From 1f20394e92afa417c1201506f9ae8683170ac496 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 15 Oct 2003 15:50:42 +1000 Subject: - jmc@cvs.openbsd.org 2003/10/08 08:27:36 [scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8] scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8) ok deraadt@ markus@ --- sftp.1 | 142 +++++++++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 98 insertions(+), 44 deletions(-) (limited to 'sftp.1') diff --git a/sftp.1 b/sftp.1 index 753a4f2b9..05b972e46 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.45 2003/09/02 18:50:06 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.46 2003/10/08 08:27:36 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -31,15 +31,15 @@ .Sh SYNOPSIS .Nm sftp .Bk -words -.Op Fl vC1 -.Op Fl b Ar batchfile -.Op Fl o Ar ssh_option -.Op Fl s Ar subsystem | sftp_server +.Op Fl 1Cv .Op Fl B Ar buffer_size +.Op Fl b Ar batchfile .Op Fl F Ar ssh_config -.Op Fl P Ar sftp_server path +.Op Fl o Ar ssh_option +.Op Fl P Ar sftp_server_path .Op Fl R Ar num_requests .Op Fl S Ar program +.Op Fl s Ar subsystem | sftp_server .Ar host .Ek .Nm sftp @@ -84,6 +84,15 @@ and for details). The options are as follows: .Bl -tag -width Ds +.It Fl 1 +Specify the use of protocol version 1. +.It Fl B Ar buffer_size +Specify the size of the buffer that +.Nm +uses when transferring files. +Larger buffers require fewer round trips at the cost of higher +memory consumption. +The default is 32768 bytes. .It Fl b Ar batchfile Batch mode reads a series of commands from an input .Ar batchfile @@ -104,6 +113,16 @@ prefixing the command with a .Sq Ic \- character (for example, .Ic -rm /tmp/blah* ) . +.It Fl C +Enables compression (via ssh's +.Fl C +flag). +.It Fl F Ar ssh_config +Specifies an alternative +per-user configuration file for +.Xr ssh 1 . +This option is directly passed to +.Xr ssh 1 . .It Fl o Ar ssh_option Can be used to pass options to .Nm ssh @@ -115,35 +134,60 @@ for which there is no separate command-line flag. For example, to specify an alternate port use: .Ic sftp -oPort=24 . -.It Fl s Ar subsystem | sftp_server -Specifies the SSH2 subsystem or the path for an sftp server -on the remote host. -A path is useful for using -.Nm -over protocol version 1, or when the remote -.Xr sshd 8 -does not have an sftp subsystem configured. -.It Fl v -Raise logging level. -This option is also passed to ssh. -.It Fl B Ar buffer_size -Specify the size of the buffer that -.Nm -uses when transferring files. -Larger buffers require fewer round trips at the cost of higher -memory consumption. -The default is 32768 bytes. -.It Fl C -Enables compression (via ssh's -.Fl C -flag). -.It Fl F Ar ssh_config -Specifies an alternative -per-user configuration file for -.Xr ssh 1 . -This option is directly passed to -.Xr ssh 1 . -.It Fl P Ar sftp_server path +For full details of the options listed below, and their possible values, see +.Xr ssh_config 5 . +.Pp +.Bl -tag -width Ds -offset indent -compact +.It AddressFamily +.It BatchMode +.It BindAddress +.It ChallengeResponseAuthentication +.It CheckHostIP +.It Cipher +.It Ciphers +.It ClearAllForwardings +.It Compression +.It CompressionLevel +.It ConnectionAttempts +.It ConnectionTimeout +.It DynamicForward +.It EscapeChar +.It ForwardAgent +.It ForwardX11 +.It GatewayPorts +.It GlobalKnownHostsFile +.It GSSAPIAuthentication +.It GSSAPIDelegateCredentials +.It Host +.It HostbasedAuthentication +.It HostKeyAlgorithms +.It HostKeyAlias +.It HostName +.It IdentityFile +.It KeepAlive +.It LocalForward +.It LogLevel +.It MACs +.It NoHostAuthenticationForLocalhost +.It NumberOfPasswordPrompts +.It PasswordAuthentication +.It Port +.It PreferredAuthentications +.It Protocol +.It ProxyCommand +.It PubkeyAuthentication +.It RemoteForward +.It RhostsRSAAuthentication +.It RSAAuthentication +.It SmartcardDevice +.It StrictHostKeyChecking +.It UsePrivilegedPort +.It User +.It UserKnownHostsFile +.It VerifyHostKeyDNS +.It XAuthLocation +.El +.It Fl P Ar sftp_server_path Connect directly to a local sftp server (rather than via .Xr ssh 1 ) @@ -160,8 +204,17 @@ to use for the encrypted connection. The program must understand .Xr ssh 1 options. -.It Fl 1 -Specify the use of protocol version 1. +.It Fl s Ar subsystem | sftp_server +Specifies the SSH2 subsystem or the path for an sftp server +on the remote host. +A path is useful for using +.Nm +over protocol version 1, or when the remote +.Xr sshd 8 +does not have an sftp subsystem configured. +.It Fl v +Raise logging level. +This option is also passed to ssh. .El .Sh INTERACTIVE COMMANDS Once in interactive mode, @@ -170,16 +223,13 @@ understands a set of commands similar to those of .Xr ftp 1 . Commands are case insensitive and pathnames may be enclosed in quotes if they contain spaces. -.Bl -tag -width Ds +.Bl -tag -width "lmdir path" .It Ic bye Quit .Nm sftp . .It Ic cd Ar path Change remote directory to .Ar path . -.It Ic lcd Ar path -Change local directory to -.Ar path . .It Ic chgrp Ar grp Ar path Change group of file .Ar path @@ -219,6 +269,9 @@ flag is specified, then the file's full permission and access time are copied too. .It Ic help Display help text. +.It Ic lcd Ar path +Change local directory