Commit Graph

251 Commits

Author SHA1 Message Date
Damien Miller
295ee63ab2 - djm@cvs.openbsd.org 2011/05/24 07:15:47
[readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
     Remove undocumented legacy options UserKnownHostsFile2 and
     GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
     accept multiple paths per line and making their defaults include
     known_hosts2; ok markus
2011-05-29 21:42:31 +10:00
Damien Miller
486dd2eadb - jmc@cvs.openbsd.org 2011/05/07 23:19:39
[ssh_config.5]
     - tweak previous
     - come consistency fixes

     ok djm
2011-05-15 08:47:18 +10:00
Damien Miller
21771e22d3 - djm@cvs.openbsd.org 2011/05/06 21:34:32
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
     Add a RequestTTY ssh_config option to allow configuration-based
     control over tty allocation (like -t/-T); ok markus@
2011-05-15 08:45:50 +10:00
Damien Miller
fe92421772 - djm@cvs.openbsd.org 2011/05/06 21:31:38
[readconf.c ssh_config.5]
     support negated Host matching, e.g.

     Host *.example.org !c.example.org
        User mekmitasdigoat

     Will match "a.example.org", "b.example.org", but not "c.example.org"
     ok markus@
2011-05-15 08:44:45 +10:00
Damien Miller
dfc85fa181 - djm@cvs.openbsd.org 2011/05/06 21:18:02
[ssh.c ssh_config.5]
     add a %L expansion (short-form of the local host name) for ControlPath;
     sync some more expansions with LocalCommand; ok markus@
2011-05-15 08:44:02 +10:00
Damien Miller
928362dc03 - djm@cvs.openbsd.org 2010/12/08 04:02:47
[ssh_config.5 sshd_config.5]
     explain that IPQoS arguments are separated by whitespace; iirc requested
     by jmc@ a while back
2010-12-26 14:26:45 +11:00
Damien Miller
d925dcd8a5 - djm@cvs.openbsd.org 2010/11/29 23:45:51
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
     [sshconnect.h sshconnect2.c]
     automatically order the hostkeys requested by the client based on
     which hostkeys are already recorded in known_hosts. This avoids
     hostkey warnings when connecting to servers with new ECDSA keys
     that are preferred by default; with markus@
2010-12-01 12:21:51 +11:00
Damien Miller
8e1ea4e5a3 - jmc@cvs.openbsd.org 2010/11/15 07:40:14
[ssh_config.5]
     libary -> library;
2010-11-20 15:20:10 +11:00
Damien Miller
0dac6fb6b2 - djm@cvs.openbsd.org 2010/11/13 23:27:51
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
     [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
     allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
     hardcoding lowdelay/throughput.

     bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-11-20 15:19:38 +11:00
Damien Miller
55fa56505b - jmc@cvs.openbsd.org 2010/10/28 18:33:28
[scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     knock out some "-*- nroff -*-" lines;
2010-11-05 10:20:14 +11:00
Damien Miller
7fe2b1fec3 - jmc@cvs.openbsd.org 2010/09/22 08:30:08
[ssh.1 ssh_config.5]
     ssh.1: add kexalgorithms to the -o list
     ssh_config.5: format the kexalgorithms in a more consistent
     (prettier!) way
     ok djm
2010-09-24 22:11:53 +10:00
Damien Miller
d5f62bf280 - djm@cvs.openbsd.org 2010/09/22 05:01:30
[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
     [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
     add a KexAlgorithms knob to the client and server configuration to allow
     selection of which key exchange methods are used by ssh(1) and sshd(8)
     and their order of preference.
     ok markus@
2010-09-24 22:11:14 +10:00
Damien Miller
eb8b60e320 - djm@cvs.openbsd.org 2010/08/31 11:54:45
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
     [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
     [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
     [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
     [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
     [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
     [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
     Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
     host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
     better performance than plain DH and DSA at the same equivalent symmetric
     key length, as well as much shorter keys.

     Only the mandatory sections of RFC5656 are implemented, specifically the
     three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
     ECDSA. Point compression (optional in RFC5656 is NOT implemented).

     Certificate host and user keys using the new ECDSA key types are supported.

     Note that this code has not been tested for interoperability and may be
     subject to change.

     feedback and ok markus@
2010-08-31 22:41:14 +10:00
Damien Miller
7fa96602e5 - djm@cvs.openbsd.org 2010/08/04 05:37:01
[ssh.1 ssh_config.5 sshd.8]
     Remove mentions of weird "addr/port" alternate address format for IPv6
     addresses combinations. It hasn't worked for ages and we have supported
     the more commen "[addr]:port" format for a long time. ok jmc@ markus@
2010-08-05 13:03:13 +10:00
Damien Miller
e11e1ea5d4 - djm@cvs.openbsd.org 2010/07/19 09:15:12
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
     add a "ControlPersist" option that automatically starts a background
     ssh(1) multiplex master when connecting. This connection can stay alive
     indefinitely, or can be set to automatically close after a user-specified
     duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
     further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
     martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
2010-08-03 16:04:46 +10:00
Damien Miller
d0244d498b - djm@cvs.openbsd.org 2010/07/12 22:41:13
[ssh.c ssh_config.5]
     expand %h to the hostname in ssh_config Hostname options. While this
     sounds useless, it is actually handy for working with unqualified
     hostnames:

     Host *.*
        Hostname %h
     Host *
        Hostname %h.example.org

     "I like it" markus@
2010-07-16 13:56:43 +10:00
Damien Miller
cede1dbc55 - jmc@cvs.openbsd.org 2010/06/26 00:57:07
[ssh_config.5]
     tweak previous;
2010-07-02 13:33:48 +10:00
Damien Miller
1ab6a51f9b - djm@cvs.openbsd.org 2010/06/25 23:10:30
[ssh.c]
     log the hostname and address that we connected to at LogLevel=verbose
     after authentication is successful to mitigate "phishing" attacks by
     servers with trusted keys that accept authentication silently and
     automatically before presenting fake password/passphrase prompts;
     "nice!" markus@
2010-06-26 10:02:24 +10:00
Damien Miller
c4eddee1b7 - OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2010/04/16 06:45:01
     [ssh_config.5]
     tweak previous; ok djm
2010-04-18 08:07:43 +10:00
Damien Miller
b1b17047e3 - djm@cvs.openbsd.org 2010/04/14 22:27:42
[ssh_config.5 sshconnect.c]
     expand %r => remote username in ssh_config:ProxyCommand;
     ok deraadt markus
2010-04-16 15:54:19 +10:00
Damien Miller
544378da56 - jmc@cvs.openbsd.org 2010/03/27 14:26:55
[ssh_config.5]
     tweak previous; ok dtucker
2010-04-16 15:52:24 +10:00
Darren Tucker
ce3754bbf3 - dtucker@cvs.openbsd.org 2010/03/26 01:06:13
[ssh_config.5]
     Reformat default value of PreferredAuthentications entry (current
     formatting implies ", " is acceptable as a separator, which it's not.
     ok djm@
2010-03-26 12:09:13 +11:00
Damien Miller
5059d8d7e6 - djm@cvs.openbsd.org 2010/03/05 10:28:21
[ssh-add.1 ssh.1 ssh_config.5]
     mention loading of certificate files from [private]-cert.pub when
     they are present; feedback and ok jmc@
2010-03-05 21:31:11 +11:00
Damien Miller
a761844455 - markus@cvs.openbsd.org 2010/02/10 23:20:38
[ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5]
     pkcs#11 is no longer optional; improve wording; ok jmc@
2010-02-12 09:26:02 +11:00
Damien Miller
7ea845e48d - markus@cvs.openbsd.org 2010/02/08 10:50:20
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
     replace our obsolete smartcard code with PKCS#11.
        ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
     ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
     provider (shared library) while ssh-agent(1) delegates PKCS#11 to
     a forked a ssh-pkcs11-helper process.
     PKCS#11 is currently a compile time option.
     feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
2010-02-12 09:21:02 +11:00
Darren Tucker
7bd98e7f74 - dtucker@cvs.openbsd.org 2010/01/09 23:04:13
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
     ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
     readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
     Remove RoutingDomain from ssh since it's now not needed.  It can be
     replaced with "route exec" or "nc -V" as a proxycommand.  "route exec"
     also ensures that trafic such as DNS lookups stays withing the specified
     routingdomain.  For example (from reyk):
     # route -T 2 exec /usr/sbin/sshd
     or inherited from the parent process
     $ route -T 2 exec sh
     $ ssh 10.1.2.3
     ok deraadt@ markus@ stevesk@ reyk@
2010-01-10 10:31:12 +11:00
Darren Tucker
98e5d9a0d3 - jmc@cvs.openbsd.org 2009/12/29 18:03:32
[sshd_config.5 ssh_config.5]
     sort previous;
2010-01-08 18:57:39 +11:00
Darren Tucker
535b5e1721 - stevesk@cvs.openbsd.org 2009/12/29 16:38:41
[sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1]
     Rename RDomain config option to RoutingDomain to be more clear and
     consistent with other options.
     NOTE: if you currently use RDomain in the ssh client or server config,
     or ssh/sshd -o, you must update to use RoutingDomain.
     ok markus@ djm@
2010-01-08 18:56:48 +11:00
Darren Tucker
78be8c54d6 - djm@cvs.openbsd.org 2009/11/10 02:56:22
[ssh_config.5]
     explain the constraints on LocalCommand some more so people don't
     try to abuse it.
2010-01-08 17:05:59 +11:00
Darren Tucker
34e314da1b - reyk@cvs.openbsd.org 2009/10/28 16:38:18
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
     channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
     sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
     Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
     ok markus@
2010-01-08 17:03:46 +11:00
Darren Tucker
7a4a76579e - jmc@cvs.openbsd.org 2009/10/08 20:42:12
[sshd_config.5 ssh_config.5 sshd.8 ssh.1]
     some tweaks now that protocol 1 is not offered by default; ok markus
2009-10-11 21:51:40 +11:00
Darren Tucker
bad5076bb5 - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2009/10/08 14:03:41
     [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
     disable protocol 1 by default (after a transition period of about 10 years)
     ok deraadt
2009-10-11 21:51:08 +11:00
Damien Miller
1991384764 - djm@cvs.openbsd.org 2009/02/22 23:50:57
[ssh_config.5 sshd_config.5]
     don't advertise experimental options
2009-02-23 10:53:58 +11:00
Damien Miller
e379e10837 - jmc@cvs.openbsd.org 2009/02/12 07:34:20
[ssh_config.5]
     kill trailing whitespace;
2009-02-14 16:34:39 +11:00
Damien Miller
85c6d8a991 - djm@cvs.openbsd.org 2009/02/12 03:46:17
[ssh_config.5]
     document RemoteForward usage with 0 listen port
2009-02-14 16:34:21 +11:00
Damien Miller
9aa72ba57a - naddy@cvs.openbsd.org 2009/01/24 17:10:22
[ssh_config.5 sshd_config.5]
     sync list of preferred ciphers; ok djm@
2009-01-28 16:34:00 +11:00
Damien Miller
01ed2272a1 - djm@cvs.openbsd.org 2008/11/04 08:22:13
[auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
     [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
     [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
     [Makefile.in]
     Add support for an experimental zero-knowledge password authentication
     method using the J-PAKE protocol described in F. Hao, P. Ryan,
     "Password Authenticated Key Exchange by Juggling", 16th Workshop on
     Security Protocols, Cambridge, April 2008.

     This method allows password-based authentication without exposing
     the password to the server. Instead, the client and server exchange
     cryptographic proofs to demonstrate of knowledge of the password while
     revealing nothing useful to an attacker or compromised endpoint.

     This is experimental, work-in-progress code and is presently
     compiled-time disabled (turn on -DJPAKE in Makefile.inc).

     "just commit it.  It isn't too intrusive." deraadt@
2008-11-05 16:20:46 +11:00
Damien Miller
a414cd3b19 - stevesk@cvs.openbsd.org 2008/10/17 18:36:24
[ssh_config.5]
     correct and clarify VisualHostKey; ok jmc@
2008-11-03 19:25:21 +11:00
Damien Miller
de7532e1d4 - stevesk@cvs.openbsd.org 2008/10/10 16:43:27
[ssh_config.5]
     use 'Privileged ports can be forwarded only when logging in as root on
     the remote machine.' for RemoteForward just like ssh.1 -R.
     ok djm@ jmc@
2008-11-03 19:24:45 +11:00
Damien Miller
fa51b1626c - krw@cvs.openbsd.org 2008/08/02 04:29:51
[ssh_config.5]
     whitepsace -> whitespace. From Matthew Clarke via bugs@.
2008-11-03 19:17:33 +11:00
Damien Miller
1028824e5c - grunk@cvs.openbsd.org 2008/06/26 11:46:31
[readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
     Move SSH Fingerprint Visualization away from sharing the config option
     CheckHostIP to an own config option named VisualHostKey.
     While there, fix the behaviour that ssh would draw a random art picture
     on every newly seen host even when the option was not enabled.
     prodded by deraadt@, discussions,
     help and ok markus@ djm@ dtucker@
2008-06-30 00:04:03 +10:00
Darren Tucker
f09e825329 - jmc@cvs.openbsd.org 2008/06/12 19:10:09
[ssh_config.5 ssh-keygen.1]
     tweak the ascii art text; ok grunk
2008-06-13 05:18:03 +10:00
Darren Tucker
f6b01b758f - dtucker@cvs.openbsd.org 2008/06/12 16:35:31
[ssh_config.5 ssh.c]
     keyword expansion for localcommand.  ok djm@
2008-06-13 04:56:37 +10:00
Darren Tucker
dcc1ab5483 - grunk@cvs.openbsd.org 2008/06/11 23:03:56
[ssh_config.5]
     CheckHostIP set to ``fingerprint'' will display both hex and random art
     spotted by naddy@
2008-06-13 04:44:25 +10:00
Darren Tucker
9c16ac9263 - grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
      sshconnect.c]
     Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
     graphical hash visualization schemes known as "random art", and by
     Dan Kaminsky's musings on the subject during a BlackOp talk at the
     23C3 in Berlin.
     Scientific publication (original paper):
     "Hash Visualization: a New Technique to improve Real-World Security",
     Perrig A. and Song D., 1999, International Workshop on Cryptographic
     Techniques and E-Commerce (CrypTEC '99)
     http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
     The algorithm used here is a worm crawling over a discrete plane,
     leaving a trace (augmenting the field) everywhere it goes.
     Movement is taken from dgst_raw 2bit-wise.  Bumping into walls
     makes the respective movement vector be ignored for this turn,
     thus switching to the other color of the chessboard.
     Graphs are not unambiguous for now, because circles in graphs can be
     walked in either direction.
     discussions with several people,
     help, corrections and ok markus@ djm@
2008-06-13 04:40:35 +10:00
Darren Tucker
c9807e825a - dtucker@cvs.openbsd.org 2008/06/10 18:21:24
[ssh_config.5]
     clarify that Host patterns are space-separated.  ok deraadt
2008-06-11 09:33:01 +10:00
Darren Tucker
63b31cb943 - jmc@cvs.openbsd.org 2007/10/29 07:48:19
[ssh_config.5]
     clean up after previous macro removal;
2007-12-02 23:09:30 +11:00
Darren Tucker
a93cadd3d4 - dtucker@cvs.openbsd.org 2007/10/29 06:51:59
[ssh_config.5]
     ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@
2007-12-02 23:05:09 +11:00
Damien Miller
cfb606cd5f - djm@cvs.openbsd.org 2007/09/21 03:05:23
[ssh_config.5]
     document KbdInteractiveAuthentication in ssh_config.5;
     patch from dkg AT fifthhorseman.net
2007-10-26 14:24:48 +10:00
Darren Tucker
fc5d188b34 - stevesk@cvs.openbsd.org 2007/08/15 12:13:41
[ssh_config.5]
     tun device forwarding now honours ExitOnForwardFailure; ok markus@
2007-08-15 22:20:22 +10:00
Damien Miller
5e7c30bdf1 - jmc@cvs.openbsd.org 2007/06/08 07:43:46
[ssh_config.5]
     put the MAC list into a display, like we do for ciphers,
     since groff has trouble handling wide lines;
2007-06-11 14:06:32 +10:00
Damien Miller
e45796f7b4 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
