diff options
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | Makefile.in | 50 | ||||
-rwxr-xr-x | fixpaths | 14 | ||||
-rw-r--r-- | scp.1 (renamed from scp.1.in) | 2 | ||||
-rw-r--r-- | ssh-add.1 (renamed from ssh-add.1.in) | 2 | ||||
-rw-r--r-- | ssh-agent.1 (renamed from ssh-agent.1.in) | 8 | ||||
-rw-r--r-- | ssh-keygen.1 (renamed from ssh-keygen.1.in) | 2 | ||||
-rw-r--r-- | ssh.1 (renamed from ssh.1.in) | 28 | ||||
-rw-r--r-- | ssh_config (renamed from ssh_config.in) | 6 | ||||
-rw-r--r-- | sshd.8 (renamed from sshd.8.in) | 38 | ||||
-rw-r--r-- | sshd_config (renamed from sshd_config.in) | 42 |
11 files changed, 84 insertions, 109 deletions
@@ -13,6 +13,7 @@ | |||
13 | - split key exchange (kex) and user authentication (user-auth), ok: provos@ | 13 | - split key exchange (kex) and user authentication (user-auth), ok: provos@ |
14 | - Big manpage and config file cleanup from Andre Lucas | 14 | - Big manpage and config file cleanup from Andre Lucas |
15 | <andre.lucas@dial.pipex.com> | 15 | <andre.lucas@dial.pipex.com> |
16 | - Re-added latest (unmodified) OpenBSD manpages | ||
16 | 17 | ||
17 | 20000119 | 18 | 20000119 |
18 | - SCO compile fixes from Gary E. Miller <gem@rellim.com> | 19 | - SCO compile fixes from Gary E. Miller <gem@rellim.com> |
diff --git a/Makefile.in b/Makefile.in index 0bfe2f15b..020b63264 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -24,7 +24,6 @@ AR=@AR@ | |||
24 | RANLIB=@RANLIB@ | 24 | RANLIB=@RANLIB@ |
25 | INSTALL=@INSTALL@ | 25 | INSTALL=@INSTALL@ |
26 | PERL=@PERL@ | 26 | PERL=@PERL@ |
27 | FIXPATHS=$(PERL) @top_srcdir@/fixpaths -Dsysconfdir=${sysconfdir} -Dpiddir=${piddir} | ||
28 | LDFLAGS=-L. @LDFLAGS@ | 27 | LDFLAGS=-L. @LDFLAGS@ |
29 | 28 | ||
30 | GNOME_CFLAGS=`gnome-config --cflags gnome gnomeui` | 29 | GNOME_CFLAGS=`gnome-config --cflags gnome gnomeui` |
@@ -38,10 +37,14 @@ SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o | |||
38 | 37 | ||
39 | SSHDOBJS= sshd.o auth-rhosts.o auth-krb4.o auth-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o bsd-login.o md5crypt.o | 38 | SSHDOBJS= sshd.o auth-rhosts.o auth-krb4.o auth-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o bsd-login.o md5crypt.o |
40 | 39 | ||
41 | MANPAGES=scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8 | 40 | MANPAGES = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8 |
42 | 41 | ||
43 | CONFIGFILES=sshd_config ssh_config | 42 | CONFIGFILES=sshd_config ssh_config |
44 | 43 | ||
44 | PATHSUBS = -D/etc/ssh_config=$(sysconfdir)/ssh_config -D/etc/sshd_config=$(sysconfdir)/sshd_config -D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv -D/etc/ssh_host_key=$(sysconfdir)/ssh_host_key -D/var/run/sshd.pid=$(piddir)/sshd.pid | ||
45 | |||
46 | FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) | ||
47 | |||
45 | all: $(TARGETS) $(MANPAGES) $(CONFIGFILES) | 48 | all: $(TARGETS) $(MANPAGES) $(CONFIGFILES) |
46 | 49 | ||
47 | $(LIBOBJS): config.h | 50 | $(LIBOBJS): config.h |
@@ -71,33 +74,12 @@ ssh-keygen: libssh.a ssh-keygen.o log-client.o | |||
71 | gnome-ssh-askpass: gnome-ssh-askpass.c | 74 | gnome-ssh-askpass: gnome-ssh-askpass.c |
72 | $(CC) $(CFLAGS) $(GNOME_CFLAGS) -o $@ gnome-ssh-askpass.c $(GNOME_LIBS) | 75 | $(CC) $(CFLAGS) $(GNOME_CFLAGS) -o $@ gnome-ssh-askpass.c $(GNOME_LIBS) |
73 | 76 | ||
74 | scp.1: scp.1.in | 77 | $(MANPAGES) $(CONFIGFILES):: |
75 | $(FIXPATHS) $(srcdir)/scp.1.in | 78 | $(FIXPATHSCMD) $(srcdir)/$@ |
76 | |||
77 | ssh-add.1: ssh-add.1.in | ||
78 | $(FIXPATHS) ssh-add.1.in | ||
79 | |||
80 | ssh-agent.1: ssh-agent.1.in | ||
81 | $(FIXPATHS) ssh-agent.1.in | ||
82 | |||
83 | ssh-keygen.1: ssh-keygen.1.in | ||
84 | $(FIXPATHS) ssh-keygen.1.in | ||
85 | |||
86 | ssh.1: ssh.1.in | ||
87 | $(FIXPATHS) ssh.1.in | ||
88 | |||
89 | sshd.8: sshd.8.in | ||
90 | $(FIXPATHS) sshd.8.in | ||
91 | |||
92 | sshd_config: sshd_config.in | ||
93 | $(FIXPATHS) sshd_config.in | ||
94 | |||
95 | ssh_config: ssh_config.in | ||
96 | $(FIXPATHS) ssh_config.in | ||
97 | 79 | ||
98 | clean: | 80 | clean: |
99 | rm -f *.o *.a $(TARGETS) config.status config.cache config.log | 81 | rm -f *.o *.a $(TARGETS) config.status config.cache config.log |
100 | rm -f core *.1 *.8 sshd_config ssh_config | 82 | rm -f *.out core |
101 | 83 | ||
102 | distclean: clean | 84 | distclean: clean |
