diff options
author | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
commit | efd3d4522636ae029488c2e9730b60c88e257d2e (patch) | |
tree | 31e02ac3f16090ce8c53448677356b2b7f423683 /sftp-server.8 | |
parent | bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff) | |
parent | d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff) |
* New upstream release (LP: #535029).
- After a transition period of about 10 years, this release disables SSH
protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
- Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is enabled by default in the Debian
packaging, since it now doesn't involve additional library
dependencies (closes: #231472, LP: #16918).
- Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (closes: #482806).
- Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
- Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian
package, this overlaps with the key blacklisting facility added in
openssh 1:4.7p1-9, but with different file formats and slightly
different scopes; for the moment, I've roughly merged the two.)
- Various multiplexing improvements, including support for requesting
port-forwardings via the multiplex protocol (closes: #360151).
- Allow setting an explicit umask on the sftp-server(8) commandline to
override whatever default the user has (closes: #496843).
- Many sftp client improvements, including tab-completion, more options,
and recursive transfer support for get/put (LP: #33378). The old
mget/mput commands never worked properly and have been removed
(closes: #270399, #428082).
- Do not prompt for a passphrase if we fail to open a keyfile, and log
the reason why the open failed to debug (closes: #431538).
- Prevent sftp from crashing when given a "-" without a command. Also,
allow whitespace to follow a "-" (closes: #531561).
Diffstat (limited to 'sftp-server.8')
-rw-r--r-- | sftp-server.8 | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/sftp-server.8 b/sftp-server.8 index 3667398cb..69ad8beb1 100644 --- a/sftp-server.8 +++ b/sftp-server.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp-server.8,v 1.15 2009/03/26 08:38:39 sobrado Exp $ | 1 | .\" $OpenBSD: sftp-server.8,v 1.19 2010/01/09 03:36:00 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: March 26 2009 $ | 25 | .Dd $Mdocdate: January 9 2010 $ |
26 | .Dt SFTP-SERVER 8 | 26 | .Dt SFTP-SERVER 8 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -30,8 +30,10 @@ | |||
30 | .Nd SFTP server subsystem | 30 | .Nd SFTP server subsystem |
31 | .Sh SYNOPSIS | 31 | .Sh SYNOPSIS |
32 | .Nm sftp-server | 32 | .Nm sftp-server |
33 | .Op Fl ehR | ||
33 | .Op Fl f Ar log_facility | 34 | .Op Fl f Ar log_facility |
34 | .Op Fl l Ar log_level | 35 | .Op Fl l Ar log_level |
36 | .Op Fl u Ar umask | ||
35 | .Sh DESCRIPTION | 37 | .Sh DESCRIPTION |
36 | .Nm | 38 | .Nm |
37 | is a program that speaks the server side of SFTP protocol | 39 | is a program that speaks the server side of SFTP protocol |
@@ -54,12 +56,20 @@ for more information. | |||
54 | .Pp | 56 | .Pp |
55 | Valid options are: | 57 | Valid options are: |
56 | .Bl -tag -width Ds | 58 | .Bl -tag -width Ds |
59 | .It Fl e | ||
60 | Causes | ||
61 | .Nm | ||
62 | to print logging information to stderr instead of syslog for debugging. | ||
57 | .It Fl f Ar log_facility | 63 | .It Fl f Ar log_facility |
58 | Specifies the facility code that is used when logging messages from | 64 | Specifies the facility code that is used when logging messages from |
59 | .Nm . | 65 | .Nm . |
60 | The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, | 66 | The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
61 | LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. | 67 | LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
62 | The default is AUTH. | 68 | The default is AUTH. |
69 | .It Fl h | ||
70 | Displays | ||
71 | .Nm | ||
72 | usage information. | ||
63 | .It Fl l Ar log_level | 73 | .It Fl l Ar log_level |
64 | Specifies which messages will be logged by | 74 | Specifies which messages will be logged by |
65 | .Nm . | 75 | .Nm . |
@@ -71,6 +81,17 @@ performs on behalf of the client. | |||
71 | DEBUG and DEBUG1 are equivalent. | 81 | DEBUG and DEBUG1 are equivalent. |
72 | DEBUG2 and DEBUG3 each specify higher levels of debugging output. | 82 | DEBUG2 and DEBUG3 each specify higher levels of debugging output. |
73 | The default is ERROR. | 83 | The default is ERROR. |
84 | .It Fl R | ||
85 | Places this instance of | ||
86 | .Nm | ||
87 | into a read-only mode. | ||
88 | Attempts to open files for writing, as well as other operations that change | ||
89 | the state of the filesystem, will be denied. | ||
90 | .It Fl u Ar umask | ||
91 | Sets an explicit | ||
92 | .Xr umask 2 | ||
93 | to be applied to newly-created files and directories, instead of the | ||
94 | user's default mask. | ||
74 | .El | 95 | .El |
75 | .Pp | 96 | .Pp |
76 | For logging to work, | 97 | For logging to work, |