summaryrefslogtreecommitdiffstats
path: root/ssh.1 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: mention mux proxy modedjm@openbsd.org2024-07-261-2/+4
| | | | OpenBSD-Commit-ID: fd77a77779f06d316a314e4540dc57c93fc3369a
* upstream: ssl(8) no longer contains a HISTORY section;jmc@openbsd.org2024-06-281-5/+2
| | | | OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245
* upstream: disable the DSA signature algorithm by default; okdjm@openbsd.org2024-06-171-14/+7
| | | | | | | | | markus@ (yes, I know this expands to "the Digitial Signature Algorithm signature algorithm) OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed
* upstream: remove references to SSH1 and DSA server keysnaddy@openbsd.org2024-05-271-4/+2
| | | | OpenBSD-Commit-ID: 57cc1c98d4f998981473734f144b904af7d178a2
* upstream: Clarify how literal IPv6 addresses can be used in -J modejob@openbsd.org2024-03-261-2/+3
| | | | | | OK djm@ OpenBSD-Commit-ID: 524ddae97746b3563ad4a887dfd0a6e6ba114c50
* upstream: ssh -Q does not make sense with other command-line options,djm@openbsd.org2023-10-121-3/+4
| | | | | | so give it its own line in the manpage OpenBSD-Commit-ID: 00a747f0655c12122bbb77c2796be0013c105361
* upstream: man page typos; ok jmc@naddy@openbsd.org2023-07-271-3/+3
| | | | OpenBSD-Commit-ID: e6ddfef94b0eb867ad88abe07cedc8ed581c07f0
* upstream: -P before -p in SYNOPSIS;jmc@openbsd.org2023-07-171-2/+2
| | | | OpenBSD-Commit-ID: 535f5257c779e26c6a662a038d241b017f8cab7c
* upstream: Add support for configuration tags to ssh(1).djm@openbsd.org2023-07-171-2/+13
| | | | | | | | | | | This adds a ssh_config(5) "Tag" directive and corresponding "Match tag" predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. ok markus OpenBSD-Commit-ID: dc08358e70e702b59ac3e591827e5a96141b06a3
* upstream: make `ssh -Q CASignatureAlgorithms` only list signaturedjm@openbsd.org2023-06-211-2/+4
| | | | | | | | algorithms that are valid for CA signing. Previous behaviour was to list all signing algorithms, including certificate algorithms (OpenSSH certificates do not support CA chains). part of bz3577; ok dtucker@ OpenBSD-Commit-ID: 99c2b072dbac0f44fd1f2269e3ff6c1b5d7d3e59
* upstream: New EnableEscapeCommandline ssh_config(5) optiondjm@openbsd.org2022-11-301-2/+3
| | | | | | | | | | This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
* upstream: add a RequiredRSASize for checking RSA key length indjm@openbsd.org2022-09-171-2/+3
| | | | | | | | | | | ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: keywords ref ssh_config.5;jmc@openbsd.org2022-06-031-4/+7
| | | | | | from caspar schutijser OpenBSD-Commit-ID: f146a19d7d5c9374c3b9c520da43b2732d7d1a4e
* upstream: man pages: add missing commas between subordinate andnaddy@openbsd.org2022-04-061-5/+5
| | | | | | | | | | | main clauses jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@ OpenBSD-Commit-ID: 9520801729bebcb3c9fe43ad7f9776ab4dd05ea3
* upstream: remove please from manual pages ok jmc@ sthen@ millert@jsg@openbsd.org2022-02-071-3/+3
| | | | OpenBSD-Commit-ID: 6543acb00f4f38a23472538e1685c013ca1a99aa
* upstream: Since they are deprecated, move DSA to the end of thedtucker@openbsd.org2022-02-071-4/+4
| | | | | | | default list of public keys so that they will be tried last. From github PR#295 from "ProBackup-nl", ok djm@ OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0
* upstream: Document behaviour of arguments following non-interactivedtucker@openbsd.org2021-09-101-4/+9
| | | | | | commands. Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@ OpenBSD-Commit-ID: fc758d1fe0471dfab4304fcad6cd4ecc3d79162a
* upstream: Mention using ssh -i for specifying the public key filedtucker@openbsd.org2021-09-031-2/+6
| | | | | | | in the case where the private key is loaded into ssh-agent but is not present locally. Based on patch from rafork via github PR#215, ok jmc@ OpenBSD-Commit-ID: 2282e83b0ff78d2efbe705883b67240745fa5bb2
* upstream: no need to talk about version 2 with the -Q option, sojmc@openbsd.org2021-08-031-6/+3
| | | | | | | | | rewrite the text to read better; issue reported by debian at helgefjell de ok djm dtucker OpenBSD-Commit-ID: 59fe2e8219c37906740ad062e0fdaea487dbe9cf
* upstream: Add a ForkAfterAuthentication ssh_config(5) counterpartdjm@openbsd.org2021-07-231-1/+7
| | | | | | | to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok dtucker OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
* upstream: Add a StdinNull directive to ssh_config(5) that allowsdjm@openbsd.org2021-07-231-2/+8
| | | | | | | the config file to do the same thing as -n does on the ssh(1) commandline. Patch from Volker Diels-Grabsch via GHPR231; ok dtucker OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
* upstream: add a SessionType directive to ssh_config, allowing thedjm@openbsd.org2021-07-141-2/+13
| | | | | | | | | | configuration file to offer equivalent control to the -N (no session) and -s (subsystem) command-line flags. Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; feedback and ok dtucker@ OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
* Sync remaining ChallengeResponse removal.Darren Tucker2021-07-031-7/+6
| | | | These were omitted from commit 88868fd131.
* upstream: Use better language to refer to the user. From l1vingdtucker@openbsd.org2021-06-251-5/+5
| | | | | | via github PR#250, ok jmc@ OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf
* upstream: ssh: add PermitRemoteOpen for remote dynamic forwardingmarkus@openbsd.org2021-02-171-2/+3
| | | | | | with SOCKS ok djm@, dtucker@ OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c
* upstream: move HostbasedAcceptedAlgorithms to the right place innaddy@openbsd.org2021-01-271-2/+2
| | | | | | alphabetical order OpenBSD-Commit-ID: d766820d33dd874d944c14b0638239adb522c7ec
* upstream: Rename HostbasedKeyTypes (ssh) anddtucker@openbsd.org2021-01-261-3/+3
| | | | | | | | | HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@ OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
* upstream: PubkeyAcceptedKeyTypes->PubkeyAcceptedAlgorithmsdtucker@openbsd.org2021-01-221-3/+3
| | | | | | here too. OpenBSD-Commit-ID: 3b64a640f8ce8c21d9314da9df7ce2420eefde3a
* upstream: add a ssh_config KnownHostsCommand that allows the clientdjm@openbsd.org2020-12-221-2/+3
| | | | | | | | | | | | | to obtain known_hosts data from a command in addition to the usual files. The command accepts bunch of %-expansions, including details of the connection and the offered server host key. Note that the command may be invoked up to three times per connection (see the manpage for details). ok markus@ OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0
* upstream: start sentence with capital letter;jmc@openbsd.org2020-07-171-3/+3
| | | | OpenBSD-Commit-ID: ab06581d51b2b4cc1b4aab781f7f3cfa56cad973
* upstream: allow some additional control over the use of ssh-askpassdjm@openbsd.org2020-07-151-2/+21
| | | | | | via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@ OpenBSD-Commit-ID: 3a1e6cbbf6241ddc4405c4246caa2c249f149eb2
* upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv aredjm@openbsd.org2020-04-171-3/+3
| | | | | | | not considered for HostbasedAuthentication when the target user is root; bz3148 OpenBSD-Commit-ID: fe4c1256929e53f23af17068fbef47852f4bd752
* upstream: document -F none; with jmc@naddy@openbsd.org2020-02-181-2/+5
| | | | OpenBSD-Commit-ID: 0eb93b75473d2267aae9200e02588e57778c84f2
* upstream: Add ssh -Q key-sig for all key and signature types.dtucker@openbsd.org2020-02-071-2/+10
| | | | | | | Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the corresponding query. Man page help jmc@, ok djm@. OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8
* upstream: Replace the term "security key" with "(FIDO)naddy@openbsd.org2019-12-301-6/+6
| | | | | | | | | authenticator". The polysemous use of "key" was too confusing. Input from markus@. ok jmc@ OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
* upstream: tweak the Nd lines for a bit of consistency; ok markusjmc@openbsd.org2019-12-111-3/+3
| | | | OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16
* upstream: improve the text for -A a little; input from naddy andjmc@openbsd.org2019-11-291-3/+7
| | | | | | djm OpenBSD-Commit-ID: f9cdfb1d6dbb9887c4bf3bb25f9c7a94294c988d
* upstream: more missing mentions of ed25519-sk; ok djm@naddy@openbsd.org2019-11-191-3/+10
| | | | OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff
* upstream: directly support U2F/FIDO2 security keys in OpenSSH bydjm@openbsd.org2019-11-141-8/+2
| | | | | | | | linking against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging. OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
* upstream: Fill in missing man page bits for U2F security key support:naddy@openbsd.org2019-11-081-2/+15
| | | | | | | | | | | | | Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@ OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
* upstream: Hostname->HostName cleanup; from lauri tirkkonen okjmc@openbsd.org2019-06-141-3/+3
| | | | | | dtucker OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4
* upstream: benno helped me clean up the tcp forwarding section;jmc@openbsd.org2019-03-261-32/+18
| | | | OpenBSD-Commit-ID: d4bec27edefde636fb632b7f0b7c656b9c7b7f08
* upstream: PKCS#11 support is no longer limited to RSA; ok benno@naddy@openbsd.org2019-03-081-4/+4
| | | | | | kn@ OpenBSD-Commit-ID: 1a9bec64d530aed5f434a960e7515a3e80cbc826
* upstream: Mention that configuration for the destination host isdjm@openbsd.org2019-01-221-2/+7
| | | | | | not applied to any ProxyJump/-J hosts. This has confused a few people... OpenBSD-Commit-ID: 03f4f641df6ca236c1bfc69836a256b873db868b
* upstream: reorder CASignatureAlgorithms, and add them to thejmc@openbsd.org2018-09-211-2/+3
| | | | | | various -o lists; ok djm OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
* upstream: Add "ssh -Q sig" to allow listing supported signaturedjm@openbsd.org2018-09-121-4/+10
| | | | | | algorithms ok markus@ OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b
* upstream: ssh -MM requires confirmation for all operations thatdjm@openbsd.org2018-09-091-3/+6
| | | | | | | | change the multiplexing state, not just new sessions. mention that confirmation is checked via ssh-askpass OpenBSD-Commit-ID: 0f1b45551ebb9cc5c9a4fe54ad3b23ce90f1f5c2
* upstream: Deprecate UsePrivilegedPort now that support for runningdtucker@openbsd.org2018-07-191-3/+2
| | | | | | | | | | | | | ssh(1) setuid has been removed, remove supporting code and clean up references to it in the man pages We have not shipped ssh(1) the setuid bit since 2002. If ayone really needs to make connections from a low port number this can be implemented via a small setuid ProxyCommand. ok markus@ jmc@ djm@ OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
* upstream: sort previous;jmc@openbsd.org2018-06-111-2/+2
| | | | OpenBSD-Commit-ID: 27d80d8b8ca99bc33971dee905e8ffd0053ec411
* upstream: add a SetEnv directive to ssh_config that allows settingdjm@openbsd.org2018-06-091-2/+3
| | | | | | | | | | | environment variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@ OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 06:28:06 +0100