Print this page
Update OpenSSH to 7.1p1
@@ -1,9 +1,9 @@
-diff -ru openssh-6.7p1-orig/Makefile.in openssh-6.7p1/Makefile.in
---- openssh-6.7p1-orig/Makefile.in Sat Aug 30 02:23:07 2014
-+++ openssh-6.7p1/Makefile.in Fri Feb 27 15:50:37 2015
-@@ -282,8 +282,8 @@
+diff -ru openssh-7.1p1.orig/Makefile.in openssh-7.1p1/Makefile.in
+--- openssh-7.1p1.orig/Makefile.in Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/Makefile.in Wed Sep 2 08:54:44 2015
+@@ -298,8 +298,8 @@
$(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
- $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
- $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
@@ -10,11 +10,11 @@
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1m
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)4
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
(umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
-@@ -303,14 +303,14 @@
+@@ -319,14 +319,14 @@
$(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
$(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
$(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
- $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
- $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
@@ -32,15 +32,13 @@
+ $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-keysign.1m
+ $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-pkcs11-helper.1m
-rm -f $(DESTDIR)$(bindir)/slogin
ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
-Only in openssh-6.7p1: Makefile.in.orig
-Common subdirectories: openssh-6.7p1-orig/contrib and openssh-6.7p1/contrib
-diff -ru openssh-6.7p1-orig/moduli.5 openssh-6.7p1/moduli.5
---- openssh-6.7p1-orig/moduli.5 Tue Nov 6 16:36:01 2012
-+++ openssh-6.7p1/moduli.5 Fri Feb 27 15:50:37 2015
+diff -ru openssh-7.1p1.orig/moduli.5 openssh-7.1p1/moduli.5
+--- openssh-7.1p1.orig/moduli.5 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/moduli.5 Wed Sep 2 08:54:44 2015
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.Dd $Mdocdate: September 26 2012 $
-.Dt MODULI 5
@@ -93,16 +91,13 @@
-.Xr sshd 8
+.Xr sshd 1M
.Sh STANDARDS
.Rs
.%A M. Friedl
-Common subdirectories: openssh-6.7p1-orig/openbsd-compat and openssh-6.7p1/openbsd-compat
-Common subdirectories: openssh-6.7p1-orig/regress and openssh-6.7p1/regress
-Common subdirectories: openssh-6.7p1-orig/scard and openssh-6.7p1/scard
-diff -ru openssh-6.7p1-orig/scp.1 openssh-6.7p1/scp.1
---- openssh-6.7p1-orig/scp.1 Sat Apr 19 23:02:58 2014
-+++ openssh-6.7p1/scp.1 Fri Feb 27 15:50:37 2015
+diff -ru openssh-7.1p1.orig/scp.1 openssh-7.1p1/scp.1
+--- openssh-7.1p1.orig/scp.1 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/scp.1 Wed Sep 2 08:54:44 2015
@@ -116,13 +116,13 @@
Can be used to pass options to
.Nm ssh
in the format used in
-.Xr ssh_config 5 .
@@ -115,11 +110,11 @@
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
.Bl -tag -width Ds -offset indent -compact
.It AddressFamily
-@@ -227,8 +227,8 @@
+@@ -230,8 +230,8 @@
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
-.Xr ssh_config 5 ,
-.Xr sshd 8
@@ -126,18 +121,17 @@
+.Xr ssh_config 4 ,
+.Xr sshd 1M
.Sh HISTORY
.Nm
is based on the rcp program in
-Only in openssh-6.7p1: scp.1.orig
-diff -ru openssh-6.7p1-orig/sftp-server.8 openssh-6.7p1/sftp-server.8
---- openssh-6.7p1-orig/sftp-server.8 Tue Jul 29 22:33:21 2014
-+++ openssh-6.7p1/sftp-server.8 Fri Feb 27 15:51:27 2015
+diff -ru openssh-7.1p1.orig/sftp-server.8 openssh-7.1p1/sftp-server.8
+--- openssh-7.1p1.orig/sftp-server.8 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/sftp-server.8 Wed Sep 2 09:02:44 2015
@@ -23,7 +23,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
- .Dd $Mdocdate: July 28 2014 $
+ .Dd $Mdocdate: December 11 2014 $
-.Dt SFTP-SERVER 8
+.Dt SFTP-SERVER 1M
.Os
.Sh NAME
.Nm sftp-server
@@ -157,10 +151,19 @@
-.Xr sshd_config 5
+.Xr sshd_config 4
for more information.
.Pp
Valid options are:
+@@ -71,7 +71,7 @@
+ and %u is replaced by the username of that user.
+ The default is to use the user's home directory.
+ This option is useful in conjunction with the
+-.Xr sshd_config 5
++.Xr sshd_config 4
+ .Cm ChrootDirectory
+ option.
+ .It Fl e
@@ -147,13 +147,13 @@
for logging to work, and use of
.Nm
in a chroot configuration therefore requires that
-.Xr syslogd 8
@@ -174,13 +177,13 @@
+.Xr sshd_config 4 ,
+.Xr sshd 1M
.Rs
.%A T. Ylonen
.%A S. Lehtinen
-diff -ru openssh-6.7p1-orig/sftp.1 openssh-6.7p1/sftp.1
---- openssh-6.7p1-orig/sftp.1 Wed May 14 23:47:37 2014
-+++ openssh-6.7p1/sftp.1 Fri Feb 27 15:50:37 2015
+diff -ru openssh-7.1p1.orig/sftp.1 openssh-7.1p1/sftp.1
+--- openssh-7.1p1.orig/sftp.1 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/sftp.1 Wed Sep 2 08:54:44 2015
@@ -85,7 +85,7 @@
option.
