1 # This change is Solaris-specific and thus is not being contributed back |
|
2 # to the upstream community. Details: |
|
3 # |
|
4 # OpenSSH uses the BSD/Linux man page scheme which is different from the SysV |
|
5 # man page scheme used in Solaris. In order to comply to the Solaris man page |
|
6 # policy and also use the IPS mediator to switch between SunSSH and OpenSSH man |
|
7 # pages, the section numbers of some OpenSSH man pages are changed to be the |
|
8 # same as their corresponding ones in SunSSH. |
|
9 # |
|
10 |
|
11 diff -rupN old/moduli.5 new/moduli.5 |
|
12 --- old/moduli.5 2015-12-08 21:19:59.482474430 -0800 |
|
13 +++ new/moduli.5 2015-12-08 21:15:53.128029200 -0800 |
|
14 @@ -14,7 +14,7 @@ |
|
15 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
|
16 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
|
17 .Dd $Mdocdate: September 26 2012 $ |
|
18 -.Dt MODULI 5 |
|
19 +.Dt MODULI 4 |
|
20 .Os |
|
21 .Sh NAME |
|
22 .Nm moduli |
|
23 @@ -23,7 +23,7 @@ |
|
24 The |
|
25 .Pa /etc/moduli |
|
26 file contains prime numbers and generators for use by |
|
27 -.Xr sshd 8 |
|
28 +.Xr sshd 1M |
|
29 in the Diffie-Hellman Group Exchange key exchange method. |
|
30 .Pp |
|
31 New moduli may be generated with |
|
32 @@ -40,7 +40,7 @@ pass, using |
|
33 .Ic ssh-keygen -T , |
|
34 provides a high degree of assurance that the numbers are prime and are |
|
35 safe for use in Diffie-Hellman operations by |
|
36 -.Xr sshd 8 . |
|
37 +.Xr sshd 1M . |
|
38 This |
|
39 .Nm |
|
40 format is used as the output from each pass. |
|
41 @@ -70,7 +70,7 @@ are Sophie Germain primes (type 4). |
|
42 Further primality testing with |
|
43 .Xr ssh-keygen 1 |
|
44 produces safe prime moduli (type 2) that are ready for use in |
|
45 -.Xr sshd 8 . |
|
46 +.Xr sshd 1M . |
|
47 Other types are not used by OpenSSH. |
|
48 .It tests |
|
49 Decimal number indicating the type of primality tests that the number |
|
50 @@ -105,16 +105,16 @@ The modulus itself in hexadecimal. |
|
51 .El |
|
52 .Pp |
|
53 When performing Diffie-Hellman Group Exchange, |
|
54 -.Xr sshd 8 |
|
55 +.Xr sshd 1M |
|
56 first estimates the size of the modulus required to produce enough |
|
57 Diffie-Hellman output to sufficiently key the selected symmetric cipher. |
|
58 -.Xr sshd 8 |
|
59 +.Xr sshd 1M |
|
60 then randomly selects a modulus from |
|
61 .Fa /etc/moduli |
|
62 that best meets the size requirement. |
|
63 .Sh SEE ALSO |
|
64 .Xr ssh-keygen 1 , |
|
65 -.Xr sshd 8 |
|
66 +.Xr sshd 1M |
|
67 .Sh STANDARDS |
|
68 .Rs |
|
69 .%A M. Friedl |
|
70 diff -rupN old/sftp-server.8 new/sftp-server.8 |
|
71 --- old/sftp-server.8 2015-12-08 21:04:19.872169630 -0800 |
|
72 +++ new/sftp-server.8 2015-12-08 21:36:18.267186200 -0800 |
|
73 @@ -23,7 +23,7 @@ |
|
74 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
75 .\" |
|
76 .Dd $Mdocdate: December 11 2014 $ |
|
77 -.Dt SFTP-SERVER 8 |
|
78 +.Dt SFTP-SERVER 1M |
|
79 .Os |
|
80 .Sh NAME |
|
81 .Nm sftp-server |
|
82 @@ -47,7 +47,7 @@ is a program that speaks the server side |
|
83 to stdout and expects client requests from stdin. |
|
84 .Nm |
|
85 is not intended to be called directly, but from |
|
86 -.Xr sshd 8 |
|
87 +.Xr sshd 1M |
|
88 using the |
|
89 .Cm Subsystem |
|
90 option. |
|
91 @@ -58,7 +58,7 @@ should be specified in the |
|
