+20000509
+ - OpenBSD CVS update
+ - markus@cvs.openbsd.org
+ [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
+ [ssh.h sshconnect1.c sshconnect2.c sshd.8]
+ - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
+ - hugh@cvs.openbsd.org
+ [ssh.1]
+ - zap typo
+ [ssh-keygen.1]
+ - One last nit fix. (markus approved)
+ [sshd.8]
+ - some markus certified spelling adjustments
+ - markus@cvs.openbsd.org
+ [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
+ [sshconnect2.c ]
+ - bug compat w/ ssh-2.0.13 x11, split out bugs
+ [nchan.c]
+ - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
+ [ssh-keygen.c]
+ - handle escapes in real and original key format, ok millert@
+ [version.h]
+ - OpenSSH-2.1
+
+
20000508
- Makefile and RPM spec fixes
- Generate DSA host keys during "make key" or RPM installs
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.7 2000/05/06 17:45:36 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.8 2000/05/08 17:42:24 markus Exp $");
#include <openssl/dsa.h>
#include <openssl/rsa.h>
debug("pubkey auth disabled");
return 0;
}
+ if (datafellows & SSH_BUG_PUBKEYAUTH) {
+ log("bug compatibility with ssh-2.0.13 pubkey not implemented");
+ return 0;
+ }
have_sig = packet_get_char();
pkalg = packet_get_string(&alen);
if (strcmp(pkalg, KEX_DSS) != 0) {
*/
#include "includes.h"
-RCSID("$Id: channels.c,v 1.29 2000/05/07 02:03:15 damien Exp $");
+RCSID("$Id: channels.c,v 1.30 2000/05/09 01:02:59 damien Exp $");
#include "ssh.h"
#include "packet.h"
int ret = x11_open_helper(c);
if (ret == 1) {
c->type = SSH_CHANNEL_OPEN;
- channel_pre_open_15(c, readset, writeset);
+ if (compat20)
+ channel_pre_open_20(c, readset, writeset);
+ else
+ channel_pre_open_15(c, readset, writeset);
} else if (ret == -1) {
debug("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate);
chan_read_failed(c); /** force close? */
packet_put_int(c->local_maxpacket);
/* originator host and port */
packet_put_cstring(remote_hostname);
- packet_put_int(remote_port);
+ if (datafellows & SSH_BUG_X11FWD) {
+ debug("ssh2 x11 bug compat mode");
+ } else {
+ packet_put_int(remote_port);
+ }
packet_send();
} else {
packet_start(SSH_SMSG_X11_OPEN);
*
*/
-/* RCSID("$Id: cipher.h,v 1.12 2000/04/16 02:31:50 damien Exp $"); */
+/* RCSID("$Id: cipher.h,v 1.13 2000/05/09 01:03:00 damien Exp $"); */
#ifndef CIPHER_H
#define CIPHER_H
/* Cipher types. New types can be added, but old types should not be removed
for compatibility. The maximum allowed value is 31. */
+#define SSH_CIPHER_ILLEGAL -2 /* No valid cipher selected. */
#define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */
#define SSH_CIPHER_NONE 0 /* no encryption */
#define SSH_CIPHER_IDEA 1 /* IDEA CFB */
*/
#include "includes.h"
-RCSID("$Id: clientloop.c,v 1.15 2000/05/08 03:44:53 damien Exp $");
+RCSID("$Id: clientloop.c,v 1.16 2000/05/09 01:03:00 damien Exp $");
#include "xmalloc.h"
#include "ssh.h"
char *originator;
int originator_port;
originator = packet_get_string(NULL);
- if (packet_remaining() > 0) {
- originator_port = packet_get_int();
- } else {
+ if (datafellows & SSH_BUG_X11FWD) {
debug("buggy server: x11 request w/o originator_port");
originator_port = 0;
+ } else {
+ originator_port = packet_get_int();
}
packet_done();
/* XXX check permission */
*/
#include "includes.h"