103 | rm -f Makefile config.h core *~ | 85 | rm -f Makefile config.h core *~ |
@@ -119,12 +101,12 @@ install: $(TARGETS) | |||
119 | $(INSTALL) -s ssh-agent $(bindir)/ssh-agent | 101 | $(INSTALL) -s ssh-agent $(bindir)/ssh-agent |
120 | $(INSTALL) -s ssh-keygen $(bindir)/ssh-keygen | 102 | $(INSTALL) -s ssh-keygen $(bindir)/ssh-keygen |
121 | $(INSTALL) -s sshd $(sbindir)/sshd | 103 | $(INSTALL) -s sshd $(sbindir)/sshd |
122 | $(INSTALL) -m 644 ssh.1 $(mandir)/man1/ssh.1 | 104 | $(INSTALL) -m 644 ssh.1.out $(mandir)/man1/ssh.1 |
123 | $(INSTALL) -m 644 scp.1 $(mandir)/man1/scp.1 | 105 | $(INSTALL) -m 644 scp.1.out $(mandir)/man1/scp.1 |
124 | $(INSTALL) -m 644 ssh-add.1 $(mandir)/man1/ssh-add.1 | 106 | $(INSTALL) -m 644 ssh-add.1.out $(mandir)/man1/ssh-add.1 |
125 | $(INSTALL) -m 644 ssh-agent.1 $(mandir)/man1/ssh-agent.1 | 107 | $(INSTALL) -m 644 ssh-agent.1.out $(mandir)/man1/ssh-agent.1 |
126 | $(INSTALL) -m 644 ssh-keygen.1 $(mandir)/man1/ssh-keygen.1 | 108 | $(INSTALL) -m 644 ssh-keygen.1.out $(mandir)/man1/ssh-keygen.1 |
127 | $(INSTALL) -m 644 sshd.8 $(mandir)/man8/sshd.8 | 109 | $(INSTALL) -m 644 sshd.8.out $(mandir)/man8/sshd.8 |
128 | -rm -f $(bindir)/slogin | 110 | -rm -f $(bindir)/slogin |
129 | ln -s ssh $(bindir)/slogin | 111 | ln -s ssh $(bindir)/slogin |
130 | -rm -f $(mandir)/man1/slogin.1 | 112 | -rm -f $(mandir)/man1/slogin.1 |
@@ -138,8 +120,8 @@ install: $(TARGETS) | |||
138 | 120 | ||
139 | if [ ! -f $(sysconfdir)/ssh_config -a ! -f $(sysconfdir)/sshd_config ]; then \ | 121 | if [ ! -f $(sysconfdir)/ssh_config -a ! -f $(sysconfdir)/sshd_config ]; then \ |
140 | $(INSTALL) -d $(sysconfdir); \ | 122 | $(INSTALL) -d $(sysconfdir); \ |
141 | $(INSTALL) -m 644 ssh_config $(sysconfdir)/ssh_config; \ | 123 | $(INSTALL) -m 644 ssh_config.out $(sysconfdir)/ssh_config; \ |
142 | $(INSTALL) -m 644 sshd_config $(sysconfdir)/sshd_config; \ | 124 | $(INSTALL) -m 644 sshd_config.out $(sysconfdir)/sshd_config; \ |
143 | fi | 125 | fi |
144 | 126 | ||
145 | uninstallall: uninstall | 127 | uninstallall: uninstall |
@@ -3,22 +3,26 @@ | |||
3 | # fixpaths - substitute makefile variables into text files | 3 | # fixpaths - substitute makefile variables into text files |
4 | 4 | ||
5 | 5 | ||
6 | $usage = "Usage: $0 [-D<variable>=<value>] [[infile] ...]\n"; | 6 | $usage = "Usage: $0 [-x<file dot-suffix>] [-Dstring=replacement] [[infile] ...]\n"; |
7 | |||
8 | $ext="out"; | ||
7 | 9 | ||
8 | if (!defined(@ARGV)) { die ("$usage"); } | 10 | if (!defined(@ARGV)) { die ("$usage"); } |
9 | 11 | ||
10 | # read in the command line and get some definitions | 12 | # read in the command line and get some definitions |
11 | while ($_=$ARGV[0], /^-/) { | 13 | while ($_=$ARGV[0], /^-/) { |
12 | if (/^-D/) { | 14 | if (/^-[Dx]/) { |
13 | # definition | 15 | # definition |
14 | shift(@ARGV); | 16 | shift(@ARGV); |
15 | if ( /-D(.*)=(.*)/ ) { | 17 | if ( /-D(.*)=(.*)/ ) { |
16 | $def{"$1"}=$2; | 18 | $def{"$1"}=$2; |
19 | } elsif ( /-x\s*(\w+)/ ) { | ||
20 | $ext=$1; | ||
17 | } else { | 21 | } else { |
18 | die ("$usage$0: error in command line arguments.\n"); | 22 | die ("$usage$0: error in command line arguments.\n"); |
19 | } | 23 | } |
20 | } else { | 24 | } else { |
21 | &usage; die ("$usage$0: unknown option '-".$ARGV[0][1]."'\n"); | 25 | die ("$usage$0: unknown option '-".$ARGV[0][1]."'\n"); |
22 | } | 26 | } |
23 | } # while parsing arguments | 27 | } # while parsing arguments |
24 | 28 | ||
@@ -29,13 +33,13 @@ if (!defined(%def)) { | |||
29 | for $f (@ARGV) { | 33 | for $f (@ARGV) { |
30 | 34 | ||
31 | $f =~ /(.*\/)*(.*)$/; | 35 | $f =~ /(.*\/)*(.*)$/; |
32 | $of = $2; $of =~ s/.in$//; | 36 | $of = $2.".$ext"; |
33 | 37 | ||
34 | open(IN, "<$f") || die ("$0: input file $f missing!\n"); | 38 | open(IN, "<$f") || die ("$0: input file $f missing!\n"); |
35 | if (open(OUT, ">$of")) { | 39 | if (open(OUT, ">$of")) { |
36 | while (<IN>) { | 40 | while (<IN>) { |
37 | for $s (keys(%def)) { | 41 | for $s (keys(%def)) { |
38 | s#\@$s\@#$def{$s}#; | 42 | s#$s#$def{$s}#; |
39 | } # for $s | 43 | } # for $s |
40 | print OUT; | 44 | print OUT; |
41 | } # while <IN> | 45 | } # while <IN> |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sun May 7 00:14:37 1995 ylo | 10 | .\" Created: Sun May 7 00:14:37 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: scp.1.in,v 1.2 2000/01/14 04:45:51 damien Exp $ | 12 | .\" $Id: scp.1,v 1.5 2000/01/20 12:13:36 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SCP 1 | 15 | .Dt SCP 1 |
