From 9f67a21de62ca0b0e2db022abaeaf3f2faed5f0c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:05:35 +1100 Subject: - msf@cvs.openbsd.org 2006/02/06 15:54:07 [ssh.1] - typo fix ok jmc@ --- ssh.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ssh.1') diff --git a/ssh.1 b/ssh.1 index f4c677628..895008139 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.253 2006/01/30 13:37:49 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.254 2006/02/06 15:54:07 msf Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1087,7 +1087,7 @@ is set to .Dq forced-commands-only : .Bd -literal -offset 2n tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane -tunnel="2",command="sh /etc/netstart tun1" ssh-rsa ... john +tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john .Ed .Pp Since a SSH-based setup entails a fair amount of overhead, -- cgit v1.2.3 From e93eaaa0d1e8e6447eeb6f698f7da50ede0cb926 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:05:59 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/06 21:44:47 [ssh.1] make this a little less ambiguous... --- ChangeLog | 5 ++++- ssh.1 | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index ab4173e56..1a7e9b020 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ [ssh.1] - typo fix ok jmc@ + - jmc@cvs.openbsd.org 2006/02/06 21:44:47 + [ssh.1] + make this a little less ambiguous... 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3905,4 +3908,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4140 2006/03/15 00:05:35 djm Exp $ +$Id: ChangeLog,v 1.4141 2006/03/15 00:05:59 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 895008139..ba02e6c90 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.254 2006/02/06 15:54:07 msf Exp $ +.\" $OpenBSD: ssh.1,v 1.255 2006/02/06 21:44:47 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1075,11 +1075,11 @@ Client access may be more finely tuned via the file (see below) and the .Cm PermitRootLogin server option. -The following entry would permit connections on the first +The following entry would permit connections on .Xr tun 4 -device from user +device 1 from user .Dq jane -and on the second device from user +and on tun device 2 from user .Dq john , if .Cm PermitRootLogin -- cgit v1.2.3 From 39a93a3305079d6bfab7f749e92d7931491ddf94 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:34:45 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/15 16:53:20 [ssh.1] remove the IETF draft references and replace them with some updated RFCs; --- ChangeLog | 5 ++++- ssh.1 | 59 +++++++++++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 53 insertions(+), 11 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index 4d4b64739..333a64c7d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -110,6 +110,9 @@ - david@cvs.openbsd.org 2006/02/15 05:08:24 [sftp-client.c] typo in comment; ok djm@ + - jmc@cvs.openbsd.org 2006/02/15 16:53:20 + [ssh.1] + remove the IETF draft references and replace them with some updated RFCs; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4011,4 +4014,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4170 2006/03/15 00:34:25 djm Exp $ +$Id: ChangeLog,v 1.4171 2006/03/15 00:34:45 djm Exp $ diff --git a/ssh.1 b/ssh.1 index ba02e6c90..b9bbe0bd6 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.255 2006/02/06 21:44:47 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.256 2006/02/15 16:53:20 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1339,15 +1339,54 @@ manual page for more information. .Xr ssh-keysign 8 , .Xr sshd 8 .Rs -.%A T. Ylonen -.%A T. Kivinen -.%A M. Saarinen -.%A T. Rinne -.%A S. Lehtinen -.%T "SSH Protocol Architecture" -.%N draft-ietf-secsh-architecture-12.txt -.%D January 2002 -.%O work in progress material +.%R RFC 4250 +.%T "The Secure Shell (SSH) Protocol Assigned Numbers" +.%D 2006 +.Re +.Rs +.%R RFC 4251 +.%T "The Secure Shell (SSH) Protocol Architecture" +.%D 2006 +.Re +.Rs +.%R RFC 4252 +.%T "The Secure Shell (SSH) Authentication Protocol" +.%D 2006 +.Re +.Rs +.%R RFC 4253 +.%T "The Secure Shell (SSH) Transport Layer Protocol" +.%D 2006 +.Re +.Rs +.%R RFC 4254 +.%T "The Secure Shell (SSH) Connection Protocol" +.%D 2006 +.Re +.Rs +.%R RFC 4255 +.%T "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints" +.%D 2006 +.Re +.Rs +.%R RFC 4256 +.%T "Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)" +.%D 2006 +.Re +.Rs +.%R RFC 4335 +.%T "The Secure Shell (SSH) Session Channel Break Extension" +.%D 2006 +.Re +.Rs +.%R RFC 4344 +.%T "The Secure Shell (SSH) Transport Layer Encryption Modes" +.%D 2006 +.Re +.Rs +.%R RFC 4345 +.%T "Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol" +.