From ae69e1d010ddf367fdd8ecf7f006c54cfe3f9728 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 24 Oct 2009 11:41:34 +1100 Subject: - sobrado@cvs.openbsd.org 2009/10/22 12:35:53 [ssh.1 ssh-agent.1 ssh-add.1] use the UNIX-related macros (.At and .Ux) where appropriate. ok jmc@ --- ssh-agent.1 | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'ssh-agent.1') diff --git a/ssh-agent.1 b/ssh-agent.1 index 533cd6f6b..bbae4af92 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.47 2009/03/26 08:38:39 sobrado Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.48 2009/10/22 12:35:53 sobrado Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 26 2009 $ +.Dd $Mdocdate: October 22 2009 $ .Dt SSH-AGENT 1 .Os .Sh NAME @@ -67,7 +67,9 @@ machines using The options are as follows: .Bl -tag -width Ds .It Fl a Ar bind_address -Bind the agent to the unix-domain socket +Bind the agent to the +.Ux +domain socket .Ar bind_address . The default is .Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt . @@ -162,8 +164,9 @@ Instead, operations that require a private key will be performed by the agent, and the result will be returned to the requester. This way, private keys are not exposed to clients using the agent. .Pp -A unix-domain socket is created -and the name of this socket is stored in the +A +.Ux +domain socket is created and the name of this socket is stored in the .Ev SSH_AUTH_SOCK environment variable. @@ -186,7 +189,8 @@ Contains the protocol version 2 DSA authentication identity of the user. .It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. .It Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt -Unix-domain sockets used to contain the connection to the +.Ux +domain sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. The sockets should get automatically removed when the agent exits. -- cgit v1.2.3 From 98c9aec30e75ba890ed36227793e1e5ea6a23d45 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 24 Oct 2009 11:42:44 +1100 Subject: - sobrado@cvs.openbsd.org 2009/10/22 15:02:12 [ssh-agent.1 ssh-add.1 ssh.1] write UNIX-domain in a more consistent way; while here, replace a few remaining ".Tn UNIX" macros with ".Ux" ones. pointed out by ratchov@, thanks! ok jmc@ --- ChangeLog | 6 ++++++ ssh-add.1 | 6 +++--- ssh-agent.1 | 15 +++++++-------- ssh.1 | 6 +++--- 4 files changed, 19 insertions(+), 14 deletions(-) (limited to 'ssh-agent.1') diff --git a/ChangeLog b/ChangeLog index ef05cbe35..34351d474 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,12 @@ [ssh.1 ssh-agent.1 ssh-add.1] use the UNIX-related macros (.At and .Ux) where appropriate. ok jmc@ + - sobrado@cvs.openbsd.org 2009/10/22 15:02:12 + [ssh-agent.1 ssh-add.1 ssh.1] + write UNIX-domain in a more consistent way; while here, replace a + few remaining ".Tn UNIX" macros with ".Ux" ones. + pointed out by ratchov@, thanks! + ok jmc@ 20091011 - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for diff --git a/ssh-add.1 b/ssh-add.1 index c484e94a0..ee9a00ff0 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.47 2009/10/22 12:35:53 sobrado Exp $ +.\" $OpenBSD: ssh-add.1,v 1.48 2009/10/22 15:02:12 sobrado Exp $ .\" .\" -*- nroff -*- .\" @@ -149,8 +149,8 @@ may be necessary to redirect the input from to make this work.) .It Ev SSH_AUTH_SOCK Identifies the path of a -.Ux -domain socket used to communicate with the agent. +.Ux Ns -domain +socket used to communicate with the agent. .El .Sh FILES .Bl -tag -width Ds diff --git a/ssh-agent.1 b/ssh-agent.1 index bbae4af92..acc115bd4 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.48 2009/10/22 12:35:53 sobrado Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.49 2009/10/22 15:02:12 sobrado Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -68,8 +68,8 @@ The options are as follows: .Bl -tag -width Ds .It Fl a Ar bind_address Bind the agent to the -.Ux -domain socket +.Ux Ns -domain +socket .Ar bind_address . The default is .Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt . @@ -165,8 +165,8 @@ by the agent, and the result will be returned to the requester. This way, private keys are not exposed to clients using the agent. .Pp A -.Ux -domain socket is created and the name of this socket is stored in the +.Ux Ns -domain +socket is created and the name of this socket is stored in the .Ev SSH_AUTH_SOCK environment variable. @@ -189,9 +189,8 @@ Contains the protocol version 2 DSA authentication identity of the user. .It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. .It Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt -.Ux -domain sockets used to contain the connection to the -authentication agent. +.Ux Ns -domain +sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. The sockets should get automatically removed when the agent exits. .El diff --git a/ssh.1 b/ssh.1 index 9aca407a5..7e7f64e46 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.285 2009/10/22 12:35:53 sobrado Exp $ +.\" $OpenBSD: ssh.1,v 1.286 2009/10/22 15:02:12 sobrado Exp $ .Dd $Mdocdate: October 22 2009 $ .Dt SSH 1 .Os @@ -133,8 +133,8 @@ This can also be specified on a per-host basis in a configuration file. Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's -.Ux -domain socket) can access the local agent through the forwarded connection. +.Ux Ns -domain +socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. -- cgit v1.2.3 From 2e68d793d6967e01faa9ead98b0e527bd19a8d16 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 26 Jan 2010 12:51:13 +1100 Subject: - tedu@cvs.openbsd.org 2010/01/17 21:49:09 [ssh-agent.1] Correct and clarify ssh-add's password asking behavior. Improved text dtucker and ok jmc --- ChangeLog | 7 +++++++ ssh-agent.1 | 9 +++++---- 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'ssh-agent.1') diff --git a/ChangeLog b/ChangeLog index e43b42e26..569a2d0a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20100126 + - (djm) OpenBSD CVS Sync + - tedu@cvs.openbsd.org 2010/01/17 21:49:09 + [ssh-agent.1] + Correct and clarify ssh-add's password asking behavior. + Improved text dtucker and ok jmc + 20100122 - (tim) [configure.ac] Due to constraints in Windows Sockets in terms of socket inheritance, reduce the default SO_RCVBUF/SO_SNDBUF buffer size diff --git a/ssh-agent.1 b/ssh-agent.1 index acc115bd4..f65e8e625 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.49 2009/10/22 15:02:12 sobrado Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.50 2010/01/17 21:49:09 tedu Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 22 2009 $ +.Dd $Mdocdate: January 17 2010 $ .Dt SSH-AGENT 1 .Os .Sh NAME @@ -119,8 +119,9 @@ and .Pa ~/.ssh/identity . If the identity has a passphrase, .Xr ssh-add 1 -asks for the passphrase (using a small X11 application if running -under X11, or from the terminal if running without X). +asks for the passphrase on the terminal if it has one or from a small X11 +program if running under X11. +If neither of these is the case then the authentication will fail. It then sends the identity to the agent. Several identities can be stored in the agent; the agent can automatically use any of these identities. -- cgit v1.2.3