diff --git a/ssh-add.1.in b/ssh-add.1 index 80ba28873..e326940de 100644 --- a/ssh-add.1.in +++ b/ssh-add.1 | |||
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: ssh-add.1.in,v 1.1 1999/12/26 22:23:58 damien Exp $ | 12 | .\" $Id: ssh-add.1,v 1.8 2000/01/20 12:13:36 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSH-ADD 1 | 15 | .Dt SSH-ADD 1 |
diff --git a/ssh-agent.1.in b/ssh-agent.1 index f8084e299..506b83723 100644 --- a/ssh-agent.1.in +++ b/ssh-agent.1 | |||
@@ -109,14 +109,6 @@ environment variable holds the agent's PID. | |||
109 | .Pp | 109 | .Pp |
110 | The agent exits automatically when the command given on the command | 110 | The agent exits automatically when the command given on the command |
111 | line terminates. | 111 | line terminates. |
112 | .Pp | ||
113 | Here's a trick that will allow you to start this up from your .bash_profile (just put it in as the first thing that happens): | ||
114 | .Sp | ||
115 | .Vb 1 | ||
116 | |||
117 | \& [ ! "$SSH_AGENT_PID" ] && exec ssh-agent -- bash --login | ||
118 | \& ssh-add | ||
119 | .Ve | ||
120 | .Sh FILES | 112 | .Sh FILES |
121 | .Bl -tag -width Ds | 113 | .Bl -tag -width Ds |
122 | .It Pa $HOME/.ssh/identity | 114 | .It Pa $HOME/.ssh/identity |
diff --git a/ssh-keygen.1.in b/ssh-keygen.1 index 493484756..bc2a0bec7 100644 --- a/ssh-keygen.1.in +++ b/ssh-keygen.1 | |||
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: ssh-keygen.1.in,v 1.1 1999/12/26 22:23:58 damien Exp $ | 12 | .\" $Id: ssh-keygen.1,v 1.8 2000/01/20 12:13:37 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSH-KEYGEN 1 | 15 | .Dt SSH-KEYGEN 1 |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: ssh.1.in,v 1.3 2000/01/20 11:44:09 damien Exp $ | 12 | .\" $Id: ssh.1,v 1.15 2000/01/20 12:13:38 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSH 1 | 15 | .Dt SSH 1 |
@@ -66,7 +66,7 @@ his/her identity to the remote machine using one of several methods. | |||
66 | First, if the machine the user logs in from is listed in | 66 | First, if the machine the user logs in from is listed in |
67 | .Pa /etc/hosts.equiv | 67 | .Pa /etc/hosts.equiv |
68 | or | 68 | or |
69 | .Pa @sysconfdir@/shosts.equiv | 69 | .Pa /etc/shosts.equiv |
70 | on the remote machine, and the user names are | 70 | on the remote machine, and the user names are |
71 | the same on both sides, the user is immediately permitted to log in. | 71 | the same on both sides, the user is immediately permitted to log in. |
72 | Second, if | 72 | Second, if |
@@ -89,10 +89,10 @@ means that if the login would be permitted by | |||
89 | .Pa \&.shosts , | 89 | .Pa \&.shosts , |
90 | .Pa /etc/hosts.equiv , | 90 | .Pa /etc/hosts.equiv , |
91 | or | 91 | or |
92 | .Pa @sysconfdir@/shosts.equiv , | 92 | .Pa /etc/shosts.equiv , |
93 | and if additionally the server can verify the client's | 93 | and if additionally the server can verify the client's |
94 | host key (see | 94 | host key (see |
95 | .Pa @sysconfdir@/ssh_known_hosts | 95 | .Pa /etc/ssh_known_hosts |
96 | and | 96 | and |
97 | .Pa $HOME/.ssh/known_hosts | 97 | .Pa $HOME/.ssh/known_hosts |
98 | in the | 98 | in the |
@@ -250,7 +250,7 @@ identifications for all hosts it has ever been used with. The | |||
250 | database is stored in | 250 | database is stored in |
251 | .Pa \&.ssh/known_hosts | 251 | .Pa \&.ssh/known_hosts |
252 | in the user's home directory. Additionally, the file | 252 | in the user's home directory. Additionally, the file |
253 | .Pa @sysconfdir@/ssh_known_hosts | 253 | .Pa /etc/ssh_known_hosts |
254 | is automatically checked for known hosts. Any new hosts are | 254 | is automatically checked for known hosts. Any new hosts are |
255 | automatically added to the user's file. If a host's identification | 255 | automatically added to the user's file. If a host's identification |
256 | ever changes, | 256 | ever changes, |
@@ -434,7 +434,7 @@ obtains configuration data from the following sources (in this order): | |||
434 | command line options, user's configuration file | 434 | command line options, user's configuration file |
435 | .Pq Pa $HOME/.ssh/config , | 435 | .Pq Pa $HOME/.ssh/config , |