In such cases, it is necessary to configure non-interactive authentication
to obviate the need to enter a password at connection time (see
-.Xr sshd 8
@@ -204,20 +207,20 @@
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
.Bl -tag -width Ds -offset indent -compact
.It AddressFamily
-@@ -280,7 +280,7 @@
+@@ -282,7 +282,7 @@
A path is useful for using
.Nm
over protocol version 1, or when the remote
-.Xr sshd 8
+.Xr sshd 1M
does not have an sftp subsystem configured.
.It Fl v
Raise logging level.
-@@ -610,9 +610,9 @@
+@@ -612,9 +612,9 @@
.Xr ssh-add 1 ,
.Xr ssh-keygen 1 ,
.Xr glob 3 ,
-.Xr ssh_config 5 ,
-.Xr sftp-server 8 ,
@@ -226,81 +229,101 @@
+.Xr sftp-server 1M ,
+.Xr sshd 1M
.Rs
.%A T. Ylonen
.%A S. Lehtinen
-Only in openssh-6.7p1: sftp.1.orig
-diff -ru openssh-6.7p1-orig/ssh-add.1 openssh-6.7p1/ssh-add.1
---- openssh-6.7p1-orig/ssh-add.1 Wed Dec 18 01:46:28 2013
-+++ openssh-6.7p1/ssh-add.1 Fri Feb 27 15:50:37 2015
-@@ -126,7 +126,7 @@
+diff -ru openssh-7.1p1.orig/ssh-add.1 openssh-7.1p1/ssh-add.1
+--- openssh-7.1p1.orig/ssh-add.1 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/ssh-add.1 Wed Sep 2 08:54:44 2015
+@@ -134,7 +134,7 @@
Set a maximum lifetime when adding identities to an agent.
The lifetime may be specified in seconds or in a time format
specified in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.It Fl X
Unlock the agent.
.It Fl x
-@@ -189,7 +189,7 @@
- .Xr ssh 1 ,
+@@ -200,7 +200,7 @@
.Xr ssh-agent 1 ,
+ .Xr ssh-askpass 1 ,
.Xr ssh-keygen 1 ,
-.Xr sshd 8
+.Xr sshd 1M
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
-diff -ru openssh-6.7p1-orig/ssh-keygen.1 openssh-6.7p1/ssh-keygen.1
---- openssh-6.7p1-orig/ssh-keygen.1 Sat Apr 19 23:23:04 2014
-+++ openssh-6.7p1/ssh-keygen.1 Fri Feb 27 15:50:37 2015
-@@ -433,7 +433,7 @@
+diff -ru openssh-7.1p1.orig/ssh-agent.1 openssh-7.1p1/ssh-agent.1
+--- openssh-7.1p1.orig/ssh-agent.1 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/ssh-agent.1 Wed Sep 2 09:02:52 2015
+@@ -123,7 +123,7 @@
+ .It Fl t Ar life
+ Set a default value for the maximum lifetime of identities added to the agent.
+ The lifetime may be specified in seconds or in a time format specified in
+-.Xr sshd_config 5 .
++.Xr sshd_config 4 .
+ A lifetime specified for an identity with
+ .Xr ssh-add 1
+ overrides this value.
+@@ -198,7 +198,7 @@
+ .Xr ssh 1 ,
+ .Xr ssh-add 1 ,
+ .Xr ssh-keygen 1 ,
+-.Xr sshd 8
++.Xr sshd 1M
+ .Sh AUTHORS
+ OpenSSH is a derivative of the original and free
+ ssh 1.2.12 release by Tatu Ylonen.
+diff -ru openssh-7.1p1.orig/ssh-keygen.1 openssh-7.1p1/ssh-keygen.1
+--- openssh-7.1p1.orig/ssh-keygen.1 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/ssh-keygen.1 Wed Sep 2 08:54:44 2015
+@@ -443,7 +443,7 @@
Disable execution of
.Pa ~/.ssh/rc
by
-.Xr sshd 8
+.Xr sshd 1M
(permitted by default).
.It Ic no-x11-forwarding
Disable X11 forwarding (permitted by default).
-@@ -449,7 +449,7 @@
+@@ -459,7 +459,7 @@
Allows execution of
.Pa ~/.ssh/rc
by
-.Xr sshd 8 .
+.Xr sshd 1M .
.It Ic permit-x11-forwarding
Allows X11 forwarding.
.It Ic source-address Ns = Ns Ar address_list
-@@ -540,7 +540,7 @@
+@@ -550,7 +550,7 @@
in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
of a minus sign followed by a relative time in the format described in the
TIME FORMATS section of
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
a relative time starting with a plus character.
.Pp
-@@ -642,7 +642,7 @@
+@@ -652,7 +652,7 @@
on a certificate rather than trusting many user/host keys.
Note that OpenSSH certificates are a different, and much simpler, format to
the X.509 certificates used in
-.Xr ssl 8 .
+.Xr ssl 1M .
.Pp
.Nm
supports two types of certificates: user and host.
-@@ -706,7 +706,7 @@
+@@ -716,7 +716,7 @@
.Pp
For certificates to be used for user or host authentication, the CA
public key must be trusted by
-.Xr sshd 8
+.Xr sshd 1M
or
.Xr ssh 1 .
