diff options
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | auth-rh-rsa.c | 2 | ||||
-rw-r--r-- | auth-rsa.c | 2 | ||||
-rw-r--r-- | authfd.c | 2 | ||||
-rw-r--r-- | authfile.c | 2 | ||||
-rw-r--r-- | bufaux.c | 2 | ||||
-rw-r--r-- | buffer.c | 8 | ||||
-rw-r--r-- | cipher.c | 2 | ||||
-rw-r--r-- | cipher.h | 2 | ||||
-rw-r--r-- | dsa.c | 2 | ||||
-rw-r--r-- | hmac.c | 2 | ||||
-rw-r--r-- | hostfile.c | 2 | ||||
-rw-r--r-- | kex.c | 2 | ||||
-rw-r--r-- | mpaux.c | 2 | ||||
-rw-r--r-- | packet.c | 2 | ||||
-rw-r--r-- | packet.h | 2 | ||||
-rw-r--r-- | rsa.h | 2 | ||||
-rw-r--r-- | scp.1 | 6 | ||||
-rw-r--r-- | ssh-add.1 | 8 | ||||
-rw-r--r-- | ssh-agent.1 | 14 | ||||
-rw-r--r-- | ssh-agent.c | 4 | ||||
-rw-r--r-- | ssh-keygen.1 | 8 | ||||
-rw-r--r-- | ssh.1 | 89 | ||||
-rw-r--r-- | sshconnect.c | 2 | ||||
-rw-r--r-- | sshd.8 | 56 | ||||
-rw-r--r-- | sshd.c | 2 |
26 files changed, 131 insertions, 97 deletions
@@ -1,5 +1,6 @@ | |||
1 | 20000413 | 1 | 20000413 |
2 | - INSTALL doc updates | 2 | - INSTALL doc updates |
3 | - Merged OpenBSD updates to include paths. | ||
3 | 4 | ||
4 | 20000412 | 5 | 20000412 |
5 | - OpenBSD CVS updates: | 6 | - OpenBSD CVS updates: |
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 19782577b..d3d90246c 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
@@ -15,7 +15,7 @@ | |||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | RCSID("$Id: auth-rh-rsa.c,v 1.8 2000/03/26 03:04:52 damien Exp $"); | 18 | RCSID("$Id: auth-rh-rsa.c,v 1.9 2000/04/13 02:26:35 damien Exp $"); |
19 | 19 | ||
20 | #ifdef HAVE_OPENSSL | 20 | #ifdef HAVE_OPENSSL |
21 | #include <openssl/bn.h> | 21 | #include <openssl/bn.h> |
diff --git a/auth-rsa.c b/auth-rsa.c index 22ac09c45..fff524949 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -16,7 +16,7 @@ | |||
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: auth-rsa.c,v 1.14 2000/03/26 03:04:52 damien Exp $"); | 19 | RCSID("$Id: auth-rsa.c,v 1.15 2000/04/13 02:26:35 damien Exp $"); |
20 | 20 | ||
21 | #include "rsa.h" | 21 | #include "rsa.h" |
22 | #include "packet.h" | 22 | #include "packet.h" |
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$Id: authfd.c,v 1.10 1999/12/16 02:18:04 damien Exp $"); | 17 | RCSID("$Id: authfd.c,v 1.11 2000/04/13 02:26:35 damien Exp $"); |
18 | 18 | ||
19 | #include "ssh.h" | 19 | #include "ssh.h" |
20 | #include "rsa.h" | 20 | #include "rsa.h" |
diff --git a/authfile.c b/authfile.c index 6ce0ac61f..6113ddd87 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -15,7 +15,7 @@ | |||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | RCSID("$Id: authfile.c,v 1.8 2000/04/06 02:32:38 damien Exp $"); | 18 | RCSID("$Id: authfile.c,v 1.9 2000/04/13 02:26:36 damien Exp $"); |
19 | 19 | ||
20 | #ifdef HAVE_OPENSSL | 20 | #ifdef HAVE_OPENSSL |
21 | #include <openssl/bn.h> | 21 | #include <openssl/bn.h> |
@@ -17,7 +17,7 @@ | |||
17 | */ | 17 | */ |
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | RCSID("$Id: bufaux.c,v 1.9 2000/04/01 01:09:23 damien Exp $"); | 20 | RCSID("$Id: bufaux.c,v 1.10 2000/04/13 02:26:36 damien Exp $"); |
21 | 21 | ||
22 | #include "ssh.h" | 22 | #include "ssh.h" |
23 | 23 | ||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$Id: buffer.c,v 1.3 1999/11/25 00:54:58 damien Exp $"); | 17 | RCSID("$Id: buffer.c,v 1.4 2000/04/13 02:26:36 damien Exp $"); |
18 | 18 | ||
19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
20 | #include "buffer.h" | 20 | #include "buffer.h" |
@@ -114,7 +114,7 @@ void | |||
114 | buffer_get(Buffer *buffer, char *buf, unsigned int len) | 114 | buffer_get(Buffer *buffer, char *buf, unsigned int len) |
115 | { | 115 | { |
116 | if (len > buffer->end - buffer->offset) | 116 | if (len > buffer->end - buffer->offset) |
117 | fatal("buffer_get trying to get more bytes than in buffer"); | 117 | fatal("buffer_get: trying to get more bytes than in buffer"); |
118 | memcpy(buf, buffer->buf + buffer->offset, len); | 118 | memcpy(buf, buffer->buf + buffer->offset, len); |
119 | buffer->offset += len; | 119 | buffer->offset += len; |
120 | } | 120 | } |
@@ -125,7 +125,7 @@ void | |||
125 | buffer_consume(Buffer *buffer, unsigned int bytes) | 125 | buffer_consume(Buffer *buffer, unsigned int bytes) |
126 | { | 126 | { |
127 | if (bytes > buffer->end - buffer->offset) | 127 | if (bytes > buffer->end - buffer->offset) |
128 | fatal("buffer_get trying to get more bytes than in buffer"); | 128 | fatal("buffer_consume: trying to get more bytes than in buffer"); |
129 | buffer->offset += bytes; | 129 | buffer->offset += bytes; |
130 | } | 130 | } |
131 | 131 | ||
@@ -135,7 +135,7 @@ void | |||
135 | buffer_consume_end(Buffer *buffer, unsigned int bytes) | 135 | buffer_consume_end(Buffer *buffer, unsigned int bytes) |
136 | { | 136 | { |
137 | if (bytes > buffer->end - buffer->offset) | 137 | if (bytes > buffer->end - buffer->offset) |
138 | fatal("buffer_get trying to get more bytes than in buffer"); | 138 | fatal("buffer_consume_end: trying to get more bytes than in buffer"); |
139 | buffer->end -= bytes; | 139 | buffer->end -= bytes; |
140 | } | 140 | } |
141 | 141 | ||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$Id: cipher.c,v 1.17 2000/04/12 10:17:39 damien Exp $"); | 15 | RCSID("$Id: cipher.c,v 1.18 2000/04/13 02:26:36 damien Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "cipher.h" | 18 | #include "cipher.h" |
@@ -11,7 +11,7 @@ | |||
11 | * | 11 | * |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$Id: cipher.h,v 1.9 2000/04/12 10:17:39 damien Exp $"); */ | 14 | /* RCSID("$Id: cipher.h,v 1.10 2000/04/13 02:26:36 damien Exp $"); */ |
15 | 15 | ||
16 | #ifndef CIPHER_H | 16 | #ifndef CIPHER_H |
17 | #define CIPHER_H | 17 | #define CIPHER_H |
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$Id: dsa.c,v 1.2 2000/04/12 06:37:02 markus Exp $"); | 31 | RCSID("$Id: dsa.c,v 1.3 2000/04/12 09:39:10 markus Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "xmalloc.h" | 34 | #include "xmalloc.h" |
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$Id: hmac.c,v 1.1 2000/04/03 20:06:15 markus Exp $"); | 31 | RCSID("$Id: hmac.c,v 1.2 2000/04/12 09:39:10 markus Exp $"); |
32 | 32 | ||
33 | #include "xmalloc.h" | 33 | #include "xmalloc.h" |
34 | #include "ssh.h" | 34 | #include "ssh.h" |
diff --git a/hostfile.c b/hostfile.c index a6684fa2c..c594c29aa 100644 --- a/hostfile.c +++ b/hostfile.c | |||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: hostfile.c,v 1.14 2000/03/23 22:15:33 markus Exp $"); | 17 | RCSID("$OpenBSD: hostfile.c,v 1.15 2000/04/12 09:39:10 markus Exp $"); |
18 | 18 | ||
19 | #ifdef HAVE_OPENSSL | 19 | #ifdef HAVE_OPENSSL |
20 | #include <openssl/bn.h> | 20 | #include <openssl/bn.h> |
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$Id: kex.c,v 1.3 2000/04/12 10:17:39 damien Exp $"); | 31 | RCSID("$Id: kex.c,v 1.4 2000/04/13 02:26:36 damien Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "ssh2.h" | 34 | #include "ssh2.h" |
@@ -15,7 +15,7 @@ | |||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | RCSID("$Id: mpaux.c,v 1.9 2000/04/01 01:09:24 damien Exp $"); | 18 | RCSID("$Id: mpaux.c,v 1.10 2000/04/13 02:26:36 damien Exp $"); |
19 | 19 | ||
20 | #include "getput.h" | 20 | #include "getput.h" |
21 | #include "xmalloc.h" | 21 | #include "xmalloc.h" |
@@ -17,7 +17,7 @@ | |||
17 | */ | 17 | */ |
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | RCSID("$Id: packet.c,v 1.16 2000/04/06 02:32:40 damien Exp $"); | 20 | RCSID("$Id: packet.c,v 1.17 2000/04/13 02:26:37 damien Exp $"); |
21 | 21 | ||
22 | #ifdef HAVE_OPENSSL | 22 | #ifdef HAVE_OPENSSL |
23 | # include <openssl/bn.h> | 23 | # include <openssl/bn.h> |
@@ -13,7 +13,7 @@ | |||
13 | * | 13 | * |
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: packet.h,v 1.12 2000/04/06 02:32:40 damien Exp $"); */ | 16 | /* RCSID("$Id: packet.h,v 1.13 2000/04/13 02:26:37 damien Exp $"); */ |
17 | 17 | ||
18 | #ifndef PACKET_H | 18 | #ifndef PACKET_H |
19 | #define PACKET_H | 19 | #define PACKET_H |
@@ -13,7 +13,7 @@ | |||
13 | * | 13 | * |
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: rsa.h,v 1.6 2000/01/29 09:40:22 damien Exp $"); */ | 16 | /* RCSID("$Id: rsa.h,v 1.7 2000/04/13 02:26:37 damien Exp $"); */ |
17 | 17 | ||
18 | #ifndef RSA_H | 18 | #ifndef RSA_H |
19 | #define RSA_H | 19 | #define RSA_H |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sun May 7 00:14:37 1995 ylo | 10 | .\" Created: Sun May 7 00:14:37 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: scp.1,v 1.6 2000/03/26 03:04:53 damien Exp $ | 12 | .\" $Id: scp.1,v 1.7 2000/04/13 02:26:37 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SCP 1 | 15 | .Dt SCP 1 |
@@ -36,7 +36,7 @@ | |||
36 | .Ar host2 No : | 36 | .Ar host2 No : |
37 | .Oc Ar file2 | 37 | .Oc Ar file2 |
38 | .Sm on | 38 | .Sm on |
39 | .Sh DESCRIPTION | 39 | .Sh DESCRIPTION |
40 | .Nm | 40 | .Nm |
41 | copies files between hosts on a network. | 41 | copies files between hosts on a network. |
42 | It uses | 42 | It uses |
@@ -74,7 +74,7 @@ Recursively copy entire directories. | |||
74 | Verbose mode. | 74 | Verbose mode. |
75 | Causes | 75 | Causes |
76 | .Nm | 76 | .Nm |
77 | and | 77 | and |
78 | .Xr ssh 1 | 78 | .Xr ssh 1 |
79 | to print debugging messages about their progress. | 79 | to print debugging messages about their progress. |
80 | This is helpful in | 80 | This is helpful in |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: ssh-add.1,v 1.10 2000/03/26 03:04:53 damien Exp $ | 12 | .\" $Id: ssh-add.1,v 1.11 2000/04/13 02:26:37 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSH-ADD 1 | 15 | .Dt SSH-ADD 1 |
@@ -21,7 +21,7 @@ | |||
21 | .Nm ssh-add | 21 | .Nm ssh-add |
22 | .Op Fl lLdD | 22 | .Op Fl lLdD |
23 | .Op Ar | 23 | .Op Ar |
24 | .Sh DESCRIPTION | 24 | .Sh DESCRIPTION |
25 | .Nm | 25 | .Nm |
26 | adds identities to the authentication agent, | 26 | adds identities to the authentication agent, |
27 | .Xr ssh-agent 1 . | 27 | .Xr ssh-agent 1 . |
@@ -30,7 +30,7 @@ When run without arguments, it adds the file | |||
30 | Alternative file names can be given on the command line. | 30 | Alternative file names can be given on the command line. |
31 | If any file requires a passphrase, | 31 | If any file requires a passphrase, |
32 | .Nm | 32 | .Nm |
33 | asks for the passphrase from the user. | 33 | asks for the passphrase from the user. |
34 | The Passphrase it is read from the user's tty. | 34 | The Passphrase it is read from the user's tty. |
35 | .Pp | 35 | .Pp |
36 | The authentication agent must be running and must be an ancestor of | 36 | The authentication agent must be running and must be an ancestor of |
@@ -108,7 +108,7 @@ external libraries. | |||
108 | .It | 108 | .It |
109 | has been updated to support ssh protocol 1.5. | 109 | has been updated to support ssh protocol 1.5. |
110 | .It | 110 | .It |