436 | and system-wide configuration file | 436 | and system-wide configuration file |
437 | .Pq Pa @sysconfdir@/ssh_config . | 437 | .Pq Pa /etc/ssh_config . |
438 | For each parameter, the first obtained value | 438 | For each parameter, the first obtained value |
439 | will be used. The configuration files contain sections bracketed by | 439 | will be used. The configuration files contain sections bracketed by |
440 | "Host" specifications, and that section is only applied for hosts that | 440 | "Host" specifications, and that section is only applied for hosts that |
@@ -568,7 +568,7 @@ The default is | |||
568 | .Dq no . | 568 | .Dq no . |
569 | .It Cm GlobalKnownHostsFile | 569 | .It Cm GlobalKnownHostsFile |
570 | Specifies a file to use instead of | 570 | Specifies a file to use instead of |
571 | .Pa @sysconfdir@/ssh_known_hosts . | 571 | .Pa /etc/ssh_known_hosts . |
572 | .It Cm HostName | 572 | .It Cm HostName |
573 | Specifies the real host name to log into. This can be used to specify | 573 | Specifies the real host name to log into. This can be used to specify |
574 | nicnames or abbreviations for hosts. Default is the name given on the | 574 | nicnames or abbreviations for hosts. Default is the name given on the |
@@ -710,7 +710,7 @@ ssh will never automatically add host keys to the | |||
710 | file, and refuses to connect hosts whose host key has changed. This | 710 | file, and refuses to connect hosts whose host key has changed. This |
711 | provides maximum protection against trojan horse attacks. However, it | 711 | provides maximum protection against trojan horse attacks. However, it |
712 | can be somewhat annoying if you don't have good | 712 | can be somewhat annoying if you don't have good |
713 | .Pa @sysconfdir@/ssh_known_hosts | 713 | .Pa /etc/ssh_known_hosts |
714 | files installed and frequently | 714 | files installed and frequently |
715 | connect new hosts. Basically this option forces the user to manually | 715 | connect new hosts. Basically this option forces the user to manually |
716 | add any new hosts. Normally this option is disabled, and new hosts | 716 | add any new hosts. Normally this option is disabled, and new hosts |
@@ -817,7 +817,7 @@ to the environment. | |||
817 | .It Pa $HOME/.ssh/known_hosts | 817 | .It Pa $HOME/.ssh/known_hosts |
818 | Records host keys for all hosts the user has logged into (that are not | 818 | Records host keys for all hosts the user has logged into (that are not |
819 | in | 819 | in |
820 | .Pa @sysconfdir@/ssh_known_hosts ) . | 820 | .Pa /etc/ssh_known_hosts ) . |
821 | See | 821 | See |
822 | .Xr sshd 8 . | 822 | .Xr sshd 8 . |
823 | .It Pa $HOME/.ssh/identity | 823 | .It Pa $HOME/.ssh/identity |
@@ -856,7 +856,7 @@ identity files (that is, each line contains the number of bits in | |||
856 | modulus, public exponent, modulus, and comment fields, separated by | 856 | modulus, public exponent, modulus, and comment fields, separated by |
857 | spaces). This file is not highly sensitive, but the recommended | 857 | spaces). This file is not highly sensitive, but the recommended |
858 | permissions are read/write for the user, and not accessible by others. | 858 | permissions are read/write for the user, and not accessible by others. |
859 | .It Pa @sysconfdir@/ssh_known_hosts | 859 | .It Pa /etc/ssh_known_hosts |
860 | Systemwide list of known host keys. This file should be prepared by the | 860 | Systemwide list of known host keys. This file should be prepared by the |
861 | system administrator to contain the public host keys of all machines in the | 861 | system administrator to contain the public host keys of all machines in the |
862 | organization. This file should be world-readable. This file contains | 862 | organization. This file should be world-readable. This file contains |
@@ -875,7 +875,7 @@ to verify the client host when logging in; other names are needed because | |||
875 | does not convert the user-supplied name to a canonical name before | 875 | does not convert the user-supplied name to a canonical name before |
876 | checking the key, because someone with access to the name servers | 876 | checking the key, because someone with access to the name servers |
877 | would then be able to fool host authentication. | 877 | would then be able to fool host authentication. |
878 | .It Pa @sysconfdir@/ssh_config | 878 | .It Pa /etc/ssh_config |
879 | Systemwide configuration file. This file provides defaults for those | 879 | Systemwide configuration file. This file provides defaults for those |
880 | values that are not specified in the user's configuration file, and | 880 | values that are not specified in the user's configuration file, and |
881 | for those users who do not have a configuration file. This file must | 881 | for those users who do not have a configuration file. This file must |
@@ -902,7 +902,7 @@ Note that by default | |||
902 | will be installed so that it requires successful RSA host | 902 | will be installed so that it requires successful RSA host |
903 | authentication before permitting \s+2.\s0rhosts authentication. If your | 903 | authentication before permitting \s+2.\s0rhosts authentication. If your |
904 | server machine does not have the client's host key in | 904 | server machine does not have the client's host key in |
905 | .Pa @sysconfdir@/ssh_known_hosts , | 905 | .Pa /etc/ssh_known_hosts , |
906 | you can store it in | 906 | you can store it in |
907 | .Pa $HOME/.ssh/known_hosts . | 907 | .Pa $HOME/.ssh/known_hosts . |
908 | The easiest way to do this is to | 908 | The easiest way to do this is to |
@@ -929,13 +929,13 @@ manual page). If the client host is found in this file, login is | |||
929 | automatically permitted provided client and server user names are the | 929 | automatically permitted provided client and server user names are the |
930 | same. Additionally, successful RSA host authentication is normally | 930 | same. Additionally, successful RSA host authentication is normally |
931 | required. This file should only be writable by root. | 931 | required. This file should only be writable by root. |
932 | .It Pa @sysconfdir@/shosts.equiv | 932 | .It Pa /etc/shosts.equiv |
933 | This file is processed exactly as | 933 | This file is processed exactly as |
934 | .Pa /etc/hosts.equiv . | 934 | .Pa /etc/hosts.equiv . |
935 | This file may be useful to permit logins using | 935 | This file may be useful to permit logins using |
936 | .Nm | 936 | .Nm |
937 | but not using rsh/rlogin. | 937 | but not using rsh/rlogin. |
938 | .It Pa @sysconfdir@/sshrc | 938 | .It Pa /etc/sshrc |
939 | Commands in this file are executed by | 939 | Commands in this file are executed by |
940 | .Nm | 940 | .Nm |
941 | when the user logs in just before the user's shell (or command) is started. | 941 | when the user logs in just before the user's shell (or command) is started. |
diff --git a/ssh_config.in b/ssh_config index 9fb064deb..6e732a22e 100644 --- a/ssh_config.in +++ b/ssh_config | |||
@@ -28,3 +28,9 @@ | |||
28 | # Port 22 | 28 | # Port 22 |
29 | # Cipher blowfish | 29 | # Cipher blowfish |
30 | # EscapeChar ~ | 30 | # EscapeChar ~ |
31 | |||
32 | # Be paranoid by default | ||
33 | Host * | ||
34 | ForwardAgent no | ||
35 | ForwardX11 no | ||
36 | FallBackToRsh no | ||
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: sshd.8.in,v 1.4 2000/01/20 11:44:10 damien Exp $ | 12 | .\" $Id: sshd.8,v 1.11 2000/01/20 12:13:39 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSHD 8 | 15 | .Dt SSHD 8 |
@@ -123,7 +123,7 @@ not fork and will only process one connection. This option is only | |||
123 | intended for debugging for the server. | 123 | intended for debugging for the server. |
124 | .It Fl f Ar configuration_file | 124 | .It Fl f Ar configuration_file |
125 | Specifies the name of the configuration file. The default is | 125 | Specifies the name of the configuration file. The default is |
126 | .Pa @sysconfdir@/sshd_config . | 126 | .Pa /etc/sshd_config . |
127 | .Nm | 127 | .Nm |
128 | refuses to start if there is no configuration file. | 128 | refuses to start if there is no configuration file. |
129 | .It Fl g Ar login_grace_time | 129 | .It Fl g Ar login_grace_time |
@@ -133,7 +133,7 @@ this many seconds, the server disconnects and exits. A value of zero | |||
133 | indicates no limit. | 133 | indicates no limit. |
134 | .It Fl h Ar host_key_file | 134 | .It Fl h Ar host_key_file |
135 | Specifies the file from which the host key is read (default | 135 | Specifies the file from which the host key is read (default |
