Commit Graph

116 Commits

Author SHA1 Message Date
jmc@openbsd.org e2127abb10 upstream: oops, failed to notice that SEE ALSO got messed up;
OpenBSD-Commit-ID: 61c1306542cefdc6e59ac331751afe961557427d
2018-07-26 13:54:30 +10:00
kn@openbsd.org ddf1b797c2 upstream: Point to glob in section 7 for the actual list of special
characters instead the C API in section 3.

OK millert jmc nicm, "the right idea" deraadt

OpenBSD-Commit-ID: a74fd215488c382809e4d041613aeba4a4b1ffc6
2018-07-26 13:54:30 +10:00
dtucker@openbsd.org 95d41e90ea upstream: Deprecate UsePrivilegedPort now that support for running
ssh(1) setuid has been removed, remove supporting code and clean up
references to it in the man pages

We have not shipped ssh(1) the setuid bit since 2002.  If ayone
really needs to make connections from a low port number this can
be implemented via a small setuid ProxyCommand.

ok markus@ jmc@ djm@

OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
2018-07-19 21:44:21 +10:00
jmc@openbsd.org acf4260f09 upstream: sort previous;
OpenBSD-Commit-ID: 27d80d8b8ca99bc33971dee905e8ffd0053ec411
2018-06-11 09:50:06 +10:00
djm@openbsd.org 7082bb58a2 upstream: add a SetEnv directive to ssh_config that allows setting
environment variables for the remote session (subject to the server accepting
them)

refactor SendEnv to remove the arbitrary limit of variable names.

ok markus@

OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
2018-06-09 13:11:00 +10:00
jmc@openbsd.org 7d330a1ac0 upstream: some cleanup for BindInterface and ssh-keyscan;
OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c
2018-02-26 11:32:29 +11:00
djm@openbsd.org@openbsd.org fbe8e7ac94 upstream commit
allow "cd" and "lcd" commands with no explicit path
argument. lcd will change to the local user's home directory as usual. cd
will change to the starting directory for session (because the protocol
offers no way to obtain the remote user's home directory). bz#2760 ok
dtucker@

OpenBSD-Commit-ID: 15333f5087cee8c1ed1330cac1bd0a3e6a767393
2017-11-03 16:20:41 +11:00
jmc@openbsd.org@openbsd.org 0b2e2896b9 upstream commit
tweak the uri text, specifically removing some markup to
make it a bit more readable;

issue reported by - and diff ok - millert

OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f
2017-10-31 09:08:50 +11:00
millert@openbsd.org 887669ef03 upstream commit
Add URI support to ssh, sftp and scp.  For example
ssh://user@host or sftp://user@host/path.  The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type.  OK djm@

Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2017-10-23 16:10:08 +11:00
naddy@openbsd.org 9a82e24b98 upstream commit
restore mistakenly deleted description of the
ConnectionAttempts option ok markus@

Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348
2017-05-08 09:18:27 +10:00
jmc@openbsd.org 2b6f799e9b upstream commit
more protocol 1 stuff to go; ok djm

Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
2017-05-08 09:18:05 +10:00
jmc@openbsd.org 42b690b4fd upstream commit
add PubKeyAcceptedKeyTypes to the -o list: scp(1) has
it, so i guess this should too;

Upstream-ID: 7fab32e869ca5831d09ab0c40d210b461d527a2c
2017-05-08 09:18:04 +10:00
jmc@openbsd.org d852603214 upstream commit
remove now obsolete protocol1 options from the -o
lists;

Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd
2017-05-08 09:18:04 +10:00
djm@openbsd.org 3575f0b12a upstream commit
remove -1 / -2 options; pointed out by jmc@

Upstream-ID: 65d2a816000741a95df1c7cfdb5fa8469fcc7daa
2017-05-08 09:18:04 +10:00
jmc@openbsd.org e4eb7d9109 upstream commit
- add proxyjump to the options list - formatting fixes -
update usage()

ok djm

Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457
2016-07-17 14:21:09 +10:00
jmc@openbsd.org 772e6cec0e upstream commit
sort the -o list;

Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac
2016-07-08 13:46:59 +10:00
markus@openbsd.org 75e21688f5 upstream commit
add IdentityAgent; noticed & ok jmc@

Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a
2016-05-19 17:48:36 +10:00
jmc@openbsd.org c5f7c0843c upstream commit
some certificatefile tweaks; ok djm

Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0
2015-10-06 12:21:55 +11:00
djm@openbsd.org 46347ed596 upstream commit
Add a ssh_config HostbasedKeyType option to control which
 host public key types are tried during hostbased authentication.

