v 1.2 2003/03/24 22:07:52 djm Exp $");
28 28
29#if !defined(HAVE_GETPEEREID) 29#if !defined(HAVE_GETPEEREID)
30 30
diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c
index 1c72ea61d..2f82180d1 100644
--- a/openbsd-compat/bsd-snprintf.c
+++ b/openbsd-compat/bsd-snprintf.c
@@ -1,3 +1,10 @@
1/*
2 * Copyright Patrick Powell 1995
3 * This code is based on code written by Patrick Powell (papowell@astart.com)
4 * It may be used for any purpose as long as this notice remains intact
5 * on all source code distributions
6 */
7
1/************************************************************** 8/**************************************************************
2 * Original: 9 * Original:
3 * Patrick Powell Tue Apr 11 09:48:21 PDT 1995 10 * Patrick Powell Tue Apr 11 09:48:21 PDT 1995
@@ -51,7 +58,7 @@
51 58
52#include "includes.h" 59#include "includes.h"
53 60
54RCSID("$Id: bsd-snprintf.c,v 1.5 2001/02/25 23:20:41 mouring Exp $"); 61RCSID("$Id: bsd-snprintf.c,v 1.6 2003/04/01 11:31:56 djm Exp $");
55 62
56#if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ 63#if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */
57# undef HAVE_SNPRINTF 64# undef HAVE_SNPRINTF
diff --git a/openbsd-compat/fake-getaddrinfo.c b/openbsd-compat/fake-getaddrinfo.c
index bc58f30a6..e63bda970 100644
--- a/openbsd-compat/fake-getaddrinfo.c
+++ b/openbsd-compat/fake-getaddrinfo.c
@@ -12,7 +12,7 @@
12#include "includes.h" 12#include "includes.h"
13#include "ssh.h" 13#include "ssh.h"
14 14
15RCSID("$Id: fake-getaddrinfo.c,v 1.4.2.1 2003/03/26 05:03:06 djm Exp $"); 15RCSID("$Id: fake-getaddrinfo.c,v 1.5 2003/03/24 02:35:59 djm Exp $");
16 16
17#ifndef HAVE_GAI_STRERROR 17#ifndef HAVE_GAI_STRERROR
18char *gai_strerror(int ecode) 18char *gai_strerror(int ecode)
diff --git a/packet.c b/packet.c
index 17673f920..5866aafbf 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.102 2002/12/10 19:47:14 markus Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
41 41
42#include "xmalloc.h" 42#include "xmalloc.h"
43#include "buffer.h" 43#include "buffer.h"
diff --git a/packet.h b/packet.h
index 483472d50..7ff2812fe 100644
--- a/packet.h
+++ b/packet.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.h,v 1.35 2002/06/19 18:01:00 markus Exp $ */ 1/* $OpenBSD: packet.h,v 1.37 2003/04/01 10:22:21 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
diff --git a/readconf.c b/readconf.c
index c2497638f..18f7dae8a 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.102 2003/02/05 09:02:28 markus Exp $"); 15RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
diff --git a/readconf.h b/readconf.h
index 7b59878f8..6066d4635 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.44 2002/11/07 22:08:07 markus Exp $ */ 1/* $OpenBSD: readconf.h,v 1.46 2003/04/01 10:22:21 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
diff --git a/scp.1 b/scp.1
index 89ebf7089..a3ec2e0c6 100644
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
9.\" 9.\"
10.\" Created: Sun May 7 00:14:37 1995 ylo 10.\" Created: Sun May 7 00:14:37 1995 ylo
11.\" 11.\"
12.\" $OpenBSD: scp.1,v 1.26 2003/01/28 17:24:51 stevesk Exp $ 12.\" $OpenBSD: scp.1,v 1.27 2003/03/28 10:11:43 jmc Exp $
13.\" 13.\"
14.Dd September 25, 1999 14.Dd September 25, 1999
15.Dt SCP 1 15.Dt SCP 1
@@ -19,6 +19,7 @@
19.Nd secure copy (remote file copy program) 19.Nd secure copy (remote file copy program)
20.Sh SYNOPSIS 20.Sh SYNOPSIS
21.Nm scp 21.Nm scp
22.Bk -words
22.Op Fl pqrvBC1246 23.Op Fl pqrvBC1246
23.Op Fl F Ar ssh_config 24.Op Fl F Ar ssh_config
24.Op Fl S Ar program 25.Op Fl S Ar program
@@ -40,6 +41,7 @@
40.Ar host2 No : 41.Ar host2 No :
41.Oc Ar file2 42.Oc Ar file2
42.Sm on 43.Sm on
44.Ek
43.Sh DESCRIPTION 45.Sh DESCRIPTION
44.Nm 46.Nm
45copies files between hosts on a network. 47copies files between hosts on a network.
