[sftp.1 ssh.1 sshd.8 ssh-keyscan.1]
kill whitespace at EOL.
[ssh-keygen.c]
fix import for (broken?) ssh.com/f-secure private keys
(i tested > 1000 RSA keys)
[ssh-keygen.c]
fix import for (broken?) ssh.com/f-secure private keys
(i tested > 1000 RSA keys)
+ - itojun@cvs.openbsd.org 2001/06/23 17:48:18
+ [sftp.1 ssh.1 sshd.8 ssh-keyscan.1]
+ kill whitespace at EOL.
20010622
- (stevesk) handle systems without pw_expire and pw_change.
20010622
- (stevesk) handle systems without pw_expire and pw_change.
-.\" $OpenBSD: sftp.1,v 1.20 2001/06/23 05:57:08 deraadt Exp $
+.\" $OpenBSD: sftp.1,v 1.21 2001/06/23 17:48:18 itojun Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
.Nm sftp
.Op [\fIuser\fR@]\fIhost\fR[:\fIfile\fR [\fIfile\fR]]
.Nm sftp
.Nm sftp
.Op [\fIuser\fR@]\fIhost\fR[:\fIfile\fR [\fIfile\fR]]
.Nm sftp
-.Op [\fIuser\fR@]\fIhost\fR[:\fIdir\fR[\fI/\fR]]
+.Op [\fIuser\fR@]\fIhost\fR[:\fIdir\fR[\fI/\fR]]
.Sh DESCRIPTION
.Nm
is an interactive file transfer program, similar to
.Sh DESCRIPTION
.Nm
is an interactive file transfer program, similar to
.Ar host ,
then enters an interactive command mode.
.Pp
.Ar host ,
then enters an interactive command mode.
.Pp
-The second usage format will retrieve files automatically if a non-interactive
+The second usage format will retrieve files automatically if a non-interactive
authentication method is used; otherwise it will do so after
successful interactive authentication.
.Pp
authentication method is used; otherwise it will do so after
successful interactive authentication.
.Pp
Since it lacks user interaction it should be used in conjunction with
non-interactive authentication.
.Nm
Since it lacks user interaction it should be used in conjunction with
non-interactive authentication.
.Nm
-will abort if any of the following
-commands fail:
+will abort if any of the following
+commands fail:
.Ic get , put , rename , ln , rm , mkdir , chdir , lchdir
and
.Ic lmkdir .
.It Fl C
.Ic get , put , rename , ln , rm , mkdir , chdir , lchdir
and
.Ic lmkdir .
.It Fl C
-Enables compression (via ssh's
+Enables compression (via ssh's
.Fl C
flag)
.It Fl o Ar ssh_option
.Fl C
flag)
.It Fl o Ar ssh_option
.Sh INTERACTIVE COMMANDS
Once in interactive mode,
.Nm
.Sh INTERACTIVE COMMANDS
Once in interactive mode,
.Nm
-understands a set of commands similar to those of
+understands a set of commands similar to those of
.Xr ftp 1 .
Commands are case insensitive and pathnames may be enclosed in quotes if they
contain spaces.
.Bl -tag -width Ds
.It Ic cd Ar path
.Xr ftp 1 .
Commands are case insensitive and pathnames may be enclosed in quotes if they
contain spaces.
.Bl -tag -width Ds
.It Ic cd Ar path
-Change remote directory to
+Change remote directory to
.Ar path .
.It Ic lcd Ar path
.Ar path .
.It Ic lcd Ar path
-Change local directory to
+Change local directory to
.Ar path .
.It Ic chgrp Ar grp Ar path
.Ar path .
.It Ic chgrp Ar grp Ar path
.Ar path
to
.Ar grp .
.Ar grp
must be a numeric GID.
.It Ic chmod Ar mode Ar path
.Ar path
to
.Ar grp .
.Ar grp
must be a numeric GID.
.It Ic chmod Ar mode Ar path
-Change permissions of file
+Change permissions of file
.Ar path
to
.Ar mode .
.It Ic chown Ar own Ar path
.Ar path
to
.Ar mode .
.It Ic chown Ar own Ar path
.Ar remote-path
and store it on the local machine.
If the local
.Ar remote-path
and store it on the local machine.
If the local
-path name is not specified, it is given the same name it has on the
-remote machine. If the
+path name is not specified, it is given the same name it has on the
+remote machine. If the
.Fl P
flag is specified, then the file's full permission and access time are
copied too.
.It Ic help
Display help text.
.It Ic lls Op Ar ls-options Op Ar path
.Fl P
flag is specified, then the file's full permission and access time are
copied too.
.It Ic help
Display help text.
