tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-26 07:15:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

- jmc@cvs.openbsd.org 2010/08/08 19:36:30

Browse Source 
[ssh-keysign.8 ssh.1 sshd.8]
     use the same template for all FILES sections; i.e. -compact/.Pp where we
     have multiple items, and .Pa for path names;
This commit is contained in:
Damien Miller 2010-08-31 22:31:14 +10:00
parent 6889abd9ad
commit afdae61635
4 changed files with 67 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
20100931
- OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2010/08/08 19:36:30
[ssh-keysign.8 ssh.1 sshd.8]
use the same template for all FILES sections; i.e. -compact/.Pp where we
have multiple items, and .Pa for path names;
20100827 20100827
- (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
remove. Patch from martynas at venck us remove. Patch from martynas at venck us

14
ssh-keysign.8
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keysign.8,v 1.10 2010/08/04 05:42:47 djm Exp $ .\" $OpenBSD: ssh-keysign.8,v 1.11 2010/08/08 19:36:30 jmc Exp $
.\" .\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\" .\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: August 4 2010 $ .Dd $Mdocdate: August 8 2010 $
.Dt SSH-KEYSIGN 8 .Dt SSH-KEYSIGN 8
.Os .Os
.Sh NAME .Sh NAME
@ -55,12 +55,14 @@ and
.Xr sshd 8 .Xr sshd 8
for more information about host-based authentication. for more information about host-based authentication.
.Sh FILES .Sh FILES
.Bl -tag -width Ds .Bl -tag -width Ds -compact
.It Pa /etc/ssh/ssh_config .It Pa /etc/ssh/ssh_config
Controls whether Controls whether
.Nm .Nm
is enabled. is enabled.
.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key .Pp
.It Pa /etc/ssh/ssh_host_dsa_key
.It Pa /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to These files contain the private parts of the host keys used to
generate the digital signature. generate the digital signature.
They should be owned by root, readable only by root, and not They should be owned by root, readable only by root, and not
@ -68,7 +70,9 @@ accessible to others.
Since they are readable only by root, Since they are readable only by root,
.Nm .Nm
must be set-uid root if host-based authentication is used. must be set-uid root if host-based authentication is used.
.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub, /etc/ssh/ssh_host_rsa_key-cert.pub .Pp
.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist they are assumed to contain public certificate If these files exist they are assumed to contain public certificate
information corresponding with the private keys above. information corresponding with the private keys above.
.El .El

