Commit Graph

89 Commits

Author SHA1 Message Date
jmc@openbsd.org
261571ddf0 upstream: tweak previous; ok markus
OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd
2020-05-01 13:13:29 +10:00
markus@openbsd.org
ea14103ce9 upstream: run the 2nd ssh with BatchMode for scp -3
OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748
2020-05-01 13:13:29 +10:00
jmc@openbsd.org
483cc723d1 upstream: tweak the Nd lines for a bit of consistency; ok markus
OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16
2019-12-11 19:08:22 +11:00
jmc@openbsd.org
7349149da1 upstream: Hostname->HostName cleanup; from lauri tirkkonen ok
dtucker

OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4
2019-06-14 13:01:28 +10:00
djm@openbsd.org
391ffc4b9d upstream: check in scp client that filenames sent during
remote->local directory copies satisfy the wildcard specified by the user.

This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
files due to differences between client and server wildcard expansion rules.

For this reason, this also adds a new -T flag to disable the check.

reported by Harry Sintonen
fix approach suggested by markus@;
has been in snaps for ~1wk courtesy deraadt@

OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
2019-01-27 09:42:39 +11:00
jmc@openbsd.org
fd8eb1383a upstream: tweak previous;
OpenBSD-Commit-ID: d2a80e389da8e7ed71978643d8cbaa8605b597a8
2019-01-22 22:42:01 +11:00
tb@openbsd.org
68e924d547 upstream: Forgot to add -J to the synopsis.
OpenBSD-Commit-ID: 26d95e409a0b72526526fc56ca1caca5cc3d3c5e
2019-01-22 22:42:01 +11:00
tb@openbsd.org
622dedf1a8 upstream: Add a -J option as a shortcut for -o Proxyjump= to scp(1)
and sftp(1) to match ssh(1)'s interface.

ok djm

OpenBSD-Commit-ID: a75bc2d5f329caa7229a7e9fe346c4f41c2663fc
2019-01-22 22:42:01 +11:00
jmc@openbsd.org
e6933a2ffa upstream: reorder CASignatureAlgorithms, and add them to the
various -o lists; ok djm

OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
2018-09-21 09:41:10 +10:00
dtucker@openbsd.org
95d41e90ea upstream: Deprecate UsePrivilegedPort now that support for running
ssh(1) setuid has been removed, remove supporting code and clean up
references to it in the man pages

We have not shipped ssh(1) the setuid bit since 2002.  If ayone
really needs to make connections from a low port number this can
be implemented via a small setuid ProxyCommand.

ok markus@ jmc@ djm@

OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
2018-07-19 21:44:21 +10:00
jmc@openbsd.org
acf4260f09 upstream: sort previous;
OpenBSD-Commit-ID: 27d80d8b8ca99bc33971dee905e8ffd0053ec411
2018-06-11 09:50:06 +10:00
djm@openbsd.org
7082bb58a2 upstream: add a SetEnv directive to ssh_config that allows setting
environment variables for the remote session (subject to the server accepting
them)

refactor SendEnv to remove the arbitrary limit of variable names.

ok markus@

OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
2018-06-09 13:11:00 +10:00
jmc@openbsd.org
7d330a1ac0 upstream: some cleanup for BindInterface and ssh-keyscan;
OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c
2018-02-26 11:32:29 +11:00
jmc@openbsd.org@openbsd.org
0b2e2896b9 upstream commit
tweak the uri text, specifically removing some markup to
make it a bit more readable;

issue reported by - and diff ok - millert

OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f
2017-10-31 09:08:50 +11:00
millert@openbsd.org
887669ef03 upstream commit
Add URI support to ssh, sftp and scp.  For example
ssh://user@host or sftp://user@host/path.  The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type.  OK djm@

Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2017-10-23 16:10:08 +11:00
naddy@openbsd.org
9a82e24b98 upstream commit
restore mistakenly deleted description of the
ConnectionAttempts option ok markus@

Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348
2017-05-08 09:18:27 +10:00
jmc@openbsd.org
d852603214 upstream commit
remove now obsolete protocol1 options from the -o
lists;

Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd
2017-05-08 09:18:04 +10:00
djm@openbsd.org
a3710d5d52 upstream commit
exterminate the -1 flag from scp

ok markus@

Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db
2017-05-01 10:05:05 +10:00
jmc@openbsd.org
e4eb7d9109 upstream commit
- add proxyjump to the options list - formatting fixes -
update usage()

ok djm

Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457
2016-07-17 14:21:09 +10:00
jmc@openbsd.org
772e6cec0e upstream commit
sort the -o list;

Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac
2016-07-08 13:46:59 +10:00
markus@openbsd.org
75e21688f5 upstream commit
add IdentityAgent; noticed & ok jmc@

Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a
2016-05-19 17:48:36 +10:00
jmc@openbsd.org
c5f7c0843c upstream commit
some certificatefile tweaks; ok djm

Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0
2015-10-06 12:21:55 +11:00
markus@openbsd.org
3a1638dda1 upstream commit
Turn off DSA by default; add HostKeyAlgorithms to the
 server and PubkeyAcceptedKeyTypes to the client side, so it still can be
 tested or turned back on; feedback and ok djm@

Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
2015-07-15 15:38:02 +10:00
djm@openbsd.org
46347ed596 upstream commit
Add a ssh_config HostbasedKeyType option to control which
 host public key types are tried during hostbased authentication.

This may be used to prevent too many keys being sent to the server,
and blowing past its MaxAuthTries limit.

