Print this page
Update OpenSSH to 7.1p1
*** 1,9 ****
! diff -ru openssh-6.7p1-orig/Makefile.in openssh-6.7p1/Makefile.in
! --- openssh-6.7p1-orig/Makefile.in Sat Aug 30 02:23:07 2014
! +++ openssh-6.7p1/Makefile.in Fri Feb 27 15:50:37 2015
! @@ -282,8 +282,8 @@
$(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
- $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
- $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
--- 1,9 ----
! diff -ru openssh-7.1p1.orig/Makefile.in openssh-7.1p1/Makefile.in
! --- openssh-7.1p1.orig/Makefile.in Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/Makefile.in Wed Sep 2 08:54:44 2015
! @@ -298,8 +298,8 @@
$(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
- $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
- $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
*** 10,20 ****
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1m
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)4
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
(umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
! @@ -303,14 +303,14 @@
$(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
$(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
$(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
- $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
- $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
--- 10,20 ----
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1m
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)4
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
(umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
! @@ -319,14 +319,14 @@
$(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
$(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
$(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
- $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
- $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
*** 32,46 ****
+ $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-keysign.1m
+ $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-pkcs11-helper.1m
-rm -f $(DESTDIR)$(bindir)/slogin
ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
! Only in openssh-6.7p1: Makefile.in.orig
! Common subdirectories: openssh-6.7p1-orig/contrib and openssh-6.7p1/contrib
! diff -ru openssh-6.7p1-orig/moduli.5 openssh-6.7p1/moduli.5
! --- openssh-6.7p1-orig/moduli.5 Tue Nov 6 16:36:01 2012
! +++ openssh-6.7p1/moduli.5 Fri Feb 27 15:50:37 2015
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.Dd $Mdocdate: September 26 2012 $
-.Dt MODULI 5
--- 32,44 ----
+ $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-keysign.1m
+ $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-pkcs11-helper.1m
-rm -f $(DESTDIR)$(bindir)/slogin
ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
! diff -ru openssh-7.1p1.orig/moduli.5 openssh-7.1p1/moduli.5
! --- openssh-7.1p1.orig/moduli.5 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/moduli.5 Wed Sep 2 08:54:44 2015
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.Dd $Mdocdate: September 26 2012 $
-.Dt MODULI 5
*** 93,108 ****
-.Xr sshd 8
+.Xr sshd 1M
.Sh STANDARDS
.Rs
.%A M. Friedl
! Common subdirectories: openssh-6.7p1-orig/openbsd-compat and openssh-6.7p1/openbsd-compat
! Common subdirectories: openssh-6.7p1-orig/regress and openssh-6.7p1/regress
! Common subdirectories: openssh-6.7p1-orig/scard and openssh-6.7p1/scard
! diff -ru openssh-6.7p1-orig/scp.1 openssh-6.7p1/scp.1
! --- openssh-6.7p1-orig/scp.1 Sat Apr 19 23:02:58 2014
! +++ openssh-6.7p1/scp.1 Fri Feb 27 15:50:37 2015
@@ -116,13 +116,13 @@
Can be used to pass options to
.Nm ssh
in the format used in
-.Xr ssh_config 5 .
--- 91,103 ----
-.Xr sshd 8
+.Xr sshd 1M
.Sh STANDARDS
.Rs
.%A M. Friedl
! diff -ru openssh-7.1p1.orig/scp.1 openssh-7.1p1/scp.1
! --- openssh-7.1p1.orig/scp.1 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/scp.1 Wed Sep 2 08:54:44 2015
@@ -116,13 +116,13 @@
Can be used to pass options to
.Nm ssh
in the format used in
-.Xr ssh_config 5 .
*** 115,125 ****
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
.Bl -tag -width Ds -offset indent -compact
.It AddressFamily
! @@ -227,8 +227,8 @@
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
-.Xr ssh_config 5 ,
-.Xr sshd 8
--- 110,120 ----
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
.Bl -tag -width Ds -offset indent -compact
.It AddressFamily
! @@ -230,8 +230,8 @@
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
-.Xr ssh_config 5 ,
-.Xr sshd 8
*** 126,143 ****
+.Xr ssh_config 4 ,
+.Xr sshd 1M
.Sh HISTORY
.Nm
is based on the rcp program in
! Only in openssh-6.7p1: scp.1.orig
! diff -ru openssh-6.7p1-orig/sftp-server.8 openssh-6.7p1/sftp-server.8
! --- openssh-6.7p1-orig/sftp-server.8 Tue Jul 29 22:33:21 2014
! +++ openssh-6.7p1/sftp-server.8 Fri Feb 27 15:51:27 2015
@@ -23,7 +23,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
! .Dd $Mdocdate: July 28 2014 $
-.Dt SFTP-SERVER 8
+.Dt SFTP-SERVER 1M
.Os
.Sh NAME
.Nm sftp-server
--- 121,137 ----
+.Xr ssh_config 4 ,
+.Xr sshd 1M
.Sh HISTORY
.Nm
is based on the rcp program in
! diff -ru openssh-7.1p1.orig/sftp-server.8 openssh-7.1p1/sftp-server.8
! --- openssh-7.1p1.orig/sftp-server.8 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/sftp-server.8 Wed Sep 2 09:02:44 2015
@@ -23,7 +23,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
! .Dd $Mdocdate: December 11 2014 $
-.Dt SFTP-SERVER 8
+.Dt SFTP-SERVER 1M
.Os
.Sh NAME
.Nm sftp-server
*** 157,166 ****
--- 151,169 ----
-.Xr sshd_config 5
+.Xr sshd_config 4
for more information.
.Pp
Valid options are:
+ @@ -71,7 +71,7 @@
+ and %u is replaced by the username of that user.
+ The default is to use the user's home directory.
+ This option is useful in conjunction with the
+ -.Xr sshd_config 5
+ +.Xr sshd_config 4
+ .Cm ChrootDirectory
+ option.
+ .It Fl e
@@ -147,13 +147,13 @@
for logging to work, and use of
.Nm
in a chroot configuration therefore requires that
-.Xr syslogd 8
*** 174,186 ****
+.Xr sshd_config 4 ,
+.Xr sshd 1M
.Rs
.%A T. Ylonen
.%A S. Lehtinen
! diff -ru openssh-6.7p1-orig/sftp.1 openssh-6.7p1/sftp.1
! --- openssh-6.7p1-orig/sftp.1 Wed May 14 23:47:37 2014
! +++ openssh-6.7p1/sftp.1 Fri Feb 27 15:50:37 2015
@@ -85,7 +85,7 @@
option.
In such cases, it is necessary to configure non-interactive authentication
to obviate the need to enter a password at connection time (see
-.Xr sshd 8
--- 177,189 ----
+.Xr sshd_config 4 ,
+.Xr sshd 1M
.Rs
.%A T. Ylonen
.%A S. Lehtinen
! diff -ru openssh-7.1p1.orig/sftp.1 openssh-7.1p1/sftp.1
! --- openssh-7.1p1.orig/sftp.1 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/sftp.1 Wed Sep 2 08:54:44 2015
@@ -85,7 +85,7 @@
option.
In such cases, it is necessary to configure non-interactive authentication
to obviate the need to enter a password at connection time (see
-.Xr sshd 8
*** 204,223 ****
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
.Bl -tag -width Ds -offset indent -compact
.It AddressFamily
! @@ -280,7 +280,7 @@
A path is useful for using
.Nm
over protocol version 1, or when the remote
-.Xr sshd 8
+.Xr sshd 1M
does not have an sftp subsystem configured.