92 .Cm Subsystem |
|
93 declaration. |
|
94 See |
|
95 -.Xr sshd_config 5 |
|
96 +.Xr sshd_config 4 |
|
97 for more information. |
|
98 .Pp |
|
99 Valid options are: |
|
100 @@ -71,7 +71,7 @@ The pathname may contain the following t |
|
101 and %u is replaced by the username of that user. |
|
102 The default is to use the user's home directory. |
|
103 This option is useful in conjunction with the |
|
104 -.Xr sshd_config 5 |
|
105 +.Xr sshd_config 4 |
|
106 .Cm ChrootDirectory |
|
107 option. |
|
108 .It Fl e |
|
109 @@ -147,13 +147,13 @@ must be able to access |
|
110 for logging to work, and use of |
|
111 .Nm |
|
112 in a chroot configuration therefore requires that |
|
113 -.Xr syslogd 8 |
|
114 +.Xr syslogd 1M |
|
115 establish a logging socket inside the chroot directory. |
|
116 .Sh SEE ALSO |
|
117 .Xr sftp 1 , |
|
118 .Xr ssh 1 , |
|
119 -.Xr sshd_config 5 , |
|
120 -.Xr sshd 8 |
|
121 +.Xr sshd_config 4 , |
|
122 +.Xr sshd 1M |
|
123 .Rs |
|
124 .%A T. Ylonen |
|
125 .%A S. Lehtinen |
|
126 diff -rupN old/ssh-keysign.8 new/ssh-keysign.8 |
|
127 --- old/ssh-keysign.8 2015-12-08 21:20:45.638888550 -0800 |
|
128 +++ new/ssh-keysign.8 2015-12-08 21:15:29.266139300 -0800 |
|
129 @@ -23,7 +23,7 @@ |
|
130 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
131 .\" |
|
132 .Dd $Mdocdate: February 17 2016 $ |
|
133 -.Dt SSH-KEYSIGN 8 |
|
134 +.Dt SSH-KEYSIGN 1M |
|
135 .Os |
|
136 .Sh NAME |
|
137 .Nm ssh-keysign |
|
138 @@ -52,7 +52,7 @@ is not intended to be invoked by the use |
|
139 See |
|
140 .Xr ssh 1 |
|
141 and |
|
142 -.Xr sshd 8 |
|
143 +.Xr sshd 1M |
|
144 for more information about host-based authentication. |
|
145 .Sh FILES |
|
146 .Bl -tag -width Ds -compact |
|
147 @@ -83,8 +83,8 @@ information corresponding with the priva |
|
148 .Sh SEE ALSO |
|
149 .Xr ssh 1 , |
|
150 .Xr ssh-keygen 1 , |
|
151 -.Xr ssh_config 5 , |
|
152 -.Xr sshd 8 |
|
153 +.Xr ssh_config 4 , |
|
154 +.Xr sshd 1M |
|
155 .Sh HISTORY |
|
156 .Nm |
|
157 first appeared in |
|
158 diff -rupN old/ssh-pkcs11-helper.8 new/ssh-pkcs11-helper.8 |
|
159 --- old/ssh-pkcs11-helper.8 2015-12-08 21:18:49.511938140 -0800 |
|
160 +++ new/ssh-pkcs11-helper.8 2015-12-08 21:16:10.866823750 -0800 |
|
161 @@ -15,7 +15,7 @@ |
|
162 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
|
163 .\" |
|
164 .Dd $Mdocdate: July 16 2013 $ |
|
165 -.Dt SSH-PKCS11-HELPER 8 |
|
166 +.Dt SSH-PKCS11-HELPER 1M |
|
167 .Os |
|
168 .Sh NAME |
|
169 .Nm ssh-pkcs11-helper |
|
170 --- old/sshd_config.5 2016-05-11 04:08:25.946753581 -0700 |
|
171 +++ new/sshd_config.5 2016-05-11 04:20:10.025546205 -0700 |
|
172 @@ -35,7 +35,7 @@ |
|
173 .\" |
|
174 .\" $OpenBSD: sshd_config.5,v 1.220 2016/02/17 08:57:34 djm Exp $ |
|
175 .Dd $Mdocdate: February 17 2016 $ |
|
176 -.Dt SSHD_CONFIG 5 |
|
177 +.Dt SSHD_CONFIG 4 |
|
178 .Os |
|
179 .Sh NAME |
|
180 .Nm sshd_config |
|
181 @@ -43,7 +43,7 @@ |
|
182 .Sh SYNOPSIS |
|
183 .Nm /etc/ssh/sshd_config |
|
184 .Sh DESCRIPTION |
|
185 -.Xr sshd 8 |
|
186 +.Xr sshd 1M |
|
187 reads configuration data from |
|
188 .Pa /etc/ssh/sshd_config |
|
189 (or the file specified with |
|
190 @@ -68,7 +68,7 @@ |
|
191 See |
|
192 .Cm SendEnv |
|
193 in |
|
194 -.Xr ssh_config 5 |
|
195 +.Xr ssh_config 4 |
|
196 for how to configure the client. |
|
197 The |
|
198 .Ev TERM |
|
199 @@ -88,7 +88,7 @@ |
|
200 The default is not to accept any environment variables. |
|
201 .It Cm AddressFamily |
|
202 Specifies which address family should be used by |
|
203 -.Xr sshd 8 . |
|
204 +.Xr sshd 1M . |
|
205 Valid arguments are |
|
206 .Dq any , |
|
207 .Dq inet |
|
208 @@ -121,7 +121,7 @@ |
|
209 .Cm AllowGroups . |
|
210 .Pp |
|
211 See PATTERNS in |
|
212 -.Xr ssh_config 5 |
|
213 +.Xr ssh_config 4 |
|
214 for more information on patterns. |
|
215 .It Cm AllowTcpForwarding |
|
216 Specifies whether TCP forwarding is permitted. |
|
217 @@ -181,7 +181,7 @@ |
|
218 .Cm AllowGroups . |
|
219 .Pp |
|
220 See PATTERNS in |
|
221 -.Xr ssh_config 5 |
|
222 +.Xr ssh_config 4 |
|
223 for more information on patterns. |
|
224 .It Cm AuthenticationMethods |
|
225 Specifies the authentication methods that must be successfully completed |
|
226 @@ -216,7 +216,7 @@ |
|
227 If the |
|
228 .Dq publickey |
|
229 method is listed more than once, |
|
230 -.Xr sshd 8 |
|
231 +.Xr sshd 1M |
|
232 verifies that keys that have been used successfully are not reused for |
|
233 subsequent authentications. |
|
234 For example, an |
|
235 @@ -249,7 +249,7 @@ |
|
236 .Pp |
|
237 The program should produce on standard output zero or |
|
238 more lines of authorized_keys output (see AUTHORIZED_KEYS in |
|
239 -.Xr sshd 8 ) . |
|
240 +.Xr sshd 1M ) . |
|
241 If a key supplied by AuthorizedKeysCommand does not successfully authenticate |
|
242 and authorize the user then public key authentication continues using the usual |
|
243 .Cm AuthorizedKeysFile |
|
244 @@ -264,7 +264,7 @@ |
|
245 is specified but |
|
246 .Cm AuthorizedKeysCommandUser |
|
247 is not, then |
|
248 -.Xr sshd 8 |
|
249 +.Xr sshd 1M |
|
250 will refuse to start. |
|
251 .It Cm AuthorizedKeysFile |
|
252 Specifies the file that contains the public keys that can be used |
|
253 @@ -272,7 +272,7 @@ |
|
254 The format is described in the |
|
255 AUTHORIZED_KEYS FILE FORMAT |
|
256 section of |
|
257 -.Xr sshd 8 . |
|
258 +.Xr sshd 1M . |
|
259 .Cm AuthorizedKeysFile |
|
260 may contain tokens of the form %T which are substituted during connection |
|
261 setup. |
|
262 @@ -323,7 +323,7 @@ |
|
263 is specified but |
|
264 .Cm AuthorizedPrincipalsCommandUser |
|
265 is not, then |
|
266 -.Xr sshd 8 |
|
267 +.Xr sshd 1M |
|
268 will refuse to start. |
|
269 .It Cm AuthorizedPrincipalsFile |
|
270 Specifies a file that lists principal names that are accepted for |
|
271 @@ -334,7 +334,7 @@ |
|
272 to be accepted for authentication. |
|
273 Names are listed one per line preceded by key options (as described |
|
274 in AUTHORIZED_KEYS FILE FORMAT in |
|
275 -.Xr sshd 8 ) . |
|
276 +.Xr sshd 1M ) . |
|
277 Empty lines and comments starting with |
|
278 .Ql # |
|
279 are ignored. |
|
280 @@ -364,7 +364,7 @@ |
|
281 though the |
|
282 .Cm principals= |
|
283 key option offers a similar facility (see |
|
284 -.Xr sshd 8 |
|
285 +.Xr sshd 1M |
|
286 for details). |
|
287 .It Cm Banner |
|
288 The contents of the specified file are sent to the remote user before |
|
289 @@ -384,11 +384,11 @@ |
|
290 .Xr chroot 2 |
|
291 to after authentication. |
|
292 At session startup |
|
293 -.Xr sshd 8 |
|
294 +.Xr sshd 1M |
|
295 checks that all components of the pathname are root-owned directories |
|