bz#2211 based on patch by Iain Morgan; ok markus@
2015-01-30 22:47:01 +11:00
jmc@openbsd.org
9f7637f56e upstream commit
sort previous;
2015-01-27 23:02:44 +11:00
djm@openbsd.org
1d1092bff8 upstream commit
correct description of UpdateHostKeys in ssh_config.5 and
 add it to -o lists for ssh, scp and sftp; pointed out by jmc@
2015-01-27 00:00:58 +11:00
schwarze@openbsd.org
369d61f176 upstream commit
garbage collect empty .No macros mandoc warns about
2015-01-20 00:18:44 +11:00
Damien Miller
6e1777f592 - tedu@cvs.openbsd.org 2014/03/19 14:42:44
[scp.1]
     there is no need for rcp anymore
     ok deraadt millert
2014-04-20 13:02:58 +10:00
Damien Miller
c0049bd0bc - djm@cvs.openbsd.org 2013/10/20 09:51:26
[scp.1 sftp.1]
     add canonicalisation options to -o lists
2013-10-23 16:29:59 +11:00
Damien Miller
b7727df37e - jmc@cvs.openbsd.org 2013/08/14 08:39:27
[scp.1 ssh.1]
     some Bx/Ox conversion;
     From: Jan Stary
2013-08-21 02:43:49 +10:00
Damien Miller
bf836e535d - schwarze@cvs.openbsd.org 2013/07/16 00:07:52
[scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
     use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
2013-07-18 16:14:13 +10:00
Damien Miller
e029673f1f - jmc@cvs.openbsd.org 2011/09/05 07:01:44
[scp.1]
     knock out a useless Ns;
2011-09-22 21:34:56 +10:00
Damien Miller
e577772a89 - djm@cvs.openbsd.org 2011/09/05 05:56:13
[scp.1 sftp.1]
     mention ControlPersist and KbdInteractiveAuthentication in the -o
     verbiage in these pages too (prompted by jmc@)
2011-09-22 21:34:15 +10:00
Damien Miller
907998df72 - jmc@cvs.openbsd.org 2010/12/09 14:13:33
[scp.1 scp.c]
     scp.1: grammer fix
     scp.c: add -3 to usage()
2011-01-06 22:41:21 +11:00
Damien Miller
f12114366b - markus@cvs.openbsd.org 2010/12/08 22:46:03
[scp.1 scp.c]
     add a new -3 option to scp: Copies between two remote hosts are
     transferred through the local host.  Without this option the data
     is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
2011-01-06 22:40:30 +11:00
Damien Miller
0a1847347d - jmc@cvs.openbsd.org 2010/11/18 15:01:00
[scp.1 sftp.1 ssh.1 sshd_config.5]
     add IPQoS to the various -o lists, and zap some trailing whitespace;
2010-11-20 15:21:03 +11:00
Damien Miller
55fa56505b - jmc@cvs.openbsd.org 2010/10/28 18:33:28
[scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     knock out some "-*- nroff -*-" lines;
2010-11-05 10:20:14 +11:00
Damien Miller
2beb32f290 - jmc@cvs.openbsd.org 2010/09/23 13:36:46
[scp.1 sftp.1]
     add KexAlgorithms to the -o list;
2010-09-24 22:16:03 +10:00
Damien Miller
390f1532f2 - jmc@cvs.openbsd.org 2010/09/03 11:09:29
[scp.1]
     add an EXIT STATUS section for /usr/bin;
2010-09-10 11:17:54 +10:00
Damien Miller
7ea845e48d - markus@cvs.openbsd.org 2010/02/08 10:50:20
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
     replace our obsolete smartcard code with PKCS#11.
        ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
     ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
     provider (shared library) while ssh-agent(1) delegates PKCS#11 to
     a forked a ssh-pkcs11-helper process.
     PKCS#11 is currently a compile time option.
     feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
2010-02-12 09:21:02 +11:00
Darren Tucker
7bd98e7f74 - dtucker@cvs.openbsd.org 2010/01/09 23:04:13
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
     ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
     readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
     Remove RoutingDomain from ssh since it's now not needed.  It can be
     replaced with "route exec" or "nc -V" as a proxycommand.  "route exec"
     also ensures that trafic such as DNS lookups stays withing the specified
     routingdomain.  For example (from reyk):
     # route -T 2 exec /usr/sbin/sshd
     or inherited from the parent process
     $ route -T 2 exec sh
     $ ssh 10.1.2.3
     ok deraadt@ markus@ stevesk@ reyk@
2010-01-10 10:31:12 +11:00
Darren Tucker
535b5e1721 - stevesk@cvs.openbsd.org 2009/12/29 16:38:41
[sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1]
     Rename RDomain config option to RoutingDomain to be more clear and
     consistent with other options.
     NOTE: if you currently use RDomain in the ssh client or server config,
     or ssh/sshd -o, you must update to use RoutingDomain.
     ok markus@ djm@
2010-01-08 18:56:48 +11:00
Darren Tucker
34e314da1b - reyk@cvs.openbsd.org 2009/10/28 16:38:18
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
     channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
     sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
     Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
     ok markus@
2010-01-08 17:03:46 +11:00
Damien Miller
a034baf1b9 - djm@cvs.openbsd.org 2008/07/12 05:33:41
[scp.1]
     better description for -i flag:
     s/RSA authentication/public key authentication/
2008-07-12 17:12:49 +10:00
Darren Tucker
87d5e0976c Remove extra tag 2008-06-16 23:27:34 +10:00
Damien Miller
c7ce0da3b0 - dtucker@cvs.openbsd.org 2008/06/14 19:42:10
[scp.1]
     Mention that scp follows symlinks during -r.  bz #1466,
     from nectar at apple
2008-06-16 07:55:06 +10:00
Damien Miller
b508faa006 - jmc@cvs.openbsd.org 2008/01/31 20:06:50
[scp.1]
     explain how to handle local file names containing colons;
     requested by Tamas TEVESZ
     ok dtucker
2008-02-10 22:28:45 +11:00
Damien Miller
4cd24c7e6a - djm@cvs.openbsd.org 2008/01/19 19:25:50
[scp.1]
     scp -q implies ssh -q for the underlying connection, it doesn't just
     hush the progress meter
2008-02-10 22:22:29 +11:00
Damien Miller
647d97b1ab - sobrado@cvs.openbsd.org 2007/08/06 19:16:06
[scp.1 scp.c]
     the ellipsis is not an optional argument; while here, sync the usage
     and synopsis of commands
     lots of good ideas by jmc@
     ok jmc@
2007-08-08 14:29:58 +10:00
Darren Tucker
aa4d5eda10 - jmc@cvs.openbsd.org 2007/05/31 19:20:16
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
     ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
     convert to new .Dd format;
     (We will need to teach mdoc2man.awk to understand this too.)
2007-06-05 18:27:13 +10:00