Import openssh_6.7p1.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2014-10-07 12:13:50 +0100
committer: Colin Watson <cjwatson@debian.org> 2014-10-07 12:13:50 +0100
commit: 487bdb3a5ef6075887b830ccb8a0b14f6da78e93 (patch)
tree: a2cff6fec1e6c4b4153a170a3e172cfe6bfdec46 /ssh_config.0
parent: 796ba4fd011b5d0d9d78d592ba2f30fc9d5ed2e7 (diff)
parent: 28453d58058a4d60c3ebe7d7f0c31a510cbf6158 (diff)
1 files changed, 79 insertions, 38 deletions
diff --git a/ssh_config.0 b/ssh_config.0
index 6fbd10d61..c40ce5f08 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -1,4 +1,4 @@
-SSH_CONFIG(5)             OpenBSD Programmer's Manual            SSH_CONFIG(5)
+SSH_CONFIG(5)                 File Formats Manual                SSH_CONFIG(5)
 NAME
     ssh_config - OpenSSH SSH client configuration files
@@ -176,19 +176,30 @@ DESCRIPTION
             preference.  Multiple ciphers must be comma-separated.  The
             supported ciphers are:
-             ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
+                   3des-cbc
-             ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'',
+                   aes128-cbc
-             ``aes128-gcm@openssh.com'', ``aes256-gcm@openssh.com'',
+                   aes192-cbc
-             ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',
+                   aes256-cbc
-             ``cast128-cbc'', and ``chacha20-poly1305@openssh.com''.
+                   aes128-ctr
+                   aes192-ctr
+                   aes256-ctr
+                   aes128-gcm@openssh.com
+                   aes256-gcm@openssh.com
+                   arcfour
+                   arcfour128
+                   arcfour256
+                   blowfish-cbc
+                   cast128-cbc
+                   chacha20-poly1305@openssh.com
             The default is:
-                aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
+                   aes128-ctr,aes192-ctr,aes256-ctr,
-                aes128-gcm@openssh.com,aes256-gcm@openssh.com,
+                   aes128-gcm@openssh.com,aes256-gcm@openssh.com,
-                chacha20-poly1305@openssh.com,
+                   chacha20-poly1305@openssh.com,
-                aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
+                   arcfour256,arcfour128,
-                aes256-cbc,arcfour
+                   aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
+                   aes192-cbc,aes256-cbc,arcfour
             The list of available ciphers may also be obtained using the -Q
             option of ssh(1).
@@ -261,10 +272,12 @@ DESCRIPTION
             any domain name), `%h' will be substituted by the target host
             name, `%n' will be substituted by the original target host name
             specified on the command line, `%p' the destination port, `%r' by
-             the remote login username, and `%u' by the username of the user
+             the remote login username, `%u' by the username of the user
-             running ssh(1).  It is recommended that any ControlPath used for
+             running ssh(1), and `%C' by a hash of the concatenation:
-             opportunistic connection sharing include at least %h, %p, and %r.
+             %l%h%p%r.  It is recommended that any ControlPath used for
-             This ensures that shared connections are uniquely identified.
+             opportunistic connection sharing include at least %h, %p, and %r
+             (or alternatively %C).  This ensures that shared connections are
+             uniquely identified.
     ControlPersist
             When used in conjunction with ControlMaster, specifies that the
@@ -437,10 +450,13 @@ DESCRIPTION
             specify nicknames or abbreviations for hosts.  If the hostname
             contains the character sequence `%h', then this will be replaced
             with the host name specified on the command line (this is useful
-             for manipulating unqualified names).  The default is the name
+             for manipulating unqualified names).  The character sequence `%%'
-             given on the command line.  Numeric IP addresses are also
+             will be replaced by a single `%' character, which may be used
-             permitted (both on the command line and in HostName
+             when specifying IPv6 link-local addresses.
-             specifications).
+             The default is the name given on the command line.  Numeric IP
+             addresses are also permitted (both on the command line and in
+             HostName specifications).
