Import openssh_7.6p1.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2017-10-04 11:23:58 +0100
committer: Colin Watson <cjwatson@debian.org> 2017-10-04 11:23:58 +0100
commit: 62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch)
tree: 3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /ssh.0
parent: 6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff)
parent: 66bf74a92131b7effe49fb0eefe5225151869dc5 (diff)
1 files changed, 35 insertions, 46 deletions
diff --git a/ssh.0 b/ssh.0
index 67ce809bb..f920dd97e 100644
--- a/ssh.0
+++ b/ssh.0
@@ -4,7 +4,7 @@ NAME
     ssh M-bM-^@M-^S OpenSSH SSH client (remote login program)
 SYNOPSIS
-     ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
+     ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
         [-D [bind_address:]port] [-E log_file] [-e escape_char]
         [-F configfile] [-I pkcs11] [-i identity_file]
         [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
@@ -28,10 +28,6 @@ DESCRIPTION
     The options are as follows:
-     -1      Forces ssh to try protocol version 1 only.
-     -2      Forces ssh to try protocol version 2 only.
     -4      Forces ssh to use IPv4 addresses only.
     -6      Forces ssh to use IPv6 addresses only.
@@ -58,21 +54,16 @@ DESCRIPTION
     -C      Requests compression of all data (including stdin, stdout,
             stderr, and data for forwarded X11, TCP and UNIX-domain
             connections).  The compression algorithm is the same used by
-             gzip(1), and the M-bM-^@M-^\levelM-bM-^@M-^] can be controlled by the
+             gzip(1).  Compression is desirable on modem lines and other slow
-             CompressionLevel option for protocol version 1.  Compression is
+             connections, but will only slow down things on fast networks.
-             desirable on modem lines and other slow connections, but will
+             The default value can be set on a host-by-host basis in the
-             only slow down things on fast networks.  The default value can be
+             configuration files; see the Compression option.
-             set on a host-by-host basis in the configuration files; see the
-             Compression option.
     -c cipher_spec
             Selects the cipher specification for encrypting the session.
+             cipher_spec is a comma-separated list of ciphers listed in order
-             Protocol version 1 allows specification of a single cipher.  The
+             of preference.  See the Ciphers keyword in ssh_config(5) for more
-             supported values are M-bM-^@M-^\3desM-bM-^@M-^], M-bM-^@M-^\blowfishM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^].  For protocol
+             information.
-             version 2, cipher_spec is a comma-separated list of ciphers
-             listed in order of preference.  See the Ciphers keyword in
-             ssh_config(5) for more information.
     -D [bind_address:]port
             Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding.
@@ -137,10 +128,9 @@ DESCRIPTION
     -i identity_file
             Selects a file from which the identity (private key) for public
-             key authentication is read.  The default is ~/.ssh/identity for
+             key authentication is read.  The default is ~/.ssh/id_dsa,
-             protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
+             ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa.  Identity
-             ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
+             files may also be specified on a per-host basis in the
-             Identity files may also be specified on a per-host basis in the
             configuration file.  It is possible to have multiple -i options
             (and multiple identities specified in configuration files).  If
             no certificates have been explicitly specified by the
@@ -243,11 +233,9 @@ DESCRIPTION
                   CertificateFile
                   ChallengeResponseAuthentication
                   CheckHostIP
-                   Cipher
                   Ciphers
                   ClearAllForwardings
                   Compression
-                   CompressionLevel
                   ConnectionAttempts
                   ConnectTimeout
                   ControlMaster
@@ -292,17 +280,15 @@ DESCRIPTION
                   PKCS11Provider
                   Port
                   PreferredAuthentications
-                   Protocol
                   ProxyCommand
                   ProxyJump
                   ProxyUseFdpass
                   PubkeyAcceptedKeyTypes
                   PubkeyAuthentication
                   RekeyLimit
+                   RemoteCommand
                   RemoteForward
                   RequestTTY
-                   RhostsRSAAuthentication
-                   RSAAuthentication
                   SendEnv
                   ServerAliveInterval
                   ServerAliveCountMax
@@ -340,14 +326,20 @@ DESCRIPTION
     -R [bind_address:]port:local_socket
     -R remote_socket:host:hostport
     -R remote_socket:local_socket
+     -R [bind_address:]port
             Specifies that connections to the given TCP port or Unix socket
-             on the remote (server) host are to be forwarded to the given host
+             on the remote (server) host are to be forwarded to the local
-             and port, or Unix socket, on the local side.  This works by
+             side.