111 | contains added support for | 111 | contains added support for |
112 | .Xr kerberos 8 | 112 | .Xr kerberos 8 |
113 | authentication and ticket passing. | 113 | authentication and ticket passing. |
114 | .It | 114 | .It |
diff --git a/ssh-agent.1 b/ssh-agent.1 index 7029b60dc..b49d62b5a 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-agent.1,v 1.10 2000/03/23 21:10:10 aaron Exp $ | 1 | .\" $OpenBSD: ssh-agent.1,v 1.11 2000/04/12 21:47:50 aaron Exp $ |
2 | .\" | 2 | .\" |
3 | .\" -*- nroff -*- | 3 | .\" -*- nroff -*- |
4 | .\" | 4 | .\" |
@@ -18,14 +18,14 @@ | |||
18 | .Nm ssh-agent | 18 | .Nm ssh-agent |
19 | .Nd authentication agent | 19 | .Nd authentication agent |
20 | .Sh SYNOPSIS | 20 | .Sh SYNOPSIS |
21 | .Nm ssh-agent | 21 | .Nm ssh-agent |
22 | .Op Fl c Li | Fl s | 22 | .Op Fl c Li | Fl s |
23 | .Op Fl k | 23 | .Op Fl k |
24 | .Oo | 24 | .Oo |
25 | .Ar command | 25 | .Ar command |
26 | .Op Ar args ... | 26 | .Op Ar args ... |
27 | .Oc | 27 | .Oc |
28 | .Sh DESCRIPTION | 28 | .Sh DESCRIPTION |
29 | .Nm | 29 | .Nm |
30 | is a program to hold authentication private keys. | 30 | is a program to hold authentication private keys. |
31 | The idea is that | 31 | The idea is that |
@@ -64,12 +64,12 @@ When the command dies, so does the agent. | |||
64 | The agent initially does not have any private keys. | 64 | The agent initially does not have any private keys. |
65 | Keys are added using | 65 | Keys are added using |
66 | .Xr ssh-add 1 . | 66 | .Xr ssh-add 1 . |
67 | When executed without arguments, | 67 | When executed without arguments, |
68 | .Xr ssh-add 1 | 68 | .Xr ssh-add 1 |
69 | adds the | 69 | adds the |
70 | .Pa $HOME/.ssh/identity | 70 | .Pa $HOME/.ssh/identity |
71 | file. | 71 | file. |
72 | If the identity has a passphrase, | 72 | If the identity has a passphrase, |
73 | .Xr ssh-add 1 | 73 | .Xr ssh-add 1 |
74 | asks for the passphrase (using a small X11 application if running | 74 | asks for the passphrase (using a small X11 application if running |
75 | under X11, or from the terminal if running without X). | 75 | under X11, or from the terminal if running without X). |
@@ -152,7 +152,7 @@ external libraries. | |||
152 | .It | 152 | .It |
153 | has been updated to support ssh protocol 1.5. | 153 | has been updated to support ssh protocol 1.5. |
154 | .It | 154 | .It |
155 | contains added support for | 155 | contains added support for |
156 | .Xr kerberos 8 | 156 | .Xr kerberos 8 |
157 | authentication and ticket passing. | 157 | authentication and ticket passing. |
158 | .It | 158 | .It |
diff --git a/ssh-agent.c b/ssh-agent.c index 459fa39f3..ecb44a229 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.26 2000/03/16 20:56:14 markus Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -9,7 +9,7 @@ | |||
9 | */ | 9 | */ |
10 | 10 | ||
11 | #include "includes.h" | 11 | #include "includes.h" |
12 | RCSID("$OpenBSD: ssh-agent.c,v 1.26 2000/03/16 20:56:14 markus Exp $"); | 12 | RCSID("$OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $"); |
13 | 13 | ||
14 | #include "ssh.h" | 14 | #include "ssh.h" |
15 | #include "rsa.h" | 15 | #include "rsa.h" |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 8474e8f9d..c8d18b03e 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: ssh-keygen.1,v 1.10 2000/03/26 03:04:53 damien Exp $ | 12 | .\" $Id: ssh-keygen.1,v 1.11 2000/04/13 02:26:37 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSH-KEYGEN 1 | 15 | .Dt SSH-KEYGEN 1 |
@@ -37,9 +37,9 @@ | |||
37 | .Nm ssh-keygen | 37 | .Nm ssh-keygen |
38 | .Fl l | 38 | .Fl l |
39 | .Op Fl f Ar keyfile | 39 | .Op Fl f Ar keyfile |
40 | .Sh DESCRIPTION | 40 | .Sh DESCRIPTION |
41 | .Nm | 41 | .Nm |
42 | generates and manages authentication keys for | 42 | generates and manages authentication keys for |
43 | .Xr ssh 1 . | 43 | .Xr ssh 1 . |
44 | Normally each user wishing to use SSH | 44 | Normally each user wishing to use SSH |
45 | with RSA authentication runs this once to create the authentication | 45 | with RSA authentication runs this once to create the authentication |
@@ -150,7 +150,7 @@ external libraries. | |||
150 | .It | 150 | .It |
151 | has been updated to support ssh protocol 1.5. | 151 | has been updated to support ssh protocol 1.5. |
152 | .It | 152 | .It |
153 | contains added support for | 153 | contains added support for |
154 | .Xr kerberos 8 | 154 | .Xr kerberos 8 |
155 | authentication and ticket passing. | 155 | authentication and ticket passing. |
156 | .It | 156 | .It |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: ssh.1,v 1.20 2000/03/26 03:04:54 damien Exp $ | 12 | .\" $Id: ssh.1,v 1.21 2000/04/13 02:26:37 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSH 1 | 15 | .Dt SSH 1 |
@@ -49,7 +49,7 @@ | |||
49 | .Oc | 49 | .Oc |
50 | .Op Ar hostname | user@hostname | 50 | .Op Ar hostname | user@hostname |
51 | .Op Ar command | 51 | .Op Ar command |
52 | .Sh DESCRIPTION | 52 | .Sh DESCRIPTION |
53 | .Nm | 53 | .Nm |
54 | (Secure Shell) is a program for logging into a remote machine and for | 54 | (Secure Shell) is a program for logging into a remote machine and for |
55 | executing commands on a remote machine. | 55 | executing commands on a remote machine. |
@@ -60,7 +60,7 @@ X11 connections and | |||
60 | arbitrary TCP/IP ports can also be forwarded over the secure channel. | 60 | arbitrary TCP/IP ports can also be forwarded over the secure channel. |
61 | .Pp | 61 | .Pp |
62 | .Nm | 62 | .Nm |
