58 that best meets the size requirement. |
58 that best meets the size requirement. |
59 .Sh SEE ALSO |
59 .Sh SEE ALSO |
60 .Xr ssh-keygen 1 , |
60 .Xr ssh-keygen 1 , |
61 -.Xr sshd 8 |
61 -.Xr sshd 8 |
62 +.Xr sshd 1M |
62 +.Xr sshd 1M |
|
63 .Sh STANDARDS |
63 .Rs |
64 .Rs |
64 .%R RFC 4419 |
65 .%A M. Friedl |
65 .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" |
66 --- orig/sftp-server.8 Thu Feb 6 10:01:20 2014 |
66 --- orig/sftp-server.8 Thu Jan 10 15:04:00 2013 |
67 +++ new/sftp-server.8 Thu Feb 6 10:09:59 2014 |
67 +++ new/sftp-server.8 Thu Jan 10 15:48:21 2013 |
|
68 @@ -23,7 +23,7 @@ |
68 @@ -23,7 +23,7 @@ |
69 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
69 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
70 .\" |
70 .\" |
71 .Dd $Mdocdate: January 9 2010 $ |
71 .Dd $Mdocdate: October 14 2013 $ |
72 -.Dt SFTP-SERVER 8 |
72 -.Dt SFTP-SERVER 8 |
73 +.Dt SFTP-SERVER 1M |
73 +.Dt SFTP-SERVER 1M |
74 .Os |
74 .Os |
75 .Sh NAME |
75 .Sh NAME |
76 .Nm sftp-server |
76 .Nm sftp-server |
77 @@ -40,7 +40,7 @@ |
77 @@ -47,7 +47,7 @@ |
78 to stdout and expects client requests from stdin. |
78 to stdout and expects client requests from stdin. |
79 .Nm |
79 .Nm |
80 is not intended to be called directly, but from |
80 is not intended to be called directly, but from |
81 -.Xr sshd 8 |
81 -.Xr sshd 8 |
82 +.Xr sshd 1M |
82 +.Xr sshd 1M |
83 using the |
83 using the |
84 .Cm Subsystem |
84 .Cm Subsystem |
85 option. |
85 option. |
86 @@ -51,7 +51,7 @@ |
86 @@ -58,7 +58,7 @@ |
87 .Cm Subsystem |
87 .Cm Subsystem |
88 declaration. |
88 declaration. |
89 See |
89 See |
90 -.Xr sshd_config 5 |
90 -.Xr sshd_config 5 |
91 +.Xr sshd_config 4 |
91 +.Xr sshd_config 4 |
92 for more information. |
92 for more information. |
93 .Pp |
93 .Pp |
94 Valid options are: |
94 Valid options are: |
95 @@ -106,8 +106,8 @@ |
95 @@ -71,7 +71,7 @@ |
|
96 and %u is replaced by the username of that user. |
|
97 The default is to use the user's home directory. |
|
98 This option is useful in conjunction with the |
|
99 -.Xr sshd_config 5 |
|
100 +.Xr sshd_config 4 |
|
101 .Cm ChrootDirectory |
|
102 option. |
|
103 .It Fl e |
|
104 @@ -152,8 +152,8 @@ |
96 .Sh SEE ALSO |
105 .Sh SEE ALSO |
97 .Xr sftp 1 , |
106 .Xr sftp 1 , |
98 .Xr ssh 1 , |
107 .Xr ssh 1 , |
99 -.Xr sshd_config 5 , |
108 -.Xr sshd_config 5 , |
100 -.Xr sshd 8 |
109 -.Xr sshd 8 |
101 +.Xr sshd_config 4 , |
110 +.Xr sshd_config 4 , |
102 +.Xr sshd 1M |
111 +.Xr sshd 1M |
103 .Rs |
112 .Rs |
104 .%A T. Ylonen |
113 .%A T. Ylonen |
105 .%A S. Lehtinen |
114 .%A S. Lehtinen |
106 --- orig/ssh_config.5 Thu Jan 10 15:04:00 2013 |
115 --- orig/ssh_config.5 Thu Feb 6 10:01:20 2014 |
107 +++ new/ssh_config.5 Thu Jan 10 15:48:48 2013 |
116 +++ new/ssh_config.5 Thu Mar 27 16:37:50 2014 |
108 @@ -35,7 +35,7 @@ |
117 @@ -35,7 +35,7 @@ |
109 .\" |
118 .\" |
110 .\" $OpenBSD: ssh_config.5,v 1.154 2011/09/09 00:43:00 djm Exp $ |
119 .\" $OpenBSD: ssh_config.5,v 1.184 2014/01/19 04:48:08 djm Exp $ |
111 .Dd $Mdocdate: September 9 2011 $ |
120 .Dd $Mdocdate: January 19 2014 $ |
112 -.Dt SSH_CONFIG 5 |
121 -.Dt SSH_CONFIG 5 |
113 +.Dt SSH_CONFIG 4 |
122 +.Dt SSH_CONFIG 4 |
114 .Os |
123 .Os |
115 .Sh NAME |
124 .Sh NAME |
116 .Nm ssh_config |
125 .Nm ssh_config |
117 @@ -353,7 +353,7 @@ |
126 @@ -503,7 +503,7 @@ |
118 .Dq Fl O No exit |
127 .Dq Fl O No exit |
119 option). |
128 option). |
120 If set to a time in seconds, or a time in any of the formats documented in |
129 If set to a time in seconds, or a time in any of the formats documented in |
121 -.Xr sshd_config 5 , |
130 -.Xr sshd_config 5 , |
122 +.Xr sshd_config 4 , |
131 +.Xr sshd_config 4 , |
123 then the backgrounded master connection will automatically terminate |
132 then the backgrounded master connection will automatically terminate |
124 after it has remained idle (with no client connections) for the |
133 after it has remained idle (with no client connections) for the |
125 specified time. |
134 specified time. |
126 @@ -473,7 +473,7 @@ |
135 @@ -622,7 +622,7 @@ |
|
136 Specify a timeout for untrusted X11 forwarding |
127 using the format described in the |
137 using the format described in the |
128 .Sx TIME FORMATS |
138 TIME FORMATS section of |
129 section of |
|
130 -.Xr sshd_config 5 . |
