From c47d7e9e1905adbef3489cc2bbdceda02d212f7e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:27:20 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/09 10:10:47 [sshd.8] - move some text into a CAVEATS section - merge the COMMAND EXECUTION... section into AUTHENTICATION --- ChangeLog | 6 +++++- sshd.8 | 26 +++++++++++++------------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 91846668f..10bf3c86f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,10 @@ [includes.h] #include not needed; ok djm@ NB. ID Sync only - we still need this (but it may move later) + - jmc@cvs.openbsd.org 2006/02/09 10:10:47 + [sshd.8] + - move some text into a CAVEATS section + - merge the COMMAND EXECUTION... section into AUTHENTICATION 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3955,4 +3959,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4155 2006/03/15 00:26:55 djm Exp $ +$Id: ChangeLog,v 1.4156 2006/03/15 00:27:20 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 51d339b65..e884e2b09 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.215 2006/02/01 09:11:41 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.216 2006/02/09 10:10:47 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -308,17 +308,6 @@ or .Ql \&*NP\&* ). .Pp -System security is not improved unless -.Nm rshd , -.Nm rlogind , -and -.Nm rexecd -are disabled (thus completely disabling -.Xr rlogin -and -.Xr rsh -into the machine). -.Sh COMMAND EXECUTION AND DATA FORWARDING If the client successfully authenticates itself, a dialog for preparing the session is entered. At this time the client may request @@ -326,7 +315,7 @@ things like allocating a pseudo-tty, forwarding X11 connections, forwarding TCP connections, or forwarding the authentication agent connection over the secure channel. .Pp -Finally, the client either requests a shell or execution of a command. +After this, the client either requests a shell or execution of a command. The sides then enter session mode. In this mode, either side may send data at any time, and such data is forwarded to/from the shell or @@ -867,3 +856,14 @@ Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. +.Sh CAVEATS +System security is not improved unless +.Nm rshd , +.Nm rlogind , +and +.Nm rexecd +are disabled (thus completely disabling +.Xr rlogin +and +.Xr rsh +into the machine). -- cgit v1.2.3