From c47d7e9e1905adbef3489cc2bbdceda02d212f7e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:27:20 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/09 10:10:47 [sshd.8] - move some text into a CAVEATS section - merge the COMMAND EXECUTION... section into AUTHENTICATION --- sshd.8 | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'sshd.8') diff --git a/sshd.8 b/sshd.8 index 51d339b65..e884e2b09 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.215 2006/02/01 09:11:41 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.216 2006/02/09 10:10:47 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -308,17 +308,6 @@ or .Ql \&*NP\&* ). .Pp -System security is not improved unless -.Nm rshd , -.Nm rlogind , -and -.Nm rexecd -are disabled (thus completely disabling -.Xr rlogin -and -.Xr rsh -into the machine). -.Sh COMMAND EXECUTION AND DATA FORWARDING If the client successfully authenticates itself, a dialog for preparing the session is entered. At this time the client may request @@ -326,7 +315,7 @@ things like allocating a pseudo-tty, forwarding X11 connections, forwarding TCP connections, or forwarding the authentication agent connection over the secure channel. .Pp -Finally, the client either requests a shell or execution of a command. +After this, the client either requests a shell or execution of a command. The sides then enter session mode. In this mode, either side may send data at any time, and such data is forwarded to/from the shell or @@ -867,3 +856,14 @@ Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. +.Sh CAVEATS +System security is not improved unless +.Nm rshd , +.Nm rlogind , +and +.Nm rexecd +are disabled (thus completely disabling +.Xr rlogin +and +.Xr rsh +into the machine). -- cgit v1.2.3 From dcfea27f1b4e7af8019f8539dd53188af1ccded3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:31:22 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/12 10:52:41 [sshd.8] rework the description of authorized_keys a little; --- ChangeLog | 5 ++++- sshd.8 | 29 +++++++++++++---------------- 2 files changed, 17 insertions(+), 17 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 70b3bcc62..608a438cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -82,6 +82,9 @@ - jmc@cvs.openbsd.org 2006/02/12 10:49:44 [ssh_config.5] slight rewording; ok djm + - jmc@cvs.openbsd.org 2006/02/12 10:52:41 + [sshd.8] + rework the description of authorized_keys a little; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3983,4 +3986,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4162 2006/03/15 00:31:01 djm Exp $ +$Id: ChangeLog,v 1.4163 2006/03/15 00:31:22 djm Exp $ diff --git a/sshd.8 b/sshd.8 index e884e2b09..909339f07 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.216 2006/02/09 10:10:47 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.217 2006/02/12 10:52:41 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -374,27 +374,24 @@ authentication protocol and cookie in standard input. Runs user's shell or command. .El .Sh AUTHORIZED_KEYS FILE FORMAT -.Pa ~/.ssh/authorized_keys -is the default file that lists the public keys that are -permitted for RSA authentication in protocol version 1 -and for public key authentication (PubkeyAuthentication) -in protocol version 2. .Cm AuthorizedKeysFile -may be used to specify an alternative file. -.Pp +specifies the file containing public keys for +public key authentication; +if none is specified, the default is +.Pa ~/.ssh/authorized_keys . Each line of the file contains one key (empty lines and lines starting with a .Ql # are ignored as comments). -Each RSA public key consists of the following fields, separated by -spaces: options, bits, exponent, modulus, comment. -Each protocol version 2 public key consists of: -options, keytype, base64 encoded key, comment. -The options field -is optional; its presence is determined by whether the line starts +Protocol 1 public keys consist of the following space-separated fields: +options, bits, exponent, modulus, comment. +Protocol 2 public key consist of: +options, keytype, base64-encoded key, comment. +The options field is optional; +its presence is determined by whether the line starts with a number or not (the options field never starts with a number). -The bits, exponent, modulus and comment fields give the RSA key for +The bits, exponent, modulus, and comment fields give the RSA key for protocol version 1; the comment field is not used for anything (but may be convenient for the user to identify the key). @@ -409,7 +406,7 @@ Note that lines in this file are usually several hundred bytes long keys up to 16 kilobits. You don't want to type them in; instead, copy the .Pa identity.pub , -.Pa id_dsa.pub +.Pa id_dsa.pub , or the .Pa id_rsa.pub file and edit it. -- cgit v1.2.3 From 31bdc52325c8ba48f23fc7e0b32bfab67ebf47cb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:31:44 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/12 17:57:19 [sshd.8] sort the list of options permissable w/ authorized_keys; ok djm dtucker --- ChangeLog | 6 +++++- sshd.8 | 52 ++++++++++++++++++++++++++-------------------------- 2 files changed, 31 insertions(+), 27 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 608a438cd..9928e171c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -85,6 +85,10 @@ - jmc@cvs.openbsd.org 2006/02/12 10:52:41 [sshd.8] rework the description of authorized_keys a little; + - jmc@cvs.openbsd.org 2006/02/12 17:57:19 + [sshd.8] + sort the list of options permissable w/ authorized_keys; + ok djm dtucker 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3986,4 +3990,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4163 2006/03/15 00:31:22 djm Exp $ +$Id: ChangeLog,v 1.4164 2006/03/15 00:31:44 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 909339f07..58bf9062a 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.217 2006/02/12 10:52:41 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.218 2006/02/12 17:57:19 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -421,26 +421,6 @@ No spaces are permitted, except within double quotes. The following option specifications are supported (note that option keywords are case-insensitive): .Bl -tag -width Ds -.It Cm from="pattern-list" -Specifies that in addition to public key authentication, the canonical name -of the remote host must be present in the comma-separated list of -patterns -.Pf ( Ql \&* -and -.Ql \&? -serve as wildcards). -The list may also contain -patterns negated by prefixing them with -.Ql \&! ; -if the canonical host name matches a negated pattern, the key is not accepted. -The purpose -of this option is to optionally increase security: public key authentication -by itself does not trust the network or name servers or anything (but -the key); however, if somebody somehow steals the key, the key -permits an intruder to log in from anywhere in the world. -This additional option makes using a stolen key more difficult (name -servers and/or routers would have to be compromised in addition to -just the key). .It Cm command="command" Specifies that the command is executed whenever this key is used for authentication. @@ -470,20 +450,40 @@ option. This option is automatically disabled if .Cm UseLogin is enabled. +.It Cm from="pattern-list" +Specifies that in addition to public key authentication, the canonical name +of the remote host must be present in the comma-separated list of +patterns +.Pf ( Ql \&* +and +.Ql \&? +serve as wildcards). +The list may also contain +patterns negated by prefixing them with +.Ql \&! ; +if the canonical host name matches a negated pattern, the key is not accepted. +The purpose +of this option is to optionally increase security: public key authentication +by itself does not trust the network or name servers or anything (but +the key); however, if somebody somehow steals the key, the key +permits an intruder to log in from anywhere in the world. +This additional option makes using a stolen key more difficult (name +servers and/or routers would have to be compromised in addition to +just the key). +.It Cm no-agent-forwarding +Forbids authentication agent forwarding when this key is used for +authentication. .It Cm no-port-forwarding Forbids TCP forwarding when this key is used for authentication. Any port forward requests by the client will return an error. This might be used, e.g., in connection with the .Cm command option. +.It Cm no-pty +Prevents tty allocation (a request to allocate a pty will fail). .It Cm no-X11-forwarding Forbids X11 forwarding when this key is used