summaryrefslogtreecommitdiff
path: root/ssh.1
AgeCommit message (Collapse)Author
2015-10-06upstream commitjmc@openbsd.org
some certificatefile tweaks; ok djm Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0
2015-10-06upstream commitdjm@openbsd.org
add ssh_config CertificateFile option to explicitly list a certificate; patch from Meghana Bhat on bz#2436; ok markus@ Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
2015-09-16upstream commitdjm@openbsd.org
mention -Q key-plain and -Q key-cert; bz#2455 pointed out by Jakub Jelen Upstream-ID: c8f1f8169332e4fa73ac96b0043e3b84e01d4896
2015-07-21upstream commitmillert@openbsd.org
Move .Pp before .Bl, not after to quiet mandoc -Tlint. Noticed by jmc@ Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23
2015-07-21upstream commitmillert@openbsd.org
Better desciption of Unix domain socket forwarding. bz#2423; ok jmc@ Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d
2015-07-15upstream commitmarkus@openbsd.org
Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@ Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
2015-05-22upstream commitdjm@openbsd.org
mention ssh-keygen -E for comparing legacy MD5 fingerprints; bz#2332 Upstream-ID: 079a3669549041dbf10dbc072d9563f0dc3b2859
2015-05-08upstream commitdtucker@openbsd.org
Clarify pseudo-terminal request behaviour and use "pseudo-terminal" consistently. bz#1716, ok jmc@ "I like it" deraadt@.
2015-03-04upstream commitdjm@openbsd.org
Allow "ssh -Q protocol-version" to list supported SSH protocol versions. Useful for detecting builds without SSH v.1 support; idea and ok markus@
2015-01-30upstream commitdjm@openbsd.org
Add a ssh_config HostbasedKeyType option to control which host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
2015-01-27upstream commitdjm@openbsd.org
correct description of UpdateHostKeys in ssh_config.5 and add it to -o lists for ssh, scp and sftp; pointed out by jmc@
2015-01-09upstream commitjmc@openbsd.org
add fingerprinthash to the options list;
2014-12-22upstream commitdjm@openbsd.org
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
2014-10-20upstream commitjmc@openbsd.org
tweak previous;
2014-10-13upstream commitdjm@openbsd.org
Tweak config reparsing with host canonicalisation Make the second pass through the config files always run when hostname canonicalisation is enabled. Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T" Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored). bz#2267 bz#2286; ok markus
2014-10-13upstream commitsobrado@openbsd.org
improve capitalization for the Ed25519 public-key signature system. ok djm@
2014-07-30 - OpenBSD CVS SyncDamien Miller
- millert@cvs.openbsd.org 2014/07/24 22:57:10 [ssh.1] Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@
2014-07-18 - jmc@cvs.openbsd.org 2014/07/16 14:48:57Damien Miller
[ssh.1] add the streamlocal* options to ssh's -o list; millert says they're irrelevant for scp/sftp; ok markus millert
2014-07-03 - djm@cvs.openbsd.org 2014/07/03 05:38:17Damien Miller
[ssh.1] document that -g will only work in the multiplexed case if applied to the mux master
2014-04-20 - tedu@cvs.openbsd.org 2014/04/19 18:42:19Damien Miller
[ssh.1] delete .xr to hosts.equiv. there's still an unfortunate amount of documentation referring to rhosts equivalency in here.
2014-04-20 - tedu@cvs.openbsd.org 2014/03/17 19:44:10Damien Miller
[ssh.1] old descriptions of des and blowfish are old. maybe ok deraadt
2013-12-18 - naddy@cvs.openbsd.org 2013/12/07 11:58:46Damien Miller
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] [ssh_config.5 sshd.8 sshd_config.5] add missing mentions of ed25519; ok djm@
2013-12-05 - jmc@cvs.openbsd.org 2013/11/26 12:14:54Damien Miller
[ssh.1 ssh.c] - put -Q in the right place - Ar was a poor choice for the arguments to -Q. i've chosen an admittedly equally poor Cm, at least consistent with the rest of the docs. also no need for multiple instances - zap a now redundant Nm - usage() sync
2013-12-05 - deraadt@cvs.openbsd.org 2013/11/25 18:04:21Damien Miller
[ssh.1 ssh.c] improve -Q usage and such. One usage change is that the option is now case-sensitive ok dtucker markus djm
2013-11-21 - djm@cvs.openbsd.org 2013/11/21 00:45:44Damien Miller
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
2013-10-17 - djm@cvs.openbsd.org 2013/10/16 22:49:39Damien Miller
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5] s/canonicalise/canonicalize/ for consistency with existing spelling, e.g. authorized_keys; pointed out by naddy@