to +.Ar path . .It Ic lls Op Ar ls-options Op Ar path Display local directory listing of either .Ar path @@ -280,12 +333,12 @@ Rename remote file from .Ar oldpath to .Ar newpath . -.It Ic rmdir Ar path -Remove remote directory specified by -.Ar path . .It Ic rm Ar path Delete remote file specified by .Ar path . +.It Ic rmdir Ar path +Remove remote directory specified by +.Ar path . .It Ic symlink Ar oldpath Ar newpath Create a symbolic link from .Ar oldpath @@ -305,6 +358,7 @@ Escape to local shell. Synonym for help. .El .Sh SEE ALSO +.Xr ftp 1 , .Xr scp 1 , .Xr ssh 1 , .Xr ssh-add 1 , -- cgit v1.2.3 From b370ca9313b02581a5afff20d7555a34cf1f662d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 15 Oct 2003 15:59:26 +1000 Subject: - markus@cvs.openbsd.org 2003/10/13 08:22:25 [scp.1 sftp.1] don't refer to options related to forwarding; ok jmc@ --- ChangeLog | 5 ++++- scp.1 | 11 +---------- sftp.1 | 11 +---------- 3 files changed, 6 insertions(+), 21 deletions(-) (limited to 'sftp.1') diff --git a/ChangeLog b/ChangeLog index 439a5b4bc..486a2a981 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,9 @@ note that EnableSSHKeySign should be in the non-hostspecific section; remove unnecessary .Pp; ok markus@ + - markus@cvs.openbsd.org 2003/10/13 08:22:25 + [scp.1 sftp.1] + don't refer to options related to forwarding; ok jmc@ 20031009 - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ @@ -1344,4 +1347,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3075 2003/10/15 05:58:18 dtucker Exp $ +$Id: ChangeLog,v 1.3076 2003/10/15 05:59:26 dtucker Exp $ diff --git a/scp.1 b/scp.1 index bdc413337..4dab2a1db 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.29 2003/10/08 08:27:36 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.30 2003/10/13 08:22:25 markus Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -124,16 +124,10 @@ For full details of the options listed below, and their possible values, see .It CheckHostIP .It Cipher .It Ciphers -.It ClearAllForwardings .It Compression .It CompressionLevel .It ConnectionAttempts .It ConnectionTimeout -.It DynamicForward -.It EscapeChar -.It ForwardAgent -.It ForwardX11 -.It GatewayPorts .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials @@ -144,7 +138,6 @@ For full details of the options listed below, and their possible values, see .It HostName .It IdentityFile .It KeepAlive -.It LocalForward .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost @@ -155,7 +148,6 @@ For full details of the options listed below, and their possible values, see .It Protocol .It ProxyCommand .It PubkeyAuthentication -.It RemoteForward .It RhostsRSAAuthentication .It RSAAuthentication .It SmartcardDevice @@ -164,7 +156,6 @@ For full details of the options listed below, and their possible values, see .It User .It UserKnownHostsFile .It VerifyHostKeyDNS -.It XAuthLocation .El .It Fl P Ar port Specifies the port to connect to on the remote host. diff --git a/sftp.1 b/sftp.1 index 05b972e46..00253037d 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.46 2003/10/08 08:27:36 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.47 2003/10/13 08:22:25 markus Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -145,16 +145,10 @@ For full details of the options listed below, and their possible values, see .It CheckHostIP .It Cipher .It Ciphers -.It ClearAllForwardings .It Compression .It CompressionLevel .It ConnectionAttempts .It ConnectionTimeout -.It DynamicForward -.It EscapeChar -.It ForwardAgent -.It ForwardX11 -.It GatewayPorts .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials @@ -165,7 +159,6 @@ For full details of the options listed below, and their possible values, see .It HostName .It IdentityFile .It KeepAlive -.It LocalForward .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost @@ -176,7 +169,6 @@ For full details of the options listed below, and their possible values, see .It Protocol .It ProxyCommand .It PubkeyAuthentication -.It RemoteForward .It RhostsRSAAuthentication .It RSAAuthentication .It SmartcardDevice @@ -185,7 +177,6 @@ For full details of the options listed below, and their possible values, see .It User .It UserKnownHostsFile .It VerifyHostKeyDNS -.It XAuthLocation .El .It Fl P Ar sftp_server_path Connect directly to a local sftp server -- cgit v1.2.3 From 12c150e7e0711e29ea5dc78d3c9ed46221319dc5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 17 Dec 2003 16:31:10 +1100 Subject: - markus@cvs.openbsd.org 2003/12/09 21:53:37 [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1] [ssh_config.5 sshconnect.c sshd.c sshd_config.5] rename keepalive to tcpkeepalive; the old name causes too much confusion; ok djm, dtucker; with help from jmc@ --- ChangeLog | 7 ++++++- readconf.c | 19 ++++++++++--------- readconf.h | 4 ++-- scp.1 | 4 ++-- servconf.c | 17 +++++++++-------- servconf.h | 4 ++-- sftp.1 | 4 ++-- ssh.1 | 4 ++-- ssh_config.5 | 36 ++++++++++++++++++------------------ sshconnect.c | 6 +++--- sshd.c | 6 +++--- sshd_config.5 | 48 ++++++++++++++++++++++++------------------------ 12 files changed, 83 insertions(+), 76 deletions(-) (limited to 'sftp.1') diff --git a/ChangeLog b/ChangeLog index d737c855d..0b97adc72 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,11 @@ - markus@cvs.openbsd.org 2003/12/09 17:30:05 [ssh.c] don't modify argv for ssh -o; similar to sshd.c 1.283 + - markus@cvs.openbsd.org 2003/12/09 21:53:37 + [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1] + [ssh_config.5 sshconnect.c sshd.c sshd_config.5] + rename keepalive to tcpkeepalive; the old name causes too much + confusion; ok djm, dtucker; with help from jmc@ 20031209 - (dtucker) OpenBSD CVS Sync @@ -1581,4 +1586,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3142 2003/12/17 05:30:06 djm Exp $ +$Id: ChangeLog,v 1.3143 2003/12/17 05:31:10 djm Exp $ diff --git a/readconf.c b/readconf.c index da49a3944..cd2c81443 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.125 2003/11/12 16:39:58 jakob Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.126 2003/12/09 21:53:36 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -78,7 +78,7 @@ RCSID("$OpenBSD: readconf.c,v 1.125 2003/11/12 16:39:58 jakob Exp $"); RSAAuthentication yes RhostsRSAAuthentication yes StrictHostKeyChecking yes - KeepAlives no + TcpKeepAlive no IdentityFile ~/.ssh/identity Port 22 EscapeChar ~ @@ -96,7 +96,7 @@ typedef enum { oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, - oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, + oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, @@ -169,7 +169,8 @@ static struct { { "stricthostkeychecking", oStrictHostKeyChecking }, { "compression", oCompression }, { "compressionlevel", oCompressionLevel }, - { "keepalive", oKeepAlives }, + { "tcpkeepalive", oTCPKeepAlive }, + { "keepalive", oTCPKeepAlive }, /* obsolete */ { "numberofpasswordprompts", oNumberOfPasswordPrompts }, { "loglevel", oLogLevel }, { "dynamicforward", oDynamicForward }, @@ -427,8 +428,8 @@ parse_yesnoask: intptr = &options->compression; goto parse_flag; - case oKeepAlives: - intptr = &options->keepalives; + case oTCPKeepAlive: + intptr = &options->tcp_keep_alive; goto parse_flag; case oNoHostAuthenticationForLocalhost: @@ -826,7 +827,7 @@ initialize_options(Options * options) options->check_host_ip = -1; options->strict_host_key_checking = -1; options->compression = -1; - options->keepalives = -1; + options->tcp_keep_alive = -1; options->compression_level = -1; options->port = -1; options->address_family = -1; @@ -909,8 +910,8 @@ fill_default_options(Options * options) options->strict_host_key_checking = 2; /* 2 is default */ if (options->compression == -1) options->compression = 0; - if (options->keepalives == -1) - options->keepalives = 1; + if (options->tcp_keep_alive == -1) + options->tcp_keep_alive = 1; if (options->compression_level == -1) options->compression_level = 6; if (options->port == -1) diff --git a/readconf.h b/readconf.h index 650132346..f2a859fbe 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.57 2003/11/21 11:57:03 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.58 2003/12/09 21:53:36 markus Exp $ */ /* * Author: Tatu Ylonen @@ -53,7 +53,7 @@ typedef struct { int compression; /* Compress packets in both directions. */ int compression_level; /* Compression level 1 (fast) to 9 * (best). */ - int keepalives; /* Set SO_KEEPALIVE. */ + int tcp_keep_alive; /* Set SO_KEEPALIVE. */ LogLevel log_level; /* Level for logging. */ int port; /* Port to connect. */ diff --git a/scp.1 b/scp.1 index 4dab2a1db..cbebb949a 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.30 2003/10/13 08:22:25 markus Exp $ +.\" $OpenBSD: scp.1,v 1.31 2003/12/09 21:53:36 markus Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -137,7 +137,6 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile -.It KeepAlive .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost @@ -152,6 +151,7 @@ For full details of the options listed below, and their possible values, see .It RSAAuthentication .It SmartcardDevice .It StrictHostKeyChecking +.It TCPKeepAlive .It UsePrivilegedPort .It User .It UserKnownHostsFile diff --git a/servconf.c b/servconf.c index 0df62ad63..a6824a863 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.128 2003/09/29 20:19:57 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.129 2003/12/09 21:53:36 markus Exp $"); #include "ssh.h" #include "log.h" @@ -61,7 +61,7 @@ initialize_server_options(ServerOptions *options) options->x11_use_localhost = -1; options->xauth_location = NULL; options->strict_modes = -1; - options->keepalives = -1; + options->tcp_keep_alive = -1; options->log_facility = SYSLOG_FACILITY_NOT_SET; options->log_level = SYSLOG_LEVEL_NOT_SET; options->rhosts_rsa_authentication = -1; @@ -159,8 +159,8 @@ fill_default_server_options(ServerOptions *options) options->xauth_location = _PATH_XAUTH; if (options->strict_modes == -1) options->strict_modes = 1; - if (options->keepalives == -1) - options->keepalives = 1; + if (options->tcp_keep_alive == -1) + options->tcp_keep_alive = 1; if (options->log_facility == SYSLOG_FACILITY_NOT_SET) options->log_facility = SYSLOG_FACILITY_AUTH; if (options->log_level == SYSLOG_LEVEL_NOT_SET) @@ -254,7 +254,7 @@ typedef enum { sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, - sStrictModes, sEmptyPasswd, sKeepAlives, + sStrictModes, sEmptyPasswd, sTCPKeepAlive, sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, @@ -334,7 +334,8 @@ static struct { { "permituserenvironment", sPermitUserEnvironment }, { "uselogin", sUseLogin }, { "compression", sCompression }, - { "keepalive", sKeepAlives }, + { "tcpkeepalive", sTCPKeepAlive }, + { "keepalive", sTCPKeepAlive }, /* obsolete alias */ { "allowtcpforwarding", sAllowTcpForwarding }, { "allowusers", sAllowUsers }, { "denyusers", sDenyUsers }, @@ -677,8 +678,8 @@ parse_flag: intptr = &options->strict_modes; goto parse_flag; - case sKeepAlives: - intptr = &options->keepalives; + case sTCPKeepAlive: + intptr = &options->tcp_keep_alive; goto parse_flag; case sEmptyPasswd: diff --git a/servconf.h b/servconf.h index 828e94c5c..3cf47bf2f 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.65 2003/09/01 18:15:50 markus Exp $ */ +/* $OpenBSD: servconf.h,v 1.66 2003/12/09 21:53:37 markus Exp $ */ /* * Author: Tatu Ylonen @@ -58,7 +58,7 @@ typedef struct { int x11_use_localhost; /* If true, use localhost for fake X11 server. */ char *xauth_location; /* Location of xauth program */ int strict_modes; /* If true, require string home dir modes. */ - int keepalives; /* If true, set SO_KEEPALIVE. */ + int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ char *ciphers; /* Supported SSH2 ciphers. */ char *macs; /* Supported SSH2 macs. */ int protocol; /* Supported protocol versions. */ diff --git a/sftp.1 b/sftp.1 index 00253037d..91a288dfc 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.47 2003/10/13 08:22:25 markus Exp $ +.\" $OpenBSD: sftp.1,v 1.48 2003/12/09 21:53:37 markus Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -158,7 +158,6 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile -.It KeepAlive .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost @@ -173,6 +172,7 @@ For full details of the options listed below, and their possible values, see .It RSAAuthentication .It SmartcardDevice .It StrictHostKeyChecking +.It TCPKeepAlive .It UsePrivilegedPort .It User .It UserKnownHostsFile diff --git a/ssh.1 b/ssh.1 index 25de869ad..33521268b 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.179 2003/11/24 00:16:35 dtucker Exp $ +.\" $OpenBSD: ssh.1,v 1.180 2003/12/09 21:53:37 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -634,7 +634,6 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile -.It KeepAlive .It LocalForward .It LogLevel .It MACs @@ -651,6 +650,7 @@ For full details of the options listed below, and their possible values, see .It RSAAuthentication .It SmartcardDevice .It StrictHostKeyChecking +.It TCPKeepAlive .It UsePrivilegedPort .It User .It UserKnownHostsFile diff --git a/ssh_config.5 b/ssh_config.5 index 8857073a5..3aafa4e7d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.25 2003/11/12 20:14:51 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.26 2003/12/09 21:53:37 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -408,23 +408,6 @@ syntax to refer to a user's home directory. It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence. -.It Cm KeepAlive -Specifies whether the system should send TCP keepalive messages to the -other side. -If they are sent, death of the connection or crash of one -of the machines will be properly noticed. -However, this means that -connections will die if the route is down temporarily, and some people -find it annoying. -.Pp -The default is -.Dq yes -(to send keepalives), and the client will notice -if the network goes down or the remote host dies. -This is important in scripts, and many users want it too. -.Pp -To disable keepalives, the value should be set to -.Dq no . .It Cm LocalForward Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. @@ -613,6 +596,23 @@ or .Dq ask . The default is .Dq ask . +.It Cm TCPKeepAlive +Specifies whether the system should send TCP keepalive messages to the +other side. +If they are sent, death of the connection or crash of one +of the machines will be properly noticed. +However, this means that +connections will die if the route is down temporarily, and some people +find it annoying. +.Pp +The default is +.Dq yes +(to send TCP keepalive messages), and the client will notice +if the network goes down or the remote host dies. +This is important in scripts, and many users want it too. +.Pp +To disable TCP keepalive messages, the value should be set to +.Dq no . .It Cm UsePrivilegedPort Specifies whether to use a privileged port for outgoing connections. The argument must be diff --git a/sshconnect.c b/sshconnect.c index 3d6cc375a..80b45c79e 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.154 2003/11/21 11:57:03 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.155 2003/12/09 21:53:37 markus Exp $"); #include @@ -415,8 +415,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, debug("Connection established."); - /* Set keepalives if requested. */ - if (options.keepalives && + /* Set SO_KEEPALIVE if requested. */ + if (options.tcp_keep_alive && setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) < 0) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); diff --git a/sshd.c b/sshd.c index 50856317a..ab029b00f 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.283 2003/12/09 17:29:04 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.284 2003/12/09 