sonic-openssh/ssh-agent.1

.\" $OpenBSD: ssh-agent.1,v 1.12 2000/05/03 18:04:39 markus Exp $
.\"
.\"  -*- nroff -*-
.\"
.\" ssh-agent.1
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\"
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\"                    All rights reserved
.\"
.\" Created: Sat Apr 23 20:10:43 1995 ylo
.\"
.Dd September 25, 1999
.Dt SSH-AGENT 1
.Os
.Sh NAME
.Nm ssh-agent
.Nd authentication agent
.Sh SYNOPSIS
.Nm ssh-agent
.Op Fl c Li | Fl s
.Op Fl k
.Oo
.Ar command
.Op Ar args ...
.Oc
.Sh DESCRIPTION
.Nm
is a program to hold private keys used for RSA authentication.
The idea is that
.Nm
is started in the beginning of an X-session or a login session, and
all other windows or programs are started as clients to the ssh-agent
program.
Through use of environment variables the agent can be located
and automatically used for RSA authentication when logging in to other
machines using
.Xr ssh 1 .
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl c
Generate C-shell commands on
.Dv stdout .
This is the default if
.Ev SHELL
looks like it's a csh style of shell.
.It Fl s
Generate Bourne shell commands on
.Dv stdout .
This is the default if
.Ev SHELL
does not look like it's a csh style of shell.
.It Fl k
Kill the current agent (given by the
.Ev SSH_AGENT_PID
environment variable).
.El
.Pp
If a commandline is given, this is executed as a subprocess of the agent.
When the command dies, so does the agent.
.Pp
The agent initially does not have any private keys.
Keys are added using
.Xr ssh-add 1 .
When executed without arguments,
.Xr ssh-add 1
adds the
.Pa $HOME/.ssh/identity
file.
If the identity has a passphrase,
.Xr ssh-add 1
asks for the passphrase (using a small X11 application if running
under X11, or from the terminal if running without X).
It then sends the identity to the agent.
Several identities can be stored in the
agent; the agent can automatically use any of these identities.
.Ic ssh-add -l
displays the identities currently held by the agent.
.Pp
The idea is that the agent is run in the user's local PC, laptop, or
terminal.
Authentication data need not be stored on any other
machine, and authentication passphrases never go over the network.
However, the connection to the agent is forwarded over SSH
remote logins, and the user can thus use the privileges given by the
identities anywhere in the network in a secure way.
.Pp
There are two main ways to get an agent setup:
Either you let the agent
start a new subcommand into which some environment variables are exported, or
you let the agent print the needed shell commands (either
.Xr sh 1
or
.Xr csh 1
syntax can be generated) which can be evalled in the calling shell.
Later
.Xr ssh 1
look at these variables and use them to establish a connection to the agent.
.Pp
A unix-domain socket is created
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
and the name of this socket is stored in the
.Ev SSH_AUTH_SOCK
environment
variable.
The socket is made accessible only to the current user.
This method is easily abused by root or another instance of the same
user.
.Pp
The
.Ev SSH_AGENT_PID
environment variable holds the agent's PID.
.Pp
The agent exits automatically when the command given on the command
line terminates.
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
Contains the RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file.
This file is not used by
.Nm
but is normally added to the agent using
.Xr ssh-add 1
at login time.
.It Pa /tmp/ssh-XXXX/agent.<pid> ,
Unix-domain sockets used to contain the connection to the
authentication agent.
These sockets should only be readable by the owner.
The sockets should get automatically removed when the agent exits.
.Sh AUTHOR
Tatu Ylonen <ylo@cs.hut.fi>
.Pp
OpenSSH
is a derivative of the original (free) ssh 1.2.12 release, but with bugs
removed and newer features re-added.
Rapidly after the 1.2.12 release,
newer versions bore successively more restrictive licenses.
This version of OpenSSH
.Bl -bullet
.It
has all components of a restrictive nature (i.e., patents)
directly removed from the source code; any licensed or patented components
are chosen from
external libraries.
.It
has been updated to support ssh protocol 1.5.
.It
contains added support for
.Xr kerberos 8
authentication and ticket passing.
.It
supports one-time password authentication with
.Xr skey 1 .