.It Fl v
Raise logging level.
! @@ -610,9 +610,9 @@
.Xr ssh-add 1 ,
.Xr ssh-keygen 1 ,
.Xr glob 3 ,
-.Xr ssh_config 5 ,
-.Xr sftp-server 8 ,
--- 207,226 ----
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
.Bl -tag -width Ds -offset indent -compact
.It AddressFamily
! @@ -282,7 +282,7 @@
A path is useful for using
.Nm
over protocol version 1, or when the remote
-.Xr sshd 8
+.Xr sshd 1M
does not have an sftp subsystem configured.
.It Fl v
Raise logging level.
! @@ -612,9 +612,9 @@
.Xr ssh-add 1 ,
.Xr ssh-keygen 1 ,
.Xr glob 3 ,
-.Xr ssh_config 5 ,
-.Xr sftp-server 8 ,
*** 226,306 ****
+.Xr sftp-server 1M ,
+.Xr sshd 1M
.Rs
.%A T. Ylonen
.%A S. Lehtinen
! Only in openssh-6.7p1: sftp.1.orig
! diff -ru openssh-6.7p1-orig/ssh-add.1 openssh-6.7p1/ssh-add.1
! --- openssh-6.7p1-orig/ssh-add.1 Wed Dec 18 01:46:28 2013
! +++ openssh-6.7p1/ssh-add.1 Fri Feb 27 15:50:37 2015
! @@ -126,7 +126,7 @@
Set a maximum lifetime when adding identities to an agent.
The lifetime may be specified in seconds or in a time format
specified in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.It Fl X
Unlock the agent.
.It Fl x
! @@ -189,7 +189,7 @@
! .Xr ssh 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
-.Xr sshd 8
+.Xr sshd 1M
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
! diff -ru openssh-6.7p1-orig/ssh-keygen.1 openssh-6.7p1/ssh-keygen.1
! --- openssh-6.7p1-orig/ssh-keygen.1 Sat Apr 19 23:23:04 2014
! +++ openssh-6.7p1/ssh-keygen.1 Fri Feb 27 15:50:37 2015
! @@ -433,7 +433,7 @@
Disable execution of
.Pa ~/.ssh/rc
by
-.Xr sshd 8
+.Xr sshd 1M
(permitted by default).
.It Ic no-x11-forwarding
Disable X11 forwarding (permitted by default).
! @@ -449,7 +449,7 @@
Allows execution of
.Pa ~/.ssh/rc
by
-.Xr sshd 8 .
+.Xr sshd 1M .
.It Ic permit-x11-forwarding
Allows X11 forwarding.
.It Ic source-address Ns = Ns Ar address_list
! @@ -540,7 +540,7 @@
in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
of a minus sign followed by a relative time in the format described in the
TIME FORMATS section of
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
a relative time starting with a plus character.
.Pp
! @@ -642,7 +642,7 @@
on a certificate rather than trusting many user/host keys.
Note that OpenSSH certificates are a different, and much simpler, format to
the X.509 certificates used in
-.Xr ssl 8 .
+.Xr ssl 1M .
.Pp
.Nm
supports two types of certificates: user and host.
! @@ -706,7 +706,7 @@
.Pp
For certificates to be used for user or host authentication, the CA
public key must be trusted by
-.Xr sshd 8
+.Xr sshd 1M
or
.Xr ssh 1 .
Please refer to those manual pages for details.
! @@ -830,14 +830,14 @@
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for DH-GEX.
The file format is described in
-.Xr moduli 5 .
+.Xr moduli 4 .
--- 229,329 ----
+.Xr sftp-server 1M ,
+.Xr sshd 1M
.Rs
.%A T. Ylonen
.%A S. Lehtinen
! diff -ru openssh-7.1p1.orig/ssh-add.1 openssh-7.1p1/ssh-add.1
! --- openssh-7.1p1.orig/ssh-add.1 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/ssh-add.1 Wed Sep 2 08:54:44 2015
! @@ -134,7 +134,7 @@
Set a maximum lifetime when adding identities to an agent.
The lifetime may be specified in seconds or in a time format
specified in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.It Fl X
Unlock the agent.
.It Fl x
! @@ -200,7 +200,7 @@
.Xr ssh-agent 1 ,
+ .Xr ssh-askpass 1 ,
.Xr ssh-keygen 1 ,
-.Xr sshd 8
+.Xr sshd 1M
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
! diff -ru openssh-7.1p1.orig/ssh-agent.1 openssh-7.1p1/ssh-agent.1
! --- openssh-7.1p1.orig/ssh-agent.1 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/ssh-agent.1 Wed Sep 2 09:02:52 2015
! @@ -123,7 +123,7 @@
! .It Fl t Ar life
! Set a default value for the maximum lifetime of identities added to the agent.
! The lifetime may be specified in seconds or in a time format specified in
! -.Xr sshd_config 5 .
! +.Xr sshd_config 4 .
! A lifetime specified for an identity with
! .Xr ssh-add 1
! overrides this value.
! @@ -198,7 +198,7 @@
! .Xr ssh 1 ,
! .Xr ssh-add 1 ,
! .Xr ssh-keygen 1 ,
! -.Xr sshd 8
! +.Xr sshd 1M
! .Sh AUTHORS
! OpenSSH is a derivative of the original and free
! ssh 1.2.12 release by Tatu Ylonen.
! diff -ru openssh-7.1p1.orig/ssh-keygen.1 openssh-7.1p1/ssh-keygen.1
! --- openssh-7.1p1.orig/ssh-keygen.1 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/ssh-keygen.1 Wed Sep 2 08:54:44 2015
! @@ -443,7 +443,7 @@
Disable execution of
.Pa ~/.ssh/rc
by
-.Xr sshd 8
+.Xr sshd 1M
(permitted by default).
.It Ic no-x11-forwarding
Disable X11 forwarding (permitted by default).
! @@ -459,7 +459,7 @@
Allows execution of
.Pa ~/.ssh/rc
by
-.Xr sshd 8 .
+.Xr sshd 1M .
.It Ic permit-x11-forwarding
Allows X11 forwarding.
.It Ic source-address Ns = Ns Ar address_list
! @@ -550,7 +550,7 @@
in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
of a minus sign followed by a relative time in the format described in the
TIME FORMATS section of
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
a relative time starting with a plus character.
.Pp
! @@ -652,7 +652,7 @@
on a certificate rather than trusting many user/host keys.
Note that OpenSSH certificates are a different, and much simpler, format to
the X.509 certificates used in
-.Xr ssl 8 .
+.Xr ssl 1M .
.Pp
.Nm
supports two types of certificates: user and host.
! @@ -716,7 +716,7 @@
.Pp
For certificates to be used for user or host authentication, the CA
public key must be trusted by
-.Xr sshd 8
+.Xr sshd 1M
or
.Xr ssh 1 .
Please refer to those manual pages for details.
! @@ -840,14 +840,14 @@
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for DH-GEX.
The file format is described in
-.Xr moduli 5 .
+.Xr moduli 4 .