21:53:37 markus Exp $"); #include #include @@ -1398,8 +1398,8 @@ main(int ac, char **av) signal(SIGCHLD, SIG_DFL); signal(SIGINT, SIG_DFL); - /* Set keepalives if requested. */ - if (options.keepalives && + /* Set SO_KEEPALIVE if requested. */ + if (options.tcp_keep_alive && setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); diff --git a/sshd_config.5 b/sshd_config.5 index 06a197b76..ad3cf76df 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.26 2003/11/21 11:57:03 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.27 2003/12/09 21:53:37 markus Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -156,12 +156,12 @@ If this threshold is reached while client alive messages are being sent, will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from -.Cm KeepAlive +.Cm TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by -.Cm KeepAlive +.Cm TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive. @@ -292,27 +292,6 @@ or .Cm HostbasedAuthentication . The default is .Dq no . -.It Cm KeepAlive -Specifies whether the system should send TCP keepalive messages to the -other side. -If they are sent, death of the connection or crash of one -of the machines will be properly noticed. -However, this means that -connections will die if the route is down temporarily, and some people -find it annoying. -On the other hand, if keepalives are not sent, -sessions may hang indefinitely on the server, leaving -.Dq ghost -users and consuming server resources. -.Pp -The default is -.Dq yes -(to send keepalives), and the server will notice -if the network goes down or the client host crashes. -This avoids infinitely hanging sessions. -.Pp -To disable keepalives, the value should be set to -.Dq no . .It Cm KerberosAuthentication Specifies whether the password provided by the user for .Cm PasswordAuthentication @@ -580,6 +559,27 @@ Gives the facility code that is used when logging messages from The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH. +.It Cm TCPKeepAlive +Specifies whether the system should send TCP keepalive messages to the +other side. +If they are sent, death of the connection or crash of one +of the machines will be properly noticed. +However, this means that +connections will die if the route is down temporarily, and some people +find it annoying. +On the other hand, if TCP keepalives are not sent, +sessions may hang indefinitely on the server, leaving +.Dq ghost +users and consuming server resources. +.Pp +The default is +.Dq yes +(to send TCP keepalive messages), and the server will notice +if the network goes down or the client host crashes. +This avoids infinitely hanging sessions. +.Pp +To disable TCP keepalive messages, the value should be set to +.Dq no . .It Cm UseDNS Specifies whether .Nm sshd -- cgit v1.2.3 From 509b0107f0e67cb4af663c147179d35fa6425614 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 17 Dec 2003 16:33:10 +1100 Subject: - markus@cvs.openbsd.org 2003/12/16 15:49:51 [clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1] [ssh.c ssh_config.5] application layer keep alive (ServerAliveInterval ServerAliveCountMax) for ssh(1), similar to the sshd(8) option; ok beck@; with help from jmc and dtucker@ --- ChangeLog | 8 +++++++- clientloop.c | 45 +++++++++++++++++++++++++++++++++++++-------- clientloop.h | 4 ++-- readconf.c | 21 +++++++++++++++++++-- readconf.h | 4 +++- scp.1 | 4 +++- sftp.1 | 4 +++- ssh.1 | 4 +++- ssh.c | 9 +++------ ssh_config.5 | 38 +++++++++++++++++++++++++++++++++++++- 10 files changed, 117 insertions(+), 24 deletions(-) (limited to 'sftp.1') diff --git a/ChangeLog b/ChangeLog index 39e8042da..3593792c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,12 @@ - markus@cvs.openbsd.org 2003/12/14 12:37:21 [ssh_config.5] we don't support GSS KEX; from Simon Wilkinson + - markus@cvs.openbsd.org 2003/12/16 15:49:51 + [clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1] + [ssh.c ssh_config.5] + application layer keep alive (ServerAliveInterval ServerAliveCountMax) + for ssh(1), similar to the sshd(8) option; ok beck@; with help from + jmc and dtucker@ 20031209 - (dtucker) OpenBSD CVS Sync @@ -1592,4 +1598,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3145 2003/12/17 05:32:23 djm Exp $ +$Id: ChangeLog,v 1.3146 2003/12/17 05:33:10 djm Exp $ diff --git a/clientloop.c b/clientloop.c index 67b9dfcea..626b29a5a 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.116 2003/12/09 23:45:32 dtucker Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.117 2003/12/16 15:49:51 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -127,6 +127,7 @@ static int connection_in; /* Connection to server (input). */ static int connection_out; /* Connection to server (output). */ static int need_rekeying; /* Set to non-zero if rekeying is requested. */ static int session_closed = 0; /* In SSH2: login session closed. */ +static int server_alive_timeouts = 0; static void client_init_dispatch(void); int session_ident = -1; @@ -313,6 +314,24 @@ client_check_window_change(void) } } +static void +client_global_request_reply(int type, u_int32_t seq, void *ctxt) +{ + server_alive_timeouts = 0; + client_global_request_reply_fwd(type, seq, ctxt); +} + +static void +server_alive_check(void) +{ + if (++server_alive_timeouts > options.server_alive_count_max) + packet_disconnect("Timeout, server not responding."); + packet_start(SSH2_MSG_GLOBAL_REQUEST); + packet_put_cstring("keepalive@openssh.com"); + packet_put_char(1); /* boolean: want reply */ + packet_send(); +} + /* * Waits until the client can do something (some data becomes available on * one of the file descriptors). @@ -322,6 +341,9 @@ static void client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, int *nallocp, int rekeying) { + struct timeval tv, *tvp; + int ret; + /* Add any selections by the channel mechanism. */ channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying); @@ -363,13 +385,18 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, /* * Wait for something to happen. This will suspend the process until * some selected descriptor can be read, written, or has some other - * event pending. Note: if you want to implement SSH_MSG_IGNORE - * messages to fool traffic analysis, this might be the place to do - * it: just have a random timeout for the select, and send a random - * SSH_MSG_IGNORE packet when the timeout expires. + * event pending. */ - if (select((*maxfdp)+1, *readsetp, *writesetp, NULL, NULL) < 0) { + if (options.server_alive_interval == 0 || !compat20) + tvp = NULL; + else { + tv.tv_sec = options.server_alive_interval; + tv.tv_usec = 0; + tvp = &tv; + } + ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); + if (ret < 0) { char buf[100]; /* @@ -386,7 +413,8 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno)); buffer_append(&stderr_buffer, buf, strlen(buf)); quit_pending = 1; - } + } else if (ret == 0) + server_alive_check(); } static void @@ -1365,7 +1393,8 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt) rtype = packet_get_string(NULL); want_reply = packet_get_char(); - debug("client_input_global_request: rtype %s want_reply %d", rtype, want_reply); + debug("client_input_global_request: rtype %s want_reply %d", + rtype, want_reply); if (want_reply) { packet_start(success ? SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE); diff --git a/clientloop.h b/clientloop.h index 8056a40c3..56af06bc1 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.7 2002/04/22 21:04:52 markus Exp $ */ +/* $OpenBSD: clientloop.h,v 1.8 2003/12/16 15:49:51 markus Exp $ */ /* * Author: Tatu Ylonen @@ -37,4 +37,4 @@ /* Client side main loop for the interactive session. */ int client_loop(int, int, int); -void client_global_request_reply(int type, u_int32_t seq, void *ctxt); +void client_global_request_reply_fwd(int, u_int32_t, void *); diff --git a/readconf.c b/readconf.c index cd2c81443..2591e0dba 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.126 2003/12/09 21:53:36 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -105,6 +105,7 @@ typedef enum { oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, + oServerAliveInterval, oServerAliveCountMax, oDeprecated, oUnsupported } OpCodes; @@ -189,6 +190,8 @@ static struct { { "rekeylimit", oRekeyLimit }, { "connecttimeout", oConnectTimeout }, { "addressfamily", oAddressFamily }, + { "serveraliveinterval", oServerAliveInterval }, + { "serveralivecountmax", oServerAliveCountMax }, { NULL, oBadOption } }; @@ -307,7 +310,7 @@ process_config_line(Options *options, const char *host, /* NOTREACHED */ case oConnectTimeout: intptr = &options->connection_timeout; -/* parse_time: */ +parse_time: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%s line %d: missing time value.", @@ -733,6 +736,14 @@ parse_int: intptr = &options->enable_ssh_keysign; goto parse_flag; + case oServerAliveInterval: + intptr = &options->server_alive_interval; + goto parse_time; + + case oServerAliveCountMax: + intptr = &options->server_alive_count_max; + goto parse_int; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -860,6 +871,8 @@ initialize_options(Options * options) options->no_host_authentication_for_localhost = - 1; options->rekey_limit = - 1; options->verify_host_key_dns = -1; + options->server_alive_interval = -1; + options->server_alive_count_max = -1; } /* @@ -974,6 +987,10 @@ fill_default_options(Options * options) options->rekey_limit = 0; if (options->verify_host_key_dns == -1) options->verify_host_key_dns = 0; + if (options->server_alive_interval == -1) + options->server_alive_interval = 0; + if (options->server_alive_count_max == -1) + options->server_alive_count_max = 3; /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ diff --git a/readconf.h b/readconf.h index f2a859fbe..3f27af961 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.58 2003/12/09 21:53:36 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $ */ /* * Author: Tatu Ylonen @@ -100,6 +100,8 @@ typedef struct { int enable_ssh_keysign; int rekey_limit; int no_host_authentication_for_localhost; + int server_alive_interval; + int server_alive_count_max; } Options; diff --git a/scp.1 b/scp.1 index cbebb949a..f5ca1e45a 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.31 2003/12/09 21:53:36 markus Exp $ +.