Please refer to those manual pages for details.
-@@ -830,14 +830,14 @@
+@@ -840,14 +840,14 @@
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for DH-GEX.
The file format is described in
-.Xr moduli 5 .
+.Xr moduli 4 .
@@ -314,13 +337,25 @@
+.Xr moduli 4 ,
+.Xr sshd 1M
.Rs
.%R RFC 4716
.%T "The Secure Shell (SSH) Public Key File Format"
-diff -ru openssh-6.7p1-orig/ssh-keysign.8 openssh-6.7p1/ssh-keysign.8
---- openssh-6.7p1-orig/ssh-keysign.8 Wed Dec 18 01:46:28 2013
-+++ openssh-6.7p1/ssh-keysign.8 Fri Feb 27 15:50:37 2015
+diff -ru openssh-7.1p1.orig/ssh-keyscan.1 openssh-7.1p1/ssh-keyscan.1
+--- openssh-7.1p1.orig/ssh-keyscan.1 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/ssh-keyscan.1 Wed Sep 2 09:01:30 2015
+@@ -164,7 +164,7 @@
+ .Ed
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+-.Xr sshd 8
++.Xr sshd 1M
+ .Sh AUTHORS
+ .An -nosplit
+ .An David Mazieres Aq Mt dm@lcs.mit.edu
+diff -ru openssh-7.1p1.orig/ssh-keysign.8 openssh-7.1p1/ssh-keysign.8
+--- openssh-7.1p1.orig/ssh-keysign.8 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/ssh-keysign.8 Wed Sep 2 08:54:44 2015
@@ -23,7 +23,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 7 2013 $
-.Dt SSH-KEYSIGN 8
@@ -346,224 +381,224 @@
+.Xr ssh_config 4 ,
+.Xr sshd 1M
.Sh HISTORY
.Nm
first appeared in
-diff -ru openssh-6.7p1-orig/ssh-pkcs11-helper.8 openssh-6.7p1/ssh-pkcs11-helper.8
---- openssh-6.7p1-orig/ssh-pkcs11-helper.8 Thu Jul 18 02:14:14 2013
-+++ openssh-6.7p1/ssh-pkcs11-helper.8 Fri Feb 27 15:50:37 2015
+diff -ru openssh-7.1p1.orig/ssh-pkcs11-helper.8 openssh-7.1p1/ssh-pkcs11-helper.8
+--- openssh-7.1p1.orig/ssh-pkcs11-helper.8 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/ssh-pkcs11-helper.8 Wed Sep 2 08:54:44 2015
@@ -15,7 +15,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 16 2013 $
-.Dt SSH-PKCS11-HELPER 8
+.Dt SSH-PKCS11-HELPER 1M
.Os
.Sh NAME
.Nm ssh-pkcs11-helper
-diff -ru openssh-6.7p1-orig/ssh.1 openssh-6.7p1/ssh.1
---- openssh-6.7p1-orig/ssh.1 Tue Jul 29 22:32:28 2014
-+++ openssh-6.7p1/ssh.1 Fri Feb 27 15:52:48 2015
-@@ -164,7 +164,7 @@
+diff -ru openssh-7.1p1.orig/ssh.1 openssh-7.1p1/ssh.1
+--- openssh-7.1p1.orig/ssh.1 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/ssh.1 Wed Sep 2 08:54:44 2015
+@@ -173,7 +173,7 @@
See the
.Cm Ciphers
keyword in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information.
+ .Pp
.It Fl D Xo
- .Sm off
-@@ -343,7 +343,7 @@
+@@ -396,7 +396,7 @@
Refer to the description of
.Cm ControlMaster
in
-.Xr ssh_config 5
+.Xr ssh_config 4
for details.
+ .Pp
.It Fl m Ar mac_spec
- Additionally, for protocol version 2 a comma-separated list of MAC
-@@ -399,7 +399,7 @@
+@@ -457,7 +457,7 @@
This is useful for specifying options for which there is no separate
command-line flag.
For full details of the options listed below, and their possible values, see
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
.Bl -tag -width Ds -offset indent -compact
.It AddressFamily
-@@ -541,7 +541,7 @@
+@@ -629,7 +629,7 @@
will only succeed if the server's
.Cm GatewayPorts
option is enabled (see
-.Xr sshd_config 5 ) .
+.Xr sshd_config 4 ) .
.Pp
If the
.Ar port
-@@ -562,7 +562,7 @@
+@@ -651,7 +651,7 @@
and
.Cm ControlMaster
in
-.Xr ssh_config 5
+.Xr ssh_config 4
for details.
+ .Pp
.It Fl s
- May be used to request invocation of a subsystem on the remote system.
-@@ -632,7 +632,7 @@
+@@ -728,7 +728,7 @@
and
.Cm TunnelDevice
directives in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
If the
.Cm Tunnel
directive is unset, it is set to the default tunnel mode, which is
-@@ -655,7 +655,7 @@
+@@ -752,7 +752,7 @@
option and the
.Cm ForwardX11Trusted
directive in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information.
+ .Pp
.It Fl x
- Disables X11 forwarding.
-@@ -674,7 +674,7 @@
+@@ -774,7 +774,7 @@
may additionally obtain configuration data from
a per-user configuration file and a system-wide configuration file.
The file format and configuration options are described in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Sh AUTHENTICATION
The OpenSSH SSH client supports SSH protocols 1 and 2.