139 -.Xr sshd_config 5 . |
131 +.Xr sshd_config 4 . |
140 +.Xr sshd_config 4 . |
132 X11 connections received by |
141 X11 connections received by |
133 .Xr ssh 1 |
142 .Xr ssh 1 |
134 after this time will be refused. |
143 after this time will be refused. |
135 @@ -540,7 +540,7 @@ |
144 @@ -689,7 +689,7 @@ |
136 These hashed names may be used normally by |
145 These hashed names may be used normally by |
137 .Xr ssh 1 |
146 .Xr ssh 1 |
138 and |
147 and |
139 -.Xr sshd 8 , |
148 -.Xr sshd 8 , |
140 +.Xr sshd 1M , |
149 +.Xr sshd 1M , |
141 but they do not reveal identifying information should the file's contents |
150 but they do not reveal identifying information should the file's contents |
142 be disclosed. |
151 be disclosed. |
143 The default is |
152 The default is |
144 @@ -885,7 +885,7 @@ |
153 @@ -1122,7 +1122,7 @@ |
145 The command can be basically anything, |
154 The optional second value is specified in seconds and may use any of the |
146 and should read from its standard input and write to its standard output. |
155 units documented in the |
147 It should eventually connect an |
156 TIME FORMATS section of |
148 -.Xr sshd 8 |
157 -.Xr sshd_config 5 . |
149 +.Xr sshd 1M |
158 +.Xr sshd_config 4 . |
150 server running on some machine, or execute |
159 The default value for |
151 .Ic sshd -i |
160 .Cm RekeyLimit |
152 somewhere. |
161 is |
153 @@ -967,7 +967,7 @@ |
162 @@ -1166,7 +1166,7 @@ |
154 will only succeed if the server's |
163 will only succeed if the server's |
155 .Cm GatewayPorts |
164 .Cm GatewayPorts |
156 option is enabled (see |
165 option is enabled (see |
157 -.Xr sshd_config 5 ) . |
166 -.Xr sshd_config 5 ) . |
158 +.Xr sshd_config 4 ) . |
167 +.Xr sshd_config 4 ) . |
159 .It Cm RequestTTY |
168 .It Cm RequestTTY |
160 Specifies whether to request a pseudo-tty for the session. |
169 Specifies whether to request a pseudo-tty for the session. |
161 The argument may be one of: |
170 The argument may be one of: |
162 @@ -1019,7 +1019,7 @@ |
171 @@ -1218,7 +1218,7 @@ |
163 Refer to |
172 Refer to |
164 .Cm AcceptEnv |
173 .Cm AcceptEnv |
165 in |
174 in |
166 -.Xr sshd_config 5 |
175 -.Xr sshd_config 5 |
167 +.Xr sshd_config 4 |
176 +.Xr sshd_config 4 |
168 for how to configure the server. |
177 for how to configure the server. |
169 Variables are specified by name, which may contain wildcard characters. |
178 Variables are specified by name, which may contain wildcard characters. |
170 Multiple environment variables may be separated by whitespace or spread |
179 Multiple environment variables may be separated by whitespace or spread |
171 --- orig/ssh-keysign.8 Thu Jan 10 15:04:00 2013 |
180 --- orig/ssh-keysign.8 Thu Feb 6 10:01:20 2014 |
172 +++ new/ssh-keysign.8 Thu Jan 10 15:49:23 2013 |
181 +++ new/ssh-keysign.8 Thu Feb 6 10:13:05 2014 |
173 @@ -23,7 +23,7 @@ |
182 @@ -23,7 +23,7 @@ |
174 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
183 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
175 .\" |
184 .\" |
176 .Dd $Mdocdate: August 31 2010 $ |
185 .Dd $Mdocdate: December 7 2013 $ |
177 -.Dt SSH-KEYSIGN 8 |
186 -.Dt SSH-KEYSIGN 8 |
178 +.Dt SSH-KEYSIGN 1M |
187 +.Dt SSH-KEYSIGN 1M |
179 .Os |
188 .Os |
180 .Sh NAME |
189 .Sh NAME |
181 .Nm ssh-keysign |
190 .Nm ssh-keysign |
246 -.Xr sshd 8 . |
255 -.Xr sshd 8 . |
247 +.Xr sshd 1M . |
256 +.Xr sshd 1M . |
248 Valid arguments are |
257 Valid arguments are |
249 .Dq any , |
258 .Dq any , |
250 .Dq inet |
259 .Dq inet |
251 @@ -120,7 +120,7 @@ |
260 @@ -118,7 +118,7 @@ |
252 See |
261 .Cm AllowGroups . |
253 .Sx PATTERNS |
262 .Pp |
254 in |
263 See PATTERNS in |
255 -.Xr ssh_config 5 |
264 -.Xr ssh_config 5 |
256 +.Xr ssh_config 4 |
265 +.Xr ssh_config 4 |
257 for more information on patterns. |
266 for more information on patterns. |
258 .It Cm AllowTcpForwarding |
267 .It Cm AllowTcpForwarding |
259 Specifies whether TCP forwarding is permitted. |
268 Specifies whether TCP forwarding is permitted. |
260 @@ -149,7 +149,7 @@ |
269 @@ -158,7 +158,7 @@ |
261 See |
270 .Cm AllowGroups . |
262 .Sx PATTERNS |
271 .Pp |
263 in |
272 See PATTERNS in |
264 -.Xr ssh_config 5 |
273 -.Xr ssh_config 5 |
265 +.Xr ssh_config 4 |
274 +.Xr ssh_config 4 |
266 for more information on patterns. |
275 for more information on patterns. |
