diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-09-12 18:35:30 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-09-12 18:35:30 +0000 |
commit | 594e20389490bf91724dc903cb9aaa92d037b7a4 (patch) | |
tree | 8bcf855dccd896ee87ae815aeeb80f87d6035e08 | |
parent | edc0cf26d11d708320ade92e066d4f3e84e20112 (diff) |
- deraadt@cvs.openbsd.org 2001/09/05 06:23:07
[scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1]
avoid first person in manual pages
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | scp.1 | 6 | ||||
-rw-r--r-- | sftp.1 | 6 | ||||
-rw-r--r-- | ssh-agent.1 | 8 | ||||
-rw-r--r-- | ssh-keygen.1 | 12 | ||||
-rw-r--r-- | ssh-keyscan.1 | 18 | ||||
-rw-r--r-- | ssh.1 | 36 | ||||
-rw-r--r-- | sshd.8 | 26 |
8 files changed, 60 insertions, 57 deletions
@@ -80,6 +80,9 @@ | |||
80 | - stevesk@cvs.openbsd.org 2001/09/03 20:58:33 | 80 | - stevesk@cvs.openbsd.org 2001/09/03 20:58:33 |
81 | [readconf.c readconf.h ssh.c] | 81 | [readconf.c readconf.h ssh.c] |
82 | fatal() for nonexistent -Fssh_config. ok markus@ | 82 | fatal() for nonexistent -Fssh_config. ok markus@ |
83 | - deraadt@cvs.openbsd.org 2001/09/05 06:23:07 | ||
84 | [scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1] | ||
85 | avoid first person in manual pages | ||
83 | 86 | ||
84 | 20010815 | 87 | 20010815 |
85 | - (bal) Fixed stray code in readconf.c that went in by mistake. | 88 | - (bal) Fixed stray code in readconf.c that went in by mistake. |
@@ -6403,4 +6406,4 @@ | |||
6403 | - Wrote replacements for strlcpy and mkdtemp | 6406 | - Wrote replacements for strlcpy and mkdtemp |
6404 | - Released 1.0pre1 | 6407 | - Released 1.0pre1 |
6405 | 6408 | ||
6406 | $Id: ChangeLog,v 1.1508 2001/09/12 18:32:20 mouring Exp $ | 6409 | $Id: ChangeLog,v 1.1509 2001/09/12 18:35:30 mouring Exp $ |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sun May 7 00:14:37 1995 ylo | 10 | .\" Created: Sun May 7 00:14:37 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $OpenBSD: scp.1,v 1.17 2001/08/14 17:54:29 stevesk Exp $ | 12 | .\" $OpenBSD: scp.1,v 1.18 2001/09/05 06:23:07 deraadt Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SCP 1 | 15 | .Dt SCP 1 |
@@ -115,8 +115,8 @@ in the format used in the | |||
115 | configuration file. This is useful for specifying options | 115 | configuration file. This is useful for specifying options |
116 | for which there is no separate | 116 | for which there is no separate |
117 | .Nm scp | 117 | .Nm scp |
118 | command-line flag. For example, to force the use of protocol | 118 | command-line flag. For example, forcing the use of protocol |
119 | version 1 you may specify | 119 | version 1 is specified using |
120 | .Ic scp -oProtocol=1 . | 120 | .Ic scp -oProtocol=1 . |
121 | .It Fl 4 | 121 | .It Fl 4 |
122 | Forces | 122 | Forces |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp.1,v 1.23 2001/08/14 17:54:29 stevesk Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.24 2001/09/05 06:23:07 deraadt Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -85,8 +85,8 @@ in the format used in the | |||
85 | configuration file. This is useful for specifying options | 85 | configuration file. This is useful for specifying options |
86 | for which there is no separate | 86 | for which there is no separate |
87 | .Nm sftp | 87 | .Nm sftp |
88 | command-line flag. For example, to force the use of protocol | 88 | command-line flag. For example, forcing the use of protocol |
89 | version 1 you may specify | 89 | version 1 is specified using |
90 | .Ic sftp -oProtocol=1 . | 90 | .Ic sftp -oProtocol=1 . |
91 | .It Fl v | 91 | .It Fl v |
92 | Raise logging level. This option is also passed to ssh. | 92 | Raise logging level. This option is also passed to ssh. |
diff --git a/ssh-agent.1 b/ssh-agent.1 index 1ca33260f..00c19921c 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-agent.1,v 1.27 2001/08/23 18:02:48 stevesk Exp $ | 1 | .\" $OpenBSD: ssh-agent.1,v 1.28 2001/09/05 06:23:07 deraadt Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -116,9 +116,9 @@ remote logins, and the user can thus use the privileges given by the | |||