-RCSID("$Id: compat.c,v 1.9 2000/04/29 13:57:10 damien Exp $");
+RCSID("$Id: compat.c,v 1.10 2000/05/09 01:03:00 damien Exp $");
#include "ssh.h"
#include "packet.h"
{
int i;
size_t len;
- static const char *check[] = {
- "2.0.1",
- "2.1.0",
- NULL
+ struct {
+ char *version;
+ int bugs;
+ } check[] = {
+ {"2.1.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC},
+ {"2.0.1", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD},
+ {NULL, 0}
};
- for (i = 0; check[i]; i++) {
- len = strlen(check[i]);
+ for (i = 0; check[i].version; i++) {
+ len = strlen(check[i].version);
if (strlen(version) >= len &&
- (strncmp(version, check[i], len) == 0)) {
+ (strncmp(version, check[i].version, len) == 0)) {
verbose("datafellows: %.200s", version);
- datafellows = 1;
+ datafellows = check[i].bugs;
return;
}
}
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$Id: compat.h,v 1.5 2000/04/12 10:17:39 damien Exp $"); */
+/* RCSID("$Id: compat.h,v 1.6 2000/05/09 01:03:00 damien Exp $"); */
#ifndef COMPAT_H
#define COMPAT_H
#define SSH_PROTO_1_PREFERRED 0x02
#define SSH_PROTO_2 0x04
+#define SSH_BUG_SIGBLOB 0x01
+#define SSH_BUG_PUBKEYAUTH 0x02
+#define SSH_BUG_HMAC 0x04
+#define SSH_BUG_X11FWD 0x08
+
void enable_compat13(void);
void enable_compat20(void);
void compat_datafellows(const char *s);
# Version of OpenSSH
-%define oversion 2.0.0beta2
+%define oversion 2.1.0beta1
# Version of ssh-askpass
%define aversion 1.0
Summary: OpenSSH, a free Secure Shell (SSH) implementation
Name: openssh
-Version: 2.0.0beta2
+Version: 2.1.0beta1
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
*/
#include "includes.h"
-RCSID("$Id: dsa.c,v 1.6 2000/05/04 22:37:59 markus Exp $");
+RCSID("$Id: dsa.c,v 1.7 2000/05/08 17:42:24 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
DSA_SIG_free(sig);
- if (datafellows) {
+ if (datafellows & SSH_BUG_SIGBLOB) {
debug("datafellows");
ret = xmalloc(SIGBLOB_LEN);
memcpy(ret, sigblob, SIGBLOB_LEN);
return -1;
}
- if (datafellows && signaturelen != SIGBLOB_LEN) {
- log("heh? datafellows ssh2 complies with ietf-drafts????");
- datafellows = 0;
+ if (!(datafellows & SSH_BUG_SIGBLOB) &&
+ signaturelen == SIGBLOB_LEN) {
+ datafellows |= ~SSH_BUG_SIGBLOB;
+ log("autodetect SSH_BUG_SIGBLOB");
+ } else if ((datafellows & SSH_BUG_SIGBLOB) &&
+ signaturelen != SIGBLOB_LEN) {
+ log("autoremove SSH_BUG_SIGBLOB");
+ datafellows &= ~SSH_BUG_SIGBLOB;
}
debug("len %d datafellows %d", signaturelen, datafellows);
/* fetch signature */
- if (datafellows) {
+ if (datafellows & SSH_BUG_SIGBLOB) {
sigblob = signature;
len = signaturelen;
} else {
sig->s = BN_new();
BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
- if (!datafellows) {
+
+ if (!(datafellows & SSH_BUG_SIGBLOB)) {
memset(sigblob, 0, len);
xfree(sigblob);
}
*/
#include "includes.h"
-RCSID("$Id: kex.c,v 1.7 2000/04/16 01:52:47 damien Exp $");
+RCSID("$Id: kex.c,v 1.8 2000/05/09 01:03:01 damien Exp $");
#include "ssh.h"
#include "ssh2.h"
}
mac->name = name;
mac->mac_len = mac->md->md_size;
- mac->key_len = datafellows ? 16 : mac->mac_len;
+ mac->key_len = (datafellows & SSH_BUG_HMAC) ? 16 : mac->mac_len;
mac->key = NULL;
mac->enabled = 0;
}
#define KEX_DEFAULT_KEX "diffie-hellman-group1-sha1"
#define KEX_DEFAULT_PK_ALG "ssh-dss"
-#define KEX_DEFAULT_ENCRYPT "blowfish-cbc,3des-cbc,arcfour,cast128-cbc"
