diff -ru openssh-3.6p1/ChangeLog openssh-3.6.1p1/ChangeLog --- openssh-3.6p1/ChangeLog 2003-03-26 16:03:05.000000000 +1100 +++ openssh-3.6.1p1/ChangeLog 2003-04-01 21:47:16.000000000 +1000 @@ -1,20 +1,58 @@ +20030401 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2003/03/28 10:11:43 + [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5] + [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] + - killed whitespace + - new sentence new line + - .Bk for arguments + ok markus@ + - markus@cvs.openbsd.org 2003/04/01 10:10:23 + [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] + [readconf.h serverloop.c sshconnect2.c] + rekeying bugfixes and automatic rekeying: + * both client and server rekey _automatically_ + (a) after 2^31 packets, because after 2^32 packets + the sequence number for packets wraps + (b) after 2^(blocksize_in_bits/4) blocks + (see: draft-ietf-secsh-newmodes-00.txt) + (a) and (b) are _enabled_ by default, and only disabled for known + openssh versions, that don't support rekeying properly. + * client option 'RekeyLimit' + * do not reply to requests during rekeying + - markus@cvs.openbsd.org 2003/04/01 10:22:21 + [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] + [readconf.h serverloop.c sshconnect2.c] + backout rekeying changes (for 3.6.1) + - markus@cvs.openbsd.org 2003/04/01 10:31:26 + [compat.c compat.h kex.c] + bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@; + tested by ho@ and myself + - markus@cvs.openbsd.org 2003/04/01 10:56:46 + [version.h] + 3.6.1 + - (djm) Crank spec file versions + - (djm) Release 3.6.1p1 + 20030326 - (djm) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2003/03/26 04:02:51 [sftp-server.c] one last fix to the tree: race fix broke stuff; pr 3169; srp@srparish.net, help from djm + +20030325 - (djm) Fix getpeerid support for 64 bit BE systems. From Arnd Bergmann - - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. - Report from murple@murple.net, diagnosis from dtucker@zip.com.au - - Release 3.6p1 20030324 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/03/23 19:02:00 [monitor.c] unbreak rekeying for privsep; ok millert@ + - Release 3.6p1 + - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. + Report from murple@murple.net, diagnosis from dtucker@zip.com.au 20030320 - (djm) OpenBSD CVS Sync @@ -29,10 +67,9 @@ - (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved guessing rules) - (bal) Disable Privsep for Tru64 after pre-authentication due to issues - with SIA. Also, clean up of tru64 support patch by Chris Adams + with SIA. Also, clean up of tru64 support patch by Chris Adams - (tim) [contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files - section. 20030318 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] @@ -1258,4 +1295,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2633.2.9 2003/03/26 05:03:05 djm Exp $ +$Id: ChangeLog,v 1.2648 2003/04/01 11:47:16 djm Exp $ diff -ru openssh-3.6p1/Makefile.in openssh-3.6.1p1/Makefile.in --- openssh-3.6p1/Makefile.in 2003-03-21 11:51:35.000000000 +1100 +++ openssh-3.6.1p1/Makefile.in 2003-03-21 11:34:34.000000000 +1100 @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.227.2.1 2003/03/21 00:51:35 mouring Exp $ +# $Id: Makefile.in,v 1.228 2003/03/21 00:34:34 mouring Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ diff -ru openssh-3.6p1/README.privsep openssh-3.6.1p1/README.privsep --- openssh-3.6p1/README.privsep 2003-03-21 12:15:18.000000000 +1100 +++ openssh-3.6.1p1/README.privsep 2003-03-21 12:18:09.000000000 +1100 @@ -62,4 +62,4 @@ process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. -$Id: README.privsep,v 1.10.6.1 2003/03/21 01:15:18 mouring Exp $ +$Id: README.privsep,v 1.11 2003/03/21 01:18:09 mouring Exp $ diff -ru openssh-3.6p1/clientloop.c openssh-3.6.1p1/clientloop.c --- openssh-3.6p1/clientloop.c 2002-12-23 13:01:55.000000000 +1100 +++ openssh-3.6.1p1/clientloop.c 2003-04-01 21:43:39.000000000 +1000 @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.105 2002/11/18 16:43:44 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.107 2003/04/01 10:22:21 markus Exp $"); #include "ssh.h" #include "ssh1.h" diff -ru openssh-3.6p1/compat.c openssh-3.6.1p1/compat.c --- openssh-3.6p1/compat.c 2002-09-30 11:59:22.000000000 +1000 +++ openssh-3.6.1p1/compat.c 2003-04-01 21:44:37.000000000 +1000 @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $"); +RCSID("$OpenBSD: compat.c,v 1.66 2003/04/01 10:31:26 markus Exp $"); #include "buffer.h" #include "packet.h" @@ -85,10 +85,12 @@ { "*MindTerm*", 0 }, { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, + SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| + SSH_BUG_FIRSTKEX }, { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, + SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| + SSH_BUG_FIRSTKEX }, { "2.0.13*," "2.0.14*," "2.0.15*," @@ -100,26 +102,28 @@ SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| - SSH_BUG_DUMMYCHAN }, + SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, { "2.0.11*," "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| SSH_BUG_PKAUTH|SSH_BUG_PKOK| SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| - SSH_BUG_DUMMYCHAN }, + SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| SSH_BUG_PKAUTH|SSH_BUG_PKOK| SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| - SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN }, + SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN| + SSH_BUG_FIRSTKEX }, { "2.2.0*," "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG| - SSH_BUG_RSASIGMD5 }, - { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 }, + SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX }, + { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5| + SSH_BUG_FIRSTKEX }, { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ - { "2.*", SSH_BUG_DEBUG }, + { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX }, { "3.0.*", SSH_BUG_DEBUG }, { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, { "1.7 SecureFX*", SSH_OLD_SESSIONID }, diff -ru openssh-3.6p1/compat.h openssh-3.6.1p1/compat.h --- openssh-3.6p1/compat.h 2002-09-30 11:59:23.000000000 +1000 +++ openssh-3.6.1p1/compat.h 2003-04-01 21:44:37.000000000 +1000 @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $ */ +/* $OpenBSD: compat.h,v 1.34 2003/04/01 10:31:26 markus Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -55,6 +55,7 @@ #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_K5USER 0x00400000 #define SSH_BUG_PROBE 0x00800000 +#define SSH_BUG_FIRSTKEX 0x01000000 void enable_compat13(void); void enable_compat20(void); diff -ru openssh-3.6p1/configure.ac openssh-3.6.1p1/configure.ac --- openssh-3.6p1/configure.ac 2003-03-21 12:15:18.000000000 +1100 +++ openssh-3.6.1p1/configure.ac 2003-03-21 12:18:09.000000000 +1100 @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.111.2.2 2003/03/21 01:15:18 mouring Exp $ +# $Id: configure.ac,v 1.113 2003/03/21 01:18:09 mouring Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) diff -ru openssh-3.6p1/contrib/caldera/openssh.spec openssh-3.6.1p1/contrib/caldera/openssh.spec --- openssh-3.6p1/contrib/caldera/openssh.spec 2003-03-21 15:52:56.000000000 +1100 +++ openssh-3.6.1p1/contrib/caldera/openssh.spec 2003-04-01 21:46:53.000000000 +1000 @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 3.6p1 + %define version 3.6.1p1 %define cvs %{nil} %define release 2 %else @@ -364,4 +364,4 @@ * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.39.2.2 2003/03/21 04:52:56 tim Exp $ +$Id: openssh.spec,v 1.42 2003/04/01 11:46:53 djm Exp $ diff -ru openssh-3.6p1/contrib/redhat/openssh.spec openssh-3.6.1p1/contrib/redhat/openssh.spec --- openssh-3.6p1/contrib/redhat/openssh.spec 2003-03-20 11:05:11.000000000 +1100 +++ openssh-3.6.1p1/contrib/redhat/openssh.spec 2003-04-01 21:46:53.000000000 +1000 @@ -1,4 +1,4 @@ -%define ver 3.6p1 +%define ver 3.6.1p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff -ru openssh-3.6p1/contrib/suse/openssh.spec openssh-3.6.1p1/contrib/suse/openssh.spec --- openssh-3.6p1/contrib/suse/openssh.spec 2003-03-20 10:52:34.000000000 +1100 +++ openssh-3.6.1p1/contrib/suse/openssh.spec 2003-04-01 21:46:53.000000000 +1000 @@ -1,6 +1,6 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 3.6p1 +Version: 3.6.1p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff -ru openssh-3.6p1/kex.c openssh-3.6.1p1/kex.c --- openssh-3.6p1/kex.c 2003-02-24 12:03:03.000000000 +1100 +++ openssh-3.6.1p1/kex.c 2003-04-01 21:44:37.000000000 +1000 @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.54 2003/02/16 17:09:57 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $"); #include @@ -392,7 +392,8 @@ kex->we_need = need; /* ignore the next message if the proposals do not match */ - if (first_kex_follows && !proposals_match(my, peer)) { + if (first_kex_follows && !proposals_match(my, peer) && + !(datafellows & SSH_BUG_FIRSTKEX)) { type = packet_read(); debug2("skipping next packet (type %u)", type); } diff -ru openssh-3.6p1/monitor.c openssh-3.6.1p1/monitor.c --- openssh-3.6p1/monitor.c 2003-03-24 09:12:50.000000000 +1100 +++ openssh-3.6.1p1/monitor.c 2003-04-01 21:43:39.000000000 +1000 @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.34 2003/03/23 19:02:00 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.36 2003/04/01 10:22:21 markus Exp $"); #include diff -ru openssh-3.6p1/monitor_wrap.c openssh-3.6.1p1/monitor_wrap.c --- openssh-3.6p1/monitor_wrap.c 2003-02-24 12:03:39.000000000 +1100 +++ openssh-3.6.1p1/monitor_wrap.c 2003-04-01 21:43:39.000000000 +1000 @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.22 2003/02/16 17:30:33 markus Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $"); #include #include diff -ru openssh-3.6p1/openbsd-compat/bsd-cray.h openssh-3.6.1p1/openbsd-compat/bsd-cray.h --- openssh-3.6p1/openbsd-compat/bsd-cray.h 2003-03-21 12:07:45.000000000 +1100 +++ openssh-3.6.1p1/openbsd-compat/bsd-cray.h 2003-03-21 12:05:38.000000000 +1100 @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.h,v 1.6.2.1 2003/03/21 01:07:45 mouring Exp $ + * $Id: bsd-cray.h,v 1.7 2003/03/21 01:05:38 mouring Exp $ * * bsd-cray.h * diff -ru openssh-3.6p1/openbsd-compat/bsd-getpeereid.c openssh-3.6.1p1/openbsd-compat/bsd-getpeereid.c --- openssh-3.6p1/openbsd-compat/bsd-getpeereid.c 2003-03-26 16:02:47.000000000 +1100 +++ openssh-3.6.1p1/openbsd-compat/bsd-getpeereid.c 2003-03-25 09:07:52.000000000 +1100 @@ -24,7 +24,7 @@ #include "includes.h" -RCSID("$Id: bsd-getpeereid.c,v 1.1.4.1 2003/03/26 05:02:47 djm Exp $"); +RCSID("$Id: bsd-getpeereid.c,v 1.2 2003/03/24 22:07:52 djm Exp $"); #if !defined(HAVE_GETPEEREID) diff -ru openssh-3.6p1/openbsd-compat/bsd-snprintf.c openssh-3.6.1p1/openbsd-compat/bsd-snprintf.c --- openssh-3.6p1/openbsd-compat/bsd-snprintf.c 2001-02-26 10:20:41.000000000 +1100 +++ openssh-3.6.1p1/openbsd-compat/bsd-snprintf.c 2003-04-01 21:31:56.000000000 +1000 @@ -1,3 +1,10 @@ +/* + * Copyright Patrick Powell 1995 + * This code is based on code written by Patrick Powell (papowell@astart.com) + * It may be used for any purpose as long as this notice remains intact + * on all source code distributions + */ + /************************************************************** * Original: * Patrick Powell Tue Apr 11 09:48:21 PDT 1995 @@ -51,7 +58,7 @@ #include "includes.h" -RCSID("$Id: bsd-snprintf.c,v 1.5 2001/02/25 23:20:41 mouring Exp $"); +RCSID("$Id: bsd-snprintf.c,v 1.6 2003/04/01 11:31:56 djm Exp $"); #if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ # undef HAVE_SNPRINTF diff -ru openssh-3.6p1/openbsd-compat/fake-getaddrinfo.c openssh-3.6.1p1/openbsd-compat/fake-getaddrinfo.c --- openssh-3.6p1/openbsd-compat/fake-getaddrinfo.c 2003-03-26 16:03:06.000000000 +1100 +++ openssh-3.6.1p1/openbsd-compat/fake-getaddrinfo.c 2003-03-24 13:35:59.000000000 +1100 @@ -12,7 +12,7 @@ #include "includes.h" #include "ssh.h" -RCSID("$Id: fake-getaddrinfo.c,v 1.4.2.1 2003/03/26 05:03:06 djm Exp $"); +RCSID("$Id: fake-getaddrinfo.c,v 1.5 2003/03/24 02:35:59 djm Exp $"); #ifndef HAVE_GAI_STRERROR char *gai_strerror(int ecode) diff -ru openssh-3.6p1/packet.c openssh-3.6.1p1/packet.c --- openssh-3.6p1/packet.c 2002-12-23 13:42:53.000000000 +1100 +++ openssh-3.6.1p1/packet.c 2003-04-01 21:43:39.000000000 +1000 @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.102 2002/12/10 19:47:14 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.104 2003/04/01 10:22:21 markus Exp $"); #include "xmalloc.h" #include "buffer.h" diff -ru openssh-3.6p1/packet.h openssh-3.6.1p1/packet.h --- openssh-3.6p1/packet.h 2002-06-21 10:43:43.000000000 +1000 +++ openssh-3.6.1p1/packet.h 2003-04-01 21:43:39.000000000 +1000 @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.35 2002/06/19 18:01:00 markus Exp $ */ +/* $OpenBSD: packet.h,v 1.37 2003/04/01 10:22:21 markus Exp $ */ /* * Author: Tatu Ylonen diff -ru openssh-3.6p1/readconf.c openssh-3.6.1p1/readconf.c --- openssh-3.6p1/readconf.c 2003-02-24 11:56:27.000000000 +1100 +++ openssh-3.6.1p1/readconf.c 2003-04-01 21:43:39.000000000 +1000 @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.102 2003/02/05 09:02:28 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $"); #include "ssh.h" #include "xmalloc.h" diff -ru openssh-3.6p1/readconf.h openssh-3.6.1p1/readconf.h --- openssh-3.6p1/readconf.h 2002-11-10 02:52:33.000000000 +1100 +++ openssh-3.6.1p1/readconf.h 2003-04-01 21:43:40.000000000 +1000 @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.44 2002/11/07 22:08:07 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.46 2003/04/01 10:22:21 markus Exp $ */ /* * Author: Tatu Ylonen diff -ru openssh-3.6p1/scp.1 openssh-3.6.1p1/scp.1 --- openssh-3.6p1/scp.1 2003-02-24 11:51:33.000000000 +1100 +++ openssh-3.6.1p1/scp.1 2003-04-01 21:42:14.000000000 +1000 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.26 2003/01/28 17:24:51 stevesk Exp $ +.