19507834 PHP 5.3 module ldap.so provides no way to initialize LDAP over SSL/TLS
20927781 php should support LDAP_OPT_DEBUG_LEVEL
# This change is Solaris-specific and thus is not being contributed back
# to the upstream community. Details:
#
# OpenSSH uses the BSD/Linux man page scheme which is different from the SysV
# man page scheme used in Solaris. In order to comply to the Solaris man page
# policy and also use the IPS mediator to switch between SunSSH and OpenSSH man
# pages, the section numbers of some OpenSSH man pages are changed to be the
# same as their corresponding ones in SunSSH.
#
diff -pur old/moduli.5 new/moduli.5
--- old/moduli.5 2015-03-17 06:49:20.000000000 +0100
+++ new/moduli.5 2015-03-28 05:37:09.205577491 +0100
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.Dd $Mdocdate: September 26 2012 $
-.Dt MODULI 5
+.Dt MODULI 4
.Os
.Sh NAME
.Nm moduli
@@ -23,7 +23,7 @@
The
.Pa /etc/moduli
file contains prime numbers and generators for use by
-.Xr sshd 8
+.Xr sshd 1M
in the Diffie-Hellman Group Exchange key exchange method.
.Pp
New moduli may be generated with
@@ -40,7 +40,7 @@ pass, using
.Ic ssh-keygen -T ,
provides a high degree of assurance that the numbers are prime and are
safe for use in Diffie-Hellman operations by
-.Xr sshd 8 .
+.Xr sshd 1M .
This
.Nm
format is used as the output from each pass.
@@ -70,7 +70,7 @@ are Sophie Germain primes (type 4).
Further primality testing with
.Xr ssh-keygen 1
produces safe prime moduli (type 2) that are ready for use in
-.Xr sshd 8 .
+.Xr sshd 1M .
Other types are not used by OpenSSH.
.It tests
Decimal number indicating the type of primality tests that the number
@@ -105,16 +105,16 @@ The modulus itself in hexadecimal.
.El
.Pp
When performing Diffie-Hellman Group Exchange,
-.Xr sshd 8
+.Xr sshd 1M
first estimates the size of the modulus required to produce enough
Diffie-Hellman output to sufficiently key the selected symmetric cipher.
-.Xr sshd 8
+.Xr sshd 1M
then randomly selects a modulus from
.Fa /etc/moduli
that best meets the size requirement.
.Sh SEE ALSO
.Xr ssh-keygen 1 ,
-.Xr sshd 8
+.Xr sshd 1M
.Sh STANDARDS
.Rs
.%A M. Friedl
diff -pur old/sftp-server.8 new/sftp-server.8
--- old/sftp-server.8 2015-03-17 06:49:20.000000000 +0100
+++ new/sftp-server.8 2015-03-28 05:38:55.972453415 +0100
@@ -23,7 +23,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 11 2014 $
-.Dt SFTP-SERVER 8
+.Dt SFTP-SERVER 1M
.Os
.Sh NAME
.Nm sftp-server
@@ -47,7 +47,7 @@ is a program that speaks the server side
to stdout and expects client requests from stdin.
.Nm
is not intended to be called directly, but from
-.Xr sshd 8
+.Xr sshd 1M
using the
.Cm Subsystem
option.
@@ -58,7 +58,7 @@ should be specified in the
.Cm Subsystem
declaration.
See
-.Xr sshd_config 5
+.Xr sshd_config 4
for more information.
.Pp
Valid options are:
@@ -71,7 +71,7 @@ The pathname may contain the following t
and %u is replaced by the username of that user.
The default is to use the user's home directory.
This option is useful in conjunction with the
-.Xr sshd_config 5
+.Xr sshd_config 4
.Cm ChrootDirectory
option.
.It Fl e
@@ -152,8 +152,8 @@ establish a logging socket inside the ch
.Sh SEE ALSO
.Xr sftp 1 ,
.Xr ssh 1 ,
-.Xr sshd_config 5 ,
-.Xr sshd 8
+.Xr sshd_config 4 ,
+.Xr sshd 1M
.Rs
.%A T. Ylonen
.%A S. Lehtinen
diff -pur old/ssh-keysign.8 new/ssh-keysign.8
--- old/ssh-keysign.8 2015-03-17 06:49:20.000000000 +0100
+++ new/ssh-keysign.8 2015-03-28 05:37:09.206625270 +0100
@@ -23,7 +23,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 7 2013 $
-.Dt SSH-KEYSIGN 8
+.Dt SSH-KEYSIGN 1M
.Os
.Sh NAME
.Nm ssh-keysign
@@ -52,7 +52,7 @@ is not intended to be invoked by the use
See
.Xr ssh 1
and
-.Xr sshd 8
+.Xr sshd 1M
for more information about host-based authentication.
