diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-08-03 02:43:41 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-08-03 14:27:59 +1000 |
| commit | a8732d74cb8e72f0c6366015687f1e649f60be87 (patch) | |
| tree | b2d792042a526741fed21539ec6490629792b1d3 /scp.c | |
| parent | ab9105470a83ed5d8197959a1b1f367399958ba1 (diff) | |
upstream: allow -A to explicitly enable agent forwarding in scp and
sftp. The default remains to not forward an agent, even when ssh_config
enables it. ok jmc dtucker markus
OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
Diffstat (limited to 'scp.c')
| -rw-r--r-- | scp.c | 11 |
1 files changed, 7 insertions, 4 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: scp.c,v 1.211 2020/05/29 21:22:02 millert Exp $ */ | 1 | /* $OpenBSD: scp.c,v 1.212 2020/08/03 02:43:41 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
| 4 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
| @@ -425,7 +425,6 @@ main(int argc, char **argv) | |||
| 425 | args.list = remote_remote_args.list = NULL; | 425 | args.list = remote_remote_args.list = NULL; |
| 426 | addargs(&args, "%s", ssh_program); | 426 | addargs(&args, "%s", ssh_program); |
| 427 | addargs(&args, "-x"); | 427 | addargs(&args, "-x"); |
| 428 | addargs(&args, "-oForwardAgent=no"); | ||
| 429 | addargs(&args, "-oPermitLocalCommand=no"); | 428 | addargs(&args, "-oPermitLocalCommand=no"); |
| 430 | addargs(&args, "-oClearAllForwardings=yes"); | 429 | addargs(&args, "-oClearAllForwardings=yes"); |
| 431 | addargs(&args, "-oRemoteCommand=none"); | 430 | addargs(&args, "-oRemoteCommand=none"); |
| @@ -433,7 +432,7 @@ main(int argc, char **argv) | |||
| 433 | 432 | ||
| 434 | fflag = Tflag = tflag = 0; | 433 | fflag = Tflag = tflag = 0; |
| 435 | while ((ch = getopt(argc, argv, | 434 | while ((ch = getopt(argc, argv, |
| 436 | "dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) { | 435 | "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:")) != -1) { |
| 437 | switch (ch) { | 436 | switch (ch) { |
| 438 | /* User-visible flags. */ | 437 | /* User-visible flags. */ |
| 439 | case '1': | 438 | case '1': |
| @@ -442,6 +441,7 @@ main(int argc, char **argv) | |||
| 442 | case '2': | 441 | case '2': |
| 443 | /* Ignored */ | 442 | /* Ignored */ |
| 444 | break; | 443 | break; |
| 444 | case 'A': | ||
| 445 | case '4': | 445 | case '4': |
| 446 | case '6': | 446 | case '6': |
| 447 | case 'C': | 447 | case 'C': |
| @@ -523,6 +523,9 @@ main(int argc, char **argv) | |||
| 523 | argc -= optind; | 523 | argc -= optind; |
| 524 | argv += optind; | 524 | argv += optind; |
| 525 | 525 | ||
| 526 | /* Do this last because we want the user to be able to override it */ | ||
| 527 | addargs(&args, "-oForwardAgent=no"); | ||
| 528 | |||
| 526 | if ((pwd = getpwuid(userid = getuid())) == NULL) | 529 | if ((pwd = getpwuid(userid = getuid())) == NULL) |
| 527 | fatal("unknown user %u", (u_int) userid); | 530 | fatal("unknown user %u", (u_int) userid); |
| 528 | 531 | ||
| @@ -1593,7 +1596,7 @@ void | |||
| 1593 | usage(void) | 1596 | usage(void) |
| 1594 | { | 1597 | { |
| 1595 | (void) fprintf(stderr, | 1598 | (void) fprintf(stderr, |
| 1596 | "usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" | 1599 | "usage: scp [-346ABCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" |
| 1597 | " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" | 1600 | " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" |
| 1598 | " [-S program] source ... target\n"); | 1601 | " [-S program] source ... target\n"); |
| 1599 | exit(1); | 1602 | exit(1); |