\" $OpenBSD: scp.1,v 1.27 2003/03/28 10:11:43 jmc Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -19,6 +19,7 @@ .Nd secure copy (remote file copy program) .Sh SYNOPSIS .Nm scp +.Bk -words .Op Fl pqrvBC1246 .Op Fl F Ar ssh_config .Op Fl S Ar program @@ -40,6 +41,7 @@ .Ar host2 No : .Oc Ar file2 .Sm on +.Ek .Sh DESCRIPTION .Nm copies files between hosts on a network. diff -ru openssh-3.6p1/serverloop.c openssh-3.6.1p1/serverloop.c --- openssh-3.6p1/serverloop.c 2002-09-26 10:38:49.000000000 +1000 +++ openssh-3.6.1p1/serverloop.c 2003-04-01 21:43:40.000000000 +1000 @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.104 2002/09/19 16:03:15 stevesk Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.106 2003/04/01 10:22:21 markus Exp $"); #include "xmalloc.h" #include "packet.h" diff -ru openssh-3.6p1/sftp.0 openssh-3.6.1p1/sftp.0 --- openssh-3.6p1/sftp.0 2003-03-26 16:12:38.000000000 +1100 +++ openssh-3.6.1p1/sftp.0 2003-04-01 21:57:31.000000000 +1000 @@ -39,19 +39,19 @@ ^[[1mM-bMM-^Ro ^[[4m^[[22mssh_option^[[0m Can be used to pass options to ^[[1mssh ^[[22min the format used in ssh_config(5). This is useful for specifying options for which - there is no separate ^[[1msftp ^[[22mcommandM-bM-^@M-^Pline flag. For example, to + there is no separate ^[[1msftp ^[[22mcommandM-bM-^@M-^Pline flag. For example, to specify an alternate port use: ^[[1msftp M-bM-^@M-^PoPort=24^[[22m. ^[[1mM-bMM-^Rs ^[[4m^[[22msubsystem^[[24m | ^[[4msftp_server^[[0m Specifies the SSH2 subsystem or the path for an sftp server on - the remote host. A path is useful for using sftp over protocol + the remote host. A path is useful for using sftp over protocol version 1, or when the remote ^[[1msshd ^[[22mdoes not have an sftp subsysM-bM-^@M-^P tem configured. ^[[1mM-bMM-^Rv ^[[22mRaise logging level. This option is also passed to ssh. ^[[1mM-bMM-^RB ^[[4m^[[22mbuffer_size^[[0m - Specify the size of the buffer that ^[[1msftp ^[[22muses when transferring + Specify the size of the buffer that ^[[1msftp ^[[22muses when transferring files. Larger buffers require fewer round trips at the cost of higher memory consumption. The default is 32768 bytes. diff -ru openssh-3.6p1/sftp.1 openssh-3.6.1p1/sftp.1 --- openssh-3.6p1/sftp.1 2003-01-10 21:43:25.000000000 +1100 +++ openssh-3.6.1p1/sftp.1 2003-04-01 21:42:14.000000000 +1000 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.40 2003/01/10 08:19:07 fgsch Exp $ +.\" $OpenBSD: sftp.1,v 1.41 2003/03/28 10:11:43 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -30,6 +30,7 @@ .Nd Secure file transfer program .Sh SYNOPSIS .Nm sftp +.Bk -words .Op Fl vC1 .Op Fl b Ar batchfile .Op Fl o Ar ssh_option @@ -40,10 +41,15 @@ .Op Fl R Ar num_requests .Op Fl S Ar program .Ar host +.Ek .Nm sftp -.Op [\fIuser\fR@]\fIhost\fR[:\fIfile\fR [\fIfile\fR]] +.Oo Oo Ar user Ns No @ Oc Ns +.Ar host Ns Oo : Ns Ar file Oo +.Ar file Oc Oc Oc .Nm sftp -.Op [\fIuser\fR@]\fIhost\fR[:\fIdir\fR[\fI/\fR]] +.Oo Oo Ar user Ns No @ Oc Ns +.Ar host Ns Oo : Ns Ar dir Ns +.Oo Ar / Oc Oc Oc .Sh DESCRIPTION .Nm is an interactive file transfer program, similar to @@ -77,13 +83,13 @@ will abort if any of the following commands fail: .Ic get , put , rename , ln , -.Ic rm , mkdir , chdir , ls , +.Ic rm , mkdir , chdir , ls , .Ic lchdir , chmod , chown , chgrp , lpwd and .Ic lmkdir . -Termination on error can be suppressed on a command by command basis by -prefixing the command with a -.Ic '-' +Termination on error can be suppressed on a command by command basis by +prefixing the command with a +.Ic '-' character (For example, .Ic -rm /tmp/blah* ). @@ -95,19 +101,19 @@ This is useful for specifying options for which there is no separate .Nm sftp -command-line flag. For example, to specify an alternate +command-line flag. For example, to specify an alternate port use: .Ic sftp -oPort=24 . .It Fl s Ar subsystem | sftp_server Specifies the SSH2 subsystem or the path for an sftp server -on the remote host. A path is useful for using sftp over +on the remote host. A path is useful for using sftp over protocol version 1, or when the remote .Nm sshd does not have an sftp subsystem configured. .It Fl v Raise logging level. This option is also passed to ssh. .It Fl B Ar buffer_size -Specify the size of the buffer that +Specify the size of the buffer that .Nm uses when transferring files. Larger buffers require fewer round trips at the cost of higher memory consumption. The default is 