From 34e314da1b832fee576e4ebd8b177154a45fec15 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 8 Jan 2010 17:03:46 +1100 Subject: - reyk@cvs.openbsd.org 2009/10/28 16:38:18 [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 sftp.1 sshd_config.5 readconf.c ssh.c misc.c] Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@ --- ssh-keyscan.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'ssh-keyscan.c') diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 9a91be499..f30e85045 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.78 2009/01/22 10:02:34 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.79 2009/10/28 16:38:18 reyk Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -68,6 +68,9 @@ int timeout = 5; int maxfd; #define MAXCON (maxfd - 10) +/* The default routing domain */ +int scan_rdomain = -1; + extern char *__progname; fd_set *read_wait; size_t read_wait_nfdset; @@ -412,7 +415,8 @@ tcpconnect(char *host) if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr)); for (ai = aitop; ai; ai = ai->ai_next) { - s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + s = socket_rdomain(ai->ai_family, ai->ai_socktype, + ai->ai_protocol, scan_rdomain); if (s < 0) { error("socket: %s", strerror(errno)); continue; @@ -715,7 +719,7 @@ usage(void) { fprintf(stderr, "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" - "\t\t [host | addrlist namelist] ...\n", + "\t\t [-V rdomain] [host | addrlist namelist] ...\n", __progname); exit(1); } @@ -741,7 +745,7 @@ main(int argc, char **argv) if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { + while ((opt = getopt(argc, argv, "Hv46p:T:t:f:V:")) != -1) { switch (opt) { case 'H': hash_hosts = 1; @@ -802,6 +806,11 @@ main(int argc, char **argv) case '6': IPv4or6 = AF_INET6; break; + case 'V': + scan_rdomain = a2port(optarg); + if (scan_rdomain < 0) + scan_rdomain = -1; + break; case '?': default: usage(); -- cgit v1.2.3 From 75456e8ab2df99061a6aa69bcc914d05c2f4f98c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 8 Jan 2010 18:55:58 +1100 Subject: - stevesk@cvs.openbsd.org 2009/12/25 19:40:21 [readconf.c servconf.c misc.h ssh-keyscan.c misc.c] validate routing domain is in range 0-RT_TABLEID_MAX. 'Looks right' deraadt@ --- ChangeLog | 4 ++++ misc.c | 14 +++++++++++++- misc.h | 3 ++- readconf.c | 4 ++-- servconf.c | 13 +++++++++++-- ssh-keyscan.c | 10 ++++++---- 6 files changed, 38 insertions(+), 10 deletions(-) (limited to 'ssh-keyscan.c') diff --git a/ChangeLog b/ChangeLog index ce5cd8b89..feaa27aee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -123,6 +123,10 @@ [PROTOCOL] fix an incorrect magic number and typo in PROTOCOL; bz#1688 report and fix from ueno AT unixuser.org + - stevesk@cvs.openbsd.org 2009/12/25 19:40:21 + [readconf.c servconf.c misc.h ssh-keyscan.c misc.c] + validate routing domain is in range 0-RT_TABLEID_MAX. + 'Looks right' deraadt@ 20091226 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 diff --git a/misc.c b/misc.c index 21db00a13..d4bdfc0ea 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.73 2009/11/20 03:24:07 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.74 2009/12/25 19:40:21 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -273,6 +273,18 @@ a2port(const char *s) return (int)port; } +int +a2rdomain(const char *s) +{ + long long rdomain; + const char *errstr; + + rdomain = strtonum(s, 0, RT_TABLEID_MAX, &errstr); + if (errstr != NULL) + return -1; + return (int)rdomain; +} + int a2tun(const char *s, int *remote) { diff --git a/misc.h b/misc.h index 87b7f0edf..1e859e255 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.39 2009/10/28 16:38:18 reyk Exp $ */ +/* $OpenBSD: misc.h,v 1.40 2009/12/25 19:40:21 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -23,6 +23,7 @@ int set_nonblock(int); int unset_nonblock(int); void set_nodelay(int); int a2port(const char *); +int a2rdomain(const char *); int a2tun(const char *, int *); char *put_host_port(const char *, u_short); char *hpdelim(char **); diff --git a/readconf.c b/readconf.c index 6b2e3b21d..2f1b0cd3b 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.179 2009/10/28 16:38:18 reyk Exp $ */ +/* $OpenBSD: readconf.c,v 1.180 2009/12/25 19:40:21 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -925,7 +925,7 @@ parse_int: if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - value = a2port(arg); + value = a2rdomain(arg); if (value == -1) fatal("%.200s line %d: Bad rdomain.", filename, linenum); diff --git a/servconf.c b/servconf.c index 729f23bad..8b8518aa8 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.197 2009/10/28 16:38:18 reyk Exp $ */ +/* $OpenBSD: servconf.c,v 1.198 2009/12/25 19:40:21 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1298,7 +1298,16 @@ process_server_config_line(ServerOptions *options, char *line, case sRDomain: intptr = &options->rdomain; - goto parse_int; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing rdomain value.", + filename, linenum); + if ((value = a2rdomain(arg)) == -1) + fatal("%s line %d: invalid rdomain value.", + filename, linenum); + if (*intptr == -1) + *intptr = value; + break; case sDeprecated: logit("%s line %d: Deprecated option %s", diff --git a/ssh-keyscan.c b/ssh-keyscan.c index f30e85045..faeb9e13e 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.79 2009/10/28 16:38:18 reyk Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.80 2009/12/25 19:40:21 stevesk Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -807,9 +807,11 @@ main(int argc, char **argv) IPv4or6 = AF_INET6; break; case 'V': - scan_rdomain = a2port(optarg); - if (scan_rdomain < 0) - scan_rdomain = -1; + scan_rdomain = a2rdomain(optarg); + if (scan_rdomain == -1) { + fprintf(stderr, "Bad rdomain '%s'\n", optarg); + exit(1); + } break; case '?': default: -- cgit v1.2.3 From 1f5e3dc274fe4616435ff451b5216b5bde217c0d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 8 Jan 2010 19:53:52 +1100 Subject: - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Make RoutingDomain an unsupported option on platforms that don't have it. --- ChangeLog | 2 ++ configure.ac | 9 +++++++-- misc.c | 4 ++++ readconf.c | 6 ++++++ servconf.c | 6 ++++++ ssh-keyscan.c | 6 ++++++ 6 files changed, 31 insertions(+), 2 deletions(-) (limited to 'ssh-keyscan.c') diff --git a/ChangeLog b/ChangeLog index d0fde0fb3..440c8318e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -159,6 +159,8 @@ - (dtucker) [Makefile.in] .c files do not belong in the OBJ lines. - (dtucker) [sftp.c] ifdef out the sftp completion bits for platforms that don't have libedit. + - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Make + RoutingDomain an unsupported option on platforms that don't have it. 20091226 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 diff --git a/configure.ac b/configure.ac index 94f049fc6..424114015 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.432 2009/12/08 02:39:48 dtucker Exp $ +# $Id: configure.ac,v 1.433 2010/01/08 08:53:52 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.432 $) +AC_REVISION($Revision: 1.433 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1623,6 +1623,11 @@ if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "x ) fi +AC_CHECK_DECL(SO_RDOMAIN, + AC_DEFINE(USE_ROUTINGDOMAIN, 1, [Enable rdomain/VRF support]), , + [#include + #include ]) + dnl see whether mkstemp() requires XXXXXX if test "x$ac_cv_func_mkdtemp" = "xyes" ; then AC_MSG_CHECKING([for (overly) strict mkstemp]) diff --git a/misc.c b/misc.c index d4bdfc0ea..db57f92b2 100644 --- a/misc.c +++ b/misc.c @@ -155,6 +155,7 @@ set_nodelay(int fd) int socket_rdomain(int domain, int type, int protocol, int rdomain) { +#ifdef USE_ROUTINGDOMAIN int sock, ipproto = IPPROTO_IP; if ((sock = socket(domain, type, protocol)) == -1) @@ -186,6 +187,7 @@ socket_rdomain(int domain, int type, int protocol, int rdomain) } return (sock); +#endif } /* Characters considered whitespace in strsep calls. */ @@ -273,6 +275,7 @@ a2port(const char *s) return (int)port; } +#ifdef USE_ROUTINGDOMAIN int a2rdomain(const char *s) { @@ -284,6 +287,7 @@ a2rdomain(const char *s) return -1; return (int)rdomain; } +#endif int a2tun(const char *s, int *remote) diff --git a/readconf.c b/readconf.c index 40fe8f694..47c77472a 100644 --- a/readconf.c +++ b/readconf.c @@ -229,7 +229,11 @@ static struct { { "permitlocalcommand", oPermitLocalCommand }, { "visualhostkey", oVisualHostKey }, { "useroaming", oUseRoaming }, +#ifdef USE_ROUTINGDOMAIN { "routingdomain", oRDomain }, +#else + { "routingdomain", oUnsupported }, +#endif #ifdef JPAKE { "zeroknowledgepasswordauthentication", oZeroKnowledgePasswordAuthentication }, @@ -920,6 +924,7 @@ parse_int: intptr = &options->use_roaming; goto parse_flag; +#ifdef USE_ROUTINGDOMAIN case oRDomain: arg = strdelim(&s); if (!arg || *arg == '\0') @@ -932,6 +937,7 @@ parse_int: if (*activep) options->rdomain = value; break; +#endif case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", diff --git a/servconf.c b/servconf.c index 2cdc480e6..9ad08ce87 100644 --- a/servconf.c +++ b/servconf.c @@ -424,7 +424,11 @@ static struct { { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, { "forcecommand", sForceCommand, SSHCFG_ALL }, +#ifdef USE_ROUTINGDOMAIN { "routingdomain", sRDomain, SSHCFG_GLOBAL }, +#else + { "routingdomain", sUnsupported, SSHCFG_GLOBAL }, +#endif { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -1296,6 +1300,7 @@ process_server_config_line(ServerOptions *options, char *line, *charptr = xstrdup(arg); break; +#ifdef USE_ROUTINGDOMAIN case sRDomain: intptr = &options->rdomain; arg = strdelim(&cp); @@ -1308,6 +1313,7 @@ process_server_config_line(ServerOptions *options, char *line, if (*intptr == -1) *intptr = value; break; +#endif case sDeprecated: logit("%s line %d: Deprecated option %s", diff --git a/ssh-keyscan.c b/ssh-keyscan.c index faeb9e13e..086c0d345 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -807,11 +807,17 @@ main(int argc, char **argv) IPv4or6 = AF_INET6; break; case 'V': +#ifdef USE_ROUTINGDOMAIN scan_rdomain = a2rdomain(optarg); if (scan_rdomain == -1) { fprintf(stderr, "Bad rdomain '%s'\n", optarg); exit(1); } +#else + fprintf(stderr, "RoutingDomain not supported on this " + "platform.\n"); + exit(1); +#endif break; case '?': default: -- cgit v1.2.3 From 8c65f646a93ed2f61da65ba0ecf65a99bd585b79 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 10 Jan 2010 10:26:57 +1100 Subject: - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Remove hacks add for RoutingDomain in preparation for its removal. --- ChangeLog | 4 ++++ configure.ac | 9 ++------- misc.c | 6 ------ readconf.c | 6 ------ servconf.c | 6 ------ ssh-keyscan.c | 6 ------ 6 files changed, 6 insertions(+), 31 deletions(-) (limited to 'ssh-keyscan.c') diff --git a/ChangeLog b/ChangeLog index 6700f308e..e38cd5108 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20091210 + - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] + Remove hacks add for RoutingDomain in preparation for its removal. + 20091209 - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't have it. diff --git a/configure.ac b/configure.ac index 424114015..e6e6259bd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.433 2010/01/08 08:53:52 dtucker Exp $ +# $Id: configure.ac,v 1.434 2010/01/09 23:26:58 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.433 $) +AC_REVISION($Revision: 1.434 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1623,11 +1623,6 @@ if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "x ) fi -AC_CHECK_DECL(SO_RDOMAIN, - AC_DEFINE(USE_ROUTINGDOMAIN, 1, [Enable rdomain/VRF support]), , - [#include - #include ]) - dnl see whether mkstemp() requires XXXXXX if test "x$ac_cv_func_mkdtemp" = "xyes" ; then AC_MSG_CHECKING([for (overly) strict mkstemp]) diff --git a/misc.c b/misc.c index b260d89fe..550b03cad 100644 --- a/misc.c +++ b/misc.c @@ -164,13 +164,10 @@ socket_rdomain(int domain, int type, int protocol, int rdomain) return (sock); switch (domain) { -#ifdef IPPROTO_IPV6 case AF_INET6: ipproto = IPPROTO_IPV6; /* FALLTHROUGH */ -#endif case AF_INET: -#ifdef USE_ROUTINGDOMAIN debug2("socket %d af %d setting rdomain %d", sock, domain, rdomain); if (setsockopt(sock, ipproto, SO_RDOMAIN, &rdomain, @@ -180,7 +177,6 @@ socket_rdomain(int domain, int type, int protocol, int rdomain) close(sock); return (-1); } -#endif break; default: debug("socket %d af %d does not support rdomain %d", @@ -277,7 +273,6 @@ a2port(const