diff options
Diffstat (limited to '')
-rw-r--r-- | debian/patches/openbsd-docs.patch | 255 |
1 files changed, 255 insertions, 0 deletions
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch new file mode 100644 index 0000000..785d181 --- /dev/null +++ b/debian/patches/openbsd-docs.patch @@ -0,0 +1,255 @@ +From 92fdda49286532870c424f93f3d157583a921cbe Mon Sep 17 00:00:00 2001 +From: Colin Watson <cjwatson@debian.org> +Date: Sun, 9 Feb 2014 16:10:09 +0000 +Subject: Adjust various OpenBSD-specific references in manual pages + +No single bug reference for this patch, but history includes: + https://bugs.debian.org/154434 (login.conf(5)) + https://bugs.debian.org/513417 (/etc/rc) + https://bugs.debian.org/530692 (ssl(8)) + https://bugs.launchpad.net/bugs/456660 (ssl(8)) + https://bugs.debian.org/998069 (rdomain(4)) + +Forwarded: not-needed +Last-Update: 2023-09-02 + +Patch-Name: openbsd-docs.patch +--- + moduli.5 | 4 ++-- + ssh-keygen.1 | 12 ++++-------- + ssh.1 | 4 ++++ + sshd.8 | 5 ++--- + sshd_config.5 | 40 ++-------------------------------------- + 5 files changed, 14 insertions(+), 51 deletions(-) + +diff --git a/moduli.5 b/moduli.5 +index 5086a6d42..6dffdc7e6 100644 +--- a/moduli.5 ++++ b/moduli.5 +@@ -21,7 +21,7 @@ + .Nd Diffie-Hellman moduli + .Sh DESCRIPTION + The +-.Pa /etc/moduli ++.Pa /etc/ssh/moduli + file contains prime numbers and generators for use by + .Xr sshd 8 + in the Diffie-Hellman Group Exchange key exchange method. +@@ -110,7 +110,7 @@ first estimates the size of the modulus required to produce enough + Diffie-Hellman output to sufficiently key the selected symmetric cipher. + .Xr sshd 8 + then randomly selects a modulus from +-.Fa /etc/moduli ++.Fa /etc/ssh/moduli + that best meets the size requirement. + .Sh SEE ALSO + .Xr ssh-keygen 1 , +diff --git a/ssh-keygen.1 b/ssh-keygen.1 +index c392141ea..1155cf555 100644 +--- a/ssh-keygen.1 ++++ b/ssh-keygen.1 +@@ -212,9 +212,7 @@ key in + .Pa ~/.ssh/id_ed25519_sk + or + .Pa ~/.ssh/id_rsa . +-Additionally, the system administrator may use this to generate host keys, +-as seen in +-.Pa /etc/rc . ++Additionally, the system administrator may use this to generate host keys. + .Pp + Normally this program generates the key and asks for a file in which + to store the private key. +@@ -279,9 +277,7 @@ If + .Fl f + has also been specified, its argument is used as a prefix to the + default path for the resulting host key files. +-This is used by +-.Pa /etc/rc +-to generate new host keys. ++This is used by system administration scripts to generate new host keys. + .It Fl a Ar rounds + When saving a private key, this option specifies the number of KDF + (key derivation function, currently +@@ -864,7 +860,7 @@ option. + Valid generator values are 2, 3, and 5. + .Pp + Screened DH groups may be installed in +-.Pa /etc/moduli . ++.Pa /etc/ssh/moduli . + It is important that this file contains moduli of a range of bit lengths. + .Pp + A number of options are available for moduli generation and screening via the +@@ -1322,7 +1318,7 @@ on all machines + where the user wishes to log in using public key authentication. + There is no need to keep the contents of this file secret. + .Pp +-.It Pa /etc/moduli ++.It Pa /etc/ssh/moduli + Contains Diffie-Hellman groups used for DH-GEX. + The file format is described in + .Xr moduli 5 . +diff --git a/ssh.1 b/ssh.1 +index 2d07c919e..60e97dc62 100644 +--- a/ssh.1 ++++ b/ssh.1 +@@ -939,6 +939,10 @@ implements public key authentication protocol automatically, + using one of the DSA, ECDSA, Ed25519 or RSA algorithms. + The HISTORY section of + .Xr ssl 8 ++(on non-OpenBSD systems, see ++.nh ++http://www.openbsd.org/cgi\-bin/man.cgi?query=ssl&sektion=8#HISTORY) ++.hy + contains a brief discussion of the DSA and RSA algorithms. + .Pp + The file +diff --git a/sshd.8 b/sshd.8 +index 8efeacdf1..6527e28a3 100644 +--- a/sshd.8 ++++ b/sshd.8 +@@ -64,7 +64,7 @@ over an insecure network. + .Nm + listens for connections from clients. + It is normally started