summaryrefslogtreecommitdiff
path: root/ssh.1
Commit message (Collapse)AuthorAgeFilesLines
* upstream: reorder CASignatureAlgorithms, and add them to thejmc@openbsd.org2018-09-211-2/+3
| | | | | | various -o lists; ok djm OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
* upstream: Add "ssh -Q sig" to allow listing supported signaturedjm@openbsd.org2018-09-121-4/+10
| | | | | | algorithms ok markus@ OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b
* upstream: ssh -MM requires confirmation for all operations thatdjm@openbsd.org2018-09-091-3/+6
| | | | | | | | change the multiplexing state, not just new sessions. mention that confirmation is checked via ssh-askpass OpenBSD-Commit-ID: 0f1b45551ebb9cc5c9a4fe54ad3b23ce90f1f5c2
* upstream: Deprecate UsePrivilegedPort now that support for runningdtucker@openbsd.org2018-07-191-3/+2
| | | | | | | | | | | | | ssh(1) setuid has been removed, remove supporting code and clean up references to it in the man pages We have not shipped ssh(1) the setuid bit since 2002. If ayone really needs to make connections from a low port number this can be implemented via a small setuid ProxyCommand. ok markus@ jmc@ djm@ OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
* upstream: sort previous;jmc@openbsd.org2018-06-111-2/+2
| | | | OpenBSD-Commit-ID: 27d80d8b8ca99bc33971dee905e8ffd0053ec411
* upstream: add a SetEnv directive to ssh_config that allows settingdjm@openbsd.org2018-06-091-2/+3
| | | | | | | | | | | environment variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@ OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
* upstream: Emphasise that -w implicitly sets Tunnel=point-to-pointdjm@openbsd.org2018-05-221-3/+8
| | | | | | | and that users should specify an explicit Tunnel directive if they don't want this. bz#2365. OpenBSD-Commit-ID: 1a8d9c67ae213ead180481900dbbb3e04864560d
* upstream: ssh does not accept -oInclude=... on the commandline, thedjm@openbsd.org2018-04-061-3/+2
| | | | | | | Include keyword is for configuration files only. bz#2840, patch from Jakub Jelen OpenBSD-Commit-ID: 32d052b4a7a7f22df35fe3f71c368c02b02cacb0
* upstream: some cleanup for BindInterface and ssh-keyscan;jmc@openbsd.org2018-02-261-3/+3
| | | | OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c
* upstream: Add BindInterface ssh_config directive and -Bdjm@openbsd.org2018-02-231-2/+9
| | | | | | | | | | | | | command-line argument to ssh(1) that directs it to bind its outgoing connection to the address of the specified network interface. BindInterface prefers to use addresses that aren't loopback or link- local, but will fall back to those if no other addresses of the required family are available on that interface. Based on patch by Mike Manning in bz#2820, ok dtucker@ OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713
* upstream commitdjm@openbsd.org@openbsd.org2017-11-031-3/+3
| | | | | | | Private keys in PEM format have been encrypted by AES-128 for a while (not 3DES). bz#2788 reported by Calum Mackay OpenBSD-Commit-ID: bd33da7acbbb3c882f0a0ee56007a35ce0d8a11a
* upstream commitjmc@openbsd.org@openbsd.org2017-10-311-15/+10
| | | | | | | | | tweak the uri text, specifically removing some markup to make it a bit more readable; issue reported by - and diff ok - millert OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f
* upstream commitdjm@openbsd.org2017-10-231-2/+7
| | | | | | | | | | | | | | | Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
* upstream commitmillert@openbsd.org2017-10-231-17/+19
| | | | | | | | | | Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@ Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
* upstream commitdjm@openbsd.org2017-10-201-2/+8
| | | | | | | mention SSH_USER_AUTH in the list of environment variables Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691
* upstream commitmarkus@openbsd.org2017-09-221-6/+15
| | | | | | | | | | | | | | | | | Add 'reverse' dynamic forwarding which combines dynamic forwarding (-D) with remote forwarding (-R) where the remote-forwarded port expects SOCKS-requests. The SSH server code is unchanged and the parsing happens at the SSH clients side. Thus the full SOCKS-request is sent over the forwarded channel and the client parses c->output. Parsing happens in channel_before_prepare_select(), _before_ the select bitmask is computed in the pre[] handlers, but after network input processing in the post[] handlers. help and ok djm@ Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
* upstream commitdjm@openbsd.org2017-06-101-2/+13
| | | | | | | | in description of public key authentication, mention that the server will send debug messages to the client for some error conditions after authentication has completed. bz#2709 ok dtucker Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd
* upstream commitbluhm@openbsd.org2017-05-311-2/+3
| | | | | | | | | Add RemoteCommand option to specify a command in the ssh config file instead of giving it on the client's command line. This command will be executed on the remote host. The feature allows to automate tasks using ssh config. OK markus@ Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
* upstream commitnaddy@openbsd.org2017-05-081-4/+3
| | | | | | remove superfluous protocol 2 mentions; ok jmc@ Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
* upstream commitnaddy@openbsd.org2017-05-081-1/+2
| | | | | | | restore mistakenly deleted description of the ConnectionAttempts option ok markus@ Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348
* upstream commitjmc@openbsd.org2017-05-081-4/+2
| | | | | | more protocol 1 stuff to go; ok djm Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
* upstream commitjmc@openbsd.org2017-05-081-4/+2
| | | | | | | remove now obsolete protocol1 options from the -o lists; Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd
* upstream commitdjm@openbsd.org2017-05-011-52/+5
| | | | | | | | remove SSHv1 configuration options and man pages bits ok markus@ Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424
* upstream commitjmc@openbsd.org2016-07-171-9/+9
| | | | | | | | | - add proxyjump to the options list - formatting fixes - update usage() ok djm Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457
* upstream commitdjm@openbsd.org2016-07-151-2/+22
| | | | | | | | | | | | | | | | | Add a ProxyJump ssh_config(5) option and corresponding -J ssh(1) command-line flag to allow simplified indirection through a SSH bastion or "jump host". These options construct a proxy command that connects to the specified jump host(s) (more than one may be specified) and uses port-forwarding to establish a connection to the next destination. This codifies the safest way of indirecting connections through SSH servers and makes it easy to use. ok markus@ Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
* upstream commitjmc@openbsd.org2016-07-081-3/+3
| | | | | | sort the -o list; Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac
* upstream commitjmc@openbsd.org2016-06-081-3/+3
| | | | | | tweak previous; Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698
* upstream commitdtucker@openbsd.org2016-06-081-3/+6
| | | | | | | | Allow ExitOnForwardFailure and ClearAllForwardings to be overridden when using ssh -W (but still default to yes in that case). bz#2577, ok djm@. Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
* upstream commitmarkus@openbsd.org2016-05-051-2/+3
| | | | | | | IdentityAgent for specifying specific agent sockets; ok djm@ Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
* upstream commitdjm@openbsd.org2016-04-151-2/+3
| | | | | | Include directive for ssh_config(5); feedback & ok markus@ Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
* upstream commitjmc@openbsd.org2016-02-181-42/+24
| | | | | | | | | | since these pages now clearly tell folks to avoid v1, normalise the docs from a v2 perspective (i.e. stop pointing out which bits are v2 only); ok/tweaks djm ok markus Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
* upstream commitjmc@openbsd.org2016-02-171-2/+1
| | | | | | no need to state that protocol 2 is the default twice; Upstream-ID: b1e4c36b0c2e12e338e5b66e2978f2ac953b95eb
* upstream commitdjm@openbsd.org2016-02-171-11/+5
| | | | | | | | | | | Replace list of ciphers and MACs adjacent to -1/-2 flag descriptions in ssh(1) with a strong recommendation not to use protocol 1. Add a similar warning to the Protocol option descriptions in ssh_config(5) and sshd_config(5); prompted by and ok mmcc@ Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e
* upstream commitjcs@openbsd.org2015-11-161-2/+7
| | | | | | | | | | | | | Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@ Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
* upstream commitmmcc@openbsd.org2015-11-091-5/+4
| | | | | | | | | 1. rlogin and rsh are long gone 2. protocol version isn't of core relevance here, and v1 is going away ok markus@, deraadt@ Upstream-ID: 8b46bc94cf1ca7c8c1a75b1c958b2bb38d7579c8
* upstream commitjmc@openbsd.org2015-10-061-3/+3
| | | | | | some certificatefile tweaks; ok djm Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0
* upstream commitdjm@openbsd.org2015-10-061-2/+6
| | | | | | | add ssh_config CertificateFile option to explicitly list a certificate; patch from Meghana Bhat on bz#2436; ok markus@ Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
* upstream commitdjm@openbsd.org2015-09-161-5/+9
| | | | | | | mention -Q key-plain and -Q key-cert; bz#2455 pointed out by Jakub Jelen Upstream-ID: c8f1f8169332e4fa73ac96b0043e3b84e01d4896
* upstream commitmillert@openbsd.org2015-07-211-2/+2
| | | | | | | Move .Pp before .Bl, not after to quiet mandoc -Tlint. Noticed by jmc@ Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23
* upstream commitmillert@openbsd.org2015-07-211-21/+107
| | | | | | | Better desciption of Unix domain socket forwarding. bz#2423; ok jmc@ Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d
* upstream commitmarkus@openbsd.org2015-07-151-2/+3
| | | | | | | | Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@ Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
* upstream commitdjm@openbsd.org2015-05-221-2/+7
| | | | | | | mention ssh-keygen -E for comparing legacy MD5 fingerprints; bz#2332 Upstream-ID: 079a3669549041dbf10dbc072d9563f0dc3b2859
* upstream commitdtucker@openbsd.org2015-05-081-8/+19
| | | | | Clarify pseudo-terminal request behaviour and use "pseudo-terminal" consistently. bz#1716, ok jmc@ "I like it" deraadt@.
* upstream commitdjm@openbsd.org2015-03-041-5/+7
| | | | | | Allow "ssh -Q protocol-version" to list supported SSH protocol versions. Useful for detecting builds without SSH v.1 support; idea and ok markus@
* upstream commitdjm@openbsd.org2015-01-301-2/+3
| | | | | | | | | | Add a ssh_config HostbasedKeyType option to control which host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
* upstream commitdjm@openbsd.org2015-01-271-2/+3
| | | | | correct description of UpdateHostKeys in ssh_config.5 and add it to -o lists for ssh, scp and sftp; pointed out by jmc@
* upstream commitjmc@openbsd.org2015-01-091-2/+3
| | | | add fingerprinthash to the options list;
* upstream commitdjm@openbsd.org2014-12-221-3/+3
| | | | | | | | Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* upstream commitjmc@openbsd.org2014-10-201-3/+3
| | | | tweak previous;
* upstream commitdjm@openbsd.org2014-10-131-3/+11
| | | | | | | | | | | | | | | | | | Tweak config reparsing with host canonicalisation Make the second pass through the config files always run when hostname canonicalisation is enabled. Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T" Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored). bz#2267 bz#2286; ok markus
View Lorry Controller Status