The default is to use protocol 2 only,
-@@ -681,7 +681,7 @@
+@@ -781,7 +781,7 @@
though this can be changed via the
.Cm Protocol
option in
-.Xr ssh_config 5
+.Xr ssh_config 4
or the
.Fl 1
and
-@@ -941,7 +941,7 @@
+@@ -1052,7 +1052,7 @@
allows the user to execute a local command if the
.Ic PermitLocalCommand
option is enabled in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
Basic help is available, using the
.Fl h
option.
-@@ -1138,7 +1138,7 @@
+@@ -1254,7 +1254,7 @@
See the
.Cm VerifyHostKeyDNS
option in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information.
.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
.Nm
-@@ -1148,7 +1148,7 @@
+@@ -1264,7 +1264,7 @@
network pseudo-device,
allowing two networks to be joined securely.
The
-.Xr sshd_config 5
+.Xr sshd_config 4
configuration option
.Cm PermitTunnel
controls whether the server supports this,
-@@ -1298,7 +1298,7 @@
+@@ -1414,7 +1414,7 @@
For more information, see the
.Cm PermitUserEnvironment
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.rhosts
-@@ -1306,7 +1306,7 @@
+@@ -1422,7 +1422,7 @@
On some machines this file may need to be
world-readable if the user's home directory is on an NFS partition,
because
-.Xr sshd 8
+.Xr sshd 1M
reads it as root.
Additionally, this file must be owned by the user,
and must not have write permissions for anyone else.
-@@ -1331,7 +1331,7 @@
- Lists the public keys (DSA, ECDSA, ED25519, RSA)
+@@ -1447,7 +1447,7 @@
+ Lists the public keys (DSA, ECDSA, Ed25519, RSA)
that can be used for logging in as this user.
The format of this file is described in the
-.Xr sshd 8
+.Xr sshd 1M
manual page.
This file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by others.
-@@ -1339,7 +1339,7 @@
+@@ -1455,7 +1455,7 @@
.It Pa ~/.ssh/config
This is the per-user configuration file.
The file format and configuration options are described in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
Because of the potential for abuse, this file must have strict permissions:
read/write for the user, and not writable by others.
.Pp
-@@ -1376,7 +1376,7 @@
+@@ -1492,7 +1492,7 @@
Contains a list of host keys for all hosts the user has logged into
that are not already in the systemwide list of known host keys.
See
-.Xr sshd 8
+.Xr sshd 1M
for further details of the format of this file.
.Pp
.It Pa ~/.ssh/rc
-@@ -1385,7 +1385,7 @@
+@@ -1501,7 +1501,7 @@
when the user logs in, just before the user's shell (or command) is
started.
See the
-.Xr sshd 8
+.Xr sshd 1M
manual page for more information.
.Pp
.It Pa /etc/hosts.equiv
-@@ -1401,7 +1401,7 @@
+@@ -1517,7 +1517,7 @@
.It Pa /etc/ssh/ssh_config
Systemwide configuration file.
The file format and configuration options are described in
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
.It Pa /etc/ssh/ssh_host_key
.It Pa /etc/ssh/ssh_host_dsa_key
-@@ -1416,7 +1416,7 @@
+@@ -1532,7 +1532,7 @@
For protocol version 2,
.Nm
uses
-.Xr ssh-keysign 8
+.Xr ssh-keysign 1M
to access the host keys,
eliminating the requirement that
.Nm
-@@ -1432,7 +1432,7 @@
+@@ -1548,7 +1548,7 @@
organization.
It should be world-readable.
See
-.Xr sshd 8
+.Xr sshd 1M
for further details of the format of this file.
.Pp
.It Pa /etc/ssh/sshrc
-@@ -1440,7 +1440,7 @@
+@@ -1556,7 +1556,7 @@
.Nm
when the user logs in, just before the user's shell (or command) is started.
See the
-.Xr sshd 8
+.Xr sshd 1M
manual page for more information.
.El
.Sh EXIT STATUS
-@@ -1455,9 +1455,9 @@
+@@ -1571,9 +1571,9 @@
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
.Xr tun 4 ,
-.Xr ssh_config 5 ,
-.Xr ssh-keysign 8 ,
@@ -572,17 +607,92 @@
+.Xr ssh-keysign 1M ,
+.Xr sshd 1M
.Sh STANDARDS
.Rs
.%A S. Lehtinen
-diff -ru openssh-6.7p1-orig/sshd.8 openssh-6.7p1/sshd.8
---- openssh-6.7p1-orig/sshd.8 Thu Jul 3 19:00:04 2014
-+++ openssh-6.7p1/sshd.8 Fri Feb 27 15:54:50 2015
+diff -ru openssh-7.1p1.orig/ssh_config.5 openssh-7.1p1/ssh_config.5
+--- openssh-7.1p1.orig/ssh_config.5 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/ssh_config.5 Wed Sep 2 09:02:37 2015
+@@ -568,7 +568,7 @@
+ .Dq Fl O No exit
+ option).
+ If set to a time in seconds, or a time in any of the formats documented in
+-.Xr sshd_config 5 ,
++.Xr sshd_config 4 ,
+ then the backgrounded master connection will automatically terminate
+ after it has remained idle (with no client connections) for the
+ specified time.
+@@ -695,7 +695,7 @@
+ Specify a timeout for untrusted X11 forwarding
+ using the format described in the
+ TIME FORMATS section of
+-.Xr sshd_config 5 .
