Print this page
Update OpenSSH to 7.1p1
| Split |
Close |
| Expand all |
| Collapse all |
--- old/build/openssh/patches/man-sections.patch
+++ new/build/openssh/patches/man-sections.patch
1 -diff -ru openssh-6.7p1-orig/Makefile.in openssh-6.7p1/Makefile.in
2 ---- openssh-6.7p1-orig/Makefile.in Sat Aug 30 02:23:07 2014
3 -+++ openssh-6.7p1/Makefile.in Fri Feb 27 15:50:37 2015
4 -@@ -282,8 +282,8 @@
1 +diff -ru openssh-7.1p1.orig/Makefile.in openssh-7.1p1/Makefile.in
2 +--- openssh-7.1p1.orig/Makefile.in Fri Aug 21 00:49:03 2015
3 ++++ openssh-7.1p1/Makefile.in Wed Sep 2 08:54:44 2015
4 +@@ -298,8 +298,8 @@
5 5 $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
6 6 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
7 7 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
8 8 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
9 9 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
10 10 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1m
11 11 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)4
12 12 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
13 13 (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
14 14 $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
15 -@@ -303,14 +303,14 @@
15 +@@ -319,14 +319,14 @@
16 16 $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
17 17 $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
18 18 $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
19 19 - $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
20 20 - $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
21 21 - $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
22 22 - $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
23 23 + $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)4/moduli.4
24 24 + $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)4/sshd_config.4
25 25 + $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)4/ssh_config.4
26 26 + $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/sshd.1m
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
27 27 $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
28 28 - $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
29 29 - $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
30 30 - $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
31 31 + $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/sftp-server.1m
32 32 + $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-keysign.1m
33 33 + $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-pkcs11-helper.1m
34 34 -rm -f $(DESTDIR)$(bindir)/slogin
35 35 ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
36 36 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
37 -Only in openssh-6.7p1: Makefile.in.orig
38 -Common subdirectories: openssh-6.7p1-orig/contrib and openssh-6.7p1/contrib
39 -diff -ru openssh-6.7p1-orig/moduli.5 openssh-6.7p1/moduli.5
40 ---- openssh-6.7p1-orig/moduli.5 Tue Nov 6 16:36:01 2012
41 -+++ openssh-6.7p1/moduli.5 Fri Feb 27 15:50:37 2015
37 +diff -ru openssh-7.1p1.orig/moduli.5 openssh-7.1p1/moduli.5
38 +--- openssh-7.1p1.orig/moduli.5 Fri Aug 21 00:49:03 2015
39 ++++ openssh-7.1p1/moduli.5 Wed Sep 2 08:54:44 2015
42 40 @@ -14,7 +14,7 @@
43 41 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
44 42 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
45 43 .Dd $Mdocdate: September 26 2012 $
46 44 -.Dt MODULI 5
47 45 +.Dt MODULI 4
48 46 .Os
49 47 .Sh NAME
50 48 .Nm moduli
51 49 @@ -23,7 +23,7 @@
52 50 The
53 51 .Pa /etc/moduli
54 52 file contains prime numbers and generators for use by
55 53 -.Xr sshd 8
56 54 +.Xr sshd 1M
57 55 in the Diffie-Hellman Group Exchange key exchange method.
58 56 .Pp
59 57 New moduli may be generated with
60 58 @@ -40,7 +40,7 @@
61 59 .Ic ssh-keygen -T ,
62 60 provides a high degree of assurance that the numbers are prime and are
63 61 safe for use in Diffie-Hellman operations by
64 62 -.Xr sshd 8 .
65 63 +.Xr sshd 1M .
66 64 This
67 65 .Nm
68 66 format is used as the output from each pass.
69 67 @@ -70,7 +70,7 @@
70 68 Further primality testing with
71 69 .Xr ssh-keygen 1
72 70 produces safe prime moduli (type 2) that are ready for use in
73 71 -.Xr sshd 8 .
74 72 +.Xr sshd 1M .
75 73 Other types are not used by OpenSSH.
76 74 .It tests
77 75 Decimal number indicating the type of primality tests that the number
78 76 @@ -105,16 +105,16 @@
79 77 .El
80 78 .Pp
81 79 When performing Diffie-Hellman Group Exchange,
82 80 -.Xr sshd 8
83 81 +.Xr sshd 1M
84 82 first estimates the size of the modulus required to produce enough
85 83 Diffie-Hellman output to sufficiently key the selected symmetric cipher.
86 84 -.Xr sshd 8
87 85 +.Xr sshd 1M
|
↓ open down ↓ |
36 lines elided |
↑ open up ↑ |
88 86 then randomly selects a modulus from
89 87 .Fa /etc/moduli
90 88 that best meets the size requirement.
91 89 .Sh SEE ALSO
92 90 .Xr ssh-keygen 1 ,
93 91 -.Xr sshd 8
94 92 +.Xr sshd 1M
95 93 .Sh STANDARDS
96 94 .Rs
97 95 .%A M. Friedl
98 -Common subdirectories: openssh-6.7p1-orig/openbsd-compat and openssh-6.7p1/openbsd-compat
99 -Common subdirectories: openssh-6.7p1-orig/regress and openssh-6.7p1/regress
100 -Common subdirectories: openssh-6.7p1-orig/scard and openssh-6.7p1/scard
101 -diff -ru openssh-6.7p1-orig/scp.1 openssh-6.7p1/scp.1
102 ---- openssh-6.7p1-orig/scp.1 Sat Apr 19 23:02:58 2014
103 -+++ openssh-6.7p1/scp.1 Fri Feb 27 15:50:37 2015
96 +diff -ru openssh-7.1p1.orig/scp.1 openssh-7.1p1/scp.1
97 +--- openssh-7.1p1.orig/scp.1 Fri Aug 21 00:49:03 2015
98 ++++ openssh-7.1p1/scp.1 Wed Sep 2 08:54:44 2015
104 99 @@ -116,13 +116,13 @@
105 100 Can be used to pass options to
106 101 .Nm ssh
107 102 in the format used in
108 103 -.Xr ssh_config 5 .
109 104 +.Xr ssh_config 4 .
110 105 This is useful for specifying options
111 106 for which there is no separate
112 107 .Nm scp
113 108 command-line flag.
114 109 For full details of the options listed below, and their possible values, see
115 110 -.Xr ssh_config 5 .
116 111 +.Xr ssh_config 4 .
117 112 .Pp
118 113 .Bl -tag -width Ds -offset indent -compact
119 114 .It AddressFamily
120 -@@ -227,8 +227,8 @@
115 +@@ -230,8 +230,8 @@
121 116 .Xr ssh-add 1 ,
122 117 .Xr ssh-agent 1 ,
123 118 .Xr ssh-keygen 1 ,
124 119 -.Xr ssh_config 5 ,
125 120 -.Xr sshd 8
126 121 +.Xr ssh_config 4 ,
127 122 +.Xr sshd 1M
128 123 .Sh HISTORY
129 124 .Nm
130 125 is based on the rcp program in
131 -Only in openssh-6.7p1: scp.1.orig
132 -diff -ru openssh-6.7p1-orig/sftp-server.8 openssh-6.7p1/sftp-server.8
133 ---- openssh-6.7p1-orig/sftp-server.8 Tue Jul 29 22:33:21 2014
134 -+++ openssh-6.7p1/sftp-server.8 Fri Feb 27 15:51:27 2015
126 +diff -ru openssh-7.1p1.orig/sftp-server.8 openssh-7.1p1/sftp-server.8
127 +--- openssh-7.1p1.orig/sftp-server.8 Fri Aug 21 00:49:03 2015
128 ++++ openssh-7.1p1/sftp-server.8 Wed Sep 2 09:02:44 2015
135 129 @@ -23,7 +23,7 @@
136 130 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
137 131 .\"
138 - .Dd $Mdocdate: July 28 2014 $
132 + .Dd $Mdocdate: December 11 2014 $
139 133 -.Dt SFTP-SERVER 8
140 134 +.Dt SFTP-SERVER 1M
141 135 .Os
142 136 .Sh NAME
143 137 .Nm sftp-server
144 138 @@ -47,7 +47,7 @@
145 139 to stdout and expects client requests from stdin.
146 140 .Nm
147 141 is not intended to be called directly, but from
148 142 -.Xr sshd 8
149 143 +.Xr sshd 1M
150 144 using the
151 145 .Cm Subsystem
|
↓ open down ↓ |
3 lines elided |
↑ open up ↑ |
152 146 option.
153 147 @@ -58,7 +58,7 @@
154 148 .Cm Subsystem
155 149 declaration.
156 150 See
157 151 -.Xr sshd_config 5
158 152 +.Xr sshd_config 4
159 153 for more information.
160 154 .Pp
161 155 Valid options are:
156 +@@ -71,7 +71,7 @@
157 + and %u is replaced by the username of that user.
158 + The default is to use the user's home directory.
159 + This option is useful in conjunction with the
160 +-.Xr sshd_config 5
161 ++.Xr sshd_config 4
162 + .Cm ChrootDirectory
163 + option.
164 + .It Fl e
162 165 @@ -147,13 +147,13 @@
163 166 for logging to work, and use of
164 167 .Nm
165 168 in a chroot configuration therefore requires that
166 169 -.Xr syslogd 8
167 170 +.Xr syslogd 1M
168 171 establish a logging socket inside the chroot directory.
169 172 .Sh SEE ALSO
170 173 .Xr sftp 1 ,
171 174 .Xr ssh 1 ,
172 175 -.Xr sshd_config 5 ,
173 176 -.Xr sshd 8
174 177 +.Xr sshd_config 4 ,
175 178 +.Xr sshd 1M
176 179 .Rs
177 180 .%A T. Ylonen
178 181 .%A S. Lehtinen
179 -diff -ru openssh-6.7p1-orig/sftp.1 openssh-6.7p1/sftp.1
180 ---- openssh-6.7p1-orig/sftp.1 Wed May 14 23:47:37 2014
181 -+++ openssh-6.7p1/sftp.1 Fri Feb 27 15:50:37 2015
182 +diff -ru openssh-7.1p1.orig/sftp.1 openssh-7.1p1/sftp.1
183 +--- openssh-7.1p1.orig/sftp.1 Fri Aug 21 00:49:03 2015
184 ++++ openssh-7.1p1/sftp.1 Wed Sep 2 08:54:44 2015
182 185 @@ -85,7 +85,7 @@
183 186 option.
184 187 In such cases, it is necessary to configure non-interactive authentication
185 188 to obviate the need to enter a password at connection time (see
186 189 -.Xr sshd 8
187 190 +.Xr sshd 1M
188 191 and
189 192 .Xr ssh-keygen 1
190 193 for details).
191 194 @@ -179,7 +179,7 @@
192 195 Can be used to pass options to
193 196 .Nm ssh
194 197 in the format used in
195 198 -.Xr ssh_config 5 .
196 199 +.Xr ssh_config 4 .
197 200 This is useful for specifying options
198 201 for which there is no separate
|
↓ open down ↓ |
7 lines elided |
↑ open up ↑ |
199 202 .Nm sftp
200 203 @@ -187,7 +187,7 @@
201 204 For example, to specify an alternate port use:
202 205 .Ic sftp -oPort=24 .
203 206 For full details of the options listed below, and their possible values, see
204 207 -.Xr ssh_config 5 .
205 208 +.Xr ssh_config 4 .
206 209 .Pp
207 210 .Bl -tag -width Ds -offset indent -compact
208 211 .It AddressFamily
209 -@@ -280,7 +280,7 @@
212 +@@ -282,7 +282,7 @@
210 213 A path is useful for using
211 214 .Nm
212 215 over protocol version 1, or when the remote
213 216 -.Xr sshd 8
214 217 +.Xr sshd 1M
215 218 does not have an sftp subsystem configured.
216 219 .It Fl v
217 220 Raise logging level.
218 -@@ -610,9 +610,9 @@
221 +@@ -612,9 +612,9 @@
219 222 .Xr ssh-add 1 ,
220 223 .Xr ssh-keygen 1 ,
221 224 .Xr glob 3 ,
222 225 -.Xr ssh_config 5 ,
223 226 -.Xr sftp-server 8 ,
224 227 -.Xr sshd 8
225 228 +.Xr ssh_config 4 ,
226 229 +.Xr sftp-server 1M ,
227 230 +.Xr sshd 1M
228 231 .Rs
229 232 .%A T. Ylonen
230 233 .%A S. Lehtinen
231 -Only in openssh-6.7p1: sftp.1.orig
232 -diff -ru openssh-6.7p1-orig/ssh-add.1 openssh-6.7p1/ssh-add.1
233 ---- openssh-6.7p1-orig/ssh-add.1 Wed Dec 18 01:46:28 2013
234 -+++ openssh-6.7p1/ssh-add.1 Fri Feb 27 15:50:37 2015
235 -@@ -126,7 +126,7 @@
234 +diff -ru openssh-7.1p1.orig/ssh-add.1 openssh-7.1p1/ssh-add.1
235 +--- openssh-7.1p1.orig/ssh-add.1 Fri Aug 21 00:49:03 2015
236 ++++ openssh-7.1p1/ssh-add.1 Wed Sep 2 08:54:44 2015
237 +@@ -134,7 +134,7 @@
236 238 Set a maximum lifetime when adding identities to an agent.
237 239 The lifetime may be specified in seconds or in a time format
238 240 specified in
239 241 -.Xr sshd_config 5 .
240 242 +.Xr sshd_config 4 .
241 243 .It Fl X
242 244 Unlock the agent.
243 245 .It Fl x
244 -@@ -189,7 +189,7 @@
245 - .Xr ssh 1 ,
246 +@@ -200,7 +200,7 @@
246 247 .Xr ssh-agent 1 ,
248 + .Xr ssh-askpass 1 ,
247 249 .Xr ssh-keygen 1 ,
248 250 -.Xr sshd 8
249 251 +.Xr sshd 1M
250 252 .Sh AUTHORS
251 253 OpenSSH is a derivative of the original and free
252 254 ssh 1.2.12 release by Tatu Ylonen.
253 -diff -ru openssh-6.7p1-orig/ssh-keygen.1 openssh-6.7p1/ssh-keygen.1
254 ---- openssh-6.7p1-orig/ssh-keygen.1 Sat Apr 19 23:23:04 2014
255 -+++ openssh-6.7p1/ssh-keygen.1 Fri Feb 27 15:50:37 2015
256 -@@ -433,7 +433,7 @@
255 +diff -ru openssh-7.1p1.orig/ssh-agent.1 openssh-7.1p1/ssh-agent.1
256 +--- openssh-7.1p1.orig/ssh-agent.1 Fri Aug 21 00:49:03 2015
257 ++++ openssh-7.1p1/ssh-agent.1 Wed Sep 2 09:02:52 2015
258 +@@ -123,7 +123,7 @@
259 + .It Fl t Ar life
260 + Set a default value for the maximum lifetime of identities added to the agent.
261 + The lifetime may be specified in seconds or in a time format specified in
262 +-.Xr sshd_config 5 .
263 ++.Xr sshd_config 4 .
264 + A lifetime specified for an identity with
265 + .Xr ssh-add 1
266 + overrides this value.
267 +@@ -198,7 +198,7 @@
268 + .Xr ssh 1 ,
269 + .Xr ssh-add 1 ,
270 + .Xr ssh-keygen 1 ,
271 +-.Xr sshd 8
272 ++.Xr sshd 1M
273 + .Sh AUTHORS
274 + OpenSSH is a derivative of the original and free
275 + ssh 1.2.12 release by Tatu Ylonen.
276 +diff -ru openssh-7.1p1.orig/ssh-keygen.1 openssh-7.1p1/ssh-keygen.1
277 +--- openssh-7.1p1.orig/ssh-keygen.1 Fri Aug 21 00:49:03 2015
278 ++++ openssh-7.1p1/ssh-keygen.1 Wed Sep 2 08:54:44 2015
279 +@@ -443,7 +443,7 @@
257 280 Disable execution of
258 281 .Pa ~/.ssh/rc
259 282 by
260 283 -.Xr sshd 8
261 284 +.Xr sshd 1M
262 285 (permitted by default).
263 286 .It Ic no-x11-forwarding
264 287 Disable X11 forwarding (permitted by default).
265 -@@ -449,7 +449,7 @@
288 +@@ -459,7 +459,7 @@
266 289 Allows execution of
267 290 .Pa ~/.ssh/rc
268 291 by
269 292 -.Xr sshd 8 .
270 293 +.Xr sshd 1M .
271 294 .It Ic permit-x11-forwarding
272 295 Allows X11 forwarding.
273 296 .It Ic source-address Ns = Ns Ar address_list
274 -@@ -540,7 +540,7 @@
297 +@@ -550,7 +550,7 @@
275 298 in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
276 299 of a minus sign followed by a relative time in the format described in the
277 300 TIME FORMATS section of
278 301 -.Xr sshd_config 5 .
279 302 +.Xr sshd_config 4 .
280 303 The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
281 304 a relative time starting with a plus character.
282 305 .Pp
283 -@@ -642,7 +642,7 @@
306 +@@ -652,7 +652,7 @@
284 307 on a certificate rather than trusting many user/host keys.
285 308 Note that OpenSSH certificates are a different, and much simpler, format to
286 309 the X.509 certificates used in
287 310 -.Xr ssl 8 .
288 311 +.Xr ssl 1M .
289 312 .Pp
290 313 .Nm
291 314 supports two types of certificates: user and host.
292 -@@ -706,7 +706,7 @@
315 +@@ -716,7 +716,7 @@
293 316 .Pp
294 317 For certificates to be used for user or host authentication, the CA
295 318 public key must be trusted by
296 319 -.Xr sshd 8
297 320 +.Xr sshd 1M
298 321 or
299 322 .Xr ssh 1 .
300 323 Please refer to those manual pages for details.
301 -@@ -830,14 +830,14 @@
324 +@@ -840,14 +840,14 @@
302 325 .It Pa /etc/moduli
303 326 Contains Diffie-Hellman groups used for DH-GEX.
304 327 The file format is described in
305 328 -.Xr moduli 5 .
306 329 +.Xr moduli 4 .
307 330 .El
308 331 .Sh SEE ALSO
309 332 .Xr ssh 1 ,
310 333 .Xr ssh-add 1 ,
311 334 .Xr ssh-agent 1 ,
312 335 -.Xr moduli 5 ,
313 336 -.Xr sshd 8
314 337 +.Xr moduli 4 ,
315 338 +.Xr sshd 1M
316 339 .Rs
317 340 .%R RFC 4716
318 341 .%T "The Secure Shell (SSH) Public Key File Format"
319 -diff -ru openssh-6.7p1-orig/ssh-keysign.8 openssh-6.7p1/ssh-keysign.8
320 ---- openssh-6.7p1-orig/ssh-keysign.8 Wed Dec 18 01:46:28 2013
321 -+++ openssh-6.7p1/ssh-keysign.8 Fri Feb 27 15:50:37 2015
342 +diff -ru openssh-7.1p1.orig/ssh-keyscan.1 openssh-7.1p1/ssh-keyscan.1
343 +--- openssh-7.1p1.orig/ssh-keyscan.1 Fri Aug 21 00:49:03 2015
344 ++++ openssh-7.1p1/ssh-keyscan.1 Wed Sep 2 09:01:30 2015
345 +@@ -164,7 +164,7 @@
346 + .Ed
347 + .Sh SEE ALSO
348 + .Xr ssh 1 ,
349 +-.Xr sshd 8
350 ++.Xr sshd 1M
351 + .Sh AUTHORS
352 + .An -nosplit
353 + .An David Mazieres Aq Mt dm@lcs.mit.edu
354 +diff -ru openssh-7.1p1.orig/ssh-keysign.8 openssh-7.1p1/ssh-keysign.8
355 +--- openssh-7.1p1.orig/ssh-keysign.8 Fri Aug 21 00:49:03 2015
356 ++++ openssh-7.1p1/ssh-keysign.8 Wed Sep 2 08:54:44 2015
322 357 @@ -23,7 +23,7 @@
323 358 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
324 359 .\"
325 360 .Dd $Mdocdate: December 7 2013 $
326 361 -.Dt SSH-KEYSIGN 8
327 362 +.Dt SSH-KEYSIGN 1M
328 363 .Os
329 364 .Sh NAME
330 365 .Nm ssh-keysign
331 366 @@ -52,7 +52,7 @@
332 367 See
333 368 .Xr ssh 1
334 369 and
335 370 -.Xr sshd 8
336 371 +.Xr sshd 1M
337 372 for more information about host-based authentication.
338 373 .Sh FILES
339 374 .Bl -tag -width Ds -compact
340 375 @@ -83,8 +83,8 @@
|
↓ open down ↓ |
9 lines elided |
↑ open up ↑ |
341 376 .Sh SEE ALSO
342 377 .Xr ssh 1 ,
343 378 .Xr ssh-keygen 1 ,
344 379 -.Xr ssh_config 5 ,
345 380 -.Xr sshd 8
346 381 +.Xr ssh_config 4 ,
347 382 +.Xr sshd 1M
348 383 .Sh HISTORY
349 384 .Nm
350 385 first appeared in
351 -diff -ru openssh-6.7p1-orig/ssh-pkcs11-helper.8 openssh-6.7p1/ssh-pkcs11-helper.8
352 ---- openssh-6.7p1-orig/ssh-pkcs11-helper.8 Thu Jul 18 02:14:14 2013
353 -+++ openssh-6.7p1/ssh-pkcs11-helper.8 Fri Feb 27 15:50:37 2015
386 +diff -ru openssh-7.1p1.orig/ssh-pkcs11-helper.8 openssh-7.1p1/ssh-pkcs11-helper.8
387 +--- openssh-7.1p1.orig/ssh-pkcs11-helper.8 Fri Aug 21 00:49:03 2015
388 ++++ openssh-7.1p1/ssh-pkcs11-helper.8 Wed Sep 2 08:54:44 2015
354 389 @@ -15,7 +15,7 @@
355 390 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
356 391 .\"
357 392 .Dd $Mdocdate: July 16 2013 $
358 393 -.Dt SSH-PKCS11-HELPER 8
359 394 +.Dt SSH-PKCS11-HELPER 1M
360 395 .Os
361 396 .Sh NAME
362 397 .Nm ssh-pkcs11-helper
363 -diff -ru openssh-6.7p1-orig/ssh.1 openssh-6.7p1/ssh.1
364 ---- openssh-6.7p1-orig/ssh.1 Tue Jul 29 22:32:28 2014
365 -+++ openssh-6.7p1/ssh.1 Fri Feb 27 15:52:48 2015
366 -@@ -164,7 +164,7 @@
398 +diff -ru openssh-7.1p1.orig/ssh.1 openssh-7.1p1/ssh.1
399 +--- openssh-7.1p1.orig/ssh.1 Fri Aug 21 00:49:03 2015
400 ++++ openssh-7.1p1/ssh.1 Wed Sep 2 08:54:44 2015
401 +@@ -173,7 +173,7 @@
367 402 See the
368 403 .Cm Ciphers
369 404 keyword in
370 405 -.Xr ssh_config 5
371 406 +.Xr ssh_config 4
372 407 for more information.
408 + .Pp
373 409 .It Fl D Xo
374 - .Sm off
375 -@@ -343,7 +343,7 @@
410 +@@ -396,7 +396,7 @@
376 411 Refer to the description of
377 412 .Cm ControlMaster
378 413 in
379 414 -.Xr ssh_config 5
380 415 +.Xr ssh_config 4
381 416 for details.
417 + .Pp
382 418 .It Fl m Ar mac_spec
383 - Additionally, for protocol version 2 a comma-separated list of MAC
384 -@@ -399,7 +399,7 @@
419 +@@ -457,7 +457,7 @@
385 420 This is useful for specifying options for which there is no separate
386 421 command-line flag.
387 422 For full details of the options listed below, and their possible values, see
388 423 -.Xr ssh_config 5 .
