Age | Commit message (Collapse) | Author |
|
[ssh.1 ssh.c]
Add -y option to force logging via syslog rather than stderr.
Useful for daemonised ssh connection (ssh -f). Patch originally from
and ok'd by markus@
|
|
[ssh.1 ssh.c]
When forking after authentication ("ssh -f") with ExitOnForwardFailure
enabled, delay the fork until after replies for any -R forwards have
been seen. Allows for robust detection of -R forward failure when
using -f (similar to bz#92); ok dtucker@
|
|
[ssh.1]
add VisualHostKey to the list of options listed in -o;
|
|
[readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
Move SSH Fingerprint Visualization away from sharing the config option
CheckHostIP to an own config option named VisualHostKey.
While there, fix the behaviour that ssh would draw a random art picture
on every newly seen host even when the option was not enabled.
prodded by deraadt@, discussions,
help and ok markus@ djm@ dtucker@
|
|
[ssh.1]
Explain the use of SSH fpr visualization using random art, and cite the
original scientific paper inspiring that technique.
Much help with English and nroff by jmc@, thanks.
|
|
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
|
|
[ssh.1 sshd.8]
Document the correct permissions for the ~/.ssh/ directory.
ok jmc
|
|
[ssh.1]
satisfy the pedants: -q does not suppress all diagnostic messages (e.g.
some commandline parsing warnings go unconditionally to stdout).
|
|
[ssh.1]
add -K to SYNOPSIS;
|
|
[ssh.c ssh.1]
Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
and is useful for hosts with /home on Kerberised NFS; bz #1312
patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
|
|
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
[ssh_config.5 sshd.8 sshd_config.5]
Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
compared to hmac-md5. Represents a different approach to message
authentication to that of HMAC that may be beneficial if HMAC based on
one of its underlying hash algorithms is found to be vulnerable to a
new attack. http://www.ietf.org/rfc/rfc4418.txt
in conjunction with and OK djm@
|
|
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
convert to new .Dd format;
(We will need to teach mdoc2man.awk to understand this too.)
|
|
[ssh-keygen.1 ssh.1]
add rfc 4716 (public key format); ok jmc
|
|
- otto@cvs.openbsd.org 2006/10/28 18:08:10
[ssh.1]
correct/expand example of usage of -w; ok jmc@ stevesk@
|
|
[ssh-keyscan.1 ssh.1]
Change "a SSH" to "an SSH". Hurray, I'm not the only one who
pronounces "SSH" as "ess-ess-aich".
OK jmc@ and stevesk@.
|
|
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
channels.h readconf.c]
add ExitOnForwardFailure: terminate the connection if ssh(1)
cannot set up all requested dynamic, local, and remote port
forwardings. ok djm, dtucker, stevesk, jmc
|
|
[clientloop.c ssh.1]
use -KR[bind_address:]port here; ok djm@
|
|
[ssh.1 ssh.c ssh_config.5 sshd_config.5]
more details and clarity for tun(4) device forwarding; ok and help
jmc@
|
|
[ssh.1]
add GSSAPI to the list of authentication methods supported;
|
|
[ssh.1]
simplify SSHFP example; ok jmc@
|
|
[ssh.1]
Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs
that OpenSSH supports
|
|
[ssh.1 ssh_config.5 sshd.8 sshd_config.5]
more consistency fixes;
|
|
[ssh.1]
remove the IETF draft references and replace them with some updated RFCs;
|
|
[ssh.1]
make this a little less ambiguous...
|
|
[ssh.1]
- typo fix
ok jmc@
|
|
[ssh.1]
remove an incorrect sentence;
reported by roumen petrov;
ok djm markus
|
|
[ssh.1]
add a section on verifying host keys in dns;
written with a lot of help from jakob;
feedback dtucker/markus;
ok markus
|
|
[scp.1 ssh.1 ssh_config.5 sftp.1]
Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
#1056 with feedback from jmc, djm and markus; ok jmc@ djm@
|
|
[ssh.1]
add a section on ssh-based vpn, based on reyk's README.tun;
|
|
[ssh.1]
correction from deraadt
|
|
[ssh.1]
back out a sentence - AUTHENTICATION already documents this;
|
|
[ssh.1]
refer to `TCP' rather than `TCP/IP' in the context of connection
forwarding;
ok markus
|
|
[ssh.1]
split sections on tcp and x11 forwarding into two sections.
add an example in the tcp section, based on sth i wrote for ssh faq;
help + ok: djm markus dtucker
|
|
[ssh.1]
final round of whacking FILES for duplicate info, and some consistency
fixes;
ok djm
|
|
- jmc@cvs.openbsd.org 2006/01/06 13:27:32
[ssh.1]
weed out some duplicate info in the known_hosts FILES entries;
ok djm
|
|
[ssh.1]
-.Xr gzip 1 ,
|
|
[ssh.1]
+.Xr ssh-keyscan 1 ,
|
|
[ssh.1]
remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
|
|
[ssh.1]
chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
entries;
ok markus
|
|
[ssh.1]
tweak the description of ~/.ssh/environment
|
|
[ssh.1]
put FILES in some sort of order: sort by pathname
|
|
[ssh.1]
use a larger width for the ENVIRONMENT list;
|
|
[ssh.1]
move FILES to a -compact list, and make each files an item in that list.
this avoids nastly line wrap when we have long pathnames, and treats
each file as a separate item;
remove the .Pa too, since it is useless.
|
|
[ssh.1]
start to cut some duplicate info from FILES;
help/ok djm
|
|
[ssh.1]
.Nm does not require an argument;
|
|
[ssh.1]
clean up ENVIRONMENT a little;
|
|
- jmc@cvs.openbsd.org 2005/12/31 10:46:17
[ssh.1]
merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
AUTHENTICATION" sections into "AUTHENTICATION";
some rewording done to make the text read better, plus some
improvements from djm;
ok djm
|
|
[ssh.1]
document -MM; ok djm@
|
|
[ssh.1]
less mark up for -c;
|
|
[ssh.1]
- sync the description of -e w/ synopsis
- simplify the description of -I
- note that -I is only available if support compiled in, and that it
isn't by default
feedback/ok djm@
|