Commit Graph

110 Commits

Author SHA1 Message Date
djm@openbsd.org
8179fed326
upstream: add RequiredRSASize to the list of keywords accepted by
-o; spotted by jmc@

OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
2022-09-27 08:16:44 +10:00
tj@openbsd.org
69928b106d upstream: list the correct version number
for when usage of the sftp protocol became default and fix a typo
from ed maste

OpenBSD-Commit-ID: 24e1795ed2283fdeacf16413c2f07503bcdebb31
2022-04-16 14:37:15 +10:00
djm@openbsd.org
a4537e79ab upstream: put back the scp manpage changes for SFTP mode too
OpenBSD-Commit-ID: 05dc53921f927e1b5e5694e1f3aa314549f2e768
2022-02-24 08:23:13 +11:00
djm@openbsd.org
9699151b03 upstream: revert for imminent OpenSSH release, which wil ship with
scp in RCP mode.

> revision 1.106
> date: 2021/10/15 14:46:46;  author: deraadt;  state: Exp;  lines: +13 -9;  commitid: w5n9B2RE38tFfggl;
> openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP
> protocol for copying.  Let's get back to testing the SFTP protocol.

This will be put back once the OpenSSH release is done.

OpenBSD-Commit-ID: 0c725481a78210aceecff1537322c0b2df03e768
2022-02-10 15:14:24 +11:00
deraadt@openbsd.org
052a9d8494 upstream: switch scp(1) back to sftp protocol.
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP
protocol for copying.  Let's get back to testing the SFTP protocol.

OpenBSD-Commit-ID: 9eaa35d95fd547b78b0a043b3f518e135f151f30
2021-10-22 22:01:46 +11:00
djm@openbsd.org
7ed1a3117c upstream: fix missing -s in SYNOPSYS and usage() as well as a
capitalisation mistake; spotted by jmc@

OpenBSD-Commit-ID: 0ed8ee085c7503c60578941d8b45f3a61d4c9710
2021-09-21 08:06:09 +10:00
djm@openbsd.org
277d3c6adf upstream: Switch scp back to use the old protocol by default, ahead of
release. We'll wait a little longer for people to pick up sftp-server(8) that
supports the extension that scp needs for ~user paths to continue working in
SFTP protocol mode. Discussed with deraadt@

OpenBSD-Commit-ID: f281f603a705fba317ff076e7b11bcf2df941871
2021-09-20 12:03:17 +10:00
dtucker@openbsd.org
1d47e28e40 upstream: Clarify which file's attributes -p preserves, and that
it's specifically the file mode bits. bz#3340 from calestyo at scientia.net,
ok djm@ jmc@

OpenBSD-Commit-ID: f09e6098ed1c4be00c730873049825f8ee7cb884
2021-09-10 20:34:09 +10:00
jmc@openbsd.org
9136d6239a upstream: - move CAVEATS to its correct order - use the term
"legacy" protocol rather than "original", as the latter made the text
misleading - uppercase SCP

ok djm

OpenBSD-Commit-ID: 8479255746d5fa76a358ee59e7340fecf4245ff0
2021-09-10 20:34:09 +10:00
djm@openbsd.org
73050fa38f upstream: Use the SFTP protocol by default. The original scp/rcp
protocol remains available via the -O flag.

Note that ~user/ prefixed paths in SFTP mode require a protocol extension
that was first shipped in OpenSSH 8.7.

ok deraadt, after baking in snaps for a while without incident

OpenBSD-Commit-ID: 23588976e28c281ff5988da0848cb821fec9213c
2021-09-09 12:35:37 +10:00
naddy@openbsd.org
e1371e4f58 upstream: scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation
and error message logic from "requires -3" to "blocked by -R".

ok djm@

OpenBSD-Commit-ID: a872592118444fb3acda5267b2a8c3d4c4252020
2021-08-12 23:03:13 +10:00
djm@openbsd.org
391ca67fb9 upstream: Prepare for a future where scp(1) uses the SFTP protocol by
default. Replace recently added -M option to select the protocol with -O
(olde) and -s (SFTP) flags, and label the -s flag with a clear warning that
it will be removed in the near future (so no, don't use it in scripts!).

prompted by/feedback from deraadt@

OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc
2021-08-10 13:37:20 +10:00
djm@openbsd.org
bfdd4b722f upstream: make scp -3 the default for remote-to-remote copies. It
provides a much better and more intuitive user experience and doesn't require
exposing credentials to the source host.

thanks naddy@ for catching the missing argument in usage()

"Yes please!" - markus@
"makes a lot of sense" - deraadt@
"the right thing to do" - dtucker@

OpenBSD-Commit-ID: d0d2af5f0965c5192ba5b2fa461c9f9b130e5dd9
2021-08-10 12:47:46 +10:00
djm@openbsd.org
197e29f1cc upstream: support for using the SFTP protocol for file transfers in
scp, via a new "-M sftp" option. Marked as experimental for now.

Some corner-cases exist, in particular there is no attempt to
provide bug-compatibility with scp's weird "double shell" quoting
rules.

Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@
Thanks jmc@ for improving the scp.1 bits.

OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c
2021-08-03 11:03:09 +10:00
Darren Tucker
53237ac789 Sync remaining ChallengeResponse removal.
These were omitted from commit 88868fd131.
2021-07-03 19:23:28 +10:00
naddy@openbsd.org
507b448a24 upstream: move HostbasedAcceptedAlgorithms to the right place in
alphabetical order

OpenBSD-Commit-ID: d766820d33dd874d944c14b0638239adb522c7ec
2021-01-27 11:45:50 +11:00
dtucker@openbsd.org
e9f78d6b06 upstream: Rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAcceptedAlgorithms.  The previous names are retained as aliases.  ok
djm@

OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
2021-01-26 22:50:40 +11:00
dtucker@openbsd.org
ee9c0da803 upstream: Rename PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. While the two were originally equivalent, this
actually specifies the signature algorithms that are accepted.  Some key
types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512)
so the old name is becoming increasingly misleading.  The old name is
retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@

OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
2021-01-22 15:03:56 +11:00
jmc@openbsd.org
09d070ccc3 upstream: tweak the description of KnownHostsCommand in ssh_conf.5,
and add entries for it to the -O list in scp.1 and sftp.1;

ok djm

OpenBSD-Commit-ID: aba31ebea03f38f8d218857f7ce16a500c3e4aff
2020-12-29 12:02:51 +11:00
deraadt@openbsd.org
66bd9fdf8b upstream: split introductory paragraph, and insert ominous words about
the glob issue, which cannot be fully fixed and really requires completely
replacing scp with a completely different subsystem. team effort to find the
right words..

OpenBSD-Commit-ID: 58e1f72d292687f63eb357183036ee242513691c
2020-10-03 13:39:22 +10:00
djm@openbsd.org
a8732d74cb upstream: allow -A to explicitly enable agent forwarding in scp and
sftp. The default remains to not forward an agent, even when ssh_config
enables it. ok jmc dtucker markus

OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
2020-08-03 14:27:59 +10:00
jmc@openbsd.org
261571ddf0 upstream: tweak previous; ok markus
OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd
2020-05-01 13:13:29 +10:00
markus@openbsd.org
ea14103ce9 upstream: run the 2nd ssh with BatchMode for scp -3
OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748
2020-05-01 13:13:29 +10:00
jmc@openbsd.org
483cc723d1 upstream: tweak the Nd lines for a bit of consistency; ok markus
OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16
2019-12-11 19:08:22 +11:00
jmc@openbsd.org
7349149da1 upstream: Hostname->HostName cleanup; from lauri tirkkonen ok
dtucker

OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4
2019-06-14 13:01:28 +10:00
djm@openbsd.org
391ffc4b9d upstream: check in scp client that filenames sent during
remote->local directory copies satisfy the wildcard specified by the user.

This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
files due to differences between client and server wildcard expansion rules.

For this reason, this also adds a new -T flag to disable the check.

reported by Harry Sintonen
fix approach suggested by markus@;
has been in snaps for ~1wk courtesy deraadt@

OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
2019-01-27 09:42:39 +11:00
jmc@openbsd.org
fd8eb1383a upstream: tweak previous;
OpenBSD-Commit-ID: d2a80e389da8e7ed71978643d8cbaa8605b597a8
2019-01-22 22:42:01 +11:00
tb@openbsd.org
68e924d547 upstream: Forgot to add -J to the synopsis.
OpenBSD-Commit-ID: 26d95e409a0b72526526fc56ca1caca5cc3d3c5e
2019-01-22 22:42:01 +11:00
tb@openbsd.org
622dedf1a8 upstream: Add a -J option as a shortcut for -o Proxyjump= to scp(1)
and sftp(1) to match ssh(1)'s interface.

ok djm

OpenBSD-Commit-ID: a75bc2d5f329caa7229a7e9fe346c4f41c2663fc
2019-01-22 22:42:01 +11:00
jmc@openbsd.org
e6933a2ffa upstream: reorder CASignatureAlgorithms, and add them to the
various -o lists; ok djm

OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
2018-09-21 09:41:10 +10:00
dtucker@openbsd.org
95d41e90ea upstream: Deprecate UsePrivilegedPort now that support for running
ssh(1) setuid has been removed, remove supporting code and clean up
references to it in the man pages

We have not shipped ssh(1) the setuid bit since 2002.  If ayone
really needs to make connections from a low port number this can
be implemented via a small setuid ProxyCommand.

ok markus@ jmc@ djm@

OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
2018-07-19 21:44:21 +10:00
jmc@openbsd.org
acf4260f09 upstream: sort previous;
OpenBSD-Commit-ID: 27d80d8b8ca99bc33971dee905e8ffd0053ec411
2018-06-11 09:50:06 +10:00
djm@openbsd.org
7082bb58a2 upstream: add a SetEnv directive to ssh_config that allows setting
environment variables for the remote session (subject to the server accepting
them)

refactor SendEnv to remove the arbitrary limit of variable names.

ok markus@

OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
2018-06-09 13:11:00 +10:00
jmc@openbsd.org
7d330a1ac0 upstream: some cleanup for BindInterface and ssh-keyscan;
OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c
2018-02-26 11:32:29 +11:00
jmc@openbsd.org@openbsd.org
0b2e2896b9 upstream commit
tweak the uri text, specifically removing some markup to
make it a bit more readable;

issue reported by - and diff ok - millert

OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f
2017-10-31 09:08:50 +11:00
millert@openbsd.org
887669ef03 upstream commit
Add URI support to ssh, sftp and scp.  For example
ssh://user@host or sftp://user@host/path.  The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type.  OK djm@

Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2017-10-23 16:10:08 +11:00
naddy@openbsd.org
9a82e24b98 upstream commit
restore mistakenly deleted description of the
ConnectionAttempts option ok markus@

Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348
2017-05-08 09:18:27 +10:00
jmc@openbsd.org
d852603214 upstream commit
remove now obsolete protocol1 options from the -o
lists;

Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd
2017-05-08 09:18:04 +10:00
djm@openbsd.org
a3710d5d52 upstream commit
exterminate the -1 flag from scp

ok markus@

Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db
2017-05-01 10:05:05 +10:00
jmc@openbsd.org
e4eb7d9109 upstream commit
- add proxyjump to the options list - formatting fixes -
update usage()

ok djm

Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457
2016-07-17 14:21:09 +10:00
jmc@openbsd.org
772e6cec0e upstream commit
sort the -o list;

Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac
2016-07-08 13:46:59 +10:00
markus@openbsd.org
75e21688f5 upstream commit
add IdentityAgent; noticed & ok jmc@

Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a
2016-05-19 17:48:36 +10:00
jmc@openbsd.org
c5f7c0843c upstream commit
some certificatefile tweaks; ok djm

Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0
2015-10-06 12:21:55 +11:00
markus@openbsd.org
3a1638dda1 upstream commit
Turn off DSA by default; add HostKeyAlgorithms to the
 server and PubkeyAcceptedKeyTypes to the client side, so it still can be
 tested or turned back on; feedback and ok djm@

Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
2015-07-15 15:38:02 +10:00
djm@openbsd.org
46347ed596 upstream commit
Add a ssh_config HostbasedKeyType option to control which
 host public key types are tried during hostbased authentication.

This may be used to prevent too many keys being sent to the server,
and blowing past its MaxAuthTries limit.

bz#2211 based on patch by Iain Morgan; ok markus@
2015-01-30 22:47:01 +11:00
jmc@openbsd.org
9f7637f56e upstream commit
sort previous;
2015-01-27 23:02:44 +11:00
djm@openbsd.org
1d1092bff8 upstream commit
correct description of UpdateHostKeys in ssh_config.5 and
 add it to -o lists for ssh, scp and sftp; pointed out by jmc@
2015-01-27 00:00:58 +11:00
schwarze@openbsd.org
369d61f176 upstream commit
garbage collect empty .No macros mandoc warns about
2015-01-20 00:18:44 +11:00
Damien Miller
6e1777f592 - tedu@cvs.openbsd.org 2014/03/19 14:42:44
[scp.1]
     there is no need for rcp anymore
     ok deraadt millert
2014-04-20 13:02:58 +10:00
Damien Miller
c0049bd0bc - djm@cvs.openbsd.org 2013/10/20 09:51:26
[scp.1 sftp.1]
     add canonicalisation options to -o lists
2013-10-23 16:29:59 +11:00