389 424 +.Xr ssh_config 4 .
390 425 .Pp
391 426 .Bl -tag -width Ds -offset indent -compact
392 427 .It AddressFamily
393 -@@ -541,7 +541,7 @@
428 +@@ -629,7 +629,7 @@
394 429 will only succeed if the server's
395 430 .Cm GatewayPorts
396 431 option is enabled (see
397 432 -.Xr sshd_config 5 ) .
398 433 +.Xr sshd_config 4 ) .
399 434 .Pp
400 435 If the
401 436 .Ar port
402 -@@ -562,7 +562,7 @@
437 +@@ -651,7 +651,7 @@
403 438 and
404 439 .Cm ControlMaster
405 440 in
406 441 -.Xr ssh_config 5
407 442 +.Xr ssh_config 4
408 443 for details.
444 + .Pp
409 445 .It Fl s
410 - May be used to request invocation of a subsystem on the remote system.
411 -@@ -632,7 +632,7 @@
446 +@@ -728,7 +728,7 @@
412 447 and
413 448 .Cm TunnelDevice
414 449 directives in
415 450 -.Xr ssh_config 5 .
416 451 +.Xr ssh_config 4 .
417 452 If the
418 453 .Cm Tunnel
419 454 directive is unset, it is set to the default tunnel mode, which is
420 -@@ -655,7 +655,7 @@
455 +@@ -752,7 +752,7 @@
421 456 option and the
422 457 .Cm ForwardX11Trusted
423 458 directive in
424 459 -.Xr ssh_config 5
425 460 +.Xr ssh_config 4
426 461 for more information.
462 + .Pp
427 463 .It Fl x
428 - Disables X11 forwarding.
429 -@@ -674,7 +674,7 @@
464 +@@ -774,7 +774,7 @@
430 465 may additionally obtain configuration data from
431 466 a per-user configuration file and a system-wide configuration file.
432 467 The file format and configuration options are described in
433 468 -.Xr ssh_config 5 .
434 469 +.Xr ssh_config 4 .
435 470 .Sh AUTHENTICATION
436 471 The OpenSSH SSH client supports SSH protocols 1 and 2.
437 472 The default is to use protocol 2 only,
438 -@@ -681,7 +681,7 @@
473 +@@ -781,7 +781,7 @@
439 474 though this can be changed via the
440 475 .Cm Protocol
441 476 option in
442 477 -.Xr ssh_config 5
443 478 +.Xr ssh_config 4
444 479 or the
445 480 .Fl 1
446 481 and
447 -@@ -941,7 +941,7 @@
482 +@@ -1052,7 +1052,7 @@
448 483 allows the user to execute a local command if the
449 484 .Ic PermitLocalCommand
450 485 option is enabled in
451 486 -.Xr ssh_config 5 .
452 487 +.Xr ssh_config 4 .
453 488 Basic help is available, using the
454 489 .Fl h
455 490 option.
456 -@@ -1138,7 +1138,7 @@
491 +@@ -1254,7 +1254,7 @@
457 492 See the
458 493 .Cm VerifyHostKeyDNS
459 494 option in
460 495 -.Xr ssh_config 5
461 496 +.Xr ssh_config 4
462 497 for more information.
463 498 .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
464 499 .Nm
465 -@@ -1148,7 +1148,7 @@
500 +@@ -1264,7 +1264,7 @@
466 501 network pseudo-device,
467 502 allowing two networks to be joined securely.
468 503 The
469 504 -.Xr sshd_config 5
470 505 +.Xr sshd_config 4
471 506 configuration option
472 507 .Cm PermitTunnel
473 508 controls whether the server supports this,
474 -@@ -1298,7 +1298,7 @@
509 +@@ -1414,7 +1414,7 @@
475 510 For more information, see the
476 511 .Cm PermitUserEnvironment
477 512 option in
478 513 -.Xr sshd_config 5 .
479 514 +.Xr sshd_config 4 .
480 515 .Sh FILES
481 516 .Bl -tag -width Ds -compact
482 517 .It Pa ~/.rhosts
483 -@@ -1306,7 +1306,7 @@
518 +@@ -1422,7 +1422,7 @@
484 519 On some machines this file may need to be
485 520 world-readable if the user's home directory is on an NFS partition,
486 521 because
487 522 -.Xr sshd 8
488 523 +.Xr sshd 1M
489 524 reads it as root.
490 525 Additionally, this file must be owned by the user,
491 526 and must not have write permissions for anyone else.
492 -@@ -1331,7 +1331,7 @@
493 - Lists the public keys (DSA, ECDSA, ED25519, RSA)
527 +@@ -1447,7 +1447,7 @@
528 + Lists the public keys (DSA, ECDSA, Ed25519, RSA)
494 529 that can be used for logging in as this user.
495 530 The format of this file is described in the
496 531 -.Xr sshd 8
497 532 +.Xr sshd 1M
498 533 manual page.
499 534 This file is not highly sensitive, but the recommended
500 535 permissions are read/write for the user, and not accessible by others.
501 -@@ -1339,7 +1339,7 @@
536 +@@ -1455,7 +1455,7 @@
502 537 .It Pa ~/.ssh/config
503 538 This is the per-user configuration file.
504 539 The file format and configuration options are described in
505 540 -.Xr ssh_config 5 .
506 541 +.Xr ssh_config 4 .
507 542 Because of the potential for abuse, this file must have strict permissions:
508 543 read/write for the user, and not writable by others.
509 544 .Pp
510 -@@ -1376,7 +1376,7 @@
545 +@@ -1492,7 +1492,7 @@
511 546 Contains a list of host keys for all hosts the user has logged into
512 547 that are not already in the systemwide list of known host keys.
513 548 See
514 549 -.Xr sshd 8
515 550 +.Xr sshd 1M
516 551 for further details of the format of this file.
517 552 .Pp
518 553 .It Pa ~/.ssh/rc
519 -@@ -1385,7 +1385,7 @@
554 +@@ -1501,7 +1501,7 @@
520 555 when the user logs in, just before the user's shell (or command) is
521 556 started.
522 557 See the
523 558 -.Xr sshd 8
524 559 +.Xr sshd 1M
525 560 manual page for more information.
526 561 .Pp
527 562 .It Pa /etc/hosts.equiv
528 -@@ -1401,7 +1401,7 @@
563 +@@ -1517,7 +1517,7 @@
529 564 .It Pa /etc/ssh/ssh_config
530 565 Systemwide configuration file.
531 566 The file format and configuration options are described in
532 567 -.Xr ssh_config 5 .
533 568 +.Xr ssh_config 4 .
534 569 .Pp
535 570 .It Pa /etc/ssh/ssh_host_key
536 571 .It Pa /etc/ssh/ssh_host_dsa_key
537 -@@ -1416,7 +1416,7 @@
572 +@@ -1532,7 +1532,7 @@
538 573 For protocol version 2,
539 574 .Nm
540 575 uses
541 576 -.Xr ssh-keysign 8
542 577 +.Xr ssh-keysign 1M
543 578 to access the host keys,
544 579 eliminating the requirement that
545 580 .Nm
546 -@@ -1432,7 +1432,7 @@
581 +@@ -1548,7 +1548,7 @@
547 582 organization.
548 583 It should be world-readable.
549 584 See
550 585 -.Xr sshd 8
551 586 +.Xr sshd 1M
552 587 for further details of the format of this file.
553 588 .Pp
554 589 .It Pa /etc/ssh/sshrc
555 -@@ -1440,7 +1440,7 @@
590 +@@ -1556,7 +1556,7 @@
556 591 .Nm
557 592 when the user logs in, just before the user's shell (or command) is started.
558 593 See the
559 594 -.Xr sshd 8
560 595 +.Xr sshd 1M
561 596 manual page for more information.
562 597 .El
563 598 .Sh EXIT STATUS
564 -@@ -1455,9 +1455,9 @@
599 +@@ -1571,9 +1571,9 @@
565 600 .Xr ssh-keygen 1 ,
566 601 .Xr ssh-keyscan 1 ,
567 602 .Xr tun 4 ,
568 603 -.Xr ssh_config 5 ,
569 604 -.Xr ssh-keysign 8 ,
570 605 -.Xr sshd 8
571 606 +.Xr ssh_config 4 ,
572 607 +.Xr ssh-keysign 1M ,
573 608 +.Xr sshd 1M
574 609 .Sh STANDARDS
575 610 .Rs
576 611 .%A S. Lehtinen
577 -diff -ru openssh-6.7p1-orig/sshd.8 openssh-6.7p1/sshd.8
578 ---- openssh-6.7p1-orig/sshd.8 Thu Jul 3 19:00:04 2014
579 -+++ openssh-6.7p1/sshd.8 Fri Feb 27 15:54:50 2015
612 +diff -ru openssh-7.1p1.orig/ssh_config.5 openssh-7.1p1/ssh_config.5
613 +--- openssh-7.1p1.orig/ssh_config.5 Fri Aug 21 00:49:03 2015
614 ++++ openssh-7.1p1/ssh_config.5 Wed Sep 2 09:02:37 2015
615 +@@ -568,7 +568,7 @@
616 + .Dq Fl O No exit
617 + option).
618 + If set to a time in seconds, or a time in any of the formats documented in
619 +-.Xr sshd_config 5 ,
620 ++.Xr sshd_config 4 ,
621 + then the backgrounded master connection will automatically terminate
622 + after it has remained idle (with no client connections) for the
623 + specified time.
624 +@@ -695,7 +695,7 @@
625 + Specify a timeout for untrusted X11 forwarding
626 + using the format described in the
627 + TIME FORMATS section of
628 +-.Xr sshd_config 5 .
629 ++.Xr sshd_config 4 .
630 + X11 connections received by
631 + .Xr ssh 1
632 + after this time will be refused.
633 +@@ -762,7 +762,7 @@
634 + These hashed names may be used normally by
635 + .Xr ssh 1
636 + and
637 +-.Xr sshd 8 ,
638 ++.Xr sshd 1M ,
639 + but they do not reveal identifying information should the file's contents
640 + be disclosed.
641 + The default is
642 +@@ -1206,7 +1206,7 @@
643 + The command can be basically anything,
644 + and should read from its standard input and write to its standard output.
645 + It should eventually connect an
646 +-.Xr sshd 8
647 ++.Xr sshd 1M
648 + server running on some machine, or execute
649 + .Ic sshd -i
650 + somewhere.
651 +@@ -1286,7 +1286,7 @@
652 + The optional second value is specified in seconds and may use any of the
653 + units documented in the
654 + TIME FORMATS section of
655 +-.Xr sshd_config 5 .
656 ++.Xr sshd_config 4 .
657 + The default value for
658 + .Cm RekeyLimit
659 + is
660 +@@ -1330,7 +1330,7 @@
661 + will only succeed if the server's
662 + .Cm GatewayPorts
663 + option is enabled (see
664 +-.Xr sshd_config 5 ) .
665 ++.Xr sshd_config 4 ) .
666 + .It Cm RequestTTY
667 + Specifies whether to request a pseudo-tty for the session.
668 + The argument may be one of:
669 +@@ -1396,7 +1396,7 @@
670 + Refer to
671 + .Cm AcceptEnv
672 + in
673 +-.Xr sshd_config 5
674 ++.Xr sshd_config 4
675 + for how to configure the server.
676 + Variables are specified by name, which may contain wildcard characters.
677 + Multiple environment variables may be separated by whitespace or spread
678 +@@ -1586,7 +1586,7 @@
679 + and will be disabled if it is enabled.
680 + .Pp
681 + Presently, only
682 +-.Xr sshd 8
683 ++.Xr sshd 1M
684 + from OpenSSH 6.8 and greater support the
685 + .Dq hostkeys@openssh.com
686 + protocol extension used to inform the client of all the server's hostkeys.
687 +diff -ru openssh-7.1p1.orig/sshd.8 openssh-7.1p1/sshd.8
688 +--- openssh-7.1p1.orig/sshd.8 Fri Aug 21 00:49:03 2015
689 ++++ openssh-7.1p1/sshd.8 Wed Sep 2 08:59:06 2015
580 690 @@ -35,7 +35,7 @@
581 691 .\"
582 - .\" $OpenBSD: sshd.8,v 1.276 2014/07/03 22:40:43 djm Exp $
583 - .Dd $Mdocdate: July 3 2014 $
692 + .\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $
693 + .Dd $Mdocdate: July 3 2015 $
584 694 -.Dt SSHD 8
585 695 +.Dt SSHD 1M
586 696 .Os
587 697 .Sh NAME
588 698 .Nm sshd
589 699 @@ -77,7 +77,7 @@
590 700 .Nm
591 701 can be configured using command-line options or a configuration file
592 702 (by default
593 703 -.Xr sshd_config 5 ) ;
594 704 +.Xr sshd_config 4 ) ;
595 705 command-line options override values specified in the
596 706 configuration file.
597 707 .Nm
598 708 @@ -183,7 +183,7 @@
599 709 Specifies that
600 710 .Nm
601 711 is being run from
602 712 -.Xr inetd 8 .
603 713 +.Xr inetd 1M .
714 + If SSH protocol 1 is enabled,
604 715 .Nm
605 - is normally not run
606 - from inetd because it needs to generate the server key before it can
607 -@@ -207,7 +207,7 @@
716 + should not normally be run
717 +@@ -204,7 +204,7 @@
608 718 This is useful for specifying options for which there is no separate
609 719 command-line flag.
610 720 For full details of the options, and their values, see
611 721 -.Xr sshd_config 5 .
612 722 +.Xr sshd_config 4 .
613 723 .It Fl p Ar port
614 724 Specifies the port on which the server listens for connections
615 725 (default 22).
616 -@@ -277,7 +277,7 @@
726 +@@ -274,7 +274,7 @@
617 727 though this can be changed via the
618 728 .Cm Protocol
619 729 option in
620 730 -.Xr sshd_config 5 .
621 731 +.Xr sshd_config 4 .
622 - Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
732 + Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
623 733 protocol 1 only supports RSA keys.
624 734 For both protocols,
625 -@@ -402,7 +402,7 @@
735 +@@ -399,7 +399,7 @@
626 736 See the
627 737 .Cm PermitUserEnvironment
628 738 option in
629 739 -.Xr sshd_config 5 .
630 740 +.Xr sshd_config 4 .
631 741 .It
632 742 Changes to user's home directory.
633 743 .It
634 -@@ -550,7 +550,7 @@
744 +@@ -406,7 +406,7 @@
745 + If
746 + .Pa ~/.ssh/rc
747 + exists and the
748 +-.Xr sshd_config 5
749 ++.Xr sshd_config 4
750 + .Cm PermitUserRC
751 + option is set, runs it; else if
752 + .Pa /etc/ssh/sshrc
753 +@@ -549,7 +549,7 @@
635 754 environment variable.
636 755 Note that this option applies to shell, command or subsystem execution.
637 756 Also note that this command may be superseded by either a
638 757 -.Xr sshd_config 5
639 758 +.Xr sshd_config 4
640 759 .Cm ForceCommand
641 760 directive or a command embedded in a certificate.
642 761 .It Cm environment="NAME=value"
643 -@@ -571,7 +571,7 @@
762 +@@ -570,7 +570,7 @@
644 763 name of the remote host or its IP address must be present in the
645 764 comma-separated list of patterns.
646 765 See PATTERNS in
647 766 -.Xr ssh_config 5
648 767 +.Xr ssh_config 4
649 768 for more information on patterns.
650 769 .Pp
651 770 In addition to the wildcard matching that may be applied to hostnames or
652 -@@ -859,11 +859,11 @@
771 +@@ -858,11 +858,11 @@
653 772 .It Pa /etc/moduli
654 773 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
655 774 The file format is described in
656 775 -.Xr moduli 5 .
657 776 +.Xr moduli 4 .
658 777 .Pp
659 778 .It Pa /etc/motd
660 779 See
661 780 -.Xr motd 5 .
662 781 +.Xr motd 4 .
663 782 .Pp
664 783 .It Pa /etc/nologin
665 784 If this file exists,
666 -@@ -920,7 +920,7 @@
785 +@@ -919,7 +919,7 @@
667 786 Contains configuration data for
668 787 .Nm sshd .
669 788 The file format and configuration options are described in
670 789 -.Xr sshd_config 5 .
671 790 +.Xr sshd_config 4 .
672 791 .Pp
673 792 .It Pa /etc/ssh/sshrc
674 793 Similar to
675 -@@ -954,11 +954,11 @@
794 +@@ -953,11 +953,11 @@
676 795 .Xr ssh-keygen 1 ,
677 796 .Xr ssh-keyscan 1 ,
678 797 .Xr chroot 2 ,
679 798 -.Xr login.conf 5 ,
680 799 -.Xr moduli 5 ,
681 800 -.Xr sshd_config 5 ,
682 801 -.Xr inetd 8 ,
683 802 -.Xr sftp-server 8
684 803 +.Xr login.conf 4 ,
685 804 +.Xr moduli 4 ,
686 805 +.Xr sshd_config 4 ,
687 806 +.Xr inetd 1M ,
688 807 +.Xr sftp-server 1M
689 808 .Sh AUTHORS
690 809 OpenSSH is a derivative of the original and free
691 810 ssh 1.2.12 release by Tatu Ylonen.
692 -diff -ru openssh-6.7p1-orig/sshd_config.5 openssh-6.7p1/sshd_config.5
693 ---- openssh-6.7p1-orig/sshd_config.5 Thu Oct 2 19:24:57 2014
694 -+++ openssh-6.7p1/sshd_config.5 Fri Feb 27 15:56:01 2015
811 +diff -ru openssh-7.1p1.orig/sshd_config.5 openssh-7.1p1/sshd_config.5
812 +--- openssh-7.1p1.orig/sshd_config.5 Fri Aug 21 00:49:03 2015
813 ++++ openssh-7.1p1/sshd_config.5 Wed Sep 2 09:00:14 2015
695 814 @@ -35,7 +35,7 @@
696 815 .\"
697 - .\" $OpenBSD: sshd_config.5,v 1.176 2014/07/28 15:40:08 schwarze Exp $
698 - .Dd $Mdocdate: July 28 2014 $
816 + .\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $
817 + .Dd $Mdocdate: August 14 2015 $
699 818 -.Dt SSHD_CONFIG 5
700 819 +.Dt SSHD_CONFIG 4
701 820 .Os
702 821 .Sh NAME
703 822 .Nm sshd_config
704 823 @@ -43,7 +43,7 @@
705 824 .Sh SYNOPSIS
706 825 .Nm /etc/ssh/sshd_config
707 826 .Sh DESCRIPTION
708 827 -.Xr sshd 8
709 828 +.Xr sshd 1M
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
710 829 reads configuration data from
711 830 .Pa /etc/ssh/sshd_config
712 831 (or the file specified with
713 832 @@ -68,7 +68,7 @@
714 833 See
715 834 .Cm SendEnv
716 835 in
717 836 -.Xr ssh_config 5
718 837 +.Xr ssh_config 4
719 838 for how to configure the client.
720 - Note that environment passing is only supported for protocol 2.
721 - Variables are specified by name, which may contain the wildcard characters
722 -@@ -85,7 +85,7 @@
839 + Note that environment passing is only supported for protocol 2, and
840 + that the
841 +@@ -89,7 +89,7 @@
723 842 The default is not to accept any environment variables.
724 843 .It Cm AddressFamily
725 844 Specifies which address family should be used by
726 845 -.Xr sshd 8 .
727 846 +.Xr sshd 1M .
728 847 Valid arguments are
729 848 .Dq any ,
730 849 .Dq inet
731 -@@ -118,7 +118,7 @@
850 +@@ -122,7 +122,7 @@
732 851 .Cm AllowGroups .
733 852 .Pp
734 853 See PATTERNS in
735 854 -.Xr ssh_config 5
736 855 +.Xr ssh_config 4
737 856 for more information on patterns.
738 857 .It Cm AllowTcpForwarding
739 858 Specifies whether TCP forwarding is permitted.
740 -@@ -178,7 +178,7 @@
859 +@@ -182,7 +182,7 @@
741 860 .Cm AllowGroups .
742 861 .Pp
743 862 See PATTERNS in
744 863 -.Xr ssh_config 5
745 864 +.Xr ssh_config 4
746 865 for more information on patterns.
747 866 .It Cm AuthenticationMethods
748 867 Specifies the authentication methods that must be successfully completed
749 -@@ -222,7 +222,7 @@
750 - It will be invoked with a single argument of the username
751 - being authenticated, and should produce on standard output zero or
868 +@@ -217,7 +217,7 @@
869 + If the
870 + .Dq publickey
871 + method is listed more than once,
872 +-.Xr sshd 8
873 ++.Xr sshd 1M
874 + verifies that keys that have been used successfully are not reused for
875 + subsequent authentications.
876 + For example, an
877 +@@ -250,7 +250,7 @@
878 + .Pp
879 + The program should produce on standard output zero or
752 880 more lines of authorized_keys output (see AUTHORIZED_KEYS in
753 881 -.Xr sshd 8 ) .
754 882 +.Xr sshd 1M ) .
755 883 If a key supplied by AuthorizedKeysCommand does not successfully authenticate
756 884 and authorize the user then public key authentication continues using the usual
757 885 .Cm AuthorizedKeysFile
758 -@@ -238,7 +238,7 @@
886 +@@ -265,7 +265,7 @@
887 + is specified but
888 + .Cm AuthorizedKeysCommandUser
889 + is not, then
890 +-.Xr sshd 8
891 ++.Xr sshd 1M
892 + will refuse to start.
893 + .It Cm AuthorizedKeysFile
894 + Specifies the file that contains the public keys that can be used
895 +@@ -273,7 +273,7 @@
759 896 The format is described in the
760 897 AUTHORIZED_KEYS FILE FORMAT
761 898 section of
762 899 -.Xr sshd 8 .
763 900 +.Xr sshd 1M .
764 901 .Cm AuthorizedKeysFile
765 902 may contain tokens of the form %T which are substituted during connection
766 903 setup.
767 -@@ -261,7 +261,7 @@
904 +@@ -321,7 +321,7 @@
905 + is specified but
906 + .Cm AuthorizedPrincipalsCommandUser
907 + is not, then
908 +-.Xr sshd 8
909 ++.Xr sshd 1M
910 + will refuse to start.
911 + .It Cm AuthorizedPrincipalsFile
912 + Specifies a file that lists principal names that are accepted for
913 +@@ -332,7 +332,7 @@
768 914 to be accepted for authentication.
769 915 Names are listed one per line preceded by key options (as described
770 916 in AUTHORIZED_KEYS FILE FORMAT in
771 917 -.Xr sshd 8 ) .
772 918 +.Xr sshd 1M ) .
773 919 Empty lines and comments starting with
774 920 .Ql #
775 921 are ignored.
776 -@@ -291,7 +291,7 @@
922 +@@ -362,7 +362,7 @@
777 923 though the
778 924 .Cm principals=
779 925 key option offers a similar facility (see
780 926 -.Xr sshd 8
781 927 +.Xr sshd 1M
782 928 for details).
783 929 .It Cm Banner
784 930 The contents of the specified file are sent to the remote user before
785 -@@ -304,7 +304,7 @@
931 +@@ -375,7 +375,7 @@
786 932 .It Cm ChallengeResponseAuthentication
787 933 Specifies whether challenge-response authentication is allowed (e.g. via
788 934 PAM or through authentication styles supported in
789 935 -.Xr login.conf 5 )
790 936 +.Xr login.conf 4 )
791 937 The default is
792 938 .Dq yes .
793 939 .It Cm ChrootDirectory
794 -@@ -314,7 +314,7 @@
795 - All components of the pathname must be root-owned directories that are
796 - not writable by any other user or group.
940 +@@ -383,11 +383,11 @@
941 + .Xr chroot 2
942 + to after authentication.
943 + At session startup
944 +-.Xr sshd 8
945 ++.Xr sshd 1M
946 + checks that all components of the pathname are root-owned directories
947 + which are not writable by any other user or group.