*** 314,326 ****
+.Xr moduli 4 ,
+.Xr sshd 1M
.Rs
.%R RFC 4716
.%T "The Secure Shell (SSH) Public Key File Format"
! diff -ru openssh-6.7p1-orig/ssh-keysign.8 openssh-6.7p1/ssh-keysign.8
! --- openssh-6.7p1-orig/ssh-keysign.8 Wed Dec 18 01:46:28 2013
! +++ openssh-6.7p1/ssh-keysign.8 Fri Feb 27 15:50:37 2015
@@ -23,7 +23,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 7 2013 $
-.Dt SSH-KEYSIGN 8
--- 337,361 ----
+.Xr moduli 4 ,
+.Xr sshd 1M
.Rs
.%R RFC 4716
.%T "The Secure Shell (SSH) Public Key File Format"
! diff -ru openssh-7.1p1.orig/ssh-keyscan.1 openssh-7.1p1/ssh-keyscan.1
! --- openssh-7.1p1.orig/ssh-keyscan.1 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/ssh-keyscan.1 Wed Sep 2 09:01:30 2015
! @@ -164,7 +164,7 @@
! .Ed
! .Sh SEE ALSO
! .Xr ssh 1 ,
! -.Xr sshd 8
! +.Xr sshd 1M
! .Sh AUTHORS
! .An -nosplit
! .An David Mazieres Aq Mt dm@lcs.mit.edu
! diff -ru openssh-7.1p1.orig/ssh-keysign.8 openssh-7.1p1/ssh-keysign.8
! --- openssh-7.1p1.orig/ssh-keysign.8 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/ssh-keysign.8 Wed Sep 2 08:54:44 2015
@@ -23,7 +23,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 7 2013 $
-.Dt SSH-KEYSIGN 8
*** 346,569 ****
+.Xr ssh_config 4 ,
+.Xr sshd 1M
.Sh HISTORY
.Nm
first appeared in
! diff -ru openssh-6.7p1-orig/ssh-pkcs11-helper.8 openssh-6.7p1/ssh-pkcs11-helper.8
! --- openssh-6.7p1-orig/ssh-pkcs11-helper.8 Thu Jul 18 02:14:14 2013
! +++ openssh-6.7p1/ssh-pkcs11-helper.8 Fri Feb 27 15:50:37 2015
@@ -15,7 +15,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 16 2013 $
-.Dt SSH-PKCS11-HELPER 8
+.Dt SSH-PKCS11-HELPER 1M
.Os
.Sh NAME
.Nm ssh-pkcs11-helper
! diff -ru openssh-6.7p1-orig/ssh.1 openssh-6.7p1/ssh.1
! --- openssh-6.7p1-orig/ssh.1 Tue Jul 29 22:32:28 2014
! +++ openssh-6.7p1/ssh.1 Fri Feb 27 15:52:48 2015
! @@ -164,7 +164,7 @@
See the
.Cm Ciphers
keyword in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information.
.It Fl D Xo
! .Sm off
! @@ -343,7 +343,7 @@
Refer to the description of
.Cm ControlMaster
in
-.Xr ssh_config 5
+.Xr ssh_config 4
for details.
.It Fl m Ar mac_spec
! Additionally, for protocol version 2 a comma-separated list of MAC
! @@ -399,7 +399,7 @@
This is useful for specifying options for which there is no separate
command-line flag.
For full details of the options listed below, and their possible values, see
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
.Bl -tag -width Ds -offset indent -compact
.It AddressFamily
! @@ -541,7 +541,7 @@
will only succeed if the server's
.Cm GatewayPorts
option is enabled (see
-.Xr sshd_config 5 ) .
+.Xr sshd_config 4 ) .
.Pp
If the
.Ar port
! @@ -562,7 +562,7 @@
and
.Cm ControlMaster
in
-.Xr ssh_config 5
+.Xr ssh_config 4
for details.
.It Fl s
! May be used to request invocation of a subsystem on the remote system.
! @@ -632,7 +632,7 @@
and
.Cm TunnelDevice
directives in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
If the
.Cm Tunnel
directive is unset, it is set to the default tunnel mode, which is
! @@ -655,7 +655,7 @@
option and the
.Cm ForwardX11Trusted
directive in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information.
.It Fl x
! Disables X11 forwarding.
! @@ -674,7 +674,7 @@
may additionally obtain configuration data from
a per-user configuration file and a system-wide configuration file.
The file format and configuration options are described in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Sh AUTHENTICATION
The OpenSSH SSH client supports SSH protocols 1 and 2.
The default is to use protocol 2 only,
! @@ -681,7 +681,7 @@
though this can be changed via the
.Cm Protocol
option in
-.Xr ssh_config 5
+.Xr ssh_config 4
or the
.Fl 1
and
! @@ -941,7 +941,7 @@
allows the user to execute a local command if the
.Ic PermitLocalCommand
option is enabled in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
Basic help is available, using the
.Fl h
option.
! @@ -1138,7 +1138,7 @@
See the
.Cm VerifyHostKeyDNS
option in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information.
.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
.Nm
! @@ -1148,7 +1148,7 @@
network pseudo-device,
allowing two networks to be joined securely.
The
-.Xr sshd_config 5
+.Xr sshd_config 4
configuration option
.Cm PermitTunnel
controls whether the server supports this,
! @@ -1298,7 +1298,7 @@
For more information, see the
.Cm PermitUserEnvironment
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.rhosts
! @@ -1306,7 +1306,7 @@
On some machines this file may need to be
world-readable if the user's home directory is on an NFS partition,
because
-.Xr sshd 8
+.Xr sshd 1M
reads it as root.
Additionally, this file must be owned by the user,
and must not have write permissions for anyone else.
! @@ -1331,7 +1331,7 @@
! Lists the public keys (DSA, ECDSA, ED25519, RSA)
that can be used for logging in as this user.
The format of this file is described in the
-.Xr sshd 8
+.Xr sshd 1M
manual page.
This file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by others.
! @@ -1339,7 +1339,7 @@
.It Pa ~/.ssh/config
This is the per-user configuration file.
The file format and configuration options are described in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
Because of the potential for abuse, this file must have strict permissions:
read/write for the user, and not writable by others.
.Pp
! @@ -1376,7 +1376,7 @@
Contains a list of host keys for all hosts the user has logged into
that are not already in the systemwide list of known host keys.
See
-.Xr sshd 8
+.Xr sshd 1M
for further details of the format of this file.
.Pp
.It Pa ~/.ssh/rc
! @@ -1385,7 +1385,7 @@
when the user logs in, just before the user's shell (or command) is
started.
See the
-.Xr sshd 8
+.Xr sshd 1M
manual page for more information.
.Pp
.It Pa /etc/hosts.equiv
! @@ -1401,7 +1401,7 @@
.It Pa /etc/ssh/ssh_config
Systemwide configuration file.
The file format and configuration options are described in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
.It Pa /etc/ssh/ssh_host_key
.It Pa /etc/ssh/ssh_host_dsa_key
! @@ -1416,7 +1416,7 @@
For protocol version 2,
.Nm
uses
-.Xr ssh-keysign 8
+.Xr ssh-keysign 1M
to access the host keys,
eliminating the requirement that
.Nm
! @@ -1432,7 +1432,7 @@
organization.
It should be world-readable.
See
-.Xr sshd 8
+.Xr sshd 1M
for further details of the format of this file.
.Pp
.It Pa /etc/ssh/sshrc
! @@ -1440,7 +1440,7 @@
.Nm
when the user logs in, just before the user's shell (or command) is started.
See the
-.Xr sshd 8
+.Xr sshd 1M
manual page for more information.