.Sh FILES
.Bl -tag -width Ds -compact
@@ -83,8 +83,8 @@ information corresponding with the priva
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-keygen 1 ,
-.Xr ssh_config 5 ,
-.Xr sshd 8
+.Xr ssh_config 4 ,
+.Xr sshd 1M
.Sh HISTORY
.Nm
first appeared in
diff -pur old/ssh-pkcs11-helper.8 new/ssh-pkcs11-helper.8
--- old/ssh-pkcs11-helper.8 2015-03-17 06:49:20.000000000 +0100
+++ new/ssh-pkcs11-helper.8 2015-03-28 05:37:09.206699277 +0100
@@ -15,7 +15,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 16 2013 $
-.Dt SSH-PKCS11-HELPER 8
+.Dt SSH-PKCS11-HELPER 1M
.Os
.Sh NAME
.Nm ssh-pkcs11-helper
diff -pur old/ssh_config.5 new/ssh_config.5
--- old/ssh_config.5 2015-03-17 06:49:20.000000000 +0100
+++ new/ssh_config.5 2015-03-28 05:39:45.895250783 +0100
@@ -35,7 +35,7 @@
.\"
.\" $OpenBSD: ssh_config.5,v 1.205 2015/02/20 22:17:21 djm Exp $
.Dd $Mdocdate: February 20 2015 $
-.Dt SSH_CONFIG 5
+.Dt SSH_CONFIG 4
.Os
.Sh NAME
.Nm ssh_config
@@ -562,7 +562,7 @@ then the master connection will remain i
.Dq Fl O No exit
option).
If set to a time in seconds, or a time in any of the formats documented in
-.Xr sshd_config 5 ,
+.Xr sshd_config 4 ,
then the backgrounded master connection will automatically terminate
after it has remained idle (with no client connections) for the
specified time.
@@ -689,7 +689,7 @@ option is also enabled.
Specify a timeout for untrusted X11 forwarding
using the format described in the
TIME FORMATS section of
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
X11 connections received by
.Xr ssh 1
after this time will be refused.
@@ -756,7 +756,7 @@ should hash host names and addresses whe
These hashed names may be used normally by
.Xr ssh 1
and
-.Xr sshd 8 ,
+.Xr sshd 1M ,
but they do not reveal identifying information should the file's contents
be disclosed.
The default is
@@ -1233,7 +1233,7 @@ depending on the cipher.
The optional second value is specified in seconds and may use any of the
units documented in the
TIME FORMATS section of
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
The default value for
.Cm RekeyLimit
is
@@ -1277,7 +1277,7 @@ Specifying a remote
will only succeed if the server's
.Cm GatewayPorts
option is enabled (see
-.Xr sshd_config 5 ) .
+.Xr sshd_config 4 ) .
.It Cm RequestTTY
Specifies whether to request a pseudo-tty for the session.
The argument may be one of:
@@ -1339,7 +1339,7 @@ accept these environment variables.
Refer to
.Cm AcceptEnv
in
-.Xr sshd_config 5
+.Xr sshd_config 4
for how to configure the server.
Variables are specified by name, which may contain wildcard characters.
Multiple environment variables may be separated by whitespace or spread
diff -pur old/sshd.8 new/sshd.8
--- old/sshd.8 2015-03-17 06:49:20.000000000 +0100
+++ new/sshd.8 2015-03-28 05:41:50.762749417 +0100
@@ -35,7 +35,7 @@
.\"
.\" $OpenBSD: sshd.8,v 1.278 2014/11/15 14:41:03 bentley Exp $
.Dd $Mdocdate: November 15 2014 $
-.Dt SSHD 8
+.Dt SSHD 1M
.Os
.Sh NAME
.Nm sshd
@@ -77,7 +77,7 @@ and data exchange.