     [ssh_config.5 sshd.8 sshd_config.5]
     Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
     must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
     compared to hmac-md5. Represents a different approach to message
     authentication to that of HMAC that may be beneficial if HMAC based on
     one of its underlying hash algorithms is found to be vulnerable to a
     new attack.  http://www.ietf.org/rfc/rfc4418.txt
     in conjunction with and OK djm@
2007-06-11 14:01:42 +10:00
Darren Tucker
aa4d5eda10 - jmc@cvs.openbsd.org 2007/05/31 19:20:16
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
     ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
     convert to new .Dd format;
     (We will need to teach mdoc2man.awk to understand this too.)
2007-06-05 18:27:13 +10:00
Darren Tucker
bf6b328f27 - jmc@cvs.openbsd.org 2007/01/10 13:23:22
[ssh_config.5]
     do not use a list for SYNOPSIS;
     this is actually part of a larger report sent by eric s. raymond
     and forwarded by brad, but i only read half of it. spotted by brad.
2007-02-19 22:08:17 +11:00
Damien Miller
858bb7dc7c - jmc@cvs.openbsd.org 2006/07/27 08:00:50
[ssh_config.5]
     avoid confusing wording in HashKnownHosts:
     originally spotted by alan amesbury;
     ok deraadt
2006-08-05 11:34:51 +10:00
Darren Tucker
e7d4b19f75 - markus@cvs.openbsd.org 2006/07/11 18:50:48
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
     channels.h readconf.c]
     add ExitOnForwardFailure: terminate the connection if ssh(1)
     cannot set up all requested dynamic, local, and remote port
     forwardings. ok djm, dtucker, stevesk, jmc
2006-07-12 22:17:10 +10:00
Damien Miller
991dba43e1 - stevesk@cvs.openbsd.org 2006/07/02 17:12:58
[ssh.1 ssh.c ssh_config.5 sshd_config.5]
     more details and clarity for tun(4) device forwarding; ok and help
     jmc@
2006-07-10 20:16:27 +10:00
Damien Miller
3c6ed7bbd5 - jmc@cvs.openbsd.org 2006/05/29 16:10:03
[ssh_config.5]
     oops - previous was too long; split the list of auths up
2006-06-13 13:01:41 +10:00
Damien Miller
658f945538 - dtucker@cvs.openbsd.org 2006/05/29 12:54:08
[ssh_config.5]
     Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
2006-06-13 13:00:55 +10:00
Damien Miller
dfc6183f13 - djm@cvs.openbsd.org 2006/03/31 09:13:56
[ssh_config.5]
     remote user escape is %r not %h; spotted by jmc@
2006-03-31 23:14:57 +11:00
Damien Miller
c6437cf00a - jmc@cvs.openbsd.org 2006/03/31 09:09:30
[ssh_config.5]
     kill trailing whitespace;
2006-03-31 23:14:41 +11:00
Damien Miller
6b1d53c2b0 - djm@cvs.openbsd.org 2006/03/30 10:41:25
[ssh.c ssh_config.5]
     add percent escape chars to the IdentityFile option, bz #1159 based
     on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
2006-03-31 23:13:21 +11:00
Damien Miller
cc3e8ba3c2 - markus@cvs.openbsd.org 2006/03/14 16:32:48
[ssh_config.5 sshd_config.5]
     *AliveCountMax applies to protcol v2 only; ok dtucker, djm
2006-03-15 12:06:55 +11:00
Damien Miller
306d118f72 - dtucker@cvs.openbsd.org 2006/03/13 10:14:29
[misc.c ssh_config.5 sshd_config.5]
     Allow config directives to contain whitespace by surrounding them by double
     quotes.  mindrot #482, man page help from jmc@, ok djm@
2006-03-15 12:05:59 +11:00
Damien Miller
4aea974a1d - jmc@cvs.openbsd.org 2006/02/26 18:03:10
[ssh_config.5]
     comma;
2006-03-15 11:59:39 +11:00
Damien Miller
b5282c2f06 - jmc@cvs.openbsd.org 2006/02/26 17:17:18
[ssh_config.5]
     move PATTERNS to the end of the main body; requested by dtucker
2006-03-15 11:59:08 +11:00
Damien Miller
9cfbaecb64 - jmc@cvs.openbsd.org 2006/02/25 12:26:17
[ssh_config.5]
     document the possible values for KbdInteractiveDevices;
2006-03-15 11:57:55 +11:00
Damien Miller
45ee2b91e6 - jmc@cvs.openbsd.org 2006/02/24 23:20:07
[ssh_config.5]
     some grammar/wording fixes;
2006-03-15 11:56:18 +11:00
Damien Miller
208f1ed6f1 - jmc@cvs.openbsd.org 2006/02/24 20:31:31
[ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     more consistency fixes;
2006-03-15 11:56:03 +11:00
Damien Miller
1faa713323 - jmc@cvs.openbsd.org 2006/02/24 20:22:16
[ssh-keysign.8 ssh_config.5 sshd_config.5]
     some consistency fixes;
2006-03-15 11:55:31 +11:00
Damien Miller
f54a4b9da5 - jmc@cvs.openbsd.org 2006/02/24 10:37:07
[ssh_config.5]
     tidy up the refs to PATTERNS;
2006-03-15 11:54:36 +11:00
Damien Miller
6def55171f - jmc@cvs.openbsd.org 2006/02/24 10:25:14
[ssh_config.5]
     add section on patterns;
     from dtucker + myself
2006-03-15 11:54:05 +11:00
Damien Miller