797 948 After the chroot,
798 949 -.Xr sshd 8
799 950 +.Xr sshd 1M
800 951 changes the working directory to the user's home directory.
801 952 .Pp
802 953 The pathname may contain the following tokens that are expanded at runtime once
803 -@@ -347,7 +347,7 @@
954 +@@ -419,7 +419,7 @@
804 955 though sessions which use logging may require
805 956 .Pa /dev/log
806 957 inside the chroot directory on some operating systems (see
807 958 -.Xr sftp-server 8
808 959 +.Xr sftp-server 1M
809 960 for details).
810 961 .Pp
962 + For safety, it is very important that the directory hierarchy be
963 +@@ -426,7 +426,7 @@
964 + prevented from modification by other processes on the system (especially
965 + those outside the jail).
966 + Misconfiguration can lead to unsafe environments which
967 +-.Xr sshd 8
968 ++.Xr sshd 1M
969 + cannot detect.
970 + .Pp
811 971 The default is not to
812 -@@ -404,7 +404,7 @@
972 +@@ -490,7 +490,7 @@
813 973 .It Cm ClientAliveCountMax
814 974 Sets the number of client alive messages (see below) which may be
815 975 sent without
816 976 -.Xr sshd 8
817 977 +.Xr sshd 1M
818 978 receiving any messages back from the client.
819 979 If this threshold is reached while client alive messages are being sent,
820 980 sshd will disconnect the client, terminating the session.
821 -@@ -431,7 +431,7 @@
981 +@@ -517,7 +517,7 @@
822 982 .It Cm ClientAliveInterval
823 983 Sets a timeout interval in seconds after which if no data has been received
824 984 from the client,
825 985 -.Xr sshd 8
826 986 +.Xr sshd 1M
827 987 will send a message through the encrypted
828 988 channel to request a response from the client.
829 989 The default
830 -@@ -462,7 +462,7 @@
990 +@@ -548,7 +548,7 @@
831 991 .Cm AllowGroups .
832 992 .Pp
833 993 See PATTERNS in
834 994 -.Xr ssh_config 5
835 995 +.Xr ssh_config 4
836 996 for more information on patterns.
837 997 .It Cm DenyUsers
838 998 This keyword can be followed by a list of user name patterns, separated
839 -@@ -481,7 +481,7 @@
999 +@@ -567,7 +567,7 @@
840 1000 .Cm AllowGroups .
841 1001 .Pp
842 1002 See PATTERNS in
843 1003 -.Xr ssh_config 5
844 1004 +.Xr ssh_config 4
845 1005 for more information on patterns.
846 - .It Cm ForceCommand
847 - Forces the execution of the command specified by
848 -@@ -506,7 +506,7 @@
1006 + .It Cm FingerprintHash
1007 + Specifies the hash algorithm used when logging key fingerprints.
1008 +@@ -600,7 +600,7 @@
849 1009 Specifies whether remote hosts are allowed to connect to ports
850 1010 forwarded for the client.
851 1011 By default,
852 1012 -.Xr sshd 8
853 1013 +.Xr sshd 1M
854 1014 binds remote port forwardings to the loopback address.
855 1015 This prevents other remote hosts from connecting to forwarded ports.
856 1016 .Cm GatewayPorts
857 -@@ -554,7 +554,7 @@
1017 +@@ -686,7 +686,7 @@
858 1018 A setting of
859 1019 .Dq yes
860 1020 means that
861 1021 -.Xr sshd 8
862 1022 +.Xr sshd 1M
863 1023 uses the name supplied by the client rather than
864 1024 attempting to resolve the name from the TCP connection itself.
865 1025 The default is
866 -@@ -565,7 +565,7 @@
1026 +@@ -697,7 +697,7 @@
867 1027 by
868 1028 .Cm HostKey .
869 1029 The default behaviour of
870 1030 -.Xr sshd 8
871 1031 +.Xr sshd 1M
872 1032 is not to load any certificates.
873 1033 .It Cm HostKey
874 1034 Specifies a file containing a private host key
875 -@@ -580,7 +580,7 @@
876 - .Pa /etc/ssh/ssh_host_rsa_key
1035 +@@ -713,12 +713,12 @@
877 1036 for protocol version 2.
1037 + .Pp
878 1038 Note that
879 1039 -.Xr sshd 8
880 1040 +.Xr sshd 1M
881 - will refuse to use a file if it is group/world-accessible.
1041 + will refuse to use a file if it is group/world-accessible
1042 + and that the
1043 + .Cm HostKeyAlgorithms
1044 + option restricts which of the keys are actually used by
1045 +-.Xr sshd 8 .
1046 ++.Xr sshd 1M .
1047 + .Pp
882 1048 It is possible to have multiple host key files.
883 1049 .Dq rsa1
884 -@@ -621,7 +621,7 @@
1050 +@@ -779,7 +779,7 @@
885 1051 .Dq yes .
886 1052 .It Cm IgnoreUserKnownHosts
887 1053 Specifies whether
888 1054 -.Xr sshd 8
889 1055 +.Xr sshd 1M
890 1056 should ignore the user's
891 1057 .Pa ~/.ssh/known_hosts
892 1058 during
893 -@@ -745,7 +745,7 @@
1059 +@@ -914,7 +914,7 @@
894 1060 The default is 3600 (seconds).
895 1061 .It Cm ListenAddress
896 1062 Specifies the local addresses
897 1063 -.Xr sshd 8
898 1064 +.Xr sshd 1M
899 1065 should listen on.
900 1066 The following forms may be used:
901 1067 .Pp
902 -@@ -788,7 +788,7 @@
1068 +@@ -954,7 +954,7 @@
903 1069 The default is 120 seconds.
904 1070 .It Cm LogLevel
905 1071 Gives the verbosity level that is used when logging messages from
906 1072 -.Xr sshd 8 .
907 1073 +.Xr sshd 1M .
908 1074 The possible values are:
909 1075 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
910 1076 The default is INFO.
911 -@@ -881,7 +881,7 @@
1077 +@@ -1059,7 +1059,7 @@
912 1078 The match patterns may consist of single entries or comma-separated
913 1079 lists and may use the wildcard and negation operators described in the
914 1080 PATTERNS section of
915 1081 -.Xr ssh_config 5 .
916 1082 +.Xr ssh_config 4 .
917 1083 .Pp
918 1084 The patterns in an
919 1085 .Cm Address
920 -@@ -962,7 +962,7 @@
1086 +@@ -1148,7 +1148,7 @@
921 1087 the three colon separated values
922 1088 .Dq start:rate:full
923 1089 (e.g. "10:30:60").
924 1090 -.Xr sshd 8
925 1091 +.Xr sshd 1M
926 1092 will refuse connection attempts with a probability of
927 1093 .Dq rate/100
928 1094 (30%)
929 -@@ -1075,7 +1075,7 @@
1095 +@@ -1268,7 +1268,7 @@
930 1096 options in
931 1097 .Pa ~/.ssh/authorized_keys
932 1098 are processed by
933 1099 -.Xr sshd 8 .
934 1100 +.Xr sshd 1M .
935 1101 The default is
936 1102 .Dq no .
937 1103 Enabling environment processing may enable users to bypass access
938 -@@ -1094,7 +1094,7 @@
1104 +@@ -1289,7 +1289,7 @@
939 1105 .Pa /var/run/sshd.pid .
940 1106 .It Cm Port
941 1107 Specifies the port number that
942 1108 -.Xr sshd 8
943 1109 +.Xr sshd 1M
944 1110 listens on.
945 1111 The default is 22.
946 1112 Multiple options of this type are permitted.
947 -@@ -1102,7 +1102,7 @@
1113 +@@ -1297,7 +1297,7 @@
948 1114 .Cm ListenAddress .
949 1115 .It Cm PrintLastLog
950 1116 Specifies whether
951 1117 -.Xr sshd 8
952 1118 +.Xr sshd 1M
953 1119 should print the date and time of the last user login when a user logs
954 1120 in interactively.
955 1121 The default is
956 -@@ -1109,7 +1109,7 @@
1122 +@@ -1304,7 +1304,7 @@
957 1123 .Dq yes .