     IdentitiesOnly
             Specifies that ssh(1) should only use the authentication identity
@@ -517,8 +533,8 @@ DESCRIPTION
                   curve25519-sha256@libssh.org,
                   ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
                   diffie-hellman-group-exchange-sha256,
-                   diffie-hellman-group-exchange-sha1,
                   diffie-hellman-group14-sha1,
+                   diffie-hellman-group-exchange-sha1,
                   diffie-hellman-group1-sha1
     LocalCommand
@@ -529,7 +545,8 @@ DESCRIPTION
             performed: `%d' (local user's home directory), `%h' (remote host
             name), `%l' (local host name), `%n' (host name as provided on the
             command line), `%p' (remote port), `%r' (remote user name) or
-             `%u' (local user name).
+             `%u' (local user name) or `%C' by a hash of the concatenation:
+             %l%h%p%r.
             The command is run synchronously and does not have access to the
             session of the ssh(1) that spawned it.  It should not be used for
@@ -568,13 +585,14 @@ DESCRIPTION
             calculate the MAC after encryption (encrypt-then-mac).  These are
             considered safer and their use recommended.  The default is:
-                   hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
                   umac-64-etm@openssh.com,umac-128-etm@openssh.com,
                   hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
-                   hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
+                   umac-64@openssh.com,umac-128@openssh.com,
-                   hmac-md5-96-etm@openssh.com,
+                   hmac-sha2-256,hmac-sha2-512,
-                   hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
+                   hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
-                   hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
+                   hmac-ripemd160-etm@openssh.com,
+                   hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,
+                   hmac-md5,hmac-sha1,hmac-ripemd160,
                   hmac-sha1-96,hmac-md5-96
     NoHostAuthenticationForLocalhost
@@ -628,17 +646,19 @@ DESCRIPTION
     ProxyCommand
             Specifies the command to use to connect to the server.  The
             command string extends to the end of the line, and is executed
-             with the user's shell.  In the command string, any occurrence of
+             using the user's shell `exec' directive to avoid a lingering
-             `%h' will be substituted by the host name to connect, `%p' by the
+             shell process.
-             port, and `%r' by the remote user name.  The command can be
-             basically anything, and should read from its standard input and
+             In the command string, any occurrence of `%h' will be substituted
-             write to its standard output.  It should eventually connect an
+             by the host name to connect, `%p' by the port, and `%r' by the
-             sshd(8) server running on some machine, or execute sshd -i
+             remote user name.  The command can be basically anything, and
-             somewhere.  Host key management will be done using the HostName
+             should read from its standard input and write to its standard
-             of the host being connected (defaulting to the name typed by the
+             output.  It should eventually connect an sshd(8) server running
-             user).  Setting the command to ``none'' disables this option
+             on some machine, or execute sshd -i somewhere.  Host key
-             entirely.  Note that CheckHostIP is not available for connects
+             management will be done using the HostName of the host being
-             with a proxy command.
+             connected (defaulting to the name typed by the user).  Setting
+             the command to ``none'' disables this option entirely.  Note that
+             CheckHostIP is not available for connects with a proxy command.
             This directive is useful in conjunction with nc(1) and its proxy
             support.  For example, the following directive would connect via
@@ -751,6 +771,27 @@ DESCRIPTION
             default is 0, indicating that these messages will not be sent to
             the server.  This option applies to protocol version 2 only.
+     StreamLocalBindMask
+             Sets the octal file creation mode mask (umask) used when creating
+             a Unix-domain socket file for local or remote port forwarding.
+             This option is only used for port forwarding to a Unix-domain
+             socket file.
+             The default value is 0177, which creates a Unix-domain socket
+             file that is readable and writable only by the owner.  Note that
+             not all operating systems honor the file mode on Unix-domain
+             socket files.
+     StreamLocalBindUnlink
+             Specifies whether to remove an existing Unix-domain socket file
+             for local or remote port forwarding before creating a new one.
+             If the socket file already exists and StreamLocalBindUnlink is
+             not enabled, ssh will be unable to forward the port to the Unix-
+             domain socket file.  This option is only used for port forwarding
+             to a Unix-domain socket file.
+             The argument must be ``yes'' or ``no''.  The default is ``no''.
     StrictHostKeyChecking
             If this flag is set to ``yes'', ssh(1) will never automatically
             add host keys to the ~/.ssh/known_hosts file, and refuses to
@@ -886,4 +927,4 @@ AUTHORS
     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
     versions 1.5 and 2.0.
-OpenBSD 5.5                    February 23, 2014                   OpenBSD 5.5
+OpenBSD 5.6                      July 15, 2014                     OpenBSD 5.6
author	Colin Watson <cjwatson@debian.org>	2014-10-07 12:13:50 +0100
committer	Colin Watson <cjwatson@debian.org>	2014-10-07 12:13:50 +0100
commit	487bdb3a5ef6075887b830ccb8a0b14f6da78e93 (patch)
tree	a2cff6fec1e6c4b4153a170a3e172cfe6bfdec46 /ssh_config.0
parent	796ba4fd011b5d0d9d78d592ba2f30fc9d5ed2e7 (diff)
parent	28453d58058a4d60c3ebe7d7f0c31a510cbf6158 (diff)

diff --git a/ssh_config.0 b/ssh_config.0 index 6fbd10d61..c40ce5f08 100644 --- a/ssh_config.0 +++ b/ssh_config.0
@@ -1,4 +1,4 @@
1	SSH_CONFIG(5) OpenBSD Programmer's Manual SSH_CONFIG(5)	1	SSH_CONFIG(5) File Formats Manual SSH_CONFIG(5)
2		2
3	NAME	3	NAME
4	ssh_config - OpenSSH SSH client configuration files	4	ssh_config - OpenSSH SSH client configuration files
@@ -176,19 +176,30 @@ DESCRIPTION
176	preference. Multiple ciphers must be comma-separated. The	176	preference. Multiple ciphers must be comma-separated. The
177	supported ciphers are:	177	supported ciphers are:
178		178
179	``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',	179	3des-cbc
180	``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'',	180	aes128-cbc
181	``aes128-gcm@openssh.com'', ``aes256-gcm@openssh.com'',	181	aes192-cbc
182	``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',	182	aes256-cbc
183	``cast128-cbc'', and ``chacha20-poly1305@openssh.com''.	183	aes128-ctr
		184	aes192-ctr
		185	aes256-ctr
		186	aes128-gcm@openssh.com
		187	aes256-gcm@openssh.com
		188	arcfour
		189	arcfour128
		190	arcfour256
		191	blowfish-cbc
		192	cast128-cbc
		193	chacha20-poly1305@openssh.com
184		194
185	The default is:	195	The default is:
186		196
187	aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,	197	aes128-ctr,aes192-ctr,aes256-ctr,
188	aes128-gcm@openssh.com,aes256-gcm@openssh.com,	198	aes128-gcm@openssh.com,aes256-gcm@openssh.com,
189	chacha20-poly1305@openssh.com,	199	chacha20-poly1305@openssh.com,
190	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,	200	arcfour256,arcfour128,
191	aes256-cbc,arcfour	201	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
		202	aes192-cbc,aes256-cbc,arcfour
192		203
193	The list of available ciphers may also be obtained using the -Q	204	The list of available ciphers may also be obtained using the -Q
194	option of ssh(1).	205	option of ssh(1).
