2 files changed, 56 insertions, 45 deletions
diff --git a/ChangeLog b/ChangeLog
index 4c24caccd..27bdea89a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -119,6 +119,10 @@
   - jmc@cvs.openbsd.org 2006/02/16 09:05:34
     [sshd.8]
     sync some of the FILES entries w/ ssh.1;
+   - jmc@cvs.openbsd.org 2006/02/19 19:52:10
+     [sshd.8]
+     move the sshrc stuff out of FILES, and into its own section:
+     FILES is not a good place to document how stuff works;
 20060313
 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
@@ -4020,4 +4024,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.4173 2006/03/15 00:35:27 djm Exp $
+$Id: ChangeLog,v 1.4174 2006/03/15 00:35:54 djm Exp $
diff --git a/sshd.8 b/sshd.8
index 6d79f175c..6df9d8aab 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -370,9 +370,54 @@ The
 .Dq rc
 files are given the X11
 authentication protocol and cookie in standard input.
+See
+.Sx SSHRC ,
+below.
 .It
 Runs user's shell or command.
 .El
+.Sh SSHRC
+If the file
+.Pa ~/.ssh/rc
+exists,
+.Xr sh 1
+runs it after reading the
+environment files but before starting the user's shell or command.
+It must not produce any output on stdout; stderr must be used
+instead.
+If X11 forwarding is in use, it will receive the "proto cookie" pair in
+its standard input (and
+.Ev DISPLAY
+in its environment).
+The script must call
+.Xr xauth 1
+because
+.Nm
+will not run xauth automatically to add X11 cookies.
+.Pp
+The primary purpose of this file is to run any initialization routines
+which may be needed before the user's home directory becomes
+accessible; AFS is a particular example of such an environment.
+.Pp
+This file will probably contain some initialization code followed by
+something similar to:
+.Bd -literal -offset 3n
+if read proto cookie && [ -n "$DISPLAY" ]; then
+        if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
+                # X11UseLocalhost=yes
+                echo add unix:`echo $DISPLAY |
+                    cut -c11-` $proto $cookie
+        else
+                # X11UseLocalhost=no
+                echo add $DISPLAY $proto $cookie
+        fi | xauth -q -
+fi
+.Ed
+.Pp
+If this file does not exist,
+.Pa /etc/ssh/sshrc
+is run, and if that
+does not exist either, xauth is used to add the cookie.
 .Sh AUTHORIZED_KEYS FILE FORMAT
 .Cm AuthorizedKeysFile
 specifies the file containing public keys for
@@ -651,46 +696,8 @@ This file should be writable only by root/the owner and
 can, but need not be, world-readable.
 .Pp
 .It ~/.ssh/rc
-If this file exists, it is run with
+Contains initialization routines to be run before
-.Pa /bin/sh
+the user's home directory becomes accessible.
-after reading the
-environment files but before starting the user's shell or command.
-It must not produce any output on stdout; stderr must be used
-instead.
-If X11 forwarding is in use, it will receive the "proto cookie" pair in
-its standard input (and
-.Ev DISPLAY
-in its environment).
-The script must call
-.Xr xauth 1
-because
-.Nm
-will not run xauth automatically to add X11 cookies.
-.Pp
-The primary purpose of this file is to run any initialization routines
-which may be needed before the user's home directory becomes
-accessible; AFS is a particular example of such an environment.
-.Pp
-This file will probably contain some initialization code followed by
-something similar to:
-.Bd -literal
-if read proto cookie && [ -n "$DISPLAY" ]; then
-        if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
-                # X11UseLocalhost=yes
-                echo add unix:`echo $DISPLAY |
-                    cut -c11-` $proto $cookie
-        else
-                # X11UseLocalhost=no
-                echo add $DISPLAY $proto $cookie
-        fi | xauth -q -
-fi
-.Ed
-.Pp
-If this file does not exist,
-.Pa /etc/ssh/sshrc
-is run, and if that
-does not exist either, xauth is used to add the cookie.
-.Pp
 This file should be writable only by the user, and need not be
 readable by anyone else.
 .Pp
@@ -802,9 +809,9 @@ The file format and configuration options are described in
 .Xr sshd_config 5 .
 .Pp
 .It /etc/ssh/sshrc
-Like
+Similar to
-.Pa ~/.ssh/rc .
+.Pa ~/.ssh/rc ,
-This can be used to specify
+it can be used to specify
 machine-specific login-time initializations globally.
 This file should be writable only by root, and should be world-readable.
 .Pp

diff --git a/ChangeLog b/ChangeLog index 4c24caccd..27bdea89a 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -119,6 +119,10 @@
119	- jmc@cvs.openbsd.org 2006/02/16 09:05:34	119	- jmc@cvs.openbsd.org 2006/02/16 09:05:34
120	[sshd.8]	120	[sshd.8]
121	sync some of the FILES entries w/ ssh.1;	121	sync some of the FILES entries w/ ssh.1;
		122	- jmc@cvs.openbsd.org 2006/02/19 19:52:10
		123	[sshd.8]
		124	move the sshrc stuff out of FILES, and into its own section:
		125	FILES is not a good place to document how stuff works;
122		126
123	20060313	127	20060313
124	- (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)	128	- (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
@@ -4020,4 +4024,4 @@
4020	- (djm) Trim deprecated options from INSTALL. Mention UsePAM	4024	- (djm) Trim deprecated options from INSTALL. Mention UsePAM
4021	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu	4025	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
4022		4026
4023	$Id: ChangeLog,v 1.4173 2006/03/15 00:35:27 djm Exp $	4027	$Id: ChangeLog,v 1.4174 2006/03/15 00:35:54 djm Exp $


diff --git a/sshd.8 b/sshd.8 index 6d79f175c..6df9d8aab 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $	37	.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
@@ -370,9 +370,54 @@ The
370	.Dq rc	370	.Dq rc
371	files are given the X11	371	files are given the X11
372	authentication protocol and cookie in standard input.	372	authentication protocol and cookie in standard input.
		373	See
		374	.Sx SSHRC ,
		375	below.
373	.It	376	.It
374	Runs user's shell or command.	377	Runs user's shell or command.
375	.El	378	.El
		379	.Sh SSHRC
		380	If the file
		381	.Pa ~/.ssh/rc
		382	exists,
		383	.Xr sh 1
		384	runs it after reading the
		385	environment files but before starting the user's shell or command.
		386	It must not produce any output on stdout; stderr must be used
		387	instead.
		388	If X11 forwarding is in use, it will receive the "proto cookie" pair in
		389	its standard input (and
		390	.Ev DISPLAY
		391	in its environment).
		392	The script must call
		393	.Xr xauth 1
		394	because
		395	.Nm
		396	will not run xauth automatically to add X11 cookies.
		397	.Pp
		398	The primary purpose of this file is to run any initialization routines
		399	which may be needed before the user's home directory becomes
		400	accessible; AFS is a particular example of such an environment.
		401	.Pp
		402	This file will probably contain some initialization code followed by
		403	something similar to:
		404	.Bd -literal -offset 3n
		405	if read proto cookie && [ -n "$DISPLAY" ]; then
		406	if [ `echo $DISPLAY \| cut -c1-10` = 'localhost:' ]; then
		407	# X11UseLocalhost=yes
		408	echo add unix:`echo $DISPLAY \|
		409	cut -c11-` $proto $cookie
		410	else
		411	# X11UseLocalhost=no
		412	echo add $DISPLAY $proto $cookie
		413	fi \| xauth -q -
		414	fi
		415	.Ed
		416	.Pp
		417	If this file does not exist,
		418	.Pa /etc/ssh/sshrc
		419	is run, and if that
		420	does not exist either, xauth is used to add the cookie.
376	.Sh AUTHORIZED_KEYS FILE FORMAT	421	.Sh AUTHORIZED_KEYS FILE FORMAT
377	.Cm AuthorizedKeysFile	422	.Cm AuthorizedKeysFile
378	specifies the file containing public keys for	423	specifies the file containing public keys for
@@ -651,46 +696,8 @@ This file should be writable only by root/the owner and
651	can, but need not be, world-readable.	696	can, but need not be, world-readable.
652	.Pp	697	.Pp
653	.It ~/.ssh/rc	698	.It ~/.ssh/rc
654	If this file exists, it is run with	699	Contains initialization routines to be run before
655	.Pa /bin/sh	700	the user's home directory becomes accessible.
656	after reading the
657	environment files but before starting the user's shell or command.
658	It must not produce any output on stdout; stderr must be used
659	instead.
660	If X11 forwarding is in use, it will receive the "proto cookie" pair in
661	its standard input (and
662	.Ev DISPLAY
663	in its environment).
664	The script must call
665	.Xr xauth 1
666	because
667	.Nm
668	will not run xauth automatically to add X11 cookies.
669	.Pp
670	The primary purpose of this file is to run any initialization routines
671	which may be needed before the user's home directory becomes
672	accessible; AFS is a particular example of such an environment.
673	.Pp
674	This file will probably contain some initialization code followed by
675	something similar to:
676	.Bd -literal
677	if read proto cookie && [ -n "$DISPLAY" ]; then
678	if [ `echo $DISPLAY \| cut -c1-10` = 'localhost:' ]; then
679	# X11UseLocalhost=yes
680	echo add unix:`echo $DISPLAY \|
681	cut -c11-` $proto $cookie
682	else
683	# X11UseLocalhost=no
684	echo add $DISPLAY $proto $cookie
685	fi \| xauth -q -
686	fi
687	.Ed
688	.Pp
689	If this file does not exist,
690	.Pa /etc/ssh/sshrc
691	is run, and if that
692	does not exist either, xauth is used to add the cookie.
693	.Pp
694	This file should be writable only by the user, and need not be	701	This file should be writable only by the user, and need not be
695	readable by anyone else.	702	readable by anyone else.
696	.Pp	703	.Pp
@@ -802,9 +809,9 @@ The file format and configuration options are described in
802	.Xr sshd_config 5 .	809	.Xr sshd_config 5 .
803	.Pp	810	.Pp
804	.It /etc/ssh/sshrc	811	.It /etc/ssh/sshrc
805	Like	812	Similar to
806	.Pa ~/.ssh/rc .	813	.Pa ~/.ssh/rc ,
807	This can be used to specify	814	it can be used to specify
808	machine-specific login-time initializations globally.	815	machine-specific login-time initializations globally.
809	This file should be writable only by root, and should be world-readable.	816	This file should be writable only by root, and should be world-readable.
810	.Pp	817	.Pp