char *s) return (int)port; } -#ifdef USE_ROUTINGDOMAIN int a2rdomain(const char *s) { @@ -289,7 +284,6 @@ a2rdomain(const char *s) return -1; return (int)rdomain; } -#endif int a2tun(const char *s, int *remote) diff --git a/readconf.c b/readconf.c index 47c77472a..40fe8f694 100644 --- a/readconf.c +++ b/readconf.c @@ -229,11 +229,7 @@ static struct { { "permitlocalcommand", oPermitLocalCommand }, { "visualhostkey", oVisualHostKey }, { "useroaming", oUseRoaming }, -#ifdef USE_ROUTINGDOMAIN { "routingdomain", oRDomain }, -#else - { "routingdomain", oUnsupported }, -#endif #ifdef JPAKE { "zeroknowledgepasswordauthentication", oZeroKnowledgePasswordAuthentication }, @@ -924,7 +920,6 @@ parse_int: intptr = &options->use_roaming; goto parse_flag; -#ifdef USE_ROUTINGDOMAIN case oRDomain: arg = strdelim(&s); if (!arg || *arg == '\0') @@ -937,7 +932,6 @@ parse_int: if (*activep) options->rdomain = value; break; -#endif case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", diff --git a/servconf.c b/servconf.c index 9ad08ce87..2cdc480e6 100644 --- a/servconf.c +++ b/servconf.c @@ -424,11 +424,7 @@ static struct { { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, { "forcecommand", sForceCommand, SSHCFG_ALL }, -#ifdef USE_ROUTINGDOMAIN { "routingdomain", sRDomain, SSHCFG_GLOBAL }, -#else - { "routingdomain", sUnsupported, SSHCFG_GLOBAL }, -#endif { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -1300,7 +1296,6 @@ process_server_config_line(ServerOptions *options, char *line, *charptr = xstrdup(arg); break; -#ifdef USE_ROUTINGDOMAIN case sRDomain: intptr = &options->rdomain; arg = strdelim(&cp); @@ -1313,7 +1308,6 @@ process_server_config_line(ServerOptions *options, char *line, if (*intptr == -1) *intptr = value; break; -#endif case sDeprecated: logit("%s line %d: Deprecated option %s", diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 086c0d345..faeb9e13e 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -807,17 +807,11 @@ main(int argc, char **argv) IPv4or6 = AF_INET6; break; case 'V': -#ifdef USE_ROUTINGDOMAIN scan_rdomain = a2rdomain(optarg); if (scan_rdomain == -1) { fprintf(stderr, "Bad rdomain '%s'\n", optarg); exit(1); } -#else - fprintf(stderr, "RoutingDomain not supported on this " - "platform.\n"); - exit(1); -#endif break; case '?': default: -- cgit v1.2.3 From 7bd98e7f74ebd8bd32157b607acedcb68201b7de Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 10 Jan 2010 10:31:12 +1100 Subject: - dtucker@cvs.openbsd.org 2010/01/09 23:04:13 [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c readconf.h scp.1 sftp.1 ssh_config.5 misc.h] Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@ --- ChangeLog | 13 +++++++++++++ channels.c | 26 +++++++------------------- channels.h | 3 +-- misc.c | 51 +-------------------------------------------------- misc.h | 5 +---- readconf.c | 22 +++------------------- readconf.h | 4 +--- scp.1 | 5 ++--- servconf.c | 20 ++------------------ servconf.h | 4 +--- sftp.1 | 5 ++--- ssh-keyscan.1 | 7 ++----- ssh-keyscan.c | 19 ++++--------------- ssh.1 | 5 ++--- ssh.c | 3 +-- ssh_config.5 | 7 ++----- sshconnect.c | 5 ++--- sshd.c | 9 ++++----- sshd_config.5 | 7 ++----- 19 files changed, 53 insertions(+), 167 deletions(-) (limited to 'ssh-keyscan.c') diff --git a/ChangeLog b/ChangeLog index e38cd5108..ca189f943 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,19 @@ 20091210 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Remove hacks add for RoutingDomain in preparation for its removal. + - dtucker@cvs.openbsd.org 2010/01/09 23:04:13 + [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h + ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c + readconf.h scp.1 sftp.1 ssh_config.5 misc.h] + Remove RoutingDomain from ssh since it's now not needed. It can be + replaced with "route exec" or "nc -V" as a proxycommand. "route exec" + also ensures that trafic such as DNS lookups stays withing the specified + routingdomain. For example (from reyk): + # route -T 2 exec /usr/sbin/sshd + or inherited from the parent process + $ route -T 2 exec sh + $ ssh 10.1.2.3 + ok deraadt@ markus@ stevesk@ reyk@ 20091209 - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't diff --git a/channels.c b/channels.c index 949392390..87dbe96d3 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.299 2009/11/11 21:37:03 markus Exp $ */ +/* $OpenBSD: channels.c,v 1.300 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -163,9 +163,6 @@ static u_int x11_fake_data_len; /* AF_UNSPEC or AF_INET or AF_INET6 */ static int IPv4or6 = AF_UNSPEC; -/* Set the routing domain a.k.a. VRF */ -static int channel_rdomain = -1; - /* helper */ static void port_open_helper(Channel *c, char *rtype); @@ -2466,12 +2463,6 @@ channel_set_af(int af) IPv4or6 = af; } -void -channel_set_rdomain(int rdomain) -{ - channel_rdomain = rdomain; -} - static int channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, int *allocated_listen_port, @@ -2580,8 +2571,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, continue; } /* Create a port to listen for the host. */ - sock = socket_rdomain(ai->ai_family, ai->ai_socktype, - ai->ai_protocol, channel_rdomain); + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { /* this is no error since kernel may not support ipv6 */ verbose("socket: %.100s", strerror(errno)); @@ -2922,9 +2912,8 @@ connect_next(struct channel_connect *cctx) error("connect_next: getnameinfo failed"); continue; } - if ((sock = socket_rdomain(cctx->ai->ai_family, - cctx->ai->ai_socktype, cctx->ai->ai_protocol, - channel_rdomain)) == -1) { + if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype, + cctx->ai->ai_protocol)) == -1) { if (cctx->ai->ai_next == NULL) error("socket: %.100s", strerror(errno)); else @@ -3110,8 +3099,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, for (ai = aitop; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue; - sock = socket_rdomain(ai->ai_family, ai->ai_socktype, - ai->ai_protocol, channel_rdomain); + sock = socket(ai->ai_family, ai->ai_socktype, + ai->ai_protocol); if (sock < 0) { if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { error("socket: %.100s", strerror(errno)); @@ -3286,8 +3275,7 @@ x11_connect_display(void) } for (ai = aitop; ai; ai = ai->ai_next) { /* Create a socket. */ - sock = socket_rdomain(ai->ai_family, ai->ai_socktype, - ai->ai_protocol, channel_rdomain); + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { debug2("socket: %.100s", strerror(errno)); continue; diff --git a/channels.h b/channels.h index 4dbeeb6e1..f65a311dc 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.100 2009/11/11 21:37:03 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.101 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -235,7 +235,6 @@ int channel_find_open(void); /* tcp forwarding */ void channel_set_af(int af); -void channel_set_rdomain(int); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); int channel_add_adm_permitted_opens(char *, int); diff --git a/misc.c b/misc.c index 550b03cad..e1f723123 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.74 2009/12/25 19:40:21 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.75 2010/01/09 23:04:13 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -151,43 +151,6 @@ set_nodelay(int fd) error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); } -/* open a socket in the specified routing domain */ -int -socket_rdomain(int domain, int type, int protocol, int rdomain) -{ - int sock, ipproto = IPPROTO_IP; - - if ((sock = socket(domain, type, protocol)) == -1) - return (-1); - - if (rdomain == -1) - return (sock); - - switch (domain) { - case AF_INET6: - ipproto = IPPROTO_IPV6; - /* FALLTHROUGH */ - case AF_INET: - debug2("socket %d af %d setting rdomain %d", - sock, domain, rdomain); - if (setsockopt(sock, ipproto, SO_RDOMAIN, &rdomain, - sizeof(rdomain)) == -1) { - debug("setsockopt SO_RDOMAIN: %.100s", - strerror(errno)); - close(sock); - return (-1); - } - break; - default: - debug("socket %d af %d does not support rdomain %d", - sock, domain, rdomain); - close(sock); - return (-1); - } - - return (sock); -} - /* Characters considered whitespace in strsep calls. */ #define WHITESPACE " \t\r\n" #define QUOTE "\"" @@ -273,18 +236,6 @@ a2port(const char *s) return (int)port; } -int -a2rdomain(const