@@ -261,10 +272,12 @@ DESCRIPTION
261	any domain name), `%h' will be substituted by the target host	272	any domain name), `%h' will be substituted by the target host
262	name, `%n' will be substituted by the original target host name	273	name, `%n' will be substituted by the original target host name
263	specified on the command line, `%p' the destination port, `%r' by	274	specified on the command line, `%p' the destination port, `%r' by
264	the remote login username, and `%u' by the username of the user	275	the remote login username, `%u' by the username of the user
265	running ssh(1). It is recommended that any ControlPath used for	276	running ssh(1), and `%C' by a hash of the concatenation:
266	opportunistic connection sharing include at least %h, %p, and %r.	277	%l%h%p%r. It is recommended that any ControlPath used for
267	This ensures that shared connections are uniquely identified.	278	opportunistic connection sharing include at least %h, %p, and %r
		279	(or alternatively %C). This ensures that shared connections are
		280	uniquely identified.
268		281
269	ControlPersist	282	ControlPersist
270	When used in conjunction with ControlMaster, specifies that the	283	When used in conjunction with ControlMaster, specifies that the
@@ -437,10 +450,13 @@ DESCRIPTION
437	specify nicknames or abbreviations for hosts. If the hostname	450	specify nicknames or abbreviations for hosts. If the hostname
438	contains the character sequence `%h', then this will be replaced	451	contains the character sequence `%h', then this will be replaced
439	with the host name specified on the command line (this is useful	452	with the host name specified on the command line (this is useful
440	for manipulating unqualified names). The default is the name	453	for manipulating unqualified names). The character sequence `%%'
441	given on the command line. Numeric IP addresses are also	454	will be replaced by a single `%' character, which may be used
442	permitted (both on the command line and in HostName	455	when specifying IPv6 link-local addresses.
443	specifications).	456
		457	The default is the name given on the command line. Numeric IP
		458	addresses are also permitted (both on the command line and in
		459	HostName specifications).
444		460
445	IdentitiesOnly	461	IdentitiesOnly
446	Specifies that ssh(1) should only use the authentication identity	462	Specifies that ssh(1) should only use the authentication identity
@@ -517,8 +533,8 @@ DESCRIPTION
517	curve25519-sha256@libssh.org,	533	curve25519-sha256@libssh.org,
518	ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,	534	ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
519	diffie-hellman-group-exchange-sha256,	535	diffie-hellman-group-exchange-sha256,
520	diffie-hellman-group-exchange-sha1,
521	diffie-hellman-group14-sha1,	536	diffie-hellman-group14-sha1,
		537	diffie-hellman-group-exchange-sha1,
522	diffie-hellman-group1-sha1	538	diffie-hellman-group1-sha1
523		539
524	LocalCommand	540	LocalCommand
@@ -529,7 +545,8 @@ DESCRIPTION
529	performed: `%d' (local user's home directory), `%h' (remote host	545	performed: `%d' (local user's home directory), `%h' (remote host
530	name), `%l' (local host name), `%n' (host name as provided on the	546	name), `%l' (local host name), `%n' (host name as provided on the
531	command line), `%p' (remote port), `%r' (remote user name) or	547	command line), `%p' (remote port), `%r' (remote user name) or
532	`%u' (local user name).	548	`%u' (local user name) or `%C' by a hash of the concatenation:
		549	%l%h%p%r.
533		550
534	The command is run synchronously and does not have access to the	551	The command is run synchronously and does not have access to the
535	session of the ssh(1) that spawned it. It should not be used for	552	session of the ssh(1) that spawned it. It should not be used for
@@ -568,13 +585,14 @@ DESCRIPTION
568	calculate the MAC after encryption (encrypt-then-mac). These are	585	calculate the MAC after encryption (encrypt-then-mac). These are
569	considered safer and their use recommended. The default is:	586	considered safer and their use recommended. The default is:
570		587
571	hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
572	umac-64-etm@openssh.com,umac-128-etm@openssh.com,	588	umac-64-etm@openssh.com,umac-128-etm@openssh.com,
573	hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,	589	hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
574	hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,	590	umac-64@openssh.com,umac-128@openssh.com,
575	hmac-md5-96-etm@openssh.com,	591	hmac-sha2-256,hmac-sha2-512,
576	hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,	592	hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
577	hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,	593	hmac-ripemd160-etm@openssh.com,
		594	hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,
		595	hmac-md5,hmac-sha1,hmac-ripemd160,
578	hmac-sha1-96,hmac-md5-96	596	hmac-sha1-96,hmac-md5-96
579		597
580	NoHostAuthenticationForLocalhost	598	NoHostAuthenticationForLocalhost
@@ -628,17 +646,19 @@ DESCRIPTION
628	ProxyCommand	646	ProxyCommand
629	Specifies the command to use to connect to the server. The	647	Specifies the command to use to connect to the server. The
630	command string extends to the end of the line, and is executed	648	command string extends to the end of the line, and is executed
631	with the user's shell. In the command string, any occurrence of	649	using the user's shell `exec' directive to avoid a lingering
632	`%h' will be substituted by the host name to connect, `%p' by the	650	shell process.