2013-10-17 - djm@cvs.openbsd.org 2013/10/16 02:31:47Damien Miller
[readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5] [sshconnect.c sshconnect.h] Implement client-side hostname canonicalisation to allow an explicit search path of domain suffixes to use to convert unqualified host names to fully-qualified ones for host key matching. This is particularly useful for host certificates, which would otherwise need to list unqualified names alongside fully-qualified ones (and this causes a number of problems). "looks fine" markus@
2013-10-17 - jmc@cvs.openbsd.org 2013/10/15 14:10:25Damien Miller
[ssh.1 ssh_config.5] tweak previous;
2013-08-21 - jmc@cvs.openbsd.org 2013/08/20 06:56:07Damien Miller
[ssh.1 ssh_config.5] some proxyusefdpass tweaks;
2013-08-21 - jmc@cvs.openbsd.org 2013/08/14 08:39:27Damien Miller
[scp.1 ssh.1] some Bx/Ox conversion; From: Jan Stary
2013-07-18 - djm@cvs.openbsd.org 2013/07/18 01:12:26Damien Miller
[ssh.1] be more exact wrt perms for ~/.ssh/config; bz#2078
2013-07-18 - jmc@cvs.openbsd.org 2013/06/27 14:05:37Damien Miller
[ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] do not use Sx for sections outwith the man page - ingo informs me that stuff like html will render with broken links; issue reported by Eric S. Raymond, via djm
2013-04-23 - djm@cvs.openbsd.org 2013/04/19 01:06:50Damien Miller
[authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c] [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c] add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
2013-04-23 - dtucker@cvs.openbsd.org 2013/04/07 02:10:33Damien Miller
[log.c log.h ssh.1 ssh.c sshd.8 sshd.c] Add -E option to ssh and sshd to append debugging logs to a specified file instead of stderr or syslog. ok markus@, man page help jmc@
2012-10-05 - markus@cvs.openbsd.org 2012/10/04 13:21:50Darren Tucker
[myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c] add umac128 variant; ok djm@ at n2k12 (note: further Makefile work is required)
2012-10-05 - jmc@cvs.openbsd.org 2012/09/26 16:12:13Darren Tucker
[ssh.1] last stage of rfc changes, using consistent Rs/Re blocks, and moving the references into a STANDARDS section;
2012-09-07 - jmc@cvs.openbsd.org 2012/09/06 13:57:42Darren Tucker
[ssh.1] missing letter in previous;
2012-09-06 - dtucker@cvs.openbsd.org 2012/09/06 04:37:39Darren Tucker
[clientloop.c log.c ssh.1 log.h] Add ~v and ~V escape sequences to raise and lower the logging level respectively. Man page help from jmc, ok deraadt jmc
2012-06-20 - dtucker@cvs.openbsd.org 2012/06/18 12:17:18Damien Miller
[ssh.1] Clarify description of -W. Noted by Steve.McClellan at radisys com, ok jmc
2012-06-20 - dtucker@cvs.openbsd.org 2012/06/18 12:07:07Damien Miller
[ssh.1 sshd.8] Remove mention of 'three' key files since there are now four. From Steve.McClellan at radisys com.
2012-04-22 - jmc@cvs.openbsd.org 2012/04/20 16:26:22Damien Miller
[ssh.1] use "brackets" instead of "braces", for consistency;
2011-09-22 - okan@cvs.openbsd.org 2011/09/11 06:59:05Damien Miller
[ssh.1] document new -O cancel command; ok djm@
2011-09-22 - markus@cvs.openbsd.org 2011/09/10 22:26:34Damien Miller
[channels.c channels.h clientloop.c ssh.1] support cancellation of local/dynamic forwardings from ~C commandline; ok & feedback djm@
2011-09-22 - djm@cvs.openbsd.org 2011/08/26 01:45:15Damien Miller
[ssh.1] Add some missing ssh_config(5) options that can be used in ssh(1)'s -o argument. Patch from duclare AT guu.fi
2011-08-06 - djm@cvs.openbsd.org 2011/08/02 01:22:11Damien Miller
[mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] Add new SHA256 and SHA512 based HMAC modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt Patch from mdb AT juniper.net; feedback and ok markus@
2011-05-15 - jmc@cvs.openbsd.org 2011/05/07 23:20:25Damien Miller
[ssh.1] +.It RequestTTY
2011-05-05 - djm@cvs.openbsd.org 2011/04/18 00:46:05Damien Miller
[ssh-keygen.c] certificate options are supposed to be packed in lexical order of option name (though we don't actually enforce this at present). Move one up that was out of sequence
2011-05-05 - djm@cvs.openbsd.org 2011/04/17 22:42:42Damien Miller
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests; ok markus@
2010-11-20 - jmc@cvs.openbsd.org 2010/11/18 15:01:00Damien Miller
[scp.1 sftp.1 ssh.1 sshd_config.5] add IPQoS to the various -o lists, and zap some trailing whitespace;
2010-11-05 - jmc@cvs.openbsd.org 2010/10/28 18:33:28Damien Miller
[scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] knock out some "-*- nroff -*-" lines;