diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-08-03 02:43:41 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-08-03 14:27:59 +1000 |
| commit | a8732d74cb8e72f0c6366015687f1e649f60be87 (patch) | |
| tree | b2d792042a526741fed21539ec6490629792b1d3 | |
| parent | ab9105470a83ed5d8197959a1b1f367399958ba1 (diff) | |
upstream: allow -A to explicitly enable agent forwarding in scp and
sftp. The default remains to not forward an agent, even when ssh_config
enables it. ok jmc dtucker markus
OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
| -rw-r--r-- | scp.1 | 11 | ||||
| -rw-r--r-- | scp.c | 11 | ||||
| -rw-r--r-- | sftp.1 | 11 | ||||
| -rw-r--r-- | sftp.c | 11 |
4 files changed, 30 insertions, 14 deletions
| @@ -8,9 +8,9 @@ | |||
| 8 | .\" | 8 | .\" |
| 9 | .\" Created: Sun May 7 00:14:37 1995 ylo | 9 | .\" Created: Sun May 7 00:14:37 1995 ylo |
| 10 | .\" | 10 | .\" |
| 11 | .\" $OpenBSD: scp.1,v 1.89 2020/04/30 18:28:37 jmc Exp $ | 11 | .\" $OpenBSD: scp.1,v 1.90 2020/08/03 02:43:41 djm Exp $ |
| 12 | .\" | 12 | .\" |
| 13 | .Dd $Mdocdate: April 30 2020 $ | 13 | .Dd $Mdocdate: August 3 2020 $ |
| 14 | .Dt SCP 1 | 14 | .Dt SCP 1 |
| 15 | .Os | 15 | .Os |
| 16 | .Sh NAME | 16 | .Sh NAME |
| @@ -18,7 +18,7 @@ | |||
| 18 | .Nd OpenSSH secure file copy | 18 | .Nd OpenSSH secure file copy |
| 19 | .Sh SYNOPSIS | 19 | .Sh SYNOPSIS |
| 20 | .Nm scp | 20 | .Nm scp |
| 21 | .Op Fl 346BCpqrTv | 21 | .Op Fl 346ABCpqrTv |
| 22 | .Op Fl c Ar cipher | 22 | .Op Fl c Ar cipher |
| 23 | .Op Fl F Ar ssh_config | 23 | .Op Fl F Ar ssh_config |
| 24 | .Op Fl i Ar identity_file | 24 | .Op Fl i Ar identity_file |
| @@ -86,6 +86,11 @@ to use IPv4 addresses only. | |||
| 86 | Forces | 86 | Forces |
| 87 | .Nm | 87 | .Nm |
| 88 | to use IPv6 addresses only. | 88 | to use IPv6 addresses only. |
| 89 | .It Fl A | ||
| 90 | Allows forwarding of | ||
| 91 | .Xr ssh-agent 1 | ||
| 92 | to the remote system. | ||
| 93 | The default is not to forward an authentication agent. | ||
| 89 | .It Fl B | 94 | .It Fl B |
| 90 | Selects batch mode (prevents asking for passwords or passphrases). | 95 | Selects batch mode (prevents asking for passwords or passphrases). |
| 91 | .It Fl C | 96 | .It Fl C |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: scp.c,v 1.211 2020/05/29 21:22:02 millert Exp $ */ | 1 | /* $OpenBSD: scp.c,v 1.212 2020/08/03 02:43:41 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
| 4 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
| @@ -425,7 +425,6 @@ main(int argc, char **argv) | |||
| 425 | args.list = remote_remote_args.list = NULL; | 425 | args.list = remote_remote_args.list = NULL; |
| 426 | addargs(&args, "%s", ssh_program); | 426 | addargs(&args, "%s", ssh_program); |
| 427 | addargs(&args, "-x"); | 427 | addargs(&args, "-x"); |
| 428 | addargs(&args, "-oForwardAgent=no"); | ||
| 429 | addargs(&args, "-oPermitLocalCommand=no"); | 428 | addargs(&args, "-oPermitLocalCommand=no"); |
| 430 | addargs(&args, "-oClearAllForwardings=yes"); | 429 | addargs(&args, "-oClearAllForwardings=yes"); |
| 431 | addargs(&args, "-oRemoteCommand=none"); | 430 | addargs(&args, "-oRemoteCommand=none"); |