char *s) -{ - long long rdomain; - const char *errstr; - - rdomain = strtonum(s, 0, RT_TABLEID_MAX, &errstr); - if (errstr != NULL) - return -1; - return (int)rdomain; -} - int a2tun(const char *s, int *remote) { diff --git a/misc.h b/misc.h index 1e859e255..32073acd4 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.40 2009/12/25 19:40:21 stevesk Exp $ */ +/* $OpenBSD: misc.h,v 1.41 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -23,7 +23,6 @@ int set_nonblock(int); int unset_nonblock(int); void set_nodelay(int); int a2port(const char *); -int a2rdomain(const char *); int a2tun(const char *, int *); char *put_host_port(const char *, u_short); char *hpdelim(char **); @@ -55,8 +54,6 @@ void freeargs(arglist *); int tun_open(int, int); -int socket_rdomain(int, int, int, int); - /* Common definitions for ssh tunnel device forwarding */ #define SSH_TUNMODE_NO 0x00 #define SSH_TUNMODE_POINTOPOINT 0x01 diff --git a/readconf.c b/readconf.c index 40fe8f694..d424c1697 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.181 2009/12/29 16:38:41 stevesk Exp $ */ +/* $OpenBSD: readconf.c,v 1.182 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -130,8 +130,8 @@ typedef enum { oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, - oVisualHostKey, oUseRoaming, oRDomain, - oZeroKnowledgePasswordAuthentication, oDeprecated, oUnsupported + oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, + oDeprecated, oUnsupported } OpCodes; /* Textual representations of the tokens. */ @@ -229,7 +229,6 @@ static struct { { "permitlocalcommand", oPermitLocalCommand }, { "visualhostkey", oVisualHostKey }, { "useroaming", oUseRoaming }, - { "routingdomain", oRDomain }, #ifdef JPAKE { "zeroknowledgepasswordauthentication", oZeroKnowledgePasswordAuthentication }, @@ -920,19 +919,6 @@ parse_int: intptr = &options->use_roaming; goto parse_flag; - case oRDomain: - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing argument.", - filename, linenum); - value = a2rdomain(arg); - if (value == -1) - fatal("%.200s line %d: Bad rdomain.", - filename, linenum); - if (*activep) - options->rdomain = value; - break; - case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -1083,7 +1069,6 @@ initialize_options(Options * options) options->local_command = NULL; options->permit_local_command = -1; options->use_roaming = -1; - options->rdomain = -1; options->visual_host_key = -1; options->zero_knowledge_password_authentication = -1; } @@ -1232,7 +1217,6 @@ fill_default_options(Options * options) /* options->hostname will be set in the main program if appropriate */ /* options->host_key_alias should not be set by default */ /* options->preferred_authentications will be set in ssh */ - /* options->rdomain should not be set by default */ } /* diff --git a/readconf.h b/readconf.h index 6edc2eeda..f7c0b9c6d 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.80 2009/10/28 16:38:18 reyk Exp $ */ +/* $OpenBSD: readconf.h,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -125,8 +125,6 @@ typedef struct { int use_roaming; - int rdomain; /* routing domain a.k.a. VRF */ - } Options; #define SSHCTL_MASTER_NO 0 diff --git a/scp.1 b/scp.1 index 1d1cad0b0..74ee5db13 100644 --- a/scp.1 +++ b/scp.1 @@ -9,9 +9,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.48 2009/12/29 16:38:41 stevesk Exp $ +.\" $OpenBSD: scp.1,v 1.49 2010/01/09 23:04:13 dtucker Exp $ .\" -.Dd $Mdocdate: December 29 2009 $ +.Dd $Mdocdate: January 9 2010 $ .Dt SCP 1 .Os .Sh NAME @@ -160,7 +160,6 @@ For full details of the options listed below, and their possible values, see .It PubkeyAuthentication .It RekeyLimit .It RhostsRSAAuthentication -.It RoutingDomain .It RSAAuthentication .It SendEnv .It ServerAliveInterval diff --git a/servconf.c b/servconf.c index 2cdc480e6..fc3e479bd 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.199 2009/12/29 16:38:41 stevesk Exp $ */ +/* $OpenBSD: servconf.c,v 1.200 2010/01/09 23:04:13 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -128,7 +128,6 @@ initialize_server_options(ServerOptions *options) options->adm_forced_command = NULL; options->chroot_directory = NULL; options->zero_knowledge_password_authentication = -1; - options->rdomain = -1; } void @@ -305,7 +304,7 @@ typedef enum { sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, sRDomain, + sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, sDeprecated, sUnsupported } ServerOpCodes; @@ -424,7 +423,6 @@ static struct { { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, { "forcecommand", sForceCommand, SSHCFG_ALL }, - { "routingdomain", sRDomain, SSHCFG_GLOBAL }, { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -1296,19 +1294,6 @@ process_server_config_line(ServerOptions *options, char *line, *charptr = xstrdup(arg); break; - case sRDomain: - intptr = &options->rdomain; - arg = strdelim(&cp); - if (!arg || *arg == '\0') - fatal("%s line %d: missing rdomain value.", - filename, linenum); - if ((value = a2rdomain(arg)) == -1) - fatal("%s line %d: invalid rdomain value.", - filename, linenum); - if (*intptr == -1) - *intptr = value; - break; - case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); @@ -1585,7 +1570,6 @@ dump_config(ServerOptions *o) dump_cfg_int(sMaxSessions, o->max_sessions); dump_cfg_int(sClientAliveInterval, o->client_alive_interval); dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); - dump_cfg_int(sRDomain, o->rdomain); /* formatted integer arguments */ dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); diff --git a/servconf.h b/servconf.h index 19c7ae609..25a3f1b21 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.88 2009/10/28 16:38:18 reyk Exp $ */ +/* $OpenBSD: servconf.h,v 1.89 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -150,8 +150,6 @@ typedef struct { int num_permitted_opens; - int rdomain; - char *chroot_directory; } ServerOptions; diff --git a/sftp.1 b/sftp.1 index 81d87680d..3ec7a0234 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.79 2009/12/29 16:38:41 stevesk Exp $ +.\" $OpenBSD: sftp.1,v 1.80 2010/01/09 23:04:13 dtucker Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 29 2009 $ +.Dd $Mdocdate: January 9 2010 $ .Dt SFTP 1 .Os .Sh NAME @@ -209,7 +209,6 @@ For full details of the options listed below, and their possible values, see .It PubkeyAuthentication .It RekeyLimit .It RhostsRSAAuthentication -.It RoutingDomain .It RSAAuthentication .It SendEnv .It ServerAliveInterval diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index c9fb597ed..78255ff79 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.27 2009/10/28 16:38:18 reyk Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.28 2010/01/09 23:04:13 dtucker Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: October 28 2009 $ +.Dd $Mdocdate: January 9 2010 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -20,7 +20,6 @@ .Op Fl p Ar port .Op Fl T Ar timeout .Op Fl t Ar type -.Op Fl V Ar rdomain .Op Ar host | addrlist namelist .Ar ... .Ek @@ -96,8 +95,6 @@ for protocol version 2. Multiple values may be specified by separating them with commas. The default is .Dq rsa . -.It Fl V Ar rdomain -Set the routing domain. .It Fl v Verbose mode. Causes diff --git a/ssh-keyscan.c b/ssh-keyscan.c index faeb9e13e..7afe446ae 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.80 2009/12/25 19:40:21 stevesk Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -68,9 +68,6 @@ int timeout = 5; int maxfd; #define MAXCON (maxfd - 10) -/* The default routing domain */ -int scan_rdomain = -1; - extern char *__progname; fd_set *read_wait; size_t read_wait_nfdset; @@ -415,8 +412,7 @@ tcpconnect(char *host) if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr)); for (ai = aitop; ai; ai = ai->ai_next) { - s = socket_rdomain(ai->ai_family, ai->ai_socktype, - ai->ai_protocol, scan_rdomain); + s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (s < 0) { error("socket: %s", strerror(errno)); continue; @@ -719,7 +715,7 @@ usage(void) { fprintf(stderr, "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" - "\t\t [-V rdomain] [host | addrlist namelist] ...\n", + "\t\t [host | addrlist namelist] ...