\" $OpenBSD: scp.1,v 1.32 2003/12/16 15:49:51 markus Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -149,6 +149,8 @@ For full details of the options listed below, and their possible values, see .It PubkeyAuthentication .It RhostsRSAAuthentication .It RSAAuthentication +.It ServerAliveInterval +.It ServerAliveCountMax .It SmartcardDevice .It StrictHostKeyChecking .It TCPKeepAlive diff --git a/sftp.1 b/sftp.1 index 91a288dfc..8563e2bdd 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.48 2003/12/09 21:53:37 markus Exp $ +.\" $OpenBSD: sftp.1,v 1.49 2003/12/16 15:49:51 markus Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -170,6 +170,8 @@ For full details of the options listed below, and their possible values, see .It PubkeyAuthentication .It RhostsRSAAuthentication .It RSAAuthentication +.It ServerAliveInterval +.It ServerAliveCountMax .It SmartcardDevice .It StrictHostKeyChecking .It TCPKeepAlive diff --git a/ssh.1 b/ssh.1 index 33521268b..e2cd5d343 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.180 2003/12/09 21:53:37 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -648,6 +648,8 @@ For full details of the options listed below, and their possible values, see .It RemoteForward .It RhostsRSAAuthentication .It RSAAuthentication +.It ServerAliveInterval +.It ServerAliveCountMax .It SmartcardDevice .It StrictHostKeyChecking .It TCPKeepAlive diff --git a/ssh.c b/ssh.c index 222aaab7f..da390c12d 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.205 2003/12/09 17:30:05 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.206 2003/12/16 15:49:51 markus Exp $"); #include #include @@ -1029,16 +1029,13 @@ client_subsystem_reply(int type, u_int32_t seq, void *ctxt) } void -client_global_request_reply(int type, u_int32_t seq, void *ctxt) +client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt) { int i; i = client_global_request_id++; - if (i >= options.num_remote_forwards) { - debug("client_global_request_reply: too many replies %d > %d", - i, options.num_remote_forwards); + if (i >= options.num_remote_forwards) return; - } debug("remote forward %s for: listen %d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", options.remote_forwards[i].port, diff --git a/ssh_config.5 b/ssh_config.5 index cb26eab69..210da059b 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.27 2003/12/14 12:37:21 markus Exp $ +.\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -552,6 +552,42 @@ running. The default is .Dq yes . Note that this option applies to protocol version 1 only. +.It Cm ServerAliveInterval +Sets a timeout interval in seconds after which if no data has been received +from the server, +.Nm ssh +will send a message through the encrypted +channel to request a response from the server. +The default +is 0, indicating that these messages will not be sent to the server. +This option applies to protocol version 2 only. +.It Cm ServerAliveCountMax +Sets the number of server alive messages (see above) which may be +sent without +.Nm ssh +receiving any messages back from the server. +If this threshold is reached while server alive messages are being sent, +.Nm ssh +will disconnect from the server, terminating the session. +It is important to note that the use of server alive messages is very +different from +.Cm TCPKeepAlive +(below). +The server alive messages are sent through the encrypted channel +and therefore will not be spoofable. +The TCP keepalive option enabled by +.Cm TCPKeepAlive +is spoofable. +The server alive mechanism is valuable when the client or +server depend on knowing when a connection has become inactive. +.Pp +The default value is 3. +If, for example, +.Cm ServerAliveInterval +(above) is set to 15, and +.Cm ServerAliveCountMax +is left at the default, if the server becomes unresponsive ssh +will disconnect after approximately 45 seconds. .It Cm SmartcardDevice Specifies which smartcard device to use. The argument to this keyword is the device -- cgit v1.2.3 From 44f75c14f6f1eacfe6e1c98eae742019de24ad6a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 21 Jan 2004 10:58:47 +1100 Subject: - djm@cvs.openbsd.org 2004/01/13 09:25:05 [sftp-int.c sftp.1 sftp.c] Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and enable use of "-b -" to accept batchfile from stdin; ok markus@ --- ChangeLog | 9 ++++++++- sftp-int.c | 11 ++++++++--- sftp.1 | 9 +++++++-- sftp.c | 28 ++++++++++++++++------------ 4 files changed, 39 insertions(+), 18 deletions(-) (limited to 'sftp.1') diff --git a/ChangeLog b/ChangeLog index 0e48d5743..9985b57ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20040121 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2004/01/13 09:25:05 + [sftp-int.c sftp.1 sftp.c] + Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and + enable use of "-b -" to accept batchfile from stdin; ok markus@ + 20040114 - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits unexpectedly. with & ok djm@ @@ -1666,4 +1673,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3169 2004/01/14 13:15:07 dtucker Exp $ +$Id: ChangeLog,v 1.3170 2004/01/20 23:58:47 djm Exp $ diff --git a/sftp-int.c b/sftp-int.c index edb475bbb..a9423fe69 100644 --- a/sftp-int.c +++ b/sftp-int.c @@ -25,7 +25,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.65 2003/11/21 11:57:03 djm Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.66 2004/01/13 09:25:05 djm Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -41,6 +41,9 @@ RCSID("$OpenBSD: sftp-int.c,v 1.65 2003/11/21 11:57:03 djm Exp $"); /* File to read commands from */ extern FILE *infile; +/* Are we in batchfile mode? */ +extern int batchmode; + /* Size of buffer used when copying files */ extern size_t copy_buffer_len; @@ -1172,14 +1175,16 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) if (fgets(cmd, sizeof(cmd), infile) == NULL) { printf("\n"); break; - } else if (infile != stdin) /* Bluff typing */ + } + + if (batchmode) /* Echo command */ printf("%s", cmd); cp = strrchr(cmd, '\n'); if (cp) *cp = '\0'; - err = parse_dispatch_command(conn, cmd, &pwd, infile != stdin); + err = parse_dispatch_command(conn, cmd, &pwd, batchmode); if (err != 0) break; } diff --git a/sftp.1 b/sftp.1 index 8563e2bdd..cfa2e10b3 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.49 2003/12/16 15:49:51 markus Exp $ +.\" $OpenBSD: sftp.1,v 1.50 2004/01/13 09:25:05 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -99,7 +99,12 @@ Batch mode reads a series of commands from an input instead of .Em stdin . Since it lacks user interaction it should be used in conjunction with -non-interactive authentication. +non-interactive authentication. +A +.Ar batchfile +of +.Sq Ic \- +may be used to indicate standard input. .Nm will abort if any of the following commands fail: diff --git a/sftp.c b/sftp.c index fddc6875f..e288302fa 100644 --- a/sftp.c +++ b/sftp.c @@ -24,7 +24,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.38 2003/10/08 08:27:36 jmc Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.39 2004/01/13 09:25:05 djm Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -43,7 +43,8 @@ extern char *__progname; char *__progname; #endif -FILE* infile; +FILE* infile = stdin; +int batchmode = 0; size_t copy_buffer_len = 32768; size_t num_requests = 16; static pid_t sshpid = -1; @@ -141,7 +142,6 @@ main(int argc, char **argv) addargs(&args, "-oForwardAgent no"); addargs(&args, "-oClearAllForwardings yes"); ll = SYSLOG_LEVEL_INFO; - infile = stdin; /* Read from STDIN unless changed by -b */ while ((ch = getopt(argc, argv, "1hvCo:s:S:b:B:F:P:R:")) != -1) { switch (ch) { @@ -171,13 +171,15 @@ main(int argc, char **argv) ssh_program = optarg; break; case 'b': - if (infile == stdin) { - infile = fopen(optarg, "r"); - if (infile == NULL) - fatal("%s (%s).", strerror(errno), optarg); - } else - fatal("Filename already specified."); + if (batchmode) + fatal("Batch file already specified."); + + /* Allow "-" as stdin */ + if (strcmp(optarg, "-") != 0 && + (infile = fopen(optarg, "r")) == NULL) + fatal("%s (%s).", strerror(errno), optarg); showprogress = 0; + batchmode = 1; break; case 'P': sftp_direct = optarg; @@ -241,13 +243,15 @@ main(int argc, char **argv) sftp_server : "sftp")); args.list[0] = ssh_program; - fprintf(stderr, "Connecting to %s...\n", host); + if (!batchmode) + fprintf(stderr, "Connecting to %s...\n", host); connect_to_server(ssh_program, args.list, &in, &out); } else { args.list = NULL; addargs(&args, "sftp-server"); - fprintf(stderr, "Attaching to %s...\n", sftp_direct); + if (!batchmode) + fprintf(stderr, "Attaching to %s...\n", sftp_direct); connect_to_server(sftp_direct, args.list, &in, &out); } @@ -260,7 +264,7 @@ main(int argc, char **argv) close(in); close(out); - if (infile != stdin) + if (batchmode) fclose(infile); while (waitpid(sshpid, NULL, 0) == -1) -- cgit v1.2.3 From 86a396857d4021a5f17c018654e2b7759c84dd04 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 21 Jan 2004 11:00:04 +1100 Subject: - jmc@cvs.openbsd.org 2004/01/13 12:17:33 [sftp.1] remove unnecessary Ic's; kill whitespace at EOL; ok djm@ --- ChangeLog | 7 ++++++- sftp.1 | 12 ++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) (limited to 'sftp.1') diff --git a/ChangeLog b/ChangeLog index 9985b57ff..2c6dc85e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,11 @@ [sftp-int.c sftp.1 sftp.c] Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and enable use of "-b -" to accept batchfile from stdin; ok markus@ + - jmc@cvs.openbsd.org 2004/01/13 12:17:33 + [sftp.1] + remove unnecessary Ic's; + kill whitespace at EOL; + ok djm@ 20040114 - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits @@ -1673,4 +1678,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3170 2004/01/20 23:58:47 djm Exp $ +$Id: ChangeLog,v 1.3171 2004/01/21 00:00:04 djm Exp $ diff --git a/sftp.1 b/sftp.1 index cfa2e10b3..2a67a888e 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.50 2004/01/13 09:25:05 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.51 2004/01/13 12:17:33 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -99,11 +99,11 @@ Batch mode reads a series of commands from an input instead of .Em stdin . Since it lacks user interaction it should be used in conjunction with -non-interactive authentication. +non-interactive authentication. A -.Ar batchfile -of -.Sq Ic \- +.Ar batchfile +of +.Sq \- may be used to indicate standard input. .Nm will abort if any of the following @@ -115,7 +115,7 @@ and .Ic lmkdir . Termination on error can be suppressed on a command by command basis by prefixing the command with a -.Sq Ic \- +.Sq \- character (for example, .Ic -rm /tmp/blah* ) . .It Fl C -- cgit v1.2.3