46
ssh.1
View File

@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh.1,v 1.308 2010/08/04 05:37:01 djm Exp $ .\" $OpenBSD: ssh.1,v 1.309 2010/08/08 19:36:30 jmc Exp $
.Dd $Mdocdate: August 4 2010 $ .Dd $Mdocdate: August 8 2010 $
.Dt SSH 1 .Dt SSH 1
.Os .Os
.Sh NAME .Sh NAME
@ -1250,7 +1250,7 @@ option in
.Xr sshd_config 5 . .Xr sshd_config 5 .
.Sh FILES .Sh FILES
.Bl -tag -width Ds -compact .Bl -tag -width Ds -compact
.It ~/.rhosts .It Pa ~/.rhosts
This file is used for host-based authentication (see above). This file is used for host-based authentication (see above).
On some machines this file may need to be On some machines this file may need to be
world-readable if the user's home directory is on an NFS partition, world-readable if the user's home directory is on an NFS partition,
@ -1263,20 +1263,20 @@ The recommended
permission for most machines is read/write for the user, and not permission for most machines is read/write for the user, and not
accessible by others. accessible by others.
.Pp .Pp
.It ~/.shosts .It Pa ~/.shosts
This file is used in exactly the same way as This file is used in exactly the same way as
.Pa .rhosts , .Pa .rhosts ,
but allows host-based authentication without permitting login with but allows host-based authentication without permitting login with
rlogin/rsh. rlogin/rsh.
.Pp .Pp
.It ~/.ssh/ .It Pa ~/.ssh/
This directory is the default location for all user-specific configuration This directory is the default location for all user-specific configuration
and authentication information. and authentication information.
There is no general requirement to keep the entire contents of this directory There is no general requirement to keep the entire contents of this directory
secret, but the recommended permissions are read/write/execute for the user, secret, but the recommended permissions are read/write/execute for the user,
and not accessible by others. and not accessible by others.
.Pp .Pp
.It ~/.ssh/authorized_keys .It Pa ~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in as this user. Lists the public keys (RSA/DSA) that can be used for logging in as this user.
The format of this file is described in the The format of this file is described in the
.Xr sshd 8 .Xr sshd 8
@ -1284,21 +1284,21 @@ manual page.
This file is not highly sensitive, but the recommended This file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by others. permissions are read/write for the user, and not accessible by others.
.Pp .Pp
.It ~/.ssh/config .It Pa ~/.ssh/config
This is the per-user configuration file. This is the per-user configuration file.
The file format and configuration options are described in The file format and configuration options are described in
.Xr ssh_config 5 . .Xr ssh_config 5 .
Because of the potential for abuse, this file must have strict permissions: Because of the potential for abuse, this file must have strict permissions:
read/write for the user, and not accessible by others. read/write for the user, and not accessible by others.
.Pp .Pp
.It ~/.ssh/environment .It Pa ~/.ssh/environment
Contains additional definitions for environment variables; see Contains additional definitions for environment variables; see
.Sx ENVIRONMENT , .Sx ENVIRONMENT ,
above. above.
.Pp .Pp
.It ~/.ssh/identity .It Pa ~/.ssh/identity
.It ~/.ssh/id_dsa .It Pa ~/.ssh/id_dsa
.It ~/.ssh/id_rsa .It Pa ~/.ssh/id_rsa
Contains the private key for authentication. Contains the private key for authentication.
These files These files
contain sensitive data and should be readable by the user but not contain sensitive data and should be readable by the user but not
@ -1309,21 +1309,21 @@ It is possible to specify a passphrase when
generating the key which will be used to encrypt the generating the key which will be used to encrypt the
sensitive part of this file using 3DES. sensitive part of this file using 3DES.
.Pp .Pp
.It ~/.ssh/identity.pub .It Pa ~/.ssh/identity.pub
.It ~/.ssh/id_dsa.pub .It Pa ~/.ssh/id_dsa.pub
.It ~/.ssh/id_rsa.pub .It Pa ~/.ssh/id_rsa.pub
Contains the public key for authentication. Contains the public key for authentication.
These files are not These files are not
sensitive and can (but need not) be readable by anyone. sensitive and can (but need not) be readable by anyone.
.Pp .Pp
.It ~/.ssh/known_hosts .It Pa ~/.ssh/known_hosts
Contains a list of host keys for all hosts the user has logged into Contains a list of host keys for all hosts the user has logged into
that are not already in the systemwide list of known host keys. that are not already in the systemwide list of known host keys.
See See
.Xr sshd 8 .Xr sshd 8
for further details of the format of this file. for further details of the format of this file.
.Pp .Pp
.It ~/.ssh/rc .It Pa ~/.ssh/rc
Commands in this file are executed by Commands in this file are executed by
.Nm .Nm
when the user logs in, just before the user's shell (or command) is when the user logs in, just before the user's shell (or command) is
@ -1332,11 +1332,11 @@ See the
.Xr sshd 8 .Xr sshd 8
manual page for more information. manual page for more information.
.Pp .Pp
.It /etc/hosts.equiv .It Pa /etc/hosts.equiv
This file is for host-based authentication (see above). This file is for host-based authentication (see above).
It should only be writable by root. It should only be writable by root.
.Pp .Pp
.It /etc/shosts.equiv .It Pa /etc/shosts.equiv
This file is used in exactly the same way as This file is used in exactly the same way as
.Pa hosts.equiv , .Pa hosts.equiv ,
but allows host-based authentication without permitting login with but allows host-based authentication without permitting login with
@ -1347,9 +1347,9 @@ Systemwide configuration file.
The file format and configuration options are described in The file format and configuration options are described in
.Xr ssh_config 5 . .Xr ssh_config 5 .
.Pp .Pp
.It /etc/ssh/ssh_host_key .It Pa /etc/ssh/ssh_host_key
.It /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_dsa_key
.It /etc/ssh/ssh_host_rsa_key .It Pa /etc/ssh/ssh_host_rsa_key
These three files contain the private parts of the host keys These three files contain the private parts of the host keys
and are used for host-based authentication. and are used for host-based authentication.
If protocol version 1 is used, If protocol version 1 is used,
@ -1367,7 +1367,7 @@ By default
.Nm .Nm
is not setuid root. is not setuid root.
.Pp .Pp
.It /etc/ssh/ssh_known_hosts .It Pa /etc/ssh/ssh_known_hosts
Systemwide list of known host keys. Systemwide list of known host keys.
This file should be prepared by the This file should be prepared by the
system administrator to contain the public host keys of all machines in the system administrator to contain the public host keys of all machines in the
@ -1377,7 +1377,7 @@ See
.Xr sshd 8 .Xr sshd 8
for further details of the format of this file. for further details of the format of this file.
.Pp .Pp
.It /etc/ssh/sshrc .It Pa /etc/ssh/sshrc
Commands in this file are executed by Commands in this file are executed by
.Nm .Nm
when the user logs in, just before the user's shell (or command) is started. when the user logs in, just before the user's shell (or command) is started.