136 | .Pa @sysconfdir@/ssh_host_key ) . | 136 | .Pa /etc/ssh_host_key ) . |
137 | This option must be given if | 137 | This option must be given if |
138 | .Nm | 138 | .Nm |
139 | is not run as root (as the normal | 139 | is not run as root (as the normal |
@@ -185,7 +185,7 @@ to use IPv6 addresses only. | |||
185 | .Sh CONFIGURATION FILE | 185 | .Sh CONFIGURATION FILE |
186 | .Nm | 186 | .Nm |
187 | reads configuration data from | 187 | reads configuration data from |
188 | .Pa @sysconfdir@/sshd_config | 188 | .Pa /etc/sshd_config |
189 | (or the file specified with | 189 | (or the file specified with |
190 | .Fl f | 190 | .Fl f |
191 | on the command line). The file | 191 | on the command line). The file |
@@ -253,7 +253,7 @@ id isn't recognized. By default login is allowed regardless of | |||
253 | the user name. | 253 | the user name. |
254 | .It Cm HostKey | 254 | .It Cm HostKey |
255 | Specifies the file containing the private host key (default | 255 | Specifies the file containing the private host key (default |
256 | .Pa @sysconfdir@/ssh_host_key ) . | 256 | .Pa /etc/ssh_host_key ) . |
257 | Note that | 257 | Note that |
258 | .Nm | 258 | .Nm |
259 | does not start if this file is group/world-accessible. | 259 | does not start if this file is group/world-accessible. |
@@ -262,7 +262,7 @@ Specifies that rhosts and shosts files will not be used in | |||
262 | authentication. | 262 | authentication. |
263 | .Pa /etc/hosts.equiv | 263 | .Pa /etc/hosts.equiv |
264 | and | 264 | and |
265 | .Pa @sysconfdir@/shosts.equiv | 265 | .Pa /etc/shosts.equiv |
266 | are still used. The default is | 266 | are still used. The default is |
267 | .Dq no . | 267 | .Dq no . |
268 | .It Cm IgnoreUserKnownHosts | 268 | .It Cm IgnoreUserKnownHosts |
@@ -483,7 +483,7 @@ Changes to user's home directory. | |||
483 | If | 483 | If |
484 | .Pa $HOME/.ssh/rc | 484 | .Pa $HOME/.ssh/rc |
485 | exists, runs it; else if | 485 | exists, runs it; else if |
486 | .Pa @sysconfdir@/sshrc | 486 | .Pa /etc/sshrc |
487 | exists, runs | 487 | exists, runs |
488 | it; otherwise runs xauth. The | 488 | it; otherwise runs xauth. The |
489 | .Dq rc | 489 | .Dq rc |
@@ -569,7 +569,7 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula | |||
569 | command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi | 569 | command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi |
570 | .Sh SSH_KNOWN_HOSTS FILE FORMAT | 570 | .Sh SSH_KNOWN_HOSTS FILE FORMAT |
571 | The | 571 | The |
572 | .Pa @sysconfdir@/ssh_known_hosts | 572 | .Pa /etc/ssh_known_hosts |
573 | and | 573 | and |
574 | .Pa $HOME/.ssh/known_hosts | 574 | .Pa $HOME/.ssh/known_hosts |
575 | files contain host public keys for all known hosts. The global file should | 575 | files contain host public keys for all known hosts. The global file should |
@@ -592,7 +592,7 @@ pattern on the line. | |||
592 | .Pp | 592 | .Pp |
593 | Bits, exponent, and modulus are taken directly from the host key; they | 593 | Bits, exponent, and modulus are taken directly from the host key; they |
594 | can be obtained, e.g., from | 594 | can be obtained, e.g., from |
595 | .Pa @sysconfdir@/ssh_host_key.pub . | 595 | .Pa /etc/ssh_host_key.pub . |
596 | The optional comment field continues to the end of the line, and is not used. | 596 | The optional comment field continues to the end of the line, and is not used. |
597 | .Pp | 597 | .Pp |
598 | Lines starting with | 598 | Lines starting with |
@@ -611,25 +611,25 @@ Note that the lines in these files are typically hundreds of characters | |||
611 | long, and you definitely don't want to type in the host keys by hand. | 611 | long, and you definitely don't want to type in the host keys by hand. |
612 | Rather, generate them by a script | 612 | Rather, generate them by a script |
613 | or by taking | 613 | or by taking |
614 | .Pa @sysconfdir@/ssh_host_key.pub | 614 | .Pa /etc/ssh_host_key.pub |
615 | and adding the host names at the front. | 615 | and adding the host names at the front. |
616 | .Ss Examples | 616 | .Ss Examples |
617 | closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi | 617 | closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi |
618 | .Sh FILES | 618 | .Sh FILES |
619 | .Bl -tag -width Ds | 619 | .Bl -tag -width Ds |
