diff options
-rw-r--r-- | ChangeLog | 13 | ||||
-rw-r--r-- | scp.1 | 168 | ||||
-rw-r--r-- | scp.c | 6 | ||||
-rw-r--r-- | sftp-server.8 | 5 | ||||
-rw-r--r-- | sftp.1 | 142 | ||||
-rw-r--r-- | sftp.c | 12 | ||||
-rw-r--r-- | ssh.1 | 3 | ||||
-rw-r--r-- | sshd.8 | 85 |
8 files changed, 277 insertions, 157 deletions
@@ -1,3 +1,14 @@ | |||
1 | 20031015 | ||
2 | - (dtucker) OpenBSD CVS Sync | ||
3 | - jmc@cvs.openbsd.org 2003/10/08 08:27:36 | ||
4 | [scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8] | ||
5 | scp and sftp: add options list and sort options. options list requested | ||
6 | by deraadt@ | ||
7 | sshd: use same format as ssh | ||
8 | ssh: remove wrong option from list | ||
9 | sftp-server: Subsystem is documented in ssh_config(5), not sshd(8) | ||
10 | ok deraadt@ markus@ | ||
11 | |||
1 | 20031009 | 12 | 20031009 |
2 | - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ | 13 | - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ |
3 | 14 | ||
@@ -1314,4 +1325,4 @@ | |||
1314 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 1325 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
1315 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 1326 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
1316 | 1327 | ||
1317 | $Id: ChangeLog,v 1.3069 2003/10/09 04:13:53 dtucker Exp $ | 1328 | $Id: ChangeLog,v 1.3070 2003/10/15 05:50:42 dtucker Exp $ |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sun May 7 00:14:37 1995 ylo | 10 | .\" Created: Sun May 7 00:14:37 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $OpenBSD: scp.1,v 1.28 2003/06/10 09:12:11 jmc Exp $ | 12 | .\" $OpenBSD: scp.1,v 1.29 2003/10/08 08:27:36 jmc Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SCP 1 | 15 | .Dt SCP 1 |
@@ -20,24 +20,24 @@ | |||
20 | .Sh SYNOPSIS | 20 | .Sh SYNOPSIS |
21 | .Nm scp | 21 | .Nm scp |
22 | .Bk -words | 22 | .Bk -words |
23 | .Op Fl pqrvBC1246 | 23 | .Op Fl 1246BCpqrv |
24 | .Op Fl F Ar ssh_config | ||
25 | .Op Fl S Ar program | ||
26 | .Op Fl P Ar port | ||
27 | .Op Fl c Ar cipher | 24 | .Op Fl c Ar cipher |
25 | .Op Fl F Ar ssh_config | ||
28 | .Op Fl i Ar identity_file | 26 | .Op Fl i Ar identity_file |
29 | .Op Fl l Ar limit | 27 | .Op Fl l Ar limit |
30 | .Op Fl o Ar ssh_option | 28 | .Op Fl o Ar ssh_option |
29 | .Op Fl P Ar port | ||
30 | .Op Fl S Ar program | ||
31 | .Sm off | 31 | .Sm off |
32 | .Oo | 32 | .Oo |
33 | .Op Ar user@ | 33 | .Op Ar user No @ |
34 | .Ar host1 No : | 34 | .Ar host1 No : |
35 | .Oc Ns Ar file1 | 35 | .Oc Ns Ar file1 |
36 | .Sm on | 36 | .Sm on |
37 | .Op Ar ... | 37 | .Op Ar ... |
38 | .Sm off | 38 | .Sm off |
39 | .Oo | 39 | .Oo |
40 | .Op Ar user@ | 40 | .Op Ar user No @ |
41 | .Ar host2 No : | 41 | .Ar host2 No : |
42 | .Oc Ar file2 | 42 | .Oc Ar file2 |
43 | .Sm on | 43 | .Sm on |
@@ -62,35 +62,24 @@ Copies between two remote hosts are permitted. | |||
62 | .Pp | 62 | .Pp |
63 | The options are as follows: | 63 | The options are as follows: |
64 | .Bl -tag -width Ds | 64 | .Bl -tag -width Ds |
65 | .It Fl c Ar cipher | 65 | .It Fl 1 |
66 | Selects the cipher to use for encrypting the data transfer. | 66 | Forces |
67 | This option is directly passed to | ||
68 | .Xr ssh 1 . | ||
69 | .It Fl i Ar identity_file | ||
70 | Selects the file from which the identity (private key) for RSA | ||
71 | authentication is read. | ||
72 | This option is directly passed to | ||
73 | .Xr ssh 1 . | ||
74 | .It Fl l Ar limit | ||
75 | Limits the used bandwidth, specified in Kbit/s. | ||
76 | .It Fl p | ||
77 | Preserves modification times, access times, and modes from the | ||
78 | original file. | ||
79 | .It Fl r | ||
80 | Recursively copy entire directories. | ||
81 | .It Fl v | ||
82 | Verbose mode. | ||
83 | Causes | ||
84 | .Nm | 67 | .Nm |
85 | and | 68 | to use protocol 1. |
86 | .Xr ssh 1 | 69 | .It Fl 2 |
87 | to print debugging messages about their progress. | 70 | Forces |
88 | This is helpful in | 71 | .Nm |
89 | debugging connection, authentication, and configuration problems. | 72 | to use protocol 2. |
73 | .It Fl 4 | ||
74 | Forces | ||
75 | .Nm | ||
76 | to use IPv4 addresses only. | ||
77 | .It Fl 6 | ||
78 | Forces | ||
79 | .Nm | ||
80 | to use IPv6 addresses only. | ||
90 | .It Fl B | 81 | .It Fl B |
91 | Selects batch mode (prevents asking for passwords or passphrases). | 82 | Selects batch mode (prevents asking for passwords or passphrases). |
92 | .It Fl q | ||
93 | Disables the progress meter. | ||
94 | .It Fl C | 83 | .It Fl C |
95 | Compression enable. | 84 | Compression enable. |
96 | Passes the | 85 | Passes the |
@@ -98,12 +87,85 @@ Passes the | |||
98 | flag to | 87 | flag to |
99 | .Xr ssh 1 | 88 | .Xr ssh 1 |
