user[0] ? user : "<implicit>", service, method);
if (!log_flag) {
logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s",
- get_remote_ipaddr(), get_remote_port(), user);
+ get_remote_ipaddr(), get_remote_port(),
+ user[0] ? user : "<implicit>");
log_flag = 1;
}
debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
/* Increase the size of the buffer and retry. */
newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ);
- /* need it to be slightly larger than the MAX LEN for this */
- /* still investigating *why* but this works for now -cjr */
- if (newlen > (BUFFER_MAX_LEN_HPN + BUFFER_MAX_LEN))
+ if (newlen > BUFFER_MAX_LEN_HPN)
fatal("buffer_append_space: alloc %u not supported",
newlen);
buffer->buf = xrealloc(buffer->buf, 1, newlen);
static int connect_next(struct channel_connect *);
static void channel_connect_ctx_free(struct channel_connect *);
+
+static int hpn_disabled = 0;
+static int hpn_buffer_size = 2 * 1024 * 1024;
+
/* -- channel core */
+
+
Channel *
channel_by_id(int id)
{
IPv4or6 = af;
}
+
+void
+channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size)
+{
+ hpn_disabled = external_hpn_disabled;
+ hpn_buffer_size = external_hpn_buffer_size;
+ debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled, hpn_buffer_size);
+}
+
static int
channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port,
- const char *host_to_connect, u_short port_to_connect, int gateway_ports,
- int hpn_disabled, int hpn_buffer_size)
+ const char *host_to_connect, u_short port_to_connect, int gateway_ports)
{
Channel *c;
int sock, r, success = 0, wildcard = 0, is_client;
/* protocol local port fwd, used by ssh (and sshd in v1) */
int
channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port,
- const char *host_to_connect, u_short port_to_connect, int gateway_ports,
- int hpn_disabled, int hpn_buffer_size)
+ const char *host_to_connect, u_short port_to_connect, int gateway_ports)
{
return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER,
listen_host, listen_port, host_to_connect, port_to_connect,
- gateway_ports, hpn_disabled, hpn_buffer_size);
+ gateway_ports);
}
/* protocol v2 remote port fwd, used by sshd */
int
channel_setup_remote_fwd_listener(const char *listen_address,
- u_short listen_port, int gateway_ports, int hpn_disabled, int hpn_buffer_size)
+ u_short listen_port, int gateway_ports)
{
return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER,
- listen_address, listen_port, NULL, 0, gateway_ports,
- hpn_disabled, hpn_buffer_size);
+ listen_address, listen_port, NULL, 0, gateway_ports);
}
/*
* message if there was an error).
*/
int
-channel_input_port_forward_request(int is_root, int gateway_ports,
- int hpn_disabled, int hpn_buffer_size)
+channel_input_port_forward_request(int is_root, int gateway_ports)
{
u_short port, host_port;
int success = 0;
/* Initiate forwarding */
success = channel_setup_local_fwd_listener(NULL, port, hostname,
- host_port, gateway_ports, hpn_disabled, hpn_buffer_size);
+ host_port, gateway_ports);
/* Free the argument string. */
xfree(hostname);
*/
int
x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
- int single_connection, u_int *display_numberp, int **chanids,
- int hpn_disabled, int hpn_buffer_size)
+ int single_connection, u_int *display_numberp, int **chanids)
{
Channel *nc = NULL;
int display_number, sock;
void channel_clear_permitted_opens(void);
void channel_clear_adm_permitted_opens(void);
void channel_print_adm_permitted_opens(void);
-int channel_input_port_forward_request(int, int, int, int);
+int channel_input_port_forward_request(int, int);