620 | .It Pa @sysconfdir@/sshd_config | 620 | .It Pa /etc/sshd_config |
621 | Contains configuration data for | 621 | Contains configuration data for |
622 | .Nm sshd . | 622 | .Nm sshd . |
623 | This file should be writable by root only, but it is recommended | 623 | This file should be writable by root only, but it is recommended |
624 | (though not necessary) that it be world-readable. | 624 | (though not necessary) that it be world-readable. |
625 | .It Pa @sysconfdir@/ssh_host_key | 625 | .It Pa /etc/ssh_host_key |
626 | Contains the private part of the host key. | 626 | Contains the private part of the host key. |
627 | This file should only be owned by root, readable only by root, and not | 627 | This file should only be owned by root, readable only by root, and not |
628 | accessible to others. | 628 | accessible to others. |
629 | Note that | 629 | Note that |
630 | .Nm | 630 | .Nm |
631 | does not start if this file is group/world-accessible. | 631 | does not start if this file is group/world-accessible. |
632 | .It Pa @sysconfdir@/ssh_host_key.pub | 632 | .It Pa /etc/ssh_host_key.pub |
633 | Contains the public part of the host key. | 633 | Contains the public part of the host key. |
634 | This file should be world-readable but writable only by | 634 | This file should be world-readable but writable only by |
635 | root. Its contents should match the private part. This file is not | 635 | root. Its contents should match the private part. This file is not |
@@ -637,7 +637,7 @@ really used for anything; it is only provided for the convenience of | |||
637 | the user so its contents can be copied to known hosts files. | 637 | the user so its contents can be copied to known hosts files. |
638 | These two files are created using | 638 | These two files are created using |
639 | .Xr ssh-keygen 1 . | 639 | .Xr ssh-keygen 1 . |
640 | .It Pa @piddir@/sshd.pid | 640 | .It Pa /var/run/sshd.pid |
641 | Contains the process ID of the | 641 | Contains the process ID of the |
642 | .Nm | 642 | .Nm |
643 | listening for connections (if there are several daemons running | 643 | listening for connections (if there are several daemons running |
@@ -650,14 +650,14 @@ This file must be readable by root (which may on some machines imply | |||
650 | it being world-readable if the user's home directory resides on an NFS | 650 | it being world-readable if the user's home directory resides on an NFS |
651 | volume). It is recommended that it not be accessible by others. The | 651 | volume). It is recommended that it not be accessible by others. The |
652 | format of this file is described above. | 652 | format of this file is described above. |
653 | .It Pa "@sysconfdir@_known_hosts" and "$HOME/.ssh/known_hosts" | 653 | .It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts" |
654 | These files are consulted when using rhosts with RSA host | 654 | These files are consulted when using rhosts with RSA host |
655 | authentication to check the public key of the host. The key must be | 655 | authentication to check the public key of the host. The key must be |
656 | listed in one of these files to be accepted. | 656 | listed in one of these files to be accepted. |
657 | The client uses the same files | 657 | The client uses the same files |
658 | to verify that the remote host is the one we intended to | 658 | to verify that the remote host is the one we intended to |
659 | connect. These files should be writable only by root/the owner. | 659 | connect. These files should be writable only by root/the owner. |
660 | .Pa @sysconfdir@/ssh_known_hosts | 660 | .Pa /etc/ssh_known_hosts |
661 | should be world-readable, and | 661 | should be world-readable, and |
662 | .Pa $HOME/.ssh/known_hosts | 662 | .Pa $HOME/.ssh/known_hosts |
663 | can but need not be world-readable. | 663 | can but need not be world-readable. |
@@ -719,7 +719,7 @@ user root access. The only valid use for user names that I can think | |||
719 | of is in negative entries. | 719 | of is in negative entries. |
720 | .Pp | 720 | .Pp |
721 | Note that this warning also applies to rsh/rlogin. | 721 | Note that this warning also applies to rsh/rlogin. |
722 | .It Pa @sysconfdir@/shosts.equiv | 722 | .It Pa /etc/shosts.equiv |
723 | This is processed exactly as | 723 | This is processed exactly as |
