- OpenBSD CVS update

- [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
author: Damien Miller <djm@mindrot.org> 2000-03-26 13:04:51 +1000
committer: Damien Miller <djm@mindrot.org> 2000-03-26 13:04:51 +1000
commit: 450a7a1ff40fe7c2d84c93b83cf2df53445d807d (patch)
tree: db6d08bdea65edd34ba2e323a31e2b1ca5e5fbd4 /ssh-agent.1
parent: 2c9279fa667827384fceb243f890cba1dbe480de (diff)
1 files changed, 30 insertions, 22 deletions
diff --git a/ssh-agent.1 b/ssh-agent.1
index b98775d90..7029b60dc 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.9 2000/01/22 02:17:50 aaron Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.10 2000/03/23 21:10:10 aaron Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -27,12 +27,13 @@
 .Oc
 .Sh DESCRIPTION 
 .Nm
-is a program to hold authentication private keys.  The
+is a program to hold authentication private keys.
-idea is that
+The idea is that
 .Nm
 is started in the beginning of an X-session or a login session, and
 all other windows or programs are started as clients to the ssh-agent
-program.  Through use of environment variables the agent can be located
+program.
+Through use of environment variables the agent can be located
 and automatically used for RSA authentication when logging in to other
 machines using
 .Xr ssh 1 .
@@ -60,30 +61,34 @@ environment variable).
 If a commandline is given, this is executed as a subprocess of the agent.
 When the command dies, so does the agent.
 .Pp
-The agent initially does not have any private keys.  Keys are added
+The agent initially does not have any private keys.
-using
+Keys are added using
 .Xr ssh-add 1 .
 When executed without arguments, 
 .Xr ssh-add 1
 adds the 
 .Pa $HOME/.ssh/identity
-file.  If the identity has a passphrase, 
+file.
+If the identity has a passphrase, 
 .Xr ssh-add 1
 asks for the passphrase (using a small X11 application if running
-under X11, or from the terminal if running without X).  It then sends
+under X11, or from the terminal if running without X).
-the identity to the agent.  Several identities can be stored in the
+It then sends the identity to the agent.
+Several identities can be stored in the
 agent; the agent can automatically use any of these identities.
 .Ic ssh-add -l
 displays the identities currently held by the agent.
 .Pp
 The idea is that the agent is run in the user's local PC, laptop, or
-terminal.  Authentication data need not be stored on any other
+terminal.
+Authentication data need not be stored on any other
 machine, and authentication passphrases never go over the network.
 However, the connection to the agent is forwarded over SSH
 remote logins, and the user can thus use the privileges given by the
 identities anywhere in the network in a secure way.
 .Pp
-There are two main ways to get an agent setup:  Either you let the agent
+There are two main ways to get an agent setup:
+Either you let the agent
 start a new subcommand into which some environment variables are exported, or
 you let the agent print the needed shell commands (either
 .Xr sh 1
@@ -99,7 +104,8 @@ A unix-domain socket is created
 and the name of this socket is stored in the
 .Ev SSH_AUTH_SOCK
 environment
-variable.  The socket is made accessible only to the current user.
+variable.
+The socket is made accessible only to the current user.
 This method is easily abused by root or another instance of the same
 user.
 .Pp
@@ -112,28 +118,30 @@ line terminates.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa $HOME/.ssh/identity
-Contains the RSA authentication identity of the user.  This file
+Contains the RSA authentication identity of the user.
-should not be readable by anyone but the user.  It is possible to
+This file should not be readable by anyone but the user.
+It is possible to
 specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file.  This file
+used to encrypt the private part of this file.
-is not used by
+This file is not used by
 .Nm
 but is normally added to the agent using
 .Xr ssh-add 1
 at login time.
 .It Pa /tmp/ssh-XXXX/agent.<pid> ,
 Unix-domain sockets used to contain the connection to the
-authentication agent.  These sockets should only be readable by the
+authentication agent.
-owner.  The sockets should get automatically removed when the agent
+These sockets should only be readable by the owner.
-exits.
+The sockets should get automatically removed when the agent exits.
 .Sh AUTHOR
 Tatu Ylonen <ylo@cs.hut.fi>
 .Pp
 OpenSSH
 is a derivative of the original (free) ssh 1.2.12 release, but with bugs
-removed and newer features re-added.   Rapidly after the 1.2.12 release,
+removed and newer features re-added.
-newer versions bore successively more restrictive licenses.  This version
+Rapidly after the 1.2.12 release,
-of OpenSSH
+newer versions bore successively more restrictive licenses.
+This version of OpenSSH
 .Bl -bullet
 .It
 has all components of a restrictive nature (i.e., patents, see
author	Damien Miller <djm@mindrot.org>	2000-03-26 13:04:51 +1000
committer	Damien Miller <djm@mindrot.org>	2000-03-26 13:04:51 +1000
commit	450a7a1ff40fe7c2d84c93b83cf2df53445d807d (patch)
tree	db6d08bdea65edd34ba2e323a31e2b1ca5e5fbd4 /ssh-agent.1
parent	2c9279fa667827384fceb243f890cba1dbe480de (diff)

diff --git a/ssh-agent.1 b/ssh-agent.1 index b98775d90..7029b60dc 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-agent.1,v 1.9 2000/01/22 02:17:50 aaron Exp $	1	.\" $OpenBSD: ssh-agent.1,v 1.10 2000/03/23 21:10:10 aaron Exp $
2	.\"	2	.\"
3	.\" -- nroff --	3	.\" -- nroff --
4	.\"	4	.\"
@@ -27,12 +27,13 @@
27	.Oc	27	.Oc
28	.Sh DESCRIPTION	28	.Sh DESCRIPTION
29	.Nm	29	.Nm
30	is a program to hold authentication private keys. The	30	is a program to hold authentication private keys.
31	idea is that	31	The idea is that
32	.Nm	32	.Nm
33	is started in the beginning of an X-session or a login session, and	33	is started in the beginning of an X-session or a login session, and
34	all other windows or programs are started as clients to the ssh-agent	34	all other windows or programs are started as clients to the ssh-agent
35	program. Through use of environment variables the agent can be located	35	program.
		36	Through use of environment variables the agent can be located
36	and automatically used for RSA authentication when logging in to other	37	and automatically used for RSA authentication when logging in to other
37	machines using	38	machines using
38	.Xr ssh 1 .	39	.Xr ssh 1 .
@@ -60,30 +61,34 @@ environment variable).
60	If a commandline is given, this is executed as a subprocess of the agent.	61	If a commandline is given, this is executed as a subprocess of the agent.
61	When the command dies, so does the agent.	62	When the command dies, so does the agent.
62	.Pp	63	.Pp
63	The agent initially does not have any private keys. Keys are added	64	The agent initially does not have any private keys.
64	using	65	Keys are added using
65	.Xr ssh-add 1 .	66	.Xr ssh-add 1 .
66	When executed without arguments,	67	When executed without arguments,
67	.Xr ssh-add 1	68	.Xr ssh-add 1
68	adds the	69	adds the
69	.Pa $HOME/.ssh/identity	70	.Pa $HOME/.ssh/identity
70	file. If the identity has a passphrase,	71	file.
		72	If the identity has a passphrase,
71	.Xr ssh-add 1	73	.Xr ssh-add 1
72	asks for the passphrase (using a small X11 application if running	74	asks for the passphrase (using a small X11 application if running
73	under X11, or from the terminal if running without X). It then sends	75	under X11, or from the terminal if running without X).
74	the identity to the agent. Several identities can be stored in the	76	It then sends the identity to the agent.
		77	Several identities can be stored in the
75	agent; the agent can automatically use any of these identities.	78	agent; the agent can automatically use any of these identities.
76	.Ic ssh-add -l	79	.Ic ssh-add -l
77	displays the identities currently held by the agent.	80	displays the identities currently held by the agent.
78	.Pp	81	.Pp
79	The idea is that the agent is run in the user's local PC, laptop, or	82	The idea is that the agent is run in the user's local PC, laptop, or
80	terminal. Authentication data need not be stored on any other	83	terminal.
		84	Authentication data need not be stored on any other
81	machine, and authentication passphrases never go over the network.	85	machine, and authentication passphrases never go over the network.
82	However, the connection to the agent is forwarded over SSH	86	However, the connection to the agent is forwarded over SSH
83	remote logins, and the user can thus use the privileges given by the	87	remote logins, and the user can thus use the privileges given by the
84	identities anywhere in the network in a secure way.	88	identities anywhere in the network in a secure way.
85	.Pp	89	.Pp
86	There are two main ways to get an agent setup: Either you let the agent	90	There are two main ways to get an agent setup:
		91	Either you let the agent
87	start a new subcommand into which some environment variables are exported, or	92	start a new subcommand into which some environment variables are exported, or
88	you let the agent print the needed shell commands (either	93	you let the agent print the needed shell commands (either
89	.Xr sh 1	94	.Xr sh 1
@@ -99,7 +104,8 @@ A unix-domain socket is created
99	and the name of this socket is stored in the	104	and the name of this socket is stored in the
100	.Ev SSH_AUTH_SOCK	105	.Ev SSH_AUTH_SOCK
101	environment	106	environment
102	variable. The socket is made accessible only to the current user.	107	variable.
		108	The socket is made accessible only to the current user.
103	This method is easily abused by root or another instance of the same	109	This method is easily abused by root or another instance of the same
104	user.	110	user.
105	.Pp	111	.Pp
@@ -112,28 +118,30 @@ line terminates.
112	.Sh FILES	118	.Sh FILES
113	.Bl -tag -width Ds	119	.Bl -tag -width Ds
114	.It Pa $HOME/.ssh/identity	120	.It Pa $HOME/.ssh/identity
115	Contains the RSA authentication identity of the user. This file	121	Contains the RSA authentication identity of the user.
116	should not be readable by anyone but the user. It is possible to	122	This file should not be readable by anyone but the user.
		123	It is possible to
117	specify a passphrase when generating the key; that passphrase will be	124	specify a passphrase when generating the key; that passphrase will be
118	used to encrypt the private part of this file. This file	125	used to encrypt the private part of this file.
119	is not used by	126	This file is not used by
120	.Nm	127	.Nm
121	but is normally added to the agent using	128	but is normally added to the agent using
122	.Xr ssh-add 1	129	.Xr ssh-add 1
123	at login time.	130	at login time.
124	.It Pa /tmp/ssh-XXXX/agent.<pid> ,	131	.It Pa /tmp/ssh-XXXX/agent.<pid> ,
125	Unix-domain sockets used to contain the connection to the	132	Unix-domain sockets used to contain the connection to the
126	authentication agent. These sockets should only be readable by the	133	authentication agent.
127	owner. The sockets should get automatically removed when the agent	134	These sockets should only be readable by the owner.
128	exits.	135	The sockets should get automatically removed when the agent exits.
129	.Sh AUTHOR	136	.Sh AUTHOR
130	Tatu Ylonen <ylo@cs.hut.fi>	137	Tatu Ylonen <ylo@cs.hut.fi>
131	.Pp	138	.Pp
132	OpenSSH	139	OpenSSH
133	is a derivative of the original (free) ssh 1.2.12 release, but with bugs	140	is a derivative of the original (free) ssh 1.2.12 release, but with bugs
134	removed and newer features re-added. Rapidly after the 1.2.12 release,	141	removed and newer features re-added.
135	newer versions bore successively more restrictive licenses. This version	142	Rapidly after the 1.2.12 release,
136	of OpenSSH	143	newer versions bore successively more restrictive licenses.
		144	This version of OpenSSH
137	.Bl -bullet	145	.Bl -bullet
138	.It	146	.It
139	has all components of a restrictive nature (i.e., patents, see	147	has all components of a restrictive nature (i.e., patents, see