63 | connects and logs into the specified | 63 | connects and logs into the specified |
64 | .Ar hostname . | 64 | .Ar hostname . |
65 | The user must prove | 65 | The user must prove |
66 | his/her identity to the remote machine using one of several methods. | 66 | his/her identity to the remote machine using one of several methods. |
@@ -71,7 +71,7 @@ or | |||
71 | .Pa /etc/shosts.equiv | 71 | .Pa /etc/shosts.equiv |
72 | on the remote machine, and the user names are | 72 | on the remote machine, and the user names are |
73 | the same on both sides, the user is immediately permitted to log in. | 73 | the same on both sides, the user is immediately permitted to log in. |
74 | Second, if | 74 | Second, if |
75 | .Pa \&.rhosts | 75 | .Pa \&.rhosts |
76 | or | 76 | or |
77 | .Pa \&.shosts | 77 | .Pa \&.shosts |
@@ -94,7 +94,7 @@ It means that if the login would be permitted by | |||
94 | or | 94 | or |
95 | .Pa /etc/shosts.equiv , | 95 | .Pa /etc/shosts.equiv , |
96 | and if additionally the server can verify the client's | 96 | and if additionally the server can verify the client's |
97 | host key (see | 97 | host key (see |
98 | .Pa /etc/ssh_known_hosts | 98 | .Pa /etc/ssh_known_hosts |
99 | and | 99 | and |
100 | .Pa $HOME/.ssh/known_hosts | 100 | .Pa $HOME/.ssh/known_hosts |
@@ -109,17 +109,17 @@ spoofing, DNS spoofing and routing spoofing. | |||
109 | and the rlogin/rsh protocol in general, are inherently insecure and should be | 109 | and the rlogin/rsh protocol in general, are inherently insecure and should be |
110 | disabled if security is desired.] | 110 | disabled if security is desired.] |
111 | .Pp | 111 | .Pp |
112 | As a third authentication method, | 112 | As a third authentication method, |
113 | .Nm | 113 | .Nm |
114 | supports RSA based authentication. | 114 | supports RSA based authentication. |
115 | The scheme is based on public-key cryptography: there are cryptosystems | 115 | The scheme is based on public-key cryptography: there are cryptosystems |
116 | where encryption and decryption are done using separate keys, and it | 116 | where encryption and decryption are done using separate keys, and it |
117 | is not possible to derive the decryption key from the encryption key. | 117 | is not possible to derive the decryption key from the encryption key. |
118 | RSA is one such system. | 118 | RSA is one such system. |
119 | The idea is that each user creates a public/private | 119 | The idea is that each user creates a public/private |
120 | key pair for authentication purposes. | 120 | key pair for authentication purposes. |
121 | The server knows the public key, and only the user knows the private key. | 121 | The server knows the public key, and only the user knows the private key. |
122 | The file | 122 | The file |
123 | .Pa $HOME/.ssh/authorized_keys | 123 | .Pa $HOME/.ssh/authorized_keys |
124 | lists the public keys that are permitted for logging | 124 | lists the public keys that are permitted for logging |
125 | in. | 125 | in. |
@@ -142,18 +142,18 @@ key but without disclosing it to the server. | |||
142 | implements the RSA authentication protocol automatically. | 142 | implements the RSA authentication protocol automatically. |
143 | The user creates his/her RSA key pair by running | 143 | The user creates his/her RSA key pair by running |
144 | .Xr ssh-keygen 1 . | 144 | .Xr ssh-keygen 1 . |
145 | This stores the private key in | 145 | This stores the private key in |
146 | .Pa \&.ssh/identity | 146 | .Pa \&.ssh/identity |
147 | and the public key in | 147 | and the public key in |
148 | .Pa \&.ssh/identity.pub | 148 | .Pa \&.ssh/identity.pub |
149 | in the user's home directory. | 149 | in the user's home directory. |
150 | The user should then copy the | 150 | The user should then copy the |
151 | .Pa identity.pub | 151 | .Pa identity.pub |
152 | to | 152 | to |
153 | .Pa \&.ssh/authorized_keys | 153 | .Pa \&.ssh/authorized_keys |
154 | in his/her home directory on the remote machine (the | 154 | in his/her home directory on the remote machine (the |
155 | .Pa authorized_keys | 155 | .Pa authorized_keys |
156 | file corresponds to the conventional | 156 | file corresponds to the conventional |
157 | .Pa \&.rhosts | 157 | .Pa \&.rhosts |
158 | file, and has one key | 158 | file, and has one key |
159 | per line, though the lines can be very long). | 159 | per line, though the lines can be very long). |
@@ -167,7 +167,7 @@ See | |||
167 | .Xr ssh-agent 1 | 167 | .Xr ssh-agent 1 |
168 | for more information. | 168 | for more information. |
169 | .Pp | 169 | .Pp |
170 | If other authentication methods fail, | 170 | If other authentication methods fail, |
171 | .Nm | 171 | .Nm |
172 | prompts the user for a password. | 172 | prompts the user for a password. |
173 | The password is sent to the remote | 173 | The password is sent to the remote |
@@ -188,7 +188,7 @@ and suspend | |||
188 | with | 188 | with |
189 | .Ic ~^Z . | 189 | .Ic ~^Z . |
190 | All forwarded connections can be listed with | 190 | All forwarded connections can be listed with |
191 | .Ic ~# | 191 | .Ic ~# |
192 | and if | 192 | and if |
193 | the session blocks waiting for forwarded X11 or TCP/IP | 193 | the session blocks waiting for forwarded X11 or TCP/IP |
194 | connections to terminate, it can be backgrounded with | 194 | connections to terminate, it can be backgrounded with |
@@ -232,7 +232,7 @@ Forwarding of X11 connections can be | |||