724 | .Pa /etc/hosts.equiv . | 724 | .Pa /etc/hosts.equiv . |
725 | However, this file may be useful in environments that want to run both | 725 | However, this file may be useful in environments that want to run both |
@@ -749,13 +749,13 @@ something similar to: "if read proto cookie; then echo add $DISPLAY | |||
749 | $proto $cookie | xauth -q -; fi". | 749 | $proto $cookie | xauth -q -; fi". |
750 | .Pp | 750 | .Pp |
751 | If this file does not exist, | 751 | If this file does not exist, |
752 | .Pa @sysconfdir@/sshrc | 752 | .Pa /etc/sshrc |
753 | is run, and if that | 753 | is run, and if that |
754 | does not exist either, xauth is used to store the cookie. | 754 | does not exist either, xauth is used to store the cookie. |
755 | .Pp | 755 | .Pp |
756 | This file should be writable only by the user, and need not be | 756 | This file should be writable only by the user, and need not be |
757 | readable by anyone else. | 757 | readable by anyone else. |
758 | .It Pa @sysconfdir@/sshrc | 758 | .It Pa /etc/sshrc |
759 | Like | 759 | Like |
760 | .Pa $HOME/.ssh/rc . | 760 | .Pa $HOME/.ssh/rc . |
761 | This can be used to specify | 761 | This can be used to specify |
diff --git a/sshd_config.in b/sshd_config index cb2c56e05..614cf706b 100644 --- a/sshd_config.in +++ b/sshd_config | |||
@@ -3,58 +3,48 @@ | |||
3 | Port 22 | 3 | Port 22 |
4 | ListenAddress 0.0.0.0 | 4 | ListenAddress 0.0.0.0 |
5 | #ListenAddress :: | 5 | #ListenAddress :: |
6 | HostKey @sysconfdir@/ssh_host_key | 6 | HostKey /etc/ssh_host_key |
7 | ServerKeyBits 768 | 7 | ServerKeyBits 768 |
8 | LoginGraceTime 600 | 8 | LoginGraceTime 600 |
9 | KeyRegenerationInterval 3600 | 9 | KeyRegenerationInterval 3600 |
10 | PermitRootLogin yes | 10 | PermitRootLogin yes |
11 | # | ||
12 | # Don't read ~/.rhosts and ~/.shosts files | ||
13 | IgnoreRhosts yes | ||
14 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication | ||
15 | #IgnoreUserKnownHosts yes | ||
11 | StrictModes yes | 16 | StrictModes yes |
12 | X11Forwarding no | 17 | X11Forwarding no |
13 | X11DisplayOffset 10 | 18 | X11DisplayOffset 10 |
14 | PrintMotd yes | 19 | PrintMotd yes |
15 | KeepAlive yes | 20 | KeepAlive yes |
16 | CheckMail no | ||
17 | UseLogin no | ||
18 | 21 | ||
19 | # | 22 | # Logging |
20 | # Loglevel replaces QuietMode and FascistLogging | ||
21 | # | ||
22 | SyslogFacility AUTH | 23 | SyslogFacility AUTH |
23 | LogLevel INFO | 24 | LogLevel INFO |
25 | #obsoletes QuietMode and FascistLogging | ||
24 | 26 | ||
25 | # | ||
26 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | ||
27 | # | ||
28 | RhostsRSAAuthentication no | ||
29 | |||
30 | # | ||
31 | # Don't read ~/.rhosts and ~/.shosts files | ||
32 | # | ||
33 | IgnoreRhosts yes | ||
34 | RhostsAuthentication no | 27 | RhostsAuthentication no |
35 | |||
36 | # | 28 | # |
37 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication | 29 | # For this to work you will also need host keys in /etc/ssh_known_hosts |
30 | RhostsRSAAuthentication no | ||
38 | # | 31 | # |
39 | #IgnoreUserKnownHosts yes | ||
40 | |||
41 | RSAAuthentication yes | 32 | RSAAuthentication yes |
42 | 33 | ||
43 | # To disable tunneled clear text passwords, change to no here! | 34 | # To disable tunneled clear text passwords, change to no here! |
44 | PasswordAuthentication yes | 35 | PasswordAuthentication yes |
45 | PermitEmptyPasswords no | 36 | PermitEmptyPasswords no |
46 | 37 | # Uncomment to disable s/key passwords | |
47 | # | ||
48 | # Uncomment to disable s/key passwords (must be compiled with s/key support) | ||
49 | # | ||
50 | #SkeyAuthentication no | 38 | #SkeyAuthentication no |
51 | 39 | ||
52 | # | 40 | # To change Kerberos options |
53 | # To change Kerberos options (must be compiled with Kerberos support) | ||
54 | # | ||
55 | #KerberosAuthentication no | 41 | #KerberosAuthentication no |
56 | #KerberosOrLocalPasswd yes | 42 | #KerberosOrLocalPasswd yes |
57 | #AFSTokenPassing no | 43 | #AFSTokenPassing no |
58 | #KerberosTicketCleanup no | 44 | #KerberosTicketCleanup no |
45 | |||
59 | # Kerberos TGT Passing does only work with the AFS kaserver | 46 | # Kerberos TGT Passing does only work with the AFS kaserver |
60 | #KerberosTgtPassing yes | 47 | #KerberosTgtPassing yes |
48 | |||
49 | CheckMail no | ||
50 | UseLogin no | ||