.El
.Pp
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
.Xr ssh-keygen 1 ,
.Xr sshd 8 ,
- Remove references to SSLeay. - Big OpenBSD CVS update - markus@cvs.openbsd.org [clientloop.c] - typo [session.c] - update proctitle on pty alloc/dealloc, e.g. w/ windows client [session.c] - update proctitle for proto 1, too [channels.h nchan.c serverloop.c session.c sshd.c] - use c-style comments - deraadt@cvs.openbsd.org [scp.c] - more atomicio - markus@cvs.openbsd.org [channels.c] - set O_NONBLOCK [ssh.1] - update AUTHOR [readconf.c ssh-keygen.c ssh.h] - default DSA key file ~/.ssh/id_dsa [clientloop.c] - typo, rm verbose debug - deraadt@cvs.openbsd.org [ssh-keygen.1] - document DSA use of ssh-keygen [sshd.8] - a start at describing what i understand of the DSA side [ssh-keygen.1] - document -X and -x [ssh-keygen.c] - simplify usage - markus@cvs.openbsd.org [sshd.8] - there is no rhosts_dsa [ssh-keygen.1] - document -y, update -X,-x [nchan.c] - fix close for non-open ssh1 channels [servconf.c servconf.h ssh.h sshd.8 sshd.c ] - s/DsaKey/HostDSAKey/, document option [sshconnect2.c] - respect number_of_password_prompts [channels.c channels.h servconf.c servconf.h session.c sshd.8] - GatewayPorts for sshd, ok deraadt@ [ssh-add.1 ssh-agent.1 ssh.1] - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2 [ssh.1] - more info on proto 2 [sshd.8] - sync AUTHOR w/ ssh.1 [key.c key.h sshconnect.c] - print key type when talking about host keys [packet.c] - clear padding in ssh2 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h] - replace broken uuencode w/ libc b64_ntop [auth2.c] - log failure before sending the reply [key.c radix.c uuencode.c] - remote trailing comments before calling __b64_pton [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1] [sshconnect2.c sshd.8] - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch]) 2000-05-07 06:03:14 +04:00			`.\" $OpenBSD: ssh-agent.1,v 1.12 2000/05/03 18:04:39 markus Exp $`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.\"`
			`.\" -- nroff --`
			`.\"`
			`.\" ssh-agent.1`
			`.\"`
			`.\" Author: Tatu Ylonen <ylo@cs.hut.fi>`
- Merged OpenBSD CVS changes - [ChangeLog.Ylonen] noone needs this anymore - [authfd.c] close-on-exec for auth-socket, ok deraadt - [hostfile.c] in known_hosts key lookup the entry for the bits does not need to match, all the information is contained in n and e. This solves the problem with buggy servers announcing the wrong modulus length. markus and me. - [serverloop.c] bugfix: check for space if child has terminated, from: iedowse@maths.tcd.ie - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c] [fingerprint.c fingerprint.h] rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se> - [ssh-agent.1] typo - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@ - [sshd.c] force logging to stderr while loading private key file (lost while converting to new log-levels) 1999-11-17 09:29:08 +03:00			`.\"`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland`
			`.\" All rights reserved`
			`.\"`
			`.\" Created: Sat Apr 23 20:10:43 1995 ylo`
			`.\"`
			`.Dd September 25, 1999`
			`.Dt SSH-AGENT 1`
			`.Os`
			`.Sh NAME`
			`.Nm ssh-agent`
			`.Nd authentication agent`
			`.Sh SYNOPSIS`
- Merged OpenBSD updates to include paths. 2000-04-13 06:26:34 +04:00			`.Nm ssh-agent`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.Op Fl c Li \| Fl s`
			`.Op Fl k`
			`.Oo`
			`.Ar command`
			`.Op Ar args ...`
			`.Oc`
- Merged OpenBSD updates to include paths. 2000-04-13 06:26:34 +04:00			`.Sh DESCRIPTION`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.Nm`