267 .It Cm AuthorizedKeysFile |
276 .It Cm AuthenticationMethods |
268 Specifies the file that contains the public keys that can be used |
277 Specifies the authentication methods that must be successfully completed |
269 @@ -157,7 +157,7 @@ |
278 @@ -202,7 +202,7 @@ |
|
279 It will be invoked with a single argument of the username |
|
280 being authenticated, and should produce on standard output zero or |
|
281 more lines of authorized_keys output (see AUTHORIZED_KEYS in |
|
282 -.Xr sshd 8 ) . |
|
283 +.Xr sshd 1M ) . |
|
284 If a key supplied by AuthorizedKeysCommand does not successfully authenticate |
|
285 and authorize the user then public key authentication continues using the usual |
|
286 .Cm AuthorizedKeysFile |
|
287 @@ -218,7 +218,7 @@ |
270 The format is described in the |
288 The format is described in the |
271 .Sx AUTHORIZED_KEYS FILE FORMAT |
289 AUTHORIZED_KEYS FILE FORMAT |
272 section of |
290 section of |
273 -.Xr sshd 8 . |
291 -.Xr sshd 8 . |
274 +.Xr sshd 1M . |
292 +.Xr sshd 1M . |
275 .Cm AuthorizedKeysFile |
293 .Cm AuthorizedKeysFile |
276 may contain tokens of the form %T which are substituted during connection |
294 may contain tokens of the form %T which are substituted during connection |
277 setup. |
295 setup. |
278 @@ -182,7 +182,7 @@ |
296 @@ -241,7 +241,7 @@ |
279 in |
297 to be accepted for authentication. |
280 .Sx AUTHORIZED_KEYS FILE FORMAT |
298 Names are listed one per line preceded by key options (as described |
281 in |
299 in AUTHORIZED_KEYS FILE FORMAT in |
282 -.Xr sshd 8 ) . |
300 -.Xr sshd 8 ) . |
283 +.Xr sshd 1M ) . |
301 +.Xr sshd 1M ) . |
284 Empty lines and comments starting with |
302 Empty lines and comments starting with |
285 .Ql # |
303 .Ql # |
286 are ignored. |
304 are ignored. |
287 @@ -210,7 +210,7 @@ |
305 @@ -271,7 +271,7 @@ |
288 though the |
306 though the |
289 .Cm principals= |
307 .Cm principals= |
290 key option offers a similar facility (see |
308 key option offers a similar facility (see |
291 -.Xr sshd 8 |
309 -.Xr sshd 8 |
292 +.Xr sshd 1M |
310 +.Xr sshd 1M |
293 for details). |
311 for details). |
294 .It Cm Banner |
312 .It Cm Banner |
295 The contents of the specified file are sent to the remote user before |
313 The contents of the specified file are sent to the remote user before |
296 @@ -233,7 +233,7 @@ |
314 @@ -294,7 +294,7 @@ |
297 All components of the pathname must be root-owned directories that are |
315 All components of the pathname must be root-owned directories that are |
298 not writable by any other user or group. |
316 not writable by any other user or group. |
299 After the chroot, |
317 After the chroot, |
300 -.Xr sshd 8 |
318 -.Xr sshd 8 |
301 +.Xr sshd 1M |
319 +.Xr sshd 1M |
302 changes the working directory to the user's home directory. |
320 changes the working directory to the user's home directory. |
303 .Pp |
321 .Pp |
304 The pathname may contain the following tokens that are expanded at runtime once |
322 The pathname may contain the following tokens that are expanded at runtime once |
305 @@ -266,7 +266,7 @@ |
323 @@ -370,7 +370,7 @@ |
306 though sessions which use logging do require |
|
307 .Pa /dev/log |
|
308 inside the chroot directory (see |
|
309 -.Xr sftp-server 8 |
|
310 +.Xr sftp-server 1M |
|
311 for details). |
|
312 .Pp |
|
313 The default is not to |
|
314 @@ -297,7 +297,7 @@ |
|
315 .It Cm ClientAliveCountMax |
324 .It Cm ClientAliveCountMax |
316 Sets the number of client alive messages (see below) which may be |
325 Sets the number of client alive messages (see below) which may be |
317 sent without |
326 sent without |
318 -.Xr sshd 8 |
327 -.Xr sshd 8 |
319 +.Xr sshd 1M |
328 +.Xr sshd 1M |
320 receiving any messages back from the client. |
329 receiving any messages back from the client. |
321 If this threshold is reached while client alive messages are being sent, |
330 If this threshold is reached while client alive messages are being sent, |
322 sshd will disconnect the client, terminating the session. |
331 sshd will disconnect the client, terminating the session. |
323 @@ -324,7 +324,7 @@ |
332 @@ -397,7 +397,7 @@ |
324 .It Cm ClientAliveInterval |
333 .It Cm ClientAliveInterval |
325 Sets a timeout interval in seconds after which if no data has been received |
334 Sets a timeout interval in seconds after which if no data has been received |
326 from the client, |
335 from the client, |
327 -.Xr sshd 8 |
336 -.Xr sshd 8 |
328 +.Xr sshd 1M |
337 +.Xr sshd 1M |
329 will send a message through the encrypted |
338 will send a message through the encrypted |
330 channel to request a response from the client. |
339 channel to request a response from the client. |
331 The default |
340 The default |
332 @@ -357,7 +357,7 @@ |
341 @@ -428,7 +428,7 @@ |
333 See |
342 .Cm AllowGroups . |
334 .Sx PATTERNS |
343 .Pp |
335 in |
344 See PATTERNS in |
336 -.Xr ssh_config 5 |
345 -.Xr ssh_config 5 |
337 +.Xr ssh_config 4 |
346 +.Xr ssh_config 4 |
338 for more information on patterns. |
347 for more information on patterns. |
339 .It Cm DenyUsers |
348 .It Cm DenyUsers |
340 This keyword can be followed by a list of user name patterns, separated |
349 This keyword can be followed by a list of user name patterns, separated |
341 @@ -378,7 +378,7 @@ |
350 @@ -447,7 +447,7 @@ |
342 See |
351 .Cm AllowGroups . |
343 .Sx PATTERNS |
352 .Pp |
344 in |
353 See PATTERNS in |
345 -.Xr ssh_config 5 |
354 -.Xr ssh_config 5 |
346 +.Xr ssh_config 4 |
355 +.Xr ssh_config 4 |
347 for more information on patterns. |
356 for more information on patterns. |
348 .It Cm ForceCommand |
357 .It Cm ForceCommand |
349 Forces the execution of the command specified by |
358 Forces the execution of the command specified by |
350 @@ -403,7 +403,7 @@ |
359 @@ -472,7 +472,7 @@ |
351 Specifies whether remote hosts are allowed to connect to ports |
360 Specifies whether remote hosts are allowed to connect to ports |
352 forwarded for the client. |
361 forwarded for the client. |
353 By default, |
362 By default, |
354 -.Xr sshd 8 |
363 -.Xr sshd 8 |
355 +.Xr sshd 1M |
364 +.Xr sshd 1M |
356 binds remote port forwardings to the loopback address. |
365 binds remote port forwardings to the loopback address. |
357 This prevents other remote hosts from connecting to forwarded ports. |
366 This prevents other remote hosts from connecting to forwarded ports. |
358 .Cm GatewayPorts |
367 .Cm GatewayPorts |
359 @@ -451,7 +451,7 @@ |
368 @@ -520,7 +520,7 @@ |
360 A setting of |
369 A setting of |
361 .Dq yes |
370 .Dq yes |
362 means that |
371 means that |
363 -.Xr sshd 8 |
372 -.Xr sshd 8 |
364 +.Xr sshd 1M |
373 +.Xr sshd 1M |
365 uses the name supplied by the client rather than |
374 uses the name supplied by the client rather than |
366 attempting to resolve the name from the TCP connection itself. |
375 attempting to resolve the name from the TCP connection itself. |
367 The default is |
376 The default is |
368 @@ -462,7 +462,7 @@ |
377 @@ -531,7 +531,7 @@ |
369 by |
378 by |
370 .Cm HostKey . |
379 .Cm HostKey . |
371 The default behaviour of |
380 The default behaviour of |
372 -.Xr sshd 8 |
381 -.Xr sshd 8 |
373 +.Xr sshd 1M |
382 +.Xr sshd 1M |
374 is not to load any certificates. |
383 is not to load any certificates. |
375 .It Cm HostKey |
384 .It Cm HostKey |
376 Specifies a file containing a private host key |
385 Specifies a file containing a private host key |
377 @@ -476,7 +476,7 @@ |
386 @@ -546,7 +546,7 @@ |
378 .Pa /etc/ssh/ssh_host_rsa_key |
387 .Pa /etc/ssh/ssh_host_rsa_key |
379 for protocol version 2. |
388 for protocol version 2. |
380 Note that |
389 Note that |
381 -.Xr sshd 8 |
390 -.Xr sshd 8 |
382 +.Xr sshd 1M |
391 +.Xr sshd 1M |
383 will refuse to use a file if it is group/world-accessible. |
392 will refuse to use a file if it is group/world-accessible. |
384 It is possible to have multiple host key files. |
393 It is possible to have multiple host key files. |
385 .Dq rsa1 |
394 .Dq rsa1 |
386 @@ -504,7 +504,7 @@ |
395 @@ -587,7 +587,7 @@ |
387 .Dq yes . |
396 .Dq yes . |
388 .It Cm IgnoreUserKnownHosts |
397 .It Cm IgnoreUserKnownHosts |
389 Specifies whether |
398 Specifies whether |
390 -.Xr sshd 8 |
399 -.Xr sshd 8 |
391 +.Xr sshd 1M |
400 +.Xr sshd 1M |
392 should ignore the user's |
401 should ignore the user's |
393 .Pa ~/.ssh/known_hosts |
402 .Pa ~/.ssh/known_hosts |
394 during |
403 during |
395 @@ -580,7 +580,7 @@ |
404 @@ -681,7 +681,7 @@ |
396 Multiple algorithms must be comma-separated. |
|
397 The default is |
|
398 .Dq ecdh-sha2-nistp256 , |
|
399 -.Dq ecdh-sha2-nistp384 , |
