rpms
/
openssh
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix warnings in ssh-add and sshd_config man pages

This commit is contained in:
Petr Lautrbach 2012-11-12 13:58:36 +01:00
parent 20d541d728
commit 251c8dbdae
2 changed files with 49 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
openssh-6.0p1-entropy.patch
View File

@ -113,13 +113,33 @@ diff -up openssh-6.0p1/ssh.1.entropy openssh-6.0p1/ssh.1
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.rhosts
diff -up openssh-6.0p1/ssh-add.1.entropy openssh-6.0p1/ssh-add.1
--- openssh-6.0p1/ssh-add.1.entropy 2011-10-18 07:06:33.000000000 +0200
+++ openssh-6.0p1/ssh-add.1 2012-08-06 20:51:59.172033253 +0200
@@ -161,6 +161,20 @@ Identifies the path of a
diff -up openssh-6.1p1/ssh-add.0.entropy openssh-6.1p1/ssh-add.0
--- openssh-6.1p1/ssh-add.0.entropy 2012-11-12 13:11:42.717393364 +0100
+++ openssh-6.1p1/ssh-add.0 2012-11-12 13:12:46.288108790 +0100
@@ -81,6 +81,16 @@ ENVIRONMENT
Identifies the path of a UNIX-domain socket used to communicate
with the agent.
+ SSH_USE_STRONG_RNG
+ The reseeding of the OpenSSL random generator is usually done
+ from /dev/urandom. If the SSH_USE_STRONG_RNG environment vari-
+ able is set to value other than 0 the OpenSSL random generator is
+ reseeded from /dev/random. The number of bytes read is defined
+ by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes. This set-
+ ting is not recommended on the computers without the hardware
+ random generator because insufficient entropy causes the connec-
+ tion to be blocked until enough entropy is available.
+
FILES
~/.ssh/identity
Contains the protocol version 1 RSA authentication identity of
diff -up openssh-6.1p1/ssh-add.1.entropy openssh-6.1p1/ssh-add.1
--- openssh-6.1p1/ssh-add.1.entropy 2011-10-18 07:06:33.000000000 +0200
+++ openssh-6.1p1/ssh-add.1 2012-11-12 13:11:24.711476108 +0100
@@ -160,6 +160,20 @@ to make this work.)
Identifies the path of a
.Ux Ns -domain
socket used to communicate with the agent.
.El
+.It Ev SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
@ -134,6 +154,7 @@ diff -up openssh-6.0p1/ssh-add.1.entropy openssh-6.0p1/ssh-add.1
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
.El
.Sh FILES
.Bl -tag -width Ds
.It Pa ~/.ssh/identity

35
openssh-6.1p1-required-authentications.patch
View File

@ -825,25 +825,36 @@ diff -up openssh-6.1p1/sshd_config.5.required-authentication openssh-6.1p1/sshd_
.Cm PubkeyAuthentication ,
.Cm RhostsRSAAuthentication ,
.Cm RSAAuthentication ,
@@ -931,6 +933,21 @@ Specifies a list of revoked public keys.
@@ -931,6 +933,32 @@ Specifies a list of revoked public keys.
Keys listed in this file will be refused for public key authentication.
Note that if this file is not readable, then public key authentication will
be refused for all users.
+.It Cm RequiredAuthentications[12]
+ Specifies required methods of authentications that has to succeed before authorizing the connection.
+ (RequiredAuthentication1 for Protocol version 1, and RequiredAuthentication2 for v2)
+
+ RequiredAuthentications1 method[,method...]
+ RequiredAuthentications2 method[,method...]
+
+Specifies required methods of authentications that has to succeed before
+authorizing the connection. (RequiredAuthentication1 for Protocol version 1,
+and RequiredAuthentication2 for v2)
+.Pp
+.Bl -item -offset indent -compact
+.It
+RequiredAuthentications1 method[,method...]
+.It
+RequiredAuthentications2 method[,method...]
+.El
+.Pp
+Example 1:
+
+ RequiredAuthentications2 password,hostbased
+
+.Bl -item -offset indent -compact
+RequiredAuthentications2 password,hostbased
+.El
+Example 2:
+ RequiredAuthentications2 publickey,password
+
+.Bl -item -offset indent -compact
+RequiredAuthentications2 publickey,password
+.El
+.Pp
+Available methods:
+.Bl -item -offset indent -compact
+.It
+password, keyboard-interactive, publickey, hostbased, gssapi-keyex, gssapi-with-mic
+.El
.It Cm RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed.