1 diff -ru openssh-6.7p1-orig/Makefile.in openssh-6.7p1/Makefile.in
2 --- openssh-6.7p1-orig/Makefile.in Sat Aug 30 02:23:07 2014
3 +++ openssh-6.7p1/Makefile.in Fri Feb 27 15:50:37 2015
4 @@ -282,8 +282,8 @@
5 $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
6 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
7 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
8 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
9 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
10 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1m
11 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)4
12 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
13 (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
14 $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
15 @@ -303,14 +303,14 @@
16 $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
17 $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
18 $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
19 - $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
20 - $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
21 - $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
22 - $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
23 + $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)4/moduli.4
24 + $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)4/sshd_config.4
25 + $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)4/ssh_config.4
26 + $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/sshd.1m
27 $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
28 - $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
29 - $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
30 - $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
31 + $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/sftp-server.1m
32 + $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-keysign.1m
33 + $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-pkcs11-helper.1m
34 -rm -f $(DESTDIR)$(bindir)/slogin
35 ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
36 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
37 Only in openssh-6.7p1: Makefile.in.orig
38 Common subdirectories: openssh-6.7p1-orig/contrib and openssh-6.7p1/contrib
39 diff -ru openssh-6.7p1-orig/moduli.5 openssh-6.7p1/moduli.5
40 --- openssh-6.7p1-orig/moduli.5 Tue Nov 6 16:36:01 2012
41 +++ openssh-6.7p1/moduli.5 Fri Feb 27 15:50:37 2015
42 @@ -14,7 +14,7 @@
43 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
44 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
45 .Dd $Mdocdate: September 26 2012 $
46 -.Dt MODULI 5
47 +.Dt MODULI 4
48 .Os
49 .Sh NAME
50 .Nm moduli
51 @@ -23,7 +23,7 @@
52 The
53 .Pa /etc/moduli
54 file contains prime numbers and generators for use by
55 -.Xr sshd 8
56 +.Xr sshd 1M
57 in the Diffie-Hellman Group Exchange key exchange method.
58 .Pp
59 New moduli may be generated with
60 @@ -40,7 +40,7 @@
61 .Ic ssh-keygen -T ,
78 @@ -105,16 +105,16 @@
79 .El
80 .Pp
81 When performing Diffie-Hellman Group Exchange,
82 -.Xr sshd 8
83 +.Xr sshd 1M
84 first estimates the size of the modulus required to produce enough
85 Diffie-Hellman output to sufficiently key the selected symmetric cipher.
86 -.Xr sshd 8
87 +.Xr sshd 1M
88 then randomly selects a modulus from
89 .Fa /etc/moduli
90 that best meets the size requirement.
91 .Sh SEE ALSO
92 .Xr ssh-keygen 1 ,
93 -.Xr sshd 8
94 +.Xr sshd 1M
95 .Sh STANDARDS
96 .Rs
97 .%A M. Friedl
98 Common subdirectories: openssh-6.7p1-orig/openbsd-compat and openssh-6.7p1/openbsd-compat
99 Common subdirectories: openssh-6.7p1-orig/regress and openssh-6.7p1/regress
100 Common subdirectories: openssh-6.7p1-orig/scard and openssh-6.7p1/scard
101 diff -ru openssh-6.7p1-orig/scp.1 openssh-6.7p1/scp.1
102 --- openssh-6.7p1-orig/scp.1 Sat Apr 19 23:02:58 2014
103 +++ openssh-6.7p1/scp.1 Fri Feb 27 15:50:37 2015
104 @@ -116,13 +116,13 @@
105 Can be used to pass options to
106 .Nm ssh
107 in the format used in
108 -.Xr ssh_config 5 .
109 +.Xr ssh_config 4 .
110 This is useful for specifying options
111 for which there is no separate
112 .Nm scp
113 command-line flag.
114 For full details of the options listed below, and their possible values, see
115 -.Xr ssh_config 5 .
116 +.Xr ssh_config 4 .
117 .Pp
118 .Bl -tag -width Ds -offset indent -compact
119 .It AddressFamily
120 @@ -227,8 +227,8 @@
121 .Xr ssh-add 1 ,
122 .Xr ssh-agent 1 ,
123 .Xr ssh-keygen 1 ,
124 -.Xr ssh_config 5 ,
125 -.Xr sshd 8
126 +.Xr ssh_config 4 ,
127 +.Xr sshd 1M
128 .Sh HISTORY
129 .Nm
130 is based on the rcp program in
131 Only in openssh-6.7p1: scp.1.orig
132 diff -ru openssh-6.7p1-orig/sftp-server.8 openssh-6.7p1/sftp-server.8
133 --- openssh-6.7p1-orig/sftp-server.8 Tue Jul 29 22:33:21 2014
134 +++ openssh-6.7p1/sftp-server.8 Fri Feb 27 15:51:27 2015
135 @@ -23,7 +23,7 @@
136 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
137 .\"
138 .Dd $Mdocdate: July 28 2014 $
139 -.Dt SFTP-SERVER 8
140 +.Dt SFTP-SERVER 1M
141 .Os
142 .Sh NAME
143 .Nm sftp-server
144 @@ -47,7 +47,7 @@
145 to stdout and expects client requests from stdin.
146 .Nm
147 is not intended to be called directly, but from
148 -.Xr sshd 8
149 +.Xr sshd 1M
150 using the
151 .Cm Subsystem
152 option.
153 @@ -58,7 +58,7 @@
154 .Cm Subsystem
155 declaration.
156 See
157 -.Xr sshd_config 5
158 +.Xr sshd_config 4
159 for more information.
160 .Pp
161 Valid options are:
162 @@ -147,13 +147,13 @@
163 for logging to work, and use of
164 .Nm
165 in a chroot configuration therefore requires that
166 -.Xr syslogd 8
167 +.Xr syslogd 1M
168 establish a logging socket inside the chroot directory.
169 .Sh SEE ALSO
170 .Xr sftp 1 ,
171 .Xr ssh 1 ,
172 -.Xr sshd_config 5 ,
173 -.Xr sshd 8
174 +.Xr sshd_config 4 ,
175 +.Xr sshd 1M
176 .Rs
177 .%A T. Ylonen
178 .%A S. Lehtinen
179 diff -ru openssh-6.7p1-orig/sftp.1 openssh-6.7p1/sftp.1
180 --- openssh-6.7p1-orig/sftp.1 Wed May 14 23:47:37 2014
181 +++ openssh-6.7p1/sftp.1 Fri Feb 27 15:50:37 2015
182 @@ -85,7 +85,7 @@
183 option.
184 In such cases, it is necessary to configure non-interactive authentication
185 to obviate the need to enter a password at connection time (see
186 -.Xr sshd 8
187 +.Xr sshd 1M
188 and
189 .Xr ssh-keygen 1
190 for details).
191 @@ -179,7 +179,7 @@
192 Can be used to pass options to
193 .Nm ssh
194 in the format used in
195 -.Xr ssh_config 5 .
196 +.Xr ssh_config 4 .
197 This is useful for specifying options
198 for which there is no separate
199 .Nm sftp
200 @@ -187,7 +187,7 @@
201 For example, to specify an alternate port use:
202 .Ic sftp -oPort=24 .
203 For full details of the options listed below, and their possible values, see
204 -.Xr ssh_config 5 .
205 +.Xr ssh_config 4 .
206 .Pp
207 .Bl -tag -width Ds -offset indent -compact
208 .It AddressFamily
209 @@ -280,7 +280,7 @@
210 A path is useful for using
211 .Nm
212 over protocol version 1, or when the remote
213 -.Xr sshd 8
214 +.Xr sshd 1M
215 does not have an sftp subsystem configured.
216 .It Fl v
217 Raise logging level.
218 @@ -610,9 +610,9 @@
219 .Xr ssh-add 1 ,
220 .Xr ssh-keygen 1 ,
221 .Xr glob 3 ,
222 -.Xr ssh_config 5 ,
223 -.Xr sftp-server 8 ,
224 -.Xr sshd 8
225 +.Xr ssh_config 4 ,
226 +.Xr sftp-server 1M ,
227 +.Xr sshd 1M
228 .Rs
229 .%A T. Ylonen
230 .%A S. Lehtinen
231 Only in openssh-6.7p1: sftp.1.orig
232 diff -ru openssh-6.7p1-orig/ssh-add.1 openssh-6.7p1/ssh-add.1
233 --- openssh-6.7p1-orig/ssh-add.1 Wed Dec 18 01:46:28 2013
234 +++ openssh-6.7p1/ssh-add.1 Fri Feb 27 15:50:37 2015
235 @@ -126,7 +126,7 @@
236 Set a maximum lifetime when adding identities to an agent.
237 The lifetime may be specified in seconds or in a time format
238 specified in
239 -.Xr sshd_config 5 .
240 +.Xr sshd_config 4 .
241 .It Fl X
242 Unlock the agent.
243 .It Fl x
244 @@ -189,7 +189,7 @@
245 .Xr ssh 1 ,
246 .Xr ssh-agent 1 ,
247 .Xr ssh-keygen 1 ,
248 -.Xr sshd 8
249 +.Xr sshd 1M
250 .Sh AUTHORS
251 OpenSSH is a derivative of the original and free
252 ssh 1.2.12 release by Tatu Ylonen.
253 diff -ru openssh-6.7p1-orig/ssh-keygen.1 openssh-6.7p1/ssh-keygen.1
254 --- openssh-6.7p1-orig/ssh-keygen.1 Sat Apr 19 23:23:04 2014
255 +++ openssh-6.7p1/ssh-keygen.1 Fri Feb 27 15:50:37 2015
256 @@ -433,7 +433,7 @@
257 Disable execution of
258 .Pa ~/.ssh/rc
259 by
260 -.Xr sshd 8
261 +.Xr sshd 1M
262 (permitted by default).
263 .It Ic no-x11-forwarding
264 Disable X11 forwarding (permitted by default).
265 @@ -449,7 +449,7 @@
266 Allows execution of
267 .Pa ~/.ssh/rc
268 by
269 -.Xr sshd 8 .
270 +.Xr sshd 1M .
271 .It Ic permit-x11-forwarding
272 Allows X11 forwarding.
273 .It Ic source-address Ns = Ns Ar address_list
274 @@ -540,7 +540,7 @@
275 in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
276 of a minus sign followed by a relative time in the format described in the
277 TIME FORMATS section of
278 -.Xr sshd_config 5 .
279 +.Xr sshd_config 4 .
280 The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
281 a relative time starting with a plus character.
282 .Pp
283 @@ -642,7 +642,7 @@
284 on a certificate rather than trusting many user/host keys.
285 Note that OpenSSH certificates are a different, and much simpler, format to
286 the X.509 certificates used in
287 -.Xr ssl 8 .
288 +.Xr ssl 1M .
289 .Pp
290 .Nm
291 supports two types of certificates: user and host.
292 @@ -706,7 +706,7 @@
293 .Pp
294 For certificates to be used for user or host authentication, the CA
295 public key must be trusted by
296 -.Xr sshd 8
297 +.Xr sshd 1M
298 or
299 .Xr ssh 1 .
300 Please refer to those manual pages for details.
301 @@ -830,14 +830,14 @@
302 .It Pa /etc/moduli
303 Contains Diffie-Hellman groups used for DH-GEX.
304 The file format is described in
305 -.Xr moduli 5 .
306 +.Xr moduli 4 .
307 .El
308 .Sh SEE ALSO
309 .Xr ssh 1 ,
310 .Xr ssh-add 1 ,
311 .Xr ssh-agent 1 ,
312 -.Xr moduli 5 ,
313 -.Xr sshd 8
314 +.Xr moduli 4 ,
315 +.Xr sshd 1M
316 .Rs
317 .%R RFC 4716
318 .%T "The Secure Shell (SSH) Public Key File Format"
319 diff -ru openssh-6.7p1-orig/ssh-keysign.8 openssh-6.7p1/ssh-keysign.8
320 --- openssh-6.7p1-orig/ssh-keysign.8 Wed Dec 18 01:46:28 2013
321 +++ openssh-6.7p1/ssh-keysign.8 Fri Feb 27 15:50:37 2015
322 @@ -23,7 +23,7 @@
323 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
324 .\"
325 .Dd $Mdocdate: December 7 2013 $
326 -.Dt SSH-KEYSIGN 8
327 +.Dt SSH-KEYSIGN 1M
328 .Os
329 .Sh NAME
330 .Nm ssh-keysign
331 @@ -52,7 +52,7 @@
332 See
333 .Xr ssh 1
334 and
335 -.Xr sshd 8
336 +.Xr sshd 1M
337 for more information about host-based authentication.
338 .Sh FILES
339 .Bl -tag -width Ds -compact
340 @@ -83,8 +83,8 @@
341 .Sh SEE ALSO
342 .Xr ssh 1 ,
343 .Xr ssh-keygen 1 ,
344 -.Xr ssh_config 5 ,
345 -.Xr sshd 8
346 +.Xr ssh_config 4 ,
347 +.Xr sshd 1M
348 .Sh HISTORY
349 .Nm
350 first appeared in
351 diff -ru openssh-6.7p1-orig/ssh-pkcs11-helper.8 openssh-6.7p1/ssh-pkcs11-helper.8
352 --- openssh-6.7p1-orig/ssh-pkcs11-helper.8 Thu Jul 18 02:14:14 2013
353 +++ openssh-6.7p1/ssh-pkcs11-helper.8 Fri Feb 27 15:50:37 2015
354 @@ -15,7 +15,7 @@
355 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
356 .\"
357 .Dd $Mdocdate: July 16 2013 $
358 -.Dt SSH-PKCS11-HELPER 8
359 +.Dt SSH-PKCS11-HELPER 1M
360 .Os
361 .Sh NAME
362 .Nm ssh-pkcs11-helper
363 diff -ru openssh-6.7p1-orig/ssh.1 openssh-6.7p1/ssh.1
364 --- openssh-6.7p1-orig/ssh.1 Tue Jul 29 22:32:28 2014
365 +++ openssh-6.7p1/ssh.1 Fri Feb 27 15:52:48 2015
366 @@ -164,7 +164,7 @@
367 See the
368 .Cm Ciphers
369 keyword in
370 -.Xr ssh_config 5
371 +.Xr ssh_config 4
372 for more information.
373 .It Fl D Xo
374 .Sm off
375 @@ -343,7 +343,7 @@
376 Refer to the description of
377 .Cm ControlMaster
378 in
379 -.Xr ssh_config 5
380 +.Xr ssh_config 4
381 for details.
382 .It Fl m Ar mac_spec
383 Additionally, for protocol version 2 a comma-separated list of MAC
384 @@ -399,7 +399,7 @@
385 This is useful for specifying options for which there is no separate
386 command-line flag.
387 For full details of the options listed below, and their possible values, see
388 -.Xr ssh_config 5 .
389 +.Xr ssh_config 4 .
390 .Pp
391 .Bl -tag -width Ds -offset indent -compact
392 .It AddressFamily
393 @@ -541,7 +541,7 @@
394 will only succeed if the server's
395 .Cm GatewayPorts
396 option is enabled (see
397 -.Xr sshd_config 5 ) .
398 +.Xr sshd_config 4 ) .
399 .Pp
400 If the
401 .Ar port
402 @@ -562,7 +562,7 @@
403 and
404 .Cm ControlMaster
405 in
406 -.Xr ssh_config 5
407 +.Xr ssh_config 4
408 for details.
409 .It Fl s
410 May be used to request invocation of a subsystem on the remote system.
411 @@ -632,7 +632,7 @@
412 and
413 .Cm TunnelDevice
414 directives in
415 -.Xr ssh_config 5 .
416 +.Xr ssh_config 4 .
417 If the
418 .Cm Tunnel
419 directive is unset, it is set to the default tunnel mode, which is
420 @@ -655,7 +655,7 @@
421 option and the
422 .Cm ForwardX11Trusted
423 directive in
424 -.Xr ssh_config 5
425 +.Xr ssh_config 4
426 for more information.
427 .It Fl x
428 Disables X11 forwarding.
429 @@ -674,7 +674,7 @@
430 may additionally obtain configuration data from
431 a per-user configuration file and a system-wide configuration file.
432 The file format and configuration options are described in
433 -.Xr ssh_config 5 .
434 +.Xr ssh_config 4 .
435 .Sh AUTHENTICATION
436 The OpenSSH SSH client supports SSH protocols 1 and 2.
437 The default is to use protocol 2 only,
438 @@ -681,7 +681,7 @@
439 though this can be changed via the
440 .Cm Protocol
441 option in
442 -.Xr ssh_config 5
443 +.Xr ssh_config 4
444 or the
445 .Fl 1
446 and
447 @@ -941,7 +941,7 @@
448 allows the user to execute a local command if the
449 .Ic PermitLocalCommand
450 option is enabled in
451 -.Xr ssh_config 5 .
452 +.Xr ssh_config 4 .
453 Basic help is available, using the
454 .Fl h
455 option.
456 @@ -1138,7 +1138,7 @@
457 See the
458 .Cm VerifyHostKeyDNS
459 option in
460 -.Xr ssh_config 5
461 +.Xr ssh_config 4
462 for more information.
463 .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
464 .Nm
465 @@ -1148,7 +1148,7 @@
466 network pseudo-device,
467 allowing two networks to be joined securely.
468 The
469 -.Xr sshd_config 5
470 +.Xr sshd_config 4
471 configuration option
472 .Cm PermitTunnel
473 controls whether the server supports this,
474 @@ -1298,7 +1298,7 @@
475 For more information, see the
476 .Cm PermitUserEnvironment
477 option in
478 -.Xr sshd_config 5 .
479 +.Xr sshd_config 4 .
480 .Sh FILES
481 .Bl -tag -width Ds -compact
482 .It Pa ~/.rhosts
483 @@ -1306,7 +1306,7 @@
484 On some machines this file may need to be
485 world-readable if the user's home directory is on an NFS partition,
486 because
487 -.Xr sshd 8
488 +.Xr sshd 1M
489 reads it as root.
490 Additionally, this file must be owned by the user,
491 and must not have write permissions for anyone else.
492 @@ -1331,7 +1331,7 @@
493 Lists the public keys (DSA, ECDSA, ED25519, RSA)
494 that can be used for logging in as this user.
495 The format of this file is described in the
496 -.Xr sshd 8
497 +.Xr sshd 1M
498 manual page.
499 This file is not highly sensitive, but the recommended
500 permissions are read/write for the user, and not accessible by others.
501 @@ -1339,7 +1339,7 @@
502 .It Pa ~/.ssh/config
503 This is the per-user configuration file.
504 The file format and configuration options are described in
505 -.Xr ssh_config 5 .
506 +.Xr ssh_config 4 .
507 Because of the potential for abuse, this file must have strict permissions:
508 read/write for the user, and not writable by others.
509 .Pp
510 @@ -1376,7 +1376,7 @@
511 Contains a list of host keys for all hosts the user has logged into
512 that are not already in the systemwide list of known host keys.
513 See
514 -.Xr sshd 8
515 +.Xr sshd 1M
516 for further details of the format of this file.
517 .Pp
518 .It Pa ~/.ssh/rc
519 @@ -1385,7 +1385,7 @@
520 when the user logs in, just before the user's shell (or command) is
521 started.
522 See the
523 -.Xr sshd 8
524 +.Xr sshd 1M
525 manual page for more information.
526 .Pp
527 .It Pa /etc/hosts.equiv
528 @@ -1401,7 +1401,7 @@
529 .It Pa /etc/ssh/ssh_config
530 Systemwide configuration file.
531 The file format and configuration options are described in
532 -.Xr ssh_config 5 .
533 +.Xr ssh_config 4 .
534 .Pp
535 .It Pa /etc/ssh/ssh_host_key
536 .It Pa /etc/ssh/ssh_host_dsa_key
537 @@ -1416,7 +1416,7 @@
538 For protocol version 2,
539 .Nm
540 uses
541 -.Xr ssh-keysign 8
542 +.Xr ssh-keysign 1M
543 to access the host keys,
544 eliminating the requirement that
545 .Nm
546 @@ -1432,7 +1432,7 @@
547 organization.
548 It should be world-readable.
549 See
550 -.Xr sshd 8
551 +.Xr sshd 1M
552 for further details of the format of this file.
553 .Pp
554 .It Pa /etc/ssh/sshrc
555 @@ -1440,7 +1440,7 @@
556 .Nm
557 when the user logs in, just before the user's shell (or command) is started.
558 See the
559 -.Xr sshd 8
560 +.Xr sshd 1M
561 manual page for more information.
562 .El
563 .Sh EXIT STATUS
564 @@ -1455,9 +1455,9 @@
565 .Xr ssh-keygen 1 ,
566 .Xr ssh-keyscan 1 ,
567 .Xr tun 4 ,
568 -.Xr ssh_config 5 ,
569 -.Xr ssh-keysign 8 ,
570 -.Xr sshd 8
571 +.Xr ssh_config 4 ,
572 +.Xr ssh-keysign 1M ,
573 +.Xr sshd 1M
574 .Sh STANDARDS
575 .Rs
576 .%A S. Lehtinen
577 diff -ru openssh-6.7p1-orig/sshd.8 openssh-6.7p1/sshd.8
578 --- openssh-6.7p1-orig/sshd.8 Thu Jul 3 19:00:04 2014
579 +++ openssh-6.7p1/sshd.8 Fri Feb 27 15:54:50 2015
580 @@ -35,7 +35,7 @@
581 .\"
582 .\" $OpenBSD: sshd.8,v 1.276 2014/07/03 22:40:43 djm Exp $
583 .Dd $Mdocdate: July 3 2014 $
584 -.Dt SSHD 8
585 +.Dt SSHD 1M
586 .Os
587 .Sh NAME
588 .Nm sshd
589 @@ -77,7 +77,7 @@
590 .Nm
591 can be configured using command-line options or a configuration file
592 (by default
593 -.Xr sshd_config 5 ) ;
594 +.Xr sshd_config 4 ) ;
595 command-line options override values specified in the
596 configuration file.
597 .Nm
598 @@ -183,7 +183,7 @@
599 Specifies that
600 .Nm
601 is being run from
602 -.Xr inetd 8 .
603 +.Xr inetd 1M .
604 .Nm
605 is normally not run
606 from inetd because it needs to generate the server key before it can
607 @@ -207,7 +207,7 @@
608 This is useful for specifying options for which there is no separate
609 command-line flag.
610 For full details of the options, and their values, see
611 -.Xr sshd_config 5 .
612 +.Xr sshd_config 4 .
613 .It Fl p Ar port
614 Specifies the port on which the server listens for connections
615 (default 22).
616 @@ -277,7 +277,7 @@
617 though this can be changed via the
618 .Cm Protocol
619 option in
620 -.Xr sshd_config 5 .
621 +.Xr sshd_config 4 .
622 Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
623 protocol 1 only supports RSA keys.
624 For both protocols,
625 @@ -402,7 +402,7 @@
626 See the
627 .Cm PermitUserEnvironment
628 option in
629 -.Xr sshd_config 5 .
630 +.Xr sshd_config 4 .
631 .It
632 Changes to user's home directory.
633 .It
634 @@ -550,7 +550,7 @@
635 environment variable.
636 Note that this option applies to shell, command or subsystem execution.
637 Also note that this command may be superseded by either a
638 -.Xr sshd_config 5
639 +.Xr sshd_config 4
640 .Cm ForceCommand
641 directive or a command embedded in a certificate.
642 .It Cm environment="NAME=value"
643 @@ -571,7 +571,7 @@
644 name of the remote host or its IP address must be present in the
645 comma-separated list of patterns.
646 See PATTERNS in
647 -.Xr ssh_config 5
648 +.Xr ssh_config 4
649 for more information on patterns.
650 .Pp
651 In addition to the wildcard matching that may be applied to hostnames or
652 @@ -859,11 +859,11 @@
653 .It Pa /etc/moduli
654 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
655 The file format is described in
656 -.Xr moduli 5 .
657 +.Xr moduli 4 .
658 .Pp
659 .It Pa /etc/motd
660 See
661 -.Xr motd 5 .
662 +.Xr motd 4 .
663 .Pp
664 .It Pa /etc/nologin
665 If this file exists,
666 @@ -920,7 +920,7 @@
667 Contains configuration data for
668 .Nm sshd .
669 The file format and configuration options are described in
670 -.Xr sshd_config 5 .
671 +.Xr sshd_config 4 .
672 .Pp
673 .It Pa /etc/ssh/sshrc
674 Similar to
675 @@ -954,11 +954,11 @@
676 .Xr ssh-keygen 1 ,
677 .Xr ssh-keyscan 1 ,
678 .Xr chroot 2 ,
679 -.Xr login.conf 5 ,
680 -.Xr moduli 5 ,
681 -.Xr sshd_config 5 ,
682 -.Xr inetd 8 ,
683 -.Xr sftp-server 8
684 +.Xr login.conf 4 ,
685 +.Xr moduli 4 ,
686 +.Xr sshd_config 4 ,
687 +.Xr inetd 1M ,
688 +.Xr sftp-server 1M
689 .Sh AUTHORS
690 OpenSSH is a derivative of the original and free
691 ssh 1.2.12 release by Tatu Ylonen.
692 diff -ru openssh-6.7p1-orig/sshd_config.5 openssh-6.7p1/sshd_config.5
693 --- openssh-6.7p1-orig/sshd_config.5 Thu Oct 2 19:24:57 2014
694 +++ openssh-6.7p1/sshd_config.5 Fri Feb 27 15:56:01 2015
695 @@ -35,7 +35,7 @@
696 .\"
697 .\" $OpenBSD: sshd_config.5,v 1.176 2014/07/28 15:40:08 schwarze Exp $
698 .Dd $Mdocdate: July 28 2014 $
699 -.Dt SSHD_CONFIG 5
700 +.Dt SSHD_CONFIG 4
701 .Os
702 .Sh NAME
703 .Nm sshd_config
704 @@ -43,7 +43,7 @@
705 .Sh SYNOPSIS
706 .Nm /etc/ssh/sshd_config
707 .Sh DESCRIPTION
708 -.Xr sshd 8
709 +.Xr sshd 1M
710 reads configuration data from
711 .Pa /etc/ssh/sshd_config
712 (or the file specified with
713 @@ -68,7 +68,7 @@
714 See
715 .Cm SendEnv
716 in
717 -.Xr ssh_config 5
718 +.Xr ssh_config 4
719 for how to configure the client.
720 Note that environment passing is only supported for protocol 2.
721 Variables are specified by name, which may contain the wildcard characters
722 @@ -85,7 +85,7 @@
723 The default is not to accept any environment variables.
724 .It Cm AddressFamily
725 Specifies which address family should be used by
726 -.Xr sshd 8 .
727 +.Xr sshd 1M .
728 Valid arguments are
729 .Dq any ,
730 .Dq inet
731 @@ -118,7 +118,7 @@
732 .Cm AllowGroups .
733 .Pp
734 See PATTERNS in
735 -.Xr ssh_config 5
736 +.Xr ssh_config 4
737 for more information on patterns.
738 .It Cm AllowTcpForwarding
739 Specifies whether TCP forwarding is permitted.
740 @@ -178,7 +178,7 @@
741 .Cm AllowGroups .
742 .Pp
743 See PATTERNS in
744 -.Xr ssh_config 5
745 +.Xr ssh_config 4
746 for more information on patterns.
747 .It Cm AuthenticationMethods
748 Specifies the authentication methods that must be successfully completed
749 @@ -222,7 +222,7 @@
750 It will be invoked with a single argument of the username
751 being authenticated, and should produce on standard output zero or
752 more lines of authorized_keys output (see AUTHORIZED_KEYS in
753 -.Xr sshd 8 ) .
754 +.Xr sshd 1M ) .
755 If a key supplied by AuthorizedKeysCommand does not successfully authenticate
756 and authorize the user then public key authentication continues using the usual
757 .Cm AuthorizedKeysFile
758 @@ -238,7 +238,7 @@
759 The format is described in the
760 AUTHORIZED_KEYS FILE FORMAT
761 section of
762 -.Xr sshd 8 .
763 +.Xr sshd 1M .
764 .Cm AuthorizedKeysFile
765 may contain tokens of the form %T which are substituted during connection
766 setup.
767 @@ -261,7 +261,7 @@
768 to be accepted for authentication.
769 Names are listed one per line preceded by key options (as described
770 in AUTHORIZED_KEYS FILE FORMAT in
771 -.Xr sshd 8 ) .
772 +.Xr sshd 1M ) .
773 Empty lines and comments starting with
774 .Ql #
775 are ignored.
776 @@ -291,7 +291,7 @@
777 though the
778 .Cm principals=
779 key option offers a similar facility (see
780 -.Xr sshd 8
781 +.Xr sshd 1M
782 for details).
783 .It Cm Banner
784 The contents of the specified file are sent to the remote user before
785 @@ -304,7 +304,7 @@
786 .It Cm ChallengeResponseAuthentication
787 Specifies whether challenge-response authentication is allowed (e.g. via
788 PAM or through authentication styles supported in
789 -.Xr login.conf 5 )
790 +.Xr login.conf 4 )
791 The default is
792 .Dq yes .
793 .It Cm ChrootDirectory
794 @@ -314,7 +314,7 @@
795 All components of the pathname must be root-owned directories that are
796 not writable by any other user or group.
797 After the chroot,
798 -.Xr sshd 8
799 +.Xr sshd 1M
800 changes the working directory to the user's home directory.
801 .Pp
802 The pathname may contain the following tokens that are expanded at runtime once
803 @@ -347,7 +347,7 @@
804 though sessions which use logging may require
805 .Pa /dev/log
806 inside the chroot directory on some operating systems (see
807 -.Xr sftp-server 8
808 +.Xr sftp-server 1M
809 for details).
810 .Pp
811 The default is not to
812 @@ -404,7 +404,7 @@
813 .It Cm ClientAliveCountMax
814 Sets the number of client alive messages (see below) which may be
815 sent without
816 -.Xr sshd 8
817 +.Xr sshd 1M
818 receiving any messages back from the client.
819 If this threshold is reached while client alive messages are being sent,
820 sshd will disconnect the client, terminating the session.
821 @@ -431,7 +431,7 @@
822 .It Cm ClientAliveInterval
823 Sets a timeout interval in seconds after which if no data has been received
824 from the client,
825 -.Xr sshd 8
826 +.Xr sshd 1M
827 will send a message through the encrypted
828 channel to request a response from the client.
829 The default
830 @@ -462,7 +462,7 @@
831 .Cm AllowGroups .
832 .Pp
833 See PATTERNS in
834 -.Xr ssh_config 5
835 +.Xr ssh_config 4
836 for more information on patterns.
837 .It Cm DenyUsers
838 This keyword can be followed by a list of user name patterns, separated
839 @@ -481,7 +481,7 @@
840 .Cm AllowGroups .
841 .Pp
842 See PATTERNS in
843 -.Xr ssh_config 5
844 +.Xr ssh_config 4
845 for more information on patterns.
846 .It Cm ForceCommand
847 Forces the execution of the command specified by
848 @@ -506,7 +506,7 @@
849 Specifies whether remote hosts are allowed to connect to ports
850 forwarded for the client.
851 By default,
852 -.Xr sshd 8
853 +.Xr sshd 1M
854 binds remote port forwardings to the loopback address.
855 This prevents other remote hosts from connecting to forwarded ports.
856 .Cm GatewayPorts
857 @@ -554,7 +554,7 @@
858 A setting of
859 .Dq yes
860 means that
861 -.Xr sshd 8
862 +.Xr sshd 1M
863 uses the name supplied by the client rather than
864 attempting to resolve the name from the TCP connection itself.
865 The default is
866 @@ -565,7 +565,7 @@
867 by
868 .Cm HostKey .
869 The default behaviour of
870 -.Xr sshd 8
871 +.Xr sshd 1M
872 is not to load any certificates.
873 .It Cm HostKey
874 Specifies a file containing a private host key
875 @@ -580,7 +580,7 @@
876 .Pa /etc/ssh/ssh_host_rsa_key
877 for protocol version 2.
878 Note that
879 -.Xr sshd 8
880 +.Xr sshd 1M
881 will refuse to use a file if it is group/world-accessible.
882 It is possible to have multiple host key files.
883 .Dq rsa1
884 @@ -621,7 +621,7 @@
885 .Dq yes .
886 .It Cm IgnoreUserKnownHosts
887 Specifies whether
888 -.Xr sshd 8
889 +.Xr sshd 1M
890 should ignore the user's
891 .Pa ~/.ssh/known_hosts
892 during
893 @@ -745,7 +745,7 @@
894 The default is 3600 (seconds).
895 .It Cm ListenAddress
896 Specifies the local addresses
897 -.Xr sshd 8
898 +.Xr sshd 1M
899 should listen on.
900 The following forms may be used:
901 .Pp
902 @@ -788,7 +788,7 @@
903 The default is 120 seconds.
904 .It Cm LogLevel
905 Gives the verbosity level that is used when logging messages from
906 -.Xr sshd 8 .
907 +.Xr sshd 1M .
908 The possible values are:
909 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
910 The default is INFO.
911 @@ -881,7 +881,7 @@
912 The match patterns may consist of single entries or comma-separated
913 lists and may use the wildcard and negation operators described in the
914 PATTERNS section of
915 -.Xr ssh_config 5 .
916 +.Xr ssh_config 4 .
917 .Pp
918 The patterns in an
919 .Cm Address
920 @@ -962,7 +962,7 @@
921 the three colon separated values
922 .Dq start:rate:full
923 (e.g. "10:30:60").
924 -.Xr sshd 8
925 +.Xr sshd 1M
926 will refuse connection attempts with a probability of
927 .Dq rate/100
928 (30%)
929 @@ -1075,7 +1075,7 @@
930 options in
931 .Pa ~/.ssh/authorized_keys
932 are processed by
933 -.Xr sshd 8 .
934 +.Xr sshd 1M .
935 The default is
936 .Dq no .
937 Enabling environment processing may enable users to bypass access
938 @@ -1094,7 +1094,7 @@
939 .Pa /var/run/sshd.pid .
940 .It Cm Port
941 Specifies the port number that
942 -.Xr sshd 8
943 +.Xr sshd 1M
944 listens on.
945 The default is 22.
946 Multiple options of this type are permitted.
947 @@ -1102,7 +1102,7 @@
948 .Cm ListenAddress .
949 .It Cm PrintLastLog
950 Specifies whether
951 -.Xr sshd 8
952 +.Xr sshd 1M
953 should print the date and time of the last user login when a user logs
954 in interactively.
955 The default is
956 @@ -1109,7 +1109,7 @@
957 .Dq yes .
958 .It Cm PrintMotd
959 Specifies whether
960 -.Xr sshd 8
961 +.Xr sshd 1M
962 should print
963 .Pa /etc/motd
964 when a user logs in interactively.
965 @@ -1120,7 +1120,7 @@
966 .Dq yes .
967 .It Cm Protocol
968 Specifies the protocol versions
969 -.Xr sshd 8
970 +.Xr sshd 1M
971 supports.
972 The possible values are
973 .Sq 1
974 @@ -1220,7 +1220,7 @@
975 .Dq no .
976 .It Cm StrictModes
977 Specifies whether
978 -.Xr sshd 8
979 +.Xr sshd 1M
980 should check file modes and ownership of the
981 user's files and home directory before accepting login.
982 This is normally desirable because novices sometimes accidentally leave their
983 @@ -1236,7 +1236,7 @@
984 to execute upon subsystem request.
985 .Pp
986 The command
987 -.Xr sftp-server 8
988 +.Xr sftp-server 1M
989 implements the
990 .Dq sftp
991 file transfer subsystem.
992 @@ -1254,7 +1254,7 @@
993 Note that this option applies to protocol version 2 only.
994 .It Cm SyslogFacility
995 Gives the facility code that is used when logging messages from
996 -.Xr sshd 8 .
997 +.Xr sshd 1M .
998 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
999 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1000 The default is AUTH.
1001 @@ -1295,7 +1295,7 @@
1002 .Xr ssh-keygen 1 .
1003 .It Cm UseDNS
1004 Specifies whether
1005 -.Xr sshd 8
1006 +.Xr sshd 1M
1007 should look up the remote host name and check that
1008 the resolved host name for the remote IP address maps back to the
1009 very same IP address.
1010 @@ -1340,13 +1340,13 @@
1011 If
1012 .Cm UsePAM
1013 is enabled, you will not be able to run
1014 -.Xr sshd 8
1015 +.Xr sshd 1M
1016 as a non-root user.
1017 The default is
1018 .Dq no .
1019 .It Cm UsePrivilegeSeparation
1020 Specifies whether
1021 -.Xr sshd 8
1022 +.Xr sshd 1M
1023 separates privileges by creating an unprivileged child process
1024 to deal with incoming network traffic.
1025 After successful authentication, another process will be created that has
1026 @@ -1368,7 +1368,7 @@
1027 .Dq none .
1028 .It Cm X11DisplayOffset
1029 Specifies the first display number available for
1030 -.Xr sshd 8 Ns 's
1031 +.Xr sshd 1M Ns 's
1032 X11 forwarding.
1033 This prevents sshd from interfering with real X11 servers.
1034 The default is 10.
1035 @@ -1383,7 +1383,7 @@
1036 .Pp
1037 When X11 forwarding is enabled, there may be additional exposure to
1038 the server and to client displays if the
1039 -.Xr sshd 8
1040 +.Xr sshd 1M
1041 proxy display is configured to listen on the wildcard address (see
1042 .Cm X11UseLocalhost
1043 below), though this is not the default.
1044 @@ -1394,7 +1394,7 @@
1045 forwarding (see the warnings for
1046 .Cm ForwardX11
1047 in
1048 -.Xr ssh_config 5 ) .
1049 +.Xr ssh_config 4 ) .
1050 A system administrator may have a stance in which they want to
1051 protect clients that may expose themselves to attack by unwittingly
1052 requesting X11 forwarding, which can warrant a
1053 @@ -1408,7 +1408,7 @@
1054 is enabled.
1055 .It Cm X11UseLocalhost
1056 Specifies whether
1057 -.Xr sshd 8
1058 +.Xr sshd 1M
1059 should bind the X11 forwarding server to the loopback address or to
1060 the wildcard address.
1061 By default,
1062 @@ -1439,7 +1439,7 @@
1063 .Pa /usr/X11R6/bin/xauth .
1064 .El
1065 .Sh TIME FORMATS
1066 -.Xr sshd 8
1067 +.Xr sshd 1M
1068 command-line arguments and configuration file options that specify time
1069 may be expressed using a sequence of the form:
1070 .Sm off
1071 @@ -1483,12 +1483,12 @@
1072 .Bl -tag -width Ds
1073 .It Pa /etc/ssh/sshd_config
1074 Contains configuration data for
1075 -.Xr sshd 8 .
1076 +.Xr sshd 1M .
1077 This file should be writable by root only, but it is recommended
1078 (though not necessary) that it be world-readable.
1079 .El
1080 .Sh SEE ALSO
1081 -.Xr sshd 8
1082 +.Xr sshd 1M
1083 .Sh AUTHORS
1084 OpenSSH is a derivative of the original and free
1085 ssh 1.2.12 release by Tatu Ylonen.
1086 Common subdirectories: openssh-6.7p1-orig/contrib/aix and openssh-6.7p1/contrib/aix
1087 Common subdirectories: openssh-6.7p1-orig/contrib/caldera and openssh-6.7p1/contrib/caldera
1088 Common subdirectories: openssh-6.7p1-orig/contrib/cygwin and openssh-6.7p1/contrib/cygwin
1089 Common subdirectories: openssh-6.7p1-orig/contrib/hpux and openssh-6.7p1/contrib/hpux
1090 Common subdirectories: openssh-6.7p1-orig/contrib/redhat and openssh-6.7p1/contrib/redhat
1091 Common subdirectories: openssh-6.7p1-orig/contrib/solaris and openssh-6.7p1/contrib/solaris
1092 Common subdirectories: openssh-6.7p1-orig/contrib/suse and openssh-6.7p1/contrib/suse
1093 Common subdirectories: openssh-6.7p1-orig/openbsd-compat/regress and openssh-6.7p1/openbsd-compat/regress
1094 Common subdirectories: openssh-6.7p1-orig/regress/unittests and openssh-6.7p1/regress/unittests
1095 Common subdirectories: openssh-6.7p1-orig/regress/unittests/sshbuf and openssh-6.7p1/regress/unittests/sshbuf
1096 Common subdirectories: openssh-6.7p1-orig/regress/unittests/sshkey and openssh-6.7p1/regress/unittests/sshkey
1097 Common subdirectories: openssh-6.7p1-orig/regress/unittests/test_helper and openssh-6.7p1/regress/unittests/test_helper
1098 Common subdirectories: openssh-6.7p1-orig/regress/unittests/sshkey/testdata and openssh-6.7p1/regress/unittests/sshkey/testdata
|
1 diff -ru openssh-7.1p1.orig/Makefile.in openssh-7.1p1/Makefile.in
2 --- openssh-7.1p1.orig/Makefile.in Fri Aug 21 00:49:03 2015
3 +++ openssh-7.1p1/Makefile.in Wed Sep 2 08:54:44 2015
4 @@ -298,8 +298,8 @@
5 $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
6 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
7 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
8 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
9 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
10 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1m
11 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)4
12 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
13 (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
14 $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
15 @@ -319,14 +319,14 @@
16 $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
17 $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
18 $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
19 - $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
20 - $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
21 - $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
22 - $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
23 + $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)4/moduli.4
24 + $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)4/sshd_config.4
25 + $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)4/ssh_config.4
26 + $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/sshd.1m
27 $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
28 - $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
29 - $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
30 - $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
31 + $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/sftp-server.1m
32 + $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-keysign.1m
33 + $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-pkcs11-helper.1m
34 -rm -f $(DESTDIR)$(bindir)/slogin
35 ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
36 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
37 diff -ru openssh-7.1p1.orig/moduli.5 openssh-7.1p1/moduli.5
38 --- openssh-7.1p1.orig/moduli.5 Fri Aug 21 00:49:03 2015
39 +++ openssh-7.1p1/moduli.5 Wed Sep 2 08:54:44 2015
40 @@ -14,7 +14,7 @@
41 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
42 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
43 .Dd $Mdocdate: September 26 2012 $
44 -.Dt MODULI 5
45 +.Dt MODULI 4
46 .Os
47 .Sh NAME
48 .Nm moduli
49 @@ -23,7 +23,7 @@
50 The
51 .Pa /etc/moduli
52 file contains prime numbers and generators for use by
53 -.Xr sshd 8
54 +.Xr sshd 1M
55 in the Diffie-Hellman Group Exchange key exchange method.
56 .Pp
57 New moduli may be generated with
58 @@ -40,7 +40,7 @@
59 .Ic ssh-keygen -T ,
76 @@ -105,16 +105,16 @@
77 .El
78 .Pp
79 When performing Diffie-Hellman Group Exchange,
80 -.Xr sshd 8
81 +.Xr sshd 1M
82 first estimates the size of the modulus required to produce enough
83 Diffie-Hellman output to sufficiently key the selected symmetric cipher.
84 -.Xr sshd 8
85 +.Xr sshd 1M
86 then randomly selects a modulus from
87 .Fa /etc/moduli
88 that best meets the size requirement.
89 .Sh SEE ALSO
90 .Xr ssh-keygen 1 ,
91 -.Xr sshd 8
92 +.Xr sshd 1M
93 .Sh STANDARDS
94 .Rs
95 .%A M. Friedl
96 diff -ru openssh-7.1p1.orig/scp.1 openssh-7.1p1/scp.1
97 --- openssh-7.1p1.orig/scp.1 Fri Aug 21 00:49:03 2015
98 +++ openssh-7.1p1/scp.1 Wed Sep 2 08:54:44 2015
99 @@ -116,13 +116,13 @@
100 Can be used to pass options to
101 .Nm ssh
102 in the format used in
103 -.Xr ssh_config 5 .
104 +.Xr ssh_config 4 .
105 This is useful for specifying options
106 for which there is no separate
107 .Nm scp
108 command-line flag.
109 For full details of the options listed below, and their possible values, see
110 -.Xr ssh_config 5 .
111 +.Xr ssh_config 4 .
112 .Pp
113 .Bl -tag -width Ds -offset indent -compact
114 .It AddressFamily
115 @@ -230,8 +230,8 @@
116 .Xr ssh-add 1 ,
117 .Xr ssh-agent 1 ,
118 .Xr ssh-keygen 1 ,
119 -.Xr ssh_config 5 ,
120 -.Xr sshd 8
121 +.Xr ssh_config 4 ,
122 +.Xr sshd 1M
123 .Sh HISTORY
124 .Nm
125 is based on the rcp program in
126 diff -ru openssh-7.1p1.orig/sftp-server.8 openssh-7.1p1/sftp-server.8
127 --- openssh-7.1p1.orig/sftp-server.8 Fri Aug 21 00:49:03 2015
128 +++ openssh-7.1p1/sftp-server.8 Wed Sep 2 09:02:44 2015
129 @@ -23,7 +23,7 @@
130 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
131 .\"
132 .Dd $Mdocdate: December 11 2014 $
133 -.Dt SFTP-SERVER 8
134 +.Dt SFTP-SERVER 1M
135 .Os
136 .Sh NAME
137 .Nm sftp-server
138 @@ -47,7 +47,7 @@
139 to stdout and expects client requests from stdin.
140 .Nm
141 is not intended to be called directly, but from
142 -.Xr sshd 8
143 +.Xr sshd 1M
144 using the
145 .Cm Subsystem
146 option.
147 @@ -58,7 +58,7 @@
148 .Cm Subsystem
149 declaration.
150 See
151 -.Xr sshd_config 5
152 +.Xr sshd_config 4
153 for more information.
154 .Pp
155 Valid options are:
156 @@ -71,7 +71,7 @@
157 and %u is replaced by the username of that user.
158 The default is to use the user's home directory.
159 This option is useful in conjunction with the
160 -.Xr sshd_config 5
161 +.Xr sshd_config 4
162 .Cm ChrootDirectory
163 option.
164 .It Fl e
165 @@ -147,13 +147,13 @@
166 for logging to work, and use of
167 .Nm
168 in a chroot configuration therefore requires that
169 -.Xr syslogd 8
170 +.Xr syslogd 1M
171 establish a logging socket inside the chroot directory.
172 .Sh SEE ALSO
173 .Xr sftp 1 ,
174 .Xr ssh 1 ,
175 -.Xr sshd_config 5 ,
176 -.Xr sshd 8
177 +.Xr sshd_config 4 ,
178 +.Xr sshd 1M
179 .Rs
180 .%A T. Ylonen
181 .%A S. Lehtinen
182 diff -ru openssh-7.1p1.orig/sftp.1 openssh-7.1p1/sftp.1
183 --- openssh-7.1p1.orig/sftp.1 Fri Aug 21 00:49:03 2015
184 +++ openssh-7.1p1/sftp.1 Wed Sep 2 08:54:44 2015
185 @@ -85,7 +85,7 @@
186 option.
187 In such cases, it is necessary to configure non-interactive authentication
188 to obviate the need to enter a password at connection time (see
189 -.Xr sshd 8
190 +.Xr sshd 1M
191 and
192 .Xr ssh-keygen 1
193 for details).
194 @@ -179,7 +179,7 @@
195 Can be used to pass options to
196 .Nm ssh
197 in the format used in
198 -.Xr ssh_config 5 .
199 +.Xr ssh_config 4 .
200 This is useful for specifying options
201 for which there is no separate
202 .Nm sftp
203 @@ -187,7 +187,7 @@
204 For example, to specify an alternate port use:
205 .Ic sftp -oPort=24 .
206 For full details of the options listed below, and their possible values, see
207 -.Xr ssh_config 5 .
208 +.Xr ssh_config 4 .
209 .Pp
210 .Bl -tag -width Ds -offset indent -compact
211 .It AddressFamily
212 @@ -282,7 +282,7 @@
213 A path is useful for using
214 .Nm
215 over protocol version 1, or when the remote
216 -.Xr sshd 8
217 +.Xr sshd 1M
218 does not have an sftp subsystem configured.
219 .It Fl v
220 Raise logging level.
221 @@ -612,9 +612,9 @@
222 .Xr ssh-add 1 ,
223 .Xr ssh-keygen 1 ,
224 .Xr glob 3 ,
225 -.Xr ssh_config 5 ,
226 -.Xr sftp-server 8 ,
227 -.Xr sshd 8
228 +.Xr ssh_config 4 ,
229 +.Xr sftp-server 1M ,
230 +.Xr sshd 1M
231 .Rs
232 .%A T. Ylonen
233 .%A S. Lehtinen
234 diff -ru openssh-7.1p1.orig/ssh-add.1 openssh-7.1p1/ssh-add.1
235 --- openssh-7.1p1.orig/ssh-add.1 Fri Aug 21 00:49:03 2015
236 +++ openssh-7.1p1/ssh-add.1 Wed Sep 2 08:54:44 2015
237 @@ -134,7 +134,7 @@
238 Set a maximum lifetime when adding identities to an agent.
239 The lifetime may be specified in seconds or in a time format
240 specified in
241 -.Xr sshd_config 5 .
242 +.Xr sshd_config 4 .
243 .It Fl X
244 Unlock the agent.
245 .It Fl x
246 @@ -200,7 +200,7 @@
247 .Xr ssh-agent 1 ,
248 .Xr ssh-askpass 1 ,
249 .Xr ssh-keygen 1 ,
250 -.Xr sshd 8
251 +.Xr sshd 1M
252 .Sh AUTHORS
253 OpenSSH is a derivative of the original and free
254 ssh 1.2.12 release by Tatu Ylonen.
255 diff -ru openssh-7.1p1.orig/ssh-agent.1 openssh-7.1p1/ssh-agent.1
256 --- openssh-7.1p1.orig/ssh-agent.1 Fri Aug 21 00:49:03 2015
257 +++ openssh-7.1p1/ssh-agent.1 Wed Sep 2 09:02:52 2015
258 @@ -123,7 +123,7 @@
259 .It Fl t Ar life
260 Set a default value for the maximum lifetime of identities added to the agent.
261 The lifetime may be specified in seconds or in a time format specified in
262 -.Xr sshd_config 5 .
263 +.Xr sshd_config 4 .
264 A lifetime specified for an identity with
265 .Xr ssh-add 1
266 overrides this value.
267 @@ -198,7 +198,7 @@
268 .Xr ssh 1 ,
269 .Xr ssh-add 1 ,
270 .Xr ssh-keygen 1 ,
271 -.Xr sshd 8
272 +.Xr sshd 1M
273 .Sh AUTHORS
274 OpenSSH is a derivative of the original and free
275 ssh 1.2.12 release by Tatu Ylonen.
276 diff -ru openssh-7.1p1.orig/ssh-keygen.1 openssh-7.1p1/ssh-keygen.1
277 --- openssh-7.1p1.orig/ssh-keygen.1 Fri Aug 21 00:49:03 2015
278 +++ openssh-7.1p1/ssh-keygen.1 Wed Sep 2 08:54:44 2015
279 @@ -443,7 +443,7 @@
280 Disable execution of
281 .Pa ~/.ssh/rc
282 by
283 -.Xr sshd 8
284 +.Xr sshd 1M
285 (permitted by default).
286 .It Ic no-x11-forwarding
287 Disable X11 forwarding (permitted by default).
288 @@ -459,7 +459,7 @@
289 Allows execution of
290 .Pa ~/.ssh/rc
291 by
292 -.Xr sshd 8 .
293 +.Xr sshd 1M .
294 .It Ic permit-x11-forwarding
295 Allows X11 forwarding.
296 .It Ic source-address Ns = Ns Ar address_list
297 @@ -550,7 +550,7 @@
298 in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
299 of a minus sign followed by a relative time in the format described in the
300 TIME FORMATS section of
301 -.Xr sshd_config 5 .
302 +.Xr sshd_config 4 .
303 The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
304 a relative time starting with a plus character.
305 .Pp
306 @@ -652,7 +652,7 @@
307 on a certificate rather than trusting many user/host keys.
308 Note that OpenSSH certificates are a different, and much simpler, format to
309 the X.509 certificates used in
310 -.Xr ssl 8 .
311 +.Xr ssl 1M .
312 .Pp
313 .Nm
314 supports two types of certificates: user and host.
315 @@ -716,7 +716,7 @@
316 .Pp
317 For certificates to be used for user or host authentication, the CA
318 public key must be trusted by
319 -.Xr sshd 8
320 +.Xr sshd 1M
321 or
322 .Xr ssh 1 .
323 Please refer to those manual pages for details.
324 @@ -840,14 +840,14 @@
325 .It Pa /etc/moduli
326 Contains Diffie-Hellman groups used for DH-GEX.
327 The file format is described in
328 -.Xr moduli 5 .
329 +.Xr moduli 4 .
330 .El
331 .Sh SEE ALSO
332 .Xr ssh 1 ,
333 .Xr ssh-add 1 ,
334 .Xr ssh-agent 1 ,
335 -.Xr moduli 5 ,
336 -.Xr sshd 8
337 +.Xr moduli 4 ,
338 +.Xr sshd 1M
339 .Rs
340 .%R RFC 4716
341 .%T "The Secure Shell (SSH) Public Key File Format"
342 diff -ru openssh-7.1p1.orig/ssh-keyscan.1 openssh-7.1p1/ssh-keyscan.1
343 --- openssh-7.1p1.orig/ssh-keyscan.1 Fri Aug 21 00:49:03 2015
344 +++ openssh-7.1p1/ssh-keyscan.1 Wed Sep 2 09:01:30 2015
345 @@ -164,7 +164,7 @@
346 .Ed
347 .Sh SEE ALSO
348 .Xr ssh 1 ,
349 -.Xr sshd 8
350 +.Xr sshd 1M
351 .Sh AUTHORS
352 .An -nosplit
353 .An David Mazieres Aq Mt dm@lcs.mit.edu
354 diff -ru openssh-7.1p1.orig/ssh-keysign.8 openssh-7.1p1/ssh-keysign.8
355 --- openssh-7.1p1.orig/ssh-keysign.8 Fri Aug 21 00:49:03 2015
356 +++ openssh-7.1p1/ssh-keysign.8 Wed Sep 2 08:54:44 2015
357 @@ -23,7 +23,7 @@
358 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
359 .\"
360 .Dd $Mdocdate: December 7 2013 $
361 -.Dt SSH-KEYSIGN 8
362 +.Dt SSH-KEYSIGN 1M
363 .Os
364 .Sh NAME
365 .Nm ssh-keysign
366 @@ -52,7 +52,7 @@
367 See
368 .Xr ssh 1
369 and
370 -.Xr sshd 8
371 +.Xr sshd 1M
372 for more information about host-based authentication.
373 .Sh FILES
374 .Bl -tag -width Ds -compact
375 @@ -83,8 +83,8 @@
376 .Sh SEE ALSO
377 .Xr ssh 1 ,
378 .Xr ssh-keygen 1 ,
379 -.Xr ssh_config 5 ,
380 -.Xr sshd 8
381 +.Xr ssh_config 4 ,
382 +.Xr sshd 1M
383 .Sh HISTORY
384 .Nm
385 first appeared in
386 diff -ru openssh-7.1p1.orig/ssh-pkcs11-helper.8 openssh-7.1p1/ssh-pkcs11-helper.8
387 --- openssh-7.1p1.orig/ssh-pkcs11-helper.8 Fri Aug 21 00:49:03 2015
388 +++ openssh-7.1p1/ssh-pkcs11-helper.8 Wed Sep 2 08:54:44 2015
389 @@ -15,7 +15,7 @@
390 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
391 .\"
392 .Dd $Mdocdate: July 16 2013 $
393 -.Dt SSH-PKCS11-HELPER 8
394 +.Dt SSH-PKCS11-HELPER 1M
395 .Os
396 .Sh NAME
397 .Nm ssh-pkcs11-helper
398 diff -ru openssh-7.1p1.orig/ssh.1 openssh-7.1p1/ssh.1
399 --- openssh-7.1p1.orig/ssh.1 Fri Aug 21 00:49:03 2015
400 +++ openssh-7.1p1/ssh.1 Wed Sep 2 08:54:44 2015
401 @@ -173,7 +173,7 @@
402 See the
403 .Cm Ciphers
404 keyword in
405 -.Xr ssh_config 5
406 +.Xr ssh_config 4
407 for more information.
408 .Pp
409 .It Fl D Xo
410 @@ -396,7 +396,7 @@
411 Refer to the description of
412 .Cm ControlMaster
413 in
414 -.Xr ssh_config 5
415 +.Xr ssh_config 4
416 for details.
417 .Pp
418 .It Fl m Ar mac_spec
419 @@ -457,7 +457,7 @@
420 This is useful for specifying options for which there is no separate
421 command-line flag.
422 For full details of the options listed below, and their possible values, see
423 -.Xr ssh_config 5 .
424 +.Xr ssh_config 4 .
425 .Pp
426 .Bl -tag -width Ds -offset indent -compact
427 .It AddressFamily
428 @@ -629,7 +629,7 @@
429 will only succeed if the server's
430 .Cm GatewayPorts
431 option is enabled (see
432 -.Xr sshd_config 5 ) .
433 +.Xr sshd_config 4 ) .
434 .Pp
435 If the
436 .Ar port
437 @@ -651,7 +651,7 @@
438 and
439 .Cm ControlMaster
440 in
441 -.Xr ssh_config 5
442 +.Xr ssh_config 4
443 for details.
444 .Pp
445 .It Fl s
446 @@ -728,7 +728,7 @@
447 and
448 .Cm TunnelDevice
449 directives in
450 -.Xr ssh_config 5 .
451 +.Xr ssh_config 4 .
452 If the
453 .Cm Tunnel
454 directive is unset, it is set to the default tunnel mode, which is
455 @@ -752,7 +752,7 @@
456 option and the
457 .Cm ForwardX11Trusted
458 directive in
459 -.Xr ssh_config 5
460 +.Xr ssh_config 4
461 for more information.
462 .Pp
463 .It Fl x
464 @@ -774,7 +774,7 @@
465 may additionally obtain configuration data from
466 a per-user configuration file and a system-wide configuration file.
467 The file format and configuration options are described in
468 -.Xr ssh_config 5 .
469 +.Xr ssh_config 4 .
470 .Sh AUTHENTICATION
471 The OpenSSH SSH client supports SSH protocols 1 and 2.
472 The default is to use protocol 2 only,
473 @@ -781,7 +781,7 @@
474 though this can be changed via the
475 .Cm Protocol
476 option in
477 -.Xr ssh_config 5
478 +.Xr ssh_config 4
479 or the
480 .Fl 1
481 and
482 @@ -1052,7 +1052,7 @@
483 allows the user to execute a local command if the
484 .Ic PermitLocalCommand
485 option is enabled in
486 -.Xr ssh_config 5 .
487 +.Xr ssh_config 4 .
488 Basic help is available, using the
489 .Fl h
490 option.
491 @@ -1254,7 +1254,7 @@
492 See the
493 .Cm VerifyHostKeyDNS
494 option in
495 -.Xr ssh_config 5
496 +.Xr ssh_config 4
497 for more information.
498 .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
499 .Nm
500 @@ -1264,7 +1264,7 @@
501 network pseudo-device,
502 allowing two networks to be joined securely.
503 The
504 -.Xr sshd_config 5
505 +.Xr sshd_config 4
506 configuration option
507 .Cm PermitTunnel
508 controls whether the server supports this,
509 @@ -1414,7 +1414,7 @@
510 For more information, see the
511 .Cm PermitUserEnvironment
512 option in
513 -.Xr sshd_config 5 .
514 +.Xr sshd_config 4 .
515 .Sh FILES
516 .Bl -tag -width Ds -compact
517 .It Pa ~/.rhosts
518 @@ -1422,7 +1422,7 @@
519 On some machines this file may need to be
520 world-readable if the user's home directory is on an NFS partition,
521 because
522 -.Xr sshd 8
523 +.Xr sshd 1M
524 reads it as root.
525 Additionally, this file must be owned by the user,
526 and must not have write permissions for anyone else.
527 @@ -1447,7 +1447,7 @@
528 Lists the public keys (DSA, ECDSA, Ed25519, RSA)
529 that can be used for logging in as this user.
530 The format of this file is described in the
531 -.Xr sshd 8
532 +.Xr sshd 1M
533 manual page.
534 This file is not highly sensitive, but the recommended
535 permissions are read/write for the user, and not accessible by others.
536 @@ -1455,7 +1455,7 @@
537 .It Pa ~/.ssh/config
538 This is the per-user configuration file.
539 The file format and configuration options are described in
540 -.Xr ssh_config 5 .
541 +.Xr ssh_config 4 .
542 Because of the potential for abuse, this file must have strict permissions:
543 read/write for the user, and not writable by others.
544 .Pp
545 @@ -1492,7 +1492,7 @@
546 Contains a list of host keys for all hosts the user has logged into
547 that are not already in the systemwide list of known host keys.
548 See
549 -.Xr sshd 8
550 +.Xr sshd 1M
551 for further details of the format of this file.
552 .Pp
553 .It Pa ~/.ssh/rc
554 @@ -1501,7 +1501,7 @@
555 when the user logs in, just before the user's shell (or command) is
556 started.
557 See the
558 -.Xr sshd 8
559 +.Xr sshd 1M
560 manual page for more information.
561 .Pp
562 .It Pa /etc/hosts.equiv
563 @@ -1517,7 +1517,7 @@
564 .It Pa /etc/ssh/ssh_config
565 Systemwide configuration file.
566 The file format and configuration options are described in
567 -.Xr ssh_config 5 .
568 +.Xr ssh_config 4 .
569 .Pp
570 .It Pa /etc/ssh/ssh_host_key
571 .It Pa /etc/ssh/ssh_host_dsa_key
572 @@ -1532,7 +1532,7 @@
573 For protocol version 2,
574 .Nm
575 uses
576 -.Xr ssh-keysign 8
577 +.Xr ssh-keysign 1M
578 to access the host keys,
579 eliminating the requirement that
580 .Nm
581 @@ -1548,7 +1548,7 @@
582 organization.
583 It should be world-readable.
584 See
585 -.Xr sshd 8
586 +.Xr sshd 1M
587 for further details of the format of this file.
588 .Pp
589 .It Pa /etc/ssh/sshrc
590 @@ -1556,7 +1556,7 @@
591 .Nm
592 when the user logs in, just before the user's shell (or command) is started.
593 See the
594 -.Xr sshd 8
595 +.Xr sshd 1M
596 manual page for more information.
597 .El
598 .Sh EXIT STATUS
599 @@ -1571,9 +1571,9 @@
600 .Xr ssh-keygen 1 ,
601 .Xr ssh-keyscan 1 ,
602 .Xr tun 4 ,
603 -.Xr ssh_config 5 ,
604 -.Xr ssh-keysign 8 ,
605 -.Xr sshd 8
606 +.Xr ssh_config 4 ,
607 +.Xr ssh-keysign 1M ,
608 +.Xr sshd 1M
609 .Sh STANDARDS
610 .Rs
611 .%A S. Lehtinen
612 diff -ru openssh-7.1p1.orig/ssh_config.5 openssh-7.1p1/ssh_config.5
613 --- openssh-7.1p1.orig/ssh_config.5 Fri Aug 21 00:49:03 2015
614 +++ openssh-7.1p1/ssh_config.5 Wed Sep 2 09:02:37 2015
615 @@ -568,7 +568,7 @@
616 .Dq Fl O No exit
617 option).
618 If set to a time in seconds, or a time in any of the formats documented in
619 -.Xr sshd_config 5 ,
620 +.Xr sshd_config 4 ,
621 then the backgrounded master connection will automatically terminate
622 after it has remained idle (with no client connections) for the
623 specified time.
624 @@ -695,7 +695,7 @@
625 Specify a timeout for untrusted X11 forwarding
626 using the format described in the
627 TIME FORMATS section of
628 -.Xr sshd_config 5 .
629 +.Xr sshd_config 4 .
630 X11 connections received by
631 .Xr ssh 1
632 after this time will be refused.
633 @@ -762,7 +762,7 @@
634 These hashed names may be used normally by
635 .Xr ssh 1
636 and
637 -.Xr sshd 8 ,
638 +.Xr sshd 1M ,
639 but they do not reveal identifying information should the file's contents
640 be disclosed.
641 The default is
642 @@ -1206,7 +1206,7 @@
643 The command can be basically anything,
644 and should read from its standard input and write to its standard output.
645 It should eventually connect an
646 -.Xr sshd 8
647 +.Xr sshd 1M
648 server running on some machine, or execute
649 .Ic sshd -i
650 somewhere.
651 @@ -1286,7 +1286,7 @@
652 The optional second value is specified in seconds and may use any of the
653 units documented in the
654 TIME FORMATS section of
655 -.Xr sshd_config 5 .
656 +.Xr sshd_config 4 .
657 The default value for
658 .Cm RekeyLimit
659 is
660 @@ -1330,7 +1330,7 @@
661 will only succeed if the server's
662 .Cm GatewayPorts
663 option is enabled (see
664 -.Xr sshd_config 5 ) .
665 +.Xr sshd_config 4 ) .
666 .It Cm RequestTTY
667 Specifies whether to request a pseudo-tty for the session.
668 The argument may be one of:
669 @@ -1396,7 +1396,7 @@
670 Refer to
671 .Cm AcceptEnv
672 in
673 -.Xr sshd_config 5
674 +.Xr sshd_config 4
675 for how to configure the server.
676 Variables are specified by name, which may contain wildcard characters.
677 Multiple environment variables may be separated by whitespace or spread
678 @@ -1586,7 +1586,7 @@
679 and will be disabled if it is enabled.
680 .Pp
681 Presently, only
682 -.Xr sshd 8
683 +.Xr sshd 1M
684 from OpenSSH 6.8 and greater support the
685 .Dq hostkeys@openssh.com
686 protocol extension used to inform the client of all the server's hostkeys.
687 diff -ru openssh-7.1p1.orig/sshd.8 openssh-7.1p1/sshd.8
688 --- openssh-7.1p1.orig/sshd.8 Fri Aug 21 00:49:03 2015
689 +++ openssh-7.1p1/sshd.8 Wed Sep 2 08:59:06 2015
690 @@ -35,7 +35,7 @@
691 .\"
692 .\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $
693 .Dd $Mdocdate: July 3 2015 $
694 -.Dt SSHD 8
695 +.Dt SSHD 1M
696 .Os
697 .Sh NAME
698 .Nm sshd
699 @@ -77,7 +77,7 @@
700 .Nm
701 can be configured using command-line options or a configuration file
702 (by default
703 -.Xr sshd_config 5 ) ;
704 +.Xr sshd_config 4 ) ;
705 command-line options override values specified in the
706 configuration file.
707 .Nm
708 @@ -183,7 +183,7 @@
709 Specifies that
710 .Nm
711 is being run from
712 -.Xr inetd 8 .
713 +.Xr inetd 1M .
714 If SSH protocol 1 is enabled,
715 .Nm
716 should not normally be run
717 @@ -204,7 +204,7 @@
718 This is useful for specifying options for which there is no separate
719 command-line flag.
720 For full details of the options, and their values, see
721 -.Xr sshd_config 5 .
722 +.Xr sshd_config 4 .
723 .It Fl p Ar port
724 Specifies the port on which the server listens for connections
725 (default 22).
726 @@ -274,7 +274,7 @@
727 though this can be changed via the
728 .Cm Protocol
729 option in
730 -.Xr sshd_config 5 .
731 +.Xr sshd_config 4 .
732 Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
733 protocol 1 only supports RSA keys.
734 For both protocols,
735 @@ -399,7 +399,7 @@
736 See the
737 .Cm PermitUserEnvironment
738 option in
739 -.Xr sshd_config 5 .
740 +.Xr sshd_config 4 .
741 .It
742 Changes to user's home directory.
743 .It
744 @@ -406,7 +406,7 @@
745 If
746 .Pa ~/.ssh/rc
747 exists and the
748 -.Xr sshd_config 5
749 +.Xr sshd_config 4
750 .Cm PermitUserRC
751 option is set, runs it; else if
752 .Pa /etc/ssh/sshrc
753 @@ -549,7 +549,7 @@
754 environment variable.
755 Note that this option applies to shell, command or subsystem execution.
756 Also note that this command may be superseded by either a
757 -.Xr sshd_config 5
758 +.Xr sshd_config 4
759 .Cm ForceCommand
760 directive or a command embedded in a certificate.
761 .It Cm environment="NAME=value"
762 @@ -570,7 +570,7 @@
763 name of the remote host or its IP address must be present in the
764 comma-separated list of patterns.
765 See PATTERNS in
766 -.Xr ssh_config 5
767 +.Xr ssh_config 4
768 for more information on patterns.
769 .Pp
770 In addition to the wildcard matching that may be applied to hostnames or
771 @@ -858,11 +858,11 @@
772 .It Pa /etc/moduli
773 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
774 The file format is described in
775 -.Xr moduli 5 .
776 +.Xr moduli 4 .
777 .Pp
778 .It Pa /etc/motd
779 See
780 -.Xr motd 5 .
781 +.Xr motd 4 .
782 .Pp
783 .It Pa /etc/nologin
784 If this file exists,
785 @@ -919,7 +919,7 @@
786 Contains configuration data for
787 .Nm sshd .
788 The file format and configuration options are described in
789 -.Xr sshd_config 5 .
790 +.Xr sshd_config 4 .
791 .Pp
792 .It Pa /etc/ssh/sshrc
793 Similar to
794 @@ -953,11 +953,11 @@
795 .Xr ssh-keygen 1 ,
796 .Xr ssh-keyscan 1 ,
797 .Xr chroot 2 ,
798 -.Xr login.conf 5 ,
799 -.Xr moduli 5 ,
800 -.Xr sshd_config 5 ,
801 -.Xr inetd 8 ,
802 -.Xr sftp-server 8
803 +.Xr login.conf 4 ,
804 +.Xr moduli 4 ,
805 +.Xr sshd_config 4 ,
806 +.Xr inetd 1M ,
807 +.Xr sftp-server 1M
808 .Sh AUTHORS
809 OpenSSH is a derivative of the original and free
810 ssh 1.2.12 release by Tatu Ylonen.
811 diff -ru openssh-7.1p1.orig/sshd_config.5 openssh-7.1p1/sshd_config.5
812 --- openssh-7.1p1.orig/sshd_config.5 Fri Aug 21 00:49:03 2015
813 +++ openssh-7.1p1/sshd_config.5 Wed Sep 2 09:00:14 2015
814 @@ -35,7 +35,7 @@
815 .\"
816 .\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $
817 .Dd $Mdocdate: August 14 2015 $
818 -.Dt SSHD_CONFIG 5
819 +.Dt SSHD_CONFIG 4
820 .Os
821 .Sh NAME
822 .Nm sshd_config
823 @@ -43,7 +43,7 @@
824 .Sh SYNOPSIS
825 .Nm /etc/ssh/sshd_config
826 .Sh DESCRIPTION
827 -.Xr sshd 8
828 +.Xr sshd 1M
829 reads configuration data from
830 .Pa /etc/ssh/sshd_config
831 (or the file specified with
832 @@ -68,7 +68,7 @@
833 See
834 .Cm SendEnv
835 in
836 -.Xr ssh_config 5
837 +.Xr ssh_config 4
838 for how to configure the client.
839 Note that environment passing is only supported for protocol 2, and
840 that the
841 @@ -89,7 +89,7 @@
842 The default is not to accept any environment variables.
843 .It Cm AddressFamily
844 Specifies which address family should be used by
845 -.Xr sshd 8 .
846 +.Xr sshd 1M .
847 Valid arguments are
848 .Dq any ,
849 .Dq inet
850 @@ -122,7 +122,7 @@
851 .Cm AllowGroups .
852 .Pp
853 See PATTERNS in
854 -.Xr ssh_config 5
855 +.Xr ssh_config 4
856 for more information on patterns.
857 .It Cm AllowTcpForwarding
858 Specifies whether TCP forwarding is permitted.
859 @@ -182,7 +182,7 @@
860 .Cm AllowGroups .
861 .Pp
862 See PATTERNS in
863 -.Xr ssh_config 5
864 +.Xr ssh_config 4
865 for more information on patterns.
866 .It Cm AuthenticationMethods
867 Specifies the authentication methods that must be successfully completed
868 @@ -217,7 +217,7 @@
869 If the
870 .Dq publickey
871 method is listed more than once,
872 -.Xr sshd 8
873 +.Xr sshd 1M
874 verifies that keys that have been used successfully are not reused for
875 subsequent authentications.
876 For example, an
877 @@ -250,7 +250,7 @@
878 .Pp
879 The program should produce on standard output zero or
880 more lines of authorized_keys output (see AUTHORIZED_KEYS in
881 -.Xr sshd 8 ) .
882 +.Xr sshd 1M ) .
883 If a key supplied by AuthorizedKeysCommand does not successfully authenticate
884 and authorize the user then public key authentication continues using the usual
885 .Cm AuthorizedKeysFile
886 @@ -265,7 +265,7 @@
887 is specified but
888 .Cm AuthorizedKeysCommandUser
889 is not, then
890 -.Xr sshd 8
891 +.Xr sshd 1M
892 will refuse to start.
893 .It Cm AuthorizedKeysFile
894 Specifies the file that contains the public keys that can be used
895 @@ -273,7 +273,7 @@
896 The format is described in the
897 AUTHORIZED_KEYS FILE FORMAT
898 section of
899 -.Xr sshd 8 .
900 +.Xr sshd 1M .
901 .Cm AuthorizedKeysFile
902 may contain tokens of the form %T which are substituted during connection
903 setup.
904 @@ -321,7 +321,7 @@
905 is specified but
906 .Cm AuthorizedPrincipalsCommandUser
907 is not, then
908 -.Xr sshd 8
909 +.Xr sshd 1M
910 will refuse to start.
911 .It Cm AuthorizedPrincipalsFile
912 Specifies a file that lists principal names that are accepted for
913 @@ -332,7 +332,7 @@
914 to be accepted for authentication.
915 Names are listed one per line preceded by key options (as described
916 in AUTHORIZED_KEYS FILE FORMAT in
917 -.Xr sshd 8 ) .
918 +.Xr sshd 1M ) .
919 Empty lines and comments starting with
920 .Ql #
921 are ignored.
922 @@ -362,7 +362,7 @@
923 though the
924 .Cm principals=
925 key option offers a similar facility (see
926 -.Xr sshd 8
927 +.Xr sshd 1M
928 for details).
929 .It Cm Banner
930 The contents of the specified file are sent to the remote user before
931 @@ -375,7 +375,7 @@
932 .It Cm ChallengeResponseAuthentication
933 Specifies whether challenge-response authentication is allowed (e.g. via
934 PAM or through authentication styles supported in
935 -.Xr login.conf 5 )
936 +.Xr login.conf 4 )
937 The default is
938 .Dq yes .
939 .It Cm ChrootDirectory
940 @@ -383,11 +383,11 @@
941 .Xr chroot 2
942 to after authentication.
943 At session startup
944 -.Xr sshd 8
945 +.Xr sshd 1M
946 checks that all components of the pathname are root-owned directories
947 which are not writable by any other user or group.
948 After the chroot,
949 -.Xr sshd 8
950 +.Xr sshd 1M
951 changes the working directory to the user's home directory.
952 .Pp
953 The pathname may contain the following tokens that are expanded at runtime once
954 @@ -419,7 +419,7 @@
955 though sessions which use logging may require
956 .Pa /dev/log
957 inside the chroot directory on some operating systems (see
958 -.Xr sftp-server 8
959 +.Xr sftp-server 1M
960 for details).
961 .Pp
962 For safety, it is very important that the directory hierarchy be
963 @@ -426,7 +426,7 @@
964 prevented from modification by other processes on the system (especially
965 those outside the jail).
966 Misconfiguration can lead to unsafe environments which
967 -.Xr sshd 8
968 +.Xr sshd 1M
969 cannot detect.
970 .Pp
971 The default is not to
972 @@ -490,7 +490,7 @@
973 .It Cm ClientAliveCountMax
974 Sets the number of client alive messages (see below) which may be
975 sent without
976 -.Xr sshd 8
977 +.Xr sshd 1M
978 receiving any messages back from the client.
979 If this threshold is reached while client alive messages are being sent,
980 sshd will disconnect the client, terminating the session.
981 @@ -517,7 +517,7 @@
982 .It Cm ClientAliveInterval
983 Sets a timeout interval in seconds after which if no data has been received
984 from the client,
985 -.Xr sshd 8
986 +.Xr sshd 1M
987 will send a message through the encrypted
988 channel to request a response from the client.
989 The default
990 @@ -548,7 +548,7 @@
991 .Cm AllowGroups .
992 .Pp
993 See PATTERNS in
994 -.Xr ssh_config 5
995 +.Xr ssh_config 4
996 for more information on patterns.
997 .It Cm DenyUsers
998 This keyword can be followed by a list of user name patterns, separated
999 @@ -567,7 +567,7 @@
1000 .Cm AllowGroups .
1001 .Pp
1002 See PATTERNS in
1003 -.Xr ssh_config 5
1004 +.Xr ssh_config 4
1005 for more information on patterns.
1006 .It Cm FingerprintHash
1007 Specifies the hash algorithm used when logging key fingerprints.
1008 @@ -600,7 +600,7 @@
1009 Specifies whether remote hosts are allowed to connect to ports
1010 forwarded for the client.
1011 By default,
1012 -.Xr sshd 8
1013 +.Xr sshd 1M
1014 binds remote port forwardings to the loopback address.
1015 This prevents other remote hosts from connecting to forwarded ports.
1016 .Cm GatewayPorts
1017 @@ -686,7 +686,7 @@
1018 A setting of
1019 .Dq yes
1020 means that
1021 -.Xr sshd 8
1022 +.Xr sshd 1M
1023 uses the name supplied by the client rather than
1024 attempting to resolve the name from the TCP connection itself.
1025 The default is
1026 @@ -697,7 +697,7 @@
1027 by
1028 .Cm HostKey .
1029 The default behaviour of
1030 -.Xr sshd 8
1031 +.Xr sshd 1M
1032 is not to load any certificates.
1033 .It Cm HostKey
1034 Specifies a file containing a private host key
1035 @@ -713,12 +713,12 @@
1036 for protocol version 2.
1037 .Pp
1038 Note that
1039 -.Xr sshd 8
1040 +.Xr sshd 1M
1041 will refuse to use a file if it is group/world-accessible
1042 and that the
1043 .Cm HostKeyAlgorithms
1044 option restricts which of the keys are actually used by
1045 -.Xr sshd 8 .
1046 +.Xr sshd 1M .
1047 .Pp
1048 It is possible to have multiple host key files.
1049 .Dq rsa1
1050 @@ -779,7 +779,7 @@
1051 .Dq yes .
1052 .It Cm IgnoreUserKnownHosts
1053 Specifies whether
1054 -.Xr sshd 8
1055 +.Xr sshd 1M
1056 should ignore the user's
1057 .Pa ~/.ssh/known_hosts
1058 during
1059 @@ -914,7 +914,7 @@
1060 The default is 3600 (seconds).
1061 .It Cm ListenAddress
1062 Specifies the local addresses
1063 -.Xr sshd 8
1064 +.Xr sshd 1M
1065 should listen on.
1066 The following forms may be used:
1067 .Pp
1068 @@ -954,7 +954,7 @@
1069 The default is 120 seconds.
1070 .It Cm LogLevel
1071 Gives the verbosity level that is used when logging messages from
1072 -.Xr sshd 8 .
1073 +.Xr sshd 1M .
1074 The possible values are:
1075 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
1076 The default is INFO.
1077 @@ -1059,7 +1059,7 @@
1078 The match patterns may consist of single entries or comma-separated
1079 lists and may use the wildcard and negation operators described in the
1080 PATTERNS section of
1081 -.Xr ssh_config 5 .
1082 +.Xr ssh_config 4 .
1083 .Pp
1084 The patterns in an
1085 .Cm Address
1086 @@ -1148,7 +1148,7 @@
1087 the three colon separated values
1088 .Dq start:rate:full
1089 (e.g. "10:30:60").
1090 -.Xr sshd 8
1091 +.Xr sshd 1M
1092 will refuse connection attempts with a probability of
1093 .Dq rate/100
1094 (30%)
1095 @@ -1268,7 +1268,7 @@
1096 options in
1097 .Pa ~/.ssh/authorized_keys
1098 are processed by
1099 -.Xr sshd 8 .
1100 +.Xr sshd 1M .
1101 The default is
1102 .Dq no .
1103 Enabling environment processing may enable users to bypass access
1104 @@ -1289,7 +1289,7 @@
1105 .Pa /var/run/sshd.pid .
1106 .It Cm Port
1107 Specifies the port number that
1108 -.Xr sshd 8
1109 +.Xr sshd 1M
1110 listens on.
1111 The default is 22.
1112 Multiple options of this type are permitted.
1113 @@ -1297,7 +1297,7 @@
1114 .Cm ListenAddress .
1115 .It Cm PrintLastLog
1116 Specifies whether
1117 -.Xr sshd 8
1118 +.Xr sshd 1M
1119 should print the date and time of the last user login when a user logs
1120 in interactively.
1121 The default is
1122 @@ -1304,7 +1304,7 @@
1123 .Dq yes .
1124 .It Cm PrintMotd
1125 Specifies whether
1126 -.Xr sshd 8
1127 +.Xr sshd 1M
1128 should print
1129 .Pa /etc/motd
1130 when a user logs in interactively.
1131 @@ -1315,7 +1315,7 @@
1132 .Dq yes .
1133 .It Cm Protocol
1134 Specifies the protocol versions
1135 -.Xr sshd 8
1136 +.Xr sshd 1M
1137 supports.
1138 The possible values are
1139 .Sq 1
1140 @@ -1440,7 +1440,7 @@
1141 .Dq no .
1142 .It Cm StrictModes
1143 Specifies whether
1144 -.Xr sshd 8
1145 +.Xr sshd 1M
1146 should check file modes and ownership of the
1147 user's files and home directory before accepting login.
1148 This is normally desirable because novices sometimes accidentally leave their
1149 @@ -1456,7 +1456,7 @@
1150 to execute upon subsystem request.
1151 .Pp
1152 The command
1153 -.Xr sftp-server 8
1154 +.Xr sftp-server 1M
1155 implements the
1156 .Dq sftp
1157 file transfer subsystem.
1158 @@ -1474,7 +1474,7 @@
1159 Note that this option applies to protocol version 2 only.
1160 .It Cm SyslogFacility
1161 Gives the facility code that is used when logging messages from
1162 -.Xr sshd 8 .
1163 +.Xr sshd 1M .
1164 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1165 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1166 The default is AUTH.
1167 @@ -1517,7 +1517,7 @@
1168 .Xr ssh-keygen 1 .
1169 .It Cm UseDNS
1170 Specifies whether
1171 -.Xr sshd 8
1172 +.Xr sshd 1M
1173 should look up the remote host name, and to check that
1174 the resolved host name for the remote IP address maps back to the
1175 very same IP address.
1176 @@ -1571,13 +1571,13 @@
1177 If
1178 .Cm UsePAM
1179 is enabled, you will not be able to run
1180 -.Xr sshd 8
1181 +.Xr sshd 1M
1182 as a non-root user.
1183 The default is
1184 .Dq no .
1185 .It Cm UsePrivilegeSeparation
1186 Specifies whether
1187 -.Xr sshd 8
1188 +.Xr sshd 1M
1189 separates privileges by creating an unprivileged child process
1190 to deal with incoming network traffic.
1191 After successful authentication, another process will be created that has
1192 @@ -1599,7 +1599,7 @@
1193 .Dq none .
1194 .It Cm X11DisplayOffset
1195 Specifies the first display number available for
1196 -.Xr sshd 8 Ns 's
1197 +.Xr sshd 1M Ns 's
1198 X11 forwarding.
1199 This prevents sshd from interfering with real X11 servers.
1200 The default is 10.
1201 @@ -1614,7 +1614,7 @@
1202 .Pp
1203 When X11 forwarding is enabled, there may be additional exposure to
1204 the server and to client displays if the
1205 -.Xr sshd 8
1206 +.Xr sshd 1M
1207 proxy display is configured to listen on the wildcard address (see
1208 .Cm X11UseLocalhost
1209 below), though this is not the default.
1210 @@ -1625,7 +1625,7 @@
1211 forwarding (see the warnings for
1212 .Cm ForwardX11
1213 in
1214 -.Xr ssh_config 5 ) .
1215 +.Xr ssh_config 4 ) .
1216 A system administrator may have a stance in which they want to
1217 protect clients that may expose themselves to attack by unwittingly
1218 requesting X11 forwarding, which can warrant a
1219 @@ -1639,7 +1639,7 @@
1220 is enabled.
1221 .It Cm X11UseLocalhost
1222 Specifies whether
1223 -.Xr sshd 8
1224 +.Xr sshd 1M
1225 should bind the X11 forwarding server to the loopback address or to
1226 the wildcard address.
1227 By default,
1228 @@ -1672,7 +1672,7 @@
1229 .Pa /usr/X11R6/bin/xauth .
1230 .El
1231 .Sh TIME FORMATS
1232 -.Xr sshd 8
1233 +.Xr sshd 1M
1234 command-line arguments and configuration file options that specify time
1235 may be expressed using a sequence of the form:
1236 .Sm off
1237 @@ -1716,12 +1716,12 @@
1238 .Bl -tag -width Ds
1239 .It Pa /etc/ssh/sshd_config
1240 Contains configuration data for
1241 -.Xr sshd 8 .
1242 +.Xr sshd 1M .
1243 This file should be writable by root only, but it is recommended
1244 (though not necessary) that it be world-readable.
1245 .El
1246 .Sh SEE ALSO
1247 -.Xr sshd 8
1248 +.Xr sshd 1M
1249 .Sh AUTHORS
1250 OpenSSH is a derivative of the original and free
1251 ssh 1.2.12 release by Tatu Ylonen.
|