From 4dccfa5fb73853e6c9281beac2c42a31391acdc7 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 28 Dec 2000 16:40:05 +0000 Subject: - (bal) OpenBSD CVS Update - markus@cvs.openbsd.org 2000/12/28 14:25:51 [auth.h auth2.c] count authentication failures only - markus@cvs.openbsd.org 2000/12/28 14:25:03 [sshconnect.c] fingerprint for MITM attacks, too. - markus@cvs.openbsd.org 2000/12/28 12:03:57 [sshd.8 sshd.c] document -D - markus@cvs.openbsd.org 2000/12/27 14:19:21 [serverloop.c] less chatty - markus@cvs.openbsd.org 2000/12/27 12:34 [auth1.c sshconnect2.c sshd.c] typo - markus@cvs.openbsd.org 2000/12/27 12:30:19 [readconf.c readconf.h ssh.1 sshconnect.c] new option: HostKeyAlias: allow the user to record the host key under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine. - markus@cvs.openbsd.org 2000/12/27 11:51:53 [ssh.1 ssh.c] multiple -t force pty allocation, document ORIGINAL_COMMAND - markus@cvs.openbsd.org 2000/12/27 11:41:31 [sshd.8] update for ssh-2 --- sshd.8 | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) (limited to 'sshd.8') diff --git a/sshd.8 b/sshd.8 index 48d6be204..b2ff9a3e0 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.73 2000/11/22 15:38:30 provos Exp $ +.\" $OpenBSD: sshd.8,v 1.76 2000/12/28 12:03:57 markus Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -43,7 +43,7 @@ .Nd secure shell daemon .Sh SYNOPSIS .Nm sshd -.Op Fl diqQ46 +.Op Fl diqDQ46 .Op Fl b Ar bits .Op Fl f Ar config_file .Op Fl g Ar login_grace_time @@ -202,12 +202,14 @@ If the client fails to authenticate the user within this many seconds, the server disconnects and exits. A value of zero indicates no limit. .It Fl h Ar host_key_file -Specifies the file from which the RSA host key is read (default +Specifies the file from which the host key is read (default .Pa /etc/ssh_host_key ) . This option must be given if .Nm is not run as root (as the normal host file is normally not readable by anyone but root). +It is possible to have multiple host key files for +the different protocol versions. .It Fl i Specifies that .Nm @@ -254,6 +256,12 @@ indicates that only dotted decimal addresses should be put into the .Pa utmp file. +.It Fl D +When this option is specified +.Nm +will not detach and does not become a daemon. +This allows easy monitoring of +.Nm sshd . .It Fl Q Do not print an error message if RSA support is missing. .It Fl V Ar client_protocol_id @@ -720,26 +728,37 @@ file lists the RSA keys that are permitted for RSA authentication in SSH protocols 1.3 and 1.5 Similarly, the .Pa $HOME/.ssh/authorized_keys2 -file lists the DSA keys that are -permitted for DSA authentication in SSH protocol 2.0. +file lists the DSA and RSA keys that are +permitted for public key authentication (PubkeyAuthentication) +in SSH protocol 2.0. +.Pp Each line of the file contains one key (empty lines and lines starting with a .Ql # are ignored as comments). -Each line consists of the following fields, separated by +Each RSA public key consists of the following fields, separated by spaces: options, bits, exponent, modulus, comment. -The options field -is optional; its presence is determined by whether the line starts +Each protocol version 2 public key consists of: +options, keytype, base64 encoded key, comment. +The options fields +are optional; its presence is determined by whether the line starts with a number or not (the option field never starts with a number). -The bits, exponent, modulus and comment fields give the RSA key; the +The bits, exponent, modulus and comment fields give the RSA key for +protocol version 1; the comment field is not used for anything (but may be convenient for the user to identify the key). +For protocol version 2 the keytype is +.Dq ssh-dss +or +.Dq ssh-rsa . .Pp Note that lines in this file are usually several hundred bytes long (because of the size of the RSA key modulus). You don't want to type them in; instead, copy the .Pa identity.pub +or the +.Pa id_dsa.pub file and edit it. .Pp The options (if present) consist of comma-separated option @@ -1053,7 +1072,7 @@ This version of OpenSSH .Bl -bullet .It has all components of a restrictive nature (i.e., patents, see -.Xr crypto 3 ) +.Xr ssl 8 ) directly removed from the source code; any licensed or patented components are chosen from external libraries. @@ -1080,6 +1099,6 @@ The support for SSH protocol 2 was written by Markus Friedl. .Xr ssh-add 1 , .Xr ssh-agent 1 , .Xr ssh-keygen 1 , -.Xr crypto 3 , +.Xr ssl 8 , .Xr rlogin 1 , .Xr rsh 1 -- cgit v1.2.3