From 3575f0b12afe6b561681582fd3c34067d1196231 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Tue, 2 May 2017 08:54:19 +0000
Subject: upstream commit

remove -1 / -2 options; pointed out by jmc@

Upstream-ID: 65d2a816000741a95df1c7cfdb5fa8469fcc7daa
---
 sftp.1 | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

(limited to 'sftp.1')

diff --git a/sftp.1 b/sftp.1
index fbdd00a1e..05e008c52 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.105 2016/07/16 06:57:55 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.106 2017/05/02 08:54:19 djm Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 16 2016 $
+.Dd $Mdocdate: May 2 2017 $
 .Dt SFTP 1
 .Os
 .Sh NAME
@@ -31,7 +31,7 @@
 .Sh SYNOPSIS
 .Nm sftp
 .Bk -words
-.Op Fl 1246aCfpqrv
+.Op Fl 46aCfpqrv
 .Op Fl B Ar buffer_size
 .Op Fl b Ar batchfile
 .Op Fl c Ar cipher
@@ -95,10 +95,6 @@ names, IPv6 addresses must be enclosed in square brackets to avoid ambiguity.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
-.It Fl 1
-Specify the use of protocol version 1.
-.It Fl 2
-Specify the use of protocol version 2.
 .It Fl 4
 Forces
 .Nm
-- 
cgit v1.2.3


From d852603214defd93e054de2877b20cc79c19d0c6 Mon Sep 17 00:00:00 2001
From: "jmc@openbsd.org" <jmc@openbsd.org>
Date: Tue, 2 May 2017 13:44:51 +0000
Subject: upstream commit

remove now obsolete protocol1 options from the -o
lists;

Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd
---
 scp.1  | 10 ++--------
 sftp.1 |  8 +-------
 ssh.1  |  6 ++----
 3 files changed, 5 insertions(+), 19 deletions(-)

(limited to 'sftp.1')

diff --git a/scp.1 b/scp.1
index 0431c7807..9b5229ab1 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.72 2017/04/30 23:28:12 djm Exp $
+.\" $OpenBSD: scp.1,v 1.73 2017/05/02 13:44:51 jmc Exp $
 .\"
-.Dd $Mdocdate: April 30 2017 $
+.Dd $Mdocdate: May 2 2017 $
 .Dt SCP 1
 .Os
 .Sh NAME
@@ -128,11 +128,8 @@ For full details of the options listed below, and their possible values, see
 .It CertificateFile
 .It ChallengeResponseAuthentication
 .It CheckHostIP
-.It Cipher
 .It Ciphers
 .It Compression
-.It CompressionLevel
-.It ConnectionAttempts
 .It ConnectTimeout
 .It ControlMaster
 .It ControlPath
@@ -162,14 +159,11 @@ For full details of the options listed below, and their possible values, see
 .It PKCS11Provider
 .It Port
 .It PreferredAuthentications
-.It Protocol
 .It ProxyCommand
 .It ProxyJump
 .It PubkeyAcceptedKeyTypes
 .It PubkeyAuthentication
 .It RekeyLimit
-.It RhostsRSAAuthentication
-.It RSAAuthentication
 .It SendEnv
 .It ServerAliveInterval
 .It ServerAliveCountMax
diff --git a/sftp.1 b/sftp.1
index 05e008c52..ec9d6ff67 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.106 2017/05/02 08:54:19 djm Exp $
+.\" $OpenBSD: sftp.1,v 1.107 2017/05/02 13:44:51 jmc Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -197,11 +197,8 @@ For full details of the options listed below, and their possible values, see
 .It CertificateFile
 .It ChallengeResponseAuthentication
 .It CheckHostIP
-.It Cipher
 .It Ciphers
 .It Compression
-.It CompressionLevel
-.It ConnectionAttempts
 .It ConnectTimeout
 .It ControlMaster
 .It ControlPath
@@ -231,13 +228,10 @@ For full details of the options listed below, and their possible values, see
 .It PKCS11Provider
 .It Port
 .It PreferredAuthentications
-.It Protocol
 .It ProxyCommand
 .It ProxyJump
 .It PubkeyAuthentication
 .It RekeyLimit
-.It RhostsRSAAuthentication
-.It RSAAuthentication
 .It SendEnv
 .It ServerAliveInterval
 .It ServerAliveCountMax
diff --git a/ssh.1 b/ssh.1
index 325742f98..7ef599028 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.377 2017/04/30 23:18:22 djm Exp $
-.Dd $Mdocdate: April 30 2017 $
+.\" $OpenBSD: ssh.1,v 1.378 2017/05/02 13:44:51 jmc Exp $
+.Dd $Mdocdate: May 2 2017 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -466,11 +466,9 @@ For full details of the options listed below, and their possible values, see
 .It CertificateFile
 .It ChallengeResponseAuthentication
 .It CheckHostIP
-.It Cipher
 .It Ciphers
 .It ClearAllForwardings
 .It Compression
-.It ConnectionAttempts
 .It ConnectTimeout
 .It ControlMaster
 .It ControlPath
-- 
cgit v1.2.3