296 which are not writable by any other user or group. |
|
297 After the chroot, |
|
298 -.Xr sshd 8 |
|
299 +.Xr sshd 1M |
|
300 changes the working directory to the user's home directory. |
|
301 .Pp |
|
302 The pathname may contain the following tokens that are expanded at runtime once |
|
303 @@ -420,14 +420,14 @@ |
|
304 though sessions which use logging may require |
|
305 .Pa /dev/log |
|
306 inside the chroot directory on some operating systems (see |
|
307 -.Xr sftp-server 8 |
|
308 +.Xr sftp-server 1M |
|
309 for details). |
|
310 .Pp |
|
311 For safety, it is very important that the directory hierarchy be |
|
312 prevented from modification by other processes on the system (especially |
|
313 those outside the jail). |
|
314 Misconfiguration can lead to unsafe environments which |
|
315 -.Xr sshd 8 |
|
316 +.Xr sshd 1M |
|
317 cannot detect. |
|
318 .Pp |
|
319 The default is |
|
320 @@ -493,7 +493,7 @@ |
|
321 .It Cm ClientAliveCountMax |
|
322 Sets the number of client alive messages (see below) which may be |
|
323 sent without |
|
324 -.Xr sshd 8 |
|
325 +.Xr sshd 1M |
|
326 receiving any messages back from the client. |
|
327 If this threshold is reached while client alive messages are being sent, |
|
328 sshd will disconnect the client, terminating the session. |
|
329 @@ -519,7 +519,7 @@ |
|
330 .It Cm ClientAliveInterval |
|
331 Sets a timeout interval in seconds after which if no data has been received |
|
332 from the client, |
|
333 -.Xr sshd 8 |
|
334 +.Xr sshd 1M |
|
335 will send a message through the encrypted |
|
336 channel to request a response from the client. |
|
337 The default |
|
338 @@ -549,7 +549,7 @@ |
|
339 .Cm AllowGroups . |
|
340 .Pp |
|
341 See PATTERNS in |
|
342 -.Xr ssh_config 5 |
|
343 +.Xr ssh_config 4 |
|
344 for more information on patterns. |
|
345 .It Cm DenyUsers |
|
346 This keyword can be followed by a list of user name patterns, separated |
|
347 @@ -568,7 +568,7 @@ |
|
348 .Cm AllowGroups . |
|
349 .Pp |
|
350 See PATTERNS in |
|
351 -.Xr ssh_config 5 |
|
352 +.Xr ssh_config 4 |
|
353 for more information on patterns. |
|
354 .It Cm FingerprintHash |
|
355 Specifies the hash algorithm used when logging key fingerprints. |
|
356 @@ -603,7 +603,7 @@ |
|
357 Specifies whether remote hosts are allowed to connect to ports |
|
358 forwarded for the client. |
|
359 By default, |
|
360 -.Xr sshd 8 |
|
361 +.Xr sshd 1M |
|
362 binds remote port forwardings to the loopback address. |
|
363 This prevents other remote hosts from connecting to forwarded ports. |
|
364 .Cm GatewayPorts |
|
365 @@ -684,7 +684,7 @@ |
|
366 A setting of |
|
367 .Dq yes |
|
368 means that |
|
369 -.Xr sshd 8 |
|
370 +.Xr sshd 1M |
|
371 uses the name supplied by the client rather than |
|
372 attempting to resolve the name from the TCP connection itself. |
|
373 The default is |
|
374 @@ -695,7 +695,7 @@ |
|
375 by |
|
376 .Cm HostKey . |
|
377 The default behaviour of |
|
378 -.Xr sshd 8 |
|
379 +.Xr sshd 1M |
|
380 is not to load any certificates. |
|
381 .It Cm HostKey |
|
382 Specifies a file containing a private host key |
|
383 @@ -711,12 +711,12 @@ |
|
384 for protocol version 2. |
|
385 .Pp |
|
386 Note that |
|
387 -.Xr sshd 8 |
|
388 +.Xr sshd 1M |
|
389 will refuse to use a file if it is group/world-accessible |
|