32768 bytes. diff -ru openssh-3.6p1/ssh-add.0 openssh-3.6.1p1/ssh-add.0 --- openssh-3.6p1/ssh-add.0 2003-03-26 16:12:37.000000000 +1100 +++ openssh-3.6.1p1/ssh-add.0 2003-04-01 21:57:30.000000000 +1000 @@ -43,8 +43,8 @@ fied in sshd_config(5). ^[[1mM-bMM-^Rc ^[[22mIndicates that added identities should be subject to confirmation - before being used for authentication. Confirmation is performed - by the SSH_ASKPASS program mentioned below. Successful confirmaM-bM-^@M-^P + before being used for authentication. Confirmation is performed + by the SSH_ASKPASS program mentioned below. Successful confirmaM-bM-^@M-^P tion is signaled by a zero exit status from the SSH_ASKPASS proM-bM-^@M-^P gram, rather than text entered into the requester. diff -ru openssh-3.6p1/ssh-add.1 openssh-3.6.1p1/ssh-add.1 --- openssh-3.6p1/ssh-add.1 2003-02-24 12:00:17.000000000 +1100 +++ openssh-3.6.1p1/ssh-add.1 2003-04-01 21:42:14.000000000 +1000 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.37 2003/02/10 11:51:47 markus Exp $ +.\" $OpenBSD: ssh-add.1,v 1.38 2003/03/28 10:11:43 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -95,10 +95,11 @@ .Xr sshd_config 5 . .It Fl c Indicates that added identities should be subject to confirmation before -being used for authentication. Confirmation is performed by the +being used for authentication. +Confirmation is performed by the .Ev SSH_ASKPASS -program mentioned below. Successful confirmation is signaled by a zero -exit status from the +program mentioned below. +Successful confirmation is signaled by a zero exit status from the .Ev SSH_ASKPASS program, rather than text entered into the requester. .It Fl s Ar reader diff -ru openssh-3.6p1/ssh-agent.1 openssh-3.6.1p1/ssh-agent.1 --- openssh-3.6p1/ssh-agent.1 2003-01-22 11:47:19.000000000 +1100 +++ openssh-3.6.1p1/ssh-agent.1 2003-04-01 21:42:14.000000000 +1000 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.36 2003/01/21 18:14:36 marc Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.37 2003/03/28 10:11:43 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -88,7 +88,7 @@ .Ev SSH_AGENT_PID environment variable). .It Fl t Ar life -Set a default value for the maximum lifetime of identities added to the agent. +Set a default value for the maximum lifetime of identities added to the agent. The lifetime may be specified in seconds or in a time format specified in .Xr sshd 8 . A lifetime specified for an identity with @@ -96,7 +96,8 @@ overrides this value. Without this option the default maximum lifetime is forever. .It Fl d -Debug mode. When this option is specified +Debug mode. +When this option is specified .Nm will not fork. .El diff -ru openssh-3.6p1/ssh-keygen.1 openssh-3.6.1p1/ssh-keygen.1 --- openssh-3.6p1/ssh-keygen.1 2002-12-23 13:11:55.000000000 +1100 +++ openssh-3.6.1p1/ssh-keygen.1 2003-04-01 21:42:14.000000000 +1000 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.55 2002/11/26 02:35:30 stevesk Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.56 2003/03/28 10:11:43 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -45,12 +45,14 @@ .Nd authentication key generation, management and conversion .Sh SYNOPSIS .Nm ssh-keygen +.Bk -words .Op Fl q .Op Fl b Ar bits .Fl t Ar type .Op Fl N Ar new_passphrase .Op Fl C Ar comment .Op Fl f Ar output_keyfile +.Ek .Nm ssh-keygen .Fl p .Op Fl P Ar old_passphrase diff -ru openssh-3.6p1/ssh-keyscan.1 openssh-3.6.1p1/ssh-keyscan.1 --- openssh-3.6p1/ssh-keyscan.1 2002-02-19 15:19:43.000000000 +1100 +++ openssh-3.6.1p1/ssh-keyscan.1 2003-04-01 21:42:14.000000000 +1000 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.14 2002/02/13 08:33:47 mpech Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.15 2003/03/28 10:11:43 jmc Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -14,6 +14,7 @@ .Nd gather ssh public keys .Sh SYNOPSIS .Nm ssh-keyscan +.Bk -words .Op Fl v46 .Op Fl p Ar port .Op Fl T Ar timeout @@ -21,10 +22,12 @@ .Op Fl f Ar file .Op Ar host | addrlist namelist .Op Ar ... +.Ek .Sh DESCRIPTION .Nm is a utility for gathering the public ssh host keys of a number of -hosts. It was designed to aid in building and verifying +hosts. +It was designed to aid in building and verifying .Pa ssh_known_hosts files. .Nm @@ -33,9 +36,11 @@ .Pp .Nm uses non-blocking socket I/O to contact as many hosts as possible in -parallel, so it is very efficient. The keys from a domain of 1,000 +parallel, so it is very efficient. +The keys from a domain of 1,000 hosts can be collected in tens of seconds, even when some of those -hosts are down or do not run ssh. For scanning, one