-             allocating a socket to listen to either a TCP port or to a Unix
-             socket on the remote side.  Whenever a connection is made to this
+             This works by allocating a socket to listen to either a TCP port
-             port or Unix socket, the connection is forwarded over the secure
+             or to a Unix socket on the remote side.  Whenever a connection is
-             channel, and a connection is made to either host port hostport,
+             made to this port or Unix socket, the connection is forwarded
-             or local_socket, from the local machine.
+             over the secure channel, and a connection is made from the local
+             machine to either an explicit destination specified by host port
+             hostport, or local_socket, or, if no explicit destination was
+             specified, ssh will act as a SOCKS 4/5 proxy and forward
+             connections to the destinations requested by the remote SOCKS
+             client.
             Port forwardings can also be specified in the configuration file.
             Privileged ports can be forwarded only when logging in as root on
@@ -438,12 +430,7 @@ DESCRIPTION
     and configuration options are described in ssh_config(5).
 AUTHENTICATION
-     The OpenSSH SSH client supports SSH protocols 1 and 2.  The default is to
+     The OpenSSH SSH client supports SSH protocol 2.
-     use protocol 2 only, though this can be changed via the Protocol option
-     in ssh_config(5) or the -1 and -2 options (see above).  Protocol 1 should
-     not be used and is only offered to support legacy devices.  It suffers
-     from a number of cryptographic weaknesses and doesn't support many of the
-     advanced features available for protocol 2.
     The methods available for authentication are: GSSAPI-based
     authentication, host-based authentication, public key authentication,
@@ -481,11 +468,15 @@ AUTHENTICATION
     proves that it has access to the private key and the server checks that
     the corresponding public key is authorized to accept the account.
+     The server may inform the client of errors that prevented public key
+     authentication from succeeding after authentication completes using a
+     different method.  These may be viewed by increasing the LogLevel to
+     DEBUG or higher (e.g. by using the -v flag).
     The user creates his/her key pair by running ssh-keygen(1).  This stores
-     the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (DSA),
+     the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA),
-     ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa
+     ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa (RSA) and stores the public
-     (RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1),
+     key in ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA),
-     ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA),
     ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's
     home directory.  The user should then copy the public key to
     ~/.ssh/authorized_keys in his/her home directory on the remote machine.
@@ -845,7 +836,6 @@ FILES
             Contains additional definitions for environment variables; see
             ENVIRONMENT, above.
-     ~/.ssh/identity
     ~/.ssh/id_dsa
     ~/.ssh/id_ecdsa
     ~/.ssh/id_ed25519
@@ -858,7 +848,6 @@ FILES
             will be used to encrypt the sensitive part of this file using
             3DES.
-     ~/.ssh/identity.pub
     ~/.ssh/id_dsa.pub
     ~/.ssh/id_ecdsa.pub
     ~/.ssh/id_ed25519.pub
@@ -968,4 +957,4 @@ AUTHORS
     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
     versions 1.5 and 2.0.
-OpenBSD 6.0                      July 16, 2016                     OpenBSD 6.0
+OpenBSD 6.2                   September 21, 2017                   OpenBSD 6.2
author	Colin Watson <cjwatson@debian.org>	2017-10-04 11:23:58 +0100
committer	Colin Watson <cjwatson@debian.org>	2017-10-04 11:23:58 +0100
commit	62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch)
tree	3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /ssh.0
parent	6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff)
parent	66bf74a92131b7effe49fb0eefe5225151869dc5 (diff)

diff --git a/ssh.0 b/ssh.0 index 67ce809bb..f920dd97e 100644 --- a/ssh.0 +++ b/ssh.0
@@ -4,7 +4,7 @@ NAME
4	ssh M-bM-^@M-^S OpenSSH SSH client (remote login program)	4	ssh M-bM-^@M-^S OpenSSH SSH client (remote login program)
5		5
6	SYNOPSIS	6	SYNOPSIS
7	ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]	7	ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
8	[-D [bind_address:]port] [-E log_file] [-e escape_char]	8	[-D [bind_address:]port] [-E log_file] [-e escape_char]
9	[-F configfile] [-I pkcs11] [-i identity_file]	9	[-F configfile] [-I pkcs11] [-i identity_file]
10	[-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]	10	[-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
@@ -28,10 +28,6 @@ DESCRIPTION
28		28
29	The options are as follows:	29	The options are as follows:
30		30
31	-1 Forces ssh to try protocol version 1 only.
32
33	-2 Forces ssh to try protocol version 2 only.
34
35	-4 Forces ssh to use IPv4 addresses only.	31	-4 Forces ssh to use IPv4 addresses only.
