summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-03-09 21:27:49 +1100
committerDamien Miller <djm@mindrot.org>2000-03-09 21:27:49 +1100
commit98c7ad60ec5725d91da9f9f6d26cd9fe477398c0 (patch)
tree104c3e3474be8e308d05e22d79715c833c6cf837 /sshd.8
parent1a07ebd4d8d39c6814bbd84c1aec4ebf2bd005a2 (diff)
downloadopenssh-git-98c7ad60ec5725d91da9f9f6d26cd9fe477398c0.tar.gz
- OpenBSD CVS updates to v1.2.3
[ssh.h atomicio.c] - int atomicio -> ssize_t (for alpha). ok deraadt@ [auth-rsa.c] - delay MD5 computation until client sends response, free() early, cleanup. [cipher.c] - void* -> unsigned char*, ok niels@ [hostfile.c] - remove unused variable 'len'. fix comments. - remove unused variable [log-client.c log-server.c] - rename a cpp symbol, to avoid param.h collision [packet.c] - missing xfree() - getsockname() requires initialized tolen; andy@guildsoftware.com - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; from Holger.Trapp@Informatik.TU-Chemnitz.DE [pty.c pty.h] - register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@ [readconf.c] - turn off x11-fwd for the client, too. [rsa.c] - PKCS#1 padding [scp.c] - allow '.' in usernames; from jedgar@fxp.org [servconf.c] - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de - sync with sshd_config [ssh-keygen.c] - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@ [ssh.1] - Change invalid 'CHAT' loglevel to 'VERBOSE' [ssh.c] - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp - turn off x11-fwd for the client, too. [sshconnect.c] - missing xfree() - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp. - read error vs. "Connection closed by remote host" [sshd.8] - ie. -> i.e., - do not link to a commercial page.. - sync with sshd_config [sshd.c] - no need for poll.h; from bright@wintelcom.net - log with level log() not fatal() if peer behaves badly. - don't panic if client behaves strange. ok deraadt@ - make no-port-forwarding for RSA keys deny both -L and -R style fwding - delay close() of pty until the pty has been chowned back to root - oops, fix comment, too. - missing xfree() - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too. (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907) - register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@ - create x11 cookie file - fix pr 1113, fclose() -> pclose(), todo: remote popen() - version 1.2.3 - Cleaned up
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.837
1 files changed, 18 insertions, 19 deletions
diff --git a/sshd.8 b/sshd.8
index 4ad73bb7..c5497cf9 100644
--- a/sshd.8
+++ b/sshd.8
@@ -9,7 +9,7 @@
.\"
.\" Created: Sat Apr 22 21:55:14 1995 ylo
.\"
-.\" $Id: sshd.8,v 1.12 2000/01/22 08:57:41 damien Exp $
+.\" $Id: sshd.8,v 1.13 2000/03/09 10:27:53 damien Exp $
.\"
.Dd September 25, 1999
.Dt SSHD 8
@@ -258,13 +258,16 @@ Note that
.Nm
does not start if this file is group/world-accessible.
.It Cm IgnoreRhosts
-Specifies that rhosts and shosts files will not be used in
-authentication.
+Specifies that
+.Pa .rhosts
+and
+.Pa .shosts
+files will not be used in authentication.
.Pa /etc/hosts.equiv
and
.Pa /etc/shosts.equiv
are still used. The default is
-.Dq no .
+.Dq yes .
.It Cm IgnoreUserKnownHosts
Specifies whether
.Nm
@@ -352,7 +355,7 @@ The default is
When password authentication is allowed, it specifies whether the
server allows login to accounts with empty password strings. The default
is
-.Dq yes .
+.Dq no .
.It Cm PermitRootLogin
Specifies whether the root can log in using
.Xr ssh 1 .
@@ -403,7 +406,7 @@ The default is
.It Cm RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed. The default is
-.Dq yes .
+.Dq no .
.It Cm RSAAuthentication
Specifies whether pure RSA authentication is allowed. The default is
.Dq yes .
@@ -442,9 +445,10 @@ Specifies the first display number available for
X11 forwarding. This prevents
.Nm
from interfering with real X11 servers.
+The default is 10.
.It Cm X11Forwarding
Specifies whether X11 forwarding is permitted. The default is
-.Dq yes .
+.Dq no .
Note that disabling X11 forwarding does not improve security in any
way, as users can always install their own forwarders.
.El
@@ -762,18 +766,12 @@ This can be used to specify
machine-specific login-time initializations globally. This file
should be writable only by root, and should be world-readable.
.Sh AUTHOR
-Tatu Ylonen <ylo@cs.hut.fi>
-.Pp
-Information about new releases, mailing lists, and other related
-issues can be found from the SSH WWW home page:
-.Pp
-.Dl http://www.cs.hut.fi/ssh.
-.Pp
OpenSSH
-is a derivative of the original (free) ssh 1.2.12 release, but with bugs
-removed and newer features re-added. Rapidly after the 1.2.12 release,
-newer versions bore successively more restrictive licenses. This version
-of OpenSSH
+is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen,
+but with bugs removed and newer features re-added. Rapidly after the
+1.2.12 release, newer versions of the original ssh bore successively
+more restrictive licenses, and thus demand for a free version was born.
+This version of OpenSSH
.Bl -bullet
.It
has all components of a restrictive nature (i.e., patents, see
@@ -782,7 +780,8 @@ directly removed from the source code; any licensed or patented components
are chosen from
external libraries.
.It
-has been updated to support ssh protocol 1.5.
+has been updated to support ssh protocol 1.5, making it compatible with
+all other ssh protocol 1 clients and servers.
.It
contains added support for
.Xr kerberos 8