|
400 +.Dq ecdh-sha2-nistp834 , |
|
401 .Dq ecdh-sha2-nistp521 , |
|
402 .Dq diffie-hellman-group-exchange-sha256 , |
|
403 .Dq diffie-hellman-group-exchange-sha1 , |
|
404 @@ -597,7 +597,7 @@ |
|
405 The default is 3600 (seconds). |
405 The default is 3600 (seconds). |
406 .It Cm ListenAddress |
406 .It Cm ListenAddress |
407 Specifies the local addresses |
407 Specifies the local addresses |
408 -.Xr sshd 8 |
408 -.Xr sshd 8 |
409 +.Xr sshd 1M |
409 +.Xr sshd 1M |
410 should listen on. |
410 should listen on. |
411 The following forms may be used: |
411 The following forms may be used: |
412 .Pp |
412 .Pp |
413 @@ -640,7 +640,7 @@ |
413 @@ -724,7 +724,7 @@ |
414 The default is 120 seconds. |
414 The default is 120 seconds. |
415 .It Cm LogLevel |
415 .It Cm LogLevel |
416 Gives the verbosity level that is used when logging messages from |
416 Gives the verbosity level that is used when logging messages from |
417 -.Xr sshd 8 . |
417 -.Xr sshd 8 . |
418 +.Xr sshd 1M . |
418 +.Xr sshd 1M . |
419 The possible values are: |
419 The possible values are: |
420 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. |
420 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. |
421 The default is INFO. |
421 The default is INFO. |
422 @@ -681,7 +681,7 @@ |
422 @@ -776,7 +776,7 @@ |
|
423 The match patterns may consist of single entries or comma-separated |
423 lists and may use the wildcard and negation operators described in the |
424 lists and may use the wildcard and negation operators described in the |
424 .Sx PATTERNS |
425 PATTERNS section of |
425 section of |
|
426 -.Xr ssh_config 5 . |
426 -.Xr ssh_config 5 . |
427 +.Xr ssh_config 4 . |
427 +.Xr ssh_config 4 . |
428 .Pp |
428 .Pp |
429 The patterns in an |
429 The patterns in an |
430 .Cm Address |
430 .Cm Address |
431 @@ -751,7 +751,7 @@ |
431 @@ -856,7 +856,7 @@ |
432 the three colon separated values |
432 the three colon separated values |
433 .Dq start:rate:full |
433 .Dq start:rate:full |
434 (e.g. "10:30:60"). |
434 (e.g. "10:30:60"). |
435 -.Xr sshd 8 |
435 -.Xr sshd 8 |
436 +.Xr sshd 1M |
436 +.Xr sshd 1M |
437 will refuse connection attempts with a probability of |
437 will refuse connection attempts with a probability of |
438 .Dq rate/100 |
438 .Dq rate/100 |
439 (30%) |
439 (30%) |
440 @@ -855,7 +855,7 @@ |
440 @@ -969,7 +969,7 @@ |
441 options in |
441 options in |
442 .Pa ~/.ssh/authorized_keys |
442 .Pa ~/.ssh/authorized_keys |
443 are processed by |
443 are processed by |
444 -.Xr sshd 8 . |
444 -.Xr sshd 8 . |
445 +.Xr sshd 1M . |
445 +.Xr sshd 1M . |
446 The default is |
446 The default is |
447 .Dq no . |
447 .Dq no . |
448 Enabling environment processing may enable users to bypass access |
448 Enabling environment processing may enable users to bypass access |
449 @@ -868,7 +868,7 @@ |
449 @@ -982,7 +982,7 @@ |
450 .Pa /var/run/sshd.pid . |
450 .Pa /var/run/sshd.pid . |
451 .It Cm Port |
451 .It Cm Port |
452 Specifies the port number that |
452 Specifies the port number that |
453 -.Xr sshd 8 |
453 -.Xr sshd 8 |
454 +.Xr sshd 1M |
454 +.Xr sshd 1M |
455 listens on. |
455 listens on. |
456 The default is 22. |
456 The default is 22. |
457 Multiple options of this type are permitted. |
457 Multiple options of this type are permitted. |
458 @@ -876,7 +876,7 @@ |
458 @@ -990,7 +990,7 @@ |
459 .Cm ListenAddress . |
459 .Cm ListenAddress . |
460 .It Cm PrintLastLog |
460 .It Cm PrintLastLog |
461 Specifies whether |
461 Specifies whether |
462 -.Xr sshd 8 |
462 -.Xr sshd 8 |
463 +.Xr sshd 1M |
463 +.Xr sshd 1M |
464 should print the date and time of the last user login when a user logs |
464 should print the date and time of the last user login when a user logs |
465 in interactively. |
465 in interactively. |
466 The default is |
466 The default is |
467 @@ -883,7 +883,7 @@ |
467 @@ -997,7 +997,7 @@ |
468 .Dq yes . |
468 .Dq yes . |
469 .It Cm PrintMotd |
469 .It Cm PrintMotd |
470 Specifies whether |
470 Specifies whether |
471 -.Xr sshd 8 |
471 -.Xr sshd 8 |
472 +.Xr sshd 1M |
472 +.Xr sshd 1M |
473 should print |
473 should print |
474 .Pa /etc/motd |
474 .Pa /etc/motd |
475 when a user logs in interactively. |
475 when a user logs in interactively. |
476 @@ -891,10 +891,11 @@ |
476 @@ -1008,7 +1008,7 @@ |
477 .Pa /etc/profile , |
