summaryrefslogtreecommitdiff
path: root/ssh.1
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Document behaviour of arguments following non-interactivedtucker@openbsd.org2021-09-101-4/+9
| | | | | | commands. Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@ OpenBSD-Commit-ID: fc758d1fe0471dfab4304fcad6cd4ecc3d79162a
* upstream: Mention using ssh -i for specifying the public key filedtucker@openbsd.org2021-09-031-2/+6
| | | | | | | in the case where the private key is loaded into ssh-agent but is not present locally. Based on patch from rafork via github PR#215, ok jmc@ OpenBSD-Commit-ID: 2282e83b0ff78d2efbe705883b67240745fa5bb2
* upstream: no need to talk about version 2 with the -Q option, sojmc@openbsd.org2021-08-031-6/+3
| | | | | | | | | rewrite the text to read better; issue reported by debian at helgefjell de ok djm dtucker OpenBSD-Commit-ID: 59fe2e8219c37906740ad062e0fdaea487dbe9cf
* upstream: Add a ForkAfterAuthentication ssh_config(5) counterpartdjm@openbsd.org2021-07-231-1/+7
| | | | | | | to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok dtucker OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
* upstream: Add a StdinNull directive to ssh_config(5) that allowsdjm@openbsd.org2021-07-231-2/+8
| | | | | | | the config file to do the same thing as -n does on the ssh(1) commandline. Patch from Volker Diels-Grabsch via GHPR231; ok dtucker OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
* upstream: add a SessionType directive to ssh_config, allowing thedjm@openbsd.org2021-07-141-2/+13
| | | | | | | | | | configuration file to offer equivalent control to the -N (no session) and -s (subsystem) command-line flags. Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; feedback and ok dtucker@ OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
* Sync remaining ChallengeResponse removal.Darren Tucker2021-07-031-7/+6
| | | | These were omitted from commit 88868fd131.
* upstream: Use better language to refer to the user. From l1vingdtucker@openbsd.org2021-06-251-5/+5
| | | | | | via github PR#250, ok jmc@ OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf
* upstream: ssh: add PermitRemoteOpen for remote dynamic forwardingmarkus@openbsd.org2021-02-171-2/+3
| | | | | | with SOCKS ok djm@, dtucker@ OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c
* upstream: move HostbasedAcceptedAlgorithms to the right place innaddy@openbsd.org2021-01-271-2/+2
| | | | | | alphabetical order OpenBSD-Commit-ID: d766820d33dd874d944c14b0638239adb522c7ec
* upstream: Rename HostbasedKeyTypes (ssh) anddtucker@openbsd.org2021-01-261-3/+3
| | | | | | | | | HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@ OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
* upstream: PubkeyAcceptedKeyTypes->PubkeyAcceptedAlgorithmsdtucker@openbsd.org2021-01-221-3/+3
| | | | | | here too. OpenBSD-Commit-ID: 3b64a640f8ce8c21d9314da9df7ce2420eefde3a
* upstream: add a ssh_config KnownHostsCommand that allows the clientdjm@openbsd.org2020-12-221-2/+3
| | | | | | | | | | | | | to obtain known_hosts data from a command in addition to the usual files. The command accepts bunch of %-expansions, including details of the connection and the offered server host key. Note that the command may be invoked up to three times per connection (see the manpage for details). ok markus@ OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0
* upstream: start sentence with capital letter;jmc@openbsd.org2020-07-171-3/+3
| | | | OpenBSD-Commit-ID: ab06581d51b2b4cc1b4aab781f7f3cfa56cad973
* upstream: allow some additional control over the use of ssh-askpassdjm@openbsd.org2020-07-151-2/+21
| | | | | | via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@ OpenBSD-Commit-ID: 3a1e6cbbf6241ddc4405c4246caa2c249f149eb2
* upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv aredjm@openbsd.org2020-04-171-3/+3
| | | | | | | not considered for HostbasedAuthentication when the target user is root; bz3148 OpenBSD-Commit-ID: fe4c1256929e53f23af17068fbef47852f4bd752
* upstream: document -F none; with jmc@naddy@openbsd.org2020-02-181-2/+5
| | | | OpenBSD-Commit-ID: 0eb93b75473d2267aae9200e02588e57778c84f2
* upstream: Add ssh -Q key-sig for all key and signature types.dtucker@openbsd.org2020-02-071-2/+10
| | | | | | | Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the corresponding query. Man page help jmc@, ok djm@. OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8
* upstream: Replace the term "security key" with "(FIDO)naddy@openbsd.org2019-12-301-6/+6
| | | | | | | | | authenticator". The polysemous use of "key" was too confusing. Input from markus@. ok jmc@ OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
* upstream: tweak the Nd lines for a bit of consistency; ok markusjmc@openbsd.org2019-12-111-3/+3
| | | | OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16
* upstream: improve the text for -A a little; input from naddy andjmc@openbsd.org2019-11-291-3/+7
| | | | | | djm OpenBSD-Commit-ID: f9cdfb1d6dbb9887c4bf3bb25f9c7a94294c988d
* upstream: more missing mentions of ed25519-sk; ok djm@naddy@openbsd.org2019-11-201-3/+10
| | | | OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff
* upstream: directly support U2F/FIDO2 security keys in OpenSSH bydjm@openbsd.org2019-11-151-8/+2
| | | | | | | | linking against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging. OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
* upstream: Fill in missing man page bits for U2F security key support:naddy@openbsd.org2019-11-081-2/+15
| | | | | | | | | | | | | Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@ OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
* upstream: Hostname->HostName cleanup; from lauri tirkkonen okjmc@openbsd.org2019-06-141-3/+3
| | | | | | dtucker OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4
* upstream: benno helped me clean up the tcp forwarding section;jmc@openbsd.org2019-03-261-32/+18
| | | | OpenBSD-Commit-ID: d4bec27edefde636fb632b7f0b7c656b9c7b7f08
* upstream: PKCS#11 support is no longer limited to RSA; ok benno@naddy@openbsd.org2019-03-081-4/+4
| | | | | | kn@ OpenBSD-Commit-ID: 1a9bec64d530aed5f434a960e7515a3e80cbc826
* upstream: Mention that configuration for the destination host isdjm@openbsd.org2019-01-221-2/+7
| | | | | | not applied to any ProxyJump/-J hosts. This has confused a few people... OpenBSD-Commit-ID: 03f4f641df6ca236c1bfc69836a256b873db868b
* upstream: reorder CASignatureAlgorithms, and add them to thejmc@openbsd.org2018-09-211-2/+3
| | | | | | various -o lists; ok djm OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
* upstream: Add "ssh -Q sig" to allow listing supported signaturedjm@openbsd.org2018-09-121-4/+10
| | | | | | algorithms ok markus@ OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b
* upstream: ssh -MM requires confirmation for all operations thatdjm@openbsd.org2018-09-091-3/+6
| | | | | | | | change the multiplexing state, not just new sessions. mention that confirmation is checked via ssh-askpass OpenBSD-Commit-ID: 0f1b45551ebb9cc5c9a4fe54ad3b23ce90f1f5c2
* upstream: Deprecate UsePrivilegedPort now that support for runningdtucker@openbsd.org2018-07-191-3/+2
| | | | | | | | | | | | | ssh(1) setuid has been removed, remove supporting code and clean up references to it in the man pages We have not shipped ssh(1) the setuid bit since 2002. If ayone really needs to make connections from a low port number this can be implemented via a small setuid ProxyCommand. ok markus@ jmc@ djm@ OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
* upstream: sort previous;jmc@openbsd.org2018-06-111-2/+2
| | | | OpenBSD-Commit-ID: 27d80d8b8ca99bc33971dee905e8ffd0053ec411
* upstream: add a SetEnv directive to ssh_config that allows settingdjm@openbsd.org2018-06-091-2/+3
| | | | | | | | | | | environment variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@ OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
* upstream: Emphasise that -w implicitly sets Tunnel=point-to-pointdjm@openbsd.org2018-05-221-3/+8
| | | | | | | and that users should specify an explicit Tunnel directive if they don't want this. bz#2365. OpenBSD-Commit-ID: 1a8d9c67ae213ead180481900dbbb3e04864560d
* upstream: ssh does not accept -oInclude=... on the commandline, thedjm@openbsd.org2018-04-061-3/+2
| | | | | | | Include keyword is for configuration files only. bz#2840, patch from Jakub Jelen OpenBSD-Commit-ID: 32d052b4a7a7f22df35fe3f71c368c02b02cacb0
* upstream: some cleanup for BindInterface and ssh-keyscan;jmc@openbsd.org2018-02-261-3/+3
| | | | OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c
* upstream: Add BindInterface ssh_config directive and -Bdjm@openbsd.org2018-02-231-2/+9
| | | | | | | | | | | | | command-line argument to ssh(1) that directs it to bind its outgoing connection to the address of the specified network interface. BindInterface prefers to use addresses that aren't loopback or link- local, but will fall back to those if no other addresses of the required family are available on that interface. Based on patch by Mike Manning in bz#2820, ok dtucker@ OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713
* upstream commitdjm@openbsd.org@openbsd.org2017-11-031-3/+3
| | | | | | | Private keys in PEM format have been encrypted by AES-128 for a while (not 3DES). bz#2788 reported by Calum Mackay OpenBSD-Commit-ID: bd33da7acbbb3c882f0a0ee56007a35ce0d8a11a
* upstream commitjmc@openbsd.org@openbsd.org2017-10-311-15/+10
| | | | | | | | | tweak the uri text, specifically removing some markup to make it a bit more readable; issue reported by - and diff ok - millert OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f
* upstream commitdjm@openbsd.org2017-10-231-2/+7
| | | | | | | | | | | | | | | Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
* upstream commitmillert@openbsd.org2017-10-231-17/+19
| | | | | | | | | | Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@ Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
* upstream commitdjm@openbsd.org2017-10-201-2/+8
| | | | | | | mention SSH_USER_AUTH in the list of environment variables Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691
* upstream commitmarkus@openbsd.org2017-09-221-6/+15
| | | | | | | | | | | | | | | | | Add 'reverse' dynamic forwarding which combines dynamic forwarding (-D) with remote forwarding (-R) where the remote-forwarded port expects SOCKS-requests. The SSH server code is unchanged and the parsing happens at the SSH clients side. Thus the full SOCKS-request is sent over the forwarded channel and the client parses c->output. Parsing happens in channel_before_prepare_select(), _before_ the select bitmask is computed in the pre[] handlers, but after network input processing in the post[] handlers. help and ok djm@ Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
* upstream commitdjm@openbsd.org2017-06-101-2/+13
| | | | | | | | in description of public key authentication, mention that the server will send debug messages to the client for some error conditions after authentication has completed. bz#2709 ok dtucker Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd
* upstream commitbluhm@openbsd.org2017-05-311-2/+3
| | | | | | | | | Add RemoteCommand option to specify a command in the ssh config file instead of giving it on the client's command line. This command will be executed on the remote host. The feature allows to automate tasks using ssh config. OK markus@ Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
* upstream commitnaddy@openbsd.org2017-05-081-4/+3
| | | | | | remove superfluous protocol 2 mentions; ok jmc@ Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
* upstream commitnaddy@openbsd.org2017-05-081-1/+2
| | | | | | | restore mistakenly deleted description of the ConnectionAttempts option ok markus@ Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348
* upstream commitjmc@openbsd.org2017-05-081-4/+2
| | | | | | more protocol 1 stuff to go; ok djm Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
* upstream commitjmc@openbsd.org2017-05-081-4/+2
| | | | | | | remove now obsolete protocol1 options from the -o lists; Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd
View Lorry Controller Status