- Remove references to SSLeay. - Big OpenBSD CVS update - markus@cvs.openbsd.org [clientloop.c] - typo [session.c] - update proctitle on pty alloc/dealloc, e.g. w/ windows client [session.c] - update proctitle for proto 1, too [channels.h nchan.c serverloop.c session.c sshd.c] - use c-style comments - deraadt@cvs.openbsd.org [scp.c] - more atomicio - markus@cvs.openbsd.org [channels.c] - set O_NONBLOCK [ssh.1] - update AUTHOR [readconf.c ssh-keygen.c ssh.h] - default DSA key file ~/.ssh/id_dsa [clientloop.c] - typo, rm verbose debug - deraadt@cvs.openbsd.org [ssh-keygen.1] - document DSA use of ssh-keygen [sshd.8] - a start at describing what i understand of the DSA side [ssh-keygen.1] - document -X and -x [ssh-keygen.c] - simplify usage - markus@cvs.openbsd.org [sshd.8] - there is no rhosts_dsa [ssh-keygen.1] - document -y, update -X,-x [nchan.c] - fix close for non-open ssh1 channels [servconf.c servconf.h ssh.h sshd.8 sshd.c ] - s/DsaKey/HostDSAKey/, document option [sshconnect2.c] - respect number_of_password_prompts [channels.c channels.h servconf.c servconf.h session.c sshd.8] - GatewayPorts for sshd, ok deraadt@ [ssh-add.1 ssh-agent.1 ssh.1] - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2 [ssh.1] - more info on proto 2 [sshd.8] - sync AUTHOR w/ ssh.1 [key.c key.h sshconnect.c] - print key type when talking about host keys [packet.c] - clear padding in ssh2 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h] - replace broken uuencode w/ libc b64_ntop [auth2.c] - log failure before sending the reply [key.c radix.c uuencode.c] - remote trailing comments before calling __b64_pton [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1] [sshconnect2.c sshd.8] - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch]) 2000-05-07 06:03:14 +04:00			`is a program to hold private keys used for RSA authentication.`
- OpenBSD CVS update - [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty). 2000-03-26 07:04:51 +04:00			`The idea is that`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.Nm`
			`is started in the beginning of an X-session or a login session, and`
			`all other windows or programs are started as clients to the ssh-agent`
- OpenBSD CVS update - [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty). 2000-03-26 07:04:51 +04:00			`program.`
			`Through use of environment variables the agent can be located`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`and automatically used for RSA authentication when logging in to other`
			`machines using`
			`.Xr ssh 1 .`
			`.Pp`
			`The options are as follows:`
			`.Bl -tag -width Ds`
			`.It Fl c`
			`Generate C-shell commands on`
			`.Dv stdout .`
			`This is the default if`
			`.Ev SHELL`
			`looks like it's a csh style of shell.`
			`.It Fl s`
			`Generate Bourne shell commands on`
			`.Dv stdout .`
			`This is the default if`
			`.Ev SHELL`
			`does not look like it's a csh style of shell.`
			`.It Fl k`
			`Kill the current agent (given by the`
			`.Ev SSH_AGENT_PID`
			`environment variable).`
			`.El`
			`.Pp`
			`If a commandline is given, this is executed as a subprocess of the agent.`
			`When the command dies, so does the agent.`
			`.Pp`
- OpenBSD CVS update - [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty). 2000-03-26 07:04:51 +04:00			`The agent initially does not have any private keys.`
			`Keys are added using`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.Xr ssh-add 1 .`
- Merged OpenBSD updates to include paths. 2000-04-13 06:26:34 +04:00			`When executed without arguments,`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.Xr ssh-add 1`
- Merged OpenBSD updates to include paths. 2000-04-13 06:26:34 +04:00			`adds the`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.Pa $HOME/.ssh/identity`
- OpenBSD CVS update - [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty). 2000-03-26 07:04:51 +04:00			`file.`
- Merged OpenBSD updates to include paths. 2000-04-13 06:26:34 +04:00			`If the identity has a passphrase,`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.Xr ssh-add 1`
			`asks for the passphrase (using a small X11 application if running`
- OpenBSD CVS update - [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty). 2000-03-26 07:04:51 +04:00			`under X11, or from the terminal if running without X).`
			`It then sends the identity to the agent.`
			`Several identities can be stored in the`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`agent; the agent can automatically use any of these identities.`
			`.Ic ssh-add -l`
			`displays the identities currently held by the agent.`
			`.Pp`
			`The idea is that the agent is run in the user's local PC, laptop, or`
- OpenBSD CVS update - [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty). 2000-03-26 07:04:51 +04:00			`terminal.`