\n", __progname); exit(1); } @@ -745,7 +741,7 @@ main(int argc, char **argv) if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "Hv46p:T:t:f:V:")) != -1) { + while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { switch (opt) { case 'H': hash_hosts = 1; @@ -806,13 +802,6 @@ main(int argc, char **argv) case '6': IPv4or6 = AF_INET6; break; - case 'V': - scan_rdomain = a2rdomain(optarg); - if (scan_rdomain == -1) { - fprintf(stderr, "Bad rdomain '%s'\n", optarg); - exit(1); - } - break; case '?': default: usage(); diff --git a/ssh.1 b/ssh.1 index 2f6ef5fff..8b228fcdf 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.288 2009/12/29 16:38:41 stevesk Exp $ -.Dd $Mdocdate: December 29 2009 $ +.\" $OpenBSD: ssh.1,v 1.289 2010/01/09 23:04:13 dtucker Exp $ +.Dd $Mdocdate: January 9 2010 $ .Dt SSH 1 .Os .Sh NAME @@ -478,7 +478,6 @@ For full details of the options listed below, and their possible values, see .It RekeyLimit .It RemoteForward .It RhostsRSAAuthentication -.It RoutingDomain .It RSAAuthentication .It SendEnv .It ServerAliveInterval diff --git a/ssh.c b/ssh.c index 6abf31b52..ee30e2b27 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.329 2009/12/20 07:28:36 guenther Exp $ */ +/* $OpenBSD: ssh.c,v 1.330 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -630,7 +630,6 @@ main(int ac, char **av) fill_default_options(&options); channel_set_af(options.address_family); - channel_set_rdomain(options.rdomain); /* reinit */ log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog); diff --git a/ssh_config.5 b/ssh_config.5 index 3ffc469c2..01f5f4304 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.125 2009/12/29 18:03:32 jmc Exp $ -.Dd $Mdocdate: December 29 2009 $ +.\" $OpenBSD: ssh_config.5,v 1.126 2010/01/09 23:04:13 dtucker Exp $ +.Dd $Mdocdate: January 9 2010 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -857,9 +857,6 @@ The default is This option applies to protocol version 1 only and requires .Xr ssh 1 to be setuid root. -.It Cm RoutingDomain -Set the routing domain number. -The default routing domain is set by the system. .It Cm RSAAuthentication Specifies whether to try RSA authentication. The argument to this keyword must be diff --git a/sshconnect.c b/sshconnect.c index 3c8308ffb..5cfc3c16a 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.217 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -191,8 +191,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai) debug("Allocated local port %d.", p); return sock; } - sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol, - options.rdomain); + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { error("socket: %.100s", strerror(errno)); return -1; diff --git a/sshd.c b/sshd.c index bdaf1574a..4e34f2439 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.369 2010/01/09 11:17:56 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.370 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -961,8 +961,8 @@ server_listen(void) continue; } /* Create socket for listening. */ - listen_sock = socket_rdomain(ai->ai_family, ai->ai_socktype, - ai->ai_protocol, options.rdomain); + listen_sock = socket(ai->ai_family, ai->ai_socktype, + ai->ai_protocol); if (listen_sock < 0) { /* kernel may not support ipv6 */ verbose("socket: %.100s", strerror(errno)); @@ -1470,9 +1470,8 @@ main(int ac, char **av) if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; - /* set default channel AF and routing domain */ + /* set default channel AF */ channel_set_af(options.address_family); - channel_set_rdomain(options.rdomain); /* Check that there are no remaining arguments. */ if (optind < ac) { diff --git a/sshd_config.5 b/sshd_config.5 index a3326447f..bf3319c4d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.115 2009/12/29 18:03:32 jmc Exp $ -.Dd $Mdocdate: December 29 2009 $ +.\" $OpenBSD: sshd_config.5,v 1.116 2010/01/09 23:04:13 dtucker Exp $ +.Dd $Mdocdate: January 9 2010 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -812,9 +812,6 @@ with successful RSA host authentication is allowed. The default is .Dq no . This option applies to protocol version 1 only. -.It Cm RoutingDomain -Set the routing domain number. -The default routing domain is set by the system. .It Cm RSAAuthentication Specifies whether pure RSA authentication is allowed. The default is -- cgit v1.2.3