++.Xr sshd_config 4 .
+ X11 connections received by
+ .Xr ssh 1
+ after this time will be refused.
+@@ -762,7 +762,7 @@
+ These hashed names may be used normally by
+ .Xr ssh 1
+ and
+-.Xr sshd 8 ,
++.Xr sshd 1M ,
+ but they do not reveal identifying information should the file's contents
+ be disclosed.
+ The default is
+@@ -1206,7 +1206,7 @@
+ The command can be basically anything,
+ and should read from its standard input and write to its standard output.
+ It should eventually connect an
+-.Xr sshd 8
++.Xr sshd 1M
+ server running on some machine, or execute
+ .Ic sshd -i
+ somewhere.
+@@ -1286,7 +1286,7 @@
+ The optional second value is specified in seconds and may use any of the
+ units documented in the
+ TIME FORMATS section of
+-.Xr sshd_config 5 .
++.Xr sshd_config 4 .
+ The default value for
+ .Cm RekeyLimit
+ is
+@@ -1330,7 +1330,7 @@
+ will only succeed if the server's
+ .Cm GatewayPorts
+ option is enabled (see
+-.Xr sshd_config 5 ) .
++.Xr sshd_config 4 ) .
+ .It Cm RequestTTY
+ Specifies whether to request a pseudo-tty for the session.
+ The argument may be one of:
+@@ -1396,7 +1396,7 @@
+ Refer to
+ .Cm AcceptEnv
+ in
+-.Xr sshd_config 5
++.Xr sshd_config 4
+ for how to configure the server.
+ Variables are specified by name, which may contain wildcard characters.
+ Multiple environment variables may be separated by whitespace or spread
+@@ -1586,7 +1586,7 @@
+ and will be disabled if it is enabled.
+ .Pp
+ Presently, only
+-.Xr sshd 8
++.Xr sshd 1M
+ from OpenSSH 6.8 and greater support the
+ .Dq hostkeys@openssh.com
+ protocol extension used to inform the client of all the server's hostkeys.
+diff -ru openssh-7.1p1.orig/sshd.8 openssh-7.1p1/sshd.8
+--- openssh-7.1p1.orig/sshd.8 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/sshd.8 Wed Sep 2 08:59:06 2015
@@ -35,7 +35,7 @@
.\"
- .\" $OpenBSD: sshd.8,v 1.276 2014/07/03 22:40:43 djm Exp $
- .Dd $Mdocdate: July 3 2014 $
+ .\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $
+ .Dd $Mdocdate: July 3 2015 $
-.Dt SSHD 8
+.Dt SSHD 1M
.Os
.Sh NAME
.Nm sshd
@@ -599,59 +709,68 @@
Specifies that
.Nm
is being run from
-.Xr inetd 8 .
+.Xr inetd 1M .
+ If SSH protocol 1 is enabled,
.Nm
- is normally not run
- from inetd because it needs to generate the server key before it can
-@@ -207,7 +207,7 @@
+ should not normally be run
+@@ -204,7 +204,7 @@
This is useful for specifying options for which there is no separate
command-line flag.
For full details of the options, and their values, see
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.It Fl p Ar port
Specifies the port on which the server listens for connections
(default 22).
-@@ -277,7 +277,7 @@
+@@ -274,7 +274,7 @@
though this can be changed via the
.Cm Protocol
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
- Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
+ Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
protocol 1 only supports RSA keys.
For both protocols,
-@@ -402,7 +402,7 @@
+@@ -399,7 +399,7 @@
See the
.Cm PermitUserEnvironment
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.It
Changes to user's home directory.
.It
-@@ -550,7 +550,7 @@
+@@ -406,7 +406,7 @@
+ If
+ .Pa ~/.ssh/rc
+ exists and the
+-.Xr sshd_config 5
++.Xr sshd_config 4
+ .Cm PermitUserRC
+ option is set, runs it; else if
+ .Pa /etc/ssh/sshrc
+@@ -549,7 +549,7 @@
environment variable.
Note that this option applies to shell, command or subsystem execution.
Also note that this command may be superseded by either a
-.Xr sshd_config 5
+.Xr sshd_config 4
.Cm ForceCommand
directive or a command embedded in a certificate.
.It Cm environment="NAME=value"
-@@ -571,7 +571,7 @@
+@@ -570,7 +570,7 @@
name of the remote host or its IP address must be present in the
comma-separated list of patterns.
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.Pp
In addition to the wildcard matching that may be applied to hostnames or
-@@ -859,11 +859,11 @@
+@@ -858,11 +858,11 @@
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
The file format is described in
-.Xr moduli 5 .
+.Xr moduli 4 .
@@ -661,20 +780,20 @@
-.Xr motd 5 .
+.Xr motd 4 .
.Pp
.It Pa /etc/nologin
If this file exists,
-@@ -920,7 +920,7 @@
+@@ -919,7 +919,7 @@
Contains configuration data for
.Nm sshd .