56
sshd.8
View File

@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd.8,v 1.257 2010/08/04 05:37:01 djm Exp $ .\" $OpenBSD: sshd.8,v 1.258 2010/08/08 19:36:30 jmc Exp $
.Dd $Mdocdate: August 4 2010 $ .Dd $Mdocdate: August 8 2010 $
.Dt SSHD 8 .Dt SSHD 8
.Os .Os
.Sh NAME .Sh NAME
@ -751,7 +751,7 @@ AAAA1234.....=
.Ed .Ed
.Sh FILES .Sh FILES
.Bl -tag -width Ds -compact .Bl -tag -width Ds -compact
.It ~/.hushlogin .It Pa ~/.hushlogin
This file is used to suppress printing the last login time and This file is used to suppress printing the last login time and
.Pa /etc/motd , .Pa /etc/motd ,
if if
@ -763,7 +763,7 @@ are enabled.
It does not suppress printing of the banner specified by It does not suppress printing of the banner specified by
.Cm Banner . .Cm Banner .
.Pp .Pp
.It ~/.rhosts .It Pa ~/.rhosts
This file is used for host-based authentication (see This file is used for host-based authentication (see
.Xr ssh 1 .Xr ssh 1
for more information). for more information).
@ -778,20 +778,20 @@ The recommended
permission for most machines is read/write for the user, and not permission for most machines is read/write for the user, and not
accessible by others. accessible by others.
.Pp .Pp
.It ~/.shosts .It Pa ~/.shosts
This file is used in exactly the same way as This file is used in exactly the same way as
.Pa .rhosts , .Pa .rhosts ,
but allows host-based authentication without permitting login with but allows host-based authentication without permitting login with
rlogin/rsh. rlogin/rsh.
.Pp .Pp
.It ~/.ssh/ .It Pa ~/.ssh/
This directory is the default location for all user-specific configuration This directory is the default location for all user-specific configuration
and authentication information. and authentication information.
There is no general requirement to keep the entire contents of this directory There is no general requirement to keep the entire contents of this directory
secret, but the recommended permissions are read/write/execute for the user, secret, but the recommended permissions are read/write/execute for the user,
and not accessible by others. and not accessible by others.
.Pp .Pp
.It ~/.ssh/authorized_keys .It Pa ~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in as this user. Lists the public keys (RSA/DSA) that can be used for logging in as this user.
The format of this file is described above. The format of this file is described above.
The content of the file is not highly sensitive, but the recommended The content of the file is not highly sensitive, but the recommended
@ -809,7 +809,7 @@ will not allow it to be used unless the
option has been set to option has been set to
.Dq no . .Dq no .
.Pp .Pp
.It ~/.ssh/environment .It Pa ~/.ssh/environment
This file is read into the environment at login (if it exists). This file is read into the environment at login (if it exists).
It can only contain empty lines, comment lines (that start with It can only contain empty lines, comment lines (that start with
.Ql # ) , .Ql # ) ,
@ -821,40 +821,40 @@ controlled via the
.Cm PermitUserEnvironment .Cm PermitUserEnvironment
option. option.
.Pp .Pp
.It ~/.ssh/known_hosts .It Pa ~/.ssh/known_hosts
Contains a list of host keys for all hosts the user has logged into Contains a list of host keys for all hosts the user has logged into
that are not already in the systemwide list of known host keys. that are not already in the systemwide list of known host keys.
The format of this file is described above. The format of this file is described above.
This file should be writable only by root/the owner and This file should be writable only by root/the owner and
can, but need not be, world-readable. can, but need not be, world-readable.
.Pp .Pp
.It ~/.ssh/rc .It Pa ~/.ssh/rc
Contains initialization routines to be run before Contains initialization routines to be run before
the user's home directory becomes accessible. the user's home directory becomes accessible.
This file should be writable only by the user, and need not be This file should be writable only by the user, and need not be
readable by anyone else. readable by anyone else.
.Pp .Pp
.It /etc/hosts.allow .It Pa /etc/hosts.allow
.It /etc/hosts.deny .It Pa /etc/hosts.deny
Access controls that should be enforced by tcp-wrappers are defined here. Access controls that should be enforced by tcp-wrappers are defined here.
Further details are described in Further details are described in
.Xr hosts_access 5 . .Xr hosts_access 5 .