100 | to enable compression. | 89 | to enable compression. |
90 | .It Fl c Ar cipher | ||
91 | Selects the cipher to use for encrypting the data transfer. | ||
92 | This option is directly passed to | ||
93 | .Xr ssh 1 . | ||
101 | .It Fl F Ar ssh_config | 94 | .It Fl F Ar ssh_config |
102 | Specifies an alternative | 95 | Specifies an alternative |
103 | per-user configuration file for | 96 | per-user configuration file for |
104 | .Nm ssh . | 97 | .Nm ssh . |
105 | This option is directly passed to | 98 | This option is directly passed to |
106 | .Xr ssh 1 . | 99 | .Xr ssh 1 . |
100 | .It Fl i Ar identity_file | ||
101 | Selects the file from which the identity (private key) for RSA | ||
102 | authentication is read. | ||
103 | This option is directly passed to | ||
104 | .Xr ssh 1 . | ||
105 | .It Fl l Ar limit | ||
106 | Limits the used bandwidth, specified in Kbit/s. | ||
107 | .It Fl o Ar ssh_option | ||
108 | Can be used to pass options to | ||
109 | .Nm ssh | ||
110 | in the format used in | ||
111 | .Xr ssh_config 5 . | ||
112 | This is useful for specifying options | ||
113 | for which there is no separate | ||
114 | .Nm scp | ||
115 | command-line flag. | ||
116 | For full details of the options listed below, and their possible values, see | ||
117 | .Xr ssh_config 5 . | ||
118 | .Pp | ||
119 | .Bl -tag -width Ds -offset indent -compact | ||
120 | .It AddressFamily | ||
121 | .It BatchMode | ||
122 | .It BindAddress | ||
123 | .It ChallengeResponseAuthentication | ||
124 | .It CheckHostIP | ||
125 | .It Cipher | ||
126 | .It Ciphers | ||
127 | .It ClearAllForwardings | ||
128 | .It Compression | ||
129 | .It CompressionLevel | ||
130 | .It ConnectionAttempts | ||
131 | .It ConnectionTimeout | ||
132 | .It DynamicForward | ||
133 | .It EscapeChar | ||
134 | .It ForwardAgent | ||
135 | .It ForwardX11 | ||
136 | .It GatewayPorts | ||
137 | .It GlobalKnownHostsFile | ||
138 | .It GSSAPIAuthentication | ||
139 | .It GSSAPIDelegateCredentials | ||
140 | .It Host | ||
141 | .It HostbasedAuthentication | ||
142 | .It HostKeyAlgorithms | ||
143 | .It HostKeyAlias | ||
144 | .It HostName | ||
145 | .It IdentityFile | ||
146 | .It KeepAlive | ||
147 | .It LocalForward | ||
148 | .It LogLevel | ||
149 | .It MACs | ||
150 | .It NoHostAuthenticationForLocalhost | ||
151 | .It NumberOfPasswordPrompts | ||
152 | .It PasswordAuthentication | ||
153 | .It Port | ||
154 | .It PreferredAuthentications | ||
155 | .It Protocol | ||
156 | .It ProxyCommand | ||
157 | .It PubkeyAuthentication | ||
158 | .It RemoteForward | ||
159 | .It RhostsRSAAuthentication | ||
160 | .It RSAAuthentication | ||
161 | .It SmartcardDevice | ||
162 | .It StrictHostKeyChecking | ||
163 | .It UsePrivilegedPort | ||
164 | .It User | ||
165 | .It UserKnownHostsFile | ||
166 | .It VerifyHostKeyDNS | ||
167 | .It XAuthLocation | ||
168 | .El | ||
107 | .It Fl P Ar port | 169 | .It Fl P Ar port |
108 | Specifies the port to connect to on the remote host. | 170 | Specifies the port to connect to on the remote host. |
109 | Note that this option is written with a capital | 171 | Note that this option is written with a capital |
@@ -112,6 +174,13 @@ because | |||
112 | .Fl p | 174 | .Fl p |
113 | is already reserved for preserving the times and modes of the file in | 175 | is already reserved for preserving the times and modes of the file in |
114 | .Xr rcp 1 . | 176 | .Xr rcp 1 . |
177 | .It Fl p | ||
178 | Preserves modification times, access times, and modes from the | ||
179 | original file. | ||
180 | .It Fl q | ||
181 | Disables the progress meter. | ||
182 | .It Fl r | ||
183 | Recursively copy entire directories. | ||
115 | .It Fl S Ar program | 184 | .It Fl S Ar program |
116 | Name of | 185 | Name of |
117 | .Ar program | 186 | .Ar program |
@@ -119,31 +188,15 @@ to use for the encrypted connection. | |||
119 | The program must understand | 188 | The program must understand |
120 | .Xr ssh 1 | 189 | .Xr ssh 1 |
121 | options. | 190 | options. |
122 | .It Fl o Ar ssh_option | 191 | .It Fl v |
123 | Can be used to pass options to | 192 | Verbose mode. |
124 | .Nm ssh | 193 | Causes |
125 | in the format used in | ||
126 | .Xr ssh_config 5 . | ||
127 | This is useful for specifying options | ||
128 | for which there is no separate | ||
129 | .Nm scp | ||
130 | command-line flag. | ||
131 | .It Fl 1 | ||
132 | Forces | ||
133 | .Nm | ||
134 | to use protocol 1. | ||
135 | .It Fl 2 | ||
136 | Forces | ||
137 | .Nm | ||
138 | to use protocol 2. | ||
139 | .It Fl 4 | ||
140 | Forces | ||
141 | .Nm | ||
142 | to use IPv4 addresses only. | ||
143 | .It Fl 6 | ||
144 | Forces | ||
145 | .Nm | 194 | .Nm |
146 | to use IPv6 addresses only. | 195 | and |
196 | .Xr ssh 1 | ||
