- dtucker@cvs.openbsd.org 2006/01/20 00:14:55

     [scp.1 ssh.1 ssh_config.5 sftp.1]
     Document RekeyLimit.  Based on patch from jan.iven at cern.ch from mindrot
     #1056 with feedback from jmc, djm and markus; ok jmc@ djm@

diff --git a/ChangeLog b/ChangeLog
index 1c81a27fa390ce5e0eba9cbfd95d634fa9f190a7..aae0444411bd6f283fb59e9b9dd97e3777a6bd40 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,10 @@
    - jmc@cvs.openbsd.org 2006/01/18 10:53:29
      [ssh.1]
      add a section on ssh-based vpn, based on reyk's README.tun;
+   - dtucker@cvs.openbsd.org 2006/01/20 00:14:55
+     [scp.1 ssh.1 ssh_config.5 sftp.1]
+     Document RekeyLimit.  Based on patch from jan.iven at cern.ch from mindrot
+     #1056 with feedback from jmc, djm and markus; ok jmc@ djm@
 
 20060114
  - (djm) OpenBSD CVS Sync

diff --git a/scp.1 b/scp.1
index b5191e318129fd8fd478041ef9eb708530981622..d9b1f8e8fa58dd37e421fd67f54fc87f23e02b1b 100644 (file)
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.38 2005/03/01 17:19:35 jmc Exp $
+.\" $OpenBSD: scp.1,v 1.39 2006/01/20 00:14:55 dtucker Exp $
 .\"
 .Dd September 25, 1999
 .Dt SCP 1
@@ -152,6 +152,7 @@ For full details of the options listed below, and their possible values, see
 .It Protocol
 .It ProxyCommand
 .It PubkeyAuthentication
+.It RekeyLimit
 .It RhostsRSAAuthentication
 .It RSAAuthentication
 .It SendEnv

diff --git a/sftp.1 b/sftp.1
index 6b500596c2fe3f0a47cc45fdd00b776a6c79498a..47aafa89e61b0d6ba328f7dd2e7cabd3258ac971 100644 (file)
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.62 2005/12/30 16:59:00 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.63 2006/01/20 00:14:55 dtucker Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -180,6 +180,7 @@ For full details of the options listed below, and their possible values, see
 .It Protocol
 .It ProxyCommand
 .It PubkeyAuthentication
+.It RekeyLimit
 .It RhostsRSAAuthentication
 .It RSAAuthentication
 .It SendEnv

diff --git a/ssh.1 b/ssh.1
index 661e8f96226b2d0998004d56bd615643e54f1363..3fe142dc1903ae7efa2d931e43ffb70713d25500 100644 (file)
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.250 2006/01/18 10:53:29 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.251 2006/01/20 00:14:55 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -477,6 +477,7 @@ For full details of the options listed below, and their possible values, see
 .It Protocol
 .It ProxyCommand
 .It PubkeyAuthentication
+.It RekeyLimit
 .It RemoteForward
 .It RhostsRSAAuthentication
 .It RSAAuthentication

diff --git a/ssh_config.5 b/ssh_config.5
index e8186a988630cbbda320fa71b571f7fae33797ed..790c9b204559d9fe831ad21a182c8fdeb0713ad6 100644 (file)
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.74 2006/01/12 22:26:02 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.75 2006/01/20 00:14:55 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -718,6 +718,21 @@ or
 The default is
 .Dq yes .
 This option applies to protocol version 2 only.
+.It Cm RekeyLimit
+Specifies the maximum amount of data that may be transmitted before the
+session key will be renegotiated.
+The argument is the number of bytes, with an optional suffix of
+.Dq K ,
+.Dq M ,
+or
+.Dq G
+to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
+The default is between
+.Dq 1G
+and
+.Dq 4G ,
+depending on the cipher.
+Note that this option applies to protocol version 2 only.
 .It Cm RemoteForward
 Specifies that a TCP port on the remote machine be forwarded over
 the secure channel to the specified host and port from the local machine.