From af501cfce456004e1bce8557bbb24b230442b324 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 21 Jun 2009 17:53:04 +1000 Subject: - stevesk@cvs.openbsd.org 2009/04/13 19:07:44 [sshd_config.5] fix possessive; ok djm@ --- sshd_config.5 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'sshd_config.5') diff --git a/sshd_config.5 b/sshd_config.5 index dfd07b713..684c1c25e 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $ -.Dd $Mdocdate: February 22 2009 $ +.\" $OpenBSD: sshd_config.5,v 1.103 2009/04/13 19:07:44 stevesk Exp $ +.Dd $Mdocdate: April 13 2009 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -197,7 +197,7 @@ the connecting user has been authenticated: %% is replaced by a literal '%', The .Cm ChrootDirectory must contain the necessary files and directories to support the -users' session. +user's session. For an interactive session this requires at least a shell, typically .Xr sh 1 , and basic -- cgit v1.2.3 From 00fcd719a5877c6e02a0d6c66bd2de651fee728c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 21 Jun 2009 17:56:00 +1000 Subject: - stevesk@cvs.openbsd.org 2009/04/17 19:40:17 [sshd_config.5] clarify that even internal-sftp needs /dev/log for logging to work; ok markus@ --- ChangeLog | 4 ++++ sshd_config.5 | 12 +++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) (limited to 'sshd_config.5') diff --git a/ChangeLog b/ChangeLog index 4d6051053..7a75cdd65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,10 @@ [session.c] use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server; ok djm@ markus@ + - stevesk@cvs.openbsd.org 2009/04/17 19:40:17 + [sshd_config.5] + clarify that even internal-sftp needs /dev/log for logging to work; ok + markus@ 20090616 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t diff --git a/sshd_config.5 b/sshd_config.5 index 684c1c25e..5c100bdaa 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.103 2009/04/13 19:07:44 stevesk Exp $ -.Dd $Mdocdate: April 13 2009 $ +.\" $OpenBSD: sshd_config.5,v 1.104 2009/04/17 19:40:17 stevesk Exp $ +.Dd $Mdocdate: April 17 2009 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -213,11 +213,17 @@ and .Xr tty 4 devices. For file transfer sessions using -.Dq sftp , +.Dq sftp +which do not use logging, no additional configuration of the environment is necessary if the in-process sftp server is used (see .Cm Subsystem for details). +sftp sessions which do use logging require +.Pa /dev/log +inside the chroot directory (see +.Xr sftp-server 8 +for details). .Pp The default is not to .Xr chroot 2 . -- cgit v1.2.3 From f92077f05c7e1ebaf944da909e5a7ca7932443e0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 21 Jun 2009 17:56:25 +1000 Subject: - jmc@cvs.openbsd.org 2009/04/18 18:39:10 [sshd_config.5] tweak previous; ok stevesk --- ChangeLog | 3 +++ sshd_config.5 | 13 +++++-------- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'sshd_config.5') diff --git a/ChangeLog b/ChangeLog index 7a75cdd65..dcc9932db 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,6 +44,9 @@ [sshd_config.5] clarify that even internal-sftp needs /dev/log for logging to work; ok markus@ + - jmc@cvs.openbsd.org 2009/04/18 18:39:10 + [sshd_config.5] + tweak previous; ok stevesk 20090616 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t diff --git a/sshd_config.5 b/sshd_config.5 index 5c100bdaa..916e019da 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.104 2009/04/17 19:40:17 stevesk Exp $ -.Dd $Mdocdate: April 17 2009 $ +.\" $OpenBSD: sshd_config.5,v 1.105 2009/04/18 18:39:10 jmc Exp $ +.Dd $Mdocdate: April 18 2009 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -213,13 +213,10 @@ and .Xr tty 4 devices. For file transfer sessions using -.Dq sftp -which do not use logging, +.Dq sftp , no additional configuration of the environment is necessary if the -in-process sftp server is used (see -.Cm Subsystem -for details). -sftp sessions which do use logging require +in-process sftp server is used, +though sessions which use logging do require .Pa /dev/log inside the chroot directory (see .Xr sftp-server 8 -- cgit v1.2.3 From 51dbe503bf92ee38f003ffde4bb0a0d85c438ea7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 21 Jun 2009 17:56:51 +1000 Subject: - stevesk@cvs.openbsd.org 2009/04/21 15:13:17 [sshd_config.5] clarify we cd to user's home after chroot; ok markus@ on earlier version; tweaks and ok jmc@ --- ChangeLog | 4 ++++ sshd_config.5 | 7 +++++-- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'sshd_config.5') diff --git a/ChangeLog b/ChangeLog index dcc9932db..f2e6e8ccb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,10 @@ - jmc@cvs.openbsd.org 2009/04/18 18:39:10 [sshd_config.5] tweak previous; ok stevesk + - stevesk@cvs.openbsd.org 2009/04/21 15:13:17 + [sshd_config.5] + clarify we cd to user's home after chroot; ok markus@ on + earlier version; tweaks and ok jmc@ 20090616 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t diff --git a/sshd_config.5 b/sshd_config.5 index 916e019da..29f4d8240 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.105 2009/04/18 18:39:10 jmc Exp $ -.Dd $Mdocdate: April 18 2009 $ +.\" $OpenBSD: sshd_config.5,v 1.106 2009/04/21 15:13:17 stevesk Exp $ +.Dd $Mdocdate: April 21 2009 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -188,6 +188,9 @@ Specifies a path to to after authentication. This path, and all its components, must be root-owned directories that are not writable by any other user or group. +After the chroot, +.Xr sshd 8 +changes the working directory to the user's home directory. .Pp The path may contain the following tokens that are expanded at runtime once the connecting user has been authenticated: %% is replaced by a literal '%', -- cgit v1.2.3 From 9c7bf8dfc8c54129fd3c62c4a1d678a18a9ad1f7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 28 Aug 2009 10:27:08 +1000 Subject: downgrade mention of login.conf to be an example and mention PAM as another provider for ChallengeResponseAuthentication; bz#1408; ok dtucker@ --- sshd_config.5 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'sshd_config.5') diff --git a/sshd_config.5 b/sshd_config.5 index 29f4d8240..588aed56e 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -176,10 +176,9 @@ then no banner is displayed. This option is only available for protocol version 2. By default, no banner is displayed. .It Cm ChallengeResponseAuthentication -Specifies whether challenge-response authentication is allowed. -All authentication styles from -.Xr login.conf 5 -are supported. +Specifies whether challenge-response authentication is allowed (e.g. via +PAM or though authentication styles supported in +.Xr login.conf 5 ) The default is .Dq yes . .It Cm ChrootDirectory -- cgit v1.2.3