From be193d893b9ac147f3b7238fb8c84cc2567b3ff8 Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 11 Jun 2003 12:04:39 +0000 Subject: [PATCH] - jmc@cvs.openbsd.org 2003/06/10 09:12:11 [scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5] [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - section reorder - COMPATIBILITY merge - macro cleanup - kill whitespace at EOL - new sentence, new line ssh pages ok markus@ --- ChangeLog | 13 +++++++++++++ scp.1 | 20 +++++++++++--------- sftp-server.8 | 4 ++-- ssh-add.1 | 40 ++++++++++++++++++++-------------------- ssh-agent.1 | 12 ++++++------ ssh-keygen.1 | 20 ++++++++++---------- ssh-keyscan.1 | 51 +++++++++++++++++++++++++-------------------------- ssh-keysign.8 | 6 +++--- ssh.1 | 23 ++++++++++++----------- ssh_config.5 | 6 +++--- sshd.8 | 24 ++++++++++++------------ sshd_config.5 | 9 ++++----- 12 files changed, 121 insertions(+), 107 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8ffec6dc..a3ba04e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +20030611 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2003/06/10 09:12:11 + [scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5] + [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] + - section reorder + - COMPATIBILITY merge + - macro cleanup + - kill whitespace at EOL + - new sentence, new line + ssh pages ok markus@ + + 20030609 - (djm) Sync README.smartcard with OpenBSD -current - (djm) Re-merge OpenSC info into README.smartcard diff --git a/scp.1 b/scp.1 index a3ec2e0c..a971500e 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.27 2003/03/28 10:11:43 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.28 2003/06/10 09:12:11 jmc Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -148,14 +148,6 @@ to use IPv6 addresses only. .Sh DIAGNOSTICS .Nm exits with 0 on success or >0 if an error occurred. -.Sh AUTHORS -Timo Rinne and Tatu Ylonen -.Sh HISTORY -.Nm -is based on the -.Xr rcp 1 -program in BSD source code from the Regents of the University of -California. .Sh SEE ALSO .Xr rcp 1 , .Xr sftp 1 , @@ -165,3 +157,13 @@ California. .Xr ssh-keygen 1 , .Xr ssh_config 5 , .Xr sshd 8 +.Sh HISTORY +.Nm +is based on the +.Xr rcp 1 +program in BSD source code from the Regents of the University of +California. +.Sh AUTHORS +.An Timo Rinne Aq tri@iki.fi +and +.An Tatu Ylonen Aq ylo@cs.hut.fi diff --git a/sftp-server.8 b/sftp-server.8 index 0a0210a3..871f8379 100644 --- a/sftp-server.8 +++ b/sftp-server.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp-server.8,v 1.8 2001/06/23 05:57:08 deraadt Exp $ +.\" $OpenBSD: sftp-server.8,v 1.9 2003/06/10 09:12:11 jmc Exp $ .\" .\" Copyright (c) 2000 Markus Friedl. All rights reserved. .\" @@ -56,7 +56,7 @@ for more information. .%O work in progress material .Re .Sh AUTHORS -Markus Friedl +.An Markus Friedl Aq markus@openbsd.org .Sh HISTORY .Nm first appeared in OpenBSD 2.8 . diff --git a/ssh-add.1 b/ssh-add.1 index bcdb8e7f..fe019085 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.38 2003/03/28 10:11:43 jmc Exp $ +.\" $OpenBSD: ssh-add.1,v 1.39 2003/06/10 09:12:11 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -109,20 +109,6 @@ Add key in smartcard Remove key in smartcard .Ar reader . .El -.Sh FILES -.Bl -tag -width Ds -.It Pa $HOME/.ssh/identity -Contains the protocol version 1 RSA authentication identity of the user. -.It Pa $HOME/.ssh/id_dsa -Contains the protocol version 2 DSA authentication identity of the user. -.It Pa $HOME/.ssh/id_rsa -Contains the protocol version 2 RSA authentication identity of the user. -.El -.Pp -Identity files should not be readable by anyone but the user. -Note that -.Nm -ignores identity files if they are accessible by others. .Sh ENVIRONMENT .Bl -tag -width Ds .It Ev "DISPLAY" and "SSH_ASKPASS" @@ -152,11 +138,30 @@ to make this work.) Identifies the path of a unix-domain socket used to communicate with the agent. .El +.Sh FILES +.Bl -tag -width Ds +.It Pa $HOME/.ssh/identity +Contains the protocol version 1 RSA authentication identity of the user. +.It Pa $HOME/.ssh/id_dsa +Contains the protocol version 2 DSA authentication identity of the user. +.It Pa $HOME/.ssh/id_rsa +Contains the protocol version 2 RSA authentication identity of the user. +.El +.Pp +Identity files should not be readable by anyone but the user. +Note that +.Nm +ignores identity files if they are accessible by others. .Sh DIAGNOSTICS Exit status is 0 on success, 1 if the specified command fails, and 2 if .Nm is unable to contact the authentication agent. +.Sh SEE ALSO +.Xr ssh 1 , +.Xr ssh-agent 1 , +.Xr ssh-keygen 1 , +.Xr sshd 8 .Sh AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. @@ -166,8 +171,3 @@ removed many bugs, re-added