232 | configured on the command line or in configuration files. | 232 | configured on the command line or in configuration files. |
233 | .Pp | 233 | .Pp |
234 | The | 234 | The |
235 | .Ev DISPLAY | 235 | .Ev DISPLAY |
236 | value set by | 236 | value set by |
237 | .Nm | 237 | .Nm |
238 | will point to the server machine, but with a display number greater | 238 | will point to the server machine, but with a display number greater |
@@ -265,10 +265,10 @@ electronic purse; another is going trough firewalls. | |||
265 | .Nm | 265 | .Nm |
266 | automatically maintains and checks a database containing RSA-based | 266 | automatically maintains and checks a database containing RSA-based |
267 | identifications for all hosts it has ever been used with. | 267 | identifications for all hosts it has ever been used with. |
268 | The database is stored in | 268 | The database is stored in |
269 | .Pa \&.ssh/known_hosts | 269 | .Pa \&.ssh/known_hosts |
270 | in the user's home directory. | 270 | in the user's home directory. |
271 | Additionally, the file | 271 | Additionally, the file |
272 | .Pa /etc/ssh_known_hosts | 272 | .Pa /etc/ssh_known_hosts |
273 | is automatically checked for known hosts. | 273 | is automatically checked for known hosts. |
274 | Any new hosts are automatically added to the user's file. | 274 | Any new hosts are automatically added to the user's file. |
@@ -290,10 +290,10 @@ host key is not known or has changed. | |||
290 | Disables forwarding of the authentication agent connection. | 290 | Disables forwarding of the authentication agent connection. |
291 | This may also be specified on a per-host basis in the configuration file. | 291 | This may also be specified on a per-host basis in the configuration file. |
292 | .It Fl c Ar blowfish|3des | 292 | .It Fl c Ar blowfish|3des |
293 | Selects the cipher to use for encrypting the session. | 293 | Selects the cipher to use for encrypting the session. |
294 | .Ar 3des | 294 | .Ar 3des |
295 | is used by default. | 295 | is used by default. |
296 | It is believed to be secure. | 296 | It is believed to be secure. |
297 | .Ar 3des | 297 | .Ar 3des |
298 | (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. | 298 | (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. |
299 | It is presumably more secure than the | 299 | It is presumably more secure than the |
@@ -322,7 +322,7 @@ This is useful if | |||
322 | .Nm | 322 | .Nm |
323 | is going to ask for passwords or passphrases, but the user | 323 | is going to ask for passwords or passphrases, but the user |
324 | wants it in the background. | 324 | wants it in the background. |
325 | This implies | 325 | This implies |
326 | .Fl n . | 326 | .Fl n . |
327 | The recommended way to start X11 programs at a remote site is with | 327 | The recommended way to start X11 programs at a remote site is with |
328 | something like | 328 | something like |
@@ -330,9 +330,9 @@ something like | |||
330 | .It Fl g | 330 | .It Fl g |
331 | Allows remote hosts to connect to local forwarded ports. | 331 | Allows remote hosts to connect to local forwarded ports. |
332 | .It Fl i Ar identity_file | 332 | .It Fl i Ar identity_file |
333 | Selects the file from which the identity (private key) for | 333 | Selects the file from which the identity (private key) for |
334 | RSA authentication is read. | 334 | RSA authentication is read. |
335 | Default is | 335 | Default is |
336 | .Pa \&.ssh/identity | 336 | .Pa \&.ssh/identity |
337 | in the user's home directory. | 337 | in the user's home directory. |
338 | Identity files may also be specified on | 338 | Identity files may also be specified on |
@@ -548,6 +548,12 @@ and | |||
548 | are supported. | 548 | are supported. |
549 | The default is | 549 | The default is |
550 | .Dq 3des . | 550 | .Dq 3des . |
551 | .It Cm Ciphers | ||
552 | Specifies the ciphers allowed for protocol version 2 | ||
553 | in order of preference. | ||
554 | Multiple ciphers must be comma-separated. | ||
555 | The default is | ||
556 | .Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc . | ||
551 | .It Cm Compression | 557 | .It Cm Compression |
552 | Specifies whether to use compression. | 558 | Specifies whether to use compression. |
553 | The argument must be | 559 | The argument must be |
@@ -577,12 +583,12 @@ followed by a letter, or | |||
577 | to disable the escape | 583 | to disable the escape |
578 | character entirely (making the connection transparent for binary | 584 | character entirely (making the connection transparent for binary |
579 | data). | 585 | data). |
580 | .It Cm FallBackToRsh | 586 | .It Cm FallBackToRsh |
581 | Specifies that if connecting via | 587 | Specifies that if connecting via |
582 | .Nm | 588 | .Nm |
583 | fails due to a connection refused error (there is no | 589 | fails due to a connection refused error (there is no |
584 | .Xr sshd 8 | 590 | .Xr sshd 8 |
585 | listening on the remote host), | 591 | listening on the remote host), |
586 | .Xr rsh 1 | 592 | .Xr rsh 1 |
587 | should automatically be used instead (after a suitable warning about | 593 | should automatically be used instead (after a suitable warning about |
588 | the session being unencrypted). | 594 | the session being unencrypted). |
@@ -599,10 +605,10 @@ or | |||
599 | .Dq no . | 605 | .Dq no . |
600 | .It Cm ForwardX11 | 606 | .It Cm ForwardX11 |
601 | Specifies whether X11 connections will be automatically redirected | 607 | Specifies whether X11 connections will be automatically redirected |
602 | over the secure channel and | 608 | over the secure channel and |
603 | .Ev DISPLAY | 609 | .Ev DISPLAY |
604 | set. | 610 | set. |
605 | The argument must be | 611 | The argument must be |
606 | .Dq yes | 612 | .Dq yes |
607 | or | 613 | or |
608 | .Dq no . | 614 | .Dq no . |
@@ -618,7 +624,7 @@ or | |||
618 | The default is | 624 | The default is |
619 | .Dq no . | 625 | .Dq no . |
620 | .It Cm GlobalKnownHostsFile | 626 | .It Cm GlobalKnownHostsFile |
621 | Specifies a file to use instead of | 627 | Specifies a file to use instead of |
622 | .Pa /etc/ssh_known_hosts . | 628 | .Pa /etc/ssh_known_hosts . |
623 | .It Cm HostName | 629 | .It Cm HostName |
624 | Specifies the real host name to log into. | 630 | Specifies the real host name to log into. |
@@ -697,6 +703,17 @@ or | |||
697 | .It Cm Port | 703 | .It Cm Port |
698 | Specifies the port number to connect on the remote host. | 704 | Specifies the port number to connect on the remote host. |
699 | Default is 22. | 705 | Default is 22. |
706 | .It Cm Protocol | ||
707 | Specifies the protocol versions | ||
708 | .Nm | ||
709 | should support in order of preference. | ||
710 | The possible values are | ||
711 | .Dq 1 | ||
712 | and | ||
713 | .Dq 2 . | ||
714 | Multiple versions must be comma-separated. | ||
715 | The default is | ||
716 | .Dq 1 . | ||
700 | .It Cm ProxyCommand | 717 | .It Cm ProxyCommand |
701 | Specifies the command to use to connect to the server. | 718 | Specifies the command to use to connect to the server. |
702 | The command | 719 | The command |
@@ -773,7 +790,7 @@ The default is | |||
773 | .Dq no . | 790 | .Dq no . |
774 | .It Cm StrictHostKeyChecking | 791 | .It Cm StrictHostKeyChecking |
775 | If this flag is set to | 792 | If this flag is set to |
776 | .Dq yes , | 793 | .Dq yes , |
777 | .Nm | 794 | .Nm |
778 | ssh will never automatically add host keys to the | 795 | ssh will never automatically add host keys to the |
779 | .Pa $HOME/.ssh/known_hosts | 796 | .Pa $HOME/.ssh/known_hosts |
@@ -839,7 +856,7 @@ will normally set the following environment variables: | |||
839 | The | 856 | The |
840 | .Ev DISPLAY | 857 | .Ev DISPLAY |
841 | variable indicates the location of the X11 server. | 858 | variable indicates the location of the X11 server. |
842 | It is automatically set by | 859 | It is automatically set by |
843 | .Nm | 860 | .Nm |
844 | to point to a value of the form | 861 | to point to a value of the form |
845 | .Dq hostname:n | 862 | .Dq hostname:n |
@@ -885,10 +902,10 @@ on to new connections). | |||
885 | Set to the name of the user logging in. | 902 | Set to the name of the user logging in. |
886 | .El | 903 | .El |
887 | .Pp | 904 | .Pp |
888 | Additionally, | 905 | Additionally, |
889 | .Nm | 906 | .Nm |
890 | reads | 907 | reads |
891 | .Pa $HOME/.ssh/environment , | 908 | .Pa $HOME/.ssh/environment , |
892 | and adds lines of the format | 909 | and adds lines of the format |
893 | .Dq VARNAME=value | 910 | .Dq VARNAME=value |
894 | to the environment. | 911 | to the environment. |
@@ -911,7 +928,7 @@ ignores this file if it is accessible by others. | |||
911 | It is possible to specify a passphrase when | 928 | It is possible to specify a passphrase when |
912 | generating the key; the passphrase will be used to encrypt the | 929 | generating the key; the passphrase will be used to encrypt the |
913 | sensitive part of this file using 3DES. | 930 | sensitive part of this file using 3DES. |
914 | .It Pa $HOME/.ssh/identity.pub | 931 | .It Pa $HOME/.ssh/identity.pub |
915 | Contains the public key for authentication (public part of the | 932 | Contains the public key for authentication (public part of the |
916 | identity file in human-readable form). | 933 | identity file in human-readable form). |
917 | The contents of this file should be added to | 934 | The contents of this file should be added to |
@@ -1031,7 +1048,7 @@ Additionally, successful RSA host authentication is normally | |||
1031 | required. | 1048 | required. |
1032 | This file should only be writable by root. | 1049 | This file should only be writable by root. |
1033 | .It Pa /etc/shosts.equiv | 1050 | .It Pa /etc/shosts.equiv |
1034 | This file is processed exactly as | 1051 | This file is processed exactly as |
1035 | .Pa /etc/hosts.equiv . | 1052 | .Pa /etc/hosts.equiv . |
1036 | This file may be useful to permit logins using | 1053 | This file may be useful to permit logins using |
1037 | .Nm | 1054 | .Nm |
@@ -1048,7 +1065,7 @@ Commands in this file are executed by | |||
1048 | .Nm | 1065 | .Nm |
1049 | when the user logs in just before the user's shell (or command) is | 1066 | when the user logs in just before the user's shell (or command) is |
1050 | started. | 1067 | started. |
1051 | See the | 1068 | See the |
1052 | .Xr sshd 8 | 1069 | .Xr sshd 8 |
1053 | manual page for more information. | 1070 | manual page for more information. |
1054 | .It Pa $HOME/.ssh/environment | 1071 | .It Pa $HOME/.ssh/environment |
@@ -1077,7 +1094,7 @@ external libraries. | |||
1077 | has been updated to support ssh protocol 1.5, making it compatible with | 1094 | has been updated to support ssh protocol 1.5, making it compatible with |
1078 | all other ssh protocol 1 clients and servers. | 1095 | all other ssh protocol 1 clients and servers. |
1079 | .It | 1096 | .It |