.Nm
can be configured using command-line options or a configuration file
(by default
-.Xr sshd_config 5 ) ;
+.Xr sshd_config 4 ) ;
command-line options override values specified in the
configuration file.
.Nm
@@ -207,7 +207,7 @@ Can be used to give options in the forma
This is useful for specifying options for which there is no separate
command-line flag.
For full details of the options, and their values, see
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.It Fl p Ar port
Specifies the port on which the server listens for connections
(default 22).
@@ -277,7 +277,7 @@ The default is to use protocol 2 only,
though this can be changed via the
.Cm Protocol
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
protocol 1 only supports RSA keys.
For both protocols,
@@ -402,7 +402,7 @@ if it exists, and users are allowed to c
See the
.Cm PermitUserEnvironment
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.It
Changes to user's home directory.
.It
@@ -550,7 +550,7 @@ The command originally supplied by the c
environment variable.
Note that this option applies to shell, command or subsystem execution.
Also note that this command may be superseded by either a
-.Xr sshd_config 5
+.Xr sshd_config 4
.Cm ForceCommand
directive or a command embedded in a certificate.
.It Cm environment="NAME=value"
@@ -571,7 +571,7 @@ Specifies that in addition to public key
name of the remote host or its IP address must be present in the
comma-separated list of patterns.
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.Pp
In addition to the wildcard matching that may be applied to hostnames or
@@ -859,7 +859,7 @@ It should only be writable by root.
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
The file format is described in
-.Xr moduli 5 .
+.Xr moduli 4 .
.Pp
.It Pa /etc/motd
See
@@ -920,7 +920,7 @@ should be world-readable.
Contains configuration data for
.Nm sshd .
The file format and configuration options are described in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
.Pp
.It Pa /etc/ssh/sshrc
Similar to
@@ -955,10 +955,10 @@ The content of this file is not sensitiv
.Xr ssh-keyscan 1 ,
.Xr chroot 2 ,
.Xr login.conf 5 ,
-.Xr moduli 5 ,
-.Xr sshd_config 5 ,
-.Xr inetd 8 ,
-.Xr sftp-server 8
+.Xr moduli 4 ,
+.Xr sshd_config 4 ,
+.Xr inetd 1M ,
+.Xr sftp-server 1M
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
diff -pur old/sshd_config.5 new/sshd_config.5
--- old/sshd_config.5 2015-03-28 05:37:09.175994877 +0100
+++ new/sshd_config.5 2015-03-28 05:42:07.245709990 +0100
@@ -35,7 +35,7 @@
.\"
.\" $OpenBSD: sshd_config.5,v 1.194 2015/02/20 23:46:01 djm Exp $
.Dd $Mdocdate: February 20 2015 $
-.Dt SSHD_CONFIG 5
+.Dt SSHD_CONFIG 4
.Os
.Sh NAME
.Nm sshd_config
@@ -43,7 +43,7 @@
.Sh SYNOPSIS
.Nm /etc/ssh/sshd_config
.Sh DESCRIPTION
-.Xr sshd 8
+.Xr sshd 1M
reads configuration data from
.Pa /etc/ssh/sshd_config
(or the file specified with
@@ -68,7 +68,7 @@ the session's
See
.Cm SendEnv
in
-.Xr ssh_config 5
+.Xr ssh_config 4
for how to configure the client.
Note that environment passing is only supported for protocol 2.
Variables are specified by name, which may contain the wildcard characters
@@ -85,7 +85,7 @@ For this reason, care should be taken in
The default is not to accept any environment variables.
.It Cm AddressFamily
Specifies which address family should be used by
-.Xr sshd 8 .
+.Xr sshd 1M .
Valid arguments are
.Dq any ,
.Dq inet
@@ -118,7 +118,7 @@ and finally
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm AllowTcpForwarding
Specifies whether TCP forwarding is permitted.
@@ -178,7 +178,7 @@ and finally
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm AuthenticationMethods
Specifies the authentication methods that must be successfully completed
@@ -234,7 +234,7 @@ The program must be owned by root and no
It will be invoked with a single argument of the username
being authenticated, and should produce on standard output zero or
more lines of authorized_keys output (see AUTHORIZED_KEYS in
-.Xr sshd 8 ) .
+.Xr sshd 1M ) .
If a key supplied by AuthorizedKeysCommand does not successfully authenticate
and authorize the user then public key authentication continues using the usual
.Cm AuthorizedKeysFile
@@ -257,7 +257,7 @@ for user authentication.