diff --git a/serverloop.c b/serverloop.c
index e66d529e9..050081018 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: serverloop.c,v 1.104 2002/09/19 16:03:15 stevesk Exp $"); 38RCSID("$OpenBSD: serverloop.c,v 1.106 2003/04/01 10:22:21 markus Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "packet.h" 41#include "packet.h"
diff --git a/sftp.0 b/sftp.0
index 1680e489c..2ebe4eb54 100644
--- a/sftp.0
+++ b/sftp.0
@@ -39,19 +39,19 @@ SFTP(1) BSD General Commands Manual SFTP(1)
39 ^[[1mM-bMM-^Ro ^[[4m^[[22mssh_option^[[0m 39 ^[[1mM-bMM-^Ro ^[[4m^[[22mssh_option^[[0m
40 Can be used to pass options to ^[[1mssh ^[[22min the format used in 40 Can be used to pass options to ^[[1mssh ^[[22min the format used in
41 ssh_config(5). This is useful for specifying options for which 41 ssh_config(5). This is useful for specifying options for which
42 there is no separate ^[[1msftp ^[[22mcommandM-bM-^@M-^Pline flag. For example, to 42 there is no separate ^[[1msftp ^[[22mcommandM-bM-^@M-^Pline flag. For example, to
43 specify an alternate port use: ^[[1msftp M-bM-^@M-^PoPort=24^[[22m. 43 specify an alternate port use: ^[[1msftp M-bM-^@M-^PoPort=24^[[22m.
44 44
45 ^[[1mM-bMM-^Rs ^[[4m^[[22msubsystem^[[24m | ^[[4msftp_server^[[0m 45 ^[[1mM-bMM-^Rs ^[[4m^[[22msubsystem^[[24m | ^[[4msftp_server^[[0m
46 Specifies the SSH2 subsystem or the path for an sftp server on 46 Specifies the SSH2 subsystem or the path for an sftp server on
47 the remote host. A path is useful for using sftp over protocol 47 the remote host. A path is useful for using sftp over protocol
48 version 1, or when the remote ^[[1msshd ^[[22mdoes not have an sftp subsysM-bM-^@M-^P 48 version 1, or when the remote ^[[1msshd ^[[22mdoes not have an sftp subsysM-bM-^@M-^P
49 tem configured. 49 tem configured.
50 50
51 ^[[1mM-bMM-^Rv ^[[22mRaise logging level. This option is also passed to ssh. 51 ^[[1mM-bMM-^Rv ^[[22mRaise logging level. This option is also passed to ssh.
52 52
53 ^[[1mM-bMM-^RB ^[[4m^[[22mbuffer_size^[[0m 53 ^[[1mM-bMM-^RB ^[[4m^[[22mbuffer_size^[[0m
54 Specify the size of the buffer that ^[[1msftp ^[[22muses when transferring 54 Specify the size of the buffer that ^[[1msftp ^[[22muses when transferring
55 files. Larger buffers require fewer round trips at the cost of 55 files. Larger buffers require fewer round trips at the cost of
56 higher memory consumption. The default is 32768 bytes. 56 higher memory consumption. The default is 32768 bytes.
57 57
diff --git a/sftp.1 b/sftp.1
index ecd4d3174..02d2c274b 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: sftp.1,v 1.40 2003/01/10 08:19:07 fgsch Exp $ 1.\" $OpenBSD: sftp.1,v 1.41 2003/03/28 10:11:43 jmc Exp $
2.\" 2.\"
3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 3.\" Copyright (c) 2001 Damien Miller. All rights reserved.
4.\" 4.\"
@@ -30,6 +30,7 @@
30.Nd Secure file transfer program 30.Nd Secure file transfer program
31.Sh SYNOPSIS 31.Sh SYNOPSIS
32.Nm sftp 32.Nm sftp
33.Bk -words
33.Op Fl vC1 34.Op Fl vC1
34.Op Fl b Ar batchfile 35.Op Fl b Ar batchfile
35.Op Fl o Ar ssh_option 36.Op Fl o Ar ssh_option
@@ -40,10 +41,15 @@
40.Op Fl R Ar num_requests 41.Op Fl R Ar num_requests
41.Op Fl S Ar program 42.Op Fl S Ar program
42.Ar host 43.Ar host
44.Ek
43.Nm sftp 45.Nm sftp
44.Op [\fIuser\fR@]\fIhost\fR[:\fIfile\fR [\fIfile\fR]] 46.Oo Oo Ar user Ns No @ Oc Ns
47.Ar host Ns Oo : Ns Ar file Oo
48.Ar file Oc Oc Oc
45.Nm sftp 49.Nm sftp
46.Op [\fIuser\fR@]\fIhost\fR[:\fIdir\fR[\fI/\fR]] 50.Oo Oo Ar user Ns No @ Oc Ns
51.Ar host Ns Oo : Ns Ar dir Ns
52.Oo Ar / Oc Oc Oc
47.Sh DESCRIPTION 53.Sh DESCRIPTION
48.Nm 54.Nm
49is an interactive file transfer program, similar to 55is an interactive file transfer program, similar to
@@ -77,13 +83,13 @@ non-interactive authentication.
