From afdae616354e19d2b420fd533ddc2099de4c404c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Aug 2010 22:31:14 +1000 Subject: [PATCH] - jmc@cvs.openbsd.org 2010/08/08 19:36:30 [ssh-keysign.8 ssh.1 sshd.8] use the same template for all FILES sections; i.e. -compact/.Pp where we have multiple items, and .Pa for path names; --- ChangeLog | 7 +++++++ ssh-keysign.8 | 14 ++++++++----- ssh.1 | 46 +++++++++++++++++++++--------------------- sshd.8 | 56 +++++++++++++++++++++++++-------------------------- 4 files changed, 67 insertions(+), 56 deletions(-) diff --git a/ChangeLog b/ChangeLog index 532750d01..18a356510 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20100931 + - OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2010/08/08 19:36:30 + [ssh-keysign.8 ssh.1 sshd.8] + use the same template for all FILES sections; i.e. -compact/.Pp where we + have multiple items, and .Pa for path names; + 20100827 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, remove. Patch from martynas at venck us diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 46c0ee9cd..2e47f1203 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.10 2010/08/04 05:42:47 djm Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.11 2010/08/08 19:36:30 jmc Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 4 2010 $ +.Dd $Mdocdate: August 8 2010 $ .Dt SSH-KEYSIGN 8 .Os .Sh NAME @@ -55,12 +55,14 @@ and .Xr sshd 8 for more information about host-based authentication. .Sh FILES -.Bl -tag -width Ds +.Bl -tag -width Ds -compact .It Pa /etc/ssh/ssh_config Controls whether .Nm is enabled. -.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key +.Pp +.It Pa /etc/ssh/ssh_host_dsa_key +.It Pa /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, readable only by root, and not @@ -68,7 +70,9 @@ accessible to others. Since they are readable only by root, .Nm must be set-uid root if host-based authentication is used. -.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub, /etc/ssh/ssh_host_rsa_key-cert.pub +.Pp +.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub +.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub If these files exist they are assumed to contain public certificate information corresponding with the private keys above. .El diff --git a/ssh.1 b/ssh.1 index 02d28a00b..9b134f4ba 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.308 2010/08/04 05:37:01 djm Exp $ -.Dd $Mdocdate: August 4 2010 $ +.\" $OpenBSD: ssh.1,v 1.309 2010/08/08 19:36:30 jmc Exp $ +.Dd $Mdocdate: August 8 2010 $ .Dt SSH 1 .Os .Sh NAME @@ -1250,7 +1250,7 @@ option in .Xr sshd_config 5 . .Sh FILES .Bl -tag -width Ds -compact -.It ~/.rhosts +.It Pa ~/.rhosts This file is used for host-based authentication (see above). On some machines this file may need to be world-readable if the user's home directory is on an NFS partition, @@ -1263,20 +1263,20 @@ The recommended permission for most machines is read/write for the user, and not accessible by others. .Pp -.It ~/.shosts +.It Pa ~/.shosts This file is used in exactly the same way as .Pa .rhosts , but allows host-based authentication without permitting login with rlogin/rsh. .Pp -.It ~/.ssh/ +.It Pa ~/.ssh/ This directory is the default location for all user-specific configuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user, and not accessible by others. .Pp -.It ~/.ssh/authorized_keys +.It Pa ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described in the .Xr sshd 8 @@ -1284,21 +1284,21 @@ manual page. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. .Pp -.It ~/.ssh/config +.It Pa ~/.ssh/config This is the per-user configuration file. The file format and configuration options are described in .Xr ssh_config 5 . Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not accessible by others. .Pp -.It ~/.ssh/environment +.It Pa ~/.ssh/environment Contains additional definitions for environment variables; see .Sx ENVIRONMENT , above. .Pp -.It ~/.ssh/identity -.It ~/.ssh/id_dsa -.It ~/.ssh/id_rsa +.It Pa ~/.ssh/identity +.It Pa ~/.ssh/id_dsa +.It Pa ~/.ssh/id_rsa Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not @@ -1309,21 +1309,21 @@ It is possible to specify a passphrase when generating the key which will be used to encrypt the sensitive part of this file using 3DES. .Pp -.It ~/.ssh/identity.pub -.It ~/.ssh/id_dsa.pub -.It ~/.ssh/id_rsa.pub +.It Pa ~/.ssh/identity.pub +.It Pa ~/.ssh/id_dsa.pub +.It Pa ~/.ssh/id_rsa.pub Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone. .Pp -.It ~/.ssh/known_hosts +.It Pa ~/.ssh/known_hosts Contains a list of host keys for all hosts the user has logged into that are not already in the systemwide list of known host keys. See .Xr sshd 8 for further details of the format of this file. .Pp -.It ~/.ssh/rc +.It Pa ~/.ssh/rc Commands in this file are executed by .Nm when the user logs in, just before the user's shell (or command) is @@ -1332,11 +1332,11 @@ See the .Xr sshd 8 manual page for more information. .Pp -.It /etc/hosts.equiv +.It Pa /etc/hosts.equiv This file is for host-based authentication (see above). It should only be writable by root. .Pp -.It /etc/shosts.equiv +.It Pa /etc/shosts.equiv This file is used in exactly the same way as .Pa hosts.equiv , but allows host-based authentication without permitting login with @@ -1347,9 +1347,9 @@ Systemwide configuration file. The file format and configuration options are described in .Xr ssh_config 5 . .Pp -.It /etc/ssh/ssh_host_key -.It /etc/ssh/ssh_host_dsa_key -.It /etc/ssh/ssh_host_rsa_key +.It Pa /etc/ssh/ssh_host_key +.It Pa /etc/ssh/ssh_host_dsa_key +.It Pa /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys and are used for host-based authentication. If protocol version 1 is used, @@ -1367,7 +1367,7 @@ By default .Nm is not setuid root. .Pp -.It /etc/ssh/ssh_known_hosts +.It Pa /etc/ssh/ssh_known_hosts Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the @@ -1377,7 +1377,7 @@ See .Xr sshd 8 for further details of the format of this file. .Pp -.It /etc/ssh/sshrc +.It Pa /etc/ssh/sshrc Commands in this file are executed by .Nm when the user logs in, just before the user's shell (or command) is started. diff --git a/sshd.8 b/sshd.8 index d3685b92b..bf9d6a2ec 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.257 2010/08/04 05:37:01 djm Exp $ -.Dd $Mdocdate: August 4 2010 $ +.\" $OpenBSD: sshd.8,v 1.258 2010/08/08 19:36:30 jmc Exp $ +.Dd $Mdocdate: August 8 2010 $ .Dt SSHD 8 .Os .Sh NAME @@ -751,7 +751,7 @@ AAAA1234.....= .Ed .Sh FILES .Bl -tag -width Ds -compact -.It ~/.hushlogin +.It Pa ~/.hushlogin This file is used to suppress printing the last login time and .Pa /etc/motd , if @@ -763,7 +763,7 @@ are enabled. It does not suppress printing of the banner specified by .Cm Banner . .Pp -.It ~/.rhosts +.It Pa ~/.rhosts This file is used for host-based authentication (see .Xr ssh 1 for more information). @@ -778,20 +778,20 @@ The recommended permission for most machines is read/write for the user, and not accessible by others. .Pp -.It ~/.shosts +.It Pa ~/.shosts This file is used in exactly the same way as .Pa .rhosts , but allows host-based authentication without permitting login with rlogin/rsh. .Pp -.It ~/.ssh/ +.It Pa ~/.ssh/ This directory is the default location for all user-specific configuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user, and not accessible by others. .Pp -.It ~/.ssh/authorized_keys +.It Pa ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described above. The content of the file is not highly