			`Authentication data need not be stored on any other`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`machine, and authentication passphrases never go over the network.`
			`However, the connection to the agent is forwarded over SSH`
			`remote logins, and the user can thus use the privileges given by the`
			`identities anywhere in the network in a secure way.`
			`.Pp`
- OpenBSD CVS update - [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty). 2000-03-26 07:04:51 +04:00			`There are two main ways to get an agent setup:`
			`Either you let the agent`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`start a new subcommand into which some environment variables are exported, or`
			`you let the agent print the needed shell commands (either`
			`.Xr sh 1`
			`or`
			`.Xr csh 1`
			`syntax can be generated) which can be evalled in the calling shell.`
			`Later`
			`.Xr ssh 1`
			`look at these variables and use them to establish a connection to the agent.`
			`.Pp`
			`A unix-domain socket is created`
			`.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,`
			`and the name of this socket is stored in the`
			`.Ev SSH_AUTH_SOCK`
			`environment`
- OpenBSD CVS update - [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty). 2000-03-26 07:04:51 +04:00			`variable.`
			`The socket is made accessible only to the current user.`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`This method is easily abused by root or another instance of the same`
			`user.`
			`.Pp`
			`The`
			`.Ev SSH_AGENT_PID`
			`environment variable holds the agent's PID.`
			`.Pp`
			`The agent exits automatically when the command given on the command`
			`line terminates.`
			`.Sh FILES`
			`.Bl -tag -width Ds`
			`.It Pa $HOME/.ssh/identity`
- OpenBSD CVS update - [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty). 2000-03-26 07:04:51 +04:00			`Contains the RSA authentication identity of the user.`
			`This file should not be readable by anyone but the user.`
			`It is possible to`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`specify a passphrase when generating the key; that passphrase will be`
- OpenBSD CVS update - [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty). 2000-03-26 07:04:51 +04:00			`used to encrypt the private part of this file.`
			`This file is not used by`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.Nm`
			`but is normally added to the agent using`
			`.Xr ssh-add 1`
			`at login time.`
			`.It Pa /tmp/ssh-XXXX/agent.<pid> ,`
			`Unix-domain sockets used to contain the connection to the`
- OpenBSD CVS update - [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty). 2000-03-26 07:04:51 +04:00			`authentication agent.`
			`These sockets should only be readable by the owner.`
			`The sockets should get automatically removed when the agent exits.`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.Sh AUTHOR`
			`Tatu Ylonen <ylo@cs.hut.fi>`
			`.Pp`
			`OpenSSH`
			`is a derivative of the original (free) ssh 1.2.12 release, but with bugs`
- OpenBSD CVS update - [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty). 2000-03-26 07:04:51 +04:00			`removed and newer features re-added.`
			`Rapidly after the 1.2.12 release,`
			`newer versions bore successively more restrictive licenses.`
			`This version of OpenSSH`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.Bl -bullet`
			`.It`
- Debian bug #55910 - remove references to ssl(8) manpages 2000-04-20 17:27:27 +04:00			`has all components of a restrictive nature (i.e., patents)`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`directly removed from the source code; any licensed or patented components`
			`are chosen from`
			`external libraries.`
			`.It`
			`has been updated to support ssh protocol 1.5.`
			`.It`
- Merged OpenBSD updates to include paths. 2000-04-13 06:26:34 +04:00			`contains added support for`
Re-imported OpenBSD manpages 1999-10-29 03:15:49 +04:00			`.Xr kerberos 8`
			`authentication and ticket passing.`
			`.It`
			`supports one-time password authentication with`
			`.Xr skey 1 .`
			`.El`
			`.Pp`
			`.Sh SEE ALSO`
			`.Xr ssh 1 ,`
			`.Xr ssh-add 1 ,`
			`.Xr ssh-keygen 1 ,`
			`.Xr sshd 8 ,`