[Bug 3331] Issues with man pages
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Jun 13 01:49:11 AEST 2026
https://bugzilla.mindrot.org/show_bug.cgi?id=3331
--- Comment #9 from xspielinbox+mindrot at protonmail.com ---
I just checked the issues reported in comment 8 against the latest
source of OpenSSH-Portable (commit
5af8f3f290bd892352eb007866c066b7bf4a4385), Fedora Rawhide (commit
8ff8a5642c9f5062858515431657b5a71b91179d) and Debian sid (as presented
on https://manpages.debian.org/unstable/openssh-* from openssh
1:10.3p1-4) and found the following:
(issues are numbered by me for better reference-ability)
1.
Man page: sftp-server.8
Issue 1: -m → E<.Fl m>
Issue 2: -u → E<.Fl u>
"Sets explicit file permissions to be applied to newly-created files
instead "
"of the default or client requested mode. Numeric values include: 777,
755, "
"750, 666, 644, 640, etc. Using both -m and -u switches makes the
umask (-u) "
"effective only for newly created directories and explicit mode (-m)
for "
"newly created files."
--> bug in Fedora Patch
"Sets explicit permissions to be applied to newly-created files and "
"directories instead of the default or client requested mode. Numeric
values "
"include: 777, 755, 750, 666, 644, 640, etc. Option -u is ineffective
if -m "
"is set."
--> cannot find source
--
2.
Man page: ssh_config.5
Issue: No section TIME FORMATS in this page (but in sshd_config(5))
"The timeout value E<.Dq interval> is specified in seconds or may use
any of "
"the units documented in the E<.Sx TIME FORMATS> section. For example,
E<.Dq "
"session=5m> would cause interactive sessions to terminate after five
minutes "
"of inactivity. Specifying a zero value disables the inactivity
timeout."
--> bug in OpenSSH-Portable
--
3.
Man page: ssh_config.5
Issue: Is this enabling the command line or the command line option?
The first sentence states the latter, the last one the former.
"Enables the command line option in the E<.Cm EscapeChar> menu for "
"interactive sessions (default E<.Ql ~C>). By default, the command
line is "
"disabled."
--> bug in OpenSSH-Portable
--
4.
Man page: ssh_config.5
Issue: known hosts files -> E<.Pa known_hosts> files?
"Indicates that E<.Xr ssh 1> should hash host names and addresses when
they "
"are added to E<.Pa ~/.ssh/known_hosts>. These hashed names may be
used "
"normally by E<.Xr ssh 1> and E<.Xr sshd 8>, but they do not visually
reveal "
"identifying information if the file's contents are disclosed. The
default "
"is E<.Cm no>. Note that existing names and addresses in known hosts
files "
"will not be converted automatically, but may be manually hashed using
E<.Xr "
"ssh-keygen 1>."
--> bug in OpenSSH-Portable
"Indicates that E<.Xr ssh 1> should hash host names and addresses when
they "
"are added to E<.Pa ~/.ssh/known_hosts>. These hashed names may be
used "
"normally by E<.Xr ssh 1> and E<.Xr sshd 8>, but they do not visually
reveal "
"identifying information if the file's contents are disclosed. The
default "
"is E<.Cm no>. Note that existing names and addresses in known hosts
files "
"will not be converted automatically, but may be manually hashed using
E<.Xr "
"ssh-keygen 1>. Use of this option may break facilities such as tab-"
"completion that rely on being able to read unhashed host names from
E<.Pa ~/."
"ssh/known_hosts>."
--> bug in Debian patch
--
5.
Man page: ssh_config.5
Issue: TIME FORMATS → E<.Sx TIME FORMATS>
"Specifies the maximum amount of data that may be transmitted or
received "
"before the session key is renegotiated, optionally followed by a
maximum "
"amount of time that may pass before the session key is renegotiated.
The "
"first argument is specified in bytes and may have a suffix of E<.Sq
K>, E<."
"Sq M>, or E<.Sq G> to indicate Kilobytes, Megabytes, or Gigabytes, "
"respectively. The default is between E<.Sq 1G> and E<.Sq 4G>,
depending on "
"the cipher. The optional second value is specified in seconds and may
use "
"any of the units documented in the TIME FORMATS section of E<.Xr
sshd_config "
"5>. The default value for E<.Cm RekeyLimit> is E<.Cm default none>,
which "
"means that rekeying is performed after the cipher's default amount of
data "
"has been sent or received and no time based rekeying is done."
--> bug in OpenSSH-Portable
--
6.