Channel *channel_connect_to(const char *, u_short, char *, char *);
Channel *channel_connect_by_listen_address(u_short, char *, char *);
int channel_request_remote_forwarding(const char *, u_short,
const char *, u_short);
int channel_setup_local_fwd_listener(const char *, u_short,
- const char *, u_short, int, int, int);
+ const char *, u_short, int);
void channel_request_rforward_cancel(const char *host, u_short port);
-int channel_setup_remote_fwd_listener(const char *, u_short, int, int, int);
+int channel_setup_remote_fwd_listener(const char *, u_short, int);
int channel_cancel_rport_listener(const char *, u_short);
/* x11 forwarding */
int x11_connect_display(void);
-int x11_create_display_inet(int, int, int, u_int *, int **, int, int);
+int x11_create_display_inet(int, int, int, u_int *, int **);
void x11_input_open(int, u_int32_t, void *);
void x11_request_forwarding_with_spoofing(int, const char *, const char *,
const char *);
void chan_write_failed(Channel *);
void chan_obuf_empty(Channel *);
+/* hpn handler */
+void channel_set_hpn(int, int);
+
#endif
if (local) {
if (channel_setup_local_fwd_listener(fwd.listen_host,
fwd.listen_port, fwd.connect_host,
- fwd.connect_port, options.gateway_ports,
- options.hpn_disabled, options.hpn_buffer_size) < 0) {
+ fwd.connect_port, options.gateway_ports) < 0) {
logit("Port forwarding failed.");
goto out;
}
sock = ssh_get_authentication_socket();
if (sock < 0)
return NULL;
- /* not sure this is really needed here either */
if (options.hpn_disabled)
c = channel_new("authentication agent connection",
SSH_CHANNEL_OPEN, sock, sock, -1,
- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
- "authentication agent connection", 1);
- else
- c = channel_new("authentication agent connection",
- SSH_CHANNEL_OPEN, sock, sock, -1,
- options.hpn_buffer_size, options.hpn_buffer_size, 0,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
"authentication agent connection", 1);
+ else
+ c = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+ options.hpn_buffer_size, options.hpn_buffer_size, 0,
+ "authentication agent connection", 1);
c->force_drain = 1;
return c;
}
0, "tun", 1);
c->datagram = 1;
+
+
#if defined(SSH_TUN_FILTER)
if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
channel_register_filter(c->self, sys_tun_infilter,
if (len == -1) {
if (errno == EINTR || errno == EAGAIN ||
errno == EWOULDBLOCK)
- return;
+ return (0);
fatal("Write failed: %.100s", strerror(errno));
}
if (len == 0)
packet_write_wait(void)
{
fd_set *setp;
- u_int bytes_sent = 0;
int ret, ms_remain;
struct timeval start, timeout, *timeoutp = NULL;
+ u_int bytes_sent = 0;
setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS),
sizeof(fd_mask));
static char *file; /* name of the file being transferred */
static off_t end_pos; /* ending position of transfer */
static off_t cur_pos; /* transfer position as of last refresh */
+static off_t last_pos;
+static off_t max_delta_pos = 0;
static volatile off_t *counter; /* progress counter */
static long stalled; /* how long we have been stalled */
static int bytes_per_second; /* current speed in bytes per second */
int hours, minutes, seconds;
int i, len;
int file_len;
+ off_t delta_pos;
transferred = *counter - cur_pos;
cur_pos = *counter;
now = time(NULL);
bytes_left = end_pos - cur_pos;
+ delta_pos = cur_pos - last_pos;
+ if (delta_pos > max_delta_pos)
+ max_delta_pos = delta_pos;
+
if (bytes_left > 0)
elapsed = now - last_update;
else {
/* filename */
buf[0] = '\0';
- file_len = win_size - 35;
+ file_len = win_size - 45;
if (file_len > 0) {
len = snprintf(buf, file_len + 1, "\r%s", file);
if (len < 0)