sensitive, but the recommended @@ -809,7 +809,7 @@ will not allow it to be used unless the option has been set to .Dq no . .Pp -.It ~/.ssh/environment +.It Pa ~/.ssh/environment This file is read into the environment at login (if it exists). It can only contain empty lines, comment lines (that start with .Ql # ) , @@ -821,40 +821,40 @@ controlled via the .Cm PermitUserEnvironment option. .Pp -.It ~/.ssh/known_hosts +.It Pa ~/.ssh/known_hosts Contains a list of host keys for all hosts the user has logged into that are not already in the systemwide list of known host keys. The format of this file is described above. This file should be writable only by root/the owner and can, but need not be, world-readable. .Pp -.It ~/.ssh/rc +.It Pa ~/.ssh/rc Contains initialization routines to be run before the user's home directory becomes accessible. This file should be writable only by the user, and need not be readable by anyone else. .Pp -.It /etc/hosts.allow -.It /etc/hosts.deny +.It Pa /etc/hosts.allow +.It Pa /etc/hosts.deny Access controls that should be enforced by tcp-wrappers are defined here. Further details are described in .Xr hosts_access 5 . .Pp -.It /etc/hosts.equiv +.It Pa /etc/hosts.equiv This file is for host-based authentication (see .Xr ssh 1 ) . It should only be writable by root. .Pp -.It /etc/moduli +.It Pa /etc/moduli Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". The file format is described in .Xr moduli 5 . .Pp -.It /etc/motd +.It Pa /etc/motd See .Xr motd 5 . .Pp -.It /etc/nologin +.It Pa /etc/nologin If this file exists, .Nm refuses to let anyone except root log in. @@ -863,15 +863,15 @@ are displayed to anyone trying to log in, and non-root connections are refused. The file should be world-readable. .Pp -.It /etc/shosts.equiv +.It Pa /etc/shosts.equiv This file is used in exactly the same way as .Pa hosts.equiv , but allows host-based authentication without permitting login with rlogin/rsh. .Pp -.It /etc/ssh/ssh_host_key -.It /etc/ssh/ssh_host_dsa_key -.It /etc/ssh/ssh_host_rsa_key +.It Pa /etc/ssh/ssh_host_key +.It Pa /etc/ssh/ssh_host_dsa_key +.It Pa /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not accessible to others. @@ -879,9 +879,9 @@ Note that .Nm does not start if these files are group/world-accessible. .Pp -.It /etc/ssh/ssh_host_key.pub -.It /etc/ssh/ssh_host_dsa_key.pub -.It /etc/ssh/ssh_host_rsa_key.pub +.It Pa /etc/ssh/ssh_host_key.pub +.It Pa /etc/ssh/ssh_host_dsa_key.pub +.It Pa /etc/ssh/ssh_host_rsa_key.pub These three files contain the public parts of the host keys. These files should be world-readable but writable only by root. @@ -892,7 +892,7 @@ the user so their contents can be copied to known hosts files. These files are created using .Xr ssh-keygen 1 . .Pp -.It /etc/ssh/ssh_known_hosts +.It Pa /etc/ssh/ssh_known_hosts Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the @@ -901,20 +901,20 @@ The format of this file is described above. This file should be writable only by root/the owner and should be world-readable. .Pp -.It /etc/ssh/sshd_config +.It Pa /etc/ssh/sshd_config Contains configuration data for .Nm sshd . The file format and configuration options are described in .Xr sshd_config 5 . .Pp -.It /etc/ssh/sshrc +.It Pa /etc/ssh/sshrc Similar to .Pa ~/.ssh/rc , it can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. .Pp -.It /var/empty +.It Pa /var/empty .Xr chroot 2 directory used by .Nm @@ -922,7 +922,7 @@ during privilege separation in the pre-authentication phase. The directory should not contain any files and must be owned by root and not group or world-writable. .Pp -.It /var/run/sshd.pid +.It Pa /var/run/sshd.pid Contains the process ID of the .Nm listening for connections (if there are several daemons running