.El
.Sh EXIT STATUS
! @@ -1455,9 +1455,9 @@
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
.Xr tun 4 ,
-.Xr ssh_config 5 ,
-.Xr ssh-keysign 8 ,
--- 381,604 ----
+.Xr ssh_config 4 ,
+.Xr sshd 1M
.Sh HISTORY
.Nm
first appeared in
! diff -ru openssh-7.1p1.orig/ssh-pkcs11-helper.8 openssh-7.1p1/ssh-pkcs11-helper.8
! --- openssh-7.1p1.orig/ssh-pkcs11-helper.8 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/ssh-pkcs11-helper.8 Wed Sep 2 08:54:44 2015
@@ -15,7 +15,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 16 2013 $
-.Dt SSH-PKCS11-HELPER 8
+.Dt SSH-PKCS11-HELPER 1M
.Os
.Sh NAME
.Nm ssh-pkcs11-helper
! diff -ru openssh-7.1p1.orig/ssh.1 openssh-7.1p1/ssh.1
! --- openssh-7.1p1.orig/ssh.1 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/ssh.1 Wed Sep 2 08:54:44 2015
! @@ -173,7 +173,7 @@
See the
.Cm Ciphers
keyword in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information.
+ .Pp
.It Fl D Xo
! @@ -396,7 +396,7 @@
Refer to the description of
.Cm ControlMaster
in
-.Xr ssh_config 5
+.Xr ssh_config 4
for details.
+ .Pp
.It Fl m Ar mac_spec
! @@ -457,7 +457,7 @@
This is useful for specifying options for which there is no separate
command-line flag.
For full details of the options listed below, and their possible values, see
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
.Bl -tag -width Ds -offset indent -compact
.It AddressFamily
! @@ -629,7 +629,7 @@
will only succeed if the server's
.Cm GatewayPorts
option is enabled (see
-.Xr sshd_config 5 ) .
+.Xr sshd_config 4 ) .
.Pp
If the
.Ar port
! @@ -651,7 +651,7 @@
and
.Cm ControlMaster
in
-.Xr ssh_config 5
+.Xr ssh_config 4
for details.
+ .Pp
.It Fl s
! @@ -728,7 +728,7 @@
and
.Cm TunnelDevice
directives in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
If the
.Cm Tunnel
directive is unset, it is set to the default tunnel mode, which is
! @@ -752,7 +752,7 @@
option and the
.Cm ForwardX11Trusted
directive in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information.
+ .Pp
.It Fl x
! @@ -774,7 +774,7 @@
may additionally obtain configuration data from
a per-user configuration file and a system-wide configuration file.
The file format and configuration options are described in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Sh AUTHENTICATION
The OpenSSH SSH client supports SSH protocols 1 and 2.
The default is to use protocol 2 only,
! @@ -781,7 +781,7 @@
though this can be changed via the
.Cm Protocol
option in
-.Xr ssh_config 5
+.Xr ssh_config 4
or the
.Fl 1
and
! @@ -1052,7 +1052,7 @@
allows the user to execute a local command if the
.Ic PermitLocalCommand
option is enabled in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
Basic help is available, using the
.Fl h
option.
! @@ -1254,7 +1254,7 @@
See the
.Cm VerifyHostKeyDNS
option in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information.
.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
.Nm
! @@ -1264,7 +1264,7 @@
network pseudo-device,
allowing two networks to be joined securely.
The
-.Xr sshd_config 5
+.Xr sshd_config 4
configuration option
.Cm PermitTunnel
controls whether the server supports this,
! @@ -1414,7 +1414,7 @@
For more information, see the
.Cm PermitUserEnvironment
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.rhosts
! @@ -1422,7 +1422,7 @@
On some machines this file may need to be
world-readable if the user's home directory is on an NFS partition,
because
-.Xr sshd 8
+.Xr sshd 1M
reads it as root.
Additionally, this file must be owned by the user,
and must not have write permissions for anyone else.
! @@ -1447,7 +1447,7 @@
! Lists the public keys (DSA, ECDSA, Ed25519, RSA)
that can be used for logging in as this user.
The format of this file is described in the
-.Xr sshd 8
+.Xr sshd 1M
manual page.
This file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by others.
! @@ -1455,7 +1455,7 @@
.It Pa ~/.ssh/config
This is the per-user configuration file.
The file format and configuration options are described in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
Because of the potential for abuse, this file must have strict permissions:
read/write for the user, and not writable by others.
.Pp
! @@ -1492,7 +1492,7 @@
Contains a list of host keys for all hosts the user has logged into
that are not already in the systemwide list of known host keys.
See
-.Xr sshd 8
+.Xr sshd 1M
for further details of the format of this file.
.Pp
.It Pa ~/.ssh/rc
! @@ -1501,7 +1501,7 @@
when the user logs in, just before the user's shell (or command) is
started.
See the
-.Xr sshd 8
+.Xr sshd 1M
manual page for more information.
.Pp
.It Pa /etc/hosts.equiv
! @@ -1517,7 +1517,7 @@
.It Pa /etc/ssh/ssh_config
Systemwide configuration file.
The file format and configuration options are described in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
.It Pa /etc/ssh/ssh_host_key
.It Pa /etc/ssh/ssh_host_dsa_key
! @@ -1532,7 +1532,7 @@
For protocol version 2,
.Nm
uses
-.Xr ssh-keysign 8
+.Xr ssh-keysign 1M
to access the host keys,
eliminating the requirement that
.Nm
! @@ -1548,7 +1548,7 @@
organization.
It should be world-readable.
See
-.Xr sshd 8
+.Xr sshd 1M
for further details of the format of this file.
.Pp
.It Pa /etc/ssh/sshrc
! @@ -1556,7 +1556,7 @@
.Nm
when the user logs in, just before the user's shell (or command) is started.
See the
-.Xr sshd 8
+.Xr sshd 1M
manual page for more information.
.El
.Sh EXIT STATUS
! @@ -1571,9 +1571,9 @@
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
.Xr tun 4 ,
-.Xr ssh_config 5 ,
-.Xr ssh-keysign 8 ,
*** 572,588 ****
+.Xr ssh-keysign 1M ,
+.Xr sshd 1M
.Sh STANDARDS
.Rs
.%A S. Lehtinen
! diff -ru openssh-6.7p1-orig/sshd.8 openssh-6.7p1/sshd.8
! --- openssh-6.7p1-orig/sshd.8 Thu Jul 3 19:00:04 2014
! +++ openssh-6.7p1/sshd.8 Fri Feb 27 15:54:50 2015
@@ -35,7 +35,7 @@
.\"
! .\" $OpenBSD: sshd.8,v 1.276 2014/07/03 22:40:43 djm Exp $
! .Dd $Mdocdate: July 3 2014 $
-.Dt SSHD 8
+.Dt SSHD 1M
.Os
.Sh NAME
.Nm sshd
--- 607,698 ----
+.Xr ssh-keysign 1M ,
+.Xr sshd 1M
.Sh STANDARDS
.Rs
.%A S. Lehtinen
! diff -ru openssh-7.1p1.orig/ssh_config.5 openssh-7.1p1/ssh_config.5
! --- openssh-7.1p1.orig/ssh_config.5 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/ssh_config.5 Wed Sep 2 09:02:37 2015
! @@ -568,7 +568,7 @@
! .Dq Fl O No exit
! option).
! If set to a time in seconds, or a time in any of the formats documented in
! -.Xr sshd_config 5 ,
! +.Xr sshd_config 4 ,
! then the backgrounded master connection will automatically terminate
! after it has remained idle (with no client connections) for the
! specified time.
! @@ -695,7 +695,7 @@
! Specify a timeout for untrusted X11 forwarding
! using the format described in the
! TIME FORMATS section of
! -.Xr sshd_config 5 .
! +.Xr sshd_config 4 .
! X11 connections received by
! .Xr ssh 1
! after this time will be refused.
! @@ -762,7 +762,7 @@
! These hashed names may be used normally by
! .Xr ssh 1
! and
! -.Xr sshd 8 ,
! +.Xr sshd 1M ,
! but they do not reveal identifying information should the file's contents
! be disclosed.
! The default is
! @@ -1206,7 +1206,7 @@
! The command can be basically anything,
! and should read from its standard input and write to its standard output.
! It should eventually connect an
! -.Xr sshd 8
! +.Xr sshd 1M
! server running on some machine, or execute
! .Ic sshd -i
! somewhere.
! @@ -1286,7 +1286,7 @@
! The optional second value is specified in seconds and may use any of the
! units documented in the
! TIME FORMATS section of
! -.Xr sshd_config 5 .
! +.Xr sshd_config 4 .
! The default value for
! .Cm RekeyLimit
! is
! @@ -1330,7 +1330,7 @@
! will only succeed if the server's
! .Cm GatewayPorts
! option is enabled (see
! -.Xr sshd_config 5 ) .
! +.Xr sshd_config 4 ) .
! .It Cm RequestTTY
! Specifies whether to request a pseudo-tty for the session.
! The argument may be one of:
! @@ -1396,7 +1396,7 @@
! Refer to
! .Cm AcceptEnv
! in
! -.Xr sshd_config 5
! +.Xr sshd_config 4
! for how to configure the server.
! Variables are specified by name, which may contain wildcard characters.
! Multiple environment variables may be separated by whitespace or spread
! @@ -1586,7 +1586,7 @@
! and will be disabled if it is enabled.
! .Pp
! Presently, only
! -.Xr sshd 8
! +.Xr sshd 1M
! from OpenSSH 6.8 and greater support the
! .Dq hostkeys@openssh.com
! protocol extension used to inform the client of all the server's hostkeys.
! diff -ru openssh-7.1p1.orig/sshd.8 openssh-7.1p1/sshd.8
! --- openssh-7.1p1.orig/sshd.8 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/sshd.8 Wed Sep 2 08:59:06 2015
@@ -35,7 +35,7 @@
.\"
! .\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $
! .Dd $Mdocdate: July 3 2015 $
-.Dt SSHD 8
+.Dt SSHD 1M
.Os
.Sh NAME
.Nm sshd
*** 599,657 ****
Specifies that
.Nm
is being run from
-.Xr inetd 8 .
+.Xr inetd 1M .
.Nm
! is normally not run
! from inetd because it needs to generate the server key before it can
! @@ -207,7 +207,7 @@
This is useful for specifying options for which there is no separate
command-line flag.
For full details of the options, and their values, see
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.It Fl p Ar port
Specifies the port on which the server listens for connections
(default 22).
! @@ -277,7 +277,7 @@
though this can be changed via the
.Cm Protocol
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
! Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
protocol 1 only supports RSA keys.
For both protocols,
! @@ -402,7 +402,7 @@
See the
.Cm PermitUserEnvironment
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.It
Changes to user's home directory.
.It
! @@ -550,7 +550,7 @@
environment variable.
Note that this option applies to shell, command or subsystem execution.
Also note that this command may be superseded by either a
-.Xr sshd_config 5
+.Xr sshd_config 4
.Cm ForceCommand
directive or a command embedded in a certificate.
.It Cm environment="NAME=value"
! @@ -571,7 +571,7 @@
name of the remote host or its IP address must be present in the
comma-separated list of patterns.
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.Pp
In addition to the wildcard matching that may be applied to hostnames or
! @@ -859,11 +859,11 @@
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
The file format is described in
-.Xr moduli 5 .
+.Xr moduli 4 .
--- 709,776 ----
Specifies that
.Nm
is being run from
-.Xr inetd 8 .
+.Xr inetd 1M .
+ If SSH protocol 1 is enabled,
.Nm
! should not normally be run
! @@ -204,7 +204,7 @@
This is useful for specifying options for which there is no separate
command-line flag.
For full details of the options, and their values, see
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.It Fl p Ar port
Specifies the port on which the server listens for connections
(default 22).
! @@ -274,7 +274,7 @@
though this can be changed via the
.Cm Protocol
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
! Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
protocol 1 only supports RSA keys.
For both protocols,
! @@ -399,7 +399,7 @@
See the
.Cm PermitUserEnvironment
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.It
Changes to user's home directory.
.It
! @@ -406,7 +406,7 @@
! If
! .Pa ~/.ssh/rc
! exists and the
! -.Xr sshd_config 5
! +.Xr sshd_config 4
! .Cm PermitUserRC
! option is set, runs it; else if
! .Pa /etc/ssh/sshrc
! @@ -549,7 +549,7 @@
environment variable.
Note that this option applies to shell, command or subsystem execution.
Also note that this command may be superseded by either a
-.Xr sshd_config 5
+.Xr sshd_config 4
.Cm ForceCommand
directive or a command embedded in a certificate.
.It Cm environment="NAME=value"
! @@ -570,7 +570,7 @@
name of the remote host or its IP address must be present in the
comma-separated list of patterns.
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.Pp
In addition to the wildcard matching that may be applied to hostnames or
! @@ -858,11 +858,11 @@
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
The file format is described in
-.Xr moduli 5 .
+.Xr moduli 4 .
*** 661,680 ****
-.Xr motd 5 .
+.Xr motd 4 .
.Pp
.It Pa /etc/nologin
If this file exists,
! @@ -920,7 +920,7 @@
Contains configuration data for
.Nm sshd .
The file format and configuration options are described in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.Pp
.It Pa /etc/ssh/sshrc
Similar to
! @@ -954,11 +954,11 @@
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
.Xr chroot 2 ,
-.Xr login.conf 5 ,
-.Xr moduli 5 ,
--- 780,799 ----
-.Xr motd 5 .
+.Xr motd 4 .
.Pp
.It Pa /etc/nologin
If this file exists,
! @@ -919,7 +919,7 @@
Contains configuration data for
.Nm sshd .
The file format and configuration options are described in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.Pp
.It Pa /etc/ssh/sshrc
Similar to
! @@ -953,11 +953,11 @@
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
.Xr chroot 2 ,
-.Xr login.conf 5 ,
-.Xr moduli 5 ,
*** 687,703 ****
+.Xr inetd 1M ,
+.Xr sftp-server 1M
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
! diff -ru openssh-6.7p1-orig/sshd_config.5 openssh-6.7p1/sshd_config.5
! --- openssh-6.7p1-orig/sshd_config.5 Thu Oct 2 19:24:57 2014
! +++ openssh-6.7p1/sshd_config.5 Fri Feb 27 15:56:01 2015
@@ -35,7 +35,7 @@
.\"
! .\" $OpenBSD: sshd_config.5,v 1.176 2014/07/28 15:40:08 schwarze Exp $
! .Dd $Mdocdate: July 28 2014 $
-.Dt SSHD_CONFIG 5
+.Dt SSHD_CONFIG 4
.Os
.Sh NAME
.Nm sshd_config
--- 806,822 ----
+.Xr inetd 1M ,
+.Xr sftp-server 1M
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
! diff -ru openssh-7.1p1.orig/sshd_config.5 openssh-7.1p1/sshd_config.5
! --- openssh-7.1p1.orig/sshd_config.5 Fri Aug 21 00:49:03 2015
! +++ openssh-7.1p1/sshd_config.5 Wed Sep 2 09:00:14 2015
@@ -35,7 +35,7 @@
.\"
! .\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $
! .Dd $Mdocdate: August 14 2015 $
-.Dt SSHD_CONFIG 5
+.Dt SSHD_CONFIG 4
.Os
.Sh NAME
.Nm sshd_config
*** 715,1015 ****
.Cm SendEnv
in
-.Xr ssh_config 5
+.Xr ssh_config 4
for how to configure the client.
