tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: allow -A to explicitly enable agent forwarding in scp and 

sftp. The default remains to not forward an agent, even when ssh_config
enables it. ok jmc dtucker markus

OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
This commit is contained in:
djm@openbsd.org 2020-08-03 02:43:41 +00:00 committed by Damien Miller
parent ab9105470a
commit a8732d74cb
4 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
scp.1
View File

@ -8,9 +8,9 @@
.\" .\"
.\" Created: Sun May 7 00:14:37 1995 ylo .\" Created: Sun May 7 00:14:37 1995 ylo
.\" .\"
.\" $OpenBSD: scp.1,v 1.89 2020/04/30 18:28:37 jmc Exp $ .\" $OpenBSD: scp.1,v 1.90 2020/08/03 02:43:41 djm Exp $
.\" .\"
.Dd $Mdocdate: April 30 2020 $ .Dd $Mdocdate: August 3 2020 $
.Dt SCP 1 .Dt SCP 1
.Os .Os
.Sh NAME .Sh NAME
@ -18,7 +18,7 @@
.Nd OpenSSH secure file copy .Nd OpenSSH secure file copy
.Sh SYNOPSIS .Sh SYNOPSIS
.Nm scp .Nm scp
.Op Fl 346BCpqrTv .Op Fl 346ABCpqrTv
.Op Fl c Ar cipher .Op Fl c Ar cipher
.Op Fl F Ar ssh_config .Op Fl F Ar ssh_config
.Op Fl i Ar identity_file .Op Fl i Ar identity_file
@ -86,6 +86,11 @@ to use IPv4 addresses only.
Forces Forces
.Nm .Nm
to use IPv6 addresses only. to use IPv6 addresses only.
.It Fl A
Allows forwarding of
.Xr ssh-agent 1
to the remote system.
The default is not to forward an authentication agent.
.It Fl B .It Fl B
Selects batch mode (prevents asking for passwords or passphrases). Selects batch mode (prevents asking for passwords or passphrases).
.It Fl C .It Fl C

11
scp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: scp.c,v 1.211 2020/05/29 21:22:02 millert Exp $ */ /* $OpenBSD: scp.c,v 1.212 2020/08/03 02:43:41 djm Exp $ */
/* /*
* scp - secure remote copy. This is basically patched BSD rcp which * scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd). * uses ssh to do the data transfer (instead of using rcmd).
@ -425,7 +425,6 @@ main(int argc, char **argv)
args.list = remote_remote_args.list = NULL; args.list = remote_remote_args.list = NULL;
addargs(&args, "%s", ssh_program); addargs(&args, "%s", ssh_program);
addargs(&args, "-x"); addargs(&args, "-x");
addargs(&args, "-oForwardAgent=no");
addargs(&args, "-oPermitLocalCommand=no"); addargs(&args, "-oPermitLocalCommand=no");
addargs(&args, "-oClearAllForwardings=yes"); addargs(&args, "-oClearAllForwardings=yes");
addargs(&args, "-oRemoteCommand=none"); addargs(&args, "-oRemoteCommand=none");
@ -433,7 +432,7 @@ main(int argc, char **argv)
fflag = Tflag = tflag = 0; fflag = Tflag = tflag = 0;
while ((ch = getopt(argc, argv, while ((ch = getopt(argc, argv,
"dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) { "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:")) != -1) {
switch (ch) { switch (ch) {
/* User-visible flags. */ /* User-visible flags. */
case '1': case '1':
@ -442,6 +441,7 @@ main(int argc, char **argv)
case '2': case '2':
/* Ignored */ /* Ignored */
break; break;
case 'A':
case '4': case '4':
case '6': case '6':
case 'C': case 'C':
@ -523,6 +523,9 @@ main(int argc, char **argv)
argc -= optind; argc -= optind;
argv += optind; argv += optind;
/* Do this last because we want the user to be able to override it */
addargs(&args, "-oForwardAgent=no");
if ((pwd = getpwuid(userid = getuid())) == NULL) if ((pwd = getpwuid(userid = getuid())) == NULL)
fatal("unknown user %u", (u_int) userid); fatal("unknown user %u", (u_int) userid);
@ -1593,7 +1596,7 @@ void
usage(void) usage(void)
{ {
(void) fprintf(stderr, (void) fprintf(stderr,
"usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" "usage: scp [-346ABCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
" [-J destination] [-l limit] [-o ssh_option] [-P port]\n" " [-J destination] [-l limit] [-o ssh_option] [-P port]\n"
" [-S program] source ... target\n"); " [-S program] source ... target\n");
exit(1); exit(1);