for authentication. Any X11 forward requests by the client will return an error. -.It Cm no-agent-forwarding -Forbids authentication agent forwarding when this key is used for -authentication. -.It Cm no-pty -Prevents tty allocation (a request to allocate a pty will fail). .It Cm permitopen="host:port" Limit local .Li ``ssh -L'' -- cgit v1.2.3 From 7d2ef02f1c79788e9b73d15a33019e09fe6bec76 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:32:06 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/13 10:16:39 [sshd.8] no need to subsection the authorized_keys examples - instead, convert this to look like an actual file. also use proto 2 keys, and use IETF example addresses; --- ChangeLog | 7 ++++++- sshd.8 | 20 ++++++++++---------- 2 files changed, 16 insertions(+), 11 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 9928e171c..ec05ccba3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -89,6 +89,11 @@ [sshd.8] sort the list of options permissable w/ authorized_keys; ok djm dtucker + - jmc@cvs.openbsd.org 2006/02/13 10:16:39 + [sshd.8] + no need to subsection the authorized_keys examples - instead, convert + this to look like an actual file. also use proto 2 keys, and use IETF + example addresses; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3990,4 +3995,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4164 2006/03/15 00:31:44 djm Exp $ +$Id: ChangeLog,v 1.4165 2006/03/15 00:32:06 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 58bf9062a..4eb5321ab 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.218 2006/02/12 17:57:19 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.219 2006/02/13 10:16:39 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -503,16 +503,16 @@ device on the server. Without this option, the next available device will be used if the client requests a tunnel. .El -.Ss Examples -1024 33 12121...312314325 ylo@foo.bar -.Pp -from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula -.Pp -command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi .Pp -permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 -.Pp -tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== reyk@openbsd.org +An example authorized_keys file: +.Bd -literal +# Comments allowed at start of line +ssh-rsa AAAAB3Nza...LiPk== user@example.net +from="*.sales.example.net,!pc.sales.example.net" ssh-rsa AAAAB2...19Q== john@example.net +command="dump /home",no-pty,no-port-forwarding ssh-dss AAAAC3...51R== example.net +permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss AAAAB5...21S== +tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== jane@example.net +.Ed .Sh SSH_KNOWN_HOSTS FILE FORMAT The .Pa /etc/ssh/ssh_known_hosts -- cgit v1.2.3 From 9a7f201d45a5bc2c268ff35668a120487ac8e33c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:32:42 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/13 10:21:25 [sshd.8] small tweaks for the ssh_known_hosts section; --- ChangeLog | 5 ++++- sshd.8 | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index ec05ccba3..0e20e59a3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -94,6 +94,9 @@ no need to subsection the authorized_keys examples - instead, convert this to look like an actual file. also use proto 2 keys, and use IETF example addresses; + - jmc@cvs.openbsd.org 2006/02/13 10:21:25 + [sshd.8] + small tweaks for the ssh_known_hosts section; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3995,4 +3998,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4165 2006/03/15 00:32:06 djm Exp $ +$Id: ChangeLog,v 1.4166 2006/03/15 00:32:42 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 4eb5321ab..1db605c6a 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.219 2006/02/13 10:16:39 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.220 2006/02/13 10:21:25 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -521,7 +521,7 @@ and files contain host public keys for all known hosts. The global file should be prepared by the administrator (optional), and the per-user file is -maintained automatically: whenever the user connects from an unknown host +maintained automatically: whenever the user connects from an unknown host, its key is added to the per-user file. .Pp Each line in these files contains the following fields: hostnames, @@ -529,7 +529,7 @@ bits, exponent, modulus, comment. The fields are separated by spaces. .Pp Hostnames is a comma-separated list of patterns -.Pf ( Ql \&* +.Pf ( Ql * and .Ql \&? act as @@ -551,7 +551,7 @@ Only one hashed hostname may appear on a single line and none of the above negation or wildcard operators may be applied. .Pp Bits, exponent, and modulus are taken directly from the RSA host key; they -can be obtained, e.g., from +can be obtained, for example, from .Pa /etc/ssh/ssh_host_key.pub . The optional comment field continues to the end of the line, and is not used. .Pp -- cgit v1.2.3 From cc00f5e2592157fa772bd4c287618c357ef7b444 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:33:00 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/13 11:02:26 [sshd.8] turn this into an example ssh_known_hosts file; ok djm --- ChangeLog | 5 ++++- sshd.8 | 14 +++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 0e20e59a3..e857f566c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -97,6 +97,9 @@ - jmc@cvs.openbsd.org 2006/02/13 10:21:25 [sshd.8] small tweaks for the ssh_known_hosts section; + - jmc@cvs.openbsd.org 2006/02/13 11:02:26 + [sshd.8] + turn this into an example ssh_known_hosts file; ok djm 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3998,4 +4001,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4166 2006/03/15 00:32:42 djm Exp $ +$Id: ChangeLog,v 1.4167 2006/03/15 00:33:00 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 1db605c6a..d5f48085e 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.220 2006/02/13 10:21:25 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.221 2006/02/13 11:02:26 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -576,12 +576,12 @@ Rather, generate them by a script or by taking .Pa /etc/ssh/ssh_host_key.pub and adding the host names at the front. -.Ss Examples -.Bd -literal -closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi -cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= -.Ed -.Bd -literal +.Pp +An example ssh_known_hosts file: +.Bd -literal -offset 3n +# Comments allowed at start of line +closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net +cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= # A hashed hostname |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa AAAA1234.....= -- cgit v1.2.3 From c8f61cf1996a7374de465d8e2fda93dec34364a2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:33:25 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/13 11:08:43 [sshd.8] - avoid nasty line split - `*' does not need to be escaped --- ChangeLog | 6 +++++- sshd.8 | 18 +++++++++++------- 2 files changed, 16 insertions(+), 8 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index e857f566c..736696204 100644 --- a/ChangeLog +++ b/ChangeLog @@ -100,6 +100,10 @@ - jmc@cvs.openbsd.org 2006/02/13 11:02:26 [sshd.8] turn this into an example ssh_known_hosts file; ok djm + - jmc@cvs.openbsd.org 2006/02/13 11:08:43 + [sshd.8] + - avoid nasty line split + - `*' does not need to be escaped 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4001,4 +4005,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4167 2006/03/15 00:33:00 djm Exp $ +$Id: ChangeLog,v 1.4168 2006/03/15 00:33:25 djm Exp $ diff --git a/sshd.8 b/sshd.8 index d5f48085e..0ad133d0d 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.221 2006/02/13 11:02:26 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.222 2006/02/13 11:08:43 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -454,7 +454,7 @@ is enabled. Specifies that in addition to public key authentication, the canonical name of the remote host must be present in the comma-separated list of patterns -.Pf ( Ql \&* +.Pf ( Ql * and .Ql \&? serve as wildcards). @@ -505,13 +505,17 @@ the client requests a tunnel. .El .Pp An example authorized_keys file: -.Bd -literal +.Bd -literal -offset 3n # Comments allowed at start of line ssh-rsa AAAAB3Nza...LiPk== user@example.net -from="*.sales.example.net,!pc.sales.example.net" ssh-rsa AAAAB2...19Q== john@example.net -command="dump /home",no-pty,no-port-forwarding ssh-dss AAAAC3...51R== example.net -permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss AAAAB5...21S== -tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== jane@example.net +from="*.sales.example.net,!pc.sales.example.net" ssh-rsa +AAAAB2...19Q== john@example.net +command="dump /home",no-pty,no-port-forwarding ssh-dss +AAAAC3...51R== example.net +permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss +AAAAB5...21S== +tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== +jane@example.net .Ed .Sh SSH_KNOWN_HOSTS FILE FORMAT The -- cgit v1.2.3 From d8702e865d1e0107d50dc0296b22dc0b788d5a0a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:33:56 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/13 11:27:25 [sshd.8] sort FILES and use a -compact list; --- ChangeLog | 5 +- sshd.8 | 284 ++++++++++++++++++++++++++++++++++---------------------------- 2 files changed, 158 insertions(+), 131 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 736696204..0a70ec21c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -104,6 +104,9 @@ [sshd.8] - avoid nasty line split - `*' does not need to be escaped + - jmc@cvs.openbsd.org 2006/02/13 11:27:25 + [sshd.8] + sort FILES and use a -compact list; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4005,4 +4008,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4168 2006/03/15 00:33:25 djm Exp $ +$Id: ChangeLog,v 1.4169 2006/03/15 00:33:56 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 0ad133d0d..e56b422a6 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.222 2006/02/13 11:08:43 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.223 2006/02/13 11:27:25 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -591,77 +591,8 @@ cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= AAAA1234.....= .Ed .Sh FILES -.Bl -tag -width Ds -.It Pa /etc/ssh/sshd_config -Contains configuration data for -.Nm sshd . -The file format and configuration options are described in -.Xr sshd_config 5 . -.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key -These three files contain the private parts of the host keys. -These files should only be owned by root, readable only by root, and not -accessible to others. -Note that -.Nm -does not start if this file is group/world-accessible. -.It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_rsa_key.pub -These three files contain the public parts of the host keys. -These files should be world-readable but writable only by -root. -Their contents should match the respective private parts. -These files are not -really used for anything; they are provided for the convenience of -the user so their contents can be copied to known hosts files. -These files are created using -.Xr ssh-keygen 1 . -.It Pa /etc/moduli -Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". -The file format is described in -.Xr moduli 5 . -.It Pa /var/empty -.Xr chroot 2 -directory used by -.Nm -during privilege separation in the pre-authentication phase. -The directory should not contain any files and must be owned by root -and not group or world-writable. -.It Pa /var/run/sshd.pid -Contains the process ID of the -.Nm -listening for connections (if there are several daemons running -concurrently for different ports, this contains the process ID of the one -started last). -The content of this file is not sensitive; it can be world-readable. -.It Pa ~/.ssh/authorized_keys -Lists the public keys (RSA or DSA) that can be used to log into the user's account. -This file must be readable by root (which may on some machines imply -it being world-readable if the user's home directory resides on an NFS -volume). -It is recommended that it not be accessible by others. -The format of this file is described above. -Users will place the contents of their -.Pa identity.pub , -.Pa id_dsa.pub -and/or -.Pa id_rsa.pub -files into this file, as described in -.Xr ssh-keygen 1 . -.It Pa "/etc/ssh/ssh_known_hosts", "~/.ssh/known_hosts" -These files are consulted when using rhosts with RSA host -authentication or protocol version 2 hostbased authentication -to check the public key of the host. -The key must be listed in one of these files to be accepted. -The client uses the same files -to verify that it is connecting to the correct remote host. -These files should be writable only by root/the owner. -.Pa /etc/ssh/ssh_known_hosts -should be world-readable, and -.Pa ~/.ssh/known_hosts -can, but need not be, world-readable. -.It Pa /etc/motd -See -.Xr motd 5 . -.It Pa ~/.hushlogin +.Bl -tag -width Ds -compact +.It ~/.hushlogin This file is used to suppress printing the last login time and .Pa /etc/motd , if @@ -672,19 +603,8 @@ respectively, are enabled. It does not suppress printing of the banner specified by .Cm Banner . -.It Pa /etc/nologin -If this file exists, -.Nm -refuses to let anyone except root log in. -The contents of the file -are displayed to anyone trying to log in, and non-root connections are -refused. -The file should be world-readable. -.It Pa /etc/hosts.allow, /etc/hosts.deny -Access controls that should be enforced by tcp-wrappers are defined here. -Further details are described in -.Xr hosts_access 5 . -.It Pa ~/.rhosts +.Pp +.It ~/.rhosts This file is used during .Cm RhostsRSAAuthentication and @@ -702,56 +622,30 @@ It is also possible to use netgroups in the file. Either host or user name may be of the form +@groupname to specify all hosts or all users in the group. -.It Pa ~/.shosts +.Pp +.It ~/.shosts For ssh, this file is exactly the same as for .Pa .rhosts . However, this file is not used by rlogin and rshd, so using this permits access using SSH only. -.It Pa /etc/hosts.equiv -This file is used during -.Cm RhostsRSAAuthentication -and -.Cm HostbasedAuthentication -authentication. -In the simplest form, this file contains host names, one per line. -Users on -those hosts are permitted to log in without a password, provided they -have the same user name on both machines. -The host name may also be -followed by a user name; such users are permitted to log in as -.Em any -user on this machine (except root). -Additionally, the syntax -.Dq +@group -can be used to specify netgroups. -Negated entries start with -.Ql \&- . -.Pp -If the client host/user is successfully matched in this file, login is -automatically permitted provided the client and server user names are the -same. -Additionally, successful client host key authentication is required. -This file must be writable only by root; it is recommended -that it be world-readable. .Pp -.Sy "Warning: It is almost never a good idea to use user names in" -.Pa hosts.equiv . -Beware that it really means that the named user(s) can log in as -.Em anybody , -which includes bin, daemon, adm, and other accounts that own critical -binaries and directories. -Using a user name practically grants the user root access. -The only valid use for user names that I can think -of is in negative entries. +.It ~/.ssh/authorized_keys +Lists the public keys (RSA or DSA) that can be used to log into the user's account. +This file must be readable by root (which may on some machines imply +it being world-readable if the user's home directory resides on an NFS +volume). +It is recommended that it not be accessible by others. +The format of this file is described above. +Users will place the contents of their +.Pa identity.pub , +.Pa id_dsa.pub +and/or +.Pa id_rsa.pub +files into this file, as described in +.Xr ssh-keygen 1 . .Pp -Note that this warning also applies to rsh/rlogin. -.It Pa /etc/shosts.equiv -This is processed exactly as -.Pa /etc/hosts.equiv . -However, this file may be useful in environments that want to run both -rsh/rlogin and ssh. -.It Pa ~/.ssh/environment +.It ~/.ssh/environment This file is read into the environment at login (if it exists). It can only contain empty lines, comment lines (that start with .Ql # ) , @@ -762,7 +656,22 @@ Environment processing is disabled by default and is controlled via the .Cm PermitUserEnvironment option. -.It Pa ~/.ssh/rc +.Pp +.It ~/.ssh/known_hosts +.It /etc/ssh/ssh_known_hosts +These files are consulted when using rhosts with RSA host +authentication or protocol version 2 hostbased authentication +to check the public key of the host. +The key must be listed in one of these files to be accepted. +The client uses the same files +to verify that it is connecting to the correct remote host. +These files should be writable only by root/the owner. +.Pa /etc/ssh/ssh_known_hosts +should be world-readable, and +.Pa ~/.ssh/known_hosts +can, but need not be, world-readable. +.Pp +.It ~/.ssh/rc If this file exists, it is run with .Pa /bin/sh after reading the @@ -805,12 +714,127 @@ does not exist either, xauth is used to add the cookie. .Pp This file should be writable only by the user, and need not be readable by anyone else. -.It Pa /etc/ssh/sshrc +.Pp +.It /etc/hosts.allow +.It /etc/hosts.deny +Access controls that should be enforced by tcp-wrappers are defined here. +Further details are described in +.Xr hosts_access 5 . +.Pp +.It /etc/hosts.equiv +This file is used during +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication +authentication. +In the simplest form, this file contains host names, one per line. +Users on +those hosts are permitted to log in without a password, provided they +have the same user name on both machines. +The host name may also be +followed by a user name; such users are permitted to log in as +.Em any +user on this machine (except root). +Additionally, the syntax +.Dq +@group +can be used to specify netgroups. +Negated entries start with +.Ql \&- . +.Pp +If the client host/user is successfully matched in this file, login is +automatically permitted provided the client and server user names are the +same. +Additionally, successful client host key authentication is required. +This file must be writable only by root; it is recommended +that it be world-readable. +.Pp +.Sy "Warning: It is almost never a good idea to use user names in" +.Pa hosts.equiv . +Beware that it really means that the named user(s) can log in as +.Em anybody , +which includes bin, daemon, adm, and other accounts that own critical +binaries and directories. +Using a user name practically grants the user root access. +The only valid use for user names that I can think +of is in negative entries. +.Pp +Note that this warning also applies to rsh/rlogin. +.Pp +.It /etc/moduli +Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". +The file format is described in +.Xr moduli 5 . +.Pp +.It /etc/motd +See +.Xr motd 5 . +.Pp +.It /etc/nologin +If this file exists, +.Nm +refuses to let anyone except root log in. +The contents of the file +are displayed to anyone trying to log in, and non-root connections are +refused. +The file should be world-readable. +.Pp +.It /etc/shosts.equiv +This is processed exactly as +.Pa /etc/hosts.equiv . +However, this file may be useful in environments that want to run both +rsh/rlogin and ssh. +.Pp +.It /etc/ssh/ssh_host_key +.It /etc/ssh/ssh_host_dsa_key +.It /etc/ssh/ssh_host_rsa_key +These three files contain the private parts of the host keys. +These files should only be owned by root, readable only by root, and not +accessible to others. +Note that +.Nm +does not start if this file is group/world-accessible. +.Pp +.It /etc/ssh/ssh_host_key.pub +.It /etc/ssh/ssh_host_dsa_key.pub +.It /etc/ssh/ssh_host_rsa_key.pub +These three files contain the public parts of the host keys. +These files should be world-readable but writable only by +root. +Their contents should match the respective private parts. +These files are not +really used for anything; they are provided for the convenience of +the user so their contents can be copied to known hosts files. +These files are created using +.Xr ssh-keygen 1 . +.Pp +.It /etc/ssh/sshd_config +Contains configuration data for +.Nm sshd . +The file format and configuration options are described in +.Xr sshd_config 5 . +.Pp +.It /etc/ssh/sshrc Like .Pa ~/.ssh/rc . This can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. +.Pp +.It /var/empty +.Xr chroot 2 +directory used by +.Nm +during privilege separation in the pre-authentication phase. +The directory should not contain any files and must be owned by root +and not group or world-writable. +.Pp +.It /var/run/sshd.pid +Contains the process ID of the +.Nm +listening for connections (if there are several daemons running +concurrently for different ports, this contains the process ID of the one +started last). +The content of this file is not sensitive; it can be world-readable. .El .Sh SEE ALSO .Xr scp 1 , -- cgit v1.2.3 From bc1936ad8735cc5f4949eb18172869352e2c5c1c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:35:05 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/15 16:55:33 [sshd.8] remove ietf draft references; RFC list now maintained in ssh.1; --- ChangeLog | 5 ++++- sshd.8 | 22 +--------------------- 2 files changed, 5 insertions(+), 22 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 333a64c7d..b12e1f03f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -113,6 +113,9 @@ - jmc@cvs.openbsd.org 2006/02/15 16:53:20 [ssh.1] remove the IETF draft references and replace them with some updated RFCs; + - jmc@cvs.openbsd.org 2006/02/15 16:55:33 + [sshd.8] + remove ietf draft references; RFC list now maintained in ssh.1; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4014,4 +4017,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4171 2006/03/15 00:34:45 djm Exp $ +$Id: ChangeLog,v 1.4172 2006/03/15 00:35:05 djm Exp $ diff --git a/sshd.8 b/sshd.8 index e56b422a6..aed8b60d1 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.223 2006/02/13 11:27:25 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.224 2006/02/15 16:55:33 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -850,26 +850,6 @@ The content of this file is not sensitive; it can be world-readable. .Xr sshd_config 5 , .Xr inetd 8 , .Xr sftp-server 8 -.Rs -.%A T. Ylonen -.%A T. Kivinen -.%A M. Saarinen -.%A T. Rinne -.%A S. Lehtinen -.%T "SSH Protocol Architecture" -.%N draft-ietf-secsh-architecture-12.txt -.%D January 2002 -.%O work in progress material -.Re -.Rs -.%A M. Friedl -.%A N. Provos -.%A W. A. Simpson -.%T "Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol" -.%N draft-ietf-secsh-dh-group-exchange-02.txt -.%D January 2002 -.%O work in progress material -.Re .Sh AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. -- cgit v1.2.3 From adc35b9583944203906ef1fd8b078316213e35d5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:35:27 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/16 09:05:34 [sshd.8] sync some of the FILES entries w/ ssh.1; --- ChangeLog | 5 +++- sshd.8 | 78 +++++++++++++++++++++++++++------------------------------------ 2 files changed, 37 insertions(+), 46 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index b12e1f03f..4c24caccd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -116,6 +116,9 @@ - jmc@cvs.openbsd.org 2006/02/15 16:55:33 [sshd.8] remove ietf draft references; RFC list now maintained in ssh.1; + - jmc@cvs.openbsd.org 2006/02/16 09:05:34 + [sshd.8] + sync some of the FILES entries w/ ssh.1; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4017,4 +4020,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4172 2006/03/15 00:35:05 djm Exp $ +$Id: ChangeLog,v 1.4173 2006/03/15 00:35:27 djm Exp $ diff --git a/sshd.8 b/sshd.8 index aed8b60d1..6d79f175c 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.224 2006/02/15 16:55:33 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -605,45 +605,31 @@ It does not suppress printing of the banner specified by .Cm Banner . .Pp .It ~/.rhosts -This file is used during -.Cm RhostsRSAAuthentication -and -.Cm HostbasedAuthentication -and contains host-username pairs, separated by a space, one per -line. -The given user on the corresponding host is permitted to log in -without a password. -The same file is used by rlogind and rshd. -The file must -be writable only by the user; it is recommended that it not be +This file is used for host-based authentication (see +.Xr ssh 1 +for more information). +On some machines this file may need to be +world-readable if the user's home directory is on an NFS partition, +because +.Nm +reads it as root. +Additionally, this file must be owned by the user, +and must not have write permissions for anyone else. +The recommended +permission for most machines is read/write for the user, and not accessible by others. .Pp -It is also possible to use netgroups in the file. -Either host or user -name may be of the form +@groupname to specify all hosts or all users -in the group. -.Pp .It ~/.shosts -For ssh, -this file is exactly the same as for -.Pa .rhosts . -However, this file is -not used by rlogin and rshd, so using this permits access using SSH only. +This file is used in exactly the same way as +.Pa .rhosts , +but allows host-based authentication without permitting login with +rlogin/rsh. .Pp .It ~/.ssh/authorized_keys -Lists the public keys (RSA or DSA) that can be used to log into the user's account. -This file must be readable by root (which may on some machines imply -it being world-readable if the user's home directory resides on an NFS -volume). -It is recommended that it