https://bugzilla.mindrot.org/show_bug.cgi?id=3331
--- Comment #8 from Helge Kreutzmann <deb...@helgefjell.de> --- Hello OpenSSH maintainers, below you can find those issues which are currently (as of late December 2024 in the distros) open. Again, please tell me if I should file them via Debian as proxy, as stated in my comment about a week ago. Man page: sftp-server.8 Issue 1: -m → E<.Fl m> Issue 2: -u → E<.Fl u> "Sets explicit file permissions to be applied to newly-created files instead " "of the default or client requested mode. Numeric values include: 777, 755, " "750, 666, 644, 640, etc. Using both -m and -u switches makes the umask (-u) " "effective only for newly created directories and explicit mode (-m) for " "newly created files." "Sets explicit permissions to be applied to newly-created files and " "directories instead of the default or client requested mode. Numeric values " "include: 777, 755, 750, 666, 644, 640, etc. Option -u is ineffective if -m " "is set." -- Man page: ssh_config.5 Issue: No section TIME FORMATS in this page (but in sshd_config(5)) "The timeout value E<.Dq interval> is specified in seconds or may use any of " "the units documented in the E<.Sx TIME FORMATS> section. For example, E<.Dq " "session=5m> would cause interactive sessions to terminate after five minutes " "of inactivity. Specifying a zero value disables the inactivity timeout." -- Man page: ssh_config.5 Issue: Is this enabling the command line or the command line option? The first sentence states the latter, the last one the former. "Enables the command line option in the E<.Cm EscapeChar> menu for " "interactive sessions (default E<.Ql ~C>). By default, the command line is " "disabled." -- Man page: ssh_config.5 Issue: known hosts files -> E<.Pa known_hosts> files? "Indicates that E<.Xr ssh 1> should hash host names and addresses when they " "are added to E<.Pa ~/.ssh/known_hosts>. These hashed names may be used " "normally by E<.Xr ssh 1> and E<.Xr sshd 8>, but they do not visually reveal " "identifying information if the file's contents are disclosed. The default " "is E<.Cm no>. Note that existing names and addresses in known hosts files " "will not be converted automatically, but may be manually hashed using E<.Xr " "ssh-keygen 1>." "Indicates that E<.Xr ssh 1> should hash host names and addresses when they " "are added to E<.Pa ~/.ssh/known_hosts>. These hashed names may be used " "normally by E<.Xr ssh 1> and E<.Xr sshd 8>, but they do not visually reveal " "identifying information if the file's contents are disclosed. The default " "is E<.Cm no>. Note that existing names and addresses in known hosts files " "will not be converted automatically, but may be manually hashed using E<.Xr " "ssh-keygen 1>. Use of this option may break facilities such as tab-" "completion that rely on being able to read unhashed host names from E<.Pa ~/." "ssh/known_hosts>." -- Man page: ssh_config.5 Issue: TIME FORMATS → E<.Sx TIME FORMATS> "Specifies the maximum amount of data that may be transmitted or received " "before the session key is renegotiated, optionally followed by a maximum " "amount of time that may pass before the session key is renegotiated. The " "first argument is specified in bytes and may have a suffix of E<.Sq K>, E<." "Sq M>, or E<.Sq G> to indicate Kilobytes, Megabytes, or Gigabytes, " "respectively. The default is between E<.Sq 1G> and E<.Sq 4G>, depending on " "the cipher. The optional second value is specified in seconds and may use " "any of the units documented in the TIME FORMATS section of E<.Xr sshd_config " "5>. The default value for E<.Cm RekeyLimit> is E<.Cm default none>, which " "means that rekeying is performed after the cipher's default amount of data " "has been sent or received and no time based rekeying is done." -- Man page: ssh_config.5 Issue: openssh → OpenSSH "Specifies the signature algorithms that will be used for hostbased " "authentication as a comma-separated list of patterns. Alternately if the " "specified list begins with a E<.Sq +> character, then the specified " "signature algorithms will be appended to the built-in openssh default set " "instead of replacing them. If the specified list begins with a E<.Sq -> " "character, then the specified signature algorithms (including wildcards) " "will be removed from the built-in openssh default set instead of replacing " "them. If the specified list begins with a E<.Sq ^> character, then the " "specified signature algorithms will be placed at the head of the built-in " "openssh default set." -- Man