percent = ((float)cur_pos / end_pos) * 100;
else
percent = 100;
- snprintf(buf + strlen(buf), win_size - strlen(buf),
+
+ snprintf(buf + strlen(buf), win_size - strlen(buf-8),
" %3d%% ", percent);
/* amount transferred */
(off_t)bytes_per_second);
strlcat(buf, "/s ", win_size);
+ /* instantaneous rate */
+ if (bytes_left > 0)
+ format_rate(buf + strlen(buf), win_size - strlen(buf),
+ delta_pos);
+ else
+ format_rate(buf + strlen(buf), win_size - strlen(buf),
+ max_delta_pos);
+ strlcat(buf, "/s ", win_size);
+
/* ETA */
if (!transferred)
stalled += elapsed;
atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1);
last_update = now;
+ last_pos = cur_pos;
}
/*ARGSUSED*/
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+ oVisualHostKey,
oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled,
oHPNBufferSize,
- oVisualHostKey,
oDeprecated, oUnsupported
} OpCodes;
{ "hpndisabled", oHPNDisabled },
{ "hpnbuffersize", oHPNBufferSize },
{ "visualhostkey", oVisualHostKey },
+ { "noneenabled", oNoneEnabled },
+ { "tcprcvbufpoll", oTcpRcvBufPoll },
+ { "tcprcvbuf", oTcpRcvBuf },
+ { "noneswitch", oNoneSwitch },
+ { "hpndisabled", oHPNDisabled },
+ { "hpnbuffersize", oHPNBufferSize },
{ NULL, oBadOption }
};
options->tcp_rcv_buf_poll = -1;
options->tcp_rcv_buf = -1;
options->visual_host_key = -1;
+ options->none_switch = -1;
+ options->none_enabled = -1;
+ options->hpn_disabled = -1;
+ options->hpn_buffer_size = -1;
+ options->tcp_rcv_buf_poll = -1;
+ options->tcp_rcv_buf = -1;
}
/*
int enable_ssh_keysign;
int64_t rekey_limit;
- int none_switch; /* Use none cipher */
- int none_enabled; /* Allow none to be used */
+ int none_switch; /* Use none cipher */
+ int none_enabled; /* Allow none to be used */
int no_host_authentication_for_localhost;
int identities_only;
int server_alive_interval;
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
- options->none_enabled = -1;
- options->tcp_rcv_buf_poll = -1;
- options->hpn_disabled = -1;
- options->hpn_buffer_size = -1;
+ options->none_enabled = -1;
+ options->tcp_rcv_buf_poll = -1;
+ options->hpn_disabled = -1;
+ options->hpn_buffer_size = -1;
}
void
fill_default_server_options(ServerOptions *options)
{
+ /* needed for hpn socket tests */
int sock;
int socksize;
int socksizelen = sizeof(int);
} else {
/* we have to do this incase the user sets both values in a contradictory */
/* manner. hpn_disabled overrrides hpn_buffer_size*/
- if (options->hpn_disabled <= 0) {
- if (options->hpn_buffer_size == 0)
- options->hpn_buffer_size = 1;
- /* limit the maximum buffer to 64MB */
+ if (options->hpn_disabled <= 0) {
+ if (options->hpn_buffer_size == 0)
+ options->hpn_buffer_size = 1;
+ /* limit the maximum buffer to 64MB */
if (options->hpn_buffer_size > 64*1024) {
options->hpn_buffer_size = 64*1024*1024;
} else {
sGsiAllowLimitedProxy,
sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
- sNoneEnabled, sTcpRcvBufPoll,
- sHPNDisabled, sHPNBufferSize,
sUsePrivilegeSeparation, sAllowAgentForwarding,
+ sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
sDeprecated, sUnsupported
} ServerOpCodes;
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
- { "noneenabled", sNoneEnabled },
- { "hpndisabled", sHPNDisabled },
- { "hpnbuffersize", sHPNBufferSize },
- { "tcprcvbufpoll", sTcpRcvBufPoll },
+ { "noneenabled", sNoneEnabled },
+ { "hpndisabled", sHPNDisabled },
+ { "hpnbuffersize", sHPNBufferSize },
+ { "tcprcvbufpoll", sTcpRcvBufPoll },
{ NULL, sBadOption, 0 }
};
c = channel_new("session", SSH_CHANNEL_LARVAL,
-1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
0, "server-session", 1);