116 | identities anywhere in the network in a secure way. | 116 | identities anywhere in the network in a secure way. |
117 | .Pp | 117 | .Pp |
118 | There are two main ways to get an agent setup: | 118 | There are two main ways to get an agent setup: |
119 | Either you let the agent | 119 | Either the agent starts a new subcommand into which some environment |
120 | start a new subcommand into which some environment variables are exported, or | 120 | variables are exported, or the agent prints the needed shell commands |
121 | you let the agent print the needed shell commands (either | 121 | (either |
122 | .Xr sh 1 | 122 | .Xr sh 1 |
123 | or | 123 | or |
124 | .Xr csh 1 | 124 | .Xr csh 1 |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index e2d41141a..e24566154 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.48 2001/08/02 15:07:23 jakob Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.49 2001/09/05 06:23:07 deraadt Exp $ |
2 | .\" | 2 | .\" |
3 | .\" -*- nroff -*- | 3 | .\" -*- nroff -*- |
4 | .\" | 4 | .\" |
@@ -89,7 +89,7 @@ generates, manages and converts authentication keys for | |||
89 | defaults to generating a RSA1 key for use by SSH protocol version 1. | 89 | defaults to generating a RSA1 key for use by SSH protocol version 1. |
90 | Specifying the | 90 | Specifying the |
91 | .Fl t | 91 | .Fl t |
92 | option allows you to create a key for use by SSH protocol version 2. | 92 | option instead creates a key for use by SSH protocol version 2. |
93 | .Pp | 93 | .Pp |
94 | Normally each user wishing to use SSH | 94 | Normally each user wishing to use SSH |
95 | with RSA or DSA authentication runs this once to create the authentication | 95 | with RSA or DSA authentication runs this once to create the authentication |
@@ -121,7 +121,7 @@ option. | |||
121 | .Pp | 121 | .Pp |
122 | There is no way to recover a lost passphrase. | 122 | There is no way to recover a lost passphrase. |
123 | If the passphrase is | 123 | If the passphrase is |
124 | lost or forgotten, you will have to generate a new key and copy the | 124 | lost or forgotten, a new key must be generated and copied to the |
125 | corresponding public key to other machines. | 125 | corresponding public key to other machines. |
126 | .Pp | 126 | .Pp |
127 | For RSA1 keys, | 127 | For RSA1 keys, |
@@ -228,7 +228,7 @@ Contains the protocol version 1 RSA public key for authentication. | |||
228 | The contents of this file should be added to | 228 | The contents of this file should be added to |
229 | .Pa $HOME/.ssh/authorized_keys | 229 | .Pa $HOME/.ssh/authorized_keys |
230 | on all machines | 230 | on all machines |
231 | where you wish to log in using RSA authentication. | 231 | where the user wishes to log in using RSA authentication. |
232 | There is no need to keep the contents of this file secret. | 232 | There is no need to keep the contents of this file secret. |
233 | .It Pa $HOME/.ssh/id_dsa | 233 | .It Pa $HOME/.ssh/id_dsa |
234 | Contains the protocol version 2 DSA authentication identity of the user. | 234 | Contains the protocol version 2 DSA authentication identity of the user. |
@@ -246,7 +246,7 @@ Contains the protocol version 2 DSA public key for authentication. | |||
246 | The contents of this file should be added to | 246 | The contents of this file should be added to |
247 | .Pa $HOME/.ssh/authorized_keys | 247 | .Pa $HOME/.ssh/authorized_keys |
248 | on all machines | 248 | on all machines |
249 | where you wish to log in using public key authentication. | 249 | where the user wishes to log in using public key authentication. |
250 | There is no need to keep the contents of this file secret. | 250 | There is no need to keep the contents of this file secret. |
251 | .It Pa $HOME/.ssh/id_rsa | 251 | .It Pa $HOME/.ssh/id_rsa |
252 | Contains the protocol version 2 RSA authentication identity of the user. | 252 | Contains the protocol version 2 RSA authentication identity of the user. |
@@ -264,7 +264,7 @@ Contains the protocol version 2 RSA public key for authentication. | |||
264 | The contents of this file should be added to | 264 | The contents of this file should be added to |
265 | .Pa $HOME/.ssh/authorized_keys | 265 | .Pa $HOME/.ssh/authorized_keys |
266 | on all machines | 266 | on all machines |
267 | where you wish to log in using public key authentication. | 267 | where the user wishes to log in using public key authentication. |
268 | There is no need to keep the contents of this file secret. | 268 | There is no need to keep the contents of this file secret. |
269 | .El | 269 | .El |
270 | .Sh AUTHORS | 270 | .Sh AUTHORS |
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 1a358b338..17f73406e 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keyscan.1,v 1.11 2001/08/23 18:08:59 stevesk Exp $ | 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.12 2001/09/05 06:23:07 deraadt Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | .\" | 4 | .\" |
@@ -35,9 +35,9 @@ scripts. | |||
35 | uses non-blocking socket I/O to contact as many hosts as possible in | 35 | uses non-blocking socket I/O to contact as many hosts as possible in |
36 | parallel, so it is very efficient. The keys from a domain of 1,000 | 36 | parallel, so it is very efficient. The keys from a domain of 1,000 |
37 | hosts can be collected in tens of seconds, even when some of those | 37 | hosts can be collected in tens of seconds, even when some of those |
38 | hosts are down or do not run ssh. You do not need login access to the | 38 | hosts are down or do not run ssh. For scanning, one does not need |
39 | machines you are scanning, nor does the scanning process involve | 39 | login access to the machines that are being scanned, nor does the |
40 | any encryption. | 40 | scanning process involve any encryption. |
41 | .Pp | 41 | .Pp |
42 | The options are as follows: | 42 | The options are as follows: |
43 | .Bl -tag -width Ds | 43 | .Bl -tag -width Ds |
@@ -88,15 +88,15 @@ Forces | |||
88 | to use IPv6 addresses only. | 88 | to use IPv6 addresses only. |
89 | .El | 89 | .El |
90 | .Sh SECURITY | 90 | .Sh SECURITY |
91 | If you make an ssh_known_hosts file using | 91 | If a ssh_known_hosts file is constructed using |
92 | .Nm | 92 | .Nm |
93 | without verifying the keys, you will be vulnerable to | 93 | without verifying the keys, users will be vulnerable to |
94 | .I man in the middle | 94 | .I man in the middle |
95 | attacks. | 95 | attacks. |
96 | On the other hand, if your security model allows such a risk, | 96 | On the other hand, if the security model allows such a risk, |
97 | .Nm | 97 | .Nm |
98 | can help you detect tampered keyfiles or man in the middle attacks which | 98 | can help in the detection of tampered keyfiles or man in the middle |
99 | have begun after you created your ssh_known_hosts file. | 99 | attacks which have begun after the ssh_known_hosts file was created. |
100 | .Sh EXAMPLES | 100 | .Sh EXAMPLES |
101 | .Pp | 101 | .Pp |
102 | Print the | 102 | Print the |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.136 2001/08/30 16:04:35 stevesk Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.137 2001/09/05 06:23:07 deraadt Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -495,7 +495,7 @@ needs to ask for a password or passphrase; see also the | |||
495 | option.) | 495 | option.) |
496 | .It Fl N | 496 | .It Fl N |
497 | Do not execute a remote command. | 497 | Do not execute a remote command. |
498 | This is useful if you just want to forward ports | 498 | This is useful for just forwarding ports |
499 | (protocol version 2 only). | 499 | (protocol version 2 only). |
500 | .It Fl o Ar option | 500 | .It Fl o Ar option |
501 | Can be used to give options in the format used in the configuration file. | 501 | Can be used to give options in the format used in the configuration file. |
@@ -507,7 +507,7 @@ This can be specified on a | |||
507 | per-host basis in the configuration file. | 507 | per-host basis in the configuration file. |
508 | .It Fl P | 508 | .It Fl P |
509 | Use a non-privileged port for outgoing connections. | 509 | Use a non-privileged port for outgoing connections. |
510 | This can be used if your firewall does | 510 | This can be used if a firewall does |
511 | not permit connections from privileged ports. | 511 | not permit connections from privileged ports. |
512 | Note that this option turns off | 512 | Note that this option turns off |
513 | .Cm RhostsAuthentication | 513 | .Cm RhostsAuthentication |
@@ -711,8 +711,8 @@ This option applies to protocol version 1 only. | |||
711 | If set to | 711 | If set to |
712 | .Dq yes , | 712 | .Dq yes , |
713 | passphrase/password querying will be disabled. | 713 | passphrase/password querying will be disabled. |
714 | This option is useful in scripts and other batch jobs where you have no | 714 | This option is useful in scripts and other batch jobs where no user |
715 | user to supply the password. | 715 | is present to supply the password. |
716 | The argument must be | 716 | The argument must be |
717 | .Dq yes | 717 | .Dq yes |
718 | or | 718 | or |
@@ -890,7 +890,7 @@ Specifies an alias that should be used instead of the | |||
890 | real host name when looking up or saving the host key | 890 | real host name when looking up or saving the host key |
891 | in the host key database files. | 891 | in the host key database files. |
892 | This option is useful for tunneling ssh connections | 892 | This option is useful for tunneling ssh connections |
893 | or if you have multiple servers running on a single host. | 893 | or for multiple servers running on a single host. |
894 | .It Cm HostName | 894 | .It Cm HostName |
895 | Specifies the real host name to log into. | 895 | Specifies the real host name to log into. |
896 | This can be used to specify nicknames or abbreviations for hosts. | 896 | This can be used to specify nicknames or abbreviations for hosts. |
@@ -1109,11 +1109,11 @@ If this flag is set to | |||
1109 | will never automatically add host keys to the | 1109 | will never automatically add host keys to the |
1110 | .Pa $HOME/.ssh/known_hosts | 1110 | .Pa $HOME/.ssh/known_hosts |
1111 | file, and refuses to connect to hosts whose host key has changed. | 1111 | file, and refuses to connect to hosts whose host key has changed. |
1112 | This provides maximum protection against trojan horse attacks. | 1112 | This provides maximum protection against trojan horse attacks, |
1113 | However, it can be somewhat annoying if you don't have good | 1113 | however, can be annoying when the |
1114 | .Pa /etc/ssh_known_hosts | 1114 | .Pa /etc/ssh_known_hosts |
1115 | files installed and frequently | 1115 | file is poorly maintained, or connections to new hosts are |
1116 | connect to new hosts. | 1116 | frequently made. |
1117 | This option forces the user to manually | 1117 | This option forces the user to manually |
1118 | add all new hosts. | 1118 | add all new hosts. |
1119 | If this flag is set to | 1119 | If this flag is set to |
@@ -1145,16 +1145,16 @@ or | |||
1145 | .Dq no . | 1145 | .Dq no . |
1146 | The default is | 1146 | The default is |
1147 | .Dq no . | 1147 | .Dq no . |
1148 | Note that you need to set this option to | 1148 | Note that this option must be set to |
1149 | .Dq yes | 1149 | .Dq yes |
1150 | if you want to use | 1150 | if |
1151 | .Cm RhostsAuthentication | 1151 | .Cm RhostsAuthentication |
1152 | and | 1152 | and |
1153 | .Cm RhostsRSAAuthentication | 1153 | .Cm RhostsRSAAuthentication |
1154 | with older servers. | 1154 | authentications are needed with older servers. |
1155 | .It Cm User | 1155 | .It Cm User |
1156 | Specifies the user to log in as. | 1156 | Specifies the user to log in as. |
1157 | This can be useful if you have a different user name on different machines. | 1157 | This can be useful when a different user name is used on different machines. |
1158 | This saves the trouble of | 1158 | This saves the trouble of |
1159 | having to remember to give the user name on the command line. | 1159 | having to remember to give the user name on the command line. |
1160 | .It Cm UserKnownHostsFile | 1160 | .It Cm UserKnownHostsFile |
@@ -1302,7 +1302,7 @@ The contents of the | |||
1302 | file should be added to | 1302 | file should be added to |
1303 | .Pa $HOME/.ssh/authorized_keys | 1303 | .Pa $HOME/.ssh/authorized_keys |
1304 | on all machines | 1304 | on all machines |
1305 | where you wish to log in using protocol version 1 RSA authentication. | 1305 | where the user wishes to log in using protocol version 1 RSA authentication. |
1306 | The contents of the | 1306 | The contents of the |
1307 | .Pa $HOME/.ssh/id_dsa.pub | 1307 | .Pa $HOME/.ssh/id_dsa.pub |
1308 | and | 1308 | and |
@@ -1310,7 +1310,7 @@ and | |||
1310 | file should be added to | 1310 | file should be added to |
1311 | .Pa $HOME/.ssh/authorized_keys | 1311 | .Pa $HOME/.ssh/authorized_keys |
1312 | on all machines | 1312 | on all machines |
1313 | where you wish to log in using protocol version 2 DSA/RSA authentication. | 1313 | where the user wishes to log in using protocol version 2 DSA/RSA authentication. |
1314 | These files are not | 1314 | These files are not |
1315 | sensitive and can (but need not) be readable by anyone. | 1315 | sensitive and can (but need not) be readable by anyone. |
1316 | These files are | 1316 | These files are |
@@ -1388,9 +1388,9 @@ Note that by default | |||
1388 | .Xr sshd 8 | 1388 | .Xr sshd 8 |
1389 | will be installed so that it requires successful RSA host | 1389 | will be installed so that it requires successful RSA host |
1390 | authentication before permitting \s+2.\s0rhosts authentication. | 1390 | authentication before permitting \s+2.\s0rhosts authentication. |
1391 | If your server machine does not have the client's host key in | 1391 | If the server machine does not have the client's host key in |
1392 | .Pa /etc/ssh_known_hosts , | 1392 | .Pa /etc/ssh_known_hosts , |
1393 | you can store it in | 1393 | it can be stored in |
1394 | .Pa $HOME/.ssh/known_hosts . | 1394 | .Pa $HOME/.ssh/known_hosts . |
1395 | The easiest way to do this is to | 1395 | The easiest way to do this is to |
1396 | connect back to the client from the server machine using ssh; this | 1396 | connect back to the client from the server machine using ssh; this |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.146 2001/08/30 20:36:34 stevesk Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.147 2001/09/05 06:23:07 deraadt Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -325,7 +325,7 @@ and | |||
325 | .Ql ? | 325 | .Ql ? |
326 | can be used as | 326 | can be used as |
327 | wildcards in the patterns. | 327 | wildcards in the patterns. |
328 | Only group names are valid; a numerical group ID isn't recognized. | 328 | Only group names are valid; a numerical group ID is not recognized. |
329 | By default login is allowed regardless of the group list. | 329 | By default login is allowed regardless of the group list. |
330 | .Pp | 330 | .Pp |
331 | .It Cm AllowTcpForwarding | 331 | .It Cm AllowTcpForwarding |
@@ -346,10 +346,10 @@ and | |||
346 | .Ql ? | 346 | .Ql ? |
347 | can be used as | 347 | can be used as |
348 | wildcards in the patterns. | 348 | wildcards in the patterns. |
349 | Only user names are valid; a numerical user ID isn't recognized. | 349 | Only user names are valid; a numerical user ID is not recognized. |
350 | By default login is allowed regardless of the user name. | 350 | By default login is allowed regardless of the user name. |
351 | If the pattern takes the form USER@HOST then USER and HOST | 351 | If the pattern takes the form USER@HOST then USER and HOST |
352 | are separately checked, allowing you to restrict logins to particular | 352 | are separately checked, restricting logins to particular |
353 | users from particular hosts. | 353 | users from particular hosts. |
354 | .Pp | 354 | .Pp |
355 | .It Cm AuthorizedKeysFile | 355 | .It Cm AuthorizedKeysFile |
@@ -408,13 +408,13 @@ to note that the use of client alive messages is very different from | |||
408 | encrypted channel and therefore will not be spoofable. The TCP keepalive | 408 | encrypted channel and therefore will not be spoofable. The TCP keepalive |
409 | option enabled by | 409 | option enabled by |
410 | .Cm Keepalive | 410 | .Cm Keepalive |
411 | is spoofable. You want to use the client | 411 | is spoofable. The client alive mechanism is valuable when the client or |
412 | alive mechanism when you are basing something important on | 412 | server depend on knowing when a connection has become inactive. |
413 | clients having an active connection to the server. | ||
414 | .Pp | 413 | .Pp |
415 | The default value is 3. If you set | 414 | The default value is 3. If |
416 | .Cm ClientAliveInterval | 415 | .Cm ClientAliveInterval |
417 | (above) to 15, and leave this value at the default, unresponsive ssh clients | 416 | (above) is set to 15, and |
417 | .Cm Keepalive is left at the default, unresponsive ssh clients | ||
418 | will be disconnected after approximately 45 seconds. | 418 | will be disconnected after approximately 45 seconds. |
419 | .It Cm DenyGroups | 419 | .It Cm DenyGroups |
420 | This keyword can be followed by a number of group names, separated | 420 | This keyword can be followed by a number of group names, separated |
@@ -426,7 +426,7 @@ and | |||
426 | .Ql ? | 426 | .Ql ? |
427 | can be used as | 427 | can be used as |
428 | wildcards in the patterns. | 428 | wildcards in the patterns. |
429 | Only group names are valid; a numerical group ID isn't recognized. | 429 | Only group names are valid; a numerical group ID is not recognized. |
430 | By default login is allowed regardless of the group list. | 430 | By default login is allowed regardless of the group list. |
431 | .Pp | 431 | .Pp |
432 | .It Cm DenyUsers | 432 | .It Cm DenyUsers |
@@ -437,7 +437,7 @@ Login is disallowed for user names that match one of the patterns. | |||
437 | and | 437 | and |
438 | .Ql ? | 438 | .Ql ? |
439 | can be used as wildcards in the patterns. | 439 | can be used as wildcards in the patterns. |
440 | Only user names are valid; a numerical user ID isn't recognized. | 440 | Only user names are valid; a numerical user ID is not recognized. |
441 | By default login is allowed regardless of the user name. | 441 | By default login is allowed regardless of the user name. |
442 | .It Cm GatewayPorts | 442 | .It Cm GatewayPorts |
443 | Specifies whether remote hosts are allowed to connect to ports | 443 | Specifies whether remote hosts are allowed to connect to ports |
@@ -998,8 +998,8 @@ authentication. | |||
998 | The command supplied by the user (if any) is ignored. | 998 | The command supplied by the user (if any) is ignored. |
999 | The command is run on a pty if the connection requests a pty; | 999 | The command is run on a pty if the connection requests a pty; |
1000 | otherwise it is run without a tty. | 1000 | otherwise it is run without a tty. |
1001 | Note that if you want a 8-bit clean channel, | 1001 | If a 8-bit clean channel is required, |
1002 | you must not request a pty or should specify | 1002 | one must not request a pty or should specify |
1003 | .Cm no-pty . | 1003 | .Cm no-pty . |
1004 | A quote may be included in the command by quoting it with a backslash. | 1004 | A quote may be included in the command by quoting it with a backslash. |
1005 | This option might be useful | 1005 | This option might be useful |