From 98c7ad60ec5725d91da9f9f6d26cd9fe477398c0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 9 Mar 2000 21:27:49 +1100 Subject: - OpenBSD CVS updates to v1.2.3 [ssh.h atomicio.c] - int atomicio -> ssize_t (for alpha). ok deraadt@ [auth-rsa.c] - delay MD5 computation until client sends response, free() early, cleanup. [cipher.c] - void* -> unsigned char*, ok niels@ [hostfile.c] - remove unused variable 'len'. fix comments. - remove unused variable [log-client.c log-server.c] - rename a cpp symbol, to avoid param.h collision [packet.c] - missing xfree() - getsockname() requires initialized tolen; andy@guildsoftware.com - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; from Holger.Trapp@Informatik.TU-Chemnitz.DE [pty.c pty.h] - register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@ [readconf.c] - turn off x11-fwd for the client, too. [rsa.c] - PKCS#1 padding [scp.c] - allow '.' in usernames; from jedgar@fxp.org [servconf.c] - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de - sync with sshd_config [ssh-keygen.c] - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@ [ssh.1] - Change invalid 'CHAT' loglevel to 'VERBOSE' [ssh.c] - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp - turn off x11-fwd for the client, too. [sshconnect.c] - missing xfree() - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp. - read error vs. "Connection closed by remote host" [sshd.8] - ie. -> i.e., - do not link to a commercial page.. - sync with sshd_config [sshd.c] - no need for poll.h; from bright@wintelcom.net - log with level log() not fatal() if peer behaves badly. - don't panic if client behaves strange. ok deraadt@ - make no-port-forwarding for RSA keys deny both -L and -R style fwding - delay close() of pty until the pty has been chowned back to root - oops, fix comment, too. - missing xfree() - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too. (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907) - register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@ - create x11 cookie file - fix pr 1113, fclose() -> pclose(), todo: remote popen() - version 1.2.3 - Cleaned up --- sshd.8 | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) (limited to 'sshd.8') diff --git a/sshd.8 b/sshd.8 index 4ad73bb77..c5497cf9f 100644 --- a/sshd.8 +++ b/sshd.8 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.12 2000/01/22 08:57:41 damien Exp $ +.\" $Id: sshd.8,v 1.13 2000/03/09 10:27:53 damien Exp $ .\" .Dd September 25, 1999 .Dt SSHD 8 @@ -258,13 +258,16 @@ Note that .Nm does not start if this file is group/world-accessible. .It Cm IgnoreRhosts -Specifies that rhosts and shosts files will not be used in -authentication. +Specifies that +.Pa .rhosts +and +.Pa .shosts +files will not be used in authentication. .Pa /etc/hosts.equiv and .Pa /etc/shosts.equiv are still used. The default is -.Dq no . +.Dq yes . .It Cm IgnoreUserKnownHosts Specifies whether .Nm @@ -352,7 +355,7 @@ The default is When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. The default is -.Dq yes . +.Dq no . .It Cm PermitRootLogin Specifies whether the root can log in using .Xr ssh 1 . @@ -403,7 +406,7 @@ The default is .It Cm RhostsRSAAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful RSA host authentication is allowed. The default is -.Dq yes . +.Dq no . .It Cm RSAAuthentication Specifies whether pure RSA authentication is allowed. The default is .Dq yes . @@ -442,9 +445,10 @@ Specifies the first display number available for X11 forwarding. This prevents .Nm from interfering with real X11 servers. +The default is 10. .It Cm X11Forwarding Specifies whether X11 forwarding is permitted. The default is -.Dq yes . +.Dq no . Note that disabling X11 forwarding does not improve security in any way, as users can always install their own forwarders. .El @@ -762,18 +766,12 @@ This can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. .Sh AUTHOR -Tatu Ylonen -.Pp -Information about new releases, mailing lists, and other related -issues can be found from the SSH WWW home page: -.Pp -.Dl http://www.cs.hut.fi/ssh. -.Pp OpenSSH -is a derivative of the original (free) ssh 1.2.12 release, but with bugs -removed and newer features re-added. Rapidly after the 1.2.12 release, -newer versions bore successively more restrictive licenses. This version -of OpenSSH +is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, +but with bugs removed and newer features re-added. Rapidly after the +1.2.12 release, newer versions of the original ssh bore successively +more restrictive licenses, and thus demand for a free version was born. +This version of OpenSSH .Bl -bullet .It has all components of a restrictive nature (i.e., patents, see @@ -782,7 +780,8 @@ directly removed from the source code; any licensed or patented components are chosen from external libraries. .It -has been updated to support ssh protocol 1.5. +has been updated to support ssh protocol 1.5, making it compatible with +all other ssh protocol 1 clients and servers. .It contains added support for .Xr kerberos 8 -- cgit v1.2.3