%D 2006 .Re .Sh AUTHORS OpenSSH is a derivative of the original and free -- cgit v1.2.3 From 208f1ed6f180cc0cfd3ab59d0b1c33796cc4c641 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:56:03 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/24 20:31:31 [ssh.1 ssh_config.5 sshd.8 sshd_config.5] more consistency fixes; --- ChangeLog | 5 ++++- ssh.1 | 6 +++--- ssh_config.5 | 6 +++--- sshd.8 | 8 ++++---- sshd_config.5 | 8 ++++---- 5 files changed, 18 insertions(+), 15 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index 730634ce7..b24ca1887 100644 --- a/ChangeLog +++ b/ChangeLog @@ -166,6 +166,9 @@ - jmc@cvs.openbsd.org 2006/02/24 20:22:16 [ssh-keysign.8 ssh_config.5 sshd_config.5] some consistency fixes; + - jmc@cvs.openbsd.org 2006/02/24 20:31:31 + [ssh.1 ssh_config.5 sshd.8 sshd_config.5] + more consistency fixes; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4067,4 +4070,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4186 2006/03/15 00:55:31 djm Exp $ +$Id: ChangeLog,v 1.4187 2006/03/15 00:56:03 djm Exp $ diff --git a/ssh.1 b/ssh.1 index b9bbe0bd6..e66ad9e88 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.256 2006/02/15 16:53:20 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.257 2006/02/24 20:31:30 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -569,7 +569,7 @@ Disable pseudo-tty allocation. Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, -e.g., when implementing menu services. +e.g. when implementing menu services. Multiple .Fl t options force tty allocation, even if @@ -1178,7 +1178,7 @@ If the current session has no tty, this variable is not set. .It Ev TZ This variable is set to indicate the present time zone if it -was set when the daemon was started (i.e., the daemon passes the value +was set when the daemon was started (i.e. the daemon passes the value on to new connections). .It Ev USER Set to the name of the user logging in. diff --git a/ssh_config.5 b/ssh_config.5 index 5905d4c90..66c9ed3f5 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.82 2006/02/24 20:22:16 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.83 2006/02/24 20:31:31 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -138,12 +138,12 @@ Restricts the following declarations (up to the next keyword) to be only for those hosts that match one of the patterns given after the keyword. A single -.Ql \&* +.Ql * as a pattern can be used to provide global defaults for all hosts. The host is the .Ar hostname -argument given on the command line (i.e., the name is not converted to +argument given on the command line (i.e. the name is not converted to a canonicalized host name before matching). .Pp See diff --git a/sshd.8 b/sshd.8 index d09dc4e99..0bfd68505 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.229 2006/02/24 10:39:52 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.230 2006/02/24 20:31:31 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -81,7 +81,7 @@ configuration file. .Nm rereads its configuration file when it receives a hangup signal, .Dv SIGHUP , -by executing itself with the name and options it was started with, e.g., +by executing itself with the name and options it was started with, e.g.\& .Pa /usr/sbin/sshd . .Pp The options are as follows: @@ -154,7 +154,7 @@ is normally not run from inetd because it needs to generate the server key before it can respond to the client, and this may take tens of seconds. Clients would have to wait too long if the key was regenerated every time. -However, with small key sizes (e.g., 512) using +However, with small key sizes (e.g. 512) using .Nm from inetd may be feasible. @@ -519,7 +519,7 @@ authentication. .It Cm no-port-forwarding Forbids TCP forwarding when this key is used for authentication. Any port forward requests by the client will return an error. -This might be used, e.g., in connection with the +This might be used, e.g. in connection with the .Cm command option. .It Cm no-pty diff --git a/sshd_config.5 b/sshd_config.5 index caeddf603..642e1fa29 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.50 2006/02/24 20:22:16 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.51 2006/02/24 20:31:31 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -72,7 +72,7 @@ in for how to configure the client. Note that environment passing is only supported for protocol 2. Variables are specified by name, which may contain the wildcard characters -.Ql \&* +.Ql * and .Ql \&? . Multiple environment variables may be separated by whitespace or spread @@ -456,7 +456,7 @@ The default is 10. Alternatively, random early drop can be enabled by specifying the three colon separated values .Dq start:rate:full -(e.g., "10:30:60"). +(e.g. "10:30:60"). .Nm sshd will refuse connection attempts with a probability of .Dq rate/100 @@ -612,7 +612,7 @@ directory or files world-writable. The default is .Dq yes . .It Cm Subsystem -Configures an external subsystem (e.g., file transfer daemon). +Configures an external subsystem (e.g. file transfer daemon). Arguments should be a subsystem name and a command to execute upon subsystem request. The command -- cgit v1.2.3 From 3e96d742743b150025588b7200c7998d7e4ec2c6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 25 Mar 2006 23:39:29 +1100 Subject: - djm@cvs.openbsd.org 2006/03/16 04:24:42 [ssh.1] Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs that OpenSSH supports --- ChangeLog | 9 ++++++++- ssh.1 | 7 ++++++- 2 files changed, 14 insertions(+), 2 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index 342844d33..2281accdc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060325 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2006/03/16 04:24:42 + [ssh.1] + Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs + that OpenSSH supports + 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via elad AT NetBSD.org @@ -4189,4 +4196,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4230 2006/03/18 13:07:07 dtucker Exp $ +$Id: ChangeLog,v 1.4231 2006/03/25 12:39:29 djm Exp $ diff --git a/ssh.1 b/ssh.1 index e66ad9e88..139b00154 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.257 2006/02/24 20:31:30 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.258 2006/03/16 04:24:42 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1388,6 +1388,11 @@ manual page for more information. .%T "Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol" .%D 2006 .Re +.Rs +.%R RFC 4419 +.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" +.%D 2006 +.Re .Sh AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. -- cgit v1.2.3 From a1b3d636abea0e2e75d797af22e93f01c424d80a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 00:07:02 +1100 Subject: - jakob@cvs.openbsd.org 2006/03/22 21:16:24 [ssh.1] simplify SSHFP example; ok jmc@ --- ChangeLog | 5 ++++- ssh.1 | 5 ++--- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index f7dceae92..b3298fe0a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -53,6 +53,9 @@ - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 [dns.c] cast xstrdup to propert u_char * + - jakob@cvs.openbsd.org 2006/03/22 21:16:24 + [ssh.1] + simplify SSHFP example; ok jmc@ 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via @@ -4245,4 +4248,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4239 2006/03/25 13:06:48 djm Exp $ +$Id: ChangeLog,v 1.4240 2006/03/25 13:07:02 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 139b00154..dab09c84e 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.258 2006/03/16 04:24:42 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.259 2006/03/22 21:16:24 jakob Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1025,8 +1025,7 @@ In this example, we are connecting a client to a server, The SSHFP resource records should first be added to the zonefile for host.example.com: .Bd -literal -offset indent -$ ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r host.example.com. -$ ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r host.example.com. +$ ssh-keygen -r host.example.com. .Ed .Pp The output lines will have to be added to the zonefile. -- cgit v1.2.3 From fbc94c857a263bbee6580b6229502dcea0250c14 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:03:16 +1000 Subject: - jmc@cvs.openbsd.org 2006/05/29 16:13:23 [ssh.1] add GSSAPI to the list of authentication methods supported; --- ChangeLog | 9 ++++++++- ssh.1 | 3 ++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index d130a420f..8124065c3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,13 @@ - jmc@cvs.openbsd.org 2006/05/29 16:10:03 [ssh_config.5] oops - previous was too long; split the list of auths up + - mk@cvs.openbsd.org 2006/05/30 11:46:38 + [ssh-add.c] + Sync usage() with man page and reality. + ok deraadt dtucker + - jmc@cvs.openbsd.org 2006/05/29 16:13:23 + [ssh.1] + add GSSAPI to the list of authentication methods supported; 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4656,4 +4663,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4337 2006/06/13 03:01:41 djm Exp $ +$Id: ChangeLog,v 1.4338 2006/06/13 03:03:16 djm Exp $ diff --git a/ssh.1 b/ssh.1 index dab09c84e..874a5d2fe 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.259 2006/03/22 21:16:24 jakob Exp $ +.\" $OpenBSD: ssh.1,v 1.260 2006/05/29 16:13:23 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -666,6 +666,7 @@ Protocol 1 lacks a strong mechanism for ensuring the integrity of the connection. .Pp The methods available for authentication are: +GSSAPI-based authentication, host-based authentication, public key authentication, challenge-response authentication, -- cgit v1.2.3 From 991dba43e17f7e4c8706158ecee32f2bfd18cac4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:16:27 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/02 17:12:58 [ssh.1 ssh.c ssh_config.5 sshd_config.5] more details and clarity for tun(4) device forwarding; ok and help jmc@ --- ChangeLog | 6 +++++- ssh.1 | 38 +++++++++++++++++++++++++------------- ssh.c | 4 ++-- ssh_config.5 | 38 +++++++++++++++++++++++++++++--------- sshd_config.5 | 15 +++++++++++---- 5 files changed, 72 insertions(+), 29 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index 4a3ee6670..f31d44bcd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,10 @@ [clientloop.c] mention optional bind_address in runtime port forwarding setup command-line help. patch from santhi.amirta AT gmail.com + - stevesk@cvs.openbsd.org 2006/07/02 17:12:58 + [ssh.1 ssh.c ssh_config.5 sshd_config.5] + more details and clarity for tun(4) device forwarding; ok and help + jmc@ 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4741,4 +4745,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4361 2006/07/10 10:16:12 djm Exp $ +$Id: ChangeLog,v 1.4362 2006/07/10 10:16:27 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 874a5d2fe..4067a9362 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.260 2006/05/29 16:13:23 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.261 2006/07/02 17:12:58 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -78,7 +78,8 @@ .Oc .Op Fl S Ar ctl_path .Bk -words -.Op Fl w Ar tunnel : Ns Ar tunnel +.Oo Fl w Ar local_tun Ns +.Op : Ns Ar remote_tun Oc .Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command .Ek @@ -588,24 +589,35 @@ Multiple .Fl v options increase the verbosity. The maximum is 3. -.It Fl w Ar tunnel : Ns Ar tunnel -Requests a +.It Fl w Xo +.Ar local_tun Ns Op : Ns Ar remote_tun +.Xc +Requests +tunnel +device forwarding with the specified .Xr tun 4 -device on the client -(first -.Ar tunnel -arg) -and server -(second -.Ar tunnel -arg). +devices between the client +.Pq Ar local_tun +and the server +.Pq Ar remote_tun . +.Pp The devices may be specified by numerical ID or the keyword .Dq any , which uses the next available tunnel device. +If +.Ar remote_tun +is not specified, it defaults to +.Dq any . See also the .Cm Tunnel -directive in +and +.Cm TunnelDevice +directives in .Xr ssh_config 5 . +If the +.Cm Tunnel +directive is unset, it is set to the default tunnel mode, which is +.Dq point-to-point . .It Fl X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. diff --git a/ssh.c b/ssh.c index 01303dc97..9d50e42fd 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.276 2006/04/25 08:02:27 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.277 2006/07/02 17:12:58 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -176,7 +176,7 @@ usage(void) " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" -" [-w tunnel:tunnel] [user@]hostname [command]\n" +" [-w local_tun[:remote_tun]] [user@]hostname [command]\n" ); exit(255); } diff --git a/ssh_config.5 b/ssh_config.5 index 0d40fd63e..68ec311b2 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.94 2006/05/29 16:10:03 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.95 2006/07/02 17:12:58 stevesk Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -931,24 +931,44 @@ This is important in scripts, and many users want it too. To disable TCP keepalive messages, the value should be set to .Dq no . .It Cm Tunnel -Request starting +Request .Xr tun 4 device forwarding between the client and the server. -This option also allows requesting layer 2 (ethernet) -instead of layer 3 (point-to-point) tunneling from the server. The argument must be .Dq yes , -.Dq point-to-point , -.Dq ethernet , +.Dq point-to-point +(layer 3), +.Dq ethernet +(layer 2), or .Dq no . +Specifying +.Dq yes +requests the default tunnel mode, which is +.Dq point-to-point . The default is .Dq no . .It Cm TunnelDevice -Force a specified +Specifies the .Xr tun 4 -device on the client. -Without this option, the next available device will be used. +devices to open on the client +.Pq Ar local_tun +and the server +.Pq Ar remote_tun . +.Pp +The argument must be +.Sm off +.Ar local_tun Op : Ar remote_tun . +.Sm on +The devices may be specified by numerical ID or the keyword +.Dq any , +which uses the next available tunnel device. +If +.Ar remote_tun +is not specified, it defaults to +.Dq any . +The default is +.Dq any:any . .It Cm UsePrivilegedPort Specifies whether to use a privileged port for outgoing connections. The argument must be diff --git a/sshd_config.5 b/sshd_config.5 index aad28f4c8..836add94f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.57 2006/03/14 16:32:48 markus Exp $ +.\" $OpenBSD: sshd_config.5,v 1.58 2006/07/02 17:12:58 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -537,10 +537,17 @@ Specifies whether device forwarding is allowed. The argument must be .Dq yes , -.Dq point-to-point , -.Dq ethernet , -or +.Dq point-to-point +(layer 3), +.Dq ethernet +(layer 2), or .Dq no . +Specifying +.Dq yes +permits both +.Dq point-to-point +and +.Dq ethernet . The default is .Dq no . .It Cm PermitUserEnvironment -- cgit v1.2.3 From 57e8ad3f5e54101db9a0f11b19da56041cc22603 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:20:52 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/02 23:01:55 [clientloop.c ssh.1] use -KR[bind_address:]port here; ok djm@ --- ChangeLog | 5 ++++- clientloop.c | 4 ++-- ssh.1 | 6 ++++-- 