Attachment 8211 Details for Bug 17292 – file.diff

[patch] file.diff

file.diff (text/plain), 11.30 KB, created by peter.jeremy on 2000-03-09 21:50:00 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: peter.jeremy

Created: 2000-03-09 21:50:00 UTC

Size: 11.30 KB

patch

obsolete

>Index: ssh.1
>===================================================================
>RCS file: /home/CVSROOT/src/crypto/openssh/ssh.1,v
>retrieving revision 1.3
>diff -u -r1.3 ssh.1
>--- ssh.1	2000/03/08 23:04:59	1.3
>+++ ssh.1	2000/03/09 21:21:32
>@@ -243,7 +243,7 @@
> Forwarding of arbitrary TCP/IP connections over the secure channel can
> be specified either on command line or in a configuration file.  One
> possible application of TCP/IP forwarding is a secure connection to an
>-electronic purse; another is going trough firewalls.
>+electronic purse; another is going through firewalls.
> .Pp
> .Nm
> automatically maintains and checks a database containing RSA-based
>@@ -266,7 +266,7 @@
> .Sh OPTIONS
> .Bl -tag -width Ds
> .It Fl a
>-Disables forwarding of the authentication agent connection. This may
>+Disables forwarding of the authentication agent connection.  This may
> also be specified on a per-host basis in the configuration file.
> .It Fl c Ar blowfish|3des
> Selects the cipher to use for encrypting the session. 
>@@ -316,7 +316,7 @@
> options (and multiple identities specified in
> configuration files).
> .It Fl k
>-Disables forwarding of Kerberos tickets and AFS tokens. This may
>+Disables forwarding of Kerberos tickets and AFS tokens.  This may
> also be specified on a per-host basis in the configuration file.
> .It Fl l Ar login_name
> Specifies the user to log in as on the remote machine.  This may also
>@@ -475,7 +475,7 @@
> argument given on the command line (i.e., the name is not converted to
> a canonicalized host name before matching).
> .It Cm AFSTokenPassing
>-Specifies whether to pass AFS tokens to remote host. The argument to 
>+Specifies whether to pass AFS tokens to remote host.  The argument to 
> this keyword must be
> .Dq yes
> or
>@@ -494,7 +494,7 @@
> .Dq yes ,
> ssh will additionally check the host ip address in the
> .Pa known_hosts
>-file. This allows ssh to detect if a host key changed due to DNS spoofing.
>+file.  This allows ssh to detect if a host key changed due to DNS spoofing.
> If the option is set to
> .Dq no ,
> the check will not be executed.
>@@ -606,14 +606,14 @@
> .Dq no
> in both the server and the client configuration files.
> .It Cm KerberosAuthentication
>-Specifies whether Kerberos authentication will be used. The argument to 
>+Specifies whether Kerberos authentication will be used.  The argument to 
> this keyword must be
> .Dq yes
> or
> .Dq no .
> .It Cm KerberosTgtPassing
>-Specifies whether a Kerberos TGT will be forwarded to the server. This
>-will only work if the Kerberos server is actually an AFS kaserver. The
>+Specifies whether a Kerberos TGT will be forwarded to the server.  This
>+will only work if the Kerberos server is actually an AFS kaserver.  The
> argument to this keyword must be
> .Dq yes
> or
>@@ -632,8 +632,8 @@
> QUIET, FATAL, ERROR, INFO, CHAT and DEBUG.
> The default is INFO.
> .It Cm NumberOfPasswordPrompts
>-Specifies the number of password prompts before giving up. The
>-argument to this keyword must be an integer. Default is 3.
>+Specifies the number of password prompts before giving up.  The
>+argument to this keyword must be an integer.  Default is 3.
> .It Cm PasswordAuthentication
> Specifies whether to use password authentication.  The argument to
> this keyword must be
>@@ -645,9 +645,14 @@
> 22.
> .It Cm ProxyCommand
> Specifies the command to use to connect to the server.  The command
>-string extends to the end of the line, and is executed with /bin/sh.
>-In the command string, %h will be substituted by the host name to
>-connect and %p by the port.  The command can be basically anything,
>+string extends to the end of the line, and is executed with
>+.Pa /bin/sh .
>+In the command string,
>+.Dq %h
>+will be substituted by the host name to
>+connect and
>+.Dq %p
>+by the port.  The command can be basically anything,
> and should read from its stdin and write to its stdout.  It should
> eventually connect an
> .Xr sshd 8
>@@ -771,7 +776,7 @@
> to point to a value of the form
> .Dq hostname:n
> where hostname indicates
>-the host where the shell runs, and n is an integer >= 1.  Ssh uses
>+the host where the shell runs, and n is an integer \*(>= 1.  Ssh uses
> this special value to forward X11 connections over the secure
> channel.  The user should normally not set DISPLAY explicitly, as that
> will render the X11 connection insecure (and will require the user to
>@@ -924,7 +929,8 @@
> .Xr rsh 1 .
> .It Pa /etc/hosts.equiv
> This file is used during
>-.Pa \&.rhosts authentication.  It contains
>+.Pa \&.rhosts
>+authentication.  It contains
> canonical hosts names, one per line (the full format is described on
> the
> .Xr sshd 8
>Index: sshd.8
>===================================================================
>RCS file: /home/CVSROOT/src/crypto/openssh/sshd.8,v
>retrieving revision 1.4
>diff -u -r1.4 sshd.8
>--- sshd.8	2000/03/08 23:04:59	1.4
>+++ sshd.8	2000/03/09 21:37:16
>@@ -186,7 +186,7 @@
> .Sh CONFIGURATION FILE
> .Nm
> reads configuration data from 
>-.Pa /etc/sshd_config
>+.Pa /etc/ssh/sshd_config
> (or the file specified with
> .Fl f
> on the command line).  The file
>@@ -197,7 +197,7 @@
> The following keywords are possible.
> .Bl -tag -width Ds
> .It Cm AFSTokenPassing
>-Specifies whether an AFS token may be forwarded to the server. Default is
>+Specifies whether an AFS token may be forwarded to the server.  Default is
> .Dq yes .
> .It Cm AllowGroups
> This keyword can be followed by a number of group names, separated
>@@ -323,18 +323,18 @@
> .Dq no
> in both the server and the client configuration files.
> .It Cm KerberosAuthentication
>-Specifies whether Kerberos authentication is allowed. This can
>+Specifies whether Kerberos authentication is allowed.  This can
> be in the form of a Kerberos ticket, or if
> .Cm PasswordAuthentication
> is yes, the password provided by the user will be validated through
>-the Kerberos KDC. Default is
>+the Kerberos KDC.  Default is
> .Dq yes .
> .It Cm KerberosOrLocalPasswd
> If set then if password authentication through Kerberos fails then
> the password will be validated via any additional local mechanism
> such as
> .Pa /etc/passwd
>-or SecurID. Default is
>+or SecurID.  Default is
> .Dq yes .
> .It Cm KerberosTgtPassing
> Specifies whether a Kerberos TGT may be forwarded to the server.
>@@ -343,7 +343,7 @@
> as this only works when the Kerberos KDC is actually an AFS kaserver.
> .It Cm KerberosTicketCleanup
> Specifies whether to automatically destroy the user's ticket cache
>-file on logout. Default is
>+file on logout.  Default is
> .Dq yes .
> .It Cm KeyRegenerationInterval
> The server key is automatically regenerated after this many seconds
>@@ -418,19 +418,25 @@
> or equivalent.)  The default is
> .Dq yes .
> .It Cm RandomSeed
>-Obsolete.  Random number generation uses other techniques.
>+Obsolete - accepted and ignored with a warning.
>+Random number generation uses other techniques.
> .It Cm RhostsAuthentication
>-Specifies whether authentication using rhosts or /etc/hosts.equiv
>+Specifies whether authentication using rhosts or
>+.Pa /etc/hosts.equiv
> files is sufficient.  Normally, this method should not be permitted
> because it is insecure. 
> .Cm RhostsRSAAuthentication
> should be used
> instead, because it performs RSA-based host authentication in addition
>-to normal rhosts or /etc/hosts.equiv authentication.
>+to normal rhosts or
>+.Pa /etc/hosts.equiv
>+authentication.
> The default is
> .Dq no .
> .It Cm RhostsRSAAuthentication
>-Specifies whether rhosts or /etc/hosts.equiv authentication together
>+Specifies whether rhosts or
>+.Pa /etc/hosts.equiv
>+authentication together
> with successful RSA host authentication is allowed.  The default is
> .Dq no .
> .It Cm RSAAuthentication
>@@ -444,7 +450,7 @@