197 | to print debugging messages about their progress. | ||
198 | This is helpful in | ||
199 | debugging connection, authentication, and configuration problems. | ||
147 | .El | 200 | .El |
148 | .Sh DIAGNOSTICS | 201 | .Sh DIAGNOSTICS |
149 | .Nm | 202 | .Nm |
@@ -165,5 +218,4 @@ program in BSD source code from the Regents of the University of | |||
165 | California. | 218 | California. |
166 | .Sh AUTHORS | 219 | .Sh AUTHORS |
167 | .An Timo Rinne Aq tri@iki.fi | 220 | .An Timo Rinne Aq tri@iki.fi |
168 | and | ||
169 | .An Tatu Ylonen Aq ylo@cs.hut.fi | 221 | .An Tatu Ylonen Aq ylo@cs.hut.fi |
@@ -71,7 +71,7 @@ | |||
71 | */ | 71 | */ |
72 | 72 | ||
73 | #include "includes.h" | 73 | #include "includes.h" |
74 | RCSID("$OpenBSD: scp.c,v 1.109 2003/09/19 17:40:20 markus Exp $"); | 74 | RCSID("$OpenBSD: scp.c,v 1.110 2003/10/08 08:27:36 jmc Exp $"); |
75 | 75 | ||
76 | #include "xmalloc.h" | 76 | #include "xmalloc.h" |
77 | #include "atomicio.h" | 77 | #include "atomicio.h" |
@@ -1019,8 +1019,8 @@ void | |||
1019 | usage(void) | 1019 | usage(void) |
1020 | { | 1020 | { |
1021 | (void) fprintf(stderr, | 1021 | (void) fprintf(stderr, |
1022 | "usage: scp [-pqrvBC1246] [-F config] [-S program] [-P port]\n" | 1022 | "usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n" |
1023 | " [-c cipher] [-i identity] [-l limit] [-o option]\n" | 1023 | " [-l limit] [-o ssh_option] [-P port] [-S program]\n" |
1024 | " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); | 1024 | " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); |
1025 | exit(1); | 1025 | exit(1); |
1026 | } | 1026 | } |
diff --git a/sftp-server.8 b/sftp-server.8 index 871f83796..42f5d437c 100644 --- a/sftp-server.8 +++ b/sftp-server.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp-server.8,v 1.9 2003/06/10 09:12:11 jmc Exp $ | 1 | .\" $OpenBSD: sftp-server.8,v 1.10 2003/10/08 08:27:36 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -41,11 +41,12 @@ using the | |||
41 | .Cm Subsystem | 41 | .Cm Subsystem |
42 | option. | 42 | option. |
43 | See | 43 | See |
44 | .Xr sshd 8 | 44 | .Xr sshd_config 5 |
45 | for more information. | 45 | for more information. |
46 | .Sh SEE ALSO | 46 | .Sh SEE ALSO |
47 | .Xr sftp 1 , | 47 | .Xr sftp 1 , |
48 | .Xr ssh 1 , | 48 | .Xr ssh 1 , |
49 | .Xr sshd_config 5 , | ||
49 | .Xr sshd 8 | 50 | .Xr sshd 8 |
50 | .Rs | 51 | .Rs |
51 | .%A T. Ylonen | 52 | .%A T. Ylonen |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp.1,v 1.45 2003/09/02 18:50:06 jmc Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.46 2003/10/08 08:27:36 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -31,15 +31,15 @@ | |||
31 | .Sh SYNOPSIS | 31 | .Sh SYNOPSIS |
32 | .Nm sftp | 32 | .Nm sftp |
33 | .Bk -words | 33 | .Bk -words |
34 | .Op Fl vC1 | 34 | .Op Fl 1Cv |
35 | .Op Fl b Ar batchfile | ||
36 | .Op Fl o Ar ssh_option | ||
37 | .Op Fl s Ar subsystem | sftp_server | ||
38 | .Op Fl B Ar buffer_size | 35 | .Op Fl B Ar buffer_size |
36 | .Op Fl b Ar batchfile | ||
39 | .Op Fl F Ar ssh_config | 37 | .Op Fl F Ar ssh_config |
40 | .Op Fl P Ar sftp_server path | 38 | .Op Fl o Ar ssh_option |
39 | .Op Fl P Ar sftp_server_path | ||
41 | .Op Fl R Ar num_requests | 40 | .Op Fl R Ar num_requests |
42 | .Op Fl S Ar program | 41 | .Op Fl S Ar program |
42 | .Op Fl s Ar subsystem | sftp_server | ||
43 | .Ar host | 43 | .Ar host |
44 | .Ek | 44 | .Ek |
45 | .Nm sftp | 45 | .Nm sftp |
@@ -84,6 +84,15 @@ and | |||
84 | for details). | 84 | for details). |
85 | The options are as follows: | 85 | The options are as follows: |
86 | .Bl -tag -width Ds | 86 | .Bl -tag -width Ds |
87 | .It Fl 1 | ||
88 | Specify the use of protocol version 1. | ||
89 | .It Fl B Ar buffer_size | ||
90 | Specify the size of the buffer that | ||
91 | .Nm | ||
92 | uses when transferring files. | ||
93 | Larger buffers require fewer round trips at the cost of higher | ||
94 | memory consumption. | ||
95 | The default is 32768 bytes. | ||
87 | .It Fl b Ar batchfile | 96 | .It Fl b Ar batchfile |
88 | Batch mode reads a series of commands from an input | 97 | Batch mode reads a series of commands from an input |
89 | .Ar batchfile | 98 | .Ar batchfile |
@@ -104,6 +113,16 @@ prefixing the command with a | |||
104 | .Sq Ic \- | 113 | .Sq Ic \- |
105 | character (for example, | 114 | character (for example, |
106 | .Ic -rm /tmp/blah* ) . | 115 | .Ic -rm /tmp/blah* ) . |
116 | .It Fl C | ||
117 | Enables compression (via ssh's | ||
118 | .Fl C | ||
119 | flag). | ||
120 | .It Fl F Ar ssh_config | ||
121 | Specifies an alternative | ||
122 | per-user configuration file for | ||
123 | .Xr ssh 1 . | ||
124 | This option is directly passed to | ||
125 | .Xr ssh 1 . | ||