newer features and created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -.Sh SEE ALSO -.Xr ssh 1 , -.Xr ssh-agent 1 , -.Xr ssh-keygen 1 , -.Xr sshd 8 diff --git a/ssh-agent.1 b/ssh-agent.1 index eae6716b..aab15cc7 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.38 2003/05/14 13:11:56 jmc Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.39 2003/06/10 09:12:11 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -179,6 +179,11 @@ authentication agent. These sockets should only be readable by the owner. The sockets should get automatically removed when the agent exits. .El +.Sh SEE ALSO +.Xr ssh 1 , +.Xr ssh-add 1 , +.Xr ssh-keygen 1 , +.Xr sshd 8 .Sh AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. @@ -188,8 +193,3 @@ removed many bugs, re-added newer features and created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -.Sh SEE ALSO -.Xr ssh 1 , -.Xr ssh-add 1 , -.Xr ssh-keygen 1 , -.Xr sshd 8 diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 1583384a..fc6b5a5e 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.58 2003/05/20 12:09:31 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.59 2003/06/10 09:12:11 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -285,15 +285,6 @@ on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. .El -.Sh AUTHORS -OpenSSH is a derivative of the original and free -ssh 1.2.12 release by Tatu Ylonen. -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, -Theo de Raadt and Dug Song -removed many bugs, re-added newer features and -created OpenSSH. -Markus Friedl contributed the support for SSH -protocol versions 1.5 and 2.0. .Sh SEE ALSO .Xr ssh 1 , .Xr ssh-add 1 , @@ -307,3 +298,12 @@ protocol versions 1.5 and 2.0. .%D March 2001 .%O work in progress material .Re +.Sh AUTHORS +OpenSSH is a derivative of the original and free +ssh 1.2.12 release by Tatu Ylonen. +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, +Theo de Raadt and Dug Song +removed many bugs, re-added newer features and +created OpenSSH. +Markus Friedl contributed the support for SSH +protocol versions 1.5 and 2.0. diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 6d27569e..572751f6 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.16 2003/05/12 18:35:18 markus Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.17 2003/06/10 09:12:11 jmc Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -103,24 +103,6 @@ On the other hand, if the security model allows such a risk, .Nm can help in the detection of tampered keyfiles or man in the middle attacks which have begun after the ssh_known_hosts file was created. -.Sh EXAMPLES -.Pp -Print the -.Pa rsa1 -host key for machine -.Pa hostname : -.Bd -literal -$ ssh-keyscan hostname -.Ed -.Pp -Find all hosts from the file -.Pa ssh_hosts -which have new or different keys from those in the sorted file -.Pa ssh_known_hosts : -.Bd -literal -$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e\ - sort -u - ssh_known_hosts | diff ssh_known_hosts - -.Ed .Sh FILES .Pa Input format: .Bd -literal @@ -145,16 +127,33 @@ or .Dq ssh-dss . .Pp .Pa /etc/ssh/ssh_known_hosts -.Sh BUGS -It generates "Connection closed by remote host" messages on the consoles -of all the machines it scans if the server is older than version 2.9. -This is because it opens a connection to the ssh port, reads the public -key, and drops the connection as soon as it gets the key. +.Sh EXAMPLES +Print the +.Pa rsa1 +host key for machine +.Pa hostname : +.Bd -literal +$ ssh-keyscan hostname +.Ed +.Pp +Find all hosts from the file +.Pa ssh_hosts +which have new or different keys from those in the sorted file +.Pa ssh_known_hosts : +.Bd -literal +$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e + sort -u - ssh_known_hosts | diff ssh_known_hosts - +.Ed .Sh SEE ALSO .Xr ssh 1 , .Xr sshd 8 .Sh AUTHORS -David Mazieres +.An David Mazieres Aq dm@lcs.mit.edu wrote the initial version, and -Wayne Davison +.An Wayne Davison Aq wayned@users.sourceforge.net added support for protocol version 2. +.Sh BUGS +It generates "Connection closed by remote host" messages on the consoles +of all the machines it scans if the server is older than version 2.9. +This is because it opens a connection to the ssh port, reads the public +key, and drops the connection as soon as it gets the key. diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 2e3f8ff3..a17e8d5c 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.6 2003/03/28 10:11:43 jmc Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.7 2003/06/10 09:12:11 jmc Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -74,9 +74,9 @@ must be set-uid root if hostbased authentication is used. .Xr ssh-keygen 1 , .Xr ssh_config 5 , .Xr sshd 8 -.Sh AUTHORS -Markus Friedl .Sh HISTORY .Nm first appeared in .Ox 3.2 . +.Sh AUTHORS +.An Markus Friedl Aq markus@openbsd.org diff --git a/ssh.1 b/ssh.1 index d8af4de6..defc0e64 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.172 2003/05/20 12:09:31 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.173 2003/06/10 09:12:11 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -922,7 +922,8 @@ or .Xr rsh 1 . .It Pa /etc/hosts.equiv This file is used during -.Pa \&.rhosts authentication. +.Pa \&.rhosts +authentication. It contains canonical hosts names, one per line (the full format is described on the @@ -964,15 +965,6 @@ above. .Nm exits with the exit status of the remote command or with 255 if an error occurred. -.Sh AUTHORS -OpenSSH is a derivative of the original and free -ssh 1.2.12 release by Tatu Ylonen. -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, -Theo de Raadt and Dug Song -removed many bugs, re-added newer features and -created OpenSSH. -Markus Friedl contributed the support for SSH -protocol versions 1.5 and 2.0. .Sh SEE ALSO .Xr rsh 1 , .Xr scp 1 , @@ -995,3 +987,12 @@ protocol versions 1.5 and 2.0. .%D January 2002 .%O work in progress material .Re +.Sh AUTHORS +OpenSSH is a derivative of the original and free +ssh 1.2.12 release by Tatu Ylonen. +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, +Theo de Raadt and Dug Song +removed many bugs, re-added newer features and +created OpenSSH. +Markus Friedl contributed the support for SSH +protocol versions 1.5 and 2.0. diff --git a/ssh_config.5 b/ssh_config.5 index aa86897a..85a686b0 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.12 2003/06/02 08:31:10 jakob Exp $ +.\" $OpenBSD: ssh_config.5,v 1.13 2003/06/10 09:12:12 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -664,6 +664,8 @@ values that are not specified in the user's configuration file, and for those users who do not have a configuration file. This file must be world-readable. .El +.Sh SEE ALSO +.Xr ssh 1 .Sh AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. @@ -673,5 +675,3 @@ removed many bugs, re-added newer features and created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -.Sh SEE ALSO -.Xr ssh 1 diff --git a/sshd.8 b/sshd.8 index 827f4f77..1cad834f 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.197 2003/05/20 12:09:32 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.198 2003/06/10 09:12:12 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -771,17 +771,6 @@ This can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. .El -.Sh AUTHORS -OpenSSH is a derivative of the original and free -ssh 1.2.12 release by Tatu Ylonen. -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, -Theo de Raadt and Dug Song -removed many bugs, re-added newer features and -created OpenSSH. -Markus Friedl contributed the support for SSH -protocol versions 1.5 and 2.0. -Niels Provos and Markus Friedl contributed support -for privilege separation. .Sh SEE ALSO .Xr scp 1 , .Xr sftp 1 , @@ -813,3 +802,14 @@ for privilege separation. .%D January 2002 .%O work in progress material .Re +.Sh AUTHORS +OpenSSH is a derivative of the original and free +ssh 1.2.12 release by Tatu Ylonen. +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, +Theo de Raadt and Dug Song +removed many bugs, re-added newer features and +created OpenSSH. +Markus Friedl contributed the support for SSH +protocol versions 1.5 and 2.0. +Niels Provos and Markus Friedl contributed support +for privilege separation. diff --git a/sshd_config.5 b/sshd_config.5 index 0c6108e0..522911a3 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.18 2003/06/02 09:17:34 markus Exp $ +.\" $OpenBSD: sshd_config.5,v 1.19 2003/06/10 09:12:12 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -660,7 +660,7 @@ display server may be exposed to attack when the ssh client requests forwarding (see the warnings for .Cm ForwardX11 in -.Xr ssh_config 5 ). +.Xr ssh_config 5 ) . A system administrator may have a stance in which they want to protect clients that may expose themselves to attack by unwittingly requesting X11 forwarding, which can warrant a @@ -706,7 +706,6 @@ The default is .Pa /usr/X11R6/bin/xauth . .El .Ss Time Formats -.Pp .Nm sshd command-line arguments and configuration file options that specify time may be expressed using a sequence of the form: @@ -755,6 +754,8 @@ Contains configuration data for This file should be writable by root only, but it is recommended (though not necessary) that it be world-readable. .El +.Sh SEE ALSO +.Xr sshd 8 .Sh AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. @@ -766,5 +767,3 @@ Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -.Sh SEE ALSO -.Xr sshd 8 -- 2.45.1