The format is described in the
AUTHORIZED_KEYS FILE FORMAT
section of
-.Xr sshd 8 .
+.Xr sshd 1M .
.Cm AuthorizedKeysFile
may contain tokens of the form %T which are substituted during connection
setup.
@@ -280,7 +280,7 @@ this file lists names, one of which must
to be accepted for authentication.
Names are listed one per line preceded by key options (as described
in AUTHORIZED_KEYS FILE FORMAT in
-.Xr sshd 8 ) .
+.Xr sshd 1M ) .
Empty lines and comments starting with
.Ql #
are ignored.
@@ -310,7 +310,7 @@ and is not consulted for certification a
though the
.Cm principals=
key option offers a similar facility (see
-.Xr sshd 8
+.Xr sshd 1M
for details).
.It Cm Banner
The contents of the specified file are sent to the remote user before
@@ -335,7 +335,7 @@ At session startup
checks that all components of the pathname are root-owned directories
which are not writable by any other user or group.
After the chroot,
-.Xr sshd 8
+.Xr sshd 1M
changes the working directory to the user's home directory.
.Pp
The pathname may contain the following tokens that are expanded at runtime once
@@ -433,7 +433,7 @@ with an argument of
.It Cm ClientAliveCountMax
Sets the number of client alive messages (see below) which may be
sent without
-.Xr sshd 8
+.Xr sshd 1M
receiving any messages back from the client.
If this threshold is reached while client alive messages are being sent,
sshd will disconnect the client, terminating the session.
@@ -460,7 +460,7 @@ This option applies to protocol version
.It Cm ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received
from the client,
-.Xr sshd 8
+.Xr sshd 1M
will send a message through the encrypted
channel to request a response from the client.
The default
@@ -491,7 +491,7 @@ and finally
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm DenyUsers
This keyword can be followed by a list of user name patterns, separated
@@ -510,7 +510,7 @@ and finally
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm FingerprintHash
Specifies the hash algorithm used when logging key fingerprints.
@@ -543,7 +543,7 @@ files when used with
Specifies whether remote hosts are allowed to connect to ports
forwarded for the client.
By default,
-.Xr sshd 8
+.Xr sshd 1M
binds remote port forwardings to the loopback address.
This prevents other remote hosts from connecting to forwarded ports.
.Cm GatewayPorts
@@ -602,7 +602,7 @@ files during
A setting of
.Dq yes
means that
-.Xr sshd 8
+.Xr sshd 1M
uses the name supplied by the client rather than
attempting to resolve the name from the TCP connection itself.
The default is
@@ -613,7 +613,7 @@ The certificate's public key must match
by
.Cm HostKey .
The default behaviour of
-.Xr sshd 8
+.Xr sshd 1M
is not to load any certificates.
.It Cm HostKey
Specifies a file containing a private host key
@@ -628,7 +628,7 @@ and
.Pa /etc/ssh/ssh_host_rsa_key
for protocol version 2.
Note that
-.Xr sshd 8
+.Xr sshd 1M
will refuse to use a file if it is group/world-accessible.
It is possible to have multiple host key files.
.Dq rsa1
@@ -669,7 +669,7 @@ The default is
.Dq yes .
.It Cm IgnoreUserKnownHosts
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should ignore the user's
.Pa ~/.ssh/known_hosts
during
@@ -800,7 +800,7 @@ If the value is 0, the key is never rege
The default is 3600 (seconds).
.It Cm ListenAddress
Specifies the local addresses
-.Xr sshd 8
+.Xr sshd 1M
should listen on.
The following forms may be used:
.Pp
@@ -843,7 +843,7 @@ If the value is 0, there is no time limi
The default is 120 seconds.
.It Cm LogLevel
Gives the verbosity level that is used when logging messages from
-.Xr sshd 8 .
+.Xr sshd 1M .
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
The default is INFO.
@@ -943,7 +943,7 @@ and
The match patterns may consist of single entries or comma-separated
lists and may use the wildcard and negation operators described in the
PATTERNS section of
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
The patterns in an
.Cm Address
@@ -1032,7 +1032,7 @@ Alternatively, random early drop can be
the three colon separated values
.Dq start:rate:full
(e.g. "10:30:60").
-.Xr sshd 8
+.Xr sshd 1M
will refuse connection attempts with a probability of
.Dq rate/100
(30%)
@@ -1149,7 +1149,7 @@ and
options in
.Pa ~/.ssh/authorized_keys
are processed by
-.Xr sshd 8 .
+.Xr sshd 1M .
The default is
.Dq no .
Enabling environment processing may enable users to bypass access
@@ -1168,7 +1168,7 @@ The default is
.Pa /var/run/sshd.pid .
.It Cm Port
Specifies the port number that
-.Xr sshd 8
+.Xr sshd 1M
listens on.
The default is 22.
Multiple options of this type are permitted.
@@ -1176,14 +1176,14 @@ See also
.Cm ListenAddress .
.It Cm PrintLastLog
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should print the date and time of the last user login when a user logs
in interactively.
On Solaris this option is always ignored since pam_unix_session(5)
reports the last login time.
.It Cm PrintMotd
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should print
.Pa /etc/motd
when a user logs in interactively.
@@ -1194,7 +1194,7 @@ The default is
.Dq yes .
.It Cm Protocol
Specifies the protocol versions
-.Xr sshd 8
+.Xr sshd 1M
supports.
The possible values are
.Sq 1
@@ -1305,7 +1305,7 @@ The default is
.Dq no .
.It Cm StrictModes
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should check file modes and ownership of the
user's files and home directory before accepting login.
This is normally desirable because novices sometimes accidentally leave their
@@ -1339,7 +1339,7 @@ By default no subsystems are defined.
Note that this option applies to protocol version 2 only.
.It Cm SyslogFacility
Gives the facility code that is used when logging messages from
-.Xr sshd 8 .
+.Xr sshd 1M .
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
@@ -1380,7 +1380,7 @@ For more details on certificates, see th
.Xr ssh-keygen 1 .
.It Cm UseDNS
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should look up the remote host name and check that
the resolved host name for the remote IP address maps back to the
very same IP address.
@@ -1425,13 +1425,13 @@ or
If
.Cm UsePAM
is enabled, you will not be able to run
-.Xr sshd 8
+.Xr sshd 1M
as a non-root user.
The default is
.Dq no .
.It Cm UsePrivilegeSeparation
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
separates privileges by creating an unprivileged child process
to deal with incoming network traffic.
After successful authentication, another process will be created that has
@@ -1453,7 +1453,7 @@ The default is
.Dq none .
.It Cm X11DisplayOffset
Specifies the first display number available for
-.Xr sshd 8 Ns 's
+.Xr sshd 1M Ns 's
X11 forwarding.
This prevents sshd from interfering with real X11 servers.
The default is 10.
@@ -1468,7 +1468,7 @@ The default is
.Pp
When X11 forwarding is enabled, there may be additional exposure to
the server and to client displays if the
-.Xr sshd 8
+.Xr sshd 1M
proxy display is configured to listen on the wildcard address (see
.Cm X11UseLocalhost
below), though this is not the default.
@@ -1479,7 +1479,7 @@ display server may be exposed to attack
forwarding (see the warnings for
.Cm ForwardX11
in
-.Xr ssh_config 5 ) .
+.Xr ssh_config 4 ) .
A system administrator may have a stance in which they want to
protect clients that may expose themselves to attack by unwittingly
requesting X11 forwarding, which can warrant a
@@ -1493,7 +1493,7 @@ X11 forwarding is automatically disabled
is enabled.
.It Cm X11UseLocalhost
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
should bind the X11 forwarding server to the loopback address or to
the wildcard address.
By default,
@@ -1524,7 +1524,7 @@ The default is
.Pa /usr/X11R6/bin/xauth .
.El
.Sh TIME FORMATS
-.Xr sshd 8
+.Xr sshd 1M
command-line arguments and configuration file options that specify time
may be expressed using a sequence of the form:
.Sm off
@@ -1568,12 +1568,12 @@ Time format examples:
.Bl -tag -width Ds
.It Pa /etc/ssh/sshd_config
Contains configuration data for
-.Xr sshd 8 .
+.Xr sshd 1M .
This file should be writable by root only, but it is recommended
(though not necessary) that it be world-readable.
.El
.Sh SEE ALSO
-.Xr sshd 8 ,
+.Xr sshd 1M ,
.Xr pam_unix_session 5
.Sh AUTHORS
OpenSSH is a derivative of the original and free