77will abort if any of the following 83will abort if any of the following
78commands fail: 84commands fail:
79.Ic get , put , rename , ln , 85.Ic get , put , rename , ln ,
80.Ic rm , mkdir , chdir , ls , 86.Ic rm , mkdir , chdir , ls ,
81.Ic lchdir , chmod , chown , chgrp , lpwd 87.Ic lchdir , chmod , chown , chgrp , lpwd
82and 88and
83.Ic lmkdir . 89.Ic lmkdir .
84Termination on error can be suppressed on a command by command basis by 90Termination on error can be suppressed on a command by command basis by
85prefixing the command with a 91prefixing the command with a
86.Ic '-' 92.Ic '-'
87character (For example, 93character (For example,
88.Ic -rm /tmp/blah* 94.Ic -rm /tmp/blah*
89). 95).
@@ -95,19 +101,19 @@ in the format used in
95This is useful for specifying options 101This is useful for specifying options
96for which there is no separate 102for which there is no separate
97.Nm sftp 103.Nm sftp
98command-line flag. For example, to specify an alternate 104command-line flag. For example, to specify an alternate
99port use: 105port use:
100.Ic sftp -oPort=24 . 106.Ic sftp -oPort=24 .
101.It Fl s Ar subsystem | sftp_server 107.It Fl s Ar subsystem | sftp_server
102Specifies the SSH2 subsystem or the path for an sftp server 108Specifies the SSH2 subsystem or the path for an sftp server
103on the remote host. A path is useful for using sftp over 109on the remote host. A path is useful for using sftp over
104protocol version 1, or when the remote 110protocol version 1, or when the remote
105.Nm sshd 111.Nm sshd
106does not have an sftp subsystem configured. 112does not have an sftp subsystem configured.
107.It Fl v 113.It Fl v
108Raise logging level. This option is also passed to ssh. 114Raise logging level. This option is also passed to ssh.
109.It Fl B Ar buffer_size 115.It Fl B Ar buffer_size
110Specify the size of the buffer that 116Specify the size of the buffer that
111.Nm 117.Nm
112uses when transferring files. Larger buffers require fewer round trips at 118uses when transferring files. Larger buffers require fewer round trips at
113the cost of higher memory consumption. The default is 32768 bytes. 119the cost of higher memory consumption. The default is 32768 bytes.
diff --git a/ssh-add.0 b/ssh-add.0
index 0e2d1bca6..f8be19d53 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -43,8 +43,8 @@ SSHM-bM-^@M-^PADD(1) BSD General Commands Manual SS
43 fied in sshd_config(5). 43 fied in sshd_config(5).
44 44
45 ^[[1mM-bMM-^Rc ^[[22mIndicates that added identities should be subject to confirmation 45 ^[[1mM-bMM-^Rc ^[[22mIndicates that added identities should be subject to confirmation
46 before being used for authentication. Confirmation is performed 46 before being used for authentication. Confirmation is performed
47 by the SSH_ASKPASS program mentioned below. Successful confirmaM-bM-^@M-^P 47 by the SSH_ASKPASS program mentioned below. Successful confirmaM-bM-^@M-^P
48 tion is signaled by a zero exit status from the SSH_ASKPASS proM-bM-^@M-^P 48 tion is signaled by a zero exit status from the SSH_ASKPASS proM-bM-^@M-^P
49 gram, rather than text entered into the requester. 49 gram, rather than text entered into the requester.
50 50
diff --git a/ssh-add.1 b/ssh-add.1
index 25d7333e9..bcdb8e7f6 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-add.1,v 1.37 2003/02/10 11:51:47 markus Exp $ 1.\" $OpenBSD: ssh-add.1,v 1.38 2003/03/28 10:11:43 jmc Exp $
2.\" 2.\"
3.\" -*- nroff -*- 3.\" -*- nroff -*-
4.\" 4.\"
@@ -95,10 +95,11 @@ specified in
95.Xr sshd_config 5 . 95.Xr sshd_config 5 .
96.It Fl c 96.It Fl c
97Indicates that added identities should be subject to confirmation before 97Indicates that added identities should be subject to confirmation before
98being used for authentication. Confirmation is performed by the 98being used for authentication.
99Confirmation is performed by the
99.Ev SSH_ASKPASS 100.Ev SSH_ASKPASS
100program mentioned below. Successful confirmation is signaled by a zero 101program mentioned below.
101exit status from the 102Successful confirmation is signaled by a zero exit status from the
102.Ev SSH_ASKPASS 103.Ev SSH_ASKPASS
103program, rather than text entered into the requester. 104program, rather than text entered into the requester.
104.It Fl s Ar reader 105.It Fl s Ar reader
diff --git a/ssh-agent.1 b/ssh-agent.1
index 98f9dc80d..fde4608bb 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-agent.1,v 1.36 2003/01/21 18:14:36 marc Exp $ 1.\" $OpenBSD: ssh-agent.1,v 1.37 2003/03/28 10:11:43 jmc Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -88,7 +88,7 @@ Kill the current agent (given by the
88.Ev SSH_AGENT_PID 88.Ev SSH_AGENT_PID
89environment variable). 89environment variable).