does not need +hosts are down or do not run ssh. +For scanning, one does not need login access to the machines that are being scanned, nor does the scanning process involve any encryption. .Pp @@ -44,12 +49,13 @@ .It Fl p Ar port Port to connect to on the remote host. .It Fl T Ar timeout -Set the timeout for connection attempts. If +Set the timeout for connection attempts. +If .Pa timeout seconds have elapsed since a connection was initiated to a host or since the last time anything was read from that host, then the connection is -closed and the host in question considered unavailable. Default is 5 -seconds. +closed and the host in question considered unavailable. +Default is 5 seconds. .It Fl t Ar type Specifies the type of the key to fetch from the scanned hosts. The possible values are diff -ru openssh-3.6p1/ssh-keysign.8 openssh-3.6.1p1/ssh-keysign.8 --- openssh-3.6p1/ssh-keysign.8 2002-12-23 13:10:00.000000000 +1100 +++ openssh-3.6.1p1/ssh-keysign.8 2003-04-01 21:42:14.000000000 +1000 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.5 2002/11/24 21:46:24 stevesk Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.6 2003/03/28 10:11:43 jmc Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -62,8 +62,8 @@ is enabled. .It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys used to -generate the digital signature. They -should be owned by root, readable only by root, and not +generate the digital signature. +They should be owned by root, readable only by root, and not accessible to others. Since they are readable only by root, .Nm diff -ru openssh-3.6p1/ssh.0 openssh-3.6.1p1/ssh.0 --- openssh-3.6p1/ssh.0 2003-03-26 16:12:38.000000000 +1100 +++ openssh-3.6.1p1/ssh.0 2003-04-01 21:57:31.000000000 +1000 @@ -8,8 +8,8 @@ ^[[1mssh ^[[22m[^[[1mM-bMM-^RafgknqstvxACNTX1246^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbind_address^[[24m] [^[[1mM-bMM-^Rc ^[[4m^[[22mcipher_spec^[[24m] [^[[1mM-bMM-^Re ^[[4m^[[22mescape_char^[[24m] [^[[1mM-bMM-^Ri ^[[4m^[[22midentity_file^[[24m] [^[[1mM-bMM-^Rl ^[[4m^[[22mlogin_name^[[24m] [^[[1mM-bMM-^Rm ^[[4m^[[22mmac_spec^[[24m] - [^[[1mM-bMM-^Ro ^[[4m^[[22moption^[[24m] [^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[24m] [^[[1mM-bMM-^RF ^[[4m^[[22mconfigfile^[[24m] [^[[1mM-bMM-^RL ^[[4m^[[22mport^[[24m:^[[4mhost^[[24m:^[[4mhostport^[[24m] [^[[1mM-bMM-^RR^[[0m - ^[[4mport^[[24m:^[[4mhost^[[24m:^[[4mhostport^[[24m] [^[[1mM-bMM-^RD ^[[4m^[[22mport^[[24m] ^[[4mhostname^[[24m | ^[[4muser@hostname^[[24m [^[[4mcommand^[[24m] + [^[[1mM-bMM-^Ro ^[[4m^[[22moption^[[24m] [^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[24m] [^[[1mM-bMM-^RF ^[[4m^[[22mconfigfile^[[24m] [^[[1mM-bMM-^RL ^[[4m^[[22mport^[[24m:^[[4mhost^[[24m:^[[4mhostport^[[24m] + [^[[1mM-bMM-^RR ^[[4m^[[22mport^[[24m:^[[4mhost^[[24m:^[[4mhostport^[[24m] [^[[1mM-bMM-^RD ^[[4m^[[22mport^[[24m] ^[[4mhostname^[[24m | ^[[4muser@hostname^[[24m [^[[4mcommand^[[24m] ^[[1mDESCRIPTION^[[0m ^[[1mssh ^[[22m(SSH client) is a program for logging into a remote machine and for diff -ru openssh-3.6p1/ssh.1 openssh-3.6.1p1/ssh.1 --- openssh-3.6p1/ssh.1 2002-09-30 12:00:56.000000000 +1000 +++ openssh-3.6.1p1/ssh.1 2003-04-01 21:42:14.000000000 +1000 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.167 2002/09/27 15:46:21 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.168 2003/03/28 10:11:43 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -48,6 +48,7 @@ .Op Ar command .Pp .Nm ssh +.Bk -words .Op Fl afgknqstvxACNTX1246 .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec @@ -66,6 +67,8 @@ .Sm on .Xc .Oc +.Ek +.Bk -words .Oo Fl R Xo .Sm off .Ar port : @@ -77,6 +80,7 @@ .Op Fl D Ar port .Ar hostname | user@hostname .Op Ar command +.Ek .Sh DESCRIPTION .Nm (SSH client) is a program for logging into a remote machine and for @@ -361,7 +365,7 @@ .Fl A and .Fl a -options described later) and +options described later) and the user is using an authentication agent, the connection to the agent is automatically forwarded to the remote side. .Pp @@ -403,10 +407,11 @@ Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file. .Pp -Agent forwarding should be enabled with caution. Users with the -ability to bypass file permissions on the remote host (for the agent's -Unix-domain socket) can access the local agent through the forwarded -connection. An attacker cannot obtain key material from the agent, +Agent forwarding should be enabled with caution. +Users with the ability to bypass file permissions on the remote host +(for the agent's Unix-domain socket) +can access the local agent through the