diff options
author | Damien Miller <djm@mindrot.org> | 2000-03-09 21:27:49 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-03-09 21:27:49 +1100 |
commit | 98c7ad60ec5725d91da9f9f6d26cd9fe477398c0 (patch) | |
tree | 104c3e3474be8e308d05e22d79715c833c6cf837 /sshd.8 | |
parent | 1a07ebd4d8d39c6814bbd84c1aec4ebf2bd005a2 (diff) | |
download | openssh-git-98c7ad60ec5725d91da9f9f6d26cd9fe477398c0.tar.gz |
- OpenBSD CVS updates to v1.2.3
[ssh.h atomicio.c]
- int atomicio -> ssize_t (for alpha). ok deraadt@
[auth-rsa.c]
- delay MD5 computation until client sends response, free() early, cleanup.
[cipher.c]
- void* -> unsigned char*, ok niels@
[hostfile.c]
- remove unused variable 'len'. fix comments.
- remove unused variable
[log-client.c log-server.c]
- rename a cpp symbol, to avoid param.h collision
[packet.c]
- missing xfree()
- getsockname() requires initialized tolen; andy@guildsoftware.com
- use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
from Holger.Trapp@Informatik.TU-Chemnitz.DE
[pty.c pty.h]
- register cleanup for pty earlier. move code for pty-owner handling to
pty.c ok provos@, dugsong@
[readconf.c]
- turn off x11-fwd for the client, too.
[rsa.c]
- PKCS#1 padding
[scp.c]
- allow '.' in usernames; from jedgar@fxp.org
[servconf.c]
- typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
- sync with sshd_config
[ssh-keygen.c]
- enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
[ssh.1]
- Change invalid 'CHAT' loglevel to 'VERBOSE'
[ssh.c]
- suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
- turn off x11-fwd for the client, too.
[sshconnect.c]
- missing xfree()
- retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
- read error vs. "Connection closed by remote host"
[sshd.8]
- ie. -> i.e.,
- do not link to a commercial page..
- sync with sshd_config
[sshd.c]
- no need for poll.h; from bright@wintelcom.net
- log with level log() not fatal() if peer behaves badly.
- don't panic if client behaves strange. ok deraadt@
- make no-port-forwarding for RSA keys deny both -L and -R style fwding
- delay close() of pty until the pty has been chowned back to root
- oops, fix comment, too.
- missing xfree()
- move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
(http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
- register cleanup for pty earlier. move code for pty-owner handling to
pty.c ok provos@, dugsong@
- create x11 cookie file
- fix pr 1113, fclose() -> pclose(), todo: remote popen()
- version 1.2.3
- Cleaned up
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 37 |
1 files changed, 18 insertions, 19 deletions
@@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.12 2000/01/22 08:57:41 damien Exp $ +.\" $Id: sshd.8,v 1.13 2000/03/09 10:27:53 damien Exp $ .\" .Dd September 25, 1999 .Dt SSHD 8 @@ -258,13 +258,16 @@ Note that .Nm does not start if this file is group/world-accessible. .It Cm IgnoreRhosts -Specifies that rhosts and shosts files will not be used in -authentication. +Specifies that +.Pa .rhosts +and +.Pa .shosts +files will not be used in authentication. .Pa /etc/hosts.equiv and .Pa /etc/shosts.equiv are still used. The default is -.Dq no . +.Dq yes . .It Cm IgnoreUserKnownHosts Specifies whether .Nm @@ -352,7 +355,7 @@ The default is When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. The default is -.Dq yes . +.Dq no . .It Cm PermitRootLogin Specifies whether the root can log in using .Xr ssh 1 . @@ -403,7 +406,7 @@ The default is .It Cm RhostsRSAAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful RSA host authentication is allowed. The default is -.Dq yes . +.Dq no . .It Cm RSAAuthentication Specifies whether pure RSA authentication is allowed. The default is .Dq yes . @@ -442,9 +445,10 @@ Specifies the first display number available for X11 forwarding. This prevents .Nm from interfering with real X11 servers. +The default is 10. .It Cm X11Forwarding Specifies whether X11 forwarding is permitted. The default is -.Dq yes . +.Dq no . Note that disabling X11 forwarding does not improve security in any way, as users can always install their own forwarders. .El @@ -762,18 +766,12 @@ This can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. .Sh AUTHOR -Tatu Ylonen <ylo@cs.hut.fi> -.Pp -Information about new releases, mailing lists, and other related -issues can be found from the SSH WWW home page: -.Pp -.Dl http://www.cs.hut.fi/ssh. -.Pp OpenSSH -is a derivative of the original (free) ssh 1.2.12 release, but with bugs -removed and newer features re-added. Rapidly after the 1.2.12 release, -newer versions bore successively more restrictive licenses. This version -of OpenSSH +is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, +but with bugs removed and newer features re-added. Rapidly after the +1.2.12 release, newer versions of the original ssh bore successively +more restrictive licenses, and thus demand for a free version was born. +This version of OpenSSH .Bl -bullet .It has all components of a restrictive nature (i.e., patents, see @@ -782,7 +780,8 @@ directly removed from the source code; any licensed or patented components are chosen from external libraries. .It -has been updated to support ssh protocol 1.5. +has been updated to support ssh protocol 1.5, making it compatible with +all other ssh protocol 1 clients and servers. .It contains added support for .Xr kerberos 8 |