- if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled))
+ if ((options.tcp_rcv_buf_poll) && (!options.hpn_disabled))
c->dynamic_window = 1;
if (session_open(the_authctxt, c->self) != 1) {
debug("session open failed, free channel %d", c->self);
} else {
/* Start listening on the port */
success = channel_setup_remote_fwd_listener(
- listen_address, listen_port, options.gateway_ports,
- options.hpn_disabled, options.hpn_buffer_size);
+ listen_address, listen_port, options.gateway_ports);
}
xfree(listen_address);
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
}
debug("Received TCP/IP port forwarding request.");
if (channel_input_port_forward_request(s->pw->pw_uid == 0,
- options.gateway_ports, options.hpn_disabled,
- options.hpn_buffer_size) < 0) {
+ options.gateway_ports) < 0) {
debug("Port forwarding failed.");
break;
}
*/
if (s->chanid == -1)
fatal("no channel for session %d", s->self);
+ if (options.hpn_disabled)
channel_set_fds(s->chanid,
fdout, fdin, fderr,
fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
1, is_tty, CHAN_SES_WINDOW_DEFAULT);
+ else
+ channel_set_fds(s->chanid,
+ fdout, fdin, fderr,
+ fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
+ 1, is_tty, options.hpn_buffer_size);
}
/*
}
if (x11_create_display_inet(options.x11_display_offset,
options.x11_use_localhost, s->single_connection,
- &s->display_number, &s->x11_chanids,
- options.hpn_disabled, options.hpn_buffer_size) == -1) {
+ &s->display_number, &s->x11_chanids) == -1) {
debug("x11_create_display_inet failed.");
return 0;
}
-.\" $OpenBSD: sftp.1,v 1.26 2001/09/17 20:38:09 stevesk Exp $
+.\" $OpenBSD: sftp.1,v 1.67 2008/07/15 02:23:14 djm Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd February 4, 2001
+.Dd $Mdocdate: July 15 2008 $
.Dt SFTP 1
.Os
.Sh NAME
.Nm sftp
-.Nd Secure file transfer program
+.Nd secure file transfer program
.Sh SYNOPSIS
.Nm sftp
+.Bk -words
.Op Fl 1Cv
+.Op Fl B Ar buffer_size
.Op Fl b Ar batchfile
.Op Fl F Ar ssh_config
.Op Fl o Ar ssh_option
-.Op Fl s Ar subsystem | sftp_server
+.Op Fl P Ar sftp_server_path
+.Op Fl R Ar num_requests
.Op Fl S Ar program
+.Op Fl s Ar subsystem | sftp_server
.Ar host
+.Ek
.Nm sftp
-.Op [\fIuser\fR@]\fIhost\fR[:\fIfile\fR [\fIfile\fR]]
+.Oo Oo Ar user Ns @ Oc Ns
+.Ar host Ns Oo : Ns Ar file Oo
+.Ar file Oc Oc Oc
.Nm sftp
-.Op [\fIuser\fR@]\fIhost\fR[:\fIdir\fR[\fI/\fR]]
+.Oo Oo Ar user Ns @ Oc Ns
+.Ar host Ns Oo : Ns Ar dir Ns
+.Oo Ar / Oc Oc Oc
+.Nm sftp
+.Fl b Ar batchfile
+.Oo Ar user Ns @ Oc Ns Ar host
.Sh DESCRIPTION
.Nm
is an interactive file transfer program, similar to
authentication method is used; otherwise it will do so after
successful interactive authentication.
.Pp
-The last usage format allows the sftp client to start in a remote directory.
+The third usage format allows
+.Nm
+to start in a remote directory.
.Pp
+The final usage format allows for automated sessions using the
+.Fl b
+option.
+In such cases, it is necessary to configure non-interactive authentication
+to obviate the need to enter a password at connection time (see
+.Xr sshd 8
+and
+.Xr ssh-keygen 1
+for details).
The options are as follows:
.Bl -tag -width Ds
.It Fl 1
Specify the use of protocol version 1.
+.It Fl B Ar buffer_size
+Specify the size of the buffer that
+.Nm
+uses when transferring files.
+Larger buffers require fewer round trips at the cost of higher
+memory consumption.
+The default is 32768 bytes.
.It Fl b Ar batchfile
Batch mode reads a series of commands from an input
.Ar batchfile
.Em stdin .
Since it lacks user interaction it should be used in conjunction with
non-interactive authentication.
