From f8033f154f0fe23f974f67ba2f8a29754a5044af Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:09 +0000 Subject: Adjust various OpenBSD-specific references in manual pages No single bug reference for this patch, but history includes: https://bugs.debian.org/154434 (login.conf(5)) https://bugs.debian.org/513417 (/etc/rc) https://bugs.debian.org/530692 (ssl(8)) https://bugs.launchpad.net/bugs/456660 (ssl(8)) https://bugs.debian.org/998069 (rdomain(4)) Forwarded: not-needed Last-Update: 2021-11-05 Patch-Name: openbsd-docs.patch --- moduli.5 | 4 ++-- ssh-keygen.1 | 12 ++++-------- ssh.1 | 4 ++++ sshd.8 | 5 ++--- sshd_config.5 | 40 ++-------------------------------------- 5 files changed, 14 insertions(+), 51 deletions(-) diff --git a/moduli.5 b/moduli.5 index 5086a6d42..6dffdc7e6 100644 --- a/moduli.5 +++ b/moduli.5 @@ -21,7 +21,7 @@ .Nd Diffie-Hellman moduli .Sh DESCRIPTION The -.Pa /etc/moduli +.Pa /etc/ssh/moduli file contains prime numbers and generators for use by .Xr sshd 8 in the Diffie-Hellman Group Exchange key exchange method. @@ -110,7 +110,7 @@ first estimates the size of the modulus required to produce enough Diffie-Hellman output to sufficiently key the selected symmetric cipher. .Xr sshd 8 then randomly selects a modulus from -.Fa /etc/moduli +.Fa /etc/ssh/moduli that best meets the size requirement. .Sh SEE ALSO .Xr ssh-keygen 1 , diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 8b1f617d2..f2a021878 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -212,9 +212,7 @@ key in .Pa ~/.ssh/id_ed25519_sk or .Pa ~/.ssh/id_rsa . -Additionally, the system administrator may use this to generate host keys, -as seen in -.Pa /etc/rc . +Additionally, the system administrator may use this to generate host keys. .Pp Normally this program generates the key and asks for a file in which to store the private key. @@ -279,9 +277,7 @@ If .Fl f has also been specified, its argument is used as a prefix to the default path for the resulting host key files. -This is used by -.Pa /etc/rc -to generate new host keys. +This is used by system administration scripts to generate new host keys. .It Fl a Ar rounds When saving a private key, this option specifies the number of KDF (key derivation function, currently @@ -849,7 +845,7 @@ option. Valid generator values are 2, 3, and 5. .Pp Screened DH groups may be installed in -.Pa /etc/moduli . +.Pa /etc/ssh/moduli . It is important that this file contains moduli of a range of bit lengths. .Pp A number of options are available for moduli generation and screening via the @@ -1307,7 +1303,7 @@ on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. .Pp -.It Pa /etc/moduli +.It Pa /etc/ssh/moduli Contains Diffie-Hellman groups used for DH-GEX. The file format is described in .Xr moduli 5 . diff --git a/ssh.1 b/ssh.1 index 4028f971a..6b56f5638 100644 --- a/ssh.1 +++ b/ssh.1 @@ -925,6 +925,10 @@ implements public key authentication protocol automatically, using one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of .Xr ssl 8 +(on non-OpenBSD systems, see +.nh +http://www.openbsd.org/cgi\-bin/man.cgi?query=ssl&sektion=8#HISTORY) +.hy contains a brief discussion of the DSA and RSA algorithms. .Pp The file diff --git a/sshd.8 b/sshd.8 index 71da859dc..ec1687585 100644 --- a/sshd.8 +++ b/sshd.8 @@ -64,7 +64,7 @@ over an insecure network. .Nm listens for connections from clients. It is normally started at boot from -.Pa /etc/rc . +.Pa /etc/init.d/ssh . It forks a new daemon for each incoming connection. The forked daemons handle @@ -921,7 +921,7 @@ This file is for host-based authentication (see .Xr ssh 1 ) . It should only be writable by root. .Pp -.It Pa /etc/moduli +.It Pa /etc/ssh/moduli Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" key exchange method. The file format is described in @@ -1019,7 +1019,6 @@ The content of this file is not sensitive; it can be world-readable. .Xr ssh-keyscan 1 , .Xr chroot 2 , .Xr hosts_access 5 , -.Xr login.conf 5 , .Xr moduli 5 , .Xr sshd_config 5 , .Xr inetd 8 , diff --git a/sshd_config.5 b/sshd_config.5 index 2c6ec76cb..b9a19c7bd 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -981,9 +981,6 @@ for interactive sessions and for non-interactive sessions. .It Cm KbdInteractiveAuthentication Specifies whether to allow keyboard-interactive authentication. -All authentication styles from -.Xr login.conf 5 -are supported. The default is .Cm yes . The argument to this keyword must be @@ -1087,45 +1084,33 @@ The following forms may be used: .Sm off .Ar hostname | address .Sm on -.Op Cm rdomain Ar domain .It .Cm ListenAddress .Sm off .Ar hostname : port .Sm on -.Op Cm rdomain Ar domain .It .Cm ListenAddress .Sm off .Ar IPv4_address : port .Sm on -.Op Cm rdomain Ar domain .It .Cm ListenAddress .Sm off .Oo Ar hostname | address Oc : Ar port .Sm on -.Op Cm rdomain Ar domain .El .Pp -The optional -.Cm rdomain -qualifier requests -.Xr sshd 8 -listen in an explicit routing domain. If .Ar port is not specified, sshd will listen on the address and all .Cm Port options specified. -The default is to listen on all local addresses on the current default -routing domain. +The default is to listen on all local addresses. Multiple .Cm ListenAddress options are permitted. -For more information on routing domains, see -.Xr rdomain 4 . .It Cm LoginGraceTime The server disconnects after this time if the user has not successfully logged in. @@ -1250,14 +1235,8 @@ The available criteria are .Cm Host , .Cm LocalAddress , .Cm LocalPort , -.Cm RDomain , and -.Cm Address -(with -.Cm RDomain -representing the -.Xr rdomain 4 -on which the connection was received). +.Cm Address . .Pp The match patterns may consist of single entries or comma-separated lists and may use the wildcard and negation operators described in the @@ -1329,7 +1308,6 @@ Available keywords are .Cm PubkeyAuthOptions , .Cm RekeyLimit , .Cm RevokedKeys , -.Cm RDomain , .Cm SetEnv , .Cm StreamLocalBindMask , .Cm StreamLocalBindUnlink , @@ -1724,15 +1702,6 @@ an OpenSSH Key Revocation List (KRL) as generated by .Xr ssh-keygen 1 . For more information on KRLs, see the KEY REVOCATION LISTS section in .Xr ssh-keygen 1 . -.It Cm RDomain -Specifies an explicit routing domain that is applied after authentication -has completed. -The user session, as well as any forwarded or listening IP sockets, -will be bound to this -.Xr rdomain 4 . -If the routing domain is set to -.Cm \&%D , -then the domain in which the incoming connection was received will be applied. .It Cm SecurityKeyProvider Specifies a path to a library that will be used when loading FIDO authenticator-hosted keys, overriding the default of using @@ -2047,8 +2016,6 @@ which are expanded at runtime: .It %% A literal .Sq % . -.It \&%D -The routing domain in which the incoming connection was received. .It %F The fingerprint of the CA key. .It %f @@ -2087,9 +2054,6 @@ accepts the tokens %%, %h, %U, and %u. .Pp .Cm ChrootDirectory accepts the tokens %%, %h, %U, and %u. -.Pp -.Cm RoutingDomain -accepts the token %D. .Sh FILES .Bl -tag -width Ds .It Pa /etc/ssh/sshd_config