summaryrefslogtreecommitdiffstats
path: root/debian/patches/openbsd-docs.patch
blob: a21fcfd2f377495b4b0723a1e8347d1d9e0064e8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
From 469b4b6649073a7d42ad897db0985c74c776c8ad Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:09 +0000
Subject: Adjust various OpenBSD-specific references in manual pages

No single bug reference for this patch, but history includes:
 https://bugs.debian.org/154434 (login.conf(5))
 https://bugs.debian.org/513417 (/etc/rc)
 https://bugs.debian.org/530692 (ssl(8))
 https://bugs.launchpad.net/bugs/456660 (ssl(8))
 https://bugs.debian.org/998069 (rdomain(4))

Forwarded: not-needed
Last-Update: 2023-09-02

Patch-Name: openbsd-docs.patch
---
 moduli.5      |  4 ++--
 ssh-keygen.1  | 12 ++++--------
 ssh.1         |  4 ++++
 sshd.8        |  5 ++---
 sshd_config.5 | 40 ++--------------------------------------
 5 files changed, 14 insertions(+), 51 deletions(-)

diff --git a/moduli.5 b/moduli.5
index 5086a6d42..6dffdc7e6 100644
--- a/moduli.5
+++ b/moduli.5
@@ -21,7 +21,7 @@
 .Nd Diffie-Hellman moduli
 .Sh DESCRIPTION
 The
-.Pa /etc/moduli
+.Pa /etc/ssh/moduli
 file contains prime numbers and generators for use by
 .Xr sshd 8
 in the Diffie-Hellman Group Exchange key exchange method.
@@ -110,7 +110,7 @@ first estimates the size of the modulus required to produce enough
 Diffie-Hellman output to sufficiently key the selected symmetric cipher.
 .Xr sshd 8
 then randomly selects a modulus from
-.Fa /etc/moduli
+.Fa /etc/ssh/moduli
 that best meets the size requirement.
 .Sh SEE ALSO
 .Xr ssh-keygen 1 ,
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index c392141ea..1155cf555 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -212,9 +212,7 @@ key in
 .Pa ~/.ssh/id_ed25519_sk
 or
 .Pa ~/.ssh/id_rsa .
-Additionally, the system administrator may use this to generate host keys,
-as seen in
-.Pa /etc/rc .
+Additionally, the system administrator may use this to generate host keys.
 .Pp
 Normally this program generates the key and asks for a file in which
 to store the private key.
@@ -279,9 +277,7 @@ If
 .Fl f
 has also been specified, its argument is used as a prefix to the
 default path for the resulting host key files.
-This is used by
-.Pa /etc/rc
-to generate new host keys.
+This is used by system administration scripts to generate new host keys.
 .It Fl a Ar rounds
 When saving a private key, this option specifies the number of KDF
 (key derivation function, currently
@@ -864,7 +860,7 @@ option.
 Valid generator values are 2, 3, and 5.
 .Pp
 Screened DH groups may be installed in
-.Pa /etc/moduli .
+.Pa /etc/ssh/moduli .
 It is important that this file contains moduli of a range of bit lengths.
 .Pp
 A number of options are available for moduli generation and screening via the
@@ -1322,7 +1318,7 @@ on all machines
 where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
 .Pp
-.It Pa /etc/moduli
+.It Pa /etc/ssh/moduli
 Contains Diffie-Hellman groups used for DH-GEX.
 The file format is described in
 .Xr moduli 5 .
diff --git a/ssh.1 b/ssh.1
index 2d07c919e..60e97dc62 100644
--- a/ssh.1
+++ b/ssh.1
@@ -939,6 +939,10 @@ implements public key authentication protocol automatically,
 using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
 The HISTORY section of
 .Xr ssl 8
+(on non-OpenBSD systems, see
+.nh
+http://www.openbsd.org/cgi\-bin/man.cgi?query=ssl&sektion=8#HISTORY)
+.hy
 contains a brief discussion of the DSA and RSA algorithms.
 .Pp
 The file
diff --git a/sshd.8 b/sshd.8
index 8efeacdf1..6527e28a3 100644
--- a/sshd.8
+++ b/sshd.8
@@ -64,7 +64,7 @@ over an insecure network.
 .Nm
 listens for connections from clients.
 It is normally started at boot from
-.Pa /etc/rc .
+.Pa /etc/init.d/ssh .
 It forks a new
 daemon for each incoming connection.