+A
+.Ar batchfile
+of
+.Sq \-
+may be used to indicate standard input.
.Nm
will abort if any of the following
commands fail:
-.Ic get , put , rename , ln , rm , mkdir , chdir , lchdir
+.Ic get , put , rename , ln ,
+.Ic rm , mkdir , chdir , ls ,
+.Ic lchdir , chmod , chown ,
+.Ic chgrp , lpwd , df ,
and
.Ic lmkdir .
+Termination on error can be suppressed on a command by command basis by
+prefixing the command with a
+.Sq \-
+character (for example,
+.Ic -rm /tmp/blah* ) .
.It Fl C
Enables compression (via ssh's
.Fl C
.It Fl F Ar ssh_config
Specifies an alternative
per-user configuration file for
-.Nm ssh .
+.Xr ssh 1 .
This option is directly passed to
.Xr ssh 1 .
.It Fl o Ar ssh_option
Can be used to pass options to
.Nm ssh
-in the format used in the
-.Xr ssh 1
-configuration file. This is useful for specifying options
+in the format used in
+.Xr ssh_config 5 .
+This is useful for specifying options
for which there is no separate
.Nm sftp
-command-line flag. For example, to specify an alternate
-port use:
+command-line flag.
+For example, to specify an alternate port use:
.Ic sftp -oPort=24 .
-.It Fl s Ar subsystem | sftp_server
-Specifies the SSH2 subsystem or the path for an sftp server
-on the remote host. A path is useful for using sftp over
-protocol version 1, or when the remote
-.Nm sshd
-does not have an sftp subsystem configured.
+For full details of the options listed below, and their possible values, see
+.Xr ssh_config 5 .
+.Pp
+.Bl -tag -width Ds -offset indent -compact
+.It AddressFamily
+.It BatchMode
+.It BindAddress
+.It ChallengeResponseAuthentication
+.It CheckHostIP
+.It Cipher
+.It Ciphers
+.It Compression
+.It CompressionLevel
+.It ConnectionAttempts
+.It ConnectTimeout
+.It ControlMaster
+.It ControlPath
+.It GlobalKnownHostsFile
+.It GSSAPIAuthentication
+.It GSSAPIDelegateCredentials
+.It HashKnownHosts
+.It Host
+.It HostbasedAuthentication
+.It HostKeyAlgorithms
+.It HostKeyAlias
+.It HostName
+.It IdentityFile
+.It IdentitiesOnly
+.It KbdInteractiveDevices
+.It LogLevel
+.It MACs
+.It NoHostAuthenticationForLocalhost
+.It NumberOfPasswordPrompts
+.It PasswordAuthentication
+.It Port
+.It PreferredAuthentications
+.It Protocol
+.It ProxyCommand
+.It PubkeyAuthentication
+.It RekeyLimit
+.It RhostsRSAAuthentication
+.It RSAAuthentication
+.It SendEnv
+.It ServerAliveInterval
+.It ServerAliveCountMax
+.It SmartcardDevice
+.It StrictHostKeyChecking
+.It TCPKeepAlive
+.It UsePrivilegedPort
+.It User
+.It UserKnownHostsFile
+.It VerifyHostKeyDNS
+.El
+.It Fl P Ar sftp_server_path
+Connect directly to a local sftp server
+(rather than via
+.Xr ssh 1 ) .
+This option may be useful in debugging the client and server.
+.It Fl R Ar num_requests
+Specify how many requests may be outstanding at any one time.
+Increasing this may slightly improve file transfer speed
+but will increase memory usage.
+The default is 256 outstanding requests providing for 8MB
+of outstanding data with a 32KB buffer.
.It Fl S Ar program
Name of the
.Ar program
The program must understand
.Xr ssh 1
options.
+.It Fl s Ar subsystem | sftp_server
+Specifies the SSH2 subsystem or the path for an sftp server
+on the remote host.
+A path is useful for using
+.Nm
+over protocol version 1, or when the remote
+.Xr sshd 8
+does not have an sftp subsystem configured.
.It Fl v
-Raise logging level. This option is also passed to ssh.