3 files changed, 10 insertions(+), 5 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index e2c585fc7..14509b2ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c] move #include out of includes.h (portable needed uidswap.c too) + - stevesk@cvs.openbsd.org 2006/07/02 23:01:55 + [clientloop.c ssh.1] + use -KR[bind_address:]port here; ok djm@ 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4753,4 +4756,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4364 2006/07/10 10:20:33 djm Exp $ +$Id: ChangeLog,v 1.4365 2006/07/10 10:20:52 djm Exp $ diff --git a/clientloop.c b/clientloop.c index b99ba03c0..fb66a6e40 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.164 2006/06/26 10:36:15 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.165 2006/07/02 23:01:55 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -929,7 +929,7 @@ process_cmdline(void) "Request local forward"); logit(" -R[bind_address:]port:host:hostport " "Request remote forward"); - logit(" -KR[bind_address:]hostport " + logit(" -KR[bind_address:]port " "Cancel remote forward"); if (!options.permit_local_command) goto out; diff --git a/ssh.1 b/ssh.1 index 4067a9362..f44b6f29a 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.261 2006/07/02 17:12:58 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.262 2006/07/02 23:01:55 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -885,7 +885,9 @@ and options (see above). It also allows the cancellation of existing remote port-forwardings using -.Fl KR Ar hostport . +.Sm off +.Fl KR Oo Ar bind_address : Oc Ar port . +.Sm on .Ic !\& Ns Ar command allows the user to execute a local command if the .Ic PermitLocalCommand -- cgit v1.2.3 From e7d4b19f755c0d33122ef373e54b69e6b93cb0b4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:17:10 +1000 Subject: - markus@cvs.openbsd.org 2006/07/11 18:50:48 [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c channels.h readconf.c] add ExitOnForwardFailure: terminate the connection if ssh(1) cannot set up all requested dynamic, local, and remote port forwardings. ok djm, dtucker, stevesk, jmc --- ChangeLog | 8 +++++++- channels.c | 17 ++++++++++------- channels.h | 6 +++--- clientloop.c | 9 ++++++--- readconf.c | 11 ++++++++++- readconf.h | 3 ++- session.c | 8 ++++++-- ssh.1 | 3 ++- ssh.c | 27 +++++++++++++++++++++------ ssh_config.5 | 13 ++++++++++++- 10 files changed, 79 insertions(+), 26 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index b5c849806..74bfb0d3b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,12 @@ Only copy the part of environment variable that we actually use. Prevents ssh bailing when SendEnv is used and an environment variable with a really long value exists. ok djm@ + - markus@cvs.openbsd.org 2006/07/11 18:50:48 + [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c + channels.h readconf.c] + add ExitOnForwardFailure: terminate the connection if ssh(1) + cannot set up all requested dynamic, local, and remote port + forwardings. ok djm, dtucker, stevesk, jmc 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4872,4 +4878,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4395 2006/07/12 12:16:23 dtucker Exp $ +$Id: ChangeLog,v 1.4396 2006/07/12 12:17:10 dtucker Exp $ diff --git a/channels.c b/channels.c index cd68efded..51718578b 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.252 2006/07/10 12:08:08 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.253 2006/07/11 18:50:47 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2481,7 +2481,7 @@ channel_setup_remote_fwd_listener(const char *listen_address, * the secure channel to host:port from local side. */ -void +int channel_request_remote_forwarding(const char *listen_host, u_short listen_port, const char *host_to_connect, u_short port_to_connect) { @@ -2525,7 +2525,6 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, success = 1; break; case SSH_SMSG_FAILURE: - logit("Warning: Server denied remote port forwarding."); break; default: /* Unknown packet */ @@ -2539,6 +2538,7 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, permitted_opens[num_permitted_opens].listen_port = listen_port; num_permitted_opens++; } + return (success ? 0 : -1); } /* @@ -2578,12 +2578,13 @@ channel_request_rforward_cancel(const char *host, u_short port) /* * This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates * listening for the port, and sends back a success reply (or disconnect - * message if there was an error). This never returns if there was an error. + * message if there was an error). */ -void +int channel_input_port_forward_request(int is_root, int gateway_ports) { u_short port, host_port; + int success = 0; char *hostname; /* Get arguments from the packet. */ @@ -2605,11 +2606,13 @@ channel_input_port_forward_request(int is_root, int gateway_ports) #endif /* Initiate forwarding */ - channel_setup_local_fwd_listener(NULL, port, hostname, + success = channel_setup_local_fwd_listener(NULL, port, hostname, host_port, gateway_ports); /* Free the argument string. */ xfree(hostname); + + return (success ? 