.Pp .Pp
.It /etc/hosts.equiv .It Pa /etc/hosts.equiv
This file is for host-based authentication (see This file is for host-based authentication (see
.Xr ssh 1 ) . .Xr ssh 1 ) .
It should only be writable by root. It should only be writable by root.
.Pp .Pp
.It /etc/moduli .It Pa /etc/moduli
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
The file format is described in The file format is described in
.Xr moduli 5 . .Xr moduli 5 .
.Pp .Pp
.It /etc/motd .It Pa /etc/motd
See See
.Xr motd 5 . .Xr motd 5 .
.Pp .Pp
.It /etc/nologin .It Pa /etc/nologin
If this file exists, If this file exists,
.Nm .Nm
refuses to let anyone except root log in. refuses to let anyone except root log in.
@ -863,15 +863,15 @@ are displayed to anyone trying to log in, and non-root connections are
refused. refused.
The file should be world-readable. The file should be world-readable.
.Pp .Pp
.It /etc/shosts.equiv .It Pa /etc/shosts.equiv
This file is used in exactly the same way as This file is used in exactly the same way as
.Pa hosts.equiv , .Pa hosts.equiv ,
but allows host-based authentication without permitting login with but allows host-based authentication without permitting login with
rlogin/rsh. rlogin/rsh.
.Pp .Pp
.It /etc/ssh/ssh_host_key .It Pa /etc/ssh/ssh_host_key
.It /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_dsa_key
.It /etc/ssh/ssh_host_rsa_key .It Pa /etc/ssh/ssh_host_rsa_key
These three files contain the private parts of the host keys. These three files contain the private parts of the host keys.
These files should only be owned by root, readable only by root, and not These files should only be owned by root, readable only by root, and not
accessible to others. accessible to others.
@ -879,9 +879,9 @@ Note that
.Nm .Nm
does not start if these files are group/world-accessible. does not start if these files are group/world-accessible.
.Pp .Pp
.It /etc/ssh/ssh_host_key.pub .It Pa /etc/ssh/ssh_host_key.pub
.It /etc/ssh/ssh_host_dsa_key.pub .It Pa /etc/ssh/ssh_host_dsa_key.pub
.It /etc/ssh/ssh_host_rsa_key.pub .It Pa /etc/ssh/ssh_host_rsa_key.pub
These three files contain the public parts of the host keys. These three files contain the public parts of the host keys.
These files should be world-readable but writable only by These files should be world-readable but writable only by
root. root.
@ -892,7 +892,7 @@ the user so their contents can be copied to known hosts files.
These files are created using These files are created using
.Xr ssh-keygen 1 . .Xr ssh-keygen 1 .
.Pp .Pp
.It /etc/ssh/ssh_known_hosts .It Pa /etc/ssh/ssh_known_hosts
Systemwide list of known host keys. Systemwide list of known host keys.
This file should be prepared by the This file should be prepared by the
system administrator to contain the public host keys of all machines in the system administrator to contain the public host keys of all machines in the
@ -901,20 +901,20 @@ The format of this file is described above.
This file should be writable only by root/the owner and This file should be writable only by root/the owner and
should be world-readable. should be world-readable.
.Pp .Pp
.It /etc/ssh/sshd_config .It Pa /etc/ssh/sshd_config
Contains configuration data for Contains configuration data for
.Nm sshd . .Nm sshd .
The file format and configuration options are described in The file format and configuration options are described in
.Xr sshd_config 5 . .Xr sshd_config 5 .
.Pp .Pp
.It /etc/ssh/sshrc .It Pa /etc/ssh/sshrc
Similar to Similar to
.Pa ~/.ssh/rc , .Pa ~/.ssh/rc ,
it can be used to specify it can be used to specify
machine-specific login-time initializations globally. machine-specific login-time initializations globally.
This file should be writable only by root, and should be world-readable. This file should be writable only by root, and should be world-readable.
.Pp .Pp
.It /var/empty .It Pa /var/empty
.Xr chroot 2 .Xr chroot 2
directory used by directory used by
.Nm .Nm
@ -922,7 +922,7 @@ during privilege separation in the pre-authentication phase.
The directory should not contain any files and must be owned by root The directory should not contain any files and must be owned by root
and not group or world-writable. and not group or world-writable.
.Pp .Pp
.It /var/run/sshd.pid .It Pa /var/run/sshd.pid
Contains the process ID of the Contains the process ID of the
.Nm .Nm
listening for connections (if there are several daemons running listening for connections (if there are several daemons running