summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--ssh-keygen.17
-rw-r--r--ssh.112
-rw-r--r--ssh_config.514
-rw-r--r--sshd.88
-rw-r--r--sshd_config.541
6 files changed, 32 insertions, 55 deletions
diff --git a/ChangeLog b/ChangeLog
index 1502ec873..9cabcb46d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,11 @@
29 - djm@cvs.openbsd.org 2013/06/22 06:31:57 29 - djm@cvs.openbsd.org 2013/06/22 06:31:57
30 [scp.c] 30 [scp.c]
31 improved time_t overflow check suggested by guenther@ 31 improved time_t overflow check suggested by guenther@
32 - jmc@cvs.openbsd.org 2013/06/27 14:05:37
33 [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
34 do not use Sx for sections outwith the man page - ingo informs me that
35 stuff like html will render with broken links;
36 issue reported by Eric S. Raymond, via djm
32 37
3320130702 3820130702
34 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config 39 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 7da73e07c..0d55854e9 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.115 2013/01/19 07:13:25 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.116 2013/06/27 14:05:37 jmc Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: January 19 2013 $ 38.Dd $Mdocdate: June 27 2013 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -516,8 +516,7 @@ of two times separated by a colon to indicate an explicit time interval.
516The start time may be specified as a date in YYYYMMDD format, a time 516The start time may be specified as a date in YYYYMMDD format, a time
517in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting 517in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
518of a minus sign followed by a relative time in the format described in the 518of a minus sign followed by a relative time in the format described in the
519.Sx TIME FORMATS 519TIME FORMATS section of
520section of
521.Xr sshd_config 5 . 520.Xr sshd_config 5 .
522The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or 521The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
523a relative time starting with a plus character. 522a relative time starting with a plus character.
diff --git a/ssh.1 b/ssh.1
index dc7af4864..3cb4254eb 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh.1,v 1.332 2013/04/19 01:06:50 djm Exp $ 36.\" $OpenBSD: ssh.1,v 1.333 2013/06/27 14:05:37 jmc Exp $
37.Dd $Mdocdate: April 19 2013 $ 37.Dd $Mdocdate: June 27 2013 $
38.Dt SSH 1 38.Dt SSH 1
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -754,9 +754,7 @@ implements public key authentication protocol automatically,
754using one of the DSA, ECDSA or RSA algorithms. 754using one of the DSA, ECDSA or RSA algorithms.
755Protocol 1 is restricted to using only RSA keys, 755Protocol 1 is restricted to using only RSA keys,
756but protocol 2 may use any. 756but protocol 2 may use any.
757The 757The HISTORY section of
758.Sx HISTORY
759section of
760.Xr ssl 8 758.Xr ssl 8
761contains a brief discussion of the DSA and RSA algorithms. 759contains a brief discussion of the DSA and RSA algorithms.
762.Pp 760.Pp
@@ -812,9 +810,7 @@ instead of a set of public/private keys,
812signed certificates are used. 810signed certificates are used.
813This has the advantage that a single trusted certification authority 811This has the advantage that a single trusted certification authority
814can be used in place of many public/private keys. 812can be used in place of many public/private keys.
815See the 813See the CERTIFICATES section of
816.Sx CERTIFICATES
817section of
818.Xr ssh-keygen 1 814.Xr ssh-keygen 1
819for more information. 815for more information.
820.Pp 816.Pp
diff --git a/ssh_config.5 b/ssh_config.5
index 86906a488..5d76c6d2d 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.165 2013/06/21 00:37:49 djm Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.166 2013/06/27 14:05:37 jmc Exp $
37.Dd $Mdocdate: June 21 2013 $ 37.Dd $Mdocdate: June 27 2013 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -474,8 +474,7 @@ option is also enabled.
474.It Cm ForwardX11Timeout 474.It Cm ForwardX11Timeout
475Specify a timeout for untrusted X11 forwarding 475Specify a timeout for untrusted X11 forwarding
476using the format described in the 476using the format described in the
477.Sx TIME FORMATS 477TIME FORMATS section of
478section of
479.Xr sshd_config 5 . 478.Xr sshd_config 5 .
480X11 connections received by 479X11 connections received by
481.Xr ssh 1 480.Xr ssh 1
@@ -964,8 +963,7 @@ and
964depending on the cipher. 963depending on the cipher.
965The optional second value is specified in seconds and may use any of the 964The optional second value is specified in seconds and may use any of the
966units documented in the 965units documented in the
967.Sx TIME FORMATS 966TIME FORMATS section of
968section of
969.Xr sshd_config 5 . 967.Xr sshd_config 5 .
970The default value for 968The default value for
971.Cm RekeyLimit 969.Cm RekeyLimit
@@ -1251,9 +1249,7 @@ The default is
1251.Dq no . 1249.Dq no .
1252Note that this option applies to protocol version 2 only. 1250Note that this option applies to protocol version 2 only.
1253.Pp 1251.Pp
1254See also 1252See also VERIFYING HOST KEYS in
1255.Sx VERIFYING HOST KEYS
1256in
1257.Xr ssh 1 . 1253.Xr ssh 1 .
1258.It Cm VisualHostKey 1254.It Cm VisualHostKey
1259If this flag is set to 1255If this flag is set to
diff --git a/sshd.8 b/sshd.8
index 03b77b04e..b0c7ab6bd 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd.8,v 1.269 2013/04/07 09:40:27 dtucker Exp $ 36.\" $OpenBSD: sshd.8,v 1.270 2013/06/27 14:05:37 jmc Exp $
37.Dd $Mdocdate: April 7 2013 $ 37.Dd $Mdocdate: June 27 2013 $
38.Dt SSHD 8 38.Dt SSHD 8
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -567,9 +567,7 @@ is enabled.
567Specifies that in addition to public key authentication, either the canonical 567Specifies that in addition to public key authentication, either the canonical
568name of the remote host or its IP address must be present in the 568name of the remote host or its IP address must be present in the
569comma-separated list of patterns. 569comma-separated list of patterns.
570See 570See PATTERNS in
571.Sx PATTERNS
572in
573.Xr ssh_config 5 571.Xr ssh_config 5
574for more information on patterns. 572for more information on patterns.
575.Pp 573.Pp
diff --git a/sshd_config.5 b/sshd_config.5
index 18b1d81a0..3807c0f3c 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd_config.5,v 1.160 2013/05/16 06:30:06 jmc Exp $ 36.\" $OpenBSD: sshd_config.5,v 1.161 2013/06/27 14:05:37 jmc Exp $
37.Dd $Mdocdate: May 16 2013 $ 37.Dd $Mdocdate: June 27 2013 $
38.Dt SSHD_CONFIG 5 38.Dt SSHD_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -117,9 +117,7 @@ The allow/deny directives are processed in the following order:
117and finally 117and finally
118.Cm AllowGroups . 118.Cm AllowGroups .
119.Pp 119.Pp
120See 120See PATTERNS in
121.Sx PATTERNS
122in
123.Xr ssh_config 5 121.Xr ssh_config 5
124for more information on patterns. 122for more information on patterns.
125.It Cm AllowTcpForwarding 123.It Cm AllowTcpForwarding
@@ -159,9 +157,7 @@ The allow/deny directives are processed in the following order:
159and finally 157and finally
160.Cm AllowGroups . 158.Cm AllowGroups .
161.Pp 159.Pp
162See 160See PATTERNS in
163.Sx PATTERNS
164in
165.Xr ssh_config 5 161.Xr ssh_config 5
166for more information on patterns. 162for more information on patterns.
167.It Cm AuthenticationMethods 163.It Cm AuthenticationMethods
@@ -205,9 +201,7 @@ Specifies a program to be used to look up the user's public keys.
205The program must be owned by root and not writable by group or others. 201The program must be owned by root and not writable by group or others.
206It will be invoked with a single argument of the username 202It will be invoked with a single argument of the username
207being authenticated, and should produce on standard output zero or 203being authenticated, and should produce on standard output zero or
208more lines of authorized_keys output (see 204more lines of authorized_keys output (see AUTHORIZED_KEYS in
209.Sx AUTHORIZED_KEYS
210in
211.Xr sshd 8 ) . 205.Xr sshd 8 ) .
212If a key supplied by AuthorizedKeysCommand does not successfully authenticate 206If a key supplied by AuthorizedKeysCommand does not successfully authenticate
213and authorize the user then public key authentication continues using the usual 207and authorize the user then public key authentication continues using the usual
@@ -222,7 +216,7 @@ than running authorized keys commands.