0 : -1); } /* @@ -2628,7 +2631,7 @@ void channel_add_permitted_opens(char *host, int port) { if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("channel_request_remote_forwarding: too many forwards"); + fatal("channel_add_permitted_opens: too many forwards"); debug("allow port forwarding to host %s port %d", host, port); permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host); diff --git a/channels.h b/channels.h index ee1d260fd..d21319a2b 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.84 2006/03/25 22:22:42 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.85 2006/07/11 18:50:47 markus Exp $ */ /* * Author: Tatu Ylonen @@ -208,10 +208,10 @@ void channel_set_af(int af); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); void channel_clear_permitted_opens(void); -void channel_input_port_forward_request(int, int); +int channel_input_port_forward_request(int, int); int channel_connect_to(const char *, u_short); int channel_connect_by_listen_address(u_short); -void channel_request_remote_forwarding(const char *, u_short, +int channel_request_remote_forwarding(const char *, u_short, const char *, u_short); int channel_setup_local_fwd_listener(const char *, u_short, const char *, u_short, int); diff --git a/clientloop.c b/clientloop.c index c59d573c5..6cb2a7ac7 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.166 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.167 2006/07/11 18:50:47 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -996,9 +996,12 @@ process_cmdline(void) goto out; } } else { - channel_request_remote_forwarding(fwd.listen_host, + if (channel_request_remote_forwarding(fwd.listen_host, fwd.listen_port, fwd.connect_host, - fwd.connect_port); + fwd.connect_port) < 0) { + logit("Port forwarding failed."); + goto out; + } } logit("Forwarding port."); diff --git a/readconf.c b/readconf.c index df5e566a5..d25f93012 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.152 2006/07/05 02:42:09 stevesk Exp $ */ +/* $OpenBSD: readconf.c,v 1.153 2006/07/11 18:50:48 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -102,6 +102,7 @@ typedef enum { oBadOption, oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, + oExitOnForwardFailure, oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, @@ -132,6 +133,7 @@ static struct { { "forwardagent", oForwardAgent }, { "forwardx11", oForwardX11 }, { "forwardx11trusted", oForwardX11Trusted }, + { "exitonforwardfailure", oExitOnForwardFailure }, { "xauthlocation", oXAuthLocation }, { "gatewayports", oGatewayPorts }, { "useprivilegedport", oUsePrivilegedPort }, @@ -386,6 +388,10 @@ parse_flag: intptr = &options->gateway_ports; goto parse_flag; + case oExitOnForwardFailure: + intptr = &options->exit_on_forward_failure; + goto parse_flag; + case oUsePrivilegedPort: intptr = &options->use_privileged_port; goto parse_flag; @@ -987,6 +993,7 @@ initialize_options(Options * options) options->forward_agent = -1; options->forward_x11 = -1; options->forward_x11_trusted = -1; + options->exit_on_forward_failure = -1; options->xauth_location = NULL; options->gateway_ports = -1; options->use_privileged_port = -1; @@ -1067,6 +1074,8 @@ fill_default_options(Options * options) options->forward_x11 = 0; if (options->forward_x11_trusted == -1) options->forward_x11_trusted = 0; + if (options->exit_on_forward_failure == -1) + options->exit_on_forward_failure = 0; if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; if (options->gateway_ports == -1) diff --git a/readconf.h b/readconf.h index 7fc2ea47c..e99b1ff25 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.69 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.70 2006/07/11 18:50:48 markus Exp $ */ /* * Author: Tatu Ylonen @@ -34,6 +34,7 @@ typedef struct { int forward_agent; /* Forward authentication agent. */ int forward_x11; /* Forward X11 display. */ int forward_x11_trusted; /* Trust Forward X11 display. */ + int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */ char *xauth_location; /* Location for xauth program */ int gateway_ports; /* Allow remote connects to forwarded ports. */ int use_privileged_port; /* Don't use privileged port if false. */ diff --git a/session.c b/session.c index 0a321be30..33be91545 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.207 2006/07/08 21:48:53 stevesk Exp $ */ +/* $OpenBSD: session.c,v 1.208 2006/07/11 18:50:48 markus Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -338,7 +338,11 @@ do_authenticated1(Authctxt *authctxt) break; } debug("Received TCP/IP port forwarding request."); - channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports); + if (channel_input_port_forward_request(s->pw->pw_uid == 0, + options.gateway_ports) < 0) { + debug("Port forwarding failed."); + break; + } success = 1; break; diff --git a/ssh.1 