This may be used to prevent too many keys being sent to the server,
and blowing past its MaxAuthTries limit.

bz#2211 based on patch by Iain Morgan; ok markus@
2015-01-30 22:47:01 +11:00
djm@openbsd.org 1d1092bff8 upstream commit
correct description of UpdateHostKeys in ssh_config.5 and
 add it to -o lists for ssh, scp and sftp; pointed out by jmc@
2015-01-27 00:00:58 +11:00
Damien Miller 798a02568b - jmc@cvs.openbsd.org 2014/04/22 14:16:30
[sftp.1]
     zap eol whitespace;
2014-05-15 13:47:37 +10:00
Damien Miller d875ff78d2 - logan@cvs.openbsd.org 2014/04/22 12:42:04
[sftp.1]
     Document sftp upload resume.
     OK from djm@, with feedback from okan@.
2014-05-15 13:47:15 +10:00
Damien Miller c0049bd0bc - djm@cvs.openbsd.org 2013/10/20 09:51:26
[scp.1 sftp.1]
     add canonicalisation options to -o lists
2013-10-23 16:29:59 +11:00
Damien Miller 1edcbf65eb - jmc@cvs.openbsd.org 2013/10/17 07:35:48
[sftp.1 sftp.c]
     tweak previous;
2013-10-18 10:17:17 +11:00
Damien Miller f29238e674 - djm@cvs.openbsd.org 2013/10/17 00:30:13
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
     fsync@openssh.com protocol extension for sftp-server
     client support to allow calling fsync() faster successful transfer
     patch mostly by imorgan AT nas.nasa.gov; bz#1798
     "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
2013-10-17 11:48:52 +11:00
Damien Miller c6895c5c67 - jmc@cvs.openbsd.org 2013/08/07 06:24:51
[sftp.1 sftp.c]
     sort -a;
2013-08-21 02:40:21 +10:00
Damien Miller eec840673b - djm@cvs.openbsd.org 2013/08/06 23:05:01
[sftp.1]
     document top-level -a option (the -a option to 'get' was already
     documented)
2013-08-21 02:39:39 +10:00
Damien Miller 0d032419ee - djm@cvs.openbsd.org 2013/07/25 00:56:52
[sftp-client.c sftp-client.h sftp.1 sftp.c]
     sftp support for resuming partial downloads; patch mostly by Loganaden
     Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
2013-07-25 11:56:52 +10:00
Damien Miller e577772a89 - djm@cvs.openbsd.org 2011/09/05 05:56:13
[scp.1 sftp.1]
     mention ControlPersist and KbdInteractiveAuthentication in the -o
     verbiage in these pages too (prompted by jmc@)
2011-09-22 21:34:15 +10:00
Darren Tucker ddccfb4b98 - dtucker@cvs.openbsd.org 2011/08/07 12:55:30
[sftp.1]
     typo, fix from Laurent Gautrot
2011-08-07 23:12:26 +10:00
Damien Miller 58a77e2eac - djm@cvs.openbsd.org 2011/05/06 01:09:53
[sftp.1]
     mention that IPv6 addresses must be enclosed in square brackets;
     bz#1845
2011-05-15 08:36:29 +10:00
Darren Tucker af1f909254 - djm@cvs.openbsd.org 2010/12/04 00:18:01
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
     add a protocol extension to support a hard link operation. It is
     available through the "ln" command in the client. The old "ln"
     behaviour of creating a symlink is available using its "-s" option
     or through the preexisting "symlink" command; based on a patch from
     miklos AT szeredi.hu in bz#1555; ok markus@
2010-12-05 09:02:47 +11:00
Damien Miller 0a1847347d - jmc@cvs.openbsd.org 2010/11/18 15:01:00
[scp.1 sftp.1 ssh.1 sshd_config.5]
     add IPQoS to the various -o lists, and zap some trailing whitespace;
2010-11-20 15:21:03 +11:00
Damien Miller 2beb32f290 - jmc@cvs.openbsd.org 2010/09/23 13:36:46
[scp.1 sftp.1]
     add KexAlgorithms to the -o list;
2010-09-24 22:16:03 +10:00
Damien Miller 65e42f87fe - djm@cvs.openbsd.org 2010/09/22 22:58:51
[atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
     [sftp-client.h sftp.1 sftp.c]
     add an option per-read/write callback to atomicio

     factor out bandwidth limiting code from scp(1) into a generic bandwidth
     limiter that can be attached using the atomicio callback mechanism