not be accessible by others. +Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described above. -Users will place the contents of their -.Pa identity.pub , -.Pa id_dsa.pub -and/or -.Pa id_rsa.pub -files into this file, as described in -.Xr ssh-keygen 1 . +This file is not highly sensitive, but the recommended +permissions are read/write for the user, and not accessible by others. .Pp .It ~/.ssh/environment This file is read into the environment at login (if it exists). @@ -658,17 +644,10 @@ controlled via the option. .Pp .It ~/.ssh/known_hosts -.It /etc/ssh/ssh_known_hosts -These files are consulted when using rhosts with RSA host -authentication or protocol version 2 hostbased authentication -to check the public key of the host. -The key must be listed in one of these files to be accepted. -The client uses the same files -to verify that it is connecting to the correct remote host. -These files should be writable only by root/the owner. -.Pa /etc/ssh/ssh_known_hosts -should be world-readable, and -.Pa ~/.ssh/known_hosts +Contains a list of host keys for all hosts the user has logged into +that are not already in the systemwide list of known host keys. +The format of this file is described above. +This file should be writable only by root/the owner and can, but need not be, world-readable. .Pp .It ~/.ssh/rc @@ -784,6 +763,15 @@ This is processed exactly as However, this file may be useful in environments that want to run both rsh/rlogin and ssh. .Pp +.It /etc/ssh/ssh_known_hosts +Systemwide list of known host keys. +This file should be prepared by the +system administrator to contain the public host keys of all machines in the +organization. +The format of this file is described above. +This file should be writable only by root/the owner and +should be world-readable. +.Pp .It /etc/ssh/ssh_host_key .It /etc/ssh/ssh_host_dsa_key .It /etc/ssh/ssh_host_rsa_key -- cgit v1.2.3 From fd725cf585d0f9aca648f177df35265b6abc10e6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:35:54 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/19 19:52:10 [sshd.8] move the sshrc stuff out of FILES, and into its own section: FILES is not a good place to document how stuff works; --- ChangeLog | 6 +++- sshd.8 | 95 ++++++++++++++++++++++++++++++++++----------------------------- 2 files changed, 56 insertions(+), 45 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 4c24caccd..27bdea89a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -119,6 +119,10 @@ - jmc@cvs.openbsd.org 2006/02/16 09:05:34 [sshd.8] sync some of the FILES entries w/ ssh.1; + - jmc@cvs.openbsd.org 2006/02/19 19:52:10 + [sshd.8] + move the sshrc stuff out of FILES, and into its own section: + FILES is not a good place to document how stuff works; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4020,4 +4024,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4173 2006/03/15 00:35:27 djm Exp $ +$Id: ChangeLog,v 1.4174 2006/03/15 00:35:54 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 6d79f175c..6df9d8aab 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -370,9 +370,54 @@ The .Dq rc files are given the X11 authentication protocol and cookie in standard input. +See +.Sx SSHRC , +below. .It Runs user's shell or command. .El +.Sh SSHRC +If the file +.Pa ~/.ssh/rc +exists, +.Xr sh 1 +runs it after reading the +environment files but before starting the user's shell or command. +It must not produce any output on stdout; stderr must be used +instead. +If X11 forwarding is in use, it will receive the "proto cookie" pair in +its standard input (and +.Ev DISPLAY +in its environment). +The script must call +.Xr xauth 1 +because +.Nm +will not run xauth automatically to add X11 cookies. +.Pp +The primary purpose of this file is to run any initialization routines +which may be needed before the user's home directory becomes +accessible; AFS is a particular example of such an environment. +.Pp +This file will probably contain some initialization code followed by +something similar to: +.Bd -literal -offset 3n +if read proto cookie && [ -n "$DISPLAY" ]; then + if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then + # X11UseLocalhost=yes + echo add unix:`echo $DISPLAY | + cut -c11-` $proto $cookie + else + # X11UseLocalhost=no + echo add $DISPLAY $proto $cookie + fi | xauth -q - +fi +.Ed +.Pp +If this file does not exist, +.Pa /etc/ssh/sshrc +is run, and if that +does not exist either, xauth is used to add the cookie. .Sh AUTHORIZED_KEYS FILE FORMAT .Cm AuthorizedKeysFile specifies the file containing public keys for @@ -651,46 +696,8 @@ This file should be writable only by root/the owner and can, but need not be, world-readable. .Pp .It ~/.ssh/rc -If this file exists, it is run with -.Pa /bin/sh -after reading the -environment files but before starting the user's shell or command. -It must not produce any output on stdout; stderr must be used -instead. -If X11 forwarding is in use, it will receive the "proto cookie" pair in -its standard input (and -.Ev DISPLAY -in its environment). -The script must call -.Xr xauth 1 -because -.Nm -will not run xauth automatically to add X11 cookies. -.Pp -The primary purpose of this file is to run any initialization routines -which may be needed before the user's home directory becomes -accessible; AFS is a particular example of such an environment. -.Pp -This file will probably contain some initialization code followed by -something similar to: -.Bd -literal -if read proto cookie && [ -n "$DISPLAY" ]; then - if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then - # X11UseLocalhost=yes - echo add unix:`echo $DISPLAY | - cut -c11-` $proto $cookie - else - # X11UseLocalhost=no - echo add $DISPLAY $proto $cookie - fi | xauth -q - -fi -.Ed -.Pp -If this file does not exist, -.Pa /etc/ssh/sshrc -is run, and if that -does not exist either, xauth is used to add the cookie. -.Pp +Contains initialization routines to be run before +the user's home directory becomes accessible. This file should be writable only by the user, and need not be readable by anyone else. .Pp @@ -802,9 +809,9 @@ The file format and configuration options are described in .Xr sshd_config 5 . .Pp .It /etc/ssh/sshrc -Like -.Pa ~/.ssh/rc . -This can be used to specify +Similar to +.Pa ~/.ssh/rc , +it can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. .Pp -- cgit v1.2.3 From 445121fe8dc73601fc301de5be5b7c02b2d20bf9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:36:18 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/19 20:02:17 [sshd.8] sync the (s)hosts.equiv FILES entries w/ those from ssh.1; --- ChangeLog | 5 ++++- sshd.8 | 50 ++++++++------------------------------------------ 2 files changed, 12 insertions(+), 43 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 27bdea89a..46fcf667a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -123,6 +123,9 @@ [sshd.8] move the sshrc stuff out of FILES, and into its own section: FILES is not a good place to document how stuff works; + - jmc@cvs.openbsd.org 2006/02/19 20:02:17 + [sshd.8] + sync the (s)hosts.equiv FILES entries w/ those from ssh.1; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4024,4 +4027,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4174 2006/03/15 00:35:54 djm Exp $ +$Id: ChangeLog,v 1.4175 2006/03/15 00:36:18 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 6df9d8aab..24c149975 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.227 2006/02/19 20:02:17 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -708,43 +708,9 @@ Further details are described in .Xr hosts_access 5 . .Pp .It /etc/hosts.equiv -This file is used during -.Cm RhostsRSAAuthentication -and -.Cm HostbasedAuthentication -authentication. -In the simplest form, this file contains host names, one per line. -Users on -those hosts are permitted to log in without a password, provided they -have the same user name on both machines. -The host name may also be -followed by a user name; such users are permitted to log in as -.Em any -user on this machine (except root). -Additionally, the syntax -.Dq +@group -can be used to specify netgroups. -Negated entries start with -.Ql \&- . -.Pp -If the client host/user is successfully matched in this file, login is -automatically permitted provided the client and server user names are the -same. -Additionally, successful client host key authentication is required. -This file must be writable only by root; it is recommended -that it be world-readable. -.Pp -.Sy "Warning: It is almost never a good idea to use user names in" -.Pa hosts.equiv . -Beware that it really means that the named user(s) can log in as -.Em anybody , -which includes bin, daemon, adm, and other accounts that own critical -binaries and directories. -Using a user name practically grants the user root access. -The only valid use for user names that I can think -of is in negative entries. -.Pp -Note that this warning also applies to rsh/rlogin. +This file is for host-based authentication (see +.Xr ssh 1 ) . +It should only be writable by root. .Pp .It /etc/moduli Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". @@ -765,10 +731,10 @@ refused. The file should be world-readable. .Pp .It /etc/shosts.equiv -This is processed exactly as -.Pa /etc/hosts.equiv . -However, this file may be useful in environments that want to run both -rsh/rlogin and ssh. +This file is used in exactly the same way as +.Pa hosts.equiv , +but allows host-based authentication without permitting login with +rlogin/rsh. .Pp .It /etc/ssh/ssh_known_hosts Systemwide list of known host keys. -- cgit v1.2.3 From edd0375d828e0ecbac4c515ae848256e907ba840 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:36:45 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/19 20:05:00 [sshd.8] grammar; --- ChangeLog | 5 ++++- sshd.8 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 46fcf667a..50c42733b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -126,6 +126,9 @@ - jmc@cvs.openbsd.org 2006/02/19 20:02:17 [sshd.8] sync the (s)hosts.equiv FILES entries w/ those from ssh.1; + - jmc@cvs.openbsd.org 2006/02/19 20:05:00 + [sshd.8] + grammar; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4027,4 +4030,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4175 2006/03/15 00:36:18 djm Exp $ +$Id: ChangeLog,v 1.4176 2006/03/15 00:36:45 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 24c149975..bb5cacd45 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.227 2006/02/19 20:02:17 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.228 2006/02/19 20:05:00 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -753,7 +753,7 @@ These files should only be owned by root, readable only by root, and not accessible to others. Note that .Nm -does not start if this file is group/world-accessible. +does not start if these files are group/world-accessible. .Pp .It /etc/ssh/ssh_host_key.pub .It /etc/ssh/ssh_host_dsa_key.pub -- cgit v1.2.3 From c7d5b5e4662b5c4d78639b9bfed642917f775da4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:55:08 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/24 10:39:52 [sshd.8] signpost to PATTERNS section; --- ChangeLog | 5 ++++- sshd.8 | 18 ++++++++---------- 2 files changed, 12 insertions(+), 11 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 7087d81f5..b5f623a8e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -160,6 +160,9 @@ - jmc@cvs.openbsd.org 2006/02/24 10:37:07 [ssh_config.5] tidy up the refs to PATTERNS; + - jmc@cvs.openbsd.org 2006/02/24 10:39:52 + [sshd.8] + signpost to PATTERNS section; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4061,4 +4064,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4184 2006/03/15 00:54:36 djm Exp $ +$Id: ChangeLog,v 1.4185 2006/03/15 00:55:08 djm Exp $ diff --git a/sshd.8 b/sshd.8 index bb5cacd45..d09dc4e99 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.228 2006/02/19 20:05:00 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.229 2006/02/24 10:39:52 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -498,15 +498,7 @@ is enabled. .It Cm from="pattern-list" Specifies that in addition to public key authentication, the canonical name of the remote host must be present in the comma-separated list of -patterns -.Pf ( Ql * -and -.Ql \&? -serve as wildcards). -The list may also contain -patterns negated by prefixing them with -.Ql \&! ; -if the canonical host name matches a negated pattern, the key is not accepted. +patterns. The purpose of this option is to optionally increase security: public key authentication by itself does not trust the network or name servers or anything (but @@ -515,6 +507,12 @@ permits an intruder to log in from anywhere in the world. This additional option makes using a stolen key more difficult (name servers and/or routers would have to be compromised in addition to just the key). +.Pp +See +.Sx PATTERNS +in +.Xr ssh_config 5 +for more information on patterns. .It Cm no-agent-forwarding Forbids authentication agent forwarding when this key is used for authentication. -- cgit v1.2.3 From 208f1ed6f180cc0cfd3ab59d0b1c33796cc4c641 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:56:03 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/24 20:31:31 [ssh.1 ssh_config.5 sshd.8 sshd_config.5] more consistency fixes; --- ChangeLog | 5 ++++- ssh.1 | 6 +++--- ssh_config.5 | 6 +++--- sshd.8 | 8 ++++---- sshd_config.5 | 8 ++++---- 5 files changed, 18 insertions(+), 15 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 730634ce7..b24ca1887 100644 --- a/ChangeLog +++ b/ChangeLog @@ -166,6 +166,9 @@ - jmc@cvs.openbsd.org 2006/02/24 20:22:16 [ssh-keysign.8 ssh_config.5 sshd_config.5] some consistency fixes; + - jmc@cvs.openbsd.org 2006/02/24 20:31:31 + [ssh.1 ssh_config.5 sshd.8 sshd_config.5] + more consistency fixes; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4067,4 +4070,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4186 2006/03/15 00:55:31 djm Exp $ +$Id: ChangeLog,v 1.4187 2006/03/15 00:56:03 djm Exp $ diff --git a/ssh.1 b/ssh.1 index b9bbe0bd6..e66ad9e88 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.256 2006/02/15 16:53:20 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.257 2006/02/24 20:31:30 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -569,7 +569,7 @@ Disable pseudo-tty allocation. Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, -e.g., when implementing menu services. +e.g. when implementing menu services. Multiple .Fl t options force tty allocation, even if @@ -1178,7 +1178,7 @@ If the current session has no tty, this variable is not set. .It Ev TZ This variable is set to indicate the present time zone if it -was set when the daemon was started (i.e., the daemon passes the value +was set when the daemon was started (i.e. the daemon passes the value on to new connections). .It Ev USER Set to the name of the user logging in. diff --git a/ssh_config.5 b/ssh_config.5 index 5905d4c90..66c9ed3f5 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.82 2006/02/24 20:22:16 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.83 2006/02/24 20:31:31 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -138,12 +138,12 @@ Restricts the following declarations (up to the next keyword) to be only for those hosts that match one of the patterns given after the keyword. A single -.Ql \&* +.Ql * as a pattern can be used to provide global defaults for all hosts. The host is the .Ar hostname -argument given on the command line (i.e., the name is not converted to +argument given on the command line (i.e. the name is not converted to a canonicalized host name before matching). .Pp See diff --git a/sshd.8 b/sshd.8 index d09dc4e99..0bfd68505 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.229 2006/02/24 10:39:52 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.230 2006/02/24 20:31:31 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -81,7 +81,7 @@ configuration file. .Nm rereads its configuration file when it receives a hangup signal, .Dv SIGHUP , -by executing itself with the name and options it was started with, e.g., +by executing itself with the name and options it was started with, e.g.