page: ssh_config.5 Issue: E<.Xr crypto_policies 7 can … so> → E<.Xr crypto_policies 7> can … so "The proposed E<.Cm HostKeyAlgorithms> during KEX are limited to the set of " "algorithms that is defined in E<.Cm PubkeyAcceptedAlgorithms> and therefore " "they are indirectly affected by system-wide E<.Xr crypto_policies 7>. E<.Xr " "crypto_policies 7 can not handle the list of host key algorithms directly as " "doing so> would break the order given by the E<.Pa known_hosts> file." -- Man page: ssh_config.5 Issue: Why does a new paragraph start in the middle of a sentence? "built-in openssh default set. The list of supported key exchange algorithms " "may also be obtained using E<.Qq ssh -Q kex>." -- Man page: ssh_config.5 Issue: Missing full stop "This option affects also E<.Cm HostKeyAlgorithms>" -- Man page: ssh_config.5 Issue: ssh-keysign should → E<.Xr ssh-keysign 8> should "Setting this option to E<.Cm yes> in the global client configuration file E<." "Pa /etc/ssh/ssh_config> enables the use of the helper program E<.Xr ssh-" "keysign 8> during E<.Cm HostbasedAuthentication>. The argument must be E<." "Cm yes> or E<.Cm no> (the default). This option should be placed in the non-" "hostspecific section. See E<.Xr ssh-keysign 8> for more information. ssh-" "keysign should be installed explicitly." -- Man page: ssh_config.5 Issue: E<.Xr crypto_policies 7 does not handle the list of algorithms as doing so> → E<.Xr crypto_policies 7> does not handle the list of algorithms as doing so "E<.Xr crypto_policies 7 does not handle the list of algorithms as doing so> " "would break the order given by the E<.Pa known_hosts> file. Therefore the " "list is filtered by E<.Cm PubkeyAcceptedAlgorithms.>" -- Man page: ssh-copy-id.1 Issue 1: ssh → B<ssh>(1) Issue 2: sftp → B<sftp>(1) "These options are simply passed through untouched (with their argument) to " "ssh/sftp, allowing one to set an alternative config file, or other options, " "respectively." -- Man page: sshd.8 Issue 1: E<.Cm DenyGroups> \\&. → E<.Cm DenyGroups>\\&. Issue 2: eg → e.g. Issue 3: ( E<.Ql → (E<.Ql Issue 4: \\&*NP\\&*> ) → \\&*NP\\&*>) "Regardless of the authentication type, the account is checked to ensure that " "it is accessible. An account is not accessible if it is locked, listed in " "E<.Cm DenyUsers> or its group is listed in E<.Cm DenyGroups> \\&. The " "definition of a locked account is system dependent. Some platforms have " "their own account database (eg AIX) and some modify the passwd field ( E<.Ql " "\\&*LK\\&*> on Solaris and UnixWare, E<.Ql \\&*> on HP-UX, containing E<.Ql " "Nologin> on Tru64, a leading E<.Ql \\&*LOCKED\\&*> on FreeBSD and a leading " "E<.Ql \\&!> on most Linuxes). If there is a requirement to disable password " "authentication for the account while allowing still public-key, then the " "passwd field should be set to something other than these values (eg E<.Ql " "NP> or E<.Ql \\&*NP\\&*> )." -- Man page: sshd_config.5 Issue: Something missing or wrong fullstop after E<.Cm pam>? "For keyboard interactive authentication it is also possible to restrict " "authentication to a specific device by appending a colon followed by the " "device identifier E<.Cm bsdauth> or E<.Cm pam>. depending on the server " "configuration. For example, E<.Qq keyboard-interactive:bsdauth> would " "restrict keyboard interactive authentication to the E<.Cm bsdauth> device." -- Man page: sshd_config.5 Issue: No section TIME FORMATS in this page (but in sshd_config(5)) "The timeout value E<.Dq interval> is specified in seconds or may use any of " "the units documented in the E<.Sx TIME FORMATS> section. For example, E<.Dq " "session=5m> would cause interactive sessions to terminate after five minutes " "of inactivity. Specifying a zero value disables the inactivity timeout." -- Man page: sshd_config.5 Issue: E<.Xr sshd 8 (default: 90s).> → E<.Xr sshd 8> (default: 90s). "Specifies how long to refuse clients that cause a crash of E<.Xr sshd 8 " "(default: 90s).>" -- Man page: sshd_config.5 Issue: Superfluous space before comma in first line "When set to E<.Dq yes> , the checks whether the account has been locked with " "E<.Pa passwd -l> are performed even when PAM authentication is enabled via " "E<.Cm UsePAM>. This is to ensure that it is not possible to log in with e." "g. a public key (in such a case PAM is used only to set up the session and " "some PAM modules will not check whether the account is locked in this " "scenario). The default is E<.Dq no>." -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