From 42b690b4fd0faef78c4d68225948b6e5c46c5163 Mon Sep 17 00:00:00 2001
From: "jmc@openbsd.org" <jmc@openbsd.org>
Date: Tue, 2 May 2017 14:06:37 +0000
Subject: upstream commit

add PubKeyAcceptedKeyTypes to the -o list: scp(1) has
it, so i guess this should too;

Upstream-ID: 7fab32e869ca5831d09ab0c40d210b461d527a2c
---
 sftp.1 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'sftp.1')

diff --git a/sftp.1 b/sftp.1
index ec9d6ff67..fc5e00503 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.107 2017/05/02 13:44:51 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.108 2017/05/02 14:06:37 jmc Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -230,6 +230,7 @@ For full details of the options listed below, and their possible values, see
 .It PreferredAuthentications
 .It ProxyCommand
 .It ProxyJump
+.It PubkeyAcceptedKeyTypes
 .It PubkeyAuthentication
 .It RekeyLimit
 .It SendEnv
-- 
cgit v1.2.3


From 2b6f799e9b230cf13a7eefc05ecead7d8569d6b5 Mon Sep 17 00:00:00 2001
From: "jmc@openbsd.org" <jmc@openbsd.org>
Date: Wed, 3 May 2017 06:32:02 +0000
Subject: upstream commit

more protocol 1 stuff to go; ok djm

Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
---
 sftp.1       |  8 +++-----
 ssh-add.1    |  9 +++------
 ssh-keygen.1 | 37 +++++--------------------------------
 ssh.1        |  6 ++----
 4 files changed, 13 insertions(+), 47 deletions(-)

(limited to 'sftp.1')

diff --git a/sftp.1 b/sftp.1
index fc5e00503..5dce807f6 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.108 2017/05/02 14:06:37 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.109 2017/05/03 06:32:02 jmc Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 2 2017 $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SFTP 1
 .Os
 .Sh NAME
@@ -273,9 +273,7 @@ options.
 .It Fl s Ar subsystem | sftp_server
 Specifies the SSH2 subsystem or the path for an sftp server
 on the remote host.
-A path is useful for using
-.Nm
-over protocol version 1, or when the remote
+A path is useful when the remote
 .Xr sshd 8
 does not have an sftp subsystem configured.
 .It Fl v
diff --git a/ssh-add.1 b/ssh-add.1
index f02b595d5..38631f858 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-add.1,v 1.62 2015/03/30 18:28:37 jmc Exp $
+.\"	$OpenBSD: ssh-add.1,v 1.63 2017/05/03 06:32:02 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 30 2015 $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
@@ -59,9 +59,8 @@ When run without arguments, it adds the files
 .Pa ~/.ssh/id_rsa ,
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_ed25519
 and
-.Pa ~/.ssh/identity .
+.Pa ~/.ssh/id_ed25519 .
 After loading a private key,
 .Nm
 will try to load corresponding certificate information from the
@@ -174,8 +173,6 @@ socket used to communicate with the agent.
 .El
 .Sh FILES
 .Bl -tag -width Ds
-.It Pa ~/.ssh/identity
-Contains the protocol version 1 RSA authentication identity of the user.
 .It Pa ~/.ssh/id_dsa
 Contains the protocol version 2 DSA authentication identity of the user.
 .It Pa ~/.ssh/id_ecdsa
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 624995617..d8ae3fada 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.139 2017/05/02 17:04:09 jmc Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.140 2017/05/03 06:32:02 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 2 2017 $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -141,11 +141,7 @@
 generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
-can create keys for use by SSH protocol versions 1 and 2.
-Protocol 1 should not be used
-and is only offered to support legacy devices.
-It suffers from a number of cryptographic weaknesses
-and doesn't support many of the advanced features available for protocol 2.
+can create keys for use by SSH protocol version 2.
 .Pp
 The type of key to be generated is specified with the
 .Fl t
@@ -172,7 +168,6 @@ section for details.
 Normally each user wishing to use SSH
 with public key authentication runs this once to create the authentication
 key in
-.Pa ~/.ssh/identity ,
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_ed25519
@@ -231,16 +226,14 @@ This is used by
 .Pa /etc/rc
 to generate new host keys.
 .It Fl a Ar rounds
-When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
-2 key when the
+When saving a new-format private key (i.e. an ed25519 key or when the
 .Fl o
 flag is set), this option specifies the number of KDF (key derivation function)
 rounds used.
 Higher numbers result in slower passphrase verification and increased
 resistance to brute-force password cracking (should the keys be stolen).
 .Pp
-When screening DH-GEX candidates (
-using the
+When screening DH-GEX candidates (using the
 .Fl T
 command).
 This option specifies the number of primality tests to perform.
@@ -819,26 +812,6 @@ will exit with a non-zero exit status.
 A zero exit status will only be returned if no key was revoked.
 .Sh FILES
 .Bl -tag -width Ds -compact
-.It Pa ~/.ssh/identity
-Contains the protocol version 1 RSA authentication identity of the user.
-This file should not be readable by anyone but the user.
-It is possible to
-specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 3DES.
-This file is not automatically accessed by
-.Nm
-but it is offered as the default file for the private key.
-.Xr ssh 1
-will read this file when a login attempt is made.
-.Pp
-.It Pa ~/.ssh/identity.pub
-Contains the protocol version 1 RSA public key for authentication.
-The contents of this file should be added to
-.Pa ~/.ssh/authorized_keys
-on all machines
-where the user wishes to log in using RSA authentication.
-There is no need to keep the contents of this file secret.
-.Pp
 .It Pa ~/.ssh/id_dsa
 .It Pa ~/.ssh/id_ecdsa
 .It Pa ~/.ssh/id_ed25519
diff --git a/ssh.1 b/ssh.1
index 7ef599028..b9a85aff9 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.378 2017/05/02 13:44:51 jmc Exp $
-.Dd $Mdocdate: May 2 2017 $
+.\" $OpenBSD: ssh.1,v 1.379 2017/05/03 06:32:02 jmc Exp $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -1441,7 +1441,6 @@ Contains additional definitions for environment variables; see
 .Sx ENVIRONMENT ,
 above.
 .Pp
-.It Pa ~/.ssh/identity
 .It Pa ~/.ssh/id_dsa
 .It Pa ~/.ssh/id_ecdsa
 .It Pa ~/.ssh/id_ed25519
@@ -1456,7 +1455,6 @@ It is possible to specify a passphrase when
 generating the key which will be used to encrypt the
 sensitive part of this file using 3DES.
 .Pp
-.It Pa ~/.ssh/identity.pub
 .It Pa ~/.ssh/id_dsa.pub
 .It Pa ~/.ssh/id_ecdsa.pub
 .It Pa ~/.ssh/id_ed25519.pub
-- 
cgit v1.2.3