! Note that environment passing is only supported for protocol 2.
! Variables are specified by name, which may contain the wildcard characters
! @@ -85,7 +85,7 @@
The default is not to accept any environment variables.
.It Cm AddressFamily
Specifies which address family should be used by
-.Xr sshd 8 .
+.Xr sshd 1M .
Valid arguments are
.Dq any ,
.Dq inet
! @@ -118,7 +118,7 @@
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm AllowTcpForwarding
Specifies whether TCP forwarding is permitted.
! @@ -178,7 +178,7 @@
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm AuthenticationMethods
Specifies the authentication methods that must be successfully completed
! @@ -222,7 +222,7 @@
! It will be invoked with a single argument of the username
! being authenticated, and should produce on standard output zero or
more lines of authorized_keys output (see AUTHORIZED_KEYS in
-.Xr sshd 8 ) .
+.Xr sshd 1M ) .
If a key supplied by AuthorizedKeysCommand does not successfully authenticate
and authorize the user then public key authentication continues using the usual
.Cm AuthorizedKeysFile
! @@ -238,7 +238,7 @@
The format is described in the
AUTHORIZED_KEYS FILE FORMAT
section of
-.Xr sshd 8 .
+.Xr sshd 1M .
.Cm AuthorizedKeysFile
may contain tokens of the form %T which are substituted during connection
setup.
! @@ -261,7 +261,7 @@
to be accepted for authentication.
Names are listed one per line preceded by key options (as described
in AUTHORIZED_KEYS FILE FORMAT in
-.Xr sshd 8 ) .
+.Xr sshd 1M ) .
Empty lines and comments starting with
.Ql #
are ignored.
! @@ -291,7 +291,7 @@
though the
.Cm principals=
key option offers a similar facility (see
-.Xr sshd 8
+.Xr sshd 1M
for details).
.It Cm Banner
The contents of the specified file are sent to the remote user before
! @@ -304,7 +304,7 @@
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or through authentication styles supported in
-.Xr login.conf 5 )
+.Xr login.conf 4 )
The default is
.Dq yes .
.It Cm ChrootDirectory
! @@ -314,7 +314,7 @@
! All components of the pathname must be root-owned directories that are
! not writable by any other user or group.
After the chroot,
-.Xr sshd 8
+.Xr sshd 1M
changes the working directory to the user's home directory.
.Pp
The pathname may contain the following tokens that are expanded at runtime once
! @@ -347,7 +347,7 @@
though sessions which use logging may require
.Pa /dev/log
inside the chroot directory on some operating systems (see
-.Xr sftp-server 8
+.Xr sftp-server 1M
for details).
.Pp
The default is not to
! @@ -404,7 +404,7 @@
.It Cm ClientAliveCountMax
Sets the number of client alive messages (see below) which may be
sent without
-.Xr sshd 8
+.Xr sshd 1M
receiving any messages back from the client.
If this threshold is reached while client alive messages are being sent,
sshd will disconnect the client, terminating the session.
! @@ -431,7 +431,7 @@
.It Cm ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received
from the client,
-.Xr sshd 8
+.Xr sshd 1M
will send a message through the encrypted
channel to request a response from the client.
The default
! @@ -462,7 +462,7 @@
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm DenyUsers
This keyword can be followed by a list of user name patterns, separated
! @@ -481,7 +481,7 @@
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
! .It Cm ForceCommand
! Forces the execution of the command specified by
! @@ -506,7 +506,7 @@
Specifies whether remote hosts are allowed to connect to ports
forwarded for the client.
By default,
-.Xr sshd 8
+.Xr sshd 1M
binds remote port forwardings to the loopback address.
This prevents other remote hosts from connecting to forwarded ports.
.Cm GatewayPorts
! @@ -554,7 +554,7 @@
A setting of
.Dq yes
means that
-.Xr sshd 8
+.Xr sshd 1M
uses the name supplied by the client rather than
attempting to resolve the name from the TCP connection itself.
The default is
! @@ -565,7 +565,7 @@
by
.Cm HostKey .
The default behaviour of
-.Xr sshd 8
+.Xr sshd 1M
is not to load any certificates.
.It Cm HostKey
Specifies a file containing a private host key
! @@ -580,7 +580,7 @@
! .Pa /etc/ssh/ssh_host_rsa_key
for protocol version 2.
Note that
-.Xr sshd 8
+.Xr sshd 1M
! will refuse to use a file if it is group/world-accessible.
It is possible to have multiple host key files.
.Dq rsa1
! @@ -621,7 +621,7 @@
.Dq yes .
.It Cm IgnoreUserKnownHosts
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should ignore the user's
.Pa ~/.ssh/known_hosts
during
! @@ -745,7 +745,7 @@
The default is 3600 (seconds).
.It Cm ListenAddress
Specifies the local addresses
-.Xr sshd 8
+.Xr sshd 1M
should listen on.
The following forms may be used:
.Pp
! @@ -788,7 +788,7 @@
The default is 120 seconds.
.It Cm LogLevel
Gives the verbosity level that is used when logging messages from
-.Xr sshd 8 .
+.Xr sshd 1M .
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
The default is INFO.
! @@ -881,7 +881,7 @@
The match patterns may consist of single entries or comma-separated
lists and may use the wildcard and negation operators described in the
PATTERNS section of
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
The patterns in an
.Cm Address
! @@ -962,7 +962,7 @@
the three colon separated values
.Dq start:rate:full
(e.g. "10:30:60").
-.Xr sshd 8
+.Xr sshd 1M
will refuse connection attempts with a probability of
.Dq rate/100
(30%)
! @@ -1075,7 +1075,7 @@
options in
.Pa ~/.ssh/authorized_keys
are processed by
-.Xr sshd 8 .
+.Xr sshd 1M .
The default is
.Dq no .
Enabling environment processing may enable users to bypass access
! @@ -1094,7 +1094,7 @@
.Pa /var/run/sshd.pid .
.It Cm Port
Specifies the port number that
-.Xr sshd 8
+.Xr sshd 1M
listens on.
The default is 22.
Multiple options of this type are permitted.
! @@ -1102,7 +1102,7 @@
.Cm ListenAddress .
.It Cm PrintLastLog
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should print the date and time of the last user login when a user logs
in interactively.
The default is
! @@ -1109,7 +1109,7 @@
.Dq yes .
.It Cm PrintMotd
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should print
.Pa /etc/motd
when a user logs in interactively.
! @@ -1120,7 +1120,7 @@
.Dq yes .
.It Cm Protocol
Specifies the protocol versions
-.Xr sshd 8
+.Xr sshd 1M
supports.
The possible values are
.Sq 1
! @@ -1220,7 +1220,7 @@
.Dq no .
.It Cm StrictModes
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should check file modes and ownership of the
user's files and home directory before accepting login.
This is normally desirable because novices sometimes accidentally leave their
! @@ -1236,7 +1236,7 @@
to execute upon subsystem request.
.Pp
The command
-.Xr sftp-server 8
+.Xr sftp-server 1M
implements the
.Dq sftp
file transfer subsystem.
! @@ -1254,7 +1254,7 @@
Note that this option applies to protocol version 2 only.
.It Cm SyslogFacility
Gives the facility code that is used when logging messages from
-.Xr sshd 8 .
+.Xr sshd 1M .