390 and that the |
|
391 .Cm HostKeyAlgorithms |
|
392 option restricts which of the keys are actually used by |
|
393 -.Xr sshd 8 . |
|
394 +.Xr sshd 1M . |
|
395 .Pp |
|
396 It is possible to have multiple host key files. |
|
397 .Dq rsa1 |
|
398 @@ -777,7 +777,7 @@ |
|
399 .Dq yes . |
|
400 .It Cm IgnoreUserKnownHosts |
|
401 Specifies whether |
|
402 -.Xr sshd 8 |
|
403 +.Xr sshd 1M |
|
404 should ignore the user's |
|
405 .Pa ~/.ssh/known_hosts |
|
406 during |
|
407 @@ -912,7 +912,7 @@ |
|
408 The default is 3600 (seconds). |
|
409 .It Cm ListenAddress |
|
410 Specifies the local addresses |
|
411 -.Xr sshd 8 |
|
412 +.Xr sshd 1M |
|
413 should listen on. |
|
414 The following forms may be used: |
|
415 .Pp |
|
416 @@ -952,7 +952,7 @@ |
|
417 The default is 120 seconds. |
|
418 .It Cm LogLevel |
|
419 Gives the verbosity level that is used when logging messages from |
|
420 -.Xr sshd 8 . |
|
421 +.Xr sshd 1M . |
|
422 The possible values are: |
|
423 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. |
|
424 The default is INFO. |
|
425 @@ -1057,7 +1057,7 @@ |
|
426 The match patterns may consist of single entries or comma-separated |
|
427 lists and may use the wildcard and negation operators described in the |
|
428 PATTERNS section of |
|
429 -.Xr ssh_config 5 . |
|
430 +.Xr ssh_config 4 . |
|
431 .Pp |
|
432 The patterns in an |
|
433 .Cm Address |
|
434 @@ -1156,7 +1156,7 @@ |
|
435 the three colon separated values |
|
436 .Dq start:rate:full |
|
437 (e.g. "10:30:60"). |
|
438 -.Xr sshd 8 |
|
439 +.Xr sshd 1M |
|
440 will refuse connection attempts with a probability of |
|
441 .Dq rate/100 |
|
442 (30%) |
|
443 @@ -1276,7 +1276,7 @@ |
|
444 options in |
|
445 .Pa ~/.ssh/authorized_keys |
|
446 are processed by |
|
447 -.Xr sshd 8 . |
|
448 +.Xr sshd 1M . |
|
449 The default is |
|
450 .Dq no . |
|
451 Enabling environment processing may enable users to bypass access |
|
452 @@ -1297,7 +1297,7 @@ |
|
453 .Pa /var/run/sshd.pid . |
|
454 .It Cm Port |
|
455 Specifies the port number that |
|
456 -.Xr sshd 8 |
|
457 +.Xr sshd 1M |
|
458 listens on. |
|
459 The default is 22. |
|
460 Multiple options of this type are permitted. |
|
461 @@ -1305,14 +1305,14 @@ |
|
462 .Cm ListenAddress . |
|
463 .It Cm PrintLastLog |
|
464 Specifies whether |
|
465 -.Xr sshd 8 |
|
466 +.Xr sshd 1M |
|
467 should print the date and time of the last user login when a user logs |
|
468 in interactively. |
|
469 On Solaris this option is always ignored since pam_unix_session(5) |
|
470 reports the last login time. |
|
471 .It Cm PrintMotd |
|
472 Specifies whether |
|
473 -.Xr sshd 8 |
|
474 +.Xr sshd 1M |
|
475 should print |
|
476 .Pa /etc/motd |
|
477 when a user logs in interactively. |
|
478 @@ -1323,7 +1323,7 @@ |
|
479 .Dq yes . |
|
480 .It Cm Protocol |
|
481 Specifies the protocol versions |
|
482 -.Xr sshd 8 |
|
483 +.Xr sshd 1M |
|
484 supports. |
|
485 The possible values are |
|
486 .Sq 1 |
|
487 @@ -1450,7 +1450,7 @@ |
|
488 .Dq no . |
|
489 .It Cm StrictModes |
|
490 Specifies whether |
|
491 -.Xr sshd 8 |
|
492 +.Xr sshd 1M |
|
493 should check file modes and ownership of the |
|
494 user's files and home directory before accepting login. |
|
495 This is normally desirable because novices sometimes accidentally leave their |
|
496 @@ -1466,7 +1466,7 @@ |
