diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2020-08-03 02:43:42 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2020-08-03 02:43:42 +0000 |
commit | edc959b677a1baa0a3d169d8abb12caccc5b5b95 (patch) | |
tree | 5dfd9bd2e592eb6892133d8b8cc2498c0c9d5e11 /usr.bin/ssh | |
parent | 737e75292731ce61907faefc73c5cf3dfee55f8a (diff) |
allow -A to explicitly enable agent forwarding in scp and sftp. The
default remains to not forward an agent, even when ssh_config enables
it. ok jmc dtucker markus
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/scp.1 | 11 | ||||
-rw-r--r-- | usr.bin/ssh/scp.c | 11 | ||||
-rw-r--r-- | usr.bin/ssh/sftp.1 | 11 | ||||
-rw-r--r-- | usr.bin/ssh/sftp.c | 11 |
4 files changed, 30 insertions, 14 deletions
diff --git a/usr.bin/ssh/scp.1 b/usr.bin/ssh/scp.1 index d5f65af4ebc..feb839e9c3c 100644 --- a/usr.bin/ssh/scp.1 +++ b/usr.bin/ssh/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.89 2020/04/30 18:28:37 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.90 2020/08/03 02:43:41 djm Exp $ .\" -.Dd $Mdocdate: April 30 2020 $ +.Dd $Mdocdate: August 3 2020 $ .Dt SCP 1 .Os .Sh NAME @@ -18,7 +18,7 @@ .Nd OpenSSH secure file copy .Sh SYNOPSIS .Nm scp -.Op Fl 346BCpqrTv +.Op Fl 346ABCpqrTv .Op Fl c Ar cipher .Op Fl F Ar ssh_config .Op Fl i Ar identity_file @@ -86,6 +86,11 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl A +Allows forwarding of +.Xr ssh-agent 1 +to the remote system. +The default is not to forward an authentication agent. .It Fl B Selects batch mode (prevents asking for passwords or passphrases). .It Fl C diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index d0bf05c5543..5a8caff0d36 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.211 2020/05/29 21:22:02 millert Exp $ */ +/* $OpenBSD: scp.c,v 1.212 2020/08/03 02:43:41 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -401,7 +401,6 @@ main(int argc, char **argv) args.list = remote_remote_args.list = NULL; addargs(&args, "%s", ssh_program); addargs(&args, "-x"); - addargs(&args, "-oForwardAgent=no"); addargs(&args, "-oPermitLocalCommand=no"); addargs(&args, "-oClearAllForwardings=yes"); addargs(&args, "-oRemoteCommand=none"); @@ -409,7 +408,7 @@ main(int argc, char **argv) fflag = Tflag = tflag = 0; while ((ch = getopt(argc, argv, - "dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) { + "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:")) != -1) { switch (ch) { /* User-visible flags. */ case '1': @@ -418,6 +417,7 @@ main(int argc, char **argv) case '2': /* Ignored */ break; + case 'A': case '4': case '6': case 'C': @@ -496,6 +496,9 @@ main(int argc, char **argv) argc -= optind; argv += optind; + /* Do this last because we want the user to be able to override it */ + addargs(&args, "-oForwardAgent=no"); + if ((pwd = getpwuid(userid = getuid())) == NULL) fatal("unknown user %u", (u_int) userid); @@ -1558,7 +1561,7 @@ void usage(void) { (void) fprintf(stderr, - "usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" + "usage: scp [-346ABCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" " [-S program] source ... target\n"); exit(1); diff --git a/usr.bin/ssh/sftp.1 b/usr.bin/ssh/sftp.1 index a305b37d137..1cfa5ec229e 100644 --- a/usr.bin/ssh/sftp.1 +++ b/usr.bin/ssh/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.131 2020/04/23 21:28:09 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.132 2020/08/03 02:43:41 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 23 2020 $ +.Dd $Mdocdate: August 3 2020 $ .Dt SFTP 1 .Os .Sh NAME @@ -30,7 +30,7 @@ .Nd OpenSSH secure file transfer .Sh SYNOPSIS .Nm sftp -.Op Fl 46aCfNpqrv +.Op Fl 46AaCfNpqrv .Op Fl B Ar buffer_size .Op Fl b Ar batchfile .Op Fl c Ar cipher @@ -104,6 +104,11 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl A +Allows forwarding of +.Xr ssh-agent 1 +to the remote system. +The default is not to forward an authentication agent. .It Fl a Attempt to continue interrupted transfers rather than overwriting existing partial or complete copies of files. diff --git a/usr.bin/ssh/sftp.c b/usr.bin/ssh/sftp.c index becdb9311d3..870552834b5 100644 --- a/usr.bin/ssh/sftp.c +++ b/usr.bin/ssh/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.200 2020/04/03 05:53:52 jmc Exp $ */ +/* $OpenBSD: sftp.c,v 1.201 2020/08/03 02:43:41 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -2316,7 +2316,7 @@ usage(void) extern char *__progname; fprintf(stderr, - "usage: %s [-46aCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" + "usage: %s [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" " [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n" " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" " [-R num_requests] [-S program] [-s subsystem | sftp_server]\n" @@ -2351,7 +2351,6 @@ main(int argc, char **argv) args.list = NULL; addargs(&args, "%s", ssh_program); addargs(&args, "-oForwardX11 no"); - addargs(&args, "-oForwardAgent no"); addargs(&args, "-oPermitLocalCommand no"); addargs(&args, "-oClearAllForwardings yes"); @@ -2359,9 +2358,10 @@ main(int argc, char **argv) infile = stdin; while ((ch = getopt(argc, argv, - "1246afhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) { + "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) { switch (ch) { /* Passed through to ssh(1) */ + case 'A': case '4': case '6': case 'C': @@ -2461,6 +2461,9 @@ main(int argc, char **argv) } } + /* Do this last because we want the user to be able to override it */ + addargs(&args, "-oForwardAgent no"); + if (!isatty(STDERR_FILENO)) showprogress = 0; |