1080 | contains added support for | 1097 | contains added support for |
1081 | .Xr kerberos 8 | 1098 | .Xr kerberos 8 |
1082 | authentication and ticket passing. | 1099 | authentication and ticket passing. |
1083 | .It | 1100 | .It |
diff --git a/sshconnect.c b/sshconnect.c index 167b8e63a..675de6102 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: sshconnect.c,v 1.65 2000/04/12 07:56:16 markus Exp $"); | 13 | RCSID("$OpenBSD: sshconnect.c,v 1.66 2000/04/12 09:39:10 markus Exp $"); |
14 | 14 | ||
15 | #ifdef HAVE_OPENSSL | 15 | #ifdef HAVE_OPENSSL |
16 | #include <openssl/bn.h> | 16 | #include <openssl/bn.h> |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: sshd.8,v 1.16 2000/04/01 01:09:27 damien Exp $ | 12 | .\" $Id: sshd.8,v 1.17 2000/04/13 02:26:38 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSHD 8 | 15 | .Dt SSHD 8 |
@@ -27,9 +27,9 @@ | |||
27 | .Op Fl k Ar key_gen_time | 27 | .Op Fl k Ar key_gen_time |
28 | .Op Fl p Ar port | 28 | .Op Fl p Ar port |
29 | .Op Fl V Ar client_protocol_id | 29 | .Op Fl V Ar client_protocol_id |
30 | .Sh DESCRIPTION | 30 | .Sh DESCRIPTION |
31 | .Nm | 31 | .Nm |
32 | (Secure Shell Daemon) is the daemon program for | 32 | (Secure Shell Daemon) is the daemon program for |
33 | .Xr ssh 1 . | 33 | .Xr ssh 1 . |
34 | Together these programs replace rlogin and rsh programs, and | 34 | Together these programs replace rlogin and rsh programs, and |
35 | provide secure encrypted communications between two untrusted hosts | 35 | provide secure encrypted communications between two untrusted hosts |
@@ -39,7 +39,7 @@ install and use as possible. | |||
39 | .Pp | 39 | .Pp |
40 | .Nm | 40 | .Nm |
41 | is the daemon that listens for connections from clients. | 41 | is the daemon that listens for connections from clients. |
42 | It is normally started at boot from | 42 | It is normally started at boot from |
43 | .Pa /etc/rc . | 43 | .Pa /etc/rc . |
44 | It forks a new | 44 | It forks a new |
45 | daemon for each incoming connection. | 45 | daemon for each incoming connection. |
@@ -157,7 +157,7 @@ host file is normally not readable by anyone but root). | |||
157 | .It Fl i | 157 | .It Fl i |
158 | Specifies that | 158 | Specifies that |
159 | .Nm | 159 | .Nm |
160 | is being run from inetd. | 160 | is being run from inetd. |
161 | .Nm | 161 | .Nm |
162 | is normally not run | 162 | is normally not run |
163 | from inetd because it needs to generate the server key before it can | 163 | from inetd because it needs to generate the server key before it can |
@@ -204,7 +204,7 @@ to use IPv6 addresses only. | |||
204 | .El | 204 | .El |
205 | .Sh CONFIGURATION FILE | 205 | .Sh CONFIGURATION FILE |
206 | .Nm | 206 | .Nm |
207 | reads configuration data from | 207 | reads configuration data from |
208 | .Pa /etc/sshd_config | 208 | .Pa /etc/sshd_config |
209 | (or the file specified with | 209 | (or the file specified with |
210 | .Fl f | 210 | .Fl f |
@@ -246,6 +246,11 @@ wildcards in the patterns. | |||
246 | Only user names are valid, a numerical user ID isn't recognized. | 246 | Only user names are valid, a numerical user ID isn't recognized. |
247 | By default login is allowed regardless of the user name. | 247 | By default login is allowed regardless of the user name. |
248 | .Pp | 248 | .Pp |
249 | .It Cm Ciphers | ||
250 | Specifies the ciphers allowed for protocol version 2. | ||
251 | Multiple ciphers must be comma-separated. | ||
252 | The default is | ||
253 | .Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc . | ||
249 | .It Cm CheckMail | 254 | .It Cm CheckMail |
250 | Specifies whether | 255 | Specifies whether |
251 | .Nm | 256 | .Nm |
@@ -284,14 +289,14 @@ does not start if this file is group/world-accessible. | |||
284 | .It Cm IgnoreRhosts | 289 | .It Cm IgnoreRhosts |
285 | Specifies that | 290 | Specifies that |
286 | .Pa .rhosts | 291 | .Pa .rhosts |
287 | and | 292 | and |
288 | .Pa .shosts | 293 | .Pa .shosts |
289 | files will not be used in authentication. | 294 | files will not be used in authentication. |
290 | .Pa /etc/hosts.equiv | 295 | .Pa /etc/hosts.equiv |
291 | and | 296 | and |
292 | .Pa /etc/shosts.equiv | 297 | .Pa /etc/shosts.equiv |
293 | are still used. | 298 | are still used. |
294 | The default is | 299 | The default is |
295 | .Dq yes . | 300 | .Dq yes . |
296 | .It Cm IgnoreUserKnownHosts | 301 | .It Cm IgnoreUserKnownHosts |
297 | Specifies whether | 302 | Specifies whether |
@@ -342,7 +347,7 @@ Default is | |||
342 | .Dq yes . | 347 | .Dq yes . |
343 | .It Cm KerberosTgtPassing | 348 | .It Cm KerberosTgtPassing |
344 | Specifies whether a Kerberos TGT may be forwarded to the server. | 349 | Specifies whether a Kerberos TGT may be forwarded to the server. |
345 | Default is | 350 | Default is |
346 | .Dq no , | 351 | .Dq no , |
347 | as this only works when the Kerberos KDC is actually an AFS kaserver. | 352 | as this only works when the Kerberos KDC is actually an AFS kaserver. |
348 | .It Cm KerberosTicketCleanup | 353 | .It Cm KerberosTicketCleanup |
@@ -419,7 +424,7 @@ Multiple options of this type are permitted. | |||
419 | .It Cm PrintMotd | 424 | .It Cm PrintMotd |
420 | Specifies whether | 425 | Specifies whether |
421 | .Nm | 426 | .Nm |
422 | should print | 427 | should print |
423 | .Pa /etc/motd | 428 | .Pa /etc/motd |
424 | when a user logs in interactively. | 429 | when a user logs in interactively. |
425 | (On some systems it is also printed by the shell, | 430 | (On some systems it is also printed by the shell, |
@@ -427,6 +432,17 @@ when a user logs in interactively. | |||
427 | or equivalent.) | 432 | or equivalent.) |
428 | The default is | 433 | The default is |
429 | .Dq yes . | 434 | .Dq yes . |
435 | .It Cm Protocol | ||
436 | Specifies the protocol versions | ||
437 | .Nm | ||
438 | should support. | ||
439 | The possible values are | ||
440 | .Dq 1 | ||
441 | and | ||
442 | .Dq 2 . | ||
443 | Multiple versions must be comma-separated. | ||
444 | The default is | ||
445 | .Dq 1 . | ||
430 | .It Cm RandomSeed | 446 | .It Cm RandomSeed |
431 | Obsolete. | 447 | Obsolete. |
432 | Random number generation uses other techniques. | 448 | Random number generation uses other techniques. |
@@ -454,7 +470,7 @@ Defines the number of bits in the server key. | |||
454 | The minimum value is 512, and the default is 768. | 470 | The minimum value is 512, and the default is 768. |
455 | .It Cm SkeyAuthentication | 471 | .It Cm SkeyAuthentication |
456 | Specifies whether | 472 | Specifies whether |
457 | .Xr skey 1 | 473 | .Xr skey 1 |
458 | authentication is allowed. | 474 | authentication is allowed. |
459 | The default is | 475 | The default is |
460 | .Dq yes . | 476 | .Dq yes . |
@@ -504,12 +520,12 @@ does the following: | |||
504 | .Bl -enum -offset indent | 520 | .Bl -enum -offset indent |
505 | .It | 521 | .It |
506 | If the login is on a tty, and no command has been specified, | 522 | If the login is on a tty, and no command has been specified, |
507 | prints last login time and | 523 | prints last login time and |
508 | .Pa /etc/motd | 524 | .Pa /etc/motd |
509 | (unless prevented in the configuration file or by | 525 | (unless prevented in the configuration file or by |
510 | .Pa $HOME/.hushlogin ; | 526 | .Pa $HOME/.hushlogin ; |
511 | see the | 527 | see the |
512 | .Sx FILES | 528 | .Sx FILES |
513 | section). | 529 | section). |
514 | .It | 530 | .It |
515 | If the login is on a tty, records login time. | 531 | If the login is on a tty, records login time. |
@@ -543,7 +559,7 @@ authentication protocol and cookie in standard input. | |||
543 | Runs user's shell or command. | 559 | Runs user's shell or command. |
544 | .El | 560 | .El |
545 | .Sh AUTHORIZED_KEYS FILE FORMAT | 561 | .Sh AUTHORIZED_KEYS FILE FORMAT |
546 | The | 562 | The |
547 | .Pa $HOME/.ssh/authorized_keys | 563 | .Pa $HOME/.ssh/authorized_keys |
548 | file lists the RSA keys that are | 564 | file lists the RSA keys that are |
549 | permitted for RSA authentication. | 565 | permitted for RSA authentication. |
@@ -632,9 +648,9 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula | |||
632 | .Pp | 648 | .Pp |
633 | command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi | 649 | command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi |
634 | .Sh SSH_KNOWN_HOSTS FILE FORMAT | 650 | .Sh SSH_KNOWN_HOSTS FILE FORMAT |
635 | The | 651 | The |
636 | .Pa /etc/ssh_known_hosts | 652 | .Pa /etc/ssh_known_hosts |
637 | and | 653 | and |
638 | .Pa $HOME/.ssh/known_hosts | 654 | .Pa $HOME/.ssh/known_hosts |
639 | files contain host public keys for all known hosts. | 655 | files contain host public keys for all known hosts. |
640 | The global file should | 656 | The global file should |
@@ -679,7 +695,7 @@ accepted if valid information can be found from either file. | |||
679 | Note that the lines in these files are typically hundreds of characters | 695 | Note that the lines in these files are typically hundreds of characters |
680 | long, and you definitely don't want to type in the host keys by hand. | 696 | long, and you definitely don't want to type in the host keys by hand. |
681 | Rather, generate them by a script | 697 | Rather, generate them by a script |
682 | or by taking | 698 | or by taking |
683 | .Pa /etc/ssh_host_key.pub | 699 | .Pa /etc/ssh_host_key.pub |
684 | and adding the host names at the front. | 700 | and adding the host names at the front. |
685 | .Ss Examples | 701 | .Ss Examples |
@@ -734,7 +750,7 @@ should be world-readable, and | |||
734 | .Pa $HOME/.ssh/known_hosts | 750 | .Pa $HOME/.ssh/known_hosts |
735 | can but need not be world-readable. | 751 | can but need not be world-readable. |
736 | .It Pa /etc/nologin | 752 | .It Pa /etc/nologin |
737 | If this file exists, | 753 | If this file exists, |
738 | .Nm | 754 | .Nm |
739 | refuses to let anyone except root log in. | 755 | refuses to let anyone except root log in. |
740 | The contents of the file | 756 | The contents of the file |
@@ -865,7 +881,7 @@ external libraries. | |||
865 | has been updated to support ssh protocol 1.5, making it compatible with | 881 | has been updated to support ssh protocol 1.5, making it compatible with |
866 | all other ssh protocol 1 clients and servers. | 882 | all other ssh protocol 1 clients and servers. |
867 | .It | 883 | .It |
868 | contains added support for | 884 | contains added support for |
869 | .Xr kerberos 8 | 885 | .Xr kerberos 8 |
870 | authentication and ticket passing. | 886 | authentication and ticket passing. |
871 | .It | 887 | .It |
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: sshd.c,v 1.103 2000/04/12 08:11:36 markus Exp $"); | 17 | RCSID("$OpenBSD: sshd.c,v 1.104 2000/04/12 09:39:10 markus Exp $"); |
18 | 18 | ||
19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
20 | #include "rsa.h" | 20 | #include "rsa.h" |