90.It Fl t Ar life 90.It Fl t Ar life
91Set a default value for the maximum lifetime of identities added to the agent. 91Set a default value for the maximum lifetime of identities added to the agent.
92The lifetime may be specified in seconds or in a time format specified in 92The lifetime may be specified in seconds or in a time format specified in
93.Xr sshd 8 . 93.Xr sshd 8 .
94A lifetime specified for an identity with 94A lifetime specified for an identity with
@@ -96,7 +96,8 @@ A lifetime specified for an identity with
96overrides this value. 96overrides this value.
97Without this option the default maximum lifetime is forever. 97Without this option the default maximum lifetime is forever.
98.It Fl d 98.It Fl d
99Debug mode. When this option is specified 99Debug mode.
100When this option is specified
100.Nm 101.Nm
101will not fork. 102will not fork.
102.El 103.El
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 78fdb496a..000e8ff2a 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.55 2002/11/26 02:35:30 stevesk Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.56 2003/03/28 10:11:43 jmc Exp $
2.\" 2.\"
3.\" -*- nroff -*- 3.\" -*- nroff -*-
4.\" 4.\"
@@ -45,12 +45,14 @@
45.Nd authentication key generation, management and conversion 45.Nd authentication key generation, management and conversion
46.Sh SYNOPSIS 46.Sh SYNOPSIS
47.Nm ssh-keygen 47.Nm ssh-keygen
48.Bk -words
48.Op Fl q 49.Op Fl q
49.Op Fl b Ar bits 50.Op Fl b Ar bits
50.Fl t Ar type 51.Fl t Ar type
51.Op Fl N Ar new_passphrase 52.Op Fl N Ar new_passphrase
52.Op Fl C Ar comment 53.Op Fl C Ar comment
53.Op Fl f Ar output_keyfile 54.Op Fl f Ar output_keyfile
55.Ek
54.Nm ssh-keygen 56.Nm ssh-keygen
55.Fl p 57.Fl p
56.Op Fl P Ar old_passphrase 58.Op Fl P Ar old_passphrase
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 2f33ddf20..f6596c481 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keyscan.1,v 1.14 2002/02/13 08:33:47 mpech Exp $ 1.\" $OpenBSD: ssh-keyscan.1,v 1.15 2003/03/28 10:11:43 jmc Exp $
2.\" 2.\"
3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4.\" 4.\"
@@ -14,6 +14,7 @@
14.Nd gather ssh public keys 14.Nd gather ssh public keys
15.Sh SYNOPSIS 15.Sh SYNOPSIS
16.Nm ssh-keyscan 16.Nm ssh-keyscan
17.Bk -words
17.Op Fl v46 18.Op Fl v46
18.Op Fl p Ar port 19.Op Fl p Ar port
19.Op Fl T Ar timeout 20.Op Fl T Ar timeout
@@ -21,10 +22,12 @@
21.Op Fl f Ar file 22.Op Fl f Ar file
22.Op Ar host | addrlist namelist 23.Op Ar host | addrlist namelist
23.Op Ar ... 24.Op Ar ...
25.Ek
24.Sh DESCRIPTION 26.Sh DESCRIPTION
25.Nm 27.Nm
26is a utility for gathering the public ssh host keys of a number of 28is a utility for gathering the public ssh host keys of a number of
27hosts. It was designed to aid in building and verifying 29hosts.
30It was designed to aid in building and verifying
28.Pa ssh_known_hosts 31.Pa ssh_known_hosts
29files. 32files.
30.Nm 33.Nm
@@ -33,9 +36,11 @@ scripts.
33.Pp 36.Pp
34.Nm 37.Nm
35uses non-blocking socket I/O to contact as many hosts as possible in 38uses non-blocking socket I/O to contact as many hosts as possible in
36parallel, so it is very efficient. The keys from a domain of 1,000 39parallel, so it is very efficient.
40The keys from a domain of 1,000
37hosts can be collected in tens of seconds, even when some of those 41hosts can be collected in tens of seconds, even when some of those
38hosts are down or do not run ssh. For scanning, one does not need 42hosts are down or do not run ssh.
43For scanning, one does not need
39login access to the machines that are being scanned, nor does the 44login access to the machines that are being scanned, nor does the
40scanning process involve any encryption. 45scanning process involve any encryption.
41.Pp 46.Pp
@@ -44,12 +49,13 @@ The options are as follows:
44.It Fl p Ar port 49.It Fl p Ar port
45Port to connect to on the remote host. 50Port to connect to on the remote host.
46.It Fl T Ar timeout 51.It Fl T Ar timeout
47Set the timeout for connection attempts. If 52Set the timeout for connection attempts.
53If
48.Pa timeout 54.Pa timeout
49seconds have elapsed since a connection was initiated to a host or since the 55seconds have elapsed since a connection was initiated to a host or since the
50last time anything was read from that host, then the connection is 56last time anything was read from that host, then the connection is
51closed and the host in question considered unavailable. Default is 5 57closed and the host in question considered unavailable.