From 9a82e24b986e3e0dc70849dbb2c19aa6c707b37f Mon Sep 17 00:00:00 2001
From: "naddy@openbsd.org" <naddy@openbsd.org>
Date: Wed, 3 May 2017 21:49:18 +0000
Subject: upstream commit

restore mistakenly deleted description of the
ConnectionAttempts option ok markus@

Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348
---
 scp.1        | 5 +++--
 sftp.1       | 3 ++-
 ssh.1        | 3 ++-
 ssh_config.5 | 7 ++++++-
 4 files changed, 13 insertions(+), 5 deletions(-)

(limited to 'sftp.1')

diff --git a/scp.1 b/scp.1
index 9b5229ab1..76ce33361 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.73 2017/05/02 13:44:51 jmc Exp $
+.\" $OpenBSD: scp.1,v 1.74 2017/05/03 21:49:18 naddy Exp $
 .\"
-.Dd $Mdocdate: May 2 2017 $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SCP 1
 .Os
 .Sh NAME
@@ -130,6 +130,7 @@ For full details of the options listed below, and their possible values, see
 .It CheckHostIP
 .It Ciphers
 .It Compression
+.It ConnectionAttempts
 .It ConnectTimeout
 .It ControlMaster
 .It ControlPath
diff --git a/sftp.1 b/sftp.1
index 5dce807f6..c218376fb 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.109 2017/05/03 06:32:02 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.110 2017/05/03 21:49:18 naddy Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -199,6 +199,7 @@ For full details of the options listed below, and their possible values, see
 .It CheckHostIP
 .It Ciphers
 .It Compression
+.It ConnectionAttempts
 .It ConnectTimeout
 .It ControlMaster
 .It ControlPath
diff --git a/ssh.1 b/ssh.1
index b9a85aff9..1c5ad7417 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.379 2017/05/03 06:32:02 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.380 2017/05/03 21:49:18 naddy Exp $
 .Dd $Mdocdate: May 3 2017 $
 .Dt SSH 1
 .Os
@@ -469,6 +469,7 @@ For full details of the options listed below, and their possible values, see
 .It Ciphers
 .It ClearAllForwardings
 .It Compression
+.It ConnectionAttempts
 .It ConnectTimeout
 .It ControlMaster
 .It ControlPath
diff --git a/ssh_config.5 b/ssh_config.5
index e8e51d2cb..68fd028e5 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.246 2017/05/03 21:08:09 naddy Exp $
+.\" $OpenBSD: ssh_config.5,v 1.247 2017/05/03 21:49:18 naddy Exp $
 .Dd $Mdocdate: May 3 2017 $
 .Dt SSH_CONFIG 5
 .Os
@@ -455,6 +455,11 @@ The argument must be
 or
 .Cm no
 (the default).
+.It Cm ConnectionAttempts
+Specifies the number of tries (one per second) to make before exiting.
+The argument must be an integer.
+This may be useful in scripts if the connection sometimes fails.
+The default is 1.
 .It Cm ConnectTimeout
 Specifies the timeout (in seconds) used when connecting to the
 SSH server, instead of using the default system TCP timeout.
-- 
cgit v1.2.3