- jmc@cvs.openbsd.org 2006/02/09 10:10:47

[sshd.8] - move some text into a CAVEATS section - merge the COMMAND EXECUTION... section into AUTHENTICATION
author: Damien Miller <djm@mindrot.org> 2006-03-15 11:27:20 +1100
committer: Damien Miller <djm@mindrot.org> 2006-03-15 11:27:20 +1100
commit: c47d7e9e1905adbef3489cc2bbdceda02d212f7e (patch)
tree: b86312b40d29f5fe9c38a9d2c4cf6769035bc128 /sshd.8
parent: 1d90540534da87ba4ac5b48037f1d66f82569ff7 (diff)
1 files changed, 13 insertions, 13 deletions
diff --git a/sshd.8 b/sshd.8
index 51d339b65..e884e2b09 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.215 2006/02/01 09:11:41 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.216 2006/02/09 10:10:47 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -308,17 +308,6 @@ or
 .Ql \&*NP\&*
 ).
 .Pp
-System security is not improved unless
-.Nm rshd ,
-.Nm rlogind ,
-and
-.Nm rexecd
-are disabled (thus completely disabling
-.Xr rlogin
-and
-.Xr rsh
-into the machine).
-.Sh COMMAND EXECUTION AND DATA FORWARDING
 If the client successfully authenticates itself, a dialog for
 preparing the session is entered.
 At this time the client may request
@@ -326,7 +315,7 @@ things like allocating a pseudo-tty, forwarding X11 connections,
 forwarding TCP connections, or forwarding the authentication agent
 connection over the secure channel.
 .Pp
-Finally, the client either requests a shell or execution of a command.
+After this, the client either requests a shell or execution of a command.
 The sides then enter session mode.
 In this mode, either side may send
 data at any time, and such data is forwarded to/from the shell or
@@ -867,3 +856,14 @@ Markus Friedl contributed the support for SSH
 protocol versions 1.5 and 2.0.
 Niels Provos and Markus Friedl contributed support
 for privilege separation.
+.Sh CAVEATS
+System security is not improved unless
+.Nm rshd ,
+.Nm rlogind ,
+and
+.Nm rexecd
+are disabled (thus completely disabling
+.Xr rlogin
+and
+.Xr rsh
+into the machine).
author	Damien Miller <djm@mindrot.org>	2006-03-15 11:27:20 +1100
committer	Damien Miller <djm@mindrot.org>	2006-03-15 11:27:20 +1100
commit	c47d7e9e1905adbef3489cc2bbdceda02d212f7e (patch)
tree	b86312b40d29f5fe9c38a9d2c4cf6769035bc128 /sshd.8
parent	1d90540534da87ba4ac5b48037f1d66f82569ff7 (diff)

diff --git a/sshd.8 b/sshd.8 index 51d339b65..e884e2b09 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.215 2006/02/01 09:11:41 jmc Exp $	37	.\" $OpenBSD: sshd.8,v 1.216 2006/02/09 10:10:47 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
@@ -308,17 +308,6 @@ or
308	.Ql \&NP\&	308	.Ql \&NP\&
309	).	309	).
310	.Pp	310	.Pp
311	System security is not improved unless
312	.Nm rshd ,
313	.Nm rlogind ,
314	and
315	.Nm rexecd
316	are disabled (thus completely disabling
317	.Xr rlogin
318	and
319	.Xr rsh
320	into the machine).
321	.Sh COMMAND EXECUTION AND DATA FORWARDING
322	If the client successfully authenticates itself, a dialog for	311	If the client successfully authenticates itself, a dialog for
323	preparing the session is entered.	312	preparing the session is entered.
324	At this time the client may request	313	At this time the client may request
@@ -326,7 +315,7 @@ things like allocating a pseudo-tty, forwarding X11 connections,
326	forwarding TCP connections, or forwarding the authentication agent	315	forwarding TCP connections, or forwarding the authentication agent
327	connection over the secure channel.	316	connection over the secure channel.
328	.Pp	317	.Pp
329	Finally, the client either requests a shell or execution of a command.	318	After this, the client either requests a shell or execution of a command.
330	The sides then enter session mode.	319	The sides then enter session mode.
331	In this mode, either side may send	320	In this mode, either side may send
332	data at any time, and such data is forwarded to/from the shell or	321	data at any time, and such data is forwarded to/from the shell or
@@ -867,3 +856,14 @@ Markus Friedl contributed the support for SSH
867	protocol versions 1.5 and 2.0.	856	protocol versions 1.5 and 2.0.
868	Niels Provos and Markus Friedl contributed support	857	Niels Provos and Markus Friedl contributed support
869	for privilege separation.	858	for privilege separation.
		859	.Sh CAVEATS
		860	System security is not improved unless
		861	.Nm rshd ,
		862	.Nm rlogind ,
		863	and
		864	.Nm rexecd
		865	are disabled (thus completely disabling
		866	.Xr rlogin
		867	and
		868	.Xr rsh
		869	into the machine).