The file format and configuration options are described in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.Pp
.It Pa /etc/ssh/sshrc
Similar to
-@@ -954,11 +954,11 @@
+@@ -953,11 +953,11 @@
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
.Xr chroot 2 ,
-.Xr login.conf 5 ,
-.Xr moduli 5 ,
@@ -687,17 +806,17 @@
+.Xr inetd 1M ,
+.Xr sftp-server 1M
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
-diff -ru openssh-6.7p1-orig/sshd_config.5 openssh-6.7p1/sshd_config.5
---- openssh-6.7p1-orig/sshd_config.5 Thu Oct 2 19:24:57 2014
-+++ openssh-6.7p1/sshd_config.5 Fri Feb 27 15:56:01 2015
+diff -ru openssh-7.1p1.orig/sshd_config.5 openssh-7.1p1/sshd_config.5
+--- openssh-7.1p1.orig/sshd_config.5 Fri Aug 21 00:49:03 2015
++++ openssh-7.1p1/sshd_config.5 Wed Sep 2 09:00:14 2015
@@ -35,7 +35,7 @@
.\"
- .\" $OpenBSD: sshd_config.5,v 1.176 2014/07/28 15:40:08 schwarze Exp $
- .Dd $Mdocdate: July 28 2014 $
+ .\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $
+ .Dd $Mdocdate: August 14 2015 $
-.Dt SSHD_CONFIG 5
+.Dt SSHD_CONFIG 4
.Os
.Sh NAME
.Nm sshd_config
@@ -715,301 +834,348 @@
.Cm SendEnv
in
-.Xr ssh_config 5
+.Xr ssh_config 4
for how to configure the client.
- Note that environment passing is only supported for protocol 2.
- Variables are specified by name, which may contain the wildcard characters
-@@ -85,7 +85,7 @@
+ Note that environment passing is only supported for protocol 2, and
+ that the
+@@ -89,7 +89,7 @@
The default is not to accept any environment variables.
.It Cm AddressFamily
Specifies which address family should be used by
-.Xr sshd 8 .
+.Xr sshd 1M .
Valid arguments are
.Dq any ,
.Dq inet
-@@ -118,7 +118,7 @@
+@@ -122,7 +122,7 @@
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm AllowTcpForwarding
Specifies whether TCP forwarding is permitted.
-@@ -178,7 +178,7 @@
+@@ -182,7 +182,7 @@
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm AuthenticationMethods
Specifies the authentication methods that must be successfully completed
-@@ -222,7 +222,7 @@
- It will be invoked with a single argument of the username
- being authenticated, and should produce on standard output zero or
+@@ -217,7 +217,7 @@
+ If the
+ .Dq publickey
+ method is listed more than once,
+-.Xr sshd 8
++.Xr sshd 1M
+ verifies that keys that have been used successfully are not reused for
+ subsequent authentications.
+ For example, an
+@@ -250,7 +250,7 @@
+ .Pp
+ The program should produce on standard output zero or
more lines of authorized_keys output (see AUTHORIZED_KEYS in
-.Xr sshd 8 ) .
+.Xr sshd 1M ) .
If a key supplied by AuthorizedKeysCommand does not successfully authenticate
and authorize the user then public key authentication continues using the usual
.Cm AuthorizedKeysFile
-@@ -238,7 +238,7 @@
+@@ -265,7 +265,7 @@
+ is specified but
+ .Cm AuthorizedKeysCommandUser
+ is not, then
+-.Xr sshd 8
++.Xr sshd 1M
+ will refuse to start.
+ .It Cm AuthorizedKeysFile
+ Specifies the file that contains the public keys that can be used
+@@ -273,7 +273,7 @@
The format is described in the
AUTHORIZED_KEYS FILE FORMAT
section of
-.Xr sshd 8 .
+.Xr sshd 1M .
.Cm AuthorizedKeysFile
may contain tokens of the form %T which are substituted during connection
setup.
-@@ -261,7 +261,7 @@
+@@ -321,7 +321,7 @@
+ is specified but
+ .Cm AuthorizedPrincipalsCommandUser
+ is not, then
+-.Xr sshd 8
++.Xr sshd 1M
+ will refuse to start.
+ .It Cm AuthorizedPrincipalsFile
+ Specifies a file that lists principal names that are accepted for
+@@ -332,7 +332,7 @@
to be accepted for authentication.
Names are listed one per line preceded by key options (as described
in AUTHORIZED_KEYS FILE FORMAT in
-.Xr sshd 8 ) .
+.Xr sshd 1M ) .
Empty lines and comments starting with
.Ql #
are ignored.
-@@ -291,7 +291,7 @@
+@@ -362,7 +362,7 @@
though the
.Cm principals=
key option offers a similar facility (see
-.Xr sshd 8
+.Xr sshd 1M
for details).
.It Cm Banner
The contents of the specified file are sent to the remote user before
-@@ -304,7 +304,7 @@
+@@ -375,7 +375,7 @@
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or through authentication styles supported in
-.Xr login.conf 5 )
+.Xr login.conf 4 )
The default is
.Dq yes .
.It Cm ChrootDirectory
-@@ -314,7 +314,7 @@
- All components of the pathname must be root-owned directories that are
- not writable by any other user or group.
+@@ -383,11 +383,11 @@
+ .Xr chroot 2
+ to after authentication.
+ At session startup
+-.Xr sshd 8
++.Xr sshd 1M
+ checks that all components of the pathname are root-owned directories
+ which are not writable by any other user or group.
After the chroot,
-.Xr sshd 8
+.Xr sshd 1M
changes the working directory to the user's home directory.
.Pp
The pathname may contain the following tokens that are expanded at runtime once
-@@ -347,7 +347,7 @@
+@@ -419,7 +419,7 @@
though sessions which use logging may require
.Pa /dev/log
inside the chroot directory on some operating systems (see
-.Xr sftp-server 8
+.Xr sftp-server 1M
for details).