 The forked daemons handle
@@ -935,7 +935,7 @@ This file is for host-based authentication (see
 .Xr ssh 1 ) .
 It should only be writable by root.
 .Pp
-.It Pa /etc/moduli
+.It Pa /etc/ssh/moduli
 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange"
 key exchange method.
 The file format is described in
@@ -1033,7 +1033,6 @@ The content of this file is not sensitive; it can be world-readable.
 .Xr ssh-keyscan 1 ,
 .Xr chroot 2 ,
 .Xr hosts_access 5 ,
-.Xr login.conf 5 ,
 .Xr moduli 5 ,
 .Xr sshd_config 5 ,
 .Xr inetd 8 ,
diff --git a/sshd_config.5 b/sshd_config.5
index 1a8febfa6..0e8891c4f 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -1001,9 +1001,6 @@ for interactive sessions and
 for non-interactive sessions.
 .It Cm KbdInteractiveAuthentication
 Specifies whether to allow keyboard-interactive authentication.
-All authentication styles from
-.Xr login.conf 5
-are supported.
 The default is
 .Cm yes .
 The argument to this keyword must be
@@ -1107,45 +1104,33 @@ The following forms may be used:
 .Sm off
 .Ar hostname | address
 .Sm on
-.Op Cm rdomain Ar domain
 .It
 .Cm ListenAddress
 .Sm off
 .Ar hostname : port
 .Sm on
-.Op Cm rdomain Ar domain
 .It
 .Cm ListenAddress
 .Sm off
 .Ar IPv4_address : port
 .Sm on
-.Op Cm rdomain Ar domain
 .It
 .Cm ListenAddress
 .Sm off
 .Oo Ar hostname | address Oc : Ar port
 .Sm on
-.Op Cm rdomain Ar domain
 .El
 .Pp
-The optional
-.Cm rdomain
-qualifier requests
-.Xr sshd 8
-listen in an explicit routing domain.
 If
 .Ar port
 is not specified,
 sshd will listen on the address and all
 .Cm Port
 options specified.
-The default is to listen on all local addresses on the current default
-routing domain.
+The default is to listen on all local addresses.
 Multiple
 .Cm ListenAddress
 options are permitted.
-For more information on routing domains, see
-.Xr rdomain 4 .
 .It Cm LoginGraceTime
 The server disconnects after this time if the user has not
 successfully logged in.
@@ -1271,14 +1256,8 @@ The available criteria are
 .Cm Host ,
 .Cm LocalAddress ,
 .Cm LocalPort ,
-.Cm RDomain ,
 and
-.Cm Address
-(with
-.Cm RDomain
-representing the
-.Xr rdomain 4
-on which the connection was received).
+.Cm Address .
 .Pp
 The match patterns may consist of single entries or comma-separated
 lists and may use the wildcard and negation operators described in the
@@ -1350,7 +1329,6 @@ Available keywords are
 .Cm PubkeyAuthOptions ,
 .Cm RekeyLimit ,
 .Cm RevokedKeys ,
-.Cm RDomain ,
 .Cm SetEnv ,
 .Cm StreamLocalBindMask ,
 .Cm StreamLocalBindUnlink ,
@@ -1745,15 +1723,6 @@ an OpenSSH Key Revocation List (KRL) as generated by
 .Xr ssh-keygen 1 .
 For more information on KRLs, see the KEY REVOCATION LISTS section in
 .Xr ssh-keygen 1 .
-.It Cm RDomain
-Specifies an explicit routing domain that is applied after authentication
-has completed.
-The user session, as well as any forwarded or listening IP sockets,
-will be bound to this
-.Xr rdomain 4 .
-If the routing domain is set to
-.Cm \&%D ,
-then the domain in which the incoming connection was received will be applied.
 .It Cm SecurityKeyProvider
 Specifies a path to a library that will be used when loading
 FIDO authenticator-hosted keys, overriding the default of using
@@ -2080,8 +2049,6 @@ A literal
 Identifies the connection endpoints, containing
 four space-separated values: client address, client port number,
 server address, and server port number.
-.It \&%D
-The routing domain in which the incoming connection was received.
 .It %F
 The fingerprint of the CA key.
 .It %f
@@ -2120,9 +2087,6 @@ accepts the tokens %%, %h, %U, and %u.
 .Pp
 .Cm ChrootDirectory
 accepts the tokens %%, %h, %U, and %u.
-.Pp
-.Cm RoutingDomain
-accepts the token %D.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa /etc/ssh/sshd_config