477 .Dq yes . |
478 or equivalent.) |
|
479 The default is |
|
480 -.Dq yes . |
|
481 +.Dq no |
|
482 +on Solaris. |
|
483 .It Cm Protocol |
478 .It Cm Protocol |
484 Specifies the protocol versions |
479 Specifies the protocol versions |
485 -.Xr sshd 8 |
480 -.Xr sshd 8 |
486 +.Xr sshd 1M |
481 +.Xr sshd 1M |
487 supports. |
482 supports. |
488 The possible values are |
483 The possible values are |
489 .Sq 1 |
484 .Sq 1 |
490 @@ -936,7 +937,7 @@ |
485 @@ -1081,7 +1081,7 @@ |
491 The minimum value is 512, and the default is 1024. |
486 The minimum value is 512, and the default is 1024. |
492 .It Cm StrictModes |
487 .It Cm StrictModes |
493 Specifies whether |
488 Specifies whether |
494 -.Xr sshd 8 |
489 -.Xr sshd 8 |
495 +.Xr sshd 1M |
490 +.Xr sshd 1M |
496 should check file modes and ownership of the |
491 should check file modes and ownership of the |
497 user's files and home directory before accepting login. |
492 user's files and home directory before accepting login. |
498 This is normally desirable because novices sometimes accidentally leave their |
493 This is normally desirable because novices sometimes accidentally leave their |
499 @@ -952,7 +953,7 @@ |
494 @@ -1115,7 +1115,7 @@ |
500 to execute upon subsystem request. |
|
501 .Pp |
|
502 The command |
|
503 -.Xr sftp-server 8 |
|
504 +.Xr sftp-server 1M |
|
505 implements the |
|
506 .Dq sftp |
|
507 file transfer subsystem. |
|
508 @@ -970,7 +971,7 @@ |
|
509 Note that this option applies to protocol version 2 only. |
495 Note that this option applies to protocol version 2 only. |
510 .It Cm SyslogFacility |
496 .It Cm SyslogFacility |
511 Gives the facility code that is used when logging messages from |
497 Gives the facility code that is used when logging messages from |
512 -.Xr sshd 8 . |
498 -.Xr sshd 8 . |
513 +.Xr sshd 1M . |
499 +.Xr sshd 1M . |
514 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
500 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
515 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
501 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
516 The default is AUTH. |
502 The default is AUTH. |
517 @@ -1013,7 +1014,7 @@ |
503 @@ -1156,7 +1156,7 @@ |
518 .Xr ssh-keygen 1 . |
504 .Xr ssh-keygen 1 . |
519 .It Cm UseDNS |
505 .It Cm UseDNS |
520 Specifies whether |
506 Specifies whether |
521 -.Xr sshd 8 |
507 -.Xr sshd 8 |
522 +.Xr sshd 1M |
508 +.Xr sshd 1M |
523 should look up the remote host name and check that |
509 should look up the remote host name and check that |
524 the resolved host name for the remote IP address maps back to the |
510 the resolved host name for the remote IP address maps back to the |
525 very same IP address. |
511 very same IP address. |
526 @@ -1058,13 +1059,14 @@ |
512 @@ -1201,13 +1201,13 @@ |
527 If |
513 If |
528 .Cm UsePAM |
514 .Cm UsePAM |
529 is enabled, you will not be able to run |
515 is enabled, you will not be able to run |
530 -.Xr sshd 8 |
516 -.Xr sshd 8 |
531 +.Xr sshd 1M |
517 +.Xr sshd 1M |
532 as a non-root user. |
518 as a non-root user. |
533 The default is |
519 The default is |
534 -.Dq no . |
520 .Dq no . |
535 +.Dq yes |
|
536 +on Solaris. |
|
537 .It Cm UsePrivilegeSeparation |
521 .It Cm UsePrivilegeSeparation |
538 Specifies whether |
522 Specifies whether |
539 -.Xr sshd 8 |
523 -.Xr sshd 8 |
540 +.Xr sshd 1M |
524 +.Xr sshd 1M |
541 separates privileges by creating an unprivileged child process |
525 separates privileges by creating an unprivileged child process |
542 to deal with incoming network traffic. |
526 to deal with incoming network traffic. |
543 After successful authentication, another process will be created that has |
527 After successful authentication, another process will be created that has |
544 @@ -1081,7 +1083,7 @@ |
528 @@ -1229,7 +1229,7 @@ |
545 restrictions. |
529 .Dq none . |
546 .It Cm X11DisplayOffset |
530 .It Cm X11DisplayOffset |
547 Specifies the first display number available for |
531 Specifies the first display number available for |
548 -.Xr sshd 8 Ns 's |
532 -.Xr sshd 8 Ns 's |
549 +.Xr sshd 1M Ns 's |
533 +.Xr sshd 1M Ns 's |
550 X11 forwarding. |
534 X11 forwarding. |
551 This prevents sshd from interfering with real X11 servers. |
535 This prevents sshd from interfering with real X11 servers. |