958 1124 .It Cm PrintMotd
959 1125 Specifies whether
960 1126 -.Xr sshd 8
961 1127 +.Xr sshd 1M
962 1128 should print
963 1129 .Pa /etc/motd
964 1130 when a user logs in interactively.
965 -@@ -1120,7 +1120,7 @@
1131 +@@ -1315,7 +1315,7 @@
966 1132 .Dq yes .
967 1133 .It Cm Protocol
968 1134 Specifies the protocol versions
969 1135 -.Xr sshd 8
970 1136 +.Xr sshd 1M
971 1137 supports.
972 1138 The possible values are
973 1139 .Sq 1
974 -@@ -1220,7 +1220,7 @@
1140 +@@ -1440,7 +1440,7 @@
975 1141 .Dq no .
976 1142 .It Cm StrictModes
977 1143 Specifies whether
978 1144 -.Xr sshd 8
979 1145 +.Xr sshd 1M
980 1146 should check file modes and ownership of the
981 1147 user's files and home directory before accepting login.
982 1148 This is normally desirable because novices sometimes accidentally leave their
983 -@@ -1236,7 +1236,7 @@
1149 +@@ -1456,7 +1456,7 @@
984 1150 to execute upon subsystem request.
985 1151 .Pp
986 1152 The command
987 1153 -.Xr sftp-server 8
988 1154 +.Xr sftp-server 1M
989 1155 implements the
990 1156 .Dq sftp
991 1157 file transfer subsystem.
992 -@@ -1254,7 +1254,7 @@
1158 +@@ -1474,7 +1474,7 @@
993 1159 Note that this option applies to protocol version 2 only.
994 1160 .It Cm SyslogFacility
995 1161 Gives the facility code that is used when logging messages from
996 1162 -.Xr sshd 8 .
997 1163 +.Xr sshd 1M .
998 1164 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
999 1165 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1000 1166 The default is AUTH.
1001 -@@ -1295,7 +1295,7 @@
1167 +@@ -1517,7 +1517,7 @@
1002 1168 .Xr ssh-keygen 1 .
1003 1169 .It Cm UseDNS
1004 1170 Specifies whether
1005 1171 -.Xr sshd 8
1006 1172 +.Xr sshd 1M
1007 - should look up the remote host name and check that
1173 + should look up the remote host name, and to check that
1008 1174 the resolved host name for the remote IP address maps back to the
1009 1175 very same IP address.
1010 -@@ -1340,13 +1340,13 @@
1176 +@@ -1571,13 +1571,13 @@
1011 1177 If
1012 1178 .Cm UsePAM
1013 1179 is enabled, you will not be able to run
1014 1180 -.Xr sshd 8
1015 1181 +.Xr sshd 1M
1016 1182 as a non-root user.
1017 1183 The default is
1018 1184 .Dq no .
1019 1185 .It Cm UsePrivilegeSeparation
1020 1186 Specifies whether
1021 1187 -.Xr sshd 8
1022 1188 +.Xr sshd 1M
1023 1189 separates privileges by creating an unprivileged child process
1024 1190 to deal with incoming network traffic.
1025 1191 After successful authentication, another process will be created that has
1026 -@@ -1368,7 +1368,7 @@
1192 +@@ -1599,7 +1599,7 @@
1027 1193 .Dq none .
1028 1194 .It Cm X11DisplayOffset
1029 1195 Specifies the first display number available for
1030 1196 -.Xr sshd 8 Ns 's
1031 1197 +.Xr sshd 1M Ns 's
1032 1198 X11 forwarding.
1033 1199 This prevents sshd from interfering with real X11 servers.
1034 1200 The default is 10.
1035 -@@ -1383,7 +1383,7 @@
1201 +@@ -1614,7 +1614,7 @@
1036 1202 .Pp
1037 1203 When X11 forwarding is enabled, there may be additional exposure to
1038 1204 the server and to client displays if the
1039 1205 -.Xr sshd 8
1040 1206 +.Xr sshd 1M
1041 1207 proxy display is configured to listen on the wildcard address (see
1042 1208 .Cm X11UseLocalhost
1043 1209 below), though this is not the default.
1044 -@@ -1394,7 +1394,7 @@
1210 +@@ -1625,7 +1625,7 @@
1045 1211 forwarding (see the warnings for
1046 1212 .Cm ForwardX11
1047 1213 in
1048 1214 -.Xr ssh_config 5 ) .
1049 1215 +.Xr ssh_config 4 ) .
1050 1216 A system administrator may have a stance in which they want to
1051 1217 protect clients that may expose themselves to attack by unwittingly
1052 1218 requesting X11 forwarding, which can warrant a
1053 -@@ -1408,7 +1408,7 @@
1219 +@@ -1639,7 +1639,7 @@
1054 1220 is enabled.
1055 1221 .It Cm X11UseLocalhost
1056 1222 Specifies whether
1057 1223 -.Xr sshd 8
1058 1224 +.Xr sshd 1M
1059 1225 should bind the X11 forwarding server to the loopback address or to
1060 1226 the wildcard address.
1061 1227 By default,
1062 -@@ -1439,7 +1439,7 @@
1228 +@@ -1672,7 +1672,7 @@
1063 1229 .Pa /usr/X11R6/bin/xauth .
1064 1230 .El
1065 1231 .Sh TIME FORMATS
1066 1232 -.Xr sshd 8
1067 1233 +.Xr sshd 1M
1068 1234 command-line arguments and configuration file options that specify time
1069 1235 may be expressed using a sequence of the form:
1070 1236 .Sm off
1071 -@@ -1483,12 +1483,12 @@
1237 +@@ -1716,12 +1716,12 @@
1072 1238 .Bl -tag -width Ds
1073 1239 .It Pa /etc/ssh/sshd_config
1074 1240 Contains configuration data for
1075 1241 -.Xr sshd 8 .
1076 1242 +.Xr sshd 1M .
1077 1243 This file should be writable by root only, but it is recommended
1078 1244 (though not necessary) that it be world-readable.
1079 1245 .El
1080 1246 .Sh SEE ALSO
1081 1247 -.Xr sshd 8
1082 1248 +.Xr sshd 1M
1083 1249 .Sh AUTHORS
1084 1250 OpenSSH is a derivative of the original and free
1085 1251 ssh 1.2.12 release by Tatu Ylonen.
1086 -Common subdirectories: openssh-6.7p1-orig/contrib/aix and openssh-6.7p1/contrib/aix
1087 -Common subdirectories: openssh-6.7p1-orig/contrib/caldera and openssh-6.7p1/contrib/caldera
1088 -Common subdirectories: openssh-6.7p1-orig/contrib/cygwin and openssh-6.7p1/contrib/cygwin
1089 -Common subdirectories: openssh-6.7p1-orig/contrib/hpux and openssh-6.7p1/contrib/hpux
1090 -Common subdirectories: openssh-6.7p1-orig/contrib/redhat and openssh-6.7p1/contrib/redhat
1091 -Common subdirectories: openssh-6.7p1-orig/contrib/solaris and openssh-6.7p1/contrib/solaris
1092 -Common subdirectories: openssh-6.7p1-orig/contrib/suse and openssh-6.7p1/contrib/suse
1093 -Common subdirectories: openssh-6.7p1-orig/openbsd-compat/regress and openssh-6.7p1/openbsd-compat/regress
1094 -Common subdirectories: openssh-6.7p1-orig/regress/unittests and openssh-6.7p1/regress/unittests
1095 -Common subdirectories: openssh-6.7p1-orig/regress/unittests/sshbuf and openssh-6.7p1/regress/unittests/sshbuf
1096 -Common subdirectories: openssh-6.7p1-orig/regress/unittests/sshkey and openssh-6.7p1/regress/unittests/sshkey
1097 -Common subdirectories: openssh-6.7p1-orig/regress/unittests/test_helper and openssh-6.7p1/regress/unittests/test_helper
1098 -Common subdirectories: openssh-6.7p1-orig/regress/unittests/sshkey/testdata and openssh-6.7p1/regress/unittests/sshkey/testdata
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX