diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | ssh.1 | 6 | ||||
-rw-r--r-- | sshd.8 | 14 | ||||
-rw-r--r-- | sshd_config.5 | 15 |
4 files changed, 25 insertions, 15 deletions
@@ -30,6 +30,9 @@ | |||
30 | - stevesk@cvs.openbsd.org 2002/08/09 17:41:12 | 30 | - stevesk@cvs.openbsd.org 2002/08/09 17:41:12 |
31 | [sshd_config.5] | 31 | [sshd_config.5] |
32 | proxy vs. fake display | 32 | proxy vs. fake display |
33 | - stevesk@cvs.openbsd.org 2002/08/12 17:30:35 | ||
34 | [ssh.1 sshd.8 sshd_config.5] | ||
35 | more PermitUserEnvironment; ok markus@ | ||
33 | 36 | ||
34 | 20020813 | 37 | 20020813 |
35 | - (tim) [configure.ac] Display OpenSSL header/library version. | 38 | - (tim) [configure.ac] Display OpenSSL header/library version. |
@@ -1527,4 +1530,4 @@ | |||
1527 | - (stevesk) entropy.c: typo in debug message | 1530 | - (stevesk) entropy.c: typo in debug message |
1528 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 1531 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
1529 | 1532 | ||
1530 | $Id: ChangeLog,v 1.2422 2002/08/20 18:44:24 mouring Exp $ | 1533 | $Id: ChangeLog,v 1.2423 2002/08/20 18:54:20 mouring Exp $ |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.161 2002/08/02 16:00:07 marc Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.162 2002/08/12 17:30:35 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -744,9 +744,9 @@ and adds lines of the format | |||
744 | .Dq VARNAME=value | 744 | .Dq VARNAME=value |
745 | to the environment if the file exists and if users are allowed to | 745 | to the environment if the file exists and if users are allowed to |
746 | change their environment. | 746 | change their environment. |
747 | See | 747 | See the |
748 | .Cm PermitUserEnvironment | 748 | .Cm PermitUserEnvironment |
749 | in | 749 | option in |
750 | .Xr sshd_config 5 . | 750 | .Xr sshd_config 5 . |
751 | .Sh FILES | 751 | .Sh FILES |
752 | .Bl -tag -width Ds | 752 | .Bl -tag -width Ds |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.187 2002/08/02 16:00:07 marc Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.188 2002/08/12 17:30:35 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -351,9 +351,9 @@ Sets up basic environment. | |||
351 | Reads | 351 | Reads |
352 | .Pa $HOME/.ssh/environment | 352 | .Pa $HOME/.ssh/environment |
353 | if it exists and users are allowed to change their environment. | 353 | if it exists and users are allowed to change their environment. |
354 | See | 354 | See the |
355 | .Cm PermitUserEnvironment | 355 | .Cm PermitUserEnvironment |
356 | in | 356 | option in |
357 | .Xr sshd_config 5 . | 357 | .Xr sshd_config 5 . |
358 | .It | 358 | .It |
359 | Changes to user's home directory. | 359 | Changes to user's home directory. |
@@ -462,6 +462,10 @@ logging in using this key. | |||
462 | Environment variables set this way | 462 | Environment variables set this way |
463 | override other default environment values. | 463 | override other default environment values. |
464 | Multiple options of this type are permitted. | 464 | Multiple options of this type are permitted. |
465 | Environment processing is disabled by default and is | ||
466 | controlled via the | ||
467 | .Cm PermitUserEnvironment | ||
468 | option. | ||
465 | This option is automatically disabled if | 469 | This option is automatically disabled if |
466 | .Cm UseLogin | 470 | .Cm UseLogin |
467 | is enabled. | 471 | is enabled. |
@@ -702,6 +706,10 @@ It can only contain empty lines, comment lines (that start with | |||
702 | and assignment lines of the form name=value. | 706 | and assignment lines of the form name=value. |
703 | The file should be writable | 707 | The file should be writable |
704 | only by the user; it need not be readable by anyone else. | 708 | only by the user; it need not be readable by anyone else. |
709 | Environment processing is disabled by default and is | ||
710 | controlled via the | ||
711 | .Cm PermitUserEnvironment | ||
712 | option. | ||
705 | .It Pa $HOME/.ssh/rc | 713 | .It Pa $HOME/.ssh/rc |
706 | If this file exists, it is run with /bin/sh after reading the | 714 | If this file exists, it is run with /bin/sh after reading the |
707 | environment files but before starting the user's shell or command. | 715 | environment files but before starting the user's shell or command. |
diff --git a/sshd_config.5 b/sshd_config.5 index fcebbede9..0c799bfe8 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.8 2002/08/09 17:41:12 stevesk Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.9 2002/08/12 17:30:35 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -468,18 +468,17 @@ root is not allowed to login. | |||
468 | .It Cm PermitUserEnvironment | 468 | .It Cm PermitUserEnvironment |
469 | Specifies whether | 469 | Specifies whether |
470 | .Pa ~/.ssh/environment | 470 | .Pa ~/.ssh/environment |
471 | is read by | 471 | and |
472 | .Nm sshd | ||
473 | and whether | ||
474 | .Cm environment= | 472 | .Cm environment= |
475 | options in | 473 | options in |
476 | .Pa ~/.ssh/authorized_keys | 474 | .Pa ~/.ssh/authorized_keys |
477 | files are permitted. | 475 | are processed by |
476 | .Nm sshd . | ||
478 | The default is | 477 | The default is |
479 | .Dq no . | 478 | .Dq no . |
480 | This option is useful for locked-down installations where | 479 | Enabling environment processing may enable users to bypass access |
481 | .Ev LD_PRELOAD | 480 | restrictions in some configurations using mechanisms such as |
482 | and suchlike can cause security problems. | 481 | .Ev LD_PRELOAD . |
483 | .It Cm PidFile | 482 | .It Cm PidFile |
484 | Specifies the file that contains the process ID of the | 483 | Specifies the file that contains the process ID of the |
485 | .Nm sshd | 484 | .Nm sshd |