552 The default is 10. |
536 The default is 10. |
553 @@ -1096,7 +1098,7 @@ |
537 @@ -1244,7 +1244,7 @@ |
554 .Pp |
538 .Pp |
555 When X11 forwarding is enabled, there may be additional exposure to |
539 When X11 forwarding is enabled, there may be additional exposure to |
556 the server and to client displays if the |
540 the server and to client displays if the |
557 -.Xr sshd 8 |
541 -.Xr sshd 8 |
558 +.Xr sshd 1M |
542 +.Xr sshd 1M |
559 proxy display is configured to listen on the wildcard address (see |
543 proxy display is configured to listen on the wildcard address (see |
560 .Cm X11UseLocalhost |
544 .Cm X11UseLocalhost |
561 below), though this is not the default. |
545 below), though this is not the default. |
562 @@ -1107,7 +1109,7 @@ |
546 @@ -1255,7 +1255,7 @@ |
563 forwarding (see the warnings for |
547 forwarding (see the warnings for |
564 .Cm ForwardX11 |
548 .Cm ForwardX11 |
565 in |
549 in |
566 -.Xr ssh_config 5 ) . |
550 -.Xr ssh_config 5 ) . |
567 +.Xr ssh_config 4 ) . |
551 +.Xr ssh_config 4 ) . |
568 A system administrator may have a stance in which they want to |
552 A system administrator may have a stance in which they want to |
569 protect clients that may expose themselves to attack by unwittingly |
553 protect clients that may expose themselves to attack by unwittingly |
570 requesting X11 forwarding, which can warrant a |
554 requesting X11 forwarding, which can warrant a |
571 @@ -1121,7 +1123,7 @@ |
555 @@ -1269,7 +1269,7 @@ |
572 is enabled. |
556 is enabled. |
573 .It Cm X11UseLocalhost |
557 .It Cm X11UseLocalhost |
574 Specifies whether |
558 Specifies whether |
575 -.Xr sshd 8 |
559 -.Xr sshd 8 |
576 +.Xr sshd 1M |
560 +.Xr sshd 1M |
577 should bind the X11 forwarding server to the loopback address or to |
561 should bind the X11 forwarding server to the loopback address or to |
578 the wildcard address. |
562 the wildcard address. |
579 By default, |
563 By default, |
580 @@ -1152,7 +1154,7 @@ |
564 @@ -1300,7 +1300,7 @@ |
581 .Pa /usr/X11R6/bin/xauth . |
565 .Pa /usr/X11R6/bin/xauth . |
582 .El |
566 .El |
583 .Sh TIME FORMATS |
567 .Sh TIME FORMATS |
584 -.Xr sshd 8 |
568 -.Xr sshd 8 |
585 +.Xr sshd 1M |
569 +.Xr sshd 1M |
586 command-line arguments and configuration file options that specify time |
570 command-line arguments and configuration file options that specify time |
587 may be expressed using a sequence of the form: |
571 may be expressed using a sequence of the form: |
588 .Sm off |
572 .Sm off |
589 @@ -1196,12 +1198,12 @@ |
573 @@ -1344,12 +1344,12 @@ |
590 .Bl -tag -width Ds |
574 .Bl -tag -width Ds |
591 .It Pa /etc/ssh/sshd_config |
575 .It Pa /etc/ssh/sshd_config |
592 Contains configuration data for |
576 Contains configuration data for |
593 -.Xr sshd 8 . |
577 -.Xr sshd 8 . |
594 +.Xr sshd 1M . |
578 +.Xr sshd 1M . |
599 -.Xr sshd 8 |
583 -.Xr sshd 8 |
600 +.Xr sshd 1M |
584 +.Xr sshd 1M |
601 .Sh AUTHORS |
585 .Sh AUTHORS |
602 OpenSSH is a derivative of the original and free |
586 OpenSSH is a derivative of the original and free |
603 ssh 1.2.12 release by Tatu Ylonen. |
587 ssh 1.2.12 release by Tatu Ylonen. |
604 --- orig/sshd.8 Thu Jan 10 15:04:00 2013 |
588 --- orig/sshd.8 Thu Feb 6 10:01:20 2014 |
605 +++ new/sshd.8 Thu Jan 10 15:53:31 2013 |
589 +++ new/sshd.8 Thu Feb 6 10:22:35 2014 |
606 @@ -35,7 +35,7 @@ |
590 @@ -35,7 +35,7 @@ |
607 .\" |
591 .\" |
608 .\" $OpenBSD: sshd.8,v 1.264 2011/09/23 00:22:04 dtucker Exp $ |
592 .\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $ |
609 .Dd $Mdocdate: September 23 2011 $ |
593 .Dd $Mdocdate: December 7 2013 $ |
610 -.Dt SSHD 8 |
594 -.Dt SSHD 8 |
611 +.Dt SSHD 1M |
595 +.Dt SSHD 1M |
612 .Os |
596 .Os |
613 .Sh NAME |
597 .Sh NAME |
614 .Nm sshd |
598 .Nm sshd |
615 @@ -79,7 +79,7 @@ |
599 @@ -80,7 +80,7 @@ |
616 .Nm |
600 .Nm |
617 can be configured using command-line options or a configuration file |
601 can be configured using command-line options or a configuration file |
618 (by default |
602 (by default |
619 -.Xr sshd_config 5 ) ; |
603 -.Xr sshd_config 5 ) ; |
620 +.Xr sshd_config 4 ) ; |
604 +.Xr sshd_config 4 ) ; |
621 command-line options override values specified in the |
605 command-line options override values specified in the |
622 configuration file. |
606 configuration file. |
