diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-08-03 04:43:41 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-08-03 06:27:59 +0200 |
| commit | a8732d74cb8e72f0c6366015687f1e649f60be87 (patch) | |
| tree | b2d792042a526741fed21539ec6490629792b1d3 | |
| parent | upstream: clang -Wimplicit-fallthrough does not recognise /* (diff) | |
| download | openssh-a8732d74cb8e72f0c6366015687f1e649f60be87.tar.xz openssh-a8732d74cb8e72f0c6366015687f1e649f60be87.zip | |
upstream: allow -A to explicitly enable agent forwarding in scp and
sftp. The default remains to not forward an agent, even when ssh_config
enables it. ok jmc dtucker markus
OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
| -rw-r--r-- | scp.1 | 11 | ||||
| -rw-r--r-- | scp.c | 11 | ||||
| -rw-r--r-- | sftp.1 | 11 | ||||
| -rw-r--r-- | sftp.c | 11 |
4 files changed, 30 insertions, 14 deletions
@@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.89 2020/04/30 18:28:37 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.90 2020/08/03 02:43:41 djm Exp $ .\" -.Dd $Mdocdate: April 30 2020 $ +.Dd $Mdocdate: August 3 2020 $ .Dt SCP 1 .Os .Sh NAME @@ -18,7 +18,7 @@ .Nd OpenSSH secure file copy .Sh SYNOPSIS .Nm scp -.Op Fl 346BCpqrTv +.Op Fl 346ABCpqrTv .Op Fl c Ar cipher .Op Fl F Ar ssh_config .Op Fl i Ar identity_file @@ -86,6 +86,11 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl A +Allows forwarding of +.Xr ssh-agent 1 +to the remote system. +The default is not to forward an authentication agent. .It Fl B Selects batch mode (prevents asking for passwords or passphrases). .It Fl C @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.211 2020/05/29 21:22:02 millert Exp $ */ +/* $OpenBSD: scp.c,v 1.212 2020/08/03 02:43:41 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -425,7 +425,6 @@ main(int argc, char **argv) args.list = remote_remote_args.list = NULL; addargs(&args, "%s", ssh_program); addargs(&args, "-x"); - addargs(&args, "-oForwardAgent=no"); addargs(&args, "-oPermitLocalCommand=no"); addargs(&args, "-oClearAllForwardings=yes"); addargs(&args, "-oRemoteCommand=none"); @@ -433,7 +432,7 @@ main(int argc, char **argv) fflag = Tflag = tflag = 0; while ((ch = getopt(argc, argv, - "dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) { + "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:")) != -1) { switch (ch) { /* User-visible flags. */ case '1': @@ -442,6 +441,7 @@ main(int argc, char **argv) case '2': /* Ignored */ break; + case 'A': case '4': case '6': case 'C': @@ -523,6 +523,9 @@ main(int argc, char **argv) argc -= optind; argv += optind; + /* Do this last because we want the user to be able to override it */ + addargs(&args, "-oForwardAgent=no"); + if ((pwd = getpwuid(userid = getuid())) == NULL) fatal("unknown user %u", (u_int) userid); @@ -1593,7 +1596,7 @@ void usage(void) { (void) fprintf(stderr, - "usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" + "usage: scp [-346ABCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" " [-S program] source ... target\n"); exit(1); @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.131 2020/04/23 21:28:09 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.132 2020/08/03 02:43:41 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 23 2020 $ +.Dd $Mdocdate: August 3 2020 $ .Dt SFTP 1 .Os .Sh NAME @@ -30,7 +30,7 @@ .Nd OpenSSH secure file transfer .Sh SYNOPSIS .Nm sftp -.Op Fl 46aCfNpqrv +.Op Fl 46AaCfNpqrv .Op Fl B Ar buffer_size .Op Fl b Ar batchfile .Op Fl c Ar cipher @@ -104,6 +104,11 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl A +Allows forwarding of +.Xr ssh-agent 1 +to the remote system. +The default is not to forward an authentication agent. .It Fl a Attempt to continue interrupted transfers rather than overwriting existing partial or complete copies of files. @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.200 2020/04/03 05:53:52 jmc Exp $ */ +/* $OpenBSD: sftp.c,v 1.201 2020/08/03 02:43:41 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -2363,7 +2363,7 @@ usage(void) extern char *__progname; fprintf(stderr, - "usage: %s [-46aCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" + "usage: %s [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" " [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n" " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" " [-R num_requests] [-S program] [-s subsystem | sftp_server]\n" @@ -2401,7 +2401,6 @@ main(int argc, char **argv) args.list = NULL; addargs(&args, "%s", ssh_program); addargs(&args, "-oForwardX11 no"); - addargs(&args, "-oForwardAgent no"); addargs(&args, "-oPermitLocalCommand no"); addargs(&args, "-oClearAllForwardings yes"); @@ -2409,9 +2408,10 @@ main(int argc, char **argv) infile = stdin; while ((ch = getopt(argc, argv, - "1246afhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) { + "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) { switch (ch) { /* Passed through to ssh(1) */ + case 'A': case '4': case '6': case 'C': @@ -2511,6 +2511,9 @@ main(int argc, char **argv) } } + /* Do this last because we want the user to be able to override it */ + addargs(&args, "-oForwardAgent no"); + if (!isatty(STDERR_FILENO)) showprogress = 0; |