|
497 to execute upon subsystem request. |
|
498 .Pp |
|
499 The command |
|
500 -.Xr sftp-server 8 |
|
501 +.Xr sftp-server 1M |
|
502 implements the |
|
503 .Dq sftp |
|
504 file transfer subsystem. |
|
505 @@ -1483,7 +1483,7 @@ |
|
506 By default no subsystems are defined. |
|
507 .It Cm SyslogFacility |
|
508 Gives the facility code that is used when logging messages from |
|
509 -.Xr sshd 8 . |
|
510 +.Xr sshd 1M . |
|
511 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
|
512 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
|
513 The default is AUTH. |
|
514 @@ -1526,7 +1526,7 @@ |
|
515 .Xr ssh-keygen 1 . |
|
516 .It Cm UseDNS |
|
517 Specifies whether |
|
518 -.Xr sshd 8 |
|
519 +.Xr sshd 1M |
|
520 should look up the remote host name, and to check that |
|
521 the resolved host name for the remote IP address maps back to the |
|
522 very same IP address. |
|
523 @@ -1580,13 +1580,13 @@ |
|
524 If |
|
525 .Cm UsePAM |
|
526 is enabled, you will not be able to run |
|
527 -.Xr sshd 8 |
|
528 +.Xr sshd 1M |
|
529 as a non-root user. |
|
530 The default is |
|
531 .Dq no . |
|
532 .It Cm UsePrivilegeSeparation |
|
533 Specifies whether |
|
534 -.Xr sshd 8 |
|
535 +.Xr sshd 1M |
|
536 separates privileges by creating an unprivileged child process |
|
537 to deal with incoming network traffic. |
|
538 After successful authentication, another process will be created that has |
|
539 @@ -1613,7 +1613,7 @@ |
|
540 .Dq none . |
|
541 .It Cm X11DisplayOffset |
|
542 Specifies the first display number available for |
|
543 -.Xr sshd 8 Ns 's |
|
544 +.Xr sshd 1M Ns 's |
|
545 X11 forwarding. |
|
546 This prevents sshd from interfering with real X11 servers. |
|
547 The default is 10. |
|
548 @@ -1628,7 +1628,7 @@ |
|
549 .Pp |
|
550 When X11 forwarding is enabled, there may be additional exposure to |
|
551 the server and to client displays if the |
|
552 -.Xr sshd 8 |
|
553 +.Xr sshd 1M |
|
554 proxy display is configured to listen on the wildcard address (see |
|
555 .Cm X11UseLocalhost |
|
556 below), though this is not the default. |
|
557 @@ -1639,7 +1639,7 @@ |
|
558 forwarding (see the warnings for |
|
559 .Cm ForwardX11 |
|
560 in |
|
561 -.Xr ssh_config 5 ) . |
|
562 +.Xr ssh_config 4 ) . |
|
563 A system administrator may have a stance in which they want to |
|
564 protect clients that may expose themselves to attack by unwittingly |
|
565 requesting X11 forwarding, which can warrant a |
|
566 @@ -1653,7 +1653,7 @@ |
|
567 is enabled. |
|
568 .It Cm X11UseLocalhost |
|
569 Specifies whether |
|
570 -.Xr sshd 8 |
|
571 +.Xr sshd 1M |
|
572 should bind the X11 forwarding server to the loopback address or to |
|
573 the wildcard address. |
|
574 By default, |
|
575 @@ -1686,7 +1686,7 @@ |
|
576 .Pa /usr/X11R6/bin/xauth . |
|
577 .El |
|
578 .Sh TIME FORMATS |
|
579 -.Xr sshd 8 |
|
580 +.Xr sshd 1M |
|
581 command-line arguments and configuration file options that specify time |
|
582 may be expressed using a sequence of the form: |
|
583 .Sm off |
|
584 @@ -1730,12 +1730,12 @@ |
|
585 .Bl -tag -width Ds |
|
586 .It Pa /etc/ssh/sshd_config |
|
587 Contains configuration data for |
|
588 -.Xr sshd 8 . |
|
589 +.Xr sshd 1M . |
|
590 This file should be writable by root only, but it is recommended |
|
591 (though not necessary) that it be world-readable. |