52seconds. 58Default is 5 seconds.
53.It Fl t Ar type 59.It Fl t Ar type
54Specifies the type of the key to fetch from the scanned hosts. 60Specifies the type of the key to fetch from the scanned hosts.
55The possible values are 61The possible values are
diff --git a/ssh-keysign.8 b/ssh-keysign.8
index 99d373406..2e3f8ff3e 100644
--- a/ssh-keysign.8
+++ b/ssh-keysign.8
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keysign.8,v 1.5 2002/11/24 21:46:24 stevesk Exp $ 1.\" $OpenBSD: ssh-keysign.8,v 1.6 2003/03/28 10:11:43 jmc Exp $
2.\" 2.\"
3.\" Copyright (c) 2002 Markus Friedl. All rights reserved. 3.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
4.\" 4.\"
@@ -62,8 +62,8 @@ Controls whether
62is enabled. 62is enabled.
63.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key 63.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
64These files contain the private parts of the host keys used to 64These files contain the private parts of the host keys used to
65generate the digital signature. They 65generate the digital signature.
66should be owned by root, readable only by root, and not 66They should be owned by root, readable only by root, and not
67accessible to others. 67accessible to others.
68Since they are readable only by root, 68Since they are readable only by root,
69.Nm 69.Nm
diff --git a/ssh.0 b/ssh.0
index 8fcd2a3d0..7bf7d6210 100644
--- a/ssh.0
+++ b/ssh.0
@@ -8,8 +8,8 @@ SSH(1) BSD General Commands Manual SSH(1)
8 8
9 ^[[1mssh ^[[22m[^[[1mM-bMM-^RafgknqstvxACNTX1246^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbind_address^[[24m] [^[[1mM-bMM-^Rc ^[[4m^[[22mcipher_spec^[[24m] 9 ^[[1mssh ^[[22m[^[[1mM-bMM-^RafgknqstvxACNTX1246^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbind_address^[[24m] [^[[1mM-bMM-^Rc ^[[4m^[[22mcipher_spec^[[24m]
10 [^[[1mM-bMM-^Re ^[[4m^[[22mescape_char^[[24m] [^[[1mM-bMM-^Ri ^[[4m^[[22midentity_file^[[24m] [^[[1mM-bMM-^Rl ^[[4m^[[22mlogin_name^[[24m] [^[[1mM-bMM-^Rm ^[[4m^[[22mmac_spec^[[24m] 10 [^[[1mM-bMM-^Re ^[[4m^[[22mescape_char^[[24m] [^[[1mM-bMM-^Ri ^[[4m^[[22midentity_file^[[24m] [^[[1mM-bMM-^Rl ^[[4m^[[22mlogin_name^[[24m] [^[[1mM-bMM-^Rm ^[[4m^[[22mmac_spec^[[24m]
11 [^[[1mM-bMM-^Ro ^[[4m^[[22moption^[[24m] [^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[24m] [^[[1mM-bMM-^RF ^[[4m^[[22mconfigfile^[[24m] [^[[1mM-bMM-^RL ^[[4m^[[22mport^[[24m:^[[4mhost^[[24m:^[[4mhostport^[[24m] [^[[1mM-bMM-^RR^[[0m 11 [^[[1mM-bMM-^Ro ^[[4m^[[22moption^[[24m] [^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[24m] [^[[1mM-bMM-^RF ^[[4m^[[22mconfigfile^[[24m] [^[[1mM-bMM-^RL ^[[4m^[[22mport^[[24m:^[[4mhost^[[24m:^[[4mhostport^[[24m]
12 ^[[4mport^[[24m:^[[4mhost^[[24m:^[[4mhostport^[[24m] [^[[1mM-bMM-^RD ^[[4m^[[22mport^[[24m] ^[[4mhostname^[[24m | ^[[4muser@hostname^[[24m [^[[4mcommand^[[24m] 12 [^[[1mM-bMM-^RR ^[[4m^[[22mport^[[24m:^[[4mhost^[[24m:^[[4mhostport^[[24m] [^[[1mM-bMM-^RD ^[[4m^[[22mport^[[24m] ^[[4mhostname^[[24m | ^[[4muser@hostname^[[24m [^[[4mcommand^[[24m]
13 13
14^[[1mDESCRIPTION^[[0m 14^[[1mDESCRIPTION^[[0m
15 ^[[1mssh ^[[22m(SSH client) is a program for logging into a remote machine and for 15 ^[[1mssh ^[[22m(SSH client) is a program for logging into a remote machine and for
diff --git a/ssh.1 b/ssh.1
index ed2cbecb5..86c1f0bb1 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.167 2002/09/27 15:46:21 stevesk Exp $ 37.\" $OpenBSD: ssh.1,v 1.168 2003/03/28 10:11:43 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
@@ -48,6 +48,7 @@
48.Op Ar command 48.Op Ar command
49.Pp 49.Pp
50.Nm ssh 50.Nm ssh
51.Bk -words
51.Op Fl afgknqstvxACNTX1246 52.Op Fl afgknqstvxACNTX1246
52.Op Fl b Ar bind_address 53.Op Fl b Ar bind_address
53.Op Fl c Ar cipher_spec 54.Op Fl c Ar cipher_spec
@@ -66,6 +67,8 @@
66.Sm on 67.Sm on
67.Xc 68.Xc
68.Oc 69.Oc
70.Ek
71.Bk -words
69.Oo Fl R Xo 72.Oo Fl R Xo
70.Sm off 73.Sm off
71.Ar port : 74.Ar port :
@@ -77,6 +80,7 @@
77.Op Fl D Ar port 80.Op Fl D Ar port
78.Ar hostname | user@hostname 81.Ar hostname | user@hostname
79.Op Ar command 82.Op Ar command
83.Ek
80.Sh DESCRIPTION 84.Sh DESCRIPTION
81.Nm 85.Nm
82(SSH client) is a program for logging into a remote machine and for 86(SSH client) is a program for logging into a remote machine and for
@@ -361,7 +365,7 @@ variable is set to
361.Fl A 365.Fl A
362and 366and
363.Fl a 367.Fl a
364options described later) and 368options described later) and
365the user is using an authentication agent, the connection to the agent 369the user is using an authentication agent, the connection to the agent
366is automatically forwarded to the remote side. 370is automatically forwarded to the remote side.