5c853b531f - jmc@cvs.openbsd.org 2006/02/19 20:12:25
[ssh_config.5]
     add some vertical space;
2006-03-15 11:37:02 +11:00
Damien Miller
20c2ec48c3 - jmc@cvs.openbsd.org 2006/02/12 10:49:44
[ssh_config.5]
     slight rewording; ok djm
2006-03-15 11:31:01 +11:00
Damien Miller
3ec54c7e58 - djm@cvs.openbsd.org 2006/02/12 06:45:34
[ssh.c ssh_config.5]
     add a %l expansion code to the ControlPath, which is filled in with the
     local hostname at runtime. Requested by henning@ to avoid some problems
     with /home on NFS; ok dtucker@
2006-03-15 11:30:13 +11:00
Damien Miller
ddfddf1ba3 - jmc@cvs.openbsd.org 2006/01/20 11:21:45
[ssh_config.5]
     - word change, agreed w/ markus
     - consistency fixes
2006-01-31 21:39:03 +11:00
Darren Tucker
62388b2b63 - dtucker@cvs.openbsd.org 2006/01/20 00:14:55
[scp.1 ssh.1 ssh_config.5 sftp.1]
     Document RekeyLimit.  Based on patch from jan.iven at cern.ch from mindrot
     #1056 with feedback from jmc, djm and markus; ok jmc@ djm@
2006-01-20 11:31:47 +11:00
Damien Miller
e9d001e02b - jmc@cvs.openbsd.org 2006/01/12 22:26:02
[ssh_config.5]
     refer to TCP forwarding, rather than TCP/IP forwarding;
2006-01-14 10:10:17 +11:00
Damien Miller
b797770da2 - (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2006/01/02 17:09:49
     [ssh_config.5 sshd_config.5]
     some corrections from michael knudsen;
2006-01-03 18:47:31 +11:00
Damien Miller
e8cd741929 - jmc@cvs.openbsd.org 2005/12/22 10:31:40
[ssh_config.5]
     put the description of "UsePrivilegedPort" in the correct place;
2005-12-24 14:55:47 +11:00
Darren Tucker
7eba820ca7 - stevesk@cvs.openbsd.org 2005/12/17 21:36:42
[ssh_config.5]
     spelling: intented -> intended
2005-12-20 16:15:14 +11:00
Darren Tucker
635518705a - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
[ssh_config.5 session.c]
     spelling: fowarding, fowarded
2005-12-20 16:14:15 +11:00
Damien Miller
7746c391b1 - jmc@cvs.openbsd.org 2005/12/08 21:37:50
[ssh_config.5]
     new sentence, new line;
2005-12-13 19:33:37 +11:00
Damien Miller
7b58e80036 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
     [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
     two changes to the new ssh tunnel support. this breaks compatibility
     with the initial commit but is required for a portable approach.
     - make the tunnel id u_int and platform friendly, use predefined types.
     - support configuration of layer 2 (ethernet) or layer 3
     (point-to-point, default) modes. configuration is done using the
     Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
     restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
     in sshd_config(5).
     ok djm@, man page bits by jmc@
2005-12-13 19:33:19 +11:00
Damien Miller
957d4e430e - jmc@cvs.openbsd.org 2005/12/08 15:06:29
[ssh_config.5]
     keep options in order;
2005-12-13 19:30:45 +11:00
Damien Miller
4b2319fb85 - jmc@cvs.openbsd.org 2005/12/08 14:59:44
[ssh.1 ssh_config.5]
     make `!command' a little clearer;
     ok reyk
2005-12-13 19:30:27 +11:00
Damien Miller
d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Damien Miller
713de76f66 - jmc@cvs.openbsd.org 2005/10/30 08:43:47
[ssh_config.5]
     remove trailing whitespace;
2005-11-05 15:13:49 +11:00
Damien Miller
b3bfbb7355 - djm@cvs.openbsd.org 2005/10/30 01:23:19
[ssh_config.5]
     mention control socket fallback behaviour, reported by
     tryponraj AT gmail.com
2005-11-05 15:11:48 +11:00
Darren Tucker
c8d6421a64 - djm@cvs.openbsd.org 2005/09/19 11:37:34
[ssh_config.5 ssh.1]
     mention ability to specify bind_address for DynamicForward and -D options;
     bz#1077 spotted by Haruyama Seigo
2005-10-03 18:13:42 +10:00
Darren Tucker
6c71d20d76 - jmc@cvs.openbsd.org 2005/07/08 12:53:10
[ssh_config.5]
     new sentence, new line;
2005-07-14 17:06:50 +10:00
Darren Tucker
89f4d47e66 - dtucker@cvs.openbsd.org 2005/07/08 10:20:41
[ssh_config.5]
     change BindAddress to match recent ssh -b change; prompted by markus@
2005-07-14 17:06:21 +10:00
Damien Miller
fd94fbaf56 - jmc@cvs.openbsd.org 2005/07/04 11:29:51
[ssh_config.5]
     fix Xr and a little grammar;
2005-07-06 09:44:59 +10:00
Damien Miller
1339002e8b - djm@cvs.openbsd.org 2005/07/04 00:58:43
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
     implement support for X11 and agent forwarding over multiplex slave
     connections. Because of protocol limitations, the slave connections inherit
     the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
     their own.
     ok dtucker@ "put it in" deraadt@