|
592 .El |
|
593 .Sh SEE ALSO |
|
594 -.Xr sshd 8 , |
|
595 +.Xr sshd 1M , |
|
596 .Xr pam_unix_session 5 |
|
597 .Sh AUTHORS |
|
598 OpenSSH is a derivative of the original and free |
|
599 --- old/ssh_config.5 2016-03-09 10:04:48.000000000 -0800 |
|
600 +++ new/ssh_config.5 2016-05-11 04:27:03.379064284 -0700 |
|
601 @@ -35,7 +35,7 @@ |
|
602 .\" |
|
603 .\" $OpenBSD: ssh_config.5,v 1.228 2016/02/20 23:01:46 sobrado Exp $ |
|
604 .Dd $Mdocdate: February 20 2016 $ |
|
605 -.Dt SSH_CONFIG 5 |
|
606 +.Dt SSH_CONFIG 4 |
|
607 .Os |
|
608 .Sh NAME |
|
609 .Nm ssh_config |
|
610 @@ -639,7 +639,7 @@ |
|
611 .Dq Fl O No exit |
|
612 option). |
|
613 If set to a time in seconds, or a time in any of the formats documented in |
|
614 -.Xr sshd_config 5 , |
|
615 +.Xr sshd_config 4 , |
|
616 then the backgrounded master connection will automatically terminate |
|
617 after it has remained idle (with no client connections) for the |
|
618 specified time. |
|
619 @@ -681,7 +681,7 @@ |
|
620 in the global client configuration file |
|
621 .Pa /etc/ssh/ssh_config |
|
622 enables the use of the helper program |
|
623 -.Xr ssh-keysign 8 |
|
624 +.Xr ssh-keysign 1M |
|
625 during |
|
626 .Cm HostbasedAuthentication . |
|
627 The argument must be |
|
628 @@ -692,7 +692,7 @@ |
|
629 .Dq no . |
|
630 This option should be placed in the non-hostspecific section. |
|
631 See |
|
632 -.Xr ssh-keysign 8 |
|
633 +.Xr ssh-keysign 1M |
|
634 for more information. |
|
635 .It Cm EscapeChar |
|
636 Sets the escape character (default: |
|
637 @@ -773,7 +773,7 @@ |
|
638 Specify a timeout for untrusted X11 forwarding |
|
639 using the format described in the |
|
640 TIME FORMATS section of |
|
641 -.Xr sshd_config 5 . |
|
642 +.Xr sshd_config 4 . |
|
643 X11 connections received by |
|
644 .Xr ssh 1 |
|
645 after this time will be refused. |
|
646 @@ -838,7 +838,7 @@ |
|
647 These hashed names may be used normally by |
|
648 .Xr ssh 1 |
|
649 and |
|
650 -.Xr sshd 8 , |
|
651 +.Xr sshd 1M , |
|
652 but they do not reveal identifying information should the file's contents |
|
653 be disclosed. |
|
654 The default is |
|
655 @@ -1287,7 +1287,7 @@ |
|
656 The command can be basically anything, |
|
657 and should read from its standard input and write to its standard output. |
|
658 It should eventually connect an |
|
659 -.Xr sshd 8 |
|
660 +.Xr sshd 1M |
|
661 server running on some machine, or execute |
|
662 .Ic sshd -i |
|
663 somewhere. |
|
664 @@ -1366,7 +1366,7 @@ |
|
665 The optional second value is specified in seconds and may use any of the |
|
666 units documented in the |
|
667 TIME FORMATS section of |
|
668 -.Xr sshd_config 5 . |
|
669 +.Xr sshd_config 4 . |
|
670 The default value for |
|
671 .Cm RekeyLimit |
|
672 is |
|
673 @@ -1409,7 +1409,7 @@ |
|
674 will only succeed if the server's |
|
675 .Cm GatewayPorts |
|
676 option is enabled (see |
|
677 -.Xr sshd_config 5 ) . |
|
678 +.Xr sshd_config 4 ) . |
|
679 .It Cm RequestTTY |
|
680 Specifies whether to request a pseudo-tty for the session. |
|
681 The argument may be one of: |
|
682 @@ -1474,7 +1474,7 @@ |
|
683 Refer to |
|
684 .Cm AcceptEnv |
|
685 in |
|
686 -.Xr sshd_config 5 |
|
687 +.Xr sshd_config 4 |
|
688 for how to configure the server. |
|
