Commit Graph

198 Commits

Author SHA1 Message Date
Darren Tucker 1a9176bf22 - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
accounts and that's what the code looks for, so make man page and code
   agree.  Pointed out by Roumen Petrov.
2007-08-17 09:42:32 +10:00
Damien Miller e45796f7b4 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
     [ssh_config.5 sshd.8 sshd_config.5]
     Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
     must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
     compared to hmac-md5. Represents a different approach to message
     authentication to that of HMAC that may be beneficial if HMAC based on
     one of its underlying hash algorithms is found to be vulnerable to a
     new attack.  http://www.ietf.org/rfc/rfc4418.txt
     in conjunction with and OK djm@
2007-06-11 14:01:42 +10:00
Darren Tucker aa4d5eda10 - jmc@cvs.openbsd.org 2007/05/31 19:20:16
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
     ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
     convert to new .Dd format;
     (We will need to teach mdoc2man.awk to understand this too.)
2007-06-05 18:27:13 +10:00
Darren Tucker 04354b97dc - jmc@cvs.openbsd.org 2007/03/20 15:57:15
[sshd.8]
     - let synopsis and description agree for -f
     - sort FILES
     - +.Xr ssh-keyscan 1 ,
     from Igor Sobrado
2007-03-21 20:46:54 +11:00
Damien Miller 5d43d49014 - dtucker@cvs.openbsd.org 2006/08/21 08:15:57
[sshd.8]
     Add more detail about what permissions are and aren't accepted for
     authorized_keys files.  Corrections jmc@, ok djm@, "looks good" jmc@
2006-08-30 11:07:00 +10:00
Damien Miller e275443f66 - dtucker@cvs.openbsd.org 2006/07/19 13:07:10
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
     Add ForceCommand keyword to sshd_config, equivalent to the "command="
     key option, man page entry and example in sshd_config.
     Feedback & ok djm@, man page corrections & ok jmc@
2006-07-24 14:06:47 +10:00
Darren Tucker 1131847684 - jmc@cvs.openbsd.org 2006/07/10 16:04:21
[sshd.8]
     s/and and/and/
2006-07-12 22:07:59 +10:00
Darren Tucker da34553561 - dtucker@cvs.openbsd.org 2006/07/10 12:46:51
[misc.c misc.h sshd.8 sshconnect.c]
     Add port identifier to known_hosts for non-default ports, based originally
     on a patch from Devin Nate in bz#910.
     For any connection using the default port or using a HostKeyAlias the
     format is unchanged, otherwise the host name or address is enclosed
     within square brackets in the same format as sshd's ListenAddress.
     Tested by many, ok markus@.
2006-07-10 23:04:19 +10:00
Damien Miller 208f1ed6f1 - jmc@cvs.openbsd.org 2006/02/24 20:31:31
[ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     more consistency fixes;
2006-03-15 11:56:03 +11:00
Damien Miller c7d5b5e466 - jmc@cvs.openbsd.org 2006/02/24 10:39:52
[sshd.8]
     signpost to PATTERNS section;
2006-03-15 11:55:08 +11:00
Damien Miller edd0375d82 - jmc@cvs.openbsd.org 2006/02/19 20:05:00
[sshd.8]
     grammar;
2006-03-15 11:36:45 +11:00
Damien Miller 445121fe8d - jmc@cvs.openbsd.org 2006/02/19 20:02:17
[sshd.8]
     sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
2006-03-15 11:36:18 +11:00
Damien Miller fd725cf585 - jmc@cvs.openbsd.org 2006/02/19 19:52:10
[sshd.8]
     move the sshrc stuff out of FILES, and into its own section:
     FILES is not a good place to document how stuff works;
2006-03-15 11:35:54 +11:00
Damien Miller adc35b9583 - jmc@cvs.openbsd.org 2006/02/16 09:05:34
[sshd.8]
     sync some of the FILES entries w/ ssh.1;
2006-03-15 11:35:27 +11:00
Damien Miller bc1936ad87 - jmc@cvs.openbsd.org 2006/02/15 16:55:33
[sshd.8]
     remove ietf draft references; RFC list now maintained in ssh.1;
2006-03-15 11:35:05 +11:00
Damien Miller d8702e865d - jmc@cvs.openbsd.org 2006/02/13 11:27:25
[sshd.8]
     sort FILES and use a -compact list;
2006-03-15 11:33:56 +11:00
Damien Miller c8f61cf199 - jmc@cvs.openbsd.org 2006/02/13 11:08:43
[sshd.8]
     - avoid nasty line split
     - `*' does not need to be escaped
2006-03-15 11:33:25 +11:00
Damien Miller cc00f5e259 - jmc@cvs.openbsd.org 2006/02/13 11:02:26
[sshd.8]
     turn this into an example ssh_known_hosts file; ok djm
2006-03-15 11:33:00 +11:00
Damien Miller 9a7f201d45 - jmc@cvs.openbsd.org 2006/02/13 10:21:25
[sshd.8]
     small tweaks for the ssh_known_hosts section;
2006-03-15 11:32:42 +11:00
Damien Miller 7d2ef02f1c - jmc@cvs.openbsd.org 2006/02/13 10:16:39
[sshd.8]
     no need to subsection the authorized_keys examples - instead, convert
     this to look like an actual file. also use proto 2 keys, and use IETF
     example addresses;
2006-03-15 11:32:06 +11:00
Damien Miller 31bdc52325 - jmc@cvs.openbsd.org 2006/02/12 17:57:19
[sshd.8]
     sort the list of options permissable w/ authorized_keys;
     ok djm dtucker
2006-03-15 11:31:44 +11:00
Damien Miller dcfea27f1b - jmc@cvs.openbsd.org 2006/02/12 10:52:41
[sshd.8]
     rework the description of authorized_keys a little;
2006-03-15 11:31:22 +11:00
Damien Miller c47d7e9e19 - jmc@cvs.openbsd.org 2006/02/09 10:10:47
[sshd.8]
     - move some text into a CAVEATS section
     - merge the COMMAND EXECUTION... section into AUTHENTICATION
2006-03-15 11:27:20 +11:00
Damien Miller 2ac05779f7 - jmc@cvs.openbsd.org 2006/02/01 09:11:41
[sshd.8]
     small tweak;
2006-02-01 22:05:42 +11:00
Damien Miller 8bbdf90f33 - (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2006/02/01 09:06:50
     [sshd.8]
     - merge sections on protocols 1 and 2 into a single section
     - remove configuration file section
     ok markus
2006-02-01 22:05:25 +11:00
Damien Miller 7602cba59d - jmc@cvs.openbsd.org 2006/01/25 09:07:22
[sshd.8]
     move subsections to full sections;
2006-01-31 21:46:20 +11:00
Damien Miller 99cc4a8f1e - jmc@cvs.openbsd.org 2006/01/25 09:04:34
[sshd.8]
     move the options description up the page, and a few additional tweaks
     whilst in here;
     ok markus
2006-01-31 21:45:53 +11:00
Damien Miller 7c24b81699 - jmc@cvs.openbsd.org 2006/01/12 22:20:00
[sshd.8]
     refer to TCP forwarding, rather than TCP/IP forwarding;
2006-01-14 10:09:56 +11:00
Damien Miller d7f308f6d8 - stevesk@cvs.openbsd.org 2005/12/21 22:44:26
[sshd.8]
     clarify precedence of -p, Port, ListenAddress; ok and help jmc@
2005-12-24 14:55:16 +11:00
Damien Miller d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Tim Rice 46259d86a2 - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
for UnixWare.
2005-11-28 18:40:34 -08:00
Darren Tucker b18f15100a - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended
"*LOCKED*" string) for FreeBSD.  Patch jeremie at le-hen.org and
   senthilkumar_sen at hotpop.com.
2005-10-05 23:02:16 +10:00
Damien Miller ac7ef6a736 - djm@cvs.openbsd.org 2005/06/08 03:50:00
[ssh-keygen.1 ssh-keygen.c sshd.8]
     increase default rsa/dsa key length from 1024 to 2048 bits;
     ok markus@ deraadt@
2005-06-16 13:19:06 +10:00
Damien Miller 167ea5d026 - djm@cvs.openbsd.org 2005/04/21 06:17:50
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
     [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
     variable, so don't say that we do (bz #623); ok deraadt@
2005-05-26 12:04:02 +10:00
Damien Miller 718fd4b9b8 - jmc@cvs.openbsd.org 2005/03/01 14:59:49
[sshd.8]
     new sentence, new line;
     whitespace;
2005-03-02 12:03:23 +11:00
Damien Miller e1776155d1 - djm@cvs.openbsd.org 2005/03/01 10:40:27
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
     [sshconnect.c sshd.8]
     add support for hashing host names and addresses added to known_hosts
     files, to improve privacy of which hosts user have been visiting; ok
     markus@ deraadt@
2005-03-01 21:47:37 +11:00
Damien Miller 70a908ec89 - jmc@cvs.openbsd.org 2005/02/25 10:55:13
[sshd.8]
     add /etc/motd and $HOME/.hushlogin to FILES;
     from michael knudsen;
2005-03-01 21:17:09 +11:00
Darren Tucker 22cc741096 - dtucker@cvs.openbsd.org 2004/12/06 11:41:03
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
     Discard over-length authorized_keys entries rather than complaining when
     they don't decode.  bz #884, with & ok djm@
2004-12-06 22:47:41 +11:00
Darren Tucker db69390817 - markus@cvs.openbsd.org 2004/08/26 16:00:55
[ssh.1 sshd.8]
     get rid of references to rhosts authentication; with jmc@
2004-08-29 16:37:24 +10:00
Darren Tucker 097e1e9a97 - dtucker@cvs.openbsd.org 2004/05/02 11:54:31
[sshd.8]
     Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk
     via Debian; ok djm@
2004-05-02 22:15:08 +10:00
Darren Tucker 1f20394e92 - jmc@cvs.openbsd.org 2003/10/08 08:27:36
[scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8]
     scp and sftp: add options list and sort options. options list requested
     by deraadt@
     sshd: use same format as ssh
     ssh: remove wrong option from list
     sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
     ok deraadt@ markus@
2003-10-15 15:50:42 +10:00
Darren Tucker e41bba5847 - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny
any access to locked accounts.  ok djm@
2003-08-25 11:51:19 +10:00
Darren Tucker ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Damien Miller f1ce505daf - jmc@cvs.openbsd.org 2003/06/10 09:12:11
[scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5]
     [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
     - section reorder
     - COMPATIBILITY merge
     - macro cleanup
     - kill whitespace at EOL
     - new sentence, new line
     ssh pages ok markus@
2003-06-11 22:04:39 +10:00
Damien Miller fbf486b4a6 - jmc@cvs.openbsd.org 2003/05/20 12:09:31
[ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
     new sentence, new line
2003-05-23 18:44:23 +10:00
Damien Miller 3155432cd9 - david@cvs.openbsd.org 2003/04/30 20:41:07
[sshd.8]
     fix invalid .Pf macro usage introduced in previous commit
     ok jmc@ mouring@
2003-05-14 13:44:58 +10:00
Damien Miller 049245d260 - mouring@cvs.openbsd.org 2003/04/30 01:16:20
[sshd.8 sshd_config.5]
     Escape ?, * and ! in .Ql for nroff compatibility.  OpenSSH Portable
     Bug #550 and * escaping suggested by jmc@.
2003-05-14 13:44:42 +10:00
Damien Miller ffadc583f6 - jmc@cvs.openbsd.org 2003/01/31 21:54:40
[sshd.8]
     typos; sshd(8): help and ok markus@
     help and ok millert@
2003-02-24 11:52:26 +11:00
Damien Miller dcbb6c2dc9 - todd@cvs.openbsd.org 2002/09/24 20:59:44
[sshd.8]
     tweak the example $HOME/.ssh/rc script to not show on any cmdline the
     sensitive data it handles. This fixes bug # 402 as reported by
     kolya@mit.edu (Nickolai Zeldovich).
     ok markus@ and stevesk@
2002-09-25 12:20:52 +10:00
Damien Miller 86247e2798 - stevesk@cvs.openbsd.org 2002/09/16 22:03:13
[sshd.8]
     reference moduli(5) in FILES /etc/moduli.
2002-09-19 11:51:53 +10:00