diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-08-03 02:43:41 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-08-03 14:27:59 +1000 |
commit | a8732d74cb8e72f0c6366015687f1e649f60be87 (patch) | |
tree | b2d792042a526741fed21539ec6490629792b1d3 | |
parent | ab9105470a83ed5d8197959a1b1f367399958ba1 (diff) |
upstream: allow -A to explicitly enable agent forwarding in scp and
sftp. The default remains to not forward an agent, even when ssh_config
enables it. ok jmc dtucker markus
OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
-rw-r--r-- | scp.1 | 11 | ||||
-rw-r--r-- | scp.c | 11 | ||||
-rw-r--r-- | sftp.1 | 11 | ||||
-rw-r--r-- | sftp.c | 11 |
4 files changed, 30 insertions, 14 deletions
@@ -8,9 +8,9 @@ | |||
8 | .\" | 8 | .\" |
9 | .\" Created: Sun May 7 00:14:37 1995 ylo | 9 | .\" Created: Sun May 7 00:14:37 1995 ylo |
10 | .\" | 10 | .\" |
11 | .\" $OpenBSD: scp.1,v 1.89 2020/04/30 18:28:37 jmc Exp $ | 11 | .\" $OpenBSD: scp.1,v 1.90 2020/08/03 02:43:41 djm Exp $ |
12 | .\" | 12 | .\" |
13 | .Dd $Mdocdate: April 30 2020 $ | 13 | .Dd $Mdocdate: August 3 2020 $ |
14 | .Dt SCP 1 | 14 | .Dt SCP 1 |
15 | .Os | 15 | .Os |
16 | .Sh NAME | 16 | .Sh NAME |
@@ -18,7 +18,7 @@ | |||
18 | .Nd OpenSSH secure file copy | 18 | .Nd OpenSSH secure file copy |
19 | .Sh SYNOPSIS | 19 | .Sh SYNOPSIS |
20 | .Nm scp | 20 | .Nm scp |
21 | .Op Fl 346BCpqrTv | 21 | .Op Fl 346ABCpqrTv |
22 | .Op Fl c Ar cipher | 22 | .Op Fl c Ar cipher |
23 | .Op Fl F Ar ssh_config | 23 | .Op Fl F Ar ssh_config |
24 | .Op Fl i Ar identity_file | 24 | .Op Fl i Ar identity_file |
@@ -86,6 +86,11 @@ to use IPv4 addresses only. | |||
86 | Forces | 86 | Forces |
87 | .Nm | 87 | .Nm |
88 | to use IPv6 addresses only. | 88 | to use IPv6 addresses only. |
89 | .It Fl A | ||
90 | Allows forwarding of | ||
91 | .Xr ssh-agent 1 | ||
92 | to the remote system. | ||
93 | The default is not to forward an authentication agent. | ||
89 | .It Fl B | 94 | .It Fl B |
90 | Selects batch mode (prevents asking for passwords or passphrases). | 95 | Selects batch mode (prevents asking for passwords or passphrases). |
91 | .It Fl C | 96 | .It Fl C |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: scp.c,v 1.211 2020/05/29 21:22:02 millert Exp $ */ | 1 | /* $OpenBSD: scp.c,v 1.212 2020/08/03 02:43:41 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
4 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
@@ -425,7 +425,6 @@ main(int argc, char **argv) | |||
425 | args.list = remote_remote_args.list = NULL; | 425 | args.list = remote_remote_args.list = NULL; |
426 | addargs(&args, "%s", ssh_program); | 426 | addargs(&args, "%s", ssh_program); |
427 | addargs(&args, "-x"); | 427 | addargs(&args, "-x"); |
428 | addargs(&args, "-oForwardAgent=no"); | ||
429 | addargs(&args, "-oPermitLocalCommand=no"); | 428 | addargs(&args, "-oPermitLocalCommand=no"); |
430 | addargs(&args, "-oClearAllForwardings=yes"); | 429 | addargs(&args, "-oClearAllForwardings=yes"); |
431 | addargs(&args, "-oRemoteCommand=none"); | 430 | addargs(&args, "-oRemoteCommand=none"); |
@@ -433,7 +432,7 @@ main(int argc, char **argv) | |||
433 | 432 | ||
434 | fflag = Tflag = tflag = 0; | 433 | fflag = Tflag = tflag = 0; |
435 | while ((ch = getopt(argc, argv, | 434 | while ((ch = getopt(argc, argv, |
436 | "dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) { | 435 | "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:")) != -1) { |
437 | switch (ch) { | 436 | switch (ch) { |
438 | /* User-visible flags. */ | 437 | /* User-visible flags. */ |
439 | case '1': | 438 | case '1': |
@@ -442,6 +441,7 @@ main(int argc, char **argv) | |||
442 | case '2': | 441 | case '2': |
443 | /* Ignored */ | 442 | /* Ignored */ |
444 | break; | 443 | break; |
444 | case 'A': | ||
445 | case '4': | 445 | case '4': |
446 | case '6': | 446 | case '6': |
447 | case 'C': | 447 | case 'C': |
@@ -523,6 +523,9 @@ main(int argc, char **argv) | |||
523 | argc -= optind; | 523 | argc -= optind; |
524 | argv += optind; | 524 | argv += optind; |
525 | 525 | ||
526 | /* Do this last because we want the user to be able to override it */ | ||
527 | addargs(&args, "-oForwardAgent=no"); | ||
528 | |||
526 | if ((pwd = getpwuid(userid = getuid())) == NULL) | 529 | if ((pwd = getpwuid(userid = getuid())) == NULL) |
527 | fatal("unknown user %u", (u_int) userid); | 530 | fatal("unknown user %u", (u_int) userid); |
528 | 531 | ||
@@ -1593,7 +1596,7 @@ void | |||
1593 | usage(void) | 1596 | usage(void) |
1594 | { | 1597 | { |
1595 | (void) fprintf(stderr, | 1598 | (void) fprintf(stderr, |
1596 | "usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" | 1599 | "usage: scp [-346ABCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" |
1597 | " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" | 1600 | " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" |
1598 | " [-S program] source ... target\n"); | 1601 | " [-S program] source ... target\n"); |
1599 | exit(1); | 1602 | exit(1); |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp.1,v 1.131 2020/04/23 21:28:09 jmc Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.132 2020/08/03 02:43:41 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: April 23 2020 $ | 25 | .Dd $Mdocdate: August 3 2020 $ |
26 | .Dt SFTP 1 | 26 | .Dt SFTP 1 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -30,7 +30,7 @@ | |||
30 | .Nd OpenSSH secure file transfer | 30 | .Nd OpenSSH secure file transfer |
31 | .Sh SYNOPSIS | 31 | .Sh SYNOPSIS |
32 | .Nm sftp | 32 | .Nm sftp |
33 | .Op Fl 46aCfNpqrv | 33 | .Op Fl 46AaCfNpqrv |
34 | .Op Fl B Ar buffer_size | 34 | .Op Fl B Ar buffer_size |
35 | .Op Fl b Ar batchfile | 35 | .Op Fl b Ar batchfile |
36 | .Op Fl c Ar cipher | 36 | .Op Fl c Ar cipher |
@@ -104,6 +104,11 @@ to use IPv4 addresses only. | |||
104 | Forces | 104 | Forces |
105 | .Nm | 105 | .Nm |
106 | to use IPv6 addresses only. | 106 | to use IPv6 addresses only. |
107 | .It Fl A | ||
108 | Allows forwarding of | ||
109 | .Xr ssh-agent 1 | ||
110 | to the remote system. | ||
111 | The default is not to forward an authentication agent. | ||
107 | .It Fl a | 112 | .It Fl a |
108 | Attempt to continue interrupted transfers rather than overwriting | 113 | Attempt to continue interrupted transfers rather than overwriting |
109 | existing partial or complete copies of files. | 114 | existing partial or complete copies of files. |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp.c,v 1.200 2020/04/03 05:53:52 jmc Exp $ */ | 1 | /* $OpenBSD: sftp.c,v 1.201 2020/08/03 02:43:41 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -2363,7 +2363,7 @@ usage(void) | |||
2363 | extern char *__progname; | 2363 | extern char *__progname; |
2364 | 2364 | ||
2365 | fprintf(stderr, | 2365 | fprintf(stderr, |
2366 | "usage: %s [-46aCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" | 2366 | "usage: %s [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" |
2367 | " [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n" | 2367 | " [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n" |
2368 | " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" | 2368 | " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" |
2369 | " [-R num_requests] [-S program] [-s subsystem | sftp_server]\n" | 2369 | " [-R num_requests] [-S program] [-s subsystem | sftp_server]\n" |
@@ -2401,7 +2401,6 @@ main(int argc, char **argv) | |||
2401 | args.list = NULL; | 2401 | args.list = NULL; |
2402 | addargs(&args, "%s", ssh_program); | 2402 | addargs(&args, "%s", ssh_program); |
2403 | addargs(&args, "-oForwardX11 no"); | 2403 | addargs(&args, "-oForwardX11 no"); |
2404 | addargs(&args, "-oForwardAgent no"); | ||
2405 | addargs(&args, "-oPermitLocalCommand no"); | 2404 | addargs(&args, "-oPermitLocalCommand no"); |
2406 | addargs(&args, "-oClearAllForwardings yes"); | 2405 | addargs(&args, "-oClearAllForwardings yes"); |
2407 | 2406 | ||
@@ -2409,9 +2408,10 @@ main(int argc, char **argv) | |||
2409 | infile = stdin; | 2408 | infile = stdin; |
2410 | 2409 | ||
2411 | while ((ch = getopt(argc, argv, | 2410 | while ((ch = getopt(argc, argv, |
2412 | "1246afhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) { | 2411 | "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) { |
2413 | switch (ch) { | 2412 | switch (ch) { |
2414 | /* Passed through to ssh(1) */ | 2413 | /* Passed through to ssh(1) */ |
2414 | case 'A': | ||
2415 | case '4': | 2415 | case '4': |
2416 | case '6': | 2416 | case '6': |
2417 | case 'C': | 2417 | case 'C': |
@@ -2511,6 +2511,9 @@ main(int argc, char **argv) | |||
2511 | } | 2511 | } |
2512 | } | 2512 | } |
2513 | 2513 | ||
2514 | /* Do this last because we want the user to be able to override it */ | ||
2515 | addargs(&args, "-oForwardAgent no"); | ||
2516 | |||
2514 | if (!isatty(STDERR_FILENO)) | 2517 | if (!isatty(STDERR_FILENO)) |
2515 | showprogress = 0; | 2518 | showprogress = 0; |
2516 | 2519 | ||