689 Variables are specified by name, which may contain wildcard characters. |
|
690 Multiple environment variables may be separated by whitespace or spread |
|
691 @@ -1662,7 +1662,7 @@ |
|
692 and will be disabled if it is enabled. |
|
693 .Pp |
|
694 Presently, only |
|
695 -.Xr sshd 8 |
|
696 +.Xr sshd 1M |
|
697 from OpenSSH 6.8 and greater support the |
|
698 .Dq [email protected] |
|
699 protocol extension used to inform the client of all the server's hostkeys. |
|
700 --- old/sshd.8 2016-03-09 10:04:48.000000000 -0800 |
|
701 +++ new/sshd.8 2016-05-11 05:04:07.228783462 -0700 |
|
702 @@ -35,7 +35,7 @@ |
|
703 .\" |
|
704 .\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $ |
|
705 .Dd $Mdocdate: February 17 2016 $ |
|
706 -.Dt SSHD 8 |
|
707 +.Dt SSHD 1M |
|
708 .Os |
|
709 .Sh NAME |
|
710 .Nm sshd |
|
711 @@ -77,7 +77,7 @@ |
|
712 .Nm |
|
713 can be configured using command-line options or a configuration file |
|
714 (by default |
|
715 -.Xr sshd_config 5 ) ; |
|
716 +.Xr sshd_config 4 ) ; |
|
717 command-line options override values specified in the |
|
718 configuration file. |
|
719 .Nm |
|
720 @@ -204,7 +204,7 @@ |
|
721 This is useful for specifying options for which there is no separate |
|
722 command-line flag. |
|
723 For full details of the options, and their values, see |
|
724 -.Xr sshd_config 5 . |
|
725 +.Xr sshd_config 4 . |
|
726 .It Fl p Ar port |
|
727 Specifies the port on which the server listens for connections |
|
728 (default 22). |
|
729 @@ -274,7 +274,7 @@ |
|
730 though this can be changed via the |
|
731 .Cm Protocol |
|
732 option in |
|
733 -.Xr sshd_config 5 . |
|
734 +.Xr sshd_config 4 . |
|
735 Protocol 1 should not be used |
|
736 and is only offered to support legacy devices. |
|
737 .Pp |
|
738 @@ -397,14 +397,14 @@ |
|
739 See the |
|
740 .Cm PermitUserEnvironment |
|
741 option in |
|
742 -.Xr sshd_config 5 . |
|
743 +.Xr sshd_config 4 . |
|
744 .It |
|
745 Changes to user's home directory. |
|
746 .It |
|
747 If |
|
748 .Pa ~/.ssh/rc |
|
749 exists and the |
|
750 -.Xr sshd_config 5 |
|
751 +.Xr sshd_config 4 |
|
752 .Cm PermitUserRC |
|
753 option is set, runs it; else if |
|
754 .Pa /etc/ssh/sshrc |
|
755 @@ -551,7 +551,7 @@ |
|
756 environment variable. |
|
757 Note that this option applies to shell, command or subsystem execution. |
|
758 Also note that this command may be superseded by either a |
|
759 -.Xr sshd_config 5 |
|
760 +.Xr sshd_config 4 |
|
761 .Cm ForceCommand |
|
762 directive or a command embedded in a certificate. |
|
763 .It Cm environment="NAME=value" |
|
764 @@ -952,7 +952,7 @@ |
|
765 Contains configuration data for |
|
766 .Nm sshd . |
|
767 The file format and configuration options are described in |
|
768 -.Xr sshd_config 5 . |
|
769 +.Xr sshd_config 4 . |
|
770 .Pp |
|
771 .It Pa /etc/ssh/sshrc |
|
772 Similar to |
|
773 @@ -986,11 +986,12 @@ |
|
774 .Xr ssh-keygen 1 , |
|
775 .Xr ssh-keyscan 1 , |
|
776 .Xr chroot 2 , |
|
777 +.Xr hosts_access 5 , |
|
778 .Xr login.conf 5 , |
|
779 -.Xr moduli 5 , |
|
780 -.Xr sshd_config 5 , |
|
781 -.Xr inetd 8 , |
|
782 -.Xr sftp-server 8 |
|
783 +.Xr moduli 4 , |
|
784 +.Xr sshd_config 4 , |
|
785 +.Xr inetd 1M , |
|
786 +.Xr sftp-server 1M |
|
787 .Sh AUTHORS |
|
788 OpenSSH is a derivative of the original and free |
|
789 ssh 1.2.12 release by Tatu Ylonen. |
|