\& .Pa /usr/sbin/sshd . .Pp The options are as follows: @@ -154,7 +154,7 @@ is normally not run from inetd because it needs to generate the server key before it can respond to the client, and this may take tens of seconds. Clients would have to wait too long if the key was regenerated every time. -However, with small key sizes (e.g., 512) using +However, with small key sizes (e.g. 512) using .Nm from inetd may be feasible. @@ -519,7 +519,7 @@ authentication. .It Cm no-port-forwarding Forbids TCP forwarding when this key is used for authentication. Any port forward requests by the client will return an error. -This might be used, e.g., in connection with the +This might be used, e.g. in connection with the .Cm command option. .It Cm no-pty diff --git a/sshd_config.5 b/sshd_config.5 index caeddf603..642e1fa29 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.50 2006/02/24 20:22:16 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.51 2006/02/24 20:31:31 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -72,7 +72,7 @@ in for how to configure the client. Note that environment passing is only supported for protocol 2. Variables are specified by name, which may contain the wildcard characters -.Ql \&* +.Ql * and .Ql \&? . Multiple environment variables may be separated by whitespace or spread @@ -456,7 +456,7 @@ The default is 10. Alternatively, random early drop can be enabled by specifying the three colon separated values .Dq start:rate:full -(e.g., "10:30:60"). +(e.g. "10:30:60"). .Nm sshd will refuse connection attempts with a probability of .Dq rate/100 @@ -612,7 +612,7 @@ directory or files world-writable. The default is .Dq yes . .It Cm Subsystem -Configures an external subsystem (e.g., file transfer daemon). +Configures an external subsystem (e.g. file transfer daemon). Arguments should be a subsystem name and a command to execute upon subsystem request. The command -- cgit v1.2.3 From da3455356100dbcb5d1ff9f0556386ca5f788795 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 10 Jul 2006 23:04:19 +1000 Subject: - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 [misc.c misc.h sshd.8 sshconnect.c] Add port identifier to known_hosts for non-default ports, based originally on a patch from Devin Nate in bz#910. For any connection using the default port or using a HostKeyAlias the format is unchanged, otherwise the host name or address is enclosed within square brackets in the same format as sshd's ListenAddress. Tested by many, ok markus@. --- ChangeLog | 10 +++++++++- misc.c | 20 +++++++++++++++++++- misc.h | 3 ++- sshconnect.c | 25 +++++++++++++++---------- sshd.8 | 9 ++++++++- 5 files changed, 53 insertions(+), 14 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index beb4a4fa2..56cee8708 100644 --- a/ChangeLog +++ b/ChangeLog @@ -96,6 +96,14 @@ [channels.c] fix misparsing of SOCKS 5 packets that could result in a crash; reported by mk@ ok markus@ + - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 + [misc.c misc.h sshd.8 sshconnect.c] + Add port identifier to known_hosts for non-default ports, based originally + on a patch from Devin Nate in bz#910. + For any connection using the default port or using a HostKeyAlias the + format is unchanged, otherwise the host name or address is enclosed + within square brackets in the same format as sshd's ListenAddress. + Tested by many, ok markus@. 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4829,4 +4837,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4383 2006/07/10 12:21:02 djm Exp $ +$Id: ChangeLog,v 1.4384 2006/07/10 13:04:19 dtucker Exp $ diff --git a/misc.c b/misc.c index 2abb14051..a65b1fded 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.55 2006/07/09 15:15:10 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.56 2006/07/10 12:46:51 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -45,6 +45,7 @@ #include "misc.h" #include "log.h" #include "xmalloc.h" +#include "ssh.h" /* remove newline at end of string */ char * @@ -336,6 +337,23 @@ convtime(const char *s) return total; } +/* + * Returns a standardized host+port identifier string. + * Caller must free returned string. + */ +char * +put_host_port(const char *host, u_short port) +{ + char *hoststr; + + if (port == 0 || port == SSH_DEFAULT_PORT) + return(xstrdup(host)); + if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0) + fatal("put_host_port: asprintf: %s", strerror(errno)); + debug3("put_host_port: %s", hoststr); + return hoststr; +} + /* * Search for next delimiter between hostnames/addresses and ports. * Argument may be modified (for termination). diff --git a/misc.h b/misc.h index f96328662..139a62e05 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.32 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: misc.h,v 1.33 2006/07/10 12:46:51 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -28,6 +28,7 @@ int unset_nonblock(int); void set_nodelay(int); int a2port(const char *); int a2tun(const char *, int *); +char *put_host_port(const char *, u_short); char *hpdelim(char **); char *cleanhostname(char *); char *colon(char *); diff --git a/sshconnect.c b/sshconnect.c index 3bc455eb4..f8450eadf 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.188 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.189 2006/07/10 12:46:51 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -514,12 +514,12 @@ confirm(const char *prompt) * is not valid. the user_hostfile will not be updated if 'readonly' is true. */ static int -check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, +check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, int readonly, const char *user_hostfile, const char *system_hostfile) { Key *file_key; const char *type = key_type(host_key); - char *ip = NULL; + char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp; HostStatus host_status; HostStatus ip_status; @@ -570,7 +570,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) fatal("check_host_key: getnameinfo failed"); - ip = xstrdup(ntop); + ip = put_host_port(ntop, options.port); } else { ip = xstrdup(""); } @@ -578,18 +578,21 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, * Turn off check_host_ip if the connection is to localhost, via proxy * command or if we don't have a hostname to compare with */ - if (options.check_host_ip && - (local || strcmp(host, ip) == 0 || options.proxy_command != NULL)) + if (options.check_host_ip && (local || + strcmp(hostname, ip) == 0 || options.proxy_command != NULL)) options.check_host_ip = 0; /* - * Allow the user to record the key under a different name. This is - * useful for ssh tunneling over forwarded connections or if you run - * multiple sshd's on different ports on the same machine. + * Allow the user to record the key under a different name or + * differentiate a non-standard port. This is useful for ssh + * tunneling over forwarded connections or if you run multiple + * sshd's on different ports on the same machine. */ if (options.host_key_alias != NULL) { - host = options.host_key_alias; + host = xstrdup(options.host_key_alias); debug("using hostkeyalias: %s", host); + } else { + host = put_host_port(hostname, options.port); } /* @@ -851,10 +854,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, } xfree(ip); + xfree(host); return 0; fail: xfree(ip); + xfree(host); return -1; } diff --git a/sshd.8 b/sshd.8 index 0bfd68505..f614b8dc3 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.230 2006/02/24 20:31:31 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.231 2006/07/10 12:46:52 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -588,6 +588,13 @@ A pattern may also be preceded by to indicate negation: if the host name matches a negated pattern, it is not accepted (by that line) even if it matched another pattern on the line. +A hostname or address may optionally be enclosed within +.Ql \&[ +and +.Ql \&] +brackets then followed by +.Ql \&: +and and a non-standard port number. .Pp Alternately, hostnames may be stored in a hashed form which hides host names and addresses should the file's contents be disclosed. -- cgit v1.2.3 From 11318476842a01eef47ceff67f31afc06cf2eaa5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:07:59 +1000 Subject: - jmc@cvs.openbsd.org 2006/07/10 16:04:21 [sshd.8] s/and and/and/ --- ChangeLog | 5 ++++- sshd.8 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 6964eb523..ba787e050 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ [sftp-glob.c sftp-common.h sftp.c] buffer.h only needed in sftp-common.h and remove some unneeded user includes; ok djm@ + - jmc@cvs.openbsd.org 2006/07/10 16:04:21 + [sshd.8] + s/and and/and/ 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4860,4 +4863,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4392 2006/07/12 12:07:08 dtucker Exp $ +$Id: ChangeLog,v 1.4393 2006/07/12 12:07:59 dtucker Exp $ diff --git a/sshd.8 b/sshd.8 index f614b8dc3..48be5a760 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.231 2006/07/10 12:46:52 dtucker Exp $ +.