.Pp
+ For safety, it is very important that the directory hierarchy be
+@@ -426,7 +426,7 @@
+ prevented from modification by other processes on the system (especially
+ those outside the jail).
+ Misconfiguration can lead to unsafe environments which
+-.Xr sshd 8
++.Xr sshd 1M
+ cannot detect.
+ .Pp
The default is not to
-@@ -404,7 +404,7 @@
+@@ -490,7 +490,7 @@
.It Cm ClientAliveCountMax
Sets the number of client alive messages (see below) which may be
sent without
-.Xr sshd 8
+.Xr sshd 1M
receiving any messages back from the client.
If this threshold is reached while client alive messages are being sent,
sshd will disconnect the client, terminating the session.
-@@ -431,7 +431,7 @@
+@@ -517,7 +517,7 @@
.It Cm ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received
from the client,
-.Xr sshd 8
+.Xr sshd 1M
will send a message through the encrypted
channel to request a response from the client.
The default
-@@ -462,7 +462,7 @@
+@@ -548,7 +548,7 @@
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm DenyUsers
This keyword can be followed by a list of user name patterns, separated
-@@ -481,7 +481,7 @@
+@@ -567,7 +567,7 @@
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
- .It Cm ForceCommand
- Forces the execution of the command specified by
-@@ -506,7 +506,7 @@
+ .It Cm FingerprintHash
+ Specifies the hash algorithm used when logging key fingerprints.
+@@ -600,7 +600,7 @@
Specifies whether remote hosts are allowed to connect to ports
forwarded for the client.
By default,
-.Xr sshd 8
+.Xr sshd 1M
binds remote port forwardings to the loopback address.
This prevents other remote hosts from connecting to forwarded ports.
.Cm GatewayPorts
-@@ -554,7 +554,7 @@
+@@ -686,7 +686,7 @@
A setting of
.Dq yes
means that
-.Xr sshd 8
+.Xr sshd 1M
uses the name supplied by the client rather than
attempting to resolve the name from the TCP connection itself.
The default is
-@@ -565,7 +565,7 @@
+@@ -697,7 +697,7 @@
by
.Cm HostKey .
The default behaviour of
-.Xr sshd 8
+.Xr sshd 1M
is not to load any certificates.
.It Cm HostKey
Specifies a file containing a private host key
-@@ -580,7 +580,7 @@
- .Pa /etc/ssh/ssh_host_rsa_key
+@@ -713,12 +713,12 @@
for protocol version 2.
+ .Pp
Note that
-.Xr sshd 8
+.Xr sshd 1M
- will refuse to use a file if it is group/world-accessible.
+ will refuse to use a file if it is group/world-accessible
+ and that the
+ .Cm HostKeyAlgorithms
+ option restricts which of the keys are actually used by
+-.Xr sshd 8 .
++.Xr sshd 1M .
+ .Pp
It is possible to have multiple host key files.
.Dq rsa1
-@@ -621,7 +621,7 @@
+@@ -779,7 +779,7 @@
.Dq yes .
.It Cm IgnoreUserKnownHosts
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should ignore the user's
.Pa ~/.ssh/known_hosts
during
-@@ -745,7 +745,7 @@
+@@ -914,7 +914,7 @@
The default is 3600 (seconds).
.It Cm ListenAddress
Specifies the local addresses
-.Xr sshd 8
+.Xr sshd 1M
should listen on.
The following forms may be used:
.Pp
-@@ -788,7 +788,7 @@
+@@ -954,7 +954,7 @@
The default is 120 seconds.
.It Cm LogLevel
Gives the verbosity level that is used when logging messages from
-.Xr sshd 8 .
+.Xr sshd 1M .
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
The default is INFO.
-@@ -881,7 +881,7 @@
+@@ -1059,7 +1059,7 @@
The match patterns may consist of single entries or comma-separated
lists and may use the wildcard and negation operators described in the
PATTERNS section of
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
The patterns in an
.Cm Address
-@@ -962,7 +962,7 @@
+@@ -1148,7 +1148,7 @@
the three colon separated values
.Dq start:rate:full
(e.g. "10:30:60").
-.Xr sshd 8
+.Xr sshd 1M
will refuse connection attempts with a probability of
.Dq rate/100
(30%)
-@@ -1075,7 +1075,7 @@
+@@ -1268,7 +1268,7 @@
options in
.Pa ~/.ssh/authorized_keys
are processed by
-.Xr sshd 8 .
+.Xr sshd 1M .
The default is
.Dq no .
Enabling environment processing may enable users to bypass access
-@@ -1094,7 +1094,7 @@
+@@ -1289,7 +1289,7 @@
.Pa /var/run/sshd.pid .
.It Cm Port
Specifies the port number that
-.Xr sshd 8
+.Xr sshd 1M
listens on.
The default is 22.
Multiple options of this type are permitted.
-@@ -1102,7 +1102,7 @@
+@@ -1297,7 +1297,7 @@
.Cm ListenAddress .
.It Cm PrintLastLog
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should print the date and time of the last user login when a user logs
in interactively.
The default is
-@@ -1109,7 +1109,7 @@
+@@ -1304,7 +1304,7 @@
.Dq yes .
.It Cm PrintMotd
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should print
.Pa /etc/motd
when a user logs in interactively.
-@@ -1120,7 +1120,7 @@
+@@ -1315,7 +1315,7 @@
.Dq yes .