623 .Nm |
607 .Nm |
624 @@ -204,7 +204,7 @@ |
608 @@ -210,7 +210,7 @@ |
625 This is useful for specifying options for which there is no separate |
609 This is useful for specifying options for which there is no separate |
626 command-line flag. |
610 command-line flag. |
627 For full details of the options, and their values, see |
611 For full details of the options, and their values, see |
628 -.Xr sshd_config 5 . |
612 -.Xr sshd_config 5 . |
629 +.Xr sshd_config 4 . |
613 +.Xr sshd_config 4 . |
630 .It Fl p Ar port |
614 .It Fl p Ar port |
631 Specifies the port on which the server listens for connections |
615 Specifies the port on which the server listens for connections |
632 (default 22). |
616 (default 22). |
633 @@ -274,7 +274,7 @@ |
617 @@ -280,7 +280,7 @@ |
634 though this can be changed via the |
618 though this can be changed via the |
635 .Cm Protocol |
619 .Cm Protocol |
636 option in |
620 option in |
637 -.Xr sshd_config 5 . |
621 -.Xr sshd_config 5 . |
638 +.Xr sshd_config 4 . |
622 +.Xr sshd_config 4 . |
639 Protocol 2 supports DSA, ECDSA and RSA keys; |
623 Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys; |
640 protocol 1 only supports RSA keys. |
624 protocol 1 only supports RSA keys. |
641 For both protocols, |
625 For both protocols, |
642 @@ -399,7 +399,7 @@ |
626 @@ -405,7 +405,7 @@ |
643 See the |
627 See the |
644 .Cm PermitUserEnvironment |
628 .Cm PermitUserEnvironment |
645 option in |
629 option in |
646 -.Xr sshd_config 5 . |
630 -.Xr sshd_config 5 . |
647 +.Xr sshd_config 4 . |
631 +.Xr sshd_config 4 . |
648 .It |
632 .It |
649 Changes to user's home directory. |
633 Changes to user's home directory. |
650 .It |
634 .It |
651 @@ -542,7 +542,7 @@ |
635 @@ -550,7 +550,7 @@ |
652 environment variable. |
636 environment variable. |
653 Note that this option applies to shell, command or subsystem execution. |
637 Note that this option applies to shell, command or subsystem execution. |
654 Also note that this command may be superseded by either a |
638 Also note that this command may be superseded by either a |
655 -.Xr sshd_config 5 |
639 -.Xr sshd_config 5 |
656 +.Xr sshd_config 4 |
640 +.Xr sshd_config 4 |
657 .Cm ForceCommand |
641 .Cm ForceCommand |
658 directive or a command embedded in a certificate. |
642 directive or a command embedded in a certificate. |
659 .It Cm environment="NAME=value" |
643 .It Cm environment="NAME=value" |
660 @@ -565,7 +565,7 @@ |
644 @@ -571,7 +571,7 @@ |
661 See |
645 name of the remote host or its IP address must be present in the |
662 .Sx PATTERNS |
646 comma-separated list of patterns. |
663 in |
647 See PATTERNS in |
664 -.Xr ssh_config 5 |
648 -.Xr ssh_config 5 |
665 +.Xr ssh_config 4 |
649 +.Xr ssh_config 4 |
666 for more information on patterns. |
650 for more information on patterns. |
667 .Pp |
651 .Pp |
668 In addition to the wildcard matching that may be applied to hostnames or |
652 In addition to the wildcard matching that may be applied to hostnames or |
669 @@ -859,7 +859,7 @@ |
653 @@ -865,7 +865,7 @@ |
670 .It Pa /etc/moduli |
654 .It Pa /etc/moduli |
671 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
655 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
672 The file format is described in |
656 The file format is described in |
673 -.Xr moduli 5 . |
657 -.Xr moduli 5 . |
674 +.Xr moduli 4 . |
658 +.Xr moduli 4 . |
675 .Pp |
659 .Pp |
676 .It Pa /etc/motd |
660 .It Pa /etc/motd |
677 See |
661 See |
678 @@ -918,7 +918,7 @@ |
662 @@ -926,7 +926,7 @@ |
679 Contains configuration data for |
663 Contains configuration data for |
680 .Nm sshd . |
664 .Nm sshd . |
681 The file format and configuration options are described in |
665 The file format and configuration options are described in |
682 -.Xr sshd_config 5 . |
666 -.Xr sshd_config 5 . |
683 +.Xr sshd_config 4 . |
667 +.Xr sshd_config 4 . |
684 .Pp |
668 .Pp |
685 .It Pa /etc/ssh/sshrc |
669 .It Pa /etc/ssh/sshrc |
686 Similar to |
670 Similar to |
687 @@ -954,10 +954,10 @@ |
671 @@ -962,10 +962,10 @@ |
688 .Xr chroot 2 , |
672 .Xr chroot 2 , |
689 .Xr hosts_access 5 , |
673 .Xr hosts_access 5 , |
690 .Xr login.conf 5 , |
674 .Xr login.conf 5 , |
691 -.Xr moduli 5 , |
675 -.Xr moduli 5 , |
692 -.Xr sshd_config 5 , |
676 -.Xr sshd_config 5 , |