+Raise logging level.
+This option is also passed to ssh.
.El
.Sh INTERACTIVE COMMANDS
Once in interactive mode,
.Nm
understands a set of commands similar to those of
.Xr ftp 1 .
-Commands are case insensitive and pathnames may be enclosed in quotes if they
-contain spaces.
+Commands are case insensitive.
+Pathnames that contain spaces must be enclosed in quotes.
+Any special characters contained within pathnames that are recognized by
+.Xr glob 3
+must be escaped with backslashes
+.Pq Sq \e .
.Bl -tag -width Ds
.It Ic bye
-Quit sftp.
+Quit
+.Nm sftp .
.It Ic cd Ar path
Change remote directory to
.Ar path .
-.It Ic lcd Ar path
-Change local directory to
-.Ar path .
.It Ic chgrp Ar grp Ar path
Change group of file
.Ar path
to
.Ar grp .
+.Ar path
+may contain
+.Xr glob 3
+characters and may match multiple files.
.Ar grp
must be a numeric GID.
.It Ic chmod Ar mode Ar path
.Ar path
to
.Ar mode .
+.Ar path
+may contain
+.Xr glob 3
+characters and may match multiple files.
.It Ic chown Ar own Ar path
Change owner of file
.Ar path
to
.Ar own .
+.Ar path
+may contain
+.Xr glob 3
+characters and may match multiple files.
.Ar own
must be a numeric UID.
+.It Xo Ic df
+.Op Fl hi
+.Op Ar path
+.Xc
+Display usage information for the filesystem holding the current directory
+(or
+.Ar path
+if specified).
+If the
+.Fl h
+flag is specified, the capacity information will be displayed using
+"human-readable" suffixes.
+The
+.Fl i
+flag requests display of inode information in addition to capacity information.
+This command is only supported on servers that implement the
+.Dq statvfs@openssh.com
+extension.
.It Ic exit
-Quit sftp.
+Quit
+.Nm sftp .
.It Xo Ic get
-.Op Ar flags
+.Op Fl P
.Ar remote-path
.Op Ar local-path
.Xc
and store it on the local machine.
If the local
path name is not specified, it is given the same name it has on the
-remote machine. If the
+remote machine.
+.Ar remote-path
+may contain
+.Xr glob 3
+characters and may match multiple files.
+If it does and
+.Ar local-path
+is specified, then
+.Ar local-path
+must specify a directory.
+If the
.Fl P
-flag is specified, then the file's full permission and access time are
+flag is specified, then full file permissions and access times are
copied too.
.It Ic help
Display help text.
+.It Ic lcd Ar path
+Change local directory to
+.Ar path .
.It Ic lls Op Ar ls-options Op Ar path
Display local directory listing of either
.Ar path
or current directory if
.Ar path
is not specified.
+.Ar ls-options
+may contain any flags supported by the local system's
+.Xr ls 1
+command.
+.Ar path
+may contain
+.Xr glob 3
+characters and may match multiple files.
.It Ic lmkdir Ar path
Create local directory specified by
.Ar path .
.Ar newpath .
.It Ic lpwd
Print local working directory.
-.It Ic ls Op Ar path
-Display remote directory listing of either
+.It Xo Ic ls
+.Op Fl 1aflnrSt
+.Op Ar path
+.Xc
+Display a remote directory listing of either
.Ar path
-or current directory if
+or the current directory if
.Ar path
is not specified.
+.Ar path
+may contain
+.Xr glob 3
+characters and may match multiple files.
+.Pp
+The following flags are recognized and alter the behaviour of
+.Ic ls
+accordingly:
+.Bl -tag -width Ds
+.It Fl 1
+Produce single columnar output.
+.It Fl a
+List files beginning with a dot
+.Pq Sq \&. .
+.It Fl f
+Do not sort the listing.
+The default sort order is lexicographical.
+.It Fl l
+Display additional details including permissions
+and ownership information.
+.It Fl n
+Produce a long listing with user and group information presented
+numerically.
+.It Fl r
+Reverse the sort order of the listing.