.It Cm Protocol
Specifies the protocol versions
-.Xr sshd 8
+.Xr sshd 1M
supports.
The possible values are
.Sq 1
-@@ -1220,7 +1220,7 @@
+@@ -1440,7 +1440,7 @@
.Dq no .
.It Cm StrictModes
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should check file modes and ownership of the
user's files and home directory before accepting login.
This is normally desirable because novices sometimes accidentally leave their
-@@ -1236,7 +1236,7 @@
+@@ -1456,7 +1456,7 @@
to execute upon subsystem request.
.Pp
The command
-.Xr sftp-server 8
+.Xr sftp-server 1M
implements the
.Dq sftp
file transfer subsystem.
-@@ -1254,7 +1254,7 @@
+@@ -1474,7 +1474,7 @@
Note that this option applies to protocol version 2 only.
.It Cm SyslogFacility
Gives the facility code that is used when logging messages from
-.Xr sshd 8 .
+.Xr sshd 1M .
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
-@@ -1295,7 +1295,7 @@
+@@ -1517,7 +1517,7 @@
.Xr ssh-keygen 1 .
.It Cm UseDNS
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
- should look up the remote host name and check that
+ should look up the remote host name, and to check that
the resolved host name for the remote IP address maps back to the
very same IP address.
-@@ -1340,13 +1340,13 @@
+@@ -1571,13 +1571,13 @@
If
.Cm UsePAM
is enabled, you will not be able to run
-.Xr sshd 8
+.Xr sshd 1M
@@ -1021,56 +1187,56 @@
-.Xr sshd 8
+.Xr sshd 1M
separates privileges by creating an unprivileged child process
to deal with incoming network traffic.
After successful authentication, another process will be created that has
-@@ -1368,7 +1368,7 @@
+@@ -1599,7 +1599,7 @@
.Dq none .
.It Cm X11DisplayOffset
Specifies the first display number available for
-.Xr sshd 8 Ns 's
+.Xr sshd 1M Ns 's
X11 forwarding.
This prevents sshd from interfering with real X11 servers.
The default is 10.
-@@ -1383,7 +1383,7 @@
+@@ -1614,7 +1614,7 @@
.Pp
When X11 forwarding is enabled, there may be additional exposure to
the server and to client displays if the
-.Xr sshd 8
+.Xr sshd 1M
proxy display is configured to listen on the wildcard address (see
.Cm X11UseLocalhost
below), though this is not the default.
-@@ -1394,7 +1394,7 @@
+@@ -1625,7 +1625,7 @@
forwarding (see the warnings for
.Cm ForwardX11
in
-.Xr ssh_config 5 ) .
+.Xr ssh_config 4 ) .
A system administrator may have a stance in which they want to
protect clients that may expose themselves to attack by unwittingly
requesting X11 forwarding, which can warrant a
-@@ -1408,7 +1408,7 @@
+@@ -1639,7 +1639,7 @@
is enabled.
.It Cm X11UseLocalhost
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should bind the X11 forwarding server to the loopback address or to
the wildcard address.
By default,
-@@ -1439,7 +1439,7 @@
+@@ -1672,7 +1672,7 @@
.Pa /usr/X11R6/bin/xauth .
.El
.Sh TIME FORMATS
-.Xr sshd 8
+.Xr sshd 1M
command-line arguments and configuration file options that specify time
may be expressed using a sequence of the form:
.Sm off
-@@ -1483,12 +1483,12 @@
+@@ -1716,12 +1716,12 @@
.Bl -tag -width Ds
.It Pa /etc/ssh/sshd_config
Contains configuration data for
-.Xr sshd 8 .
+.Xr sshd 1M .
@@ -1081,18 +1247,5 @@
-.Xr sshd 8
+.Xr sshd 1M
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
-Common subdirectories: openssh-6.7p1-orig/contrib/aix and openssh-6.7p1/contrib/aix
-Common subdirectories: openssh-6.7p1-orig/contrib/caldera and openssh-6.7p1/contrib/caldera
-Common subdirectories: openssh-6.7p1-orig/contrib/cygwin and openssh-6.7p1/contrib/cygwin
-Common subdirectories: openssh-6.7p1-orig/contrib/hpux and openssh-6.7p1/contrib/hpux
-Common subdirectories: openssh-6.7p1-orig/contrib/redhat and openssh-6.7p1/contrib/redhat
-Common subdirectories: openssh-6.7p1-orig/contrib/solaris and openssh-6.7p1/contrib/solaris
-Common subdirectories: openssh-6.7p1-orig/contrib/suse and openssh-6.7p1/contrib/suse
-Common subdirectories: openssh-6.7p1-orig/openbsd-compat/regress and openssh-6.7p1/openbsd-compat/regress
-Common subdirectories: openssh-6.7p1-orig/regress/unittests and openssh-6.7p1/regress/unittests
-Common subdirectories: openssh-6.7p1-orig/regress/unittests/sshbuf and openssh-6.7p1/regress/unittests/sshbuf
-Common subdirectories: openssh-6.7p1-orig/regress/unittests/sshkey and openssh-6.7p1/regress/unittests/sshkey
-Common subdirectories: openssh-6.7p1-orig/regress/unittests/test_helper and openssh-6.7p1/regress/unittests/test_helper
-Common subdirectories: openssh-6.7p1-orig/regress/unittests/sshkey/testdata and openssh-6.7p1/regress/unittests/sshkey/testdata