222Specifies the file that contains the public keys that can be used 216Specifies the file that contains the public keys that can be used
223for user authentication. 217for user authentication.
224The format is described in the 218The format is described in the
225.Sx AUTHORIZED_KEYS FILE FORMAT 219AUTHORIZED_KEYS FILE FORMAT
226section of 220section of
227.Xr sshd 8 . 221.Xr sshd 8 .
228.Cm AuthorizedKeysFile 222.Cm AuthorizedKeysFile
@@ -246,9 +240,7 @@ When using certificates signed by a key listed in
246this file lists names, one of which must appear in the certificate for it 240this file lists names, one of which must appear in the certificate for it
247to be accepted for authentication. 241to be accepted for authentication.
248Names are listed one per line preceded by key options (as described 242Names are listed one per line preceded by key options (as described
249in 243in AUTHORIZED_KEYS FILE FORMAT in
250.Sx AUTHORIZED_KEYS FILE FORMAT
251in
252.Xr sshd 8 ) . 244.Xr sshd 8 ) .
253Empty lines and comments starting with 245Empty lines and comments starting with
254.Ql # 246.Ql #
@@ -426,9 +418,7 @@ The allow/deny directives are processed in the following order:
426and finally 418and finally
427.Cm AllowGroups . 419.Cm AllowGroups .
428.Pp 420.Pp
429See 421See PATTERNS in
430.Sx PATTERNS
431in
432.Xr ssh_config 5 422.Xr ssh_config 5
433for more information on patterns. 423for more information on patterns.
434.It Cm DenyUsers 424.It Cm DenyUsers
@@ -447,9 +437,7 @@ The allow/deny directives are processed in the following order:
447and finally 437and finally
448.Cm AllowGroups . 438.Cm AllowGroups .
449.Pp 439.Pp
450See 440See PATTERNS in
451.Sx PATTERNS
452in
453.Xr ssh_config 5 441.Xr ssh_config 5
454for more information on patterns. 442for more information on patterns.
455.It Cm ForceCommand 443.It Cm ForceCommand
@@ -761,8 +749,7 @@ and
761.Cm Address . 749.Cm Address .
762The match patterns may consist of single entries or comma-separated 750The match patterns may consist of single entries or comma-separated
763lists and may use the wildcard and negation operators described in the 751lists and may use the wildcard and negation operators described in the
764.Sx PATTERNS 752PATTERNS section of
765section of
766.Xr ssh_config 5 . 753.Xr ssh_config 5 .
767.Pp 754.Pp
768The patterns in an 755The patterns in an
@@ -1043,9 +1030,7 @@ be refused for all users.
1043Keys may be specified as a text file, listing one public key per line, or as 1030Keys may be specified as a text file, listing one public key per line, or as
1044an OpenSSH Key Revocation List (KRL) as generated by 1031an OpenSSH Key Revocation List (KRL) as generated by
1045.Xr ssh-keygen 1 . 1032.Xr ssh-keygen 1 .
1046For more information on KRLs, see the 1033For more information on KRLs, see the KEY REVOCATION LISTS section in
1047.Sx KEY REVOCATION LISTS
1048section in
1049.Xr ssh-keygen 1 . 1034.Xr ssh-keygen 1 .
1050.It Cm RhostsRSAAuthentication 1035.It Cm RhostsRSAAuthentication
1051Specifies whether rhosts or /etc/hosts.equiv authentication together 1036Specifies whether rhosts or /etc/hosts.equiv authentication together
@@ -1134,9 +1119,7 @@ listed in the certificate's principals list.
1134Note that certificates that lack a list of principals will not be permitted 1119Note that certificates that lack a list of principals will not be permitted
1135for authentication using 1120for authentication using
1136.Cm TrustedUserCAKeys . 1121.Cm TrustedUserCAKeys .
1137For more details on certificates, see the 1122For more details on certificates, see the CERTIFICATES section in
1138.Sx CERTIFICATES
1139section in
1140.Xr ssh-keygen 1 . 1123.Xr ssh-keygen 1 .
1141.It Cm UseDNS 1124.It Cm UseDNS
1142Specifies whether 1125Specifies whether