at boot from +-.Pa /etc/rc . ++.Pa /etc/init.d/ssh . + It forks a new + daemon for each incoming connection. + The forked daemons handle +@@ -935,7 +935,7 @@ This file is for host-based authentication (see + .Xr ssh 1 ) . + It should only be writable by root. + .Pp +-.It Pa /etc/moduli ++.It Pa /etc/ssh/moduli + Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" + key exchange method. + The file format is described in +@@ -1033,7 +1033,6 @@ The content of this file is not sensitive; it can be world-readable. + .Xr ssh-keyscan 1 , + .Xr chroot 2 , + .Xr hosts_access 5 , +-.Xr login.conf 5 , + .Xr moduli 5 , + .Xr sshd_config 5 , + .Xr inetd 8 , +diff --git a/sshd_config.5 b/sshd_config.5 +index 630c18736..98bd201b0 100644 +--- a/sshd_config.5 ++++ b/sshd_config.5 +@@ -993,9 +993,6 @@ for interactive sessions and + for non-interactive sessions. + .It Cm KbdInteractiveAuthentication + Specifies whether to allow keyboard-interactive authentication. +-All authentication styles from +-.Xr login.conf 5 +-are supported. + The default is + .Cm yes . + The argument to this keyword must be +@@ -1099,45 +1096,33 @@ The following forms may be used: + .Sm off + .Ar hostname | address + .Sm on +-.Op Cm rdomain Ar domain + .It + .Cm ListenAddress + .Sm off + .Ar hostname : port + .Sm on +-.Op Cm rdomain Ar domain + .It + .Cm ListenAddress + .Sm off + .Ar IPv4_address : port + .Sm on +-.Op Cm rdomain Ar domain + .It + .Cm ListenAddress + .Sm off + .Oo Ar hostname | address Oc : Ar port + .Sm on +-.Op Cm rdomain Ar domain + .El + .Pp +-The optional +-.Cm rdomain +-qualifier requests +-.Xr sshd 8 +-listen in an explicit routing domain. + If + .Ar port + is not specified, + sshd will listen on the address and all + .Cm Port + options specified. +-The default is to listen on all local addresses on the current default +-routing domain. ++The default is to listen on all local addresses. + Multiple + .Cm ListenAddress + options are permitted. +-For more information on routing domains, see +-.Xr rdomain 4 . + .It Cm LoginGraceTime + The server disconnects after this time if the user has not + successfully logged in. +@@ -1262,14 +1247,8 @@ The available criteria are + .Cm Host , + .Cm LocalAddress , + .Cm LocalPort , +-.Cm RDomain , + and +-.Cm Address +-(with +-.Cm RDomain +-representing the +-.Xr rdomain 4 +-on which the connection was received). ++.Cm Address . + .Pp + The match patterns may consist of single entries or comma-separated + lists and may use the wildcard and negation operators described in the +@@ -1341,7 +1320,6 @@ Available keywords are + .Cm PubkeyAuthOptions , + .Cm RekeyLimit , + .Cm RevokedKeys , +-.Cm RDomain , + .Cm SetEnv , + .Cm StreamLocalBindMask , + .Cm StreamLocalBindUnlink , +@@ -1736,15 +1714,6 @@ an OpenSSH Key Revocation List (KRL) as generated by + .Xr ssh-keygen 1 . + For more information on KRLs, see the KEY REVOCATION LISTS section in + .Xr ssh-keygen 1 . +-.It Cm RDomain +-Specifies an explicit routing domain that is applied after authentication +-has completed. +-The user session, as well as any forwarded or listening IP sockets, +-will be bound to this +-.Xr rdomain 4 . +-If the routing domain is set to +-.Cm \&%D , +-then the domain in which the incoming connection was received will be applied. + .It Cm SecurityKeyProvider + Specifies a path to a library that will be used when loading + FIDO authenticator-hosted keys, overriding the default of using +@@ -2063,8 +2032,6 @@ A literal + Identifies the connection endpoints, containing + four space-separated values: client address, client port number, + server address, and server port number. +-.It \&%D +-The routing domain in which the incoming connection was received. + .It %F + The fingerprint of the CA key. + .It %f +@@ -2103,9 +2070,6 @@ accepts the tokens %%, %h, %U, and %u. + .Pp + .Cm ChrootDirectory + accepts the tokens %%, %h, %U, and %u. +-.Pp +-.Cm RoutingDomain +-accepts the token %D. + .Sh FILES + .Bl -tag -width Ds + .It Pa /etc/ssh/sshd_config |