b/ssh.1 index f44b6f29a..6e41bcd8b 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.262 2006/07/02 23:01:55 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.263 2006/07/11 18:50:48 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -449,6 +449,7 @@ For full details of the options listed below, and their possible values, see .It ControlPath .It DynamicForward .It EscapeChar +.It ExitOnForwardFailure .It ForwardAgent .It ForwardX11 .It ForwardX11Trusted diff --git a/ssh.c b/ssh.c index bd92206d4..2e0ef2f9f 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.282 2006/07/11 10:12:07 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.283 2006/07/11 18:50:48 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -817,6 +817,8 @@ ssh_init_forwarding(void) options.local_forwards[i].connect_port, options.gateway_ports); } + if (i > 0 && success != i && options.exit_on_forward_failure) + fatal("Could not request local forwarding."); if (i > 0 && success == 0) error("Could not request local forwarding."); @@ -829,11 +831,17 @@ ssh_init_forwarding(void) options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, options.remote_forwards[i].connect_port); - channel_request_remote_forwarding( + if (channel_request_remote_forwarding( options.remote_forwards[i].listen_host, options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, - options.remote_forwards[i].connect_port); + options.remote_forwards[i].connect_port) < 0) { + if (options.exit_on_forward_failure) + fatal("Could not request remote forwarding."); + else + logit("Warning: Could not request remote " + "forwarding."); + } } } @@ -1015,9 +1023,16 @@ client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt) options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, options.remote_forwards[i].connect_port); - if (type == SSH2_MSG_REQUEST_FAILURE) - logit("Warning: remote port forwarding failed for listen " - "port %d", options.remote_forwards[i].listen_port); + if (type == SSH2_MSG_REQUEST_FAILURE) { + if (options.exit_on_forward_failure) + fatal("Error: remote port forwarding failed for " + "listen port %d", + options.remote_forwards[i].listen_port); + else + logit("Warning: remote port forwarding failed for " + "listen port %d", + options.remote_forwards[i].listen_port); + } } static void diff --git a/ssh_config.5 b/ssh_config.5 index 68ec311b2..55ca55303 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.95 2006/07/02 17:12:58 stevesk Exp $ +.\" $OpenBSD: ssh_config.5,v 1.96 2006/07/11 18:50:48 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -385,6 +385,17 @@ followed by a letter, or to disable the escape character entirely (making the connection transparent for binary data). +.It Cm ExitOnForwardFailure +Specifies whether +.Xr ssh 1 +should terminate the connection if it cannot set up all requested +dynamic, local, and remote port forwardings. +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . .It Cm ForwardAgent Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. -- cgit v1.2.3 From ffe88e15afeb403e775d87cd45ae4bd5f1203172 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 18 Oct 2006 07:53:06 +1000 Subject: - ray@cvs.openbsd.org 2006/09/25 04:55:38 [ssh-keyscan.1 ssh.1] Change "a SSH" to "an SSH". Hurray, I'm not the only one who pronounces "SSH" as "ess-ess-aich". OK jmc@ and stevesk@. --- ChangeLog | 10 +++++++++- ssh-keyscan.1 | 4 ++-- ssh.1 | 4 ++-- 3 files changed, 13 insertions(+), 5 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index fc86a6f94..d73ae5114 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20061018 + - (dtucker) OpenBSD CVS Sync + - ray@cvs.openbsd.org 2006/09/25 04:55:38 + [ssh-keyscan.1 ssh.1] + Change "a SSH" to "an SSH". Hurray, I'm not the only one who + pronounces "SSH" as "ess-ess-aich". + OK jmc@ and stevesk@. + 20061016 - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de. @@ -2528,4 +2536,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4570 2006/10/16 09:49:12 dtucker Exp $ +$Id: ChangeLog,v 1.4571 2006/10/17 21:53:06 dtucker Exp $ diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 80fc8cd96..a3656fc77 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.21 2005/09/30 20:34:26 jaredy Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.22 2006/09/25 04:55:38 ray Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -102,7 +102,7 @@ Causes to print debugging messages about its progress. .El .Sh SECURITY -If a ssh_known_hosts file is constructed using +If an ssh_known_hosts file is constructed using .Nm without verifying the keys, users will be vulnerable to .Em man in the middle diff --git a/ssh.1 b/ssh.1 index 6e41bcd8b..b6f09f400 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.263 2006/07/11 18:50:48 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.264 2006/09/25 04:55:38 ray Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1105,7 +1105,7 @@ tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john .Ed .Pp -Since a SSH-based setup entails a fair amount of overhead, +Since an SSH-based setup entails a fair amount of overhead, it may be more suited to temporary setups, such as for wireless VPNs. More permanent VPNs are better provided by tools such as -- cgit v1.2.3 From 3975ee2c3ce78af4f62ff8e9e5b636ef378b7f6b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 5 Nov 2006 05:31:33 +1100 Subject: - (djm) OpenBSD CVS Sync - otto@cvs.openbsd.org 2006/10/28 18:08:10 [ssh.1] correct/expand example of usage of -w; ok jmc@ stevesk@ --- ChangeLog | 8 +++++++- ssh.1 | 20 +++++++++++++++----- 2 files changed, 22 insertions(+), 6 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index d02ba367e..e503acd44 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20061105 + - (djm) OpenBSD CVS Sync + - otto@cvs.openbsd.org 2006/10/28 18:08:10 + [ssh.1] + correct/expand example of usage of -w; ok jmc@ stevesk@ + 20061101 - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr events fatal in Solaris process contract support and tell it to signal @@ -2578,4 +2584,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4581 2006/10/31 23:28:49 dtucker Exp $ +$Id: ChangeLog,v 1.4582 2006/11/04 18:31:33 djm Exp $ diff --git a/ssh.1 b/ssh.1 index b6f09f400..93be52f96 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.264 2006/09/25 04:55:38 ray Exp $ +.\" $OpenBSD: ssh.1,v 1.265 2006/10/28 18:08:10 otto Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1077,12 +1077,22 @@ controls whether the server supports this, and at what level (layer 2 or 3 traffic). .Pp The following example would connect client network 10.0.50.0/24 -with remote network 10.0.99.0/24, provided that the SSH server -running on the gateway to the remote network, -at 192.168.1.15, allows it: +with remote network 10.0.99.0/24 using a point-to-point connection +from 10.1.1.1 to 10.1.1.2, +provided that the SSH server running on the gateway to the remote network, +at 192.168.1.15, allows it. +.Pp +On the client: .Bd -literal -offset indent # ssh -f -w 0:1 192.168.1.15 true -# ifconfig tun0 10.0.50.1 10.0.99.1 netmask 255.255.255.252 +# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 +# route add 10.0.99.0/24 10.1.1.2 +.Ed +.Pp +On the server: +.Bd -literal -offset indent +# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 +# route add 10.0.50.0/24 10.1.1.1 .Ed .Pp Client access may be more finely tuned via the -- cgit v1.2.3 From c0367fb0d25fe72328c9d0ad3ad4ec21c024115e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Jan 2007 16:25:46 +1100 Subject: - markus@cvs.openbsd.org 2006/12/11 21:25:46 [ssh-keygen.1 ssh.1] add rfc 4716 (public key format); ok jmc --- ChangeLog | 5 ++++- ssh-keygen.1 | 15 ++++++--------- ssh.1 | 7 ++++++- 3 files changed, 16 insertions(+), 11 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index e9ac1c55b..d6e3890f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ [misc.c sftp.c] Don't access buf[strlen(buf) - 1] for zero-length strings. ``ok by me'' djm@. + - markus@cvs.openbsd.org 2006/12/11 21:25:46 + [ssh-keygen.1 ssh.1] + add rfc 4716 (public key format); ok jmc 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would @@ -2627,4 +2630,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4593 2007/01/05 05:24:47 djm Exp $ +$Id: ChangeLog,v 1.4594 2007/01/05 05:25:46 djm Exp $ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index ab16bcd77..850ac327b 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.72 2005/11/28 05:16:53 dtucker Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.73 2006/12/11 21:25:46 markus Exp $ .\" .\" -*- nroff -*- .\" @@ -205,8 +205,8 @@ Download the RSA public key stored in the smartcard in .Ar reader . .It Fl e This option will read a private or public OpenSSH key file and -print the key in a -.Sq SECSH Public Key File Format +print the key in +RFC 4716 SSH Public Key File Format to stdout. This option allows exporting keys for use by several commercial SSH implementations. @@ -450,12 +450,9 @@ The file format is described in .Xr moduli 5 , .Xr sshd 8 .Rs -.%A J. Galbraith -.%A R. Thayer -.%T "SECSH Public Key File Format" -.%N draft-ietf-secsh-publickeyfile-01.txt -.%D March 2001 -.%O work in progress material +.%R RFC 4716 +.%T "The Secure Shell (SSH) Public Key File Format" +.%D 2006 .Re .Sh AUTHORS OpenSSH is a derivative of the original and free diff --git a/ssh.1 b/ssh.1 index 93be52f96..b87ab4171 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.265 2006/10/28 18:08:10 otto Exp $ +.\" $OpenBSD: ssh.1,v 1.266 2006/12/11 21:25:46 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1418,6 +1418,11 @@ manual page for more information. .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" .%D 2006 .Re +.Rs +.%R RFC 4716 +.%T "The Secure Shell (SSH) Public Key File Format" +.%D 2006 +.Re .Sh AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. -- cgit v1.2.3