+#define KEX_DEFAULT_ENCRYPT "3des-cbc,blowfish-cbc,arcfour,cast128-cbc"
#define KEX_DEFAULT_MAC "hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com"
#define KEX_DEFAULT_COMP "zlib,none"
#define KEX_DEFAULT_LANG ""
*/
#include "includes.h"
-RCSID("$Id: nchan.c,v 1.9 2000/05/07 02:03:16 damien Exp $");
+RCSID("$Id: nchan.c,v 1.10 2000/05/09 01:03:01 damien Exp $");
#include "ssh.h"
debug("channel %d: input open -> drain", c->self);
chan_shutdown_read(c);
c->istate = CHAN_INPUT_WAIT_DRAIN;
+ if (buffer_len(&c->input) == 0) {
+ debug("channel %d: input: no drain shortcut", c->self);
+ chan_ibuf_empty(c);
+ }
break;
default:
error("channel %d: internal error: we do not read, but chan_read_failed for istate %d",
*/
#include "includes.h"
-RCSID("$Id: readconf.c,v 1.13 2000/05/07 02:03:17 damien Exp $");
+RCSID("$Id: readconf.c,v 1.14 2000/05/09 01:03:01 damien Exp $");
#include "ssh.h"
#include "cipher.h"
case oCiphers:
cp = strtok(NULL, WHITESPACE);
if (!ciphers_valid(cp))
- fatal("%.200s line %d: Bad cipher spec '%s'.",
+ fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
filename, linenum, cp ? cp : "<NONE>");
if (*activep && options->ciphers == NULL)
options->ciphers = xstrdup(cp);
/* Selected in ssh_login(). */
if (options->cipher == -1)
options->cipher = SSH_CIPHER_NOT_SET;
+ /* options->ciphers, default set in myproposals.h */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;
if (options->num_identity_files == 0) {
*
*/
-/* RCSID("$Id: readconf.h,v 1.10 2000/05/07 02:03:17 damien Exp $"); */
+/* RCSID("$Id: readconf.h,v 1.11 2000/05/09 01:03:01 damien Exp $"); */
#ifndef READCONF_H
#define READCONF_H
int number_of_password_prompts; /* Max number of password
* prompts. */
int cipher; /* Cipher to use. */
- char *ciphers; /* Ciphers in order of preference. */
+ char *ciphers; /* SSH2 ciphers in order of preference. */
int protocol; /* Protocol in order of preference. */
char *hostname; /* Real host to connect. */
char *proxy_command; /* Proxy command for connecting the host. */
*/
#include "includes.h"
-RCSID("$Id: servconf.c,v 1.15 2000/05/07 02:03:18 damien Exp $");
+RCSID("$Id: servconf.c,v 1.16 2000/05/09 01:03:01 damien Exp $");
#include "ssh.h"
#include "servconf.h"
case sCiphers:
cp = strtok(NULL, WHITESPACE);
if (!ciphers_valid(cp))
- fatal("%s line %d: Bad cipher spec '%s'.",
+ fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
filename, linenum, cp ? cp : "<NONE>");
if (options->ciphers == NULL)
options->ciphers = xstrdup(cp);
.\"
.\" Created: Sat Apr 22 23:55:14 1995 ylo
.\"
-.\" $Id: ssh-keygen.1,v 1.14 2000/05/07 02:03:18 damien Exp $
+.\" $Id: ssh-keygen.1,v 1.15 2000/05/09 01:03:02 damien Exp $
.\"
.Dd September 25, 1999
.Dt SSH-KEYGEN 1
removed once the RSA patent expires.
.It Fl x
This option will read a private
-OpenSSH DSA format file and prints to stdout a SSH2-compatible public key.
+OpenSSH DSA format file and print a SSH2-compatible public key to stdout.
.It Fl X
This option will read a
-SSH2-compatible public key file and print to stdout an OpenSSH DSA compatible public key.
+SSH2-compatible public key file and print an OpenSSH DSA compatible public key to stdout.
.It Fl y
This option will read a private
-OpenSSH DSA format file and prints to stdout an OpenSSH DSA public key.
+OpenSSH DSA format file and print an OpenSSH DSA public key to stdout.