107 | .It Fl o Ar ssh_option | 126 | .It Fl o Ar ssh_option |
108 | Can be used to pass options to | 127 | Can be used to pass options to |
109 | .Nm ssh | 128 | .Nm ssh |
@@ -115,35 +134,60 @@ for which there is no separate | |||
115 | command-line flag. | 134 | command-line flag. |
116 | For example, to specify an alternate port use: | 135 | For example, to specify an alternate port use: |
117 | .Ic sftp -oPort=24 . | 136 | .Ic sftp -oPort=24 . |
118 | .It Fl s Ar subsystem | sftp_server | 137 | For full details of the options listed below, and their possible values, see |
119 | Specifies the SSH2 subsystem or the path for an sftp server | 138 | .Xr ssh_config 5 . |
120 | on the remote host. | 139 | .Pp |
121 | A path is useful for using | 140 | .Bl -tag -width Ds -offset indent -compact |
122 | .Nm | 141 | .It AddressFamily |
123 | over protocol version 1, or when the remote | 142 | .It BatchMode |
124 | .Xr sshd 8 | 143 | .It BindAddress |
125 | does not have an sftp subsystem configured. | 144 | .It ChallengeResponseAuthentication |
126 | .It Fl v | 145 | .It CheckHostIP |
127 | Raise logging level. | 146 | .It Cipher |
128 | This option is also passed to ssh. | 147 | .It Ciphers |
129 | .It Fl B Ar buffer_size | 148 | .It ClearAllForwardings |
130 | Specify the size of the buffer that | 149 | .It Compression |
131 | .Nm | 150 | .It CompressionLevel |
132 | uses when transferring files. | 151 | .It ConnectionAttempts |
133 | Larger buffers require fewer round trips at the cost of higher | 152 | .It ConnectionTimeout |
134 | memory consumption. | 153 | .It DynamicForward |
135 | The default is 32768 bytes. | 154 | .It EscapeChar |
136 | .It Fl C | 155 | .It ForwardAgent |
137 | Enables compression (via ssh's | 156 | .It ForwardX11 |
138 | .Fl C | 157 | .It GatewayPorts |
139 | flag). | 158 | .It GlobalKnownHostsFile |
140 | .It Fl F Ar ssh_config | 159 | .It GSSAPIAuthentication |
141 | Specifies an alternative | 160 | .It GSSAPIDelegateCredentials |
142 | per-user configuration file for | 161 | .It Host |
143 | .Xr ssh 1 . | 162 | .It HostbasedAuthentication |
144 | This option is directly passed to | 163 | .It HostKeyAlgorithms |
145 | .Xr ssh 1 . | 164 | .It HostKeyAlias |
146 | .It Fl P Ar sftp_server path | 165 | .It HostName |
166 | .It IdentityFile | ||
167 | .It KeepAlive | ||
168 | .It LocalForward | ||
169 | .It LogLevel | ||
170 | .It MACs | ||
171 | .It NoHostAuthenticationForLocalhost | ||
172 | .It NumberOfPasswordPrompts | ||
173 | .It PasswordAuthentication | ||
174 | .It Port | ||
175 | .It PreferredAuthentications | ||
176 | .It Protocol | ||
177 | .It ProxyCommand | ||
178 | .It PubkeyAuthentication | ||
179 | .It RemoteForward | ||
180 | .It RhostsRSAAuthentication | ||
181 | .It RSAAuthentication | ||
182 | .It SmartcardDevice | ||
183 | .It StrictHostKeyChecking | ||
184 | .It UsePrivilegedPort | ||
185 | .It User | ||
186 | .It UserKnownHostsFile | ||
187 | .It VerifyHostKeyDNS | ||
188 | .It XAuthLocation | ||
189 | .El | ||
190 | .It Fl P Ar sftp_server_path | ||
147 | Connect directly to a local sftp server | 191 | Connect directly to a local sftp server |
148 | (rather than via | 192 | (rather than via |
149 | .Xr ssh 1 ) | 193 | .Xr ssh 1 ) |
@@ -160,8 +204,17 @@ to use for the encrypted connection. | |||
160 | The program must understand | 204 | The program must understand |
161 | .Xr ssh 1 | 205 | .Xr ssh 1 |
162 | options. | 206 | options. |
163 | .It Fl 1 | 207 | .It Fl s Ar subsystem | sftp_server |
164 | Specify the use of protocol version 1. | 208 | Specifies the SSH2 subsystem or the path for an sftp server |
209 | on the remote host. | ||
210 | A path is useful for using | ||
211 | .Nm | ||
212 | over protocol version 1, or when the remote | ||
213 | .Xr sshd 8 | ||
214 | does not have an sftp subsystem configured. | ||
215 | .It Fl v | ||
216 | Raise logging level. | ||
217 | This option is also passed to ssh. | ||
165 | .El | 218 | .El |
166 | .Sh INTERACTIVE COMMANDS | 219 | .Sh INTERACTIVE COMMANDS |
167 | Once in interactive mode, | 220 | Once in interactive mode, |
@@ -170,16 +223,13 @@ understands a set of commands similar to those of | |||
170 | .Xr ftp 1 . | 223 | .Xr ftp 1 . |
171 | Commands are case insensitive and pathnames may be enclosed in quotes if they | 224 | Commands are case insensitive and pathnames may be enclosed in quotes if they |
172 | contain spaces. | 225 | contain spaces. |
173 | .Bl -tag -width Ds | 226 | .Bl -tag -width "lmdir path" |
174 | .It Ic bye | 227 | .It Ic bye |
175 | Quit | 228 | Quit |
176 | .Nm sftp . | 229 | .Nm sftp . |
177 | .It Ic cd Ar path | 230 | .It Ic cd Ar path |
178 | Change remote directory to | 231 | Change remote directory to |
179 | .Ar path . | 232 | .Ar path . |