633	port, and `%r' by the remote user name. The command can be	651
634	basically anything, and should read from its standard input and	652	In the command string, any occurrence of `%h' will be substituted
635	write to its standard output. It should eventually connect an	653	by the host name to connect, `%p' by the port, and `%r' by the
636	sshd(8) server running on some machine, or execute sshd -i	654	remote user name. The command can be basically anything, and
637	somewhere. Host key management will be done using the HostName	655	should read from its standard input and write to its standard
638	of the host being connected (defaulting to the name typed by the	656	output. It should eventually connect an sshd(8) server running
639	user). Setting the command to ``none'' disables this option	657	on some machine, or execute sshd -i somewhere. Host key
640	entirely. Note that CheckHostIP is not available for connects	658	management will be done using the HostName of the host being
641	with a proxy command.	659	connected (defaulting to the name typed by the user). Setting
		660	the command to ``none'' disables this option entirely. Note that
		661	CheckHostIP is not available for connects with a proxy command.
642		662
643	This directive is useful in conjunction with nc(1) and its proxy	663	This directive is useful in conjunction with nc(1) and its proxy
644	support. For example, the following directive would connect via	664	support. For example, the following directive would connect via
@@ -751,6 +771,27 @@ DESCRIPTION
751	default is 0, indicating that these messages will not be sent to	771	default is 0, indicating that these messages will not be sent to
752	the server. This option applies to protocol version 2 only.	772	the server. This option applies to protocol version 2 only.
753		773
		774	StreamLocalBindMask
		775	Sets the octal file creation mode mask (umask) used when creating
		776	a Unix-domain socket file for local or remote port forwarding.
		777	This option is only used for port forwarding to a Unix-domain
		778	socket file.
		779
		780	The default value is 0177, which creates a Unix-domain socket
		781	file that is readable and writable only by the owner. Note that
		782	not all operating systems honor the file mode on Unix-domain
		783	socket files.
		784
		785	StreamLocalBindUnlink
		786	Specifies whether to remove an existing Unix-domain socket file
		787	for local or remote port forwarding before creating a new one.
		788	If the socket file already exists and StreamLocalBindUnlink is
		789	not enabled, ssh will be unable to forward the port to the Unix-
		790	domain socket file. This option is only used for port forwarding
		791	to a Unix-domain socket file.
		792
		793	The argument must be ``yes'' or ``no''. The default is ``no''.
		794
754	StrictHostKeyChecking	795	StrictHostKeyChecking
755	If this flag is set to ``yes'', ssh(1) will never automatically	796	If this flag is set to ``yes'', ssh(1) will never automatically
756	add host keys to the ~/.ssh/known_hosts file, and refuses to	797	add host keys to the ~/.ssh/known_hosts file, and refuses to
@@ -886,4 +927,4 @@ AUTHORS
886	created OpenSSH. Markus Friedl contributed the support for SSH protocol	927	created OpenSSH. Markus Friedl contributed the support for SSH protocol
887	versions 1.5 and 2.0.	928	versions 1.5 and 2.0.
888		929
889	OpenBSD 5.5 February 23, 2014 OpenBSD 5.5	930	OpenBSD 5.6 July 15, 2014 OpenBSD 5.6