diff options
author | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
commit | efd3d4522636ae029488c2e9730b60c88e257d2e (patch) | |
tree | 31e02ac3f16090ce8c53448677356b2b7f423683 /scp.c | |
parent | bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff) | |
parent | d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff) |
* New upstream release (LP: #535029).
- After a transition period of about 10 years, this release disables SSH
protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
- Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is enabled by default in the Debian
packaging, since it now doesn't involve additional library
dependencies (closes: #231472, LP: #16918).
- Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (closes: #482806).
- Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
- Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian
package, this overlaps with the key blacklisting facility added in
openssh 1:4.7p1-9, but with different file formats and slightly
different scopes; for the moment, I've roughly merged the two.)
- Various multiplexing improvements, including support for requesting
port-forwardings via the multiplex protocol (closes: #360151).
- Allow setting an explicit umask on the sftp-server(8) commandline to
override whatever default the user has (closes: #496843).
- Many sftp client improvements, including tab-completion, more options,
and recursive transfer support for get/put (LP: #33378). The old
mget/mput commands never worked properly and have been removed
(closes: #270399, #428082).
- Do not prompt for a passphrase if we fail to open a keyfile, and log
the reason why the open failed to debug (closes: #431538).
- Prevent sftp from crashing when given a "-" without a command. Also,
allow whitespace to follow a "-" (closes: #531561).
Diffstat (limited to 'scp.c')
-rw-r--r-- | scp.c | 21 |
1 files changed, 14 insertions, 7 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: scp.c,v 1.164 2008/10/10 04:55:16 stevesk Exp $ */ | 1 | /* $OpenBSD: scp.c,v 1.165 2009/12/20 07:28:36 guenther Exp $ */ |
2 | /* | 2 | /* |
3 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
4 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
@@ -252,8 +252,11 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) | |||
252 | close(pout[1]); | 252 | close(pout[1]); |
253 | 253 | ||
254 | replacearg(&args, 0, "%s", ssh_program); | 254 | replacearg(&args, 0, "%s", ssh_program); |
255 | if (remuser != NULL) | 255 | if (remuser != NULL) { |
256 | addargs(&args, "-l%s", remuser); | 256 | addargs(&args, "-l"); |
257 | addargs(&args, "%s", remuser); | ||
258 | } | ||
259 | addargs(&args, "--"); | ||
257 | addargs(&args, "%s", host); | 260 | addargs(&args, "%s", host); |
258 | addargs(&args, "%s", cmd); | 261 | addargs(&args, "%s", cmd); |
259 | 262 | ||
@@ -345,10 +348,12 @@ main(int argc, char **argv) | |||
345 | case 'c': | 348 | case 'c': |
346 | case 'i': | 349 | case 'i': |
347 | case 'F': | 350 | case 'F': |
348 | addargs(&args, "-%c%s", ch, optarg); | 351 | addargs(&args, "-%c", ch); |
352 | addargs(&args, "%s", optarg); | ||
349 | break; | 353 | break; |
350 | case 'P': | 354 | case 'P': |
351 | addargs(&args, "-p%s", optarg); | 355 | addargs(&args, "-p"); |
356 | addargs(&args, "%s", optarg); | ||
352 | break; | 357 | break; |
353 | case 'B': | 358 | case 'B': |
354 | addargs(&args, "-oBatchmode yes"); | 359 | addargs(&args, "-oBatchmode yes"); |
@@ -556,6 +561,7 @@ toremote(char *targ, int argc, char **argv) | |||
556 | } else { | 561 | } else { |
557 | host = cleanhostname(argv[i]); | 562 | host = cleanhostname(argv[i]); |
558 | } | 563 | } |
564 | addargs(&alist, "--"); | ||
559 | addargs(&alist, "%s", host); | 565 | addargs(&alist, "%s", host); |
560 | addargs(&alist, "%s", cmd); | 566 | addargs(&alist, "%s", cmd); |
561 | addargs(&alist, "%s", src); | 567 | addargs(&alist, "%s", src); |
@@ -566,7 +572,7 @@ toremote(char *targ, int argc, char **argv) | |||
566 | errs = 1; | 572 | errs = 1; |
567 | } else { /* local to remote */ | 573 | } else { /* local to remote */ |
568 | if (remin == -1) { | 574 | if (remin == -1) { |
569 | xasprintf(&bp, "%s -t %s", cmd, targ); | 575 | xasprintf(&bp, "%s -t -- %s", cmd, targ); |
570 | host = cleanhostname(thost); | 576 | host = cleanhostname(thost); |
571 | if (do_cmd(host, tuser, bp, &remin, | 577 | if (do_cmd(host, tuser, bp, &remin, |
572 | &remout) < 0) | 578 | &remout) < 0) |
@@ -599,6 +605,7 @@ tolocal(int argc, char **argv) | |||
599 | addargs(&alist, "-r"); | 605 | addargs(&alist, "-r"); |
600 | if (pflag) | 606 | if (pflag) |
601 | addargs(&alist, "-p"); | 607 | addargs(&alist, "-p"); |
608 | addargs(&alist, "--"); | ||
602 | addargs(&alist, "%s", argv[i]); | 609 | addargs(&alist, "%s", argv[i]); |
603 | addargs(&alist, "%s", argv[argc-1]); | 610 | addargs(&alist, "%s", argv[argc-1]); |
604 | if (do_local_cmd(&alist)) | 611 | if (do_local_cmd(&alist)) |
@@ -618,7 +625,7 @@ tolocal(int argc, char **argv) | |||
618 | suser = pwd->pw_name; | 625 | suser = pwd->pw_name; |
619 | } | 626 | } |
620 | host = cleanhostname(host); | 627 | host = cleanhostname(host); |
621 | xasprintf(&bp, "%s -f %s", cmd, src); | 628 | xasprintf(&bp, "%s -f -- %s", cmd, src); |
622 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) { | 629 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) { |
623 | (void) xfree(bp); | 630 | (void) xfree(bp); |
624 | ++errs; | 631 | ++errs; |