.It Ic lls Op Ar ls-options Op Ar path
-Display local directory listing of either
+Display local directory listing of either
.Ar path
or current directory if
.Ar path
.Ar path
or current directory if
.Ar path
Create local directory specified by
.Ar path .
.It Ic ln Ar oldpath Ar newpath
Create local directory specified by
.Ar path .
.It Ic ln Ar oldpath Ar newpath
-Create a symbolic link from
+Create a symbolic link from
.Ar oldpath
to
.Ar newpath .
.Ar oldpath
to
.Ar newpath .
.Ar path
is not specified.
.It Ic lumask Ar umask
.Ar path
is not specified.
.It Ic lumask Ar umask
.Ar umask .
.It Ic mkdir Ar path
Create remote directory specified by
.Ar umask .
.It Ic mkdir Ar path
Create remote directory specified by
.Xc
Upload
.Ar local-path
.Xc
Upload
.Ar local-path
-and store it on the remote machine. If the remote path name is not
-specified, it is given the same name it has on the local machine. If the
+and store it on the remote machine. If the remote path name is not
+specified, it is given the same name it has on the local machine. If the
.Fl P
flag is specified, then the file's full permission and access time are
copied too.
.Fl P
flag is specified, then the file's full permission and access time are
copied too.
Delete remote file specified by
.Ar path .
.It Ic symlink Ar oldpath Ar newpath
Delete remote file specified by
.Ar path .
.It Ic symlink Ar oldpath Ar newpath
-Create a symbolic link from
+Create a symbolic link from
.Ar oldpath
to
.Ar newpath .
.It Ic ! Ar command
.Ar oldpath
to
.Ar newpath .
.It Ic ! Ar command
.Ar command
in local shell.
.It Ic !
.Ar command
in local shell.
.It Ic !
-.\" $OpenBSD: ssh-keyscan.1,v 1.7 2001/06/22 10:17:51 mpech Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.8 2001/06/23 17:48:18 itojun Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
.Sh OPTIONS
.Bl -tag -width Ds
.It Fl t
.Sh OPTIONS
.Bl -tag -width Ds
.It Fl t
-Set the timeout for connection attempts. If
+Set the timeout for connection attempts. If
.Pa timeout
seconds have elapsed since a connection was initiated to a host or since the
last time anything was read from that host, then the connection is
closed and the host in question considered unavailable. Default is 5
seconds.
.It Fl f
.Pa timeout
seconds have elapsed since a connection was initiated to a host or since the
last time anything was read from that host, then the connection is
closed and the host in question considered unavailable. Default is 5
seconds.
.It Fl f
.Pa addrlist namelist
pairs from this file, one per line.
If
.Pa -
is supplied instead of a filename,
.Nm
.Pa addrlist namelist
pairs from this file, one per line.
If
.Pa -
is supplied instead of a filename,
.Nm
.Pa addrlist namelist
pairs from the standard input.
.El
.Pa addrlist namelist
pairs from the standard input.
.El
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.116 2001/06/23 02:34:31 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.117 2001/06/23 17:48:19 itojun Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
.Dd September 25, 1999
.Dt SSH 1
.Os
.Ss Escape Characters
.Pp
When a pseudo terminal has been requested, ssh supports a number of functions
.Ss Escape Characters
.Pp
When a pseudo terminal has been requested, ssh supports a number of functions
-through the use of an escape character.
+through the use of an escape character.
.Pp
A single tilde character can be sent as
.Ic ~~
.Pp
A single tilde character can be sent as
.Ic ~~
special.
The escape character can be changed in configuration files using the
.Cm EscapeChar
special.
The escape character can be changed in configuration files using the
.Cm EscapeChar
-configuration directive or on the command line by the
+configuration directive or on the command line by the
Causes all warning and diagnostic messages to be suppressed.
Only fatal errors are displayed.
.It Fl s
Causes all warning and diagnostic messages to be suppressed.
Only fatal errors are displayed.
.It Fl s
-May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use
-of SSH as a secure transport for other applications (eg. sftp). The
+May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use
+of SSH as a secure transport for other applications (eg. sftp). The
subsystem is specified as the remote command.
.It Fl t
Force pseudo-tty allocation.
subsystem is specified as the remote command.
.It Fl t
Force pseudo-tty allocation.
Specifies the cipher to use for encrypting the session
in protocol version 1.
Currently,
Specifies the cipher to use for encrypting the session
in protocol version 1.
Currently,
and
.Dq 3des
are supported.
and
.Dq 3des
are supported.
QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
The default is INFO.
.It Cm MACs
QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
The default is INFO.