forwarded connection. +An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. .It Fl b Ar bind_address @@ -428,8 +433,8 @@ client for interoperability with legacy protocol 1 implementations that do not support the .Ar 3des -cipher. Its use is strongly discouraged due to cryptographic -weaknesses. +cipher. +Its use is strongly discouraged due to cryptographic weaknesses. .It Fl c Ar cipher_spec Additionally, for protocol version 2 a comma-separated list of ciphers can be specified in order of preference. @@ -566,11 +571,11 @@ Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. .Pp -X11 forwarding should be enabled with caution. Users with the ability -to bypass file permissions on the remote host (for the user's X -authorization database) can access the local X11 display through the -forwarded connection. An attacker may then be able to perform -activities such as keystroke monitoring. +X11 forwarding should be enabled with caution. +Users with the ability to bypass file permissions on the remote host +(for the user's X authorization database) +can access the local X11 display through the forwarded connection. +An attacker may then be able to perform activities such as keystroke monitoring. .It Fl C Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP/IP connections). @@ -637,7 +642,8 @@ on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the -remote machine. Currently the SOCKS4 protocol is supported, and +remote machine. +Currently the SOCKS4 protocol is supported, and .Nm will act as a SOCKS4 server. Only root can forward privileged ports. diff -ru openssh-3.6p1/ssh_config.5 openssh-3.6.1p1/ssh_config.5 --- openssh-3.6p1/ssh_config.5 2003-02-24 11:57:33.000000000 +1100 +++ openssh-3.6.1p1/ssh_config.5 2003-04-01 21:42:14.000000000 +1000 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.6 2003/02/06 09:27:29 markus Exp $ +.\" $OpenBSD: ssh_config.5,v 1.7 2003/03/28 10:11:43 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -176,8 +176,8 @@ client for interoperability with legacy protocol 1 implementations that do not support the .Ar 3des -cipher. Its use is strongly discouraged due to cryptographic -weaknesses. +cipher. +Its use is strongly discouraged due to cryptographic weaknesses. The default is .Dq 3des . .It Cm Ciphers @@ -193,7 +193,8 @@ .It Cm ClearAllForwardings Specifies that all local, remote and dynamic port forwardings specified in the configuration files or on the command line be -cleared. This option is primarily useful when used from the +cleared. +This option is primarily useful when used from the .Nm ssh command line to clear port forwardings set in configuration files, and is automatically set by @@ -230,13 +231,14 @@ Specifies that a TCP/IP port on the local machine be forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the -remote machine. The argument must be a port number. +remote machine. +The argument must be a port number. Currently the SOCKS4 protocol is supported, and .Nm ssh will act as a SOCKS4 server. Multiple forwardings may be specified, and -additional forwardings can be given on the command line. Only -the superuser can forward privileged ports. +additional forwardings can be given on the command line. +Only the superuser can forward privileged ports. .It Cm EscapeChar Sets the escape character (default: .Ql ~ ) . @@ -259,10 +261,11 @@ The default is .Dq no . .Pp -Agent forwarding should be enabled with caution. Users with the -ability to bypass file permissions on the remote host (for the agent's -Unix-domain socket) can access the local agent through the forwarded -connection. An attacker cannot obtain key material from the agent, +Agent forwarding should be enabled with caution. +Users with the ability to bypass file permissions on the remote host +(for the agent's Unix-domain socket) +can access the local agent through the forwarded connection. +An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. .It Cm ForwardX11 @@ -277,18 +280,18 @@ The default is .Dq no . .Pp -X11 forwarding should be enabled with caution. Users with the ability -to bypass file permissions on the remote host (for the user's X -authorization database) can access the local X11 display through the -forwarded connection. An attacker may then be able to perform -activities such as keystroke monitoring. +X11 forwarding should be enabled with caution. +Users with the ability to bypass file permissions on the remote host +(for the user's X authorization database) +can access the local X11 display through the forwarded connection. +An attacker may then be able to perform activities such as keystroke monitoring. .