Man page: ssh_config.5
Issue: openssh → OpenSSH
"Specifies the signature algorithms that will be used for hostbased "
"authentication as a comma-separated list of patterns. Alternately if
the "
"specified list begins with a E<.Sq +> character, then the specified "
"signature algorithms will be appended to the built-in openssh default
set "
"instead of replacing them. If the specified list begins with a E<.Sq
-> "
"character, then the specified signature algorithms (including
wildcards) "
"will be removed from the built-in openssh default set instead of
replacing "
"them. If the specified list begins with a E<.Sq ^> character, then
the "
"specified signature algorithms will be placed at the head of the
built-in "
"openssh default set."
--> bug in Fedora patch
--
7.
Man page: ssh_config.5
Issue: E<.Xr crypto_policies 7 can … so> → E<.Xr crypto_policies 7>
can … so
"The proposed E<.Cm HostKeyAlgorithms> during KEX are limited to the
set of "
"algorithms that is defined in E<.Cm PubkeyAcceptedAlgorithms> and
therefore "
"they are indirectly affected by system-wide E<.Xr crypto_policies 7>.
E<.Xr "
"crypto_policies 7 can not handle the list of host key algorithms
directly as "
"doing so> would break the order given by the E<.Pa known_hosts> file."
--> bug in Fedora patch
--
8.
Man page: ssh_config.5
Issue: Why does a new paragraph start in the middle of a sentence?
"built-in openssh default set. The list of supported key exchange
algorithms "
"may also be obtained using E<.Qq ssh -Q kex>."
--> bug in Fedora patch
--
9.
Man page: ssh_config.5
Issue: Missing full stop
"This option affects also E<.Cm HostKeyAlgorithms>"
--> bug in Fedora patch
--
10.
Man page: ssh_config.5
Issue: ssh-keysign should → E<.Xr ssh-keysign 8> should
"Setting this option to E<.Cm yes> in the global client configuration
file E<."
"Pa /etc/ssh/ssh_config> enables the use of the helper program E<.Xr
ssh-"
"keysign 8> during E<.Cm HostbasedAuthentication>. The argument must
be E<."
"Cm yes> or E<.Cm no> (the default). This option should be placed in
the non-"
"hostspecific section. See E<.Xr ssh-keysign 8> for more information.
ssh-"
"keysign should be installed explicitly."
--> bug in Fedora patch
--
11.
Man page: ssh_config.5
Issue: E<.Xr crypto_policies 7 does not handle the list of
algorithms as doing so> → E<.Xr crypto_policies 7> does not handle the
list of algorithms as doing so
"E<.Xr crypto_policies 7 does not handle the list of algorithms as
doing so> "
"would break the order given by the E<.Pa known_hosts> file. Therefore
the "
"list is filtered by E<.Cm PubkeyAcceptedAlgorithms.>"
--> cannot find source
--
12.
Man page: ssh-copy-id.1
Issue 1: ssh → B<ssh>(1)
Issue 2: sftp → B<sftp>(1)
"These options are simply passed through untouched (with their
argument) to "
"ssh/sftp, allowing one to set an alternative config file, or other
options, "
"respectively."
--> bug in OpenSSH-Portable contrib
--> original bug in https://gitlab.com/phil_hands/ssh-copy-id/
--
13.
Man page: sshd.8
Issue 1: E<.Cm DenyGroups> \\&. → E<.Cm DenyGroups>\\&.
Issue 2: eg → e.g.
Issue 3: ( E<.Ql → (E<.Ql
Issue 4: \\&*NP\\&*> ) → \\&*NP\\&*>)
"Regardless of the authentication type, the account is checked to
ensure that "
"it is accessible. An account is not accessible if it is locked,
listed in "
"E<.Cm DenyUsers> or its group is listed in E<.Cm DenyGroups> \\&. The
"
"definition of a locked account is system dependent. Some platforms
have "
"their own account database (eg AIX) and some modify the passwd field (
E<.Ql "
"\\&*LK\\&*> on Solaris and UnixWare, E<.Ql \\&*> on HP-UX, containing
E<.Ql "
"Nologin> on Tru64, a leading E<.Ql \\&*LOCKED\\&*> on FreeBSD and a
leading "
"E<.Ql \\&!> on most Linuxes). If there is a requirement to disable
password "
"authentication for the account while allowing still public-key, then
the "
"passwd field should be set to something other than these values (eg
E<.Ql "
"NP> or E<.Ql \\&*NP\\&*> )."
--> bug in OpenSSH-Portable
--
14.
Man page: sshd_config.5
Issue: Something missing or wrong fullstop after E<.Cm pam>?
"For keyboard interactive authentication it is also possible to
restrict "
"