367.Pp 371.Pp
@@ -403,10 +407,11 @@ Disables forwarding of the authentication agent connection.
403Enables forwarding of the authentication agent connection. 407Enables forwarding of the authentication agent connection.
404This can also be specified on a per-host basis in a configuration file. 408This can also be specified on a per-host basis in a configuration file.
405.Pp 409.Pp
406Agent forwarding should be enabled with caution. Users with the 410Agent forwarding should be enabled with caution.
407ability to bypass file permissions on the remote host (for the agent's 411Users with the ability to bypass file permissions on the remote host
408Unix-domain socket) can access the local agent through the forwarded 412(for the agent's Unix-domain socket)
409connection. An attacker cannot obtain key material from the agent, 413can access the local agent through the forwarded connection.
414An attacker cannot obtain key material from the agent,
410however they can perform operations on the keys that enable them to 415however they can perform operations on the keys that enable them to
411authenticate using the identities loaded into the agent. 416authenticate using the identities loaded into the agent.
412.It Fl b Ar bind_address 417.It Fl b Ar bind_address
@@ -428,8 +433,8 @@ is only supported in the
428client for interoperability with legacy protocol 1 implementations 433client for interoperability with legacy protocol 1 implementations
429that do not support the 434that do not support the
430.Ar 3des 435.Ar 3des
431cipher. Its use is strongly discouraged due to cryptographic 436cipher.
432weaknesses. 437Its use is strongly discouraged due to cryptographic weaknesses.
433.It Fl c Ar cipher_spec 438.It Fl c Ar cipher_spec
434Additionally, for protocol version 2 a comma-separated list of ciphers can 439Additionally, for protocol version 2 a comma-separated list of ciphers can
435be specified in order of preference. 440be specified in order of preference.
@@ -570,11 +575,11 @@ Disables X11 forwarding.
570Enables X11 forwarding. 575Enables X11 forwarding.
571This can also be specified on a per-host basis in a configuration file. 576This can also be specified on a per-host basis in a configuration file.
572.Pp 577.Pp
573X11 forwarding should be enabled with caution. Users with the ability 578X11 forwarding should be enabled with caution.
574to bypass file permissions on the remote host (for the user's X 579Users with the ability to bypass file permissions on the remote host
575authorization database) can access the local X11 display through the 580(for the user's X authorization database)
576forwarded connection. An attacker may then be able to perform 581can access the local X11 display through the forwarded connection.
577activities such as keystroke monitoring. 582An attacker may then be able to perform activities such as keystroke monitoring.
578.It Fl C 583.It Fl C
579Requests compression of all data (including stdin, stdout, stderr, and 584Requests compression of all data (including stdin, stdout, stderr, and
580data for forwarded X11 and TCP/IP connections). 585data for forwarded X11 and TCP/IP connections).
@@ -641,7 +646,8 @@ This works by allocating a socket to listen to
641on the local side, and whenever a connection is made to this port, the 646on the local side, and whenever a connection is made to this port, the
642connection is forwarded over the secure channel, and the application 647connection is forwarded over the secure channel, and the application
643protocol is then used to determine where to connect to from the 648protocol is then used to determine where to connect to from the
644remote machine. Currently the SOCKS4 protocol is supported, and 649remote machine.
650Currently the SOCKS4 protocol is supported, and
645.Nm 651.Nm
646will act as a SOCKS4 server. 652will act as a SOCKS4 server.