.It Cm MACs
-Specifies the MAC (message authentication code) algorithms
+Specifies the MAC (message authentication code) algorithms
in order of preference.
The MAC algorithm is used in protocol version 2
for data integrity protection.
in order of preference.
The MAC algorithm is used in protocol version 2
for data integrity protection.
Specifies the port number to connect on the remote host.
Default is 22.
.It Cm PreferredAuthentications
Specifies the port number to connect on the remote host.
Default is 22.
.It Cm PreferredAuthentications
-Specifies the order in which the client should try protocol 2
-authentication methods. This allows a client to prefer one method (e.g.
+Specifies the order in which the client should try protocol 2
+authentication methods. This allows a client to prefer one method (e.g.
.Cm keyboard-interactive )
over another method (e.g.
.Cm password )
.Cm keyboard-interactive )
over another method (e.g.
.Cm password )
authentication time on slow connections when rhosts authentication is
not used.
Most servers do not permit RhostsAuthentication because it
authentication time on slow connections when rhosts authentication is
not used.
Most servers do not permit RhostsAuthentication because it
.Cm RhostsRSAAuthentication ) .
The argument to this keyword must be
.Dq yes
.Cm RhostsRSAAuthentication ) .
The argument to this keyword must be
.Dq yes
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.132 2001/06/23 03:03:59 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.133 2001/06/23 17:48:19 itojun Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
.Dd September 25, 1999
.Dt SSHD 8
.Os
.Dq aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour.
.It Cm ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received
.Dq aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour.
.It Cm ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received
.Nm
will send a message through the encrypted
channel to request a response from the client.
.Nm
will send a message through the encrypted
channel to request a response from the client.
sent without
.Nm
receiving any messages back from the client. If this threshold is
sent without
.Nm
receiving any messages back from the client. If this threshold is
-reached while client alive messages are being sent,
+reached while client alive messages are being sent,
.Nm
will disconnect the client, terminating the session. It is important
.Nm
will disconnect the client, terminating the session. It is important
-to note that the use of client alive messages is very different from
+to note that the use of client alive messages is very different from
.Cm Keepalive
(below). The client alive messages are sent through the
encrypted channel and therefore will not be spoofable. The TCP keepalive
.Cm Keepalive
(below). The client alive messages are sent through the
encrypted channel and therefore will not be spoofable. The TCP keepalive
The default value is 3. If you set
.Cm ClientAliveInterval
(above) to 15, and leave this value at the default, unresponsive ssh clients
The default value is 3. If you set
.Cm ClientAliveInterval
(above) to 15, and leave this value at the default, unresponsive ssh clients
-will be disconnected after approximately 45 seconds.
+will be disconnected after approximately 45 seconds.
.It Cm DenyGroups
This keyword can be followed by a number of group names, separated
by spaces.
.It Cm DenyGroups
This keyword can be followed by a number of group names, separated
by spaces.
Note that
.Xr login 1
is never used for remote command execution.
Note that
.Xr login 1
is never used for remote command execution.
-Note also, that if this is enabled,
-.Cm X11Forwarding
+Note also, that if this is enabled,
+.Cm X11Forwarding
will be disabled because
.Xr login 1
does not know how to handle
will be disabled because
.Xr login 1
does not know how to handle
cookies.
.It Cm X11DisplayOffset
Specifies the first display number available for
cookies.
.It Cm X11DisplayOffset
Specifies the first display number available for
.Dq no .
Note that disabling X11 forwarding does not improve security in any
way, as users can always install their own forwarders.
.Dq no .
Note that disabling X11 forwarding does not improve security in any
way, as users can always install their own forwarders.
-X11 forwarding is automatically disabled if
-.Cm UseLogin
-is enabled.
+X11 forwarding is automatically disabled if
+.Cm UseLogin
+is enabled.
.It Cm XAuthLocation
Specifies the location of the
.Xr xauth 1
.It Cm XAuthLocation
Specifies the location of the
.Xr xauth 1
.It Cm no-pty
Prevents tty allocation (a request to allocate a pty will fail).
.It Cm permitopen="host:port"
.It Cm no-pty
Prevents tty allocation (a request to allocate a pty will fail).
.It Cm permitopen="host:port"
.Li ``ssh -L''
port forwarding such that it may only connect to the specified host and
.Li ``ssh -L''
port forwarding such that it may only connect to the specified host and
-options may be applied separated by commas. No pattern matching is
-performed on the specified hostnames, they must be literal domains or
+options may be applied separated by commas. No pattern matching is
+performed on the specified hostnames, they must be literal domains or
addresses.
.El
.Ss Examples
addresses.
.El
.Ss Examples