> .Xr skey 1 
> authentication is allowed.  The default is
> .Dq yes .
>-Note that s/key authentication is enabled only if
>+Note that S/Key authentication is enabled only if
> .Cm PasswordAuthentication
> is allowed, too.
> .It Cm StrictModes
>@@ -463,7 +469,7 @@
> .It Cm UseLogin
> Specifies whether
> .Xr login 1
>-is used. The default is
>+is used.  The default is
> .Dq no .
> .It Cm X11DisplayOffset
> Specifies the first display number available for
>@@ -516,10 +522,12 @@
> exists, runs it; else if
> .Pa /etc/ssh/sshrc
> exists, runs
>-it; otherwise runs xauth.  The
>+it; otherwise runs
>+.Xr xauth 1 .
>+The
> .Dq rc
> files are given the X11
>-authentication protocol and cookie in standard input.
>+authentication protocol and cookie (if applicable) in standard input.
> .It
> Runs user's shell or command.
> .El
>@@ -593,11 +601,11 @@
> Prevents tty allocation (a request to allocate a pty will fail).
> .El
> .Ss Examples
>-1024 33 12121.\|.\|.\|312314325 ylo@foo.bar
>-.Pp
>-from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
>-.Pp
>-command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
>+.Bd -literal
>+1024 33 12121...312314325 ylo@foo.bar
>+from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
>+command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi
>+.Ed
> .Sh SSH_KNOWN_HOSTS FILE FORMAT
> The 
> .Pa /etc/ssh/ssh_known_hosts
>@@ -645,7 +653,9 @@
> .Pa /etc/ssh/ssh_host_key.pub
> and adding the host names at the front.
> .Ss Examples
>-closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
>+.Bd -literal
>+closenet,closenet.hut.fi,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
>+.Ed
> .Sh FILES
> .Bl -tag -width Ds
> .It Pa /etc/ssh/sshd_config
>@@ -687,7 +697,7 @@
> listed in one of these files to be accepted.
> The client uses the same files
> to verify that the remote host is the one we intended to
>-connect. These files should be writable only by root/the owner.
>+connect.  These files should be writable only by root/the owner.
> .Pa /etc/ssh/ssh_known_hosts
> should be world-readable, and
> .Pa $HOME/.ssh/known_hosts
>@@ -698,7 +708,7 @@
> refuses to let anyone except root log in.  The contents of the file
> are displayed to anyone trying to log in, and non-root connections are
> refused.  The file should be world-readable.
>-.It Pa /etc/hosts.allow, /etc/hosts.deny
>+.It Pa /etc/hosts.allow , /etc/hosts.deny
> If compiled with
> .Sy LIBWRAP
> support, tcp-wrappers access controls may be defined here as described in
>@@ -720,7 +730,7 @@
> .Pa .rhosts .
> However, this file is
> not used by rlogin and rshd, so using this permits access using SSH only.
>-.Pa /etc/hosts.equiv
>+.It Pa /etc/hosts.equiv
> This file is used during
> .Pa .rhosts
> authentication.  In the
>@@ -762,7 +772,9 @@
> and assignment lines of the form name=value.  The file should be writable
> only by the user; it need not be readable by anyone else.
> .It Pa $HOME/.ssh/rc
>-If this file exists, it is run with /bin/sh after reading the
>+If this file exists, it is run with
>+.Pa /bin/sh
>+after reading the
> environment files but before starting the user's shell or command.  If
> X11 spoofing is in use, this will receive the "proto cookie" pair in
> standard input (and
>@@ -776,13 +788,19 @@
> accessible; AFS is a particular example of such an environment.
> .Pp
> This file will probably contain some initialization code followed by
>-something similar to: "if read proto cookie; then echo add $DISPLAY
>-$proto $cookie | xauth -q -; fi".
>+something similar to:
>+.Bd -literal -offset indent
>+if [ -n "$DISPLAY" ] && read proto cookie; then
>+    echo add $DISPLAY $proto $cookie | xauth -q -
>+fi
>+.Ed
> .Pp
> If this file does not exist,
> .Pa /etc/ssh/sshrc
> is run, and if that
>-does not exist either, xauth is used to store the cookie.
>+does not exist either,
>+.Xr xauth 1
>+is used to store the cookie.
> .Pp
> This file should be writable only by the user, and need not be
> readable by anyone else.

Actions: View | Diff

Attachments on bug 17292: 8211