180 | .It Ic lcd Ar path | ||
181 | Change local directory to | ||
182 | .Ar path . | ||
183 | .It Ic chgrp Ar grp Ar path | 233 | .It Ic chgrp Ar grp Ar path |
184 | Change group of file | 234 | Change group of file |
185 | .Ar path | 235 | .Ar path |
@@ -219,6 +269,9 @@ flag is specified, then the file's full permission and access time are | |||
219 | copied too. | 269 | copied too. |
220 | .It Ic help | 270 | .It Ic help |
221 | Display help text. | 271 | Display help text. |
272 | .It Ic lcd Ar path | ||
273 | Change local directory to | ||
274 | .Ar path . | ||
222 | .It Ic lls Op Ar ls-options Op Ar path | 275 | .It Ic lls Op Ar ls-options Op Ar path |
223 | Display local directory listing of either | 276 | Display local directory listing of either |
224 | .Ar path | 277 | .Ar path |
@@ -280,12 +333,12 @@ Rename remote file from | |||
280 | .Ar oldpath | 333 | .Ar oldpath |
281 | to | 334 | to |
282 | .Ar newpath . | 335 | .Ar newpath . |
283 | .It Ic rmdir Ar path | ||
284 | Remove remote directory specified by | ||
285 | .Ar path . | ||
286 | .It Ic rm Ar path | 336 | .It Ic rm Ar path |
287 | Delete remote file specified by | 337 | Delete remote file specified by |
288 | .Ar path . | 338 | .Ar path . |
339 | .It Ic rmdir Ar path | ||
340 | Remove remote directory specified by | ||
341 | .Ar path . | ||
289 | .It Ic symlink Ar oldpath Ar newpath | 342 | .It Ic symlink Ar oldpath Ar newpath |
290 | Create a symbolic link from | 343 | Create a symbolic link from |
291 | .Ar oldpath | 344 | .Ar oldpath |
@@ -305,6 +358,7 @@ Escape to local shell. | |||
305 | Synonym for help. | 358 | Synonym for help. |
306 | .El | 359 | .El |
307 | .Sh SEE ALSO | 360 | .Sh SEE ALSO |
361 | .Xr ftp 1 , | ||
308 | .Xr scp 1 , | 362 | .Xr scp 1 , |
309 | .Xr ssh 1 , | 363 | .Xr ssh 1 , |
310 | .Xr ssh-add 1 , | 364 | .Xr ssh-add 1 , |
@@ -24,7 +24,7 @@ | |||
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | 26 | ||
27 | RCSID("$OpenBSD: sftp.c,v 1.37 2003/07/10 20:05:55 markus Exp $"); | 27 | RCSID("$OpenBSD: sftp.c,v 1.38 2003/10/08 08:27:36 jmc Exp $"); |
28 | 28 | ||
29 | #include "buffer.h" | 29 | #include "buffer.h" |
30 | #include "xmalloc.h" | 30 | #include "xmalloc.h" |
@@ -112,10 +112,12 @@ usage(void) | |||
112 | extern char *__progname; | 112 | extern char *__progname; |
113 | 113 | ||
114 | fprintf(stderr, | 114 | fprintf(stderr, |
115 | "usage: %s [-vC1] [-b batchfile] [-o ssh_option] [-s subsystem | sftp_server]\n" | 115 | "usage: %s [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]\n" |
116 | " [-B buffer_size] [-F ssh_config] [-P sftp_server path]\n" | 116 | " [-o ssh_option] [-P sftp_server_path] [-R num_requests]\n" |
117 | " [-R num_requests] [-S program]\n" | 117 | " [-S program] [-s subsystem | sftp_server] host\n" |
118 | " [user@]host[:file [file]]\n", __progname); | 118 | " %s [[user@]host[:file [file]]]\n" |
119 | " %s [[user@]host[:dir[/]]]\n" | ||
120 | " %s -b batchfile [user@]host\n", __progname, __progname, __progname, __progname); | ||
119 | exit(1); | 121 | exit(1); |
120 | } | 122 | } |
121 | 123 | ||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.176 2003/09/29 11:40:51 jmc Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.177 2003/10/08 08:27:36 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -621,7 +621,6 @@ For full details of the options listed below, and their possible values, see | |||
621 | .It ConnectionAttempts | 621 | .It ConnectionAttempts |
622 | .It ConnectionTimeout | 622 | .It ConnectionTimeout |
623 | .It DynamicForward | 623 | .It DynamicForward |
624 | .It EnableSSHKeysign | ||
625 | .It EscapeChar | 624 | .It EscapeChar |
626 | .It ForwardAgent | 625 | .It ForwardAgent |
627 | .It ForwardX11 | 626 | .It ForwardX11 |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.199 2003/08/13 08:46:31 markus Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.200 2003/10/08 08:27:36 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -44,7 +44,7 @@ | |||
44 | .Sh SYNOPSIS | 44 | .Sh SYNOPSIS |
45 | .Nm sshd | 45 | .Nm sshd |
46 | .Bk -words | 46 | .Bk -words |
47 | .Op Fl deiqtD46 | 47 | .Op Fl 46Ddeiqt |
48 | .Op Fl b Ar bits | 48 | .Op Fl b Ar bits |
49 | .Op Fl f Ar config_file | 49 | .Op Fl f Ar config_file |
50 | .Op Fl g Ar login_grace_time | 50 | .Op Fl g Ar login_grace_time |
@@ -78,9 +78,7 @@ This implementation of | |||
78 | supports both SSH protocol version 1 and 2 simultaneously. | 78 | supports both SSH protocol version 1 and 2 simultaneously. |
79 | .Nm | 79 | .Nm |
80 | works as follows: | 80 | works as follows: |
81 | .Pp | ||
82 | .Ss SSH protocol version 1 | 81 | .Ss SSH protocol version 1 |
83 | .Pp | ||