2005-07-06 09:44:19 +10:00
Damien Miller
8f74c8fc32 - djm@cvs.openbsd.org 2005/06/18 04:30:36
[ssh.c ssh_config.5]
     allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
2005-06-26 08:56:03 +10:00
Damien Miller
d14b1e731c - djm@cvs.openbsd.org 2005/06/08 11:25:09
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
     add ControlMaster=auto/autoask options to support opportunistic
     multiplexing; tested avsm@ and jakob@, ok markus@
2005-06-16 13:19:41 +10:00
Damien Miller
6476cad9bb - djm@cvs.openbsd.org 2005/06/06 11:20:36
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
     introduce a generic %foo expansion function. replace existing % expansion
     and add expansion to ControlPath; ok markus@
2005-06-16 13:18:34 +10:00
Damien Miller
3710f278ae - djm@cvs.openbsd.org 2005/05/23 23:32:46
[cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5]
     add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes;
     ok markus@
2005-05-26 12:19:17 +10:00
Damien Miller
dfec2941ac - jmc@cvs.openbsd.org 2005/05/20 11:23:32
[ssh_config.5]
     oops - article and spacing;
2005-05-26 12:14:32 +10:00
Damien Miller
ebcfedce85 - djm@cvs.openbsd.org 2005/05/20 10:50:55
[ssh_config.5]
     give a ProxyCommand example using nc(1), with and ok jmc@
2005-05-26 12:13:56 +10:00
Damien Miller
dadfd4dd38 - jakob@cvs.openbsd.org 2005/04/26 13:08:37
[ssh.c ssh_config.5]
     fallback gracefully if client cannot connect to ControlPath. ok djm@
2005-05-26 12:07:13 +10:00
Damien Miller
167ea5d026 - djm@cvs.openbsd.org 2005/04/21 06:17:50
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
     [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
     variable, so don't say that we do (bz #623); ok deraadt@
2005-05-26 12:04:02 +10:00
Darren Tucker
5ede2ad8a7 - jmc@cvs.openbsd.org 2005/03/16 11:10:38
[ssh_config.5]
     get the syntax right for {Local,Remote}Forward;
     based on a diff from markus;
     problem report from ponraj;
     ok dtucker@ markus@ deraadt@
2005-03-31 21:31:10 +10:00
Darren Tucker
1adc2bd8d7 - jmc@cvs.openbsd.org 2005/03/12 11:55:03
[ssh_config.5]
     escape `.' at eol to avoid double spacing issues;
2005-03-14 23:14:20 +11:00
Damien Miller
b096ac4674 - jmc@cvs.openbsd.org 2005/03/07 23:41:54
[ssh.1 ssh_config.5]
     more macro simplification;
2005-03-09 11:00:05 +11:00
Damien Miller
f8c5546290 - jmc@cvs.openbsd.org 2005/03/01 14:55:23
[ssh_config.5]
     do not mark up punctuation;
     whitespace;
2005-03-02 12:03:05 +11:00
Damien Miller
4b42d7f195 - djm@cvs.openbsd.org 2005/03/01 10:42:49
[ssh-keygen.1 ssh-keygen.c ssh_config.5]
     add tools for managing known_hosts files with hashed hostnames, including
     hashing existing files and deleting hosts by name; ok markus@ deraadt@
2005-03-01 21:48:35 +11:00
Damien Miller
e1776155d1 - djm@cvs.openbsd.org 2005/03/01 10:40:27
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
     [sshconnect.c sshd.8]
     add support for hashing host names and addresses added to known_hosts
     files, to improve privacy of which hosts user have been visiting; ok
     markus@ deraadt@
2005-03-01 21:47:37 +11:00
Damien Miller
f91ee4c3de - djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
     [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
     [sshd_config.5]
     bz#413: allow optional specification of bind address for port forwardings.
     Patch originally by Dan Astorian, but worked on by several people
     Adds GatewayPorts=clientspecified option on server to allow remote
     forwards to bind to client-specified ports.
2005-03-01 21:24:33 +11:00
Damien Miller
1717fd422f - djm@cvs.openbsd.org 2005/02/28 00:54:10
[ssh_config.5]
     bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
     orion AT cora.nwra.com; ok markus@
2005-03-01 21:17:31 +11:00
Darren Tucker
43d8e28763 - jmc@cvs.openbsd.org 2005/01/28 18:14:09
[ssh_config.5]
     wording;
     ok markus@
2005-02-09 09:51:08 +11:00
Darren Tucker
79a7acfebd - jmc@cvs.openbsd.org 2005/01/28 15:05:43
[ssh_config.5]
     grammar;
2005-02-09 09:48:57 +11:00
Darren Tucker
636ca90247 - djm@cvs.openbsd.org 2004/10/07 10:10:24
[scp.1 sftp.1 ssh.1 ssh_config.5]
     document KbdInteractiveDevices; ok markus@
2004-11-05 20:22:00 +11:00
Damien Miller
2234bac999 - jmc@cvs.openbsd.org 2004/06/26 09:11:14
[ssh_config.5]
     punctuation and grammar fixes. also, keep the options in order.
2004-06-30 22:38:52 +10:00
Damien Miller
23f0770a1b - djm@cvs.openbsd.org 2004/06/17 15:10:14
[clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