| @@ -433,7 +432,7 @@ main(int argc, char **argv) | |||
| 433 | 432 | ||
| 434 | fflag = Tflag = tflag = 0; | 433 | fflag = Tflag = tflag = 0; |
| 435 | while ((ch = getopt(argc, argv, | 434 | while ((ch = getopt(argc, argv, |
| 436 | "dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) { | 435 | "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:")) != -1) { |
| 437 | switch (ch) { | 436 | switch (ch) { |
| 438 | /* User-visible flags. */ | 437 | /* User-visible flags. */ |
| 439 | case '1': | 438 | case '1': |
| @@ -442,6 +441,7 @@ main(int argc, char **argv) | |||
| 442 | case '2': | 441 | case '2': |
| 443 | /* Ignored */ | 442 | /* Ignored */ |
| 444 | break; | 443 | break; |
| 444 | case 'A': | ||
| 445 | case '4': | 445 | case '4': |
| 446 | case '6': | 446 | case '6': |
| 447 | case 'C': | 447 | case 'C': |
| @@ -523,6 +523,9 @@ main(int argc, char **argv) | |||
| 523 | argc -= optind; | 523 | argc -= optind; |
| 524 | argv += optind; | 524 | argv += optind; |
| 525 | 525 | ||
| 526 | /* Do this last because we want the user to be able to override it */ | ||
| 527 | addargs(&args, "-oForwardAgent=no"); | ||
| 528 | |||
| 526 | if ((pwd = getpwuid(userid = getuid())) == NULL) | 529 | if ((pwd = getpwuid(userid = getuid())) == NULL) |
| 527 | fatal("unknown user %u", (u_int) userid); | 530 | fatal("unknown user %u", (u_int) userid); |
| 528 | 531 | ||
| @@ -1593,7 +1596,7 @@ void | |||
| 1593 | usage(void) | 1596 | usage(void) |
| 1594 | { | 1597 | { |
| 1595 | (void) fprintf(stderr, | 1598 | (void) fprintf(stderr, |
| 1596 | "usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" | 1599 | "usage: scp [-346ABCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" |
| 1597 | " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" | 1600 | " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" |
| 1598 | " [-S program] source ... target\n"); | 1601 | " [-S program] source ... target\n"); |
| 1599 | exit(1); | 1602 | exit(1); |
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: sftp.1,v 1.131 2020/04/23 21:28:09 jmc Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.132 2020/08/03 02:43:41 djm Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
| 4 | .\" | 4 | .\" |
| @@ -22,7 +22,7 @@ | |||
| 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 24 | .\" | 24 | .\" |
| 25 | .Dd $Mdocdate: April 23 2020 $ | 25 | .Dd $Mdocdate: August 3 2020 $ |
| 26 | .Dt SFTP 1 | 26 | .Dt SFTP 1 |
| 27 | .Os | 27 | .Os |
| 28 | .Sh NAME | 28 | .Sh NAME |
| @@ -30,7 +30,7 @@ | |||
| 30 | .Nd OpenSSH secure file transfer | 30 | .Nd OpenSSH secure file transfer |
| 31 | .Sh SYNOPSIS | 31 | .Sh SYNOPSIS |
| 32 | .Nm sftp | 32 | .Nm sftp |
| 33 | .Op Fl 46aCfNpqrv | 33 | .Op Fl 46AaCfNpqrv |
| 34 | .Op Fl B Ar buffer_size | 34 | .Op Fl B Ar buffer_size |
| 35 | .Op Fl b Ar batchfile | 35 | .Op Fl b Ar batchfile |
| 36 | .Op Fl c Ar cipher | 36 | .Op Fl c Ar cipher |
| @@ -104,6 +104,11 @@ to use IPv4 addresses only. | |||
| 104 | Forces | 104 | Forces |
| 105 | .Nm | 105 | .Nm |
| 106 | to use IPv6 addresses only. | 106 | to use IPv6 addresses only. |
| 107 | .It Fl A | ||
| 108 | Allows forwarding of | ||
| 109 | .Xr ssh-agent 1 | ||
| 110 | to the remote system. | ||
| 111 | The default is not to forward an authentication agent. | ||
| 107 | .It Fl a | 112 | .It Fl a |
| 108 | Attempt to continue interrupted transfers rather than overwriting | 113 | Attempt to continue interrupted transfers rather than overwriting |
| 109 | existing partial or complete copies of files. | 114 | existing partial or complete copies of files. |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sftp.c,v 1.200 2020/04/03 05:53:52 jmc Exp $ */ | 1 | /* $OpenBSD: sftp.c,v 1.201 2020/08/03 02:43:41 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
| 4 | * | 4 | * |
| @@ -2363,7 +2363,7 @@ usage(void) | |||
| 2363 | extern char *__progname; | 2363 | extern char *__progname; |
| 2364 | 2364 | ||
| 2365 | fprintf(stderr, | 2365 | fprintf(stderr, |
| 2366 | "usage: %s [-46aCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" | 2366 | "usage: %s [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" |
| 2367 | " [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n" | 2367 | " [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n" |
| 2368 | " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" | 2368 | " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" |
| 2369 | " [-R num_requests] [-S program] [-s subsystem | sftp_server]\n" | 2369 | " [-R num_requests] [-S program] [-s subsystem | sftp_server]\n" |
| @@ -2401,7 +2401,6 @@ main(int argc, char **argv) | |||
| 2401 | args.list = NULL; | 2401 | args.list = NULL; |
| 2402 | addargs(&args, "%s", ssh_program); | 2402 | addargs(&args, "%s", ssh_program); |
| 2403 | addargs(&args, "-oForwardX11 no"); | 2403 | addargs(&args, "-oForwardX11 no"); |
| 2404 | addargs(&args, "-oForwardAgent no"); | ||
| 2405 | addargs(&args, "-oPermitLocalCommand no"); | 2404 | addargs(&args, "-oPermitLocalCommand no"); |
| 2406 | addargs(&args, "-oClearAllForwardings yes"); | 2405 | addargs(&args, "-oClearAllForwardings yes"); |
| 2407 | 2406 | ||
| @@ -2409,9 +2408,10 @@ main(int argc, char **argv) | |||
| 2409 | infile = stdin; | 2408 | infile = stdin; |
| 2410 | 2409 | ||
| 2411 | while ((ch = getopt(argc, argv, | 2410 | while ((ch = getopt(argc, argv, |
| 2412 | "1246afhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) { | 2411 | "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) { |
| 2413 | switch (ch) { | 2412 | switch (ch) { |
| 2414 | /* Passed through to ssh(1) */ | 2413 | /* Passed through to ssh(1) */ |
| 2414 | case 'A': | ||
| 2415 | case '4': | 2415 | case '4': |
| 2416 | case '6': | 2416 | case '6': |
| 2417 | case 'C': | 2417 | case 'C': |
| @@ -2511,6 +2511,9 @@ main(int argc, char **argv) | |||
| 2511 | } | 2511 | } |
| 2512 | } | 2512 | } |
| 2513 | 2513 | ||
| 2514 | /* Do this last because we want the user to be able to override it */ | ||
| 2515 | addargs(&args, "-oForwardAgent no"); | ||
| 2516 | |||
| 2514 | if (!isatty(STDERR_FILENO)) | 2517 | if (!isatty(STDERR_FILENO)) |
| 2515 | showprogress = 0; | 2518 | showprogress = 0; |
| 2516 | 2519 | ||