84 | Each host has a host-specific RSA key | 82 | Each host has a host-specific RSA key |
85 | (normally 1024 bits) used to identify the host. | 83 | (normally 1024 bits) used to identify the host. |
86 | Additionally, when | 84 | Additionally, when |
@@ -92,7 +90,7 @@ Whenever a client connects, the daemon responds with its public | |||
92 | host and server keys. | 90 | host and server keys. |
93 | The client compares the | 91 | The client compares the |
94 | RSA host key against its own database to verify that it has not changed. | 92 | RSA host key against its own database to verify that it has not changed. |
95 | The client then generates a 256 bit random number. | 93 | The client then generates a 256-bit random number. |
96 | It encrypts this | 94 | It encrypts this |
97 | random number using both the host key and the server key, and sends | 95 | random number using both the host key and the server key, and sends |
98 | the encrypted number to the server. | 96 | the encrypted number to the server. |
@@ -107,9 +105,9 @@ to use from those offered by the server. | |||
107 | .Pp | 105 | .Pp |
108 | Next, the server and the client enter an authentication dialog. | 106 | Next, the server and the client enter an authentication dialog. |
109 | The client tries to authenticate itself using | 107 | The client tries to authenticate itself using |
110 | .Pa .rhosts | 108 | .Em .rhosts |
111 | authentication, | 109 | authentication, |
112 | .Pa .rhosts | 110 | .Em .rhosts |
113 | authentication combined with RSA host | 111 | authentication combined with RSA host |
114 | authentication, RSA challenge-response authentication, or password | 112 | authentication, RSA challenge-response authentication, or password |
115 | based authentication. | 113 | based authentication. |
@@ -137,7 +135,8 @@ or | |||
137 | .Ql \&*NP\&* | 135 | .Ql \&*NP\&* |
138 | ). | 136 | ). |
139 | .Pp | 137 | .Pp |
140 | Rhosts authentication is normally disabled | 138 | .Em rhosts |
139 | authentication is normally disabled | ||
141 | because it is fundamentally insecure, but can be enabled in the server | 140 | because it is fundamentally insecure, but can be enabled in the server |
142 | configuration file if desired. | 141 | configuration file if desired. |
143 | System security is not improved unless | 142 | System security is not improved unless |
@@ -150,9 +149,7 @@ are disabled (thus completely disabling | |||
150 | and | 149 | and |
151 | .Xr rsh | 150 | .Xr rsh |
152 | into the machine). | 151 | into the machine). |
153 | .Pp | ||
154 | .Ss SSH protocol version 2 | 152 | .Ss SSH protocol version 2 |
155 | .Pp | ||
156 | Version 2 works similarly: | 153 | Version 2 works similarly: |
157 | Each host has a host-specific key (RSA or DSA) used to identify the host. | 154 | Each host has a host-specific key (RSA or DSA) used to identify the host. |
158 | However, when the daemon starts, it does not generate a server key. | 155 | However, when the daemon starts, it does not generate a server key. |
@@ -160,7 +157,7 @@ Forward security is provided through a Diffie-Hellman key agreement. | |||
160 | This key agreement results in a shared session key. | 157 | This key agreement results in a shared session key. |
161 | .Pp | 158 | .Pp |
162 | The rest of the session is encrypted using a symmetric cipher, currently | 159 | The rest of the session is encrypted using a symmetric cipher, currently |
163 | 128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit AES. | 160 | 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. |
164 | The client selects the encryption algorithm | 161 | The client selects the encryption algorithm |
165 | to use from those offered by the server. | 162 | to use from those offered by the server. |
166 | Additionally, session integrity is provided | 163 | Additionally, session integrity is provided |
@@ -171,9 +168,7 @@ Protocol version 2 provides a public key based | |||
171 | user (PubkeyAuthentication) or | 168 | user (PubkeyAuthentication) or |
172 | client host (HostbasedAuthentication) authentication method, | 169 | client host (HostbasedAuthentication) authentication method, |
173 | conventional password authentication and challenge response based methods. | 170 | conventional password authentication and challenge response based methods. |
174 | .Pp | ||
175 | .Ss Command execution and data forwarding | 171 | .Ss Command execution and data forwarding |
176 | .Pp | ||
177 | If the client successfully authenticates itself, a dialog for | 172 | If the client successfully authenticates itself, a dialog for |
178 | preparing the session is entered. | 173 | preparing the session is entered. |
179 | At this time the client may request | 174 | At this time the client may request |
@@ -192,8 +187,9 @@ connections have been closed, the server sends command exit status to | |||
192 | the client, and both sides exit. | 187 | the client, and both sides exit. |
193 | .Pp | 188 | .Pp |
194 | .Nm | 189 | .Nm |
195 | can be configured using command-line options or a configuration | 190 | can be configured using command-line options or a configuration file |
196 | file. | 191 | (by default |
192 | .Xr sshd_config 5 ) . | ||
197 | Command-line options override values specified in the | 193 | Command-line options override values specified in the |
198 | configuration file. | 194 | configuration file. |
199 | .Pp | 195 | .Pp |
@@ -205,9 +201,23 @@ by executing itself with the name it was started as, i.e., | |||
205 | .Pp | 201 | .Pp |
206 | The options are as follows: | 202 | The options are as follows: |
207 | .Bl -tag -width Ds | 203 | .Bl -tag -width Ds |
204 | .It Fl 4 | ||
205 | Forces | ||
206 | .Nm | ||
207 | to use IPv4 addresses only. | ||
208 | .It Fl 6 | ||
209 | Forces | ||
210 | .Nm | ||
211 | to use IPv6 addresses only. | ||
208 | .It Fl b Ar bits | 212 | .It Fl b Ar bits |
209 | Specifies the number of bits in the ephemeral protocol version 1 | 213 | Specifies the number of bits in the ephemeral protocol version 1 |
210 | server key (default 768). | 214 | server key (default 768). |
215 | .It Fl D | ||
216 | When this option is specified, | ||
217 | .Nm | ||
218 | will not detach and does not become a daemon. | ||
219 | This allows easy monitoring of | ||
220 | .Nm sshd . | ||
211 | .It Fl d | 221 | .It Fl d |
212 | Debug mode. | 222 | Debug mode. |
213 | The server sends verbose debug output to the system | 223 | The server sends verbose debug output to the system |
@@ -267,7 +277,7 @@ be feasible. | |||
267 | Specifies how often the ephemeral protocol version 1 server key is | 277 | Specifies how often the ephemeral protocol version 1 server key is |
268 | regenerated (default 3600 seconds, or one hour). | 278 | regenerated (default 3600 seconds, or one hour). |
269 | The motivation for regenerating the key fairly | 279 | The motivation for regenerating the key fairly |
270 | often is that the key is not stored anywhere, and after about an hour, | 280 | often is that the key is not stored anywhere, and after about an hour |
271 | it becomes impossible to recover the key for decrypting intercepted | 281 | it becomes impossible to recover the key for decrypting intercepted |
272 | communications even if the machine is cracked into or physically | 282 | communications even if the machine is cracked into or physically |
273 | seized. | 283 | seized. |
@@ -276,6 +286,8 @@ A value of zero indicates that the key will never be regenerated. | |||
276 | Can be used to give options in the format used in the configuration file. | 286 | Can be used to give options in the format used in the configuration file. |
277 | This is useful for specifying options for which there is no separate | 287 | This is useful for specifying options for which there is no separate |
278 | command-line flag. | 288 | command-line flag. |
289 | For full details of the options, and their values, see | ||
290 | .Xr sshd_config 5 . | ||
279 | .It Fl p Ar port | 291 | .It Fl p Ar port |
280 | Specifies the port on which the server listens for connections | 292 | Specifies the port on which the server listens for connections |
281 | (default 22). | 293 | (default 22). |
@@ -325,20 +337,6 @@ USER@HOST pattern in | |||
325 | .Cm AllowUsers | 337 | .Cm AllowUsers |
326 | or | 338 | or |
327 | .Cm DenyUsers . | 339 | .Cm DenyUsers . |
328 | .It Fl D | ||
329 | When this option is specified | ||
330 | .Nm | ||
331 | will not detach and does not become a daemon. | ||
332 | This allows easy monitoring of | ||
333 | .Nm sshd . | ||
334 | .It Fl 4 | ||
335 | Forces | ||
336 | .Nm | ||
337 | to use IPv4 addresses only. | ||
338 | .It Fl 6 | ||
339 | Forces | ||
340 | .Nm | ||
341 | to use IPv6 addresses only. | ||
342 | .El | 340 | .El |
343 | .Sh CONFIGURATION FILE | 341 | .Sh CONFIGURATION FILE |
344 | .Nm | 342 | .Nm |
@@ -375,9 +373,9 @@ Changes to run with normal user privileges. | |||
375 | .It | 373 | .It |
376 | Sets up basic environment. | 374 | Sets up basic environment. |
377 | .It | 375 | .It |
378 | Reads | 376 | Reads the file |
379 | .Pa $HOME/.ssh/environment | 377 | .Pa $HOME/.ssh/environment , |
380 | if it exists and users are allowed to change their environment. | 378 | if it exists, and users are allowed to change their environment. |
381 | See the | 379 | See the |
382 | .Cm PermitUserEnvironment | 380 | .Cm PermitUserEnvironment |
383 | option in | 381 | option in |
@@ -516,7 +514,7 @@ Limit local | |||
516 | port forwarding such that it may only connect to the specified host and | 514 | port forwarding such that it may only connect to the specified host and |
517 | port. | 515 | port. |
518 | IPv6 addresses can be specified with an alternative syntax: | 516 | IPv6 addresses can be specified with an alternative syntax: |
519 | .Ar host/port . | 517 | .Ar host Ns / Ns Ar port . |
520 | Multiple | 518 | Multiple |
521 | .Cm permitopen | 519 | .Cm permitopen |
522 | options may be applied separated by commas. | 520 | options may be applied separated by commas. |
@@ -524,13 +522,13 @@ No pattern matching is performed on the specified hostnames, | |||
524 | they must be literal domains or addresses. | 522 | they must be literal domains or addresses. |
525 | .El | 523 | .El |
526 | .Ss Examples | 524 | .Ss Examples |
527 | 1024 33 12121.\|.\|.\|312314325 ylo@foo.bar | 525 | 1024 33 12121...312314325 ylo@foo.bar |
528 | .Pp | 526 | .Pp |
529 | from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula | 527 | from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula |
530 | .Pp | 528 | .Pp |
531 | command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi | 529 | command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi |
532 | .Pp | 530 | .Pp |
533 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 | 531 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 |
534 | .Sh SSH_KNOWN_HOSTS FILE FORMAT | 532 | .Sh SSH_KNOWN_HOSTS FILE FORMAT |
535 | The | 533 | The |
536 | .Pa /etc/ssh/ssh_known_hosts | 534 | .Pa /etc/ssh/ssh_known_hosts |
@@ -588,7 +586,7 @@ or by taking | |||
588 | and adding the host names at the front. | 586 | and adding the host names at the front. |
589 | .Ss Examples | 587 | .Ss Examples |
590 | .Bd -literal | 588 | .Bd -literal |
591 | closenet,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi | 589 | closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi |
592 | cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= | 590 | cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= |
593 | .Ed | 591 | .Ed |
594 | .Sh FILES | 592 | .Sh FILES |
@@ -647,7 +645,7 @@ and/or | |||
647 | .Pa id_rsa.pub | 645 | .Pa id_rsa.pub |
648 | files into this file, as described in | 646 | files into this file, as described in |
649 | .Xr ssh-keygen 1 . | 647 | .Xr ssh-keygen 1 . |
650 | .It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts" | 648 | .It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts" |
651 | These files are consulted when using rhosts with RSA host | 649 | These files are consulted when using rhosts with RSA host |
652 | authentication or protocol version 2 hostbased authentication | 650 | authentication or protocol version 2 hostbased authentication |
653 | to check the public key of the host. | 651 | to check the public key of the host. |
@@ -681,7 +679,7 @@ The file must | |||
681 | be writable only by the user; it is recommended that it not be | 679 | be writable only by the user; it is recommended that it not be |
682 | accessible by others. | 680 | accessible by others. |
683 | .Pp | 681 | .Pp |
684 | If is also possible to use netgroups in the file. | 682 | It is also possible to use netgroups in the file. |
685 | Either host or user | 683 | Either host or user |
686 | name may be of the form +@groupname to specify all hosts or all users | 684 | name may be of the form +@groupname to specify all hosts or all users |
687 | in the group. | 685 | in the group. |
@@ -693,7 +691,7 @@ However, this file is | |||
693 | not used by rlogin and rshd, so using this permits access using SSH only. | 691 | not used by rlogin and rshd, so using this permits access using SSH only. |
694 | .It Pa /etc/hosts.equiv | 692 | .It Pa /etc/hosts.equiv |
695 | This file is used during | 693 | This file is used during |
696 | .Pa .rhosts | 694 | .Em rhosts |
697 | authentication. | 695 | authentication. |
698 | In the simplest form, this file contains host names, one per line. | 696 | In the simplest form, this file contains host names, one per line. |
699 | Users on | 697 | Users on |
@@ -800,9 +798,12 @@ This file should be writable only by root, and should be world-readable. | |||
800 | .Xr ssh-add 1 , | 798 | .Xr ssh-add 1 , |
801 | .Xr ssh-agent 1 , | 799 | .Xr ssh-agent 1 , |
802 | .Xr ssh-keygen 1 , | 800 | .Xr ssh-keygen 1 , |
801 | .Xr chroot 2 , | ||
802 | .Xr hosts_access 5 , | ||
803 | .Xr login.conf 5 , | 803 | .Xr login.conf 5 , |
804 | .Xr moduli 5 , | 804 | .Xr moduli 5 , |
805 | .Xr sshd_config 5 , | 805 | .Xr sshd_config 5 , |
806 | .Xr inetd 8 , | ||
806 | .Xr sftp-server 8 | 807 | .Xr sftp-server 8 |
807 | .Rs | 808 | .Rs |
808 | .%A T. Ylonen | 809 | .%A T. Ylonen |