36		32
37	-6 Forces ssh to use IPv6 addresses only.	33	-6 Forces ssh to use IPv6 addresses only.
@@ -58,21 +54,16 @@ DESCRIPTION
58	-C Requests compression of all data (including stdin, stdout,	54	-C Requests compression of all data (including stdin, stdout,
59	stderr, and data for forwarded X11, TCP and UNIX-domain	55	stderr, and data for forwarded X11, TCP and UNIX-domain
60	connections). The compression algorithm is the same used by	56	connections). The compression algorithm is the same used by
61	gzip(1), and the M-bM-^@M-^\levelM-bM-^@M-^] can be controlled by the	57	gzip(1). Compression is desirable on modem lines and other slow
62	CompressionLevel option for protocol version 1. Compression is	58	connections, but will only slow down things on fast networks.
63	desirable on modem lines and other slow connections, but will	59	The default value can be set on a host-by-host basis in the
64	only slow down things on fast networks. The default value can be	60	configuration files; see the Compression option.
65	set on a host-by-host basis in the configuration files; see the
66	Compression option.
67		61
68	-c cipher_spec	62	-c cipher_spec
69	Selects the cipher specification for encrypting the session.	63	Selects the cipher specification for encrypting the session.
70		64	cipher_spec is a comma-separated list of ciphers listed in order
71	Protocol version 1 allows specification of a single cipher. The	65	of preference. See the Ciphers keyword in ssh_config(5) for more
72	supported values are M-bM-^@M-^\3desM-bM-^@M-^], M-bM-^@M-^\blowfishM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^]. For protocol	66	information.
73	version 2, cipher_spec is a comma-separated list of ciphers
74	listed in order of preference. See the Ciphers keyword in
75	ssh_config(5) for more information.
76		67
77	-D [bind_address:]port	68	-D [bind_address:]port
78	Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding.	69	Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding.
@@ -137,10 +128,9 @@ DESCRIPTION
137		128
138	-i identity_file	129	-i identity_file
139	Selects a file from which the identity (private key) for public	130	Selects a file from which the identity (private key) for public
140	key authentication is read. The default is ~/.ssh/identity for	131	key authentication is read. The default is ~/.ssh/id_dsa,
141	protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,	132	~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa. Identity
142	~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.	133	files may also be specified on a per-host basis in the
143	Identity files may also be specified on a per-host basis in the
144	configuration file. It is possible to have multiple -i options	134	configuration file. It is possible to have multiple -i options
145	(and multiple identities specified in configuration files). If	135	(and multiple identities specified in configuration files). If
146	no certificates have been explicitly specified by the	136	no certificates have been explicitly specified by the
@@ -243,11 +233,9 @@ DESCRIPTION
243	CertificateFile	233	CertificateFile
244	ChallengeResponseAuthentication	234	ChallengeResponseAuthentication
245	CheckHostIP	235	CheckHostIP
246	Cipher
247	Ciphers	236	Ciphers
248	ClearAllForwardings	237	ClearAllForwardings
249	Compression	238	Compression
250	CompressionLevel
251	ConnectionAttempts	239	ConnectionAttempts
252	ConnectTimeout	240	ConnectTimeout
253	ControlMaster	241	ControlMaster
@@ -292,17 +280,15 @@ DESCRIPTION
292	PKCS11Provider	280	PKCS11Provider
293	Port	281	Port
294	PreferredAuthentications	282	PreferredAuthentications
295	Protocol
296	ProxyCommand	283	ProxyCommand
297	ProxyJump	284	ProxyJump
298	ProxyUseFdpass	285	ProxyUseFdpass
299	PubkeyAcceptedKeyTypes	286	PubkeyAcceptedKeyTypes
300	PubkeyAuthentication	287	PubkeyAuthentication
301	RekeyLimit	288	RekeyLimit
		289	RemoteCommand
302	RemoteForward	290	RemoteForward
303	RequestTTY	291	RequestTTY
304	RhostsRSAAuthentication
305	RSAAuthentication
306	SendEnv	292	SendEnv
307	ServerAliveInterval	293	ServerAliveInterval
308	ServerAliveCountMax	294	ServerAliveCountMax
@@ -340,14 +326,20 @@ DESCRIPTION
340	-R [bind_address:]port:local_socket	326	-R [bind_address:]port:local_socket
341	-R remote_socket:host:hostport	327	-R remote_socket:host:hostport
342	-R remote_socket:local_socket	328	-R remote_socket:local_socket
		329	-R [bind_address:]port
343	Specifies that connections to the given TCP port or Unix socket	330	Specifies that connections to the given TCP port or Unix socket
344	on the remote (server) host are to be forwarded to the given host	331	on the remote (server) host are to be forwarded to the local
345	and port, or Unix socket, on the local side. This works by	332	side.