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
! @@ -1295,7 +1295,7 @@
.Xr ssh-keygen 1 .
.It Cm UseDNS
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
! should look up the remote host name and check that
the resolved host name for the remote IP address maps back to the
very same IP address.
! @@ -1340,13 +1340,13 @@
If
.Cm UsePAM
is enabled, you will not be able to run
-.Xr sshd 8
+.Xr sshd 1M
--- 834,1181 ----
.Cm SendEnv
in
-.Xr ssh_config 5
+.Xr ssh_config 4
for how to configure the client.
! Note that environment passing is only supported for protocol 2, and
! that the
! @@ -89,7 +89,7 @@
The default is not to accept any environment variables.
.It Cm AddressFamily
Specifies which address family should be used by
-.Xr sshd 8 .
+.Xr sshd 1M .
Valid arguments are
.Dq any ,
.Dq inet
! @@ -122,7 +122,7 @@
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm AllowTcpForwarding
Specifies whether TCP forwarding is permitted.
! @@ -182,7 +182,7 @@
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm AuthenticationMethods
Specifies the authentication methods that must be successfully completed
! @@ -217,7 +217,7 @@
! If the
! .Dq publickey
! method is listed more than once,
! -.Xr sshd 8
! +.Xr sshd 1M
! verifies that keys that have been used successfully are not reused for
! subsequent authentications.
! For example, an
! @@ -250,7 +250,7 @@
! .Pp
! The program should produce on standard output zero or
more lines of authorized_keys output (see AUTHORIZED_KEYS in
-.Xr sshd 8 ) .
+.Xr sshd 1M ) .
If a key supplied by AuthorizedKeysCommand does not successfully authenticate
and authorize the user then public key authentication continues using the usual
.Cm AuthorizedKeysFile
! @@ -265,7 +265,7 @@
! is specified but
! .Cm AuthorizedKeysCommandUser
! is not, then
! -.Xr sshd 8
! +.Xr sshd 1M
! will refuse to start.
! .It Cm AuthorizedKeysFile
! Specifies the file that contains the public keys that can be used
! @@ -273,7 +273,7 @@
The format is described in the
AUTHORIZED_KEYS FILE FORMAT
section of
-.Xr sshd 8 .
+.Xr sshd 1M .
.Cm AuthorizedKeysFile
may contain tokens of the form %T which are substituted during connection
setup.
! @@ -321,7 +321,7 @@
! is specified but
! .Cm AuthorizedPrincipalsCommandUser
! is not, then
! -.Xr sshd 8
! +.Xr sshd 1M
! will refuse to start.
! .It Cm AuthorizedPrincipalsFile
! Specifies a file that lists principal names that are accepted for
! @@ -332,7 +332,7 @@
to be accepted for authentication.
Names are listed one per line preceded by key options (as described
in AUTHORIZED_KEYS FILE FORMAT in
-.Xr sshd 8 ) .
+.Xr sshd 1M ) .
Empty lines and comments starting with
.Ql #
are ignored.
! @@ -362,7 +362,7 @@
though the
.Cm principals=
key option offers a similar facility (see
-.Xr sshd 8
+.Xr sshd 1M
for details).
.It Cm Banner
The contents of the specified file are sent to the remote user before
! @@ -375,7 +375,7 @@
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or through authentication styles supported in
-.Xr login.conf 5 )
+.Xr login.conf 4 )
The default is
.Dq yes .
.It Cm ChrootDirectory
! @@ -383,11 +383,11 @@
! .Xr chroot 2
! to after authentication.
! At session startup
! -.Xr sshd 8
! +.Xr sshd 1M
! checks that all components of the pathname are root-owned directories
! which are not writable by any other user or group.
After the chroot,
-.Xr sshd 8
+.Xr sshd 1M
changes the working directory to the user's home directory.
.Pp
The pathname may contain the following tokens that are expanded at runtime once
! @@ -419,7 +419,7 @@
though sessions which use logging may require
.Pa /dev/log
inside the chroot directory on some operating systems (see
-.Xr sftp-server 8
+.Xr sftp-server 1M
for details).
.Pp
+ For safety, it is very important that the directory hierarchy be
+ @@ -426,7 +426,7 @@
+ prevented from modification by other processes on the system (especially
+ those outside the jail).
+ Misconfiguration can lead to unsafe environments which
+ -.Xr sshd 8
+ +.Xr sshd 1M
+ cannot detect.
+ .Pp
The default is not to
! @@ -490,7 +490,7 @@
.It Cm ClientAliveCountMax
Sets the number of client alive messages (see below) which may be
sent without
-.Xr sshd 8
+.Xr sshd 1M
receiving any messages back from the client.
If this threshold is reached while client alive messages are being sent,
sshd will disconnect the client, terminating the session.
! @@ -517,7 +517,7 @@
.It Cm ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received
from the client,
-.Xr sshd 8
+.Xr sshd 1M
will send a message through the encrypted
channel to request a response from the client.
The default
! @@ -548,7 +548,7 @@
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm DenyUsers
This keyword can be followed by a list of user name patterns, separated
! @@ -567,7 +567,7 @@
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
! .It Cm FingerprintHash
! Specifies the hash algorithm used when logging key fingerprints.
! @@ -600,7 +600,7 @@
Specifies whether remote hosts are allowed to connect to ports
forwarded for the client.
By default,
-.Xr sshd 8
+.Xr sshd 1M
binds remote port forwardings to the loopback address.
This prevents other remote hosts from connecting to forwarded ports.
.Cm GatewayPorts
! @@ -686,7 +686,7 @@
A setting of
.Dq yes
means that
-.Xr sshd 8
+.Xr sshd 1M
uses the name supplied by the client rather than
attempting to resolve the name from the TCP connection itself.
The default is
! @@ -697,7 +697,7 @@
by
.Cm HostKey .
The default behaviour of
-.Xr sshd 8
+.Xr sshd 1M
is not to load any certificates.
.It Cm HostKey
Specifies a file containing a private host key
! @@ -713,12 +713,12 @@
for protocol version 2.
+ .Pp
Note that
-.Xr sshd 8
+.Xr sshd 1M
! will refuse to use a file if it is group/world-accessible
! and that the
! .Cm HostKeyAlgorithms
! option restricts which of the keys are actually used by
! -.Xr sshd 8 .
! +.Xr sshd 1M .
! .Pp
It is possible to have multiple host key files.
.Dq rsa1
! @@ -779,7 +779,7 @@
.Dq yes .
.It Cm IgnoreUserKnownHosts
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should ignore the user's
.Pa ~/.ssh/known_hosts
during
! @@ -914,7 +914,7 @@
The default is 3600 (seconds).
.It Cm ListenAddress
Specifies the local addresses
-.Xr sshd 8
+.Xr sshd 1M
should listen on.
The following forms may be used:
.Pp
! @@ -954,7 +954,7 @@
The default is 120 seconds.
.It Cm LogLevel
Gives the verbosity level that is used when logging messages from
-.Xr sshd 8 .
+.Xr sshd 1M .
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
The default is INFO.
! @@ -1059,7 +1059,7 @@
The match patterns may consist of single entries or comma-separated
lists and may use the wildcard and negation operators described in the
PATTERNS section of
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
The patterns in an
.Cm Address
! @@ -1148,7 +1148,7 @@
the three colon separated values
.Dq start:rate:full
(e.g. "10:30:60").
-.Xr sshd 8
+.Xr sshd 1M
will refuse connection attempts with a probability of
.Dq rate/100
(30%)
! @@ -1268,7 +1268,7 @@
options in
.Pa ~/.ssh/authorized_keys
are processed by
-.Xr sshd 8 .
+.Xr sshd 1M .
The default is
.Dq no .
Enabling environment processing may enable users to bypass access
! @@ -1289,7 +1289,7 @@
.Pa /var/run/sshd.pid .
.It Cm Port
Specifies the port number that
-.Xr sshd 8
+.Xr sshd 1M
listens on.
The default is 22.
Multiple options of this type are permitted.
! @@ -1297,7 +1297,7 @@
.Cm ListenAddress .
.It Cm PrintLastLog
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should print the date and time of the last user login when a user logs
in interactively.
The default is
! @@ -1304,7 +1304,7 @@
.Dq yes .
.It Cm PrintMotd
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should print
.Pa /etc/motd
when a user logs in interactively.
! @@ -1315,7 +1315,7 @@
.Dq yes .
.It Cm Protocol
Specifies the protocol versions
-.Xr sshd 8
+.Xr sshd 1M
supports.
The possible values are
.Sq 1
! @@ -1440,7 +1440,7 @@
.Dq no .
.It Cm StrictModes
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should check file modes and ownership of the
user's files and home directory before accepting login.
This is normally desirable because novices sometimes accidentally leave their
! @@ -1456,7 +1456,7 @@
to execute upon subsystem request.
.Pp
The command
-.Xr sftp-server 8
+.Xr sftp-server 1M
implements the
.Dq sftp
file transfer subsystem.
! @@ -1474,7 +1474,7 @@
Note that this option applies to protocol version 2 only.
.It Cm SyslogFacility
Gives the facility code that is used when logging messages from
-.Xr sshd 8 .
+.Xr sshd 1M .
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
! @@ -1517,7 +1517,7 @@
.Xr ssh-keygen 1 .
.It Cm UseDNS
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
! should look up the remote host name, and to check that
the resolved host name for the remote IP address maps back to the
very same IP address.
! @@ -1571,13 +1571,13 @@
If
.Cm UsePAM
is enabled, you will not be able to run
-.Xr sshd 8
+.Xr sshd 1M
*** 1021,1076 ****
-.Xr sshd 8
+.Xr sshd 1M
separates privileges by creating an unprivileged child process
to deal with incoming network traffic.
After successful authentication, another process will be created that has
! @@ -1368,7 +1368,7 @@
.Dq none .
.It Cm X11DisplayOffset
Specifies the first display number available for
-.Xr sshd 8 Ns 's
+.Xr sshd 1M Ns 's
X11 forwarding.
This prevents sshd from interfering with real X11 servers.
The default is 10.
! @@ -1383,7 +1383,7 @@
.Pp
When X11 forwarding is enabled, there may be additional exposure to
the server and to client displays if the
-.Xr sshd 8
+.Xr sshd 1M
proxy display is configured to listen on the wildcard address (see
.Cm X11UseLocalhost
below), though this is not the default.
! @@ -1394,7 +1394,7 @@
forwarding (see the warnings for
.Cm ForwardX11
in
-.Xr ssh_config 5 ) .
+.Xr ssh_config 4 ) .
A system administrator may have a stance in which they want to
protect clients that may expose themselves to attack by unwittingly
requesting X11 forwarding, which can warrant a
! @@ -1408,7 +1408,7 @@
is enabled.
.It Cm X11UseLocalhost
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should bind the X11 forwarding server to the loopback address or to
the wildcard address.
By default,
! @@ -1439,7 +1439,7 @@
.Pa /usr/X11R6/bin/xauth .
.El
.Sh TIME FORMATS
-.Xr sshd 8
+.Xr sshd 1M
command-line arguments and configuration file options that specify time
may be expressed using a sequence of the form:
.Sm off
! @@ -1483,12 +1483,12 @@
.Bl -tag -width Ds
.It Pa /etc/ssh/sshd_config
Contains configuration data for
-.Xr sshd 8 .
+.Xr sshd 1M .
--- 1187,1242 ----
-.Xr sshd 8
+.Xr sshd 1M
separates privileges by creating an unprivileged child process
to deal with incoming network traffic.
After successful authentication, another process will be created that has
! @@ -1599,7 +1599,7 @@
.Dq none .
.It Cm X11DisplayOffset
Specifies the first display number available for
-.Xr sshd 8 Ns 's
+.Xr sshd 1M Ns 's
X11 forwarding.
This prevents sshd from interfering with real X11 servers.
The default is 10.
! @@ -1614,7 +1614,7 @@
.Pp
When X11 forwarding is enabled, there may be additional exposure to
the server and to client displays if the
-.Xr sshd 8
+.Xr sshd 1M
proxy display is configured to listen on the wildcard address (see
.Cm X11UseLocalhost
below), though this is not the default.
! @@ -1625,7 +1625,7 @@
forwarding (see the warnings for
.Cm ForwardX11
in
-.Xr ssh_config 5 ) .
+.Xr ssh_config 4 ) .
A system administrator may have a stance in which they want to
protect clients that may expose themselves to attack by unwittingly
requesting X11 forwarding, which can warrant a
! @@ -1639,7 +1639,7 @@
is enabled.
.It Cm X11UseLocalhost
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should bind the X11 forwarding server to the loopback address or to
the wildcard address.
By default,
! @@ -1672,7 +1672,7 @@
.Pa /usr/X11R6/bin/xauth .
.El
.Sh TIME FORMATS
-.Xr sshd 8
+.Xr sshd 1M
command-line arguments and configuration file options that specify time
may be expressed using a sequence of the form:
.Sm off
! @@ -1716,12 +1716,12 @@
.Bl -tag -width Ds
.It Pa /etc/ssh/sshd_config
Contains configuration data for
-.Xr sshd 8 .
+.Xr sshd 1M .
*** 1081,1098 ****
-.Xr sshd 8
+.Xr sshd 1M
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
- Common subdirectories: openssh-6.7p1-orig/contrib/aix and openssh-6.7p1/contrib/aix
- Common subdirectories: openssh-6.7p1-orig/contrib/caldera and openssh-6.7p1/contrib/caldera
- Common subdirectories: openssh-6.7p1-orig/contrib/cygwin and openssh-6.7p1/contrib/cygwin
- Common subdirectories: openssh-6.7p1-orig/contrib/hpux and openssh-6.7p1/contrib/hpux
- Common subdirectories: openssh-6.7p1-orig/contrib/redhat and openssh-6.7p1/contrib/redhat
- Common subdirectories: openssh-6.7p1-orig/contrib/solaris and openssh-6.7p1/contrib/solaris
- Common subdirectories: openssh-6.7p1-orig/contrib/suse and openssh-6.7p1/contrib/suse
- Common subdirectories: openssh-6.7p1-orig/openbsd-compat/regress and openssh-6.7p1/openbsd-compat/regress
- Common subdirectories: openssh-6.7p1-orig/regress/unittests and openssh-6.7p1/regress/unittests
- Common subdirectories: openssh-6.7p1-orig/regress/unittests/sshbuf and openssh-6.7p1/regress/unittests/sshbuf
- Common subdirectories: openssh-6.7p1-orig/regress/unittests/sshkey and openssh-6.7p1/regress/unittests/sshkey
- Common subdirectories: openssh-6.7p1-orig/regress/unittests/test_helper and openssh-6.7p1/regress/unittests/test_helper
- Common subdirectories: openssh-6.7p1-orig/regress/unittests/sshkey/testdata and openssh-6.7p1/regress/unittests/sshkey/testdata
--- 1247,1251 ----