.El
.Sh FILES
.Bl -tag -width Ds
*/
#include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.17 2000/05/07 02:03:19 damien Exp $");
+RCSID("$Id: ssh-keygen.c,v 1.18 2000/05/09 01:03:02 damien Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
char blob[8096];
char encoded[8096];
struct stat st;
+ int escaped = 0;
FILE *fp;
if (!have_identity)
}
encoded[0] = '\0';
while (fgets(line, sizeof(line), fp)) {
+ if (!(p = strchr(line, '\n'))) {
+ fprintf(stderr, "input line too long.\n");
+ exit(1);
+ }
+ if (p > line && p[-1] == '\\')
+ escaped++;
if (strncmp(line, "----", 4) == 0 ||
strstr(line, ": ") != NULL) {
fprintf(stderr, "ignore: %s", line);
continue;
}
- if (!(p = strchr(line, '\n'))) {
- fprintf(stderr, "input line too long.\n");
- exit(1);
+ if (escaped) {
+ escaped--;
+ fprintf(stderr, "escaped: %s", line);
+ continue;
}
*p = '\0';
strlcat(encoded, line, sizeof(encoded));
.\"
.\" Created: Sat Apr 22 21:55:14 1995 ylo
.\"
-.\" $Id: ssh.1,v 1.24 2000/05/07 02:03:19 damien Exp $
+.\" $Id: ssh.1,v 1.25 2000/05/09 01:03:02 damien Exp $
.\"
.Dd September 25, 1999
.Dt SSH 1
.Pp
.Nm ssh
.Op Fl afgknqtvxCPX246
-.Op Fl c Ar blowfish | 3des
+.Op Fl c Ar cipher_spec
.Op Fl e Ar escape_char
.Op Fl i Ar identity_file
.Op Fl l Ar login_name
S/Key authentication.
.Pp
Protocol 2 provides additional mechanisms for confidentiality
-(the traffic is encrypted using 3DES, blowfish, cast128 or arcfour)
+(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
and integrity (hmac-sha1, hmac-md5).
Note that protocol 1 lacks a strong mechanism for ensuring the
integrity of the connection.
(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
It is presumably more secure than the
.Ar des
-cipher which is no longer supported in ssh.
+cipher which is no longer supported in
+.Nm ssh .
.Ar blowfish
is a fast block cipher, it appears very secure and is much faster than
.Ar 3des .
+.It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc"
+Additionally, for protocol version 2 a comma-separated list of ciphers can
+be specified in order of preference. Protocol version 2 supports
+3DES, Blowfish and CAST128 in CBC mode and Arcfour.
.It Fl e Ar ch|^ch|none
Sets the escape character for sessions with a pty (default:
.Ql ~ ) .
in order of preference.
Multiple ciphers must be comma-separated.
The default is
-.Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc .
+.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc .
.It Cm Compression
Specifies whether to use compression.
The argument must be
This means that
.Nm
tries version 1 and falls back to version 2
-if version 1 is no available.
+if version 1 is not available.
.It Cm ProxyCommand
Specifies the command to use to connect to the server.
The command
*/
#include "includes.h"
-RCSID("$Id: ssh.c,v 1.29 2000/05/01 10:59:51 damien Exp $");
+RCSID("$Id: ssh.c,v 1.30 2000/05/09 01:03:02 damien Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
if (ciphers_valid(optarg)) {
/* SSH2 only */
options.ciphers = xstrdup(optarg);
+ options.cipher = SSH_CIPHER_ILLEGAL;
} else {
/* SSH1 only */
options.cipher = cipher_number(optarg);
*
*/
-/* RCSID("$Id: ssh.h,v 1.38 2000/05/07 02:03:19 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.39 2000/05/09 01:03:02 damien Exp $"); */
#ifndef SSH_H
#define SSH_H
#include "cipher.h"
/*
+ * XXX
* The default cipher used if IDEA is not supported by the remote host. It is
* recommended that this be one of the mandatory ciphers (DES, 3DES), though
* that is not required.
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.2 2000/05/04 22:38:00 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.3 2000/05/08 17:12:16 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
RSA_free(public_key);
RSA_free(host_key);
- if (options.cipher == SSH_CIPHER_NOT_SET) {
+ if (options.cipher == SSH_CIPHER_ILLEGAL) {
+ log("No valid SSH1 cipher, using %.100s instead.",
+ cipher_name(SSH_FALLBACK_CIPHER));
+ options.cipher = SSH_FALLBACK_CIPHER;
+ } else if (options.cipher == SSH_CIPHER_NOT_SET) {
if (cipher_mask1() & supported_ciphers & (1 << ssh_cipher_default))
options.cipher = ssh_cipher_default;
else {
debug("Cipher %s not supported, using %.100s instead.",
- cipher_name(ssh_cipher_default),
- cipher_name(SSH_FALLBACK_CIPHER));
+ cipher_name(ssh_cipher_default),
+ cipher_name(SSH_FALLBACK_CIPHER));
options.cipher = SSH_FALLBACK_CIPHER;
}
}
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.8 2000/05/07 18:23:32 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.10 2000/05/08 17:42:25 markus Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
- } else if (
- options.cipher == SSH_CIPHER_ARCFOUR ||
- options.cipher == SSH_CIPHER_3DES_CBC ||
- options.cipher == SSH_CIPHER_CAST128_CBC ||
- options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
+ } else if (options.cipher == SSH_CIPHER_3DES) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
- myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher);
+ myproposal[PROPOSAL_ENC_ALGS_STOC] =
+ cipher_name(SSH_CIPHER_3DES_CBC);
+ } else if (options.cipher == SSH_CIPHER_BLOWFISH) {
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_STOC] =
+ cipher_name(SSH_CIPHER_BLOWFISH_CBC);
}
if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib";
buffer_append(&b, session_id2, session_id2_len);
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, server_user);
- buffer_put_cstring(&b, service);
+ buffer_put_cstring(&b,
+ datafellows & SSH_BUG_PUBKEYAUTH ?
+ "ssh-userauth" :
+ service);
buffer_put_cstring(&b, "publickey");
buffer_put_char(&b, 1);
buffer_put_cstring(&b, KEX_DSS);
buffer_put_string(&b, blob, bloblen);
- xfree(blob);
/* generate signature */
dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
#ifdef DEBUG_DSS
buffer_dump(&b);
#endif
+ if (datafellows & SSH_BUG_PUBKEYAUTH) {
+ /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */
+ buffer_clear(&b);
+ buffer_append(&b, session_id2, session_id2_len);
+ buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+ buffer_put_cstring(&b, server_user);
+ buffer_put_cstring(&b, service);
+ buffer_put_cstring(&b, "publickey");
+ buffer_put_char(&b, 1);
+ buffer_put_cstring(&b, KEX_DSS);
+ buffer_put_string(&b, blob, bloblen);
+ }
+ xfree(blob);
/* append signature */
buffer_put_string(&b, signature, slen);
xfree(signature);
.\"
.\" Created: Sat Apr 22 21:55:14 1995 ylo
.\"
-.\" $Id: sshd.8,v 1.21 2000/05/07 02:03:20 damien Exp $
+.\" $Id: sshd.8,v 1.22 2000/05/09 01:03:03 damien Exp $
.\"
.Dd September 25, 1999
.Dt SSHD 8
The client selects the encryption algorithm
to use from those offered by the server.
Additionally, session integrity is provided
-through a crytographic message authentication code
+through a cryptographic message authentication code
(hmac-sha1 or hmac-md5).
.Pp
Protocol version 2 provides a public key based
Specifies the ciphers allowed for protocol version 2.
Multiple ciphers must be comma-separated.
The default is
-.Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc .
+.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc .
.It Cm CheckMail
Specifies whether
.Nm
used by SSH protocol 2.0.
Note that
.Nm
-disables protcol 2.0 if this file is group/world-accessible.
+disables protocol 2.0 if this file is group/world-accessible.
.It Cm HostKey
Specifies the file containing the private RSA host key (default
.Pa /etc/ssh_host_key )
used by SSH protocols 1.3 and 1.5.
Note that
.Nm
-disables protcols 1.3 and 1.5 if this file is group/world-accessible.
+disables protocols 1.3 and 1.5 if this file is group/world-accessible.
.It Cm IgnoreRhosts
Specifies that
.Pa .rhosts
However, this means that
connections will die if the route is down temporarily, and some people
find it annoying.
-On the other hand, if keepalives are not send,
+On the other hand, if keepalives are not sent,
sessions may hang indefinitely on the server, leaving
.Dq ghost
users and consuming server resources.
.Pa $HOME/.ssh/authorized_keys
file lists the RSA keys that are
permitted for RSA authentication in SSH protocols 1.3 and 1.5
-Similarily, the
+Similarly, the
.Pa $HOME/.ssh/authorized_keys2
file lists the DSA keys that are
permitted for DSA authentication in SSH protocol 2.0.
This option might be useful
to restrict certain RSA keys to perform just a specific operation.
An example might be a key that permits remote backups but nothing else.
-Notice that the client may specify TCP/IP and/or X11
-forwardings unless they are explicitly prohibited.
+Note that the client may specify TCP/IP and/or X11
+forwarding unless they are explicitly prohibited.
.It Cm environment="NAME=value"
Specifies that the string is to be added to the environment when
logging in using this key.
-#define SSH_VERSION "OpenSSH-2.0"
+#define SSH_VERSION "OpenSSH-2.1"
projects / thirdparty / openssh-portable.git / commitdiff