     add a bandwidth limit option to sftp(1) using the above
     "very nice" markus@
2010-09-24 22:15:11 +10:00
Damien Miller 881adf74eb - jmc@cvs.openbsd.org 2010/09/19 21:30:05
[sftp.1]
     more wacky macro fixing;
2010-09-24 22:01:54 +10:00
Damien Miller 7ea845e48d - markus@cvs.openbsd.org 2010/02/08 10:50:20
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
     replace our obsolete smartcard code with PKCS#11.
        ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
     ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
     provider (shared library) while ssh-agent(1) delegates PKCS#11 to
     a forked a ssh-pkcs11-helper process.
     PKCS#11 is currently a compile time option.
     feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
2010-02-12 09:21:02 +11:00
Darren Tucker 75fe626489 - jmc@cvs.openbsd.org 2010/01/13 12:48:34
[sftp.1 sftp.c]
     sftp.1: put ls -h in the right place
     sftp.c: as above, plus add -p to get/put, and shorten their arg names
     to keep the help usage nicely aligned
     ok djm
2010-01-15 11:42:51 +11:00
Darren Tucker 2901e2daeb - djm@cvs.openbsd.org 2010/01/13 01:40:16
[sftp.c sftp-server.c sftp.1 sftp-common.c sftp-common.h]
     support '-h' (human-readable units) for sftp's ls command, just like
     ls(1); ok dtucker@
2010-01-13 22:44:06 +11:00
Darren Tucker 7bd98e7f74 - dtucker@cvs.openbsd.org 2010/01/09 23:04:13
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
     ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
     readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
     Remove RoutingDomain from ssh since it's now not needed.  It can be
     replaced with "route exec" or "nc -V" as a proxycommand.  "route exec"
     also ensures that trafic such as DNS lookups stays withing the specified
     routingdomain.  For example (from reyk):
     # route -T 2 exec /usr/sbin/sshd
     or inherited from the parent process
     $ route -T 2 exec sh
     $ ssh 10.1.2.3
     ok deraadt@ markus@ stevesk@ reyk@
2010-01-10 10:31:12 +11:00
Darren Tucker 535b5e1721 - stevesk@cvs.openbsd.org 2009/12/29 16:38:41
[sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1]
     Rename RDomain config option to RoutingDomain to be more clear and
     consistent with other options.
     NOTE: if you currently use RDomain in the ssh client or server config,
     or ssh/sshd -o, you must update to use RoutingDomain.
     ok markus@ djm@
2010-01-08 18:56:48 +11:00
Darren Tucker cc117f0deb - jmc@cvs.openbsd.org 2009/10/28 21:45:08
[sshd_config.5 sftp.1]
     tweak previous;
2010-01-08 17:05:26 +11:00
Darren Tucker 34e314da1b - reyk@cvs.openbsd.org 2009/10/28 16:38:18
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
     channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
     sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
     Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
     ok markus@
2010-01-08 17:03:46 +11:00
Darren Tucker b3b40a8b95 - jmc@cvs.openbsd.org 2009/08/19 04:56:03
[sftp.1]
     ether -> either;
2009-10-07 08:39:09 +11:00
Darren Tucker 05016b2f99 - djm@cvs.openbsd.org 2009/08/18 21:15:59
[sftp.1]
     fix "get" command usage, spotted by jmc@
2009-10-07 08:38:23 +11:00
Darren Tucker 1b0dd17537 - djm@cvs.openbsd.org 2009/08/18 18:36:21
[sftp-client.h sftp.1 sftp-client.c sftp.c]
     recursive transfer support for get/put and on the commandline
     work mostly by carlosvsilvapt@gmail.com for the Google Summer of Code
     with some tweaks by me; "go for it" deraadt@
2009-10-07 08:37:48 +11:00
Darren Tucker c07138e6f6 - jmc@cvs.openbsd.org 2009/08/13 13:39:54
[sftp.1 sftp.c]
     sync synopsis and usage();
2009-10-07 08:23:44 +11:00
Darren Tucker 282b4026cb - djm@cvs.openbsd.org 2009/08/13 01:11:19
[sftp.1 sftp.c]
     Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path",
     add "-P port" to match scp(1). Fortunately, the -P option is only really
     used by our regression scripts.
     part of larger patch from carlosvsilvapt@gmail.com for his Google Summer
     of Code work; ok deraadt markus
2009-10-07 08:23:06 +11:00
Darren Tucker adba1ba514 - jmc@cvs.openbsd.org 2009/08/12 06:31:42
[sftp.1]
     sort options;
2009-10-07 08:22:20 +11:00
Darren Tucker 46bbbe3326 - djm@cvs.openbsd.org 2009/08/12 00:13:00
[sftp.c sftp.1]
     support most of scp(1)'s commandline arguments in sftp(1), as a first
     step towards making sftp(1) a drop-in replacement for scp(1).
     One conflicting option (-P) has not been changed, pending further
     discussion.
     Patch from carlosvsilvapt@gmail.com as part of his work in the
     Google Summer of Code
2009-10-07 08:21:48 +11:00