\" $OpenBSD: sshd.8,v 1.232 2006/07/10 16:04:21 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -594,7 +594,7 @@ and .Ql \&] brackets then followed by .Ql \&: -and and a non-standard port number. +and a non-standard port number. .Pp Alternately, hostnames may be stored in a hashed form which hides host names and addresses should the file's contents be disclosed. -- cgit v1.2.3 From e275443f66aab6d46356d6940b8a8b291cab4f9e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:06:47 +1000 Subject: - dtucker@cvs.openbsd.org 2006/07/19 13:07:10 [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5] Add ForceCommand keyword to sshd_config, equivalent to the "command=" key option, man page entry and example in sshd_config. Feedback & ok djm@, man page corrections & ok jmc@ --- ChangeLog | 7 ++++++- servconf.c | 22 ++++++++++++++++++++-- servconf.h | 4 +++- session.c | 10 +++++++--- sshd.8 | 5 ++++- sshd_config | 8 +++++++- sshd_config.5 | 15 ++++++++++++++- 7 files changed, 61 insertions(+), 10 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index e42f8a786..0ae5d3f6c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -56,6 +56,11 @@ [servconf.c sshd_config.5] Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to Match. ok djm@ + - dtucker@cvs.openbsd.org 2006/07/19 13:07:10 + [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5] + Add ForceCommand keyword to sshd_config, equivalent to the "command=" + key option, man page entry and example in sshd_config. + Feedback & ok djm@, man page corrections & ok jmc@ 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4974,4 +4979,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4421 2006/07/24 04:05:48 djm Exp $ +$Id: ChangeLog,v 1.4422 2006/07/24 04:06:47 djm Exp $ diff --git a/servconf.c b/servconf.c index bc457eebe..e2c1d4458 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.157 2006/07/19 08:56:41 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.158 2006/07/19 13:07:10 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -113,6 +113,7 @@ initialize_server_options(ServerOptions *options) options->authorized_keys_file2 = NULL; options->num_accept_env = 0; options->permit_tun = -1; + options->adm_forced_command = NULL; } void @@ -282,7 +283,7 @@ typedef enum { sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, + sMatch, sPermitOpen, sForceCommand, sUsePrivilegeSeparation, sDeprecated, sUnsupported } ServerOpCodes; @@ -393,6 +394,7 @@ static struct { { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, + { "forcecommand", sForceCommand, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -551,6 +553,8 @@ match_cfg_line(char **condition, int line, const char *user, const char *host, return result; } +#define WHITESPACE " \t\r\n" + int process_server_config_line(ServerOptions *options, char *line, const char *filename, int linenum, int *activep, const char *user, @@ -1173,6 +1177,15 @@ parse_flag: channel_add_adm_permitted_opens(p, port); break; + case sForceCommand: + if (cp == NULL) + fatal("%.200s line %d: Missing argument.", filename, + linenum); + len = strspn(cp, WHITESPACE); + if (*activep && options->adm_forced_command == NULL) + options->adm_forced_command = xstrdup(cp + len); + return 0; + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); @@ -1247,6 +1260,11 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src) dst->allow_tcp_forwarding = src->allow_tcp_forwarding; if (src->gateway_ports != -1) dst->gateway_ports = src->gateway_ports; + if (src->adm_forced_command != NULL) { + if (dst->adm_forced_command != NULL) + xfree(dst->adm_forced_command); + dst->adm_forced_command = src->adm_forced_command; + } if (src->x11_display_offset != -1) dst->x11_display_offset = src->x11_display_offset; if (src->x11_forwarding != -1) diff --git a/servconf.h b/servconf.h index a74716e6f..41dce7686 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.75 2006/07/12 11:34:58 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.76 2006/07/19 13:07:10 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -135,6 +135,8 @@ typedef struct { char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; + char *adm_forced_command; + int use_pam; /* Enable auth via PAM */ int permit_tun; diff --git a/session.c b/session.c index 5441a4762..e189acdf2 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.209 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: session.c,v 1.210 2006/07/19 13:07:10 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -672,10 +672,14 @@ do_pre_login(Session *s) void do_exec(Session *s, const char *command) { - if (forced_command) { + if (options.adm_forced_command) { + original_command = command; + command = options.adm_forced_command; + debug("Forced command (config) '%.900s'", command); + } else if (forced_command) { original_command = command; command = forced_command; - debug("Forced command '%.900s'", command); + debug("Forced command (key option) '%.900s'", command); } #ifdef SSH_AUDIT_EVENTS diff --git a/sshd.8 b/sshd.8 index 48be5a760..778ea906b 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.232 2006/07/10 16:04:21 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -481,6 +481,9 @@ to restrict certain public keys to perform just a specific operation. An example might be a key that permits remote backups but nothing else. Note that the client may specify TCP and/or X11 forwarding unless they are explicitly prohibited. +The command originally supplied by the client is available in the +.Ev SSH_ORIGINAL_COMMAND +environment variable. Note that this option applies to shell, command or subsystem execution. .It Cm environment="NAME=value" Specifies that the string is to be added to the environment when diff --git a/sshd_config b/sshd_config index 57f9a17bb..6a3cad886 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ +# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -104,3 +104,9 @@ # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/sshd_config.5 b/sshd_config.5 index 9196b761e..26c895f7a 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.66 2006/07/19 08:56:41 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.67 2006/07/19 13:07:10 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -283,6 +283,18 @@ See in .Xr ssh_config 5 for more information on patterns. +.It Cm ForceCommand +Forces the execution of the command specified by +.Cm ForceCommand , +ignoring any command supplied by the client. +The command is invoked by using the user's login shell with the -c option. +This applies to shell, command, or subsystem execution. +It is most useful inside a +.Cm Match +block. +The command originally supplied by the client is available in the +.Ev SSH_ORIGINAL_COMMAND +environment variable. .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to ports forwarded for the client. @@ -484,6 +496,7 @@ Only a subset of keywords may be used on the lines following a keyword. Available keywords are .Cm AllowTcpForwarding , +.Cm ForceCommand , .Cm GatewayPorts , .Cm PermitOpen , .Cm X11DisplayOffset , -- cgit v1.2.3 From 5d43d4901496159611ab7b431caf9a9c08ecbdcd Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 30 Aug 2006 11:07:00 +1000 Subject: - dtucker@cvs.openbsd.org 2006/08/21 08:15:57 [sshd.8] Add more detail about what permissions are and aren't accepted for authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@ --- ChangeLog | 6 +++++- sshd.8 | 18 ++++++++++++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) (limited to 'sshd.8') diff --git a/ChangeLog b/ChangeLog index 62fef2fc0..200ce2a08 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ [sshd_config.5] Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, ok jmc@ djm@ + - dtucker@cvs.openbsd.org 2006/08/21 08:15:57 + [sshd.8] + Add more detail about what permissions are and aren't accepted for + authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@ 20060824 - (dtucker) [openbsd-compat/basename.c] Include errno.h. @@ -5306,4 +5310,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4511 2006/08/30 01:06:34 djm Exp $ +$Id: ChangeLog,v 1.4512 2006/08/30 01:07:00 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 778ea906b..522279ee3 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $ +.\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -681,9 +681,23 @@ rlogin/rsh. .It ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described above. -This file is not highly sensitive, but the recommended +The content of the file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. .Pp +If this file, the +.Pa ~/.ssh +directory, or the user's home directory are writable +by other users, then the file could be modified or replaced by unauthorized +users. +In this case, +.Nm +will not allow it to be used unless the +.Cm StrictModes +option has been set to +.Dq no . +The recommended permissions can be set by executing +.Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys . +.Pp .It ~/.ssh/environment This file is read into the environment at login (if it exists). It can only contain empty lines, comment lines (that start with -- cgit v1.2.3