647Only root can forward privileged ports. 653Only root can forward privileged ports.
diff --git a/ssh_config.5 b/ssh_config.5
index 20bba1502..15b36f273 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.6 2003/02/06 09:27:29 markus Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.7 2003/03/28 10:11:43 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
@@ -183,8 +183,8 @@ is only supported in the
183client for interoperability with legacy protocol 1 implementations 183client for interoperability with legacy protocol 1 implementations
184that do not support the 184that do not support the
185.Ar 3des 185.Ar 3des
186cipher. Its use is strongly discouraged due to cryptographic 186cipher.
187weaknesses. 187Its use is strongly discouraged due to cryptographic weaknesses.
188The default is 188The default is
189.Dq 3des . 189.Dq 3des .
190.It Cm Ciphers 190.It Cm Ciphers
@@ -200,7 +200,8 @@ The default is
200.It Cm ClearAllForwardings 200.It Cm ClearAllForwardings
201Specifies that all local, remote and dynamic port forwardings 201Specifies that all local, remote and dynamic port forwardings
202specified in the configuration files or on the command line be 202specified in the configuration files or on the command line be
203cleared. This option is primarily useful when used from the 203cleared.
204This option is primarily useful when used from the
204.Nm ssh 205.Nm ssh
205command line to clear port forwardings set in 206command line to clear port forwardings set in
206configuration files, and is automatically set by 207configuration files, and is automatically set by
@@ -237,13 +238,14 @@ The default is 1.
237Specifies that a TCP/IP port on the local machine be forwarded 238Specifies that a TCP/IP port on the local machine be forwarded
238over the secure channel, and the application 239over the secure channel, and the application
239protocol is then used to determine where to connect to from the 240protocol is then used to determine where to connect to from the
240remote machine. The argument must be a port number. 241remote machine.
242The argument must be a port number.
241Currently the SOCKS4 protocol is supported, and 243Currently the SOCKS4 protocol is supported, and
242.Nm ssh 244.Nm ssh
243will act as a SOCKS4 server. 245will act as a SOCKS4 server.
244Multiple forwardings may be specified, and 246Multiple forwardings may be specified, and
245additional forwardings can be given on the command line. Only 247additional forwardings can be given on the command line.
246the superuser can forward privileged ports. 248Only the superuser can forward privileged ports.
247.It Cm EscapeChar 249.It Cm EscapeChar
248Sets the escape character (default: 250Sets the escape character (default:
249.Ql ~ ) . 251.Ql ~ ) .
@@ -266,10 +268,11 @@ or
266The default is 268The default is
267.Dq no . 269.Dq no .
268.Pp 270.Pp
269Agent forwarding should be enabled with caution. Users with the 271Agent forwarding should be enabled with caution.
270ability to bypass file permissions on the remote host (for the agent's 272Users with the ability to bypass file permissions on the remote host
271Unix-domain socket) can access the local agent through the forwarded 273(for the agent's Unix-domain socket)
272connection. An attacker cannot obtain key material from the agent, 274can access the local agent through the forwarded connection.
275An attacker cannot obtain key material from the agent,
273however they can perform operations on the keys that enable them to 276however they can perform operations on the keys that enable them to
274authenticate using the identities loaded into the agent. 277authenticate using the identities loaded into the agent.
275.It Cm ForwardX11 278.It Cm ForwardX11
@@ -284,18 +287,18 @@ or
284The default is 287The default is
285.Dq no . 288.Dq no .
286.Pp 289.Pp
287X11 forwarding should be enabled with caution. Users with the ability 290X11 forwarding should be enabled with caution.
288to bypass file permissions on the remote host (for the user's X 291Users with the ability to bypass file permissions on the remote host
289authorization database) can access the local X11 display through the 292(for the user's X authorization database)
290forwarded connection. An attacker may then be able to perform 293can access the local X11 display through the forwarded connection.
291activities such as keystroke monitoring. 294An attacker may then be able to perform activities such as keystroke monitoring.
292.It Cm GatewayPorts 295.It Cm GatewayPorts
293Specifies whether remote hosts are allowed to connect to local 296Specifies whether remote hosts are allowed to connect to local
294forwarded ports. 297forwarded ports.
295By default, 298By default,
296.Nm ssh 299.Nm ssh
297binds local port forwardings to the loopback address. This 300binds local port forwardings to the loopback address.
298prevents other remote hosts from connecting to forwarded ports. 301This prevents other remote hosts from connecting to forwarded ports.
299.Cm GatewayPorts 302.Cm GatewayPorts
300can be used to specify that 303can be used to specify that
301.Nm ssh 304.Nm ssh
@@ -407,8 +410,9 @@ Gives the verbosity level that is used when logging messages from
407.Nm ssh . 410.Nm ssh .
408The possible values are: 411The possible values are:
409QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. 412QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
410The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 413The default is INFO.
411and DEBUG3 each specify higher levels of verbose output. 414DEBUG and DEBUG1 are equivalent.
415DEBUG2 and DEBUG3 each specify higher levels of verbose output.
412.It Cm MACs 416.It Cm MACs
413Specifies the MAC (message authentication code) algorithms 417Specifies the MAC (message authentication code) algorithms
414in order of preference. 418in order of preference.
@@ -493,8 +497,8 @@ somewhere.