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to local forwarded ports. By default, .Nm ssh -binds local port forwardings to the loopback address. This -prevents other remote hosts from connecting to forwarded ports. +binds local port forwardings to the loopback address. +This prevents other remote hosts from connecting to forwarded ports. .Cm GatewayPorts can be used to specify that .Nm ssh @@ -395,8 +398,9 @@ .Nm ssh . The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. -The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 -and DEBUG3 each specify higher levels of verbose output. +The default is INFO. +DEBUG and DEBUG1 are equivalent. +DEBUG2 and DEBUG3 each specify higher levels of verbose output. .It Cm MACs Specifies the MAC (message authentication code) algorithms in order of preference. @@ -474,8 +478,8 @@ Host key management will be done using the HostName of the host being connected (defaulting to the name typed by the user). -Setting the command to -.Dq none +Setting the command to +.Dq none disables this option entirely. Note that .Cm CheckHostIP diff -ru openssh-3.6p1/sshconnect2.c openssh-3.6.1p1/sshconnect2.c --- openssh-3.6p1/sshconnect2.c 2003-03-10 11:21:18.000000000 +1100 +++ openssh-3.6.1p1/sshconnect2.c 2003-04-01 21:43:40.000000000 +1000 @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.112 2003/03/05 22:33:43 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.114 2003/04/01 10:22:21 markus Exp $"); #include "ssh.h" #include "ssh2.h" diff -ru openssh-3.6p1/sshd_config.5 openssh-3.6.1p1/sshd_config.5 --- openssh-3.6p1/sshd_config.5 2003-01-24 11:34:52.000000000 +1100 +++ openssh-3.6.1p1/sshd_config.5 2003-04-01 21:42:14.000000000 +1000 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.14 2003/01/23 08:58:47 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.15 2003/03/28 10:11:43 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -211,8 +211,8 @@ forwarded for the client. By default, .Nm sshd -binds remote port forwardings to the loopback address. This -prevents other remote hosts from connecting to forwarded ports. +binds remote port forwardings to the loopback address. +This prevents other remote hosts from connecting to forwarded ports. .Cm GatewayPorts can be used to specify that .Nm sshd @@ -370,7 +370,8 @@ will listen on the address and all prior .Cm Port options specified. The default is to listen on all local -addresses. Multiple +addresses. +Multiple .Cm ListenAddress options are permitted. Additionally, any .Cm Port @@ -385,10 +386,10 @@ .Nm sshd . The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. -The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 -and DEBUG3 each specify higher levels of debugging output. -Logging with a DEBUG level violates the privacy of users -and is not recommended. +The default is INFO. +DEBUG and DEBUG1 are equivalent. +DEBUG2 and DEBUG3 each specify higher levels of debugging output. +Logging with a DEBUG level violates the privacy of users and is not recommended. .It Cm MACs Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 @@ -599,16 +600,18 @@ .Xr login 1 does not know how to handle .Xr xauth 1 -cookies. If +cookies. +If .Cm UsePrivilegeSeparation is specified, it will be disabled after authentication. .It Cm UsePrivilegeSeparation Specifies whether .Nm sshd separates privileges by creating an unprivileged child process -to deal with incoming network traffic. After successful authentication, -another process will be created that has the privilege of the authenticated -user. The goal of privilege separation is to prevent privilege +to deal with incoming network traffic. +After successful authentication, another process will be created that has +the privilege of the authenticated user. +The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is .Dq yes . @@ -666,7 +669,8 @@ Specifies whether .Nm sshd should bind the X11 forwarding server to the loopback address or to -the wildcard address. By default, +the wildcard address. +By default, .Nm sshd binds the forwarding server to the loopback address and sets the hostname part of the diff -ru openssh-3.6p1/version.h openssh-3.6.1p1/version.h --- openssh-3.6p1/version.h 2003-03-20 10:11:34.000000000 +1100 +++ openssh-3.6.1p1/version.h 2003-04-01 21:45:26.000000000 +1000 @@ -1,3 +1,3 @@ -/* $OpenBSD: version.h,v 1.36 2003/03/17 11:43:47 markus Exp $ */ - -#define SSH_VERSION "OpenSSH_3.6p1" +/* $OpenBSD: version.h,v 1.37 2003/04/01 10:56:46 markus Exp $ */ + +#define SSH_VERSION "OpenSSH_3.6.1p1"