     Add option for confirmation (ControlMaster=ask) via ssh-askpass before
     opening shared connections; ok markus@
2004-06-18 01:19:03 +10:00
Damien Miller
0e220dbfbc - djm@cvs.openbsd.org 2004/06/13 15:03:02
[channels.c channels.h clientloop.c clientloop.h includes.h readconf.c]
     [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5]
     implement session multiplexing in the client (the server has supported
     this since 2.0); ok markus@
2004-06-15 10:34:08 +10:00
Damien Miller
05202ffe21 - dtucker@cvs.openbsd.org 2004/06/13 14:01:42
[ssh.1 ssh_config.5 sshd_config.5]
     List supported ciphers in man pages, tidy up ssh -c;
     "looks fine" jmc@, ok markus@
2004-06-15 10:30:39 +10:00
Darren Tucker
dcf6ec48f6 - jmc@cvs.openbsd.org 2004/05/06 11:24:23
[ssh_config.5]
     typo from John Cosimano (PR 3770);
2004-05-13 13:03:56 +10:00
Darren Tucker
1e0c9bf9fb - djm@cvs.openbsd.org 2004/04/28 05:17:10
[ssh_config.5 sshd_config.5]
     manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu)
2004-05-02 22:12:48 +10:00
Darren Tucker
46bc075474 - djm@cvs.openbsd.org 2004/04/27 09:46:37
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
     ssh_config.5 sshd_config.5]
     bz #815: implement ability to pass specified environment variables from
     the client to the server; ok markus@
2004-05-02 22:11:30 +10:00
Damien Miller
1a81258f4e - jmc@cvs.openbsd.org 2004/04/19 16:12:14
[ssh_config.5]
     kill whitespace at eol;
2004-04-20 20:13:32 +10:00
Damien Miller
c970cb9052 - djm@cvs.openbsd.org 2004/04/19 13:02:40
[ssh.1 ssh_config.5]
     document strict permission checks on ~/.ssh/config; prompted by,
     with & ok jmc@
2004-04-20 20:12:53 +10:00
Damien Miller
bd394c329b - markus@cvs.openbsd.org 2004/03/05 10:53:58
[readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c]
     add IdentitiesOnly; ok djm@, pb@
2004-03-08 23:12:36 +11:00
Damien Miller
509b0107f0 - markus@cvs.openbsd.org 2003/12/16 15:49:51
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
     [ssh.c ssh_config.5]
     application layer keep alive (ServerAliveInterval ServerAliveCountMax)
     for ssh(1), similar to the sshd(8) option; ok beck@; with help from
     jmc and dtucker@
2003-12-17 16:33:10 +11:00
Damien Miller
baafb981a4 - markus@cvs.openbsd.org 2003/12/14 12:37:21
[ssh_config.5]
     we don't support GSS KEX; from Simon Wilkinson
2003-12-17 16:32:23 +11:00
Damien Miller
12c150e7e0 - markus@cvs.openbsd.org 2003/12/09 21:53:37
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
     rename keepalive to tcpkeepalive; the old name causes too much
     confusion; ok djm, dtucker; with help from jmc@
2003-12-17 16:31:10 +11:00
Damien Miller
fe44847cb8 - jmc@cvs.openbsd.org 2003/11/12 20:14:51
[ssh_config.5]
     make verb agree with subject, and kill some whitespace;
2003-11-17 21:19:49 +11:00
Damien Miller
150b55745b - jakob@cvs.openbsd.org 2003/11/12 16:39:58
[dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
     update SSHFP validation. ok markus@
2003-11-17 21:19:29 +11:00
Darren Tucker
f132c67e8e - jmc@cvs.openbsd.org 2003/10/12 13:12:13
[ssh_config.5]
     note that EnableSSHKeySign should be in the non-hostspecific section;
     remove unnecessary .Pp;
     ok markus@
2003-10-15 15:58:18 +10:00
Darren Tucker
0a118da00e - markus@cvs.openbsd.org 2003/10/11 08:24:08
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
     remote x11 clients are now untrusted by default, uses xauth(8) to generate
     untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
     ok deraadt; feedback and ok djm/fries
2003-10-15 15:54:32 +10:00
Darren Tucker
a044f47679 - markus@cvs.openbsd.org 2003/10/08 15:21:24
[readconf.c ssh_config.5]
     default GSS API to no in client, too; ok jakob, deraadt@
2003-10-15 15:52:03 +10:00
Damien Miller
c2b9827695 - jmc@cvs.openbsd.org 2003/09/02 18:50:06
[sftp.1 ssh_config.5]
     escape punctuation;
     ok deraadt@
2003-09-03 12:13:30 +10:00
Damien Miller
1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker
0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Darren Tucker
ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker
6aaa58c470 - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/07/22 13:35:22
     [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
     monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
     ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
     remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
     test+ok henning@
 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.

I hope I got this right....
2003-08-02 22:24:49 +10:00
Darren Tucker
46471c9a81 - markus@cvs.openbsd.org 2003/07/02 14:51:16
[channels.c ssh.1 ssh_config.5]
     (re)add socks5 suppport to -D; ok djm@
     now ssh(1) can act both as a socks 4 and socks 5 server and
     dynamically forward ports.
2003-07-03 13:55:19 +10:00
Darren Tucker
674f71d77e - markus@cvs.openbsd.org 2003/06/23 09:02:44
[ssh_config.5]
     document EnableSSHKeysign; bugzilla #599; ok deraadt@, jmc@
2003-06-28 12:33:12 +10:00
Damien Miller
f1ce505daf - jmc@cvs.openbsd.org 2003/06/10 09:12:11
[scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5]
     [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
     - section reorder
     - COMPATIBILITY merge
     - macro cleanup
     - kill whitespace at EOL
     - new sentence, new line
     ssh pages ok markus@
2003-06-11 22:04:39 +10:00
Damien Miller
eacbb4fcc1 - jakob@cvs.openbsd.org 2003/06/02 08:31:10
[ssh_config.5]
     VerifyHostKeyDNS is v2 only. ok markus@
2003-06-02 19:10:41 +10:00
Damien Miller
fbf486b4a6 - jmc@cvs.openbsd.org 2003/05/20 12:09:31
[ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
     new sentence, new line
2003-05-23 18:44:23 +10:00
Damien Miller
20a8f97b03 - djm@cvs.openbsd.org 2003/05/16 03:27:12
[readconf.c ssh_config ssh_config.5 ssh-keysign.c]
     add AddressFamily option to ssh_config (like -4, -6 on commandline).
     Portable bug #534; ok markus@
2003-05-18 20:50:30 +10:00
Damien Miller
b78d5eb6c5 - djm@cvs.openbsd.org 2003/05/15 14:55:25
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
     add a ConnectTimeout option to ssh, based on patch from
     Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
2003-05-16 11:39:04 +10:00
Damien Miller
37876e913a - jakob@cvs.openbsd.org 2003/05/14 18:16:20
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
     [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
     add experimental support for verifying hos keys using DNS as described
     in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
     ok markus@ and henning@
2003-05-15 10:19:46 +10:00
Damien Miller
495dca3518 - (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2003/03/28 10:11:43
     [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
     [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
     - killed whitespace
     - new sentence new line
     - .Bk for arguments
     ok markus@
2003-04-01 21:42:14 +10:00
Damien Miller
9f1e33a6b2 - markus@cvs.openbsd.org 2003/02/06 09:27:29
[ssh.c ssh_config.5]
     support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@
2003-02-24 11:57:32 +11:00
Damien Miller
05913badf3 - stevesk@cvs.openbsd.org 2002/08/29 22:54:10
[ssh_config.5 sshd_config.5]
     state XAuthLocation is a full pathname
2002-09-04 16:51:03 +10:00
Damien Miller
9b1dacdf2c - stevesk@cvs.openbsd.org 2002/08/29 16:09:02
[ssh_config.5]
     more on UsePrivilegedPort and setuid root; ok markus@
2002-09-04 16:47:35 +10:00
Damien Miller
af65304a3c - stevesk@cvs.openbsd.org 2002/08/27 17:18:40
[ssh_config.5]
     some warning text for ForwardAgent and ForwardX11; ok markus@
2002-09-04 16:40:37 +10:00
Ben Lindstrom
479b476af6 - stevesk@cvs.openbsd.org 2002/08/17 23:55:01
[ssh_config.5]
     ordered list here
2002-08-20 19:04:51 +00:00