346	allocating a socket to listen to either a TCP port or to a Unix	333
347	socket on the remote side. Whenever a connection is made to this	334	This works by allocating a socket to listen to either a TCP port
348	port or Unix socket, the connection is forwarded over the secure	335	or to a Unix socket on the remote side. Whenever a connection is
349	channel, and a connection is made to either host port hostport,	336	made to this port or Unix socket, the connection is forwarded
350	or local_socket, from the local machine.	337	over the secure channel, and a connection is made from the local
		338	machine to either an explicit destination specified by host port
		339	hostport, or local_socket, or, if no explicit destination was
		340	specified, ssh will act as a SOCKS 4/5 proxy and forward
		341	connections to the destinations requested by the remote SOCKS
		342	client.
351		343
352	Port forwardings can also be specified in the configuration file.	344	Port forwardings can also be specified in the configuration file.
353	Privileged ports can be forwarded only when logging in as root on	345	Privileged ports can be forwarded only when logging in as root on
@@ -438,12 +430,7 @@ DESCRIPTION
438	and configuration options are described in ssh_config(5).	430	and configuration options are described in ssh_config(5).
439		431
440	AUTHENTICATION	432	AUTHENTICATION
441	The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to	433	The OpenSSH SSH client supports SSH protocol 2.
442	use protocol 2 only, though this can be changed via the Protocol option
443	in ssh_config(5) or the -1 and -2 options (see above). Protocol 1 should
444	not be used and is only offered to support legacy devices. It suffers
445	from a number of cryptographic weaknesses and doesn't support many of the
446	advanced features available for protocol 2.
447		434
448	The methods available for authentication are: GSSAPI-based	435	The methods available for authentication are: GSSAPI-based
449	authentication, host-based authentication, public key authentication,	436	authentication, host-based authentication, public key authentication,
@@ -481,11 +468,15 @@ AUTHENTICATION
481	proves that it has access to the private key and the server checks that	468	proves that it has access to the private key and the server checks that
482	the corresponding public key is authorized to accept the account.	469	the corresponding public key is authorized to accept the account.
483		470
		471	The server may inform the client of errors that prevented public key
		472	authentication from succeeding after authentication completes using a
		473	different method. These may be viewed by increasing the LogLevel to
		474	DEBUG or higher (e.g. by using the -v flag).
		475
484	The user creates his/her key pair by running ssh-keygen(1). This stores	476	The user creates his/her key pair by running ssh-keygen(1). This stores
485	the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (DSA),	477	the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA),
486	~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa	478	~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa (RSA) and stores the public
487	(RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1),	479	key in ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA),
488	~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA),
489	~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's	480	~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's
490	home directory. The user should then copy the public key to	481	home directory. The user should then copy the public key to
491	~/.ssh/authorized_keys in his/her home directory on the remote machine.	482	~/.ssh/authorized_keys in his/her home directory on the remote machine.
@@ -845,7 +836,6 @@ FILES
845	Contains additional definitions for environment variables; see	836	Contains additional definitions for environment variables; see
846	ENVIRONMENT, above.	837	ENVIRONMENT, above.
847		838
848	~/.ssh/identity
849	~/.ssh/id_dsa	839	~/.ssh/id_dsa
850	~/.ssh/id_ecdsa	840	~/.ssh/id_ecdsa
851	~/.ssh/id_ed25519	841	~/.ssh/id_ed25519
@@ -858,7 +848,6 @@ FILES
858	will be used to encrypt the sensitive part of this file using	848	will be used to encrypt the sensitive part of this file using
859	3DES.	849	3DES.
860		850
861	~/.ssh/identity.pub
862	~/.ssh/id_dsa.pub	851	~/.ssh/id_dsa.pub
863	~/.ssh/id_ecdsa.pub	852	~/.ssh/id_ecdsa.pub
864	~/.ssh/id_ed25519.pub	853	~/.ssh/id_ed25519.pub
@@ -968,4 +957,4 @@ AUTHORS
968	created OpenSSH. Markus Friedl contributed the support for SSH protocol	957	created OpenSSH. Markus Friedl contributed the support for SSH protocol
969	versions 1.5 and 2.0.	958	versions 1.5 and 2.0.
970		959
971	OpenBSD 6.0 July 16, 2016 OpenBSD 6.0	960	OpenBSD 6.2 September 21, 2017 OpenBSD 6.2