+.It Fl S
+Sort the listing by file size.
+.It Fl t
+Sort the listing by last modification time.
+.El
.It Ic lumask Ar umask
Set local umask to
.Ar umask .
.It Ic mkdir Ar path
Create remote directory specified by
.Ar path .
+.It Ic progress
+Toggle display of progress meter.
.It Xo Ic put
-.Op Ar flags
+.Op Fl P
.Ar local-path
-.Op Ar local-path
+.Op Ar remote-path
.Xc
Upload
.Ar local-path
-and store it on the remote machine. If the remote path name is not
-specified, it is given the same name it has on the local machine. If the
+and store it on the remote machine.
+If the remote path name is not specified, it is given the same name it has
+on the local machine.
+.Ar local-path
+may contain
+.Xr glob 3
+characters and may match multiple files.
+If it does and
+.Ar remote-path
+is specified, then
+.Ar remote-path
+must specify a directory.
+If the
.Fl P
flag is specified, then the file's full permission and access time are
copied too.
.It Ic pwd
Display remote working directory.
.It Ic quit
-Quit sftp.
+Quit
+.Nm sftp .
.It Ic rename Ar oldpath Ar newpath
Rename remote file from
.Ar oldpath
to
.Ar newpath .
-.It Ic rmdir Ar path
-Remove remote directory specified by
-.Ar path .
.It Ic rm Ar path
Delete remote file specified by
.Ar path .
+.It Ic rmdir Ar path
+Remove remote directory specified by
+.Ar path .
.It Ic symlink Ar oldpath Ar newpath
Create a symbolic link from
.Ar oldpath
to
.Ar newpath .
-.It Ic ! Ar command
+.It Ic version
+Display the
+.Nm
+protocol version.
+.It Ic \&! Ar command
Execute
.Ar command
in local shell.
-.It Ic !
+.It Ic \&!
Escape to local shell.
-.It Ic ?
+.It Ic \&?
Synonym for help.
.El
-.Sh AUTHORS
-Damien Miller <djm@mindrot.org>
.Sh SEE ALSO
+.Xr ftp 1 ,
+.Xr ls 1 ,
.Xr scp 1 ,
.Xr ssh 1 ,
.Xr ssh-add 1 ,
.Xr ssh-keygen 1 ,
+.Xr glob 3 ,
+.Xr ssh_config 5 ,
.Xr sftp-server 8 ,
.Xr sshd 8
.Rs
size_t copy_buffer_len = 32768;
/* Number of concurrent outstanding requests */
-size_t num_requests = 64;
+size_t num_requests = 256;
/* PID of ssh transport process */
static pid_t sshpid = -1;
no_shell_flag = 1;
no_tty_flag = 1;
break;
- case 'T':
- no_tty_flag = 1;
- /* ensure that the user doesn't try to backdoor a */
- /* null cipher switch on an interactive session */
- /* so explicitly disable it no matter what */
- options.none_switch=0;
- break;
case 'o':
dummy = 1;
line = xstrdup(optarg);
exit(255);
xfree(line);
break;
+ case 'T':
+ no_tty_flag = 1;
+ /* ensure that the user doesn't try to backdoor a */
+ /* null cipher switch on an interactive session */
+ /* so explicitly disable it no matter what */
+ options.none_switch=0;
+ break;
case 's':
subsystem_flag = 1;
break;
options.local_forwards[i].listen_port,
options.local_forwards[i].connect_host,
options.local_forwards[i].connect_port,
- options.gateway_ports, options.hpn_disabled,
- options.hpn_buffer_size);
+ options.gateway_ports);
}
if (i > 0 && success != i && options.exit_on_forward_failure)
fatal("Could not request local forwarding.");
/* to no. In which case we *can* just set the window to the */
/* minimum of the hpn buffer size and tcp receive buffer size */
- if(options.hpn_disabled)
- {
+ if (tty_flag)
options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
- }
- else if (datafellows & SSH_BUG_LARGEWINDOW)
+ else
+ options.hpn_buffer_size = 2*1024*1024;
+
+ if (datafellows & SSH_BUG_LARGEWINDOW)
{
debug("HPN to Non-HPN Connection");
- if (options.hpn_buffer_size < 0)
- options.hpn_buffer_size = 2*1024*1024;
}
else
{
- if (options.hpn_buffer_size < 0)
- options.hpn_buffer_size = BUFFER_MAX_LEN_HPN;
-
- /*create a socket but don't connect it */
- /* we use that the get the rcv socket size */
- sock = socket(AF_INET, SOCK_STREAM, 0);
- /* if they are using the tcp_rcv_buf option */
- /* attempt to set the buffer size to that */
- if (options.tcp_rcv_buf)
- setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf,
- sizeof(options.tcp_rcv_buf));
- getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
- &socksize, &socksizelen);
- close(sock);
- debug("socksize %d", socksize);
if (options.tcp_rcv_buf_poll <= 0)
{
- options.hpn_buffer_size = MIN(socksize,options.hpn_buffer_size);
- debug ("MIN of TCP RWIN and HPNBufferSize: %d", options.hpn_buffer_size);
+ sock = socket(AF_INET, SOCK_STREAM, 0);
+ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
+ &socksize, &socksizelen);
+ close(sock);
+ debug("socksize %d", socksize);
+ options.hpn_buffer_size = socksize;
+ debug ("HPNBufferSize set to TCP RWIN: %d", options.hpn_buffer_size);
}
else
{
if (options.tcp_rcv_buf > 0)
- options.hpn_buffer_size = MIN(options.tcp_rcv_buf, options.hpn_buffer_size);
- debug ("MIN of TCPRcvBuf and HPNBufferSize: %d", options.hpn_buffer_size);
+ {
+ /*create a socket but don't connect it */
+ /* we use that the get the rcv socket size */
+ sock = socket(AF_INET, SOCK_STREAM, 0);
+ /* if they are using the tcp_rcv_buf option */
+ /* attempt to set the buffer size to that */
+ if (options.tcp_rcv_buf)
+ setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf,
+ sizeof(options.tcp_rcv_buf));
+ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
+ &socksize, &socksizelen);
+ close(sock);
+ debug("socksize %d", socksize);
+ options.hpn_buffer_size = socksize;
+ debug ("HPNBufferSize set to user TCPRcvBuf: %d", options.hpn_buffer_size);
+ }
}
}
window = options.hpn_buffer_size;
+ channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
+
packetmax = CHAN_SES_PACKET_DEFAULT;
if (tty_flag) {
window = 4*CHAN_SES_PACKET_DEFAULT;
"session", SSH_CHANNEL_OPENING, in, out, err,
window, packetmax, CHAN_EXTENDED_WRITE,
"client-session", /*nonblock*/0);
-
if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) {
c->dynamic_window = 1;
debug ("Enabled Dynamic Window Scaling\n");
if (options.tcp_rcv_buf > 0)
ssh_set_socket_recvbuf(sock);
+ if (options.tcp_rcv_buf > 0)
+ ssh_set_socket_recvbuf(sock);
+
/* Bind the socket to an alternative local IP address */
if (options.bind_address == NULL)
return sock;
extern int tty_flag;
+/* tty_flag is set in ssh.c. use this in ssh_userauth2 */
+/* if it is set then prevent the switch to the null cipher */
+
+extern int tty_flag;
+
/*
* SSH2 key exchange
*/
}
#endif
+ /* set the HPN options for the child */
+ channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
+
/*
* We don't want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
-
# the following are HPN related configuration options
# tcp receive buffer polling. disable in non autotuning kernels
#TcpRcvBufPoll yes
#define MGLUE_VERSION ""
#endif
-#define NCSA_VERSION " NCSA_GSSAPI_20080727"
+#define NCSA_VERSION " GLOBUS_GSSAPI_20080730"
#define SSH_VERSION "OpenSSH_5.1"
#define SSH_PORTABLE "p1"
-#define SSH_HPN "-hpn13v1"
+#define SSH_HPN "-hpn13v5"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN \
NCSA_VERSION GSI_VERSION KRB5_VERSION MGLUE_VERSION