diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2000-12-28 16:40:05 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2000-12-28 16:40:05 +0000 |
| commit | 4dccfa5fb73853e6c9281beac2c42a31391acdc7 (patch) | |
| tree | 2a64c6b1e096010f2b5fd45a08f9878cac5d400e /sshd.8 | |
| parent | 42717bf8fff94146edf43ea266113f1a54456c62 (diff) | |
- (bal) OpenBSD CVS Update
- markus@cvs.openbsd.org 2000/12/28 14:25:51
[auth.h auth2.c]
count authentication failures only
- markus@cvs.openbsd.org 2000/12/28 14:25:03
[sshconnect.c]
fingerprint for MITM attacks, too.
- markus@cvs.openbsd.org 2000/12/28 12:03:57
[sshd.8 sshd.c]
document -D
- markus@cvs.openbsd.org 2000/12/27 14:19:21
[serverloop.c]
less chatty
- markus@cvs.openbsd.org 2000/12/27 12:34
[auth1.c sshconnect2.c sshd.c]
typo
- markus@cvs.openbsd.org 2000/12/27 12:30:19
[readconf.c readconf.h ssh.1 sshconnect.c]
new option: HostKeyAlias: allow the user to record the host key
under a different name. This is useful for ssh tunneling over
forwarded connections or if you run multiple sshd's on different
ports on the same machine.
- markus@cvs.openbsd.org 2000/12/27 11:51:53
[ssh.1 ssh.c]
multiple -t force pty allocation, document ORIGINAL_COMMAND
- markus@cvs.openbsd.org 2000/12/27 11:41:31
[sshd.8]
update for ssh-2
Diffstat (limited to 'sshd.8')
| -rw-r--r-- | sshd.8 | 41 |
1 files changed, 30 insertions, 11 deletions
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: sshd.8,v 1.73 2000/11/22 15:38:30 provos Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.76 2000/12/28 12:03:57 markus Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
| 40 | .Os | 40 | .Os |
| @@ -43,7 +43,7 @@ | |||
| 43 | .Nd secure shell daemon | 43 | .Nd secure shell daemon |
| 44 | .Sh SYNOPSIS | 44 | .Sh SYNOPSIS |
| 45 | .Nm sshd | 45 | .Nm sshd |
| 46 | .Op Fl diqQ46 | 46 | .Op Fl diqDQ46 |
| 47 | .Op Fl b Ar bits | 47 | .Op Fl b Ar bits |
| 48 | .Op Fl f Ar config_file | 48 | .Op Fl f Ar config_file |
| 49 | .Op Fl g Ar login_grace_time | 49 | .Op Fl g Ar login_grace_time |
| @@ -202,12 +202,14 @@ If the client fails to authenticate the user within | |||
| 202 | this many seconds, the server disconnects and exits. | 202 | this many seconds, the server disconnects and exits. |
| 203 | A value of zero indicates no limit. | 203 | A value of zero indicates no limit. |
| 204 | .It Fl h Ar host_key_file | 204 | .It Fl h Ar host_key_file |
| 205 | Specifies the file from which the RSA host key is read (default | 205 | Specifies the file from which the host key is read (default |
| 206 | .Pa /etc/ssh_host_key ) . | 206 | .Pa /etc/ssh_host_key ) . |
| 207 | This option must be given if | 207 | This option must be given if |
| 208 | .Nm | 208 | .Nm |
| 209 | is not run as root (as the normal | 209 | is not run as root (as the normal |
| 210 | host file is normally not readable by anyone but root). | 210 | host file is normally not readable by anyone but root). |
| 211 | It is possible to have multiple host key files for | ||
| 212 | the different protocol versions. | ||
| 211 | .It Fl i | 213 | .It Fl i |
| 212 | Specifies that | 214 | Specifies that |
| 213 | .Nm | 215 | .Nm |
| @@ -254,6 +256,12 @@ indicates that only dotted decimal addresses | |||
| 254 | should be put into the | 256 | should be put into the |
| 255 | .Pa utmp | 257 | .Pa utmp |
| 256 | file. | 258 | file. |
| 259 | .It Fl D | ||
| 260 | When this option is specified | ||
| 261 | .Nm | ||
| 262 | will not detach and does not become a daemon. | ||
| 263 | This allows easy monitoring of | ||
| 264 | .Nm sshd . | ||
| 257 | .It Fl Q | 265 | .It Fl Q |
| 258 | Do not print an error message if RSA support is missing. | 266 | Do not print an error message if RSA support is missing. |
| 259 | .It Fl V Ar client_protocol_id | 267 | .It Fl V Ar client_protocol_id |
| @@ -720,26 +728,37 @@ file lists the RSA keys that are | |||
| 720 | permitted for RSA authentication in SSH protocols 1.3 and 1.5 | 728 | permitted for RSA authentication in SSH protocols 1.3 and 1.5 |
| 721 | Similarly, the | 729 | Similarly, the |
| 722 | .Pa $HOME/.ssh/authorized_keys2 | 730 | .Pa $HOME/.ssh/authorized_keys2 |
| 723 | file lists the DSA keys that are | 731 | file lists the DSA and RSA keys that are |
| 724 | permitted for DSA authentication in SSH protocol 2.0. | 732 | permitted for public key authentication (PubkeyAuthentication) |
| 733 | in SSH protocol 2.0. | ||
| 734 | .Pp | ||
| 725 | Each line of the file contains one | 735 | Each line of the file contains one |
| 726 | key (empty lines and lines starting with a | 736 | key (empty lines and lines starting with a |
| 727 | .Ql # | 737 | .Ql # |
| 728 | are ignored as | 738 | are ignored as |
| 729 | comments). | 739 | comments). |
| 730 | Each line consists of the following fields, separated by | 740 | Each RSA public key consists of the following fields, separated by |
| 731 | spaces: options, bits, exponent, modulus, comment. | 741 | spaces: options, bits, exponent, modulus, comment. |
| 732 | The options field | 742 | Each protocol version 2 public key consists of: |
| 733 | is optional; its presence is determined by whether the line starts | 743 | options, keytype, base64 encoded key, comment. |
| 744 | The options fields | ||
| 745 | are optional; its presence is determined by whether the line starts | ||
| 734 | with a number or not (the option field never starts with a number). | 746 | with a number or not (the option field never starts with a number). |
| 735 | The bits, exponent, modulus and comment fields give the RSA key; the | 747 | The bits, exponent, modulus and comment fields give the RSA key for |
| 748 | protocol version 1; the | ||
| 736 | comment field is not used for anything (but may be convenient for the | 749 | comment field is not used for anything (but may be convenient for the |
| 737 | user to identify the key). | 750 | user to identify the key). |
| 751 | For protocol version 2 the keytype is | ||
| 752 | .Dq ssh-dss | ||
| 753 | or | ||
| 754 | .Dq ssh-rsa . | ||
| 738 | .Pp | 755 | .Pp |
| 739 | Note that lines in this file are usually several hundred bytes long | 756 | Note that lines in this file are usually several hundred bytes long |
| 740 | (because of the size of the RSA key modulus). | 757 | (because of the size of the RSA key modulus). |
| 741 | You don't want to type them in; instead, copy the | 758 | You don't want to type them in; instead, copy the |
| 742 | .Pa identity.pub | 759 | .Pa identity.pub |
| 760 | or the | ||
| 761 | .Pa id_dsa.pub | ||
| 743 | file and edit it. | 762 | file and edit it. |
| 744 | .Pp | 763 | .Pp |
| 745 | The options (if present) consist of comma-separated option | 764 | The options (if present) consist of comma-separated option |
| @@ -1053,7 +1072,7 @@ This version of OpenSSH | |||
| 1053 | .Bl -bullet | 1072 | .Bl -bullet |
| 1054 | .It | 1073 | .It |
| 1055 | has all components of a restrictive nature (i.e., patents, see | 1074 | has all components of a restrictive nature (i.e., patents, see |
| 1056 | .Xr crypto 3 ) | 1075 | .Xr ssl 8 ) |
| 1057 | directly removed from the source code; any licensed or patented components | 1076 | directly removed from the source code; any licensed or patented components |
| 1058 | are chosen from | 1077 | are chosen from |
| 1059 | external libraries. | 1078 | external libraries. |
| @@ -1080,6 +1099,6 @@ The support for SSH protocol 2 was written by Markus Friedl. | |||
| 1080 | .Xr ssh-add 1 , | 1099 | .Xr ssh-add 1 , |
| 1081 | .Xr ssh-agent 1 , | 1100 | .Xr ssh-agent 1 , |
| 1082 | .Xr ssh-keygen 1 , | 1101 | .Xr ssh-keygen 1 , |
| 1083 | .Xr crypto 3 , | 1102 | .Xr ssl 8 , |
| 1084 | .Xr rlogin 1 , | 1103 | .Xr rlogin 1 , |
| 1085 | .Xr rsh 1 | 1104 | .Xr rsh 1 |