493Host key management will be done using the 497Host key management will be done using the
494HostName of the host being connected (defaulting to the name typed by 498HostName of the host being connected (defaulting to the name typed by
495the user). 499the user).
496Setting the command to 500Setting the command to
497.Dq none 501.Dq none
498disables this option entirely. 502disables this option entirely.
499Note that 503Note that
500.Cm CheckHostIP 504.Cm CheckHostIP
diff --git a/sshconnect2.c b/sshconnect2.c
index 1f92f0296..642b34b9e 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.112 2003/03/05 22:33:43 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.114 2003/04/01 10:22:21 markus Exp $");
27 27
28#include "ssh.h" 28#include "ssh.h"
29#include "ssh2.h" 29#include "ssh2.h"
diff --git a/sshd_config.5 b/sshd_config.5
index 23ac0e96d..6f38a260a 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.14 2003/01/23 08:58:47 jmc Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.15 2003/03/28 10:11:43 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
@@ -211,8 +211,8 @@ Specifies whether remote hosts are allowed to connect to ports
211forwarded for the client. 211forwarded for the client.
212By default, 212By default,
213.Nm sshd 213.Nm sshd
214binds remote port forwardings to the loopback address. This 214binds remote port forwardings to the loopback address.
215prevents other remote hosts from connecting to forwarded ports. 215This prevents other remote hosts from connecting to forwarded ports.
216.Cm GatewayPorts 216.Cm GatewayPorts
217can be used to specify that 217can be used to specify that
218.Nm sshd 218.Nm sshd
@@ -370,7 +370,8 @@ is not specified,
370will listen on the address and all prior 370will listen on the address and all prior
371.Cm Port 371.Cm Port
372options specified. The default is to listen on all local 372options specified. The default is to listen on all local
373addresses. Multiple 373addresses.
374Multiple
374.Cm ListenAddress 375.Cm ListenAddress
375options are permitted. Additionally, any 376options are permitted. Additionally, any
376.Cm Port 377.Cm Port
@@ -385,10 +386,10 @@ Gives the verbosity level that is used when logging messages from
385.Nm sshd . 386.Nm sshd .
386The possible values are: 387The possible values are:
387QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. 388QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
388The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 389The default is INFO.
389and DEBUG3 each specify higher levels of debugging output. 390DEBUG and DEBUG1 are equivalent.
390Logging with a DEBUG level violates the privacy of users 391DEBUG2 and DEBUG3 each specify higher levels of debugging output.
391and is not recommended. 392Logging with a DEBUG level violates the privacy of users and is not recommended.
392.It Cm MACs 393.It Cm MACs
393Specifies the available MAC (message authentication code) algorithms. 394Specifies the available MAC (message authentication code) algorithms.
394The MAC algorithm is used in protocol version 2 395The MAC algorithm is used in protocol version 2
@@ -599,16 +600,18 @@ will be disabled because
599.Xr login 1 600.Xr login 1
600does not know how to handle 601does not know how to handle
601.Xr xauth 1 602.Xr xauth 1
602cookies. If 603cookies.
604If
603.Cm UsePrivilegeSeparation 605.Cm UsePrivilegeSeparation
604is specified, it will be disabled after authentication. 606is specified, it will be disabled after authentication.
605.It Cm UsePrivilegeSeparation 607.It Cm UsePrivilegeSeparation
606Specifies whether 608Specifies whether
607.Nm sshd 609.Nm sshd
608separates privileges by creating an unprivileged child process 610separates privileges by creating an unprivileged child process
609to deal with incoming network traffic. After successful authentication, 611to deal with incoming network traffic.
610another process will be created that has the privilege of the authenticated 612After successful authentication, another process will be created that has
611user. The goal of privilege separation is to prevent privilege 613the privilege of the authenticated user.
614The goal of privilege separation is to prevent privilege
612escalation by containing any corruption within the unprivileged processes. 615escalation by containing any corruption within the unprivileged processes.
613The default is 616The default is
614.Dq yes . 617.Dq yes .
@@ -666,7 +669,8 @@ is enabled.
666Specifies whether 669Specifies whether
667.Nm sshd 670.Nm sshd
668should bind the X11 forwarding server to the loopback address or to 671should bind the X11 forwarding server to the loopback address or to
669the wildcard address. By default, 672the wildcard address.
673By default,
670.Nm sshd 674.Nm sshd
671binds the forwarding server to the loopback address and sets the 675binds the forwarding server to the loopback address and sets the
672hostname part of the 676hostname part of the
diff --git a/version.h b/version.h
index 380e35907..75a2b2554 100644
--- a/version.h
+++ b/version.h
@@ -1,3 +1,3 @@
1/* $OpenBSD: version.h,v 1.36 2003/03/17 11:43:47 markus Exp $ */ 1/* $OpenBSD: version.h,v 1.37 2003/04/01 10:56:46 markus Exp $ */
2 2
3#define SSH_VERSION "OpenSSH_3.6p1" 3#define SSH_VERSION "OpenSSH_3.6.1p1"