11
sftp.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: sftp.1,v 1.131 2020/04/23 21:28:09 jmc Exp $ .\" $OpenBSD: sftp.1,v 1.132 2020/08/03 02:43:41 djm Exp $
.\" .\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\" .\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: April 23 2020 $ .Dd $Mdocdate: August 3 2020 $
.Dt SFTP 1 .Dt SFTP 1
.Os .Os
.Sh NAME .Sh NAME
@ -30,7 +30,7 @@
.Nd OpenSSH secure file transfer .Nd OpenSSH secure file transfer
.Sh SYNOPSIS .Sh SYNOPSIS
.Nm sftp .Nm sftp
.Op Fl 46aCfNpqrv .Op Fl 46AaCfNpqrv
.Op Fl B Ar buffer_size .Op Fl B Ar buffer_size
.Op Fl b Ar batchfile .Op Fl b Ar batchfile
.Op Fl c Ar cipher .Op Fl c Ar cipher
@ -104,6 +104,11 @@ to use IPv4 addresses only.
Forces Forces
.Nm .Nm
to use IPv6 addresses only. to use IPv6 addresses only.
.It Fl A
Allows forwarding of
.Xr ssh-agent 1
to the remote system.
The default is not to forward an authentication agent.
.It Fl a .It Fl a
Attempt to continue interrupted transfers rather than overwriting Attempt to continue interrupted transfers rather than overwriting
existing partial or complete copies of files. existing partial or complete copies of files.

11
sftp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp.c,v 1.200 2020/04/03 05:53:52 jmc Exp $ */ /* $OpenBSD: sftp.c,v 1.201 2020/08/03 02:43:41 djm Exp $ */
/* /*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
* *
@ -2363,7 +2363,7 @@ usage(void)
extern char *__progname; extern char *__progname;
fprintf(stderr, fprintf(stderr,
"usage: %s [-46aCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" "usage: %s [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n"
" [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n" " [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n"
" [-J destination] [-l limit] [-o ssh_option] [-P port]\n" " [-J destination] [-l limit] [-o ssh_option] [-P port]\n"
" [-R num_requests] [-S program] [-s subsystem | sftp_server]\n" " [-R num_requests] [-S program] [-s subsystem | sftp_server]\n"
@ -2401,7 +2401,6 @@ main(int argc, char **argv)
args.list = NULL; args.list = NULL;
addargs(&args, "%s", ssh_program); addargs(&args, "%s", ssh_program);
addargs(&args, "-oForwardX11 no"); addargs(&args, "-oForwardX11 no");
addargs(&args, "-oForwardAgent no");
addargs(&args, "-oPermitLocalCommand no"); addargs(&args, "-oPermitLocalCommand no");
addargs(&args, "-oClearAllForwardings yes"); addargs(&args, "-oClearAllForwardings yes");
@ -2409,9 +2408,10 @@ main(int argc, char **argv)
infile = stdin; infile = stdin;
while ((ch = getopt(argc, argv, while ((ch = getopt(argc, argv,
"1246afhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) { "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) {
switch (ch) { switch (ch) {
/* Passed through to ssh(1) */ /* Passed through to ssh(1) */
case 'A':
case '4': case '4':
case '6': case '6':
case 'C': case 'C':
@ -2511,6 +2511,9 @@ main(int argc, char **argv)
} }
} }
/* Do this last because we want the user to be able to override it */
addargs(&args, "-oForwardAgent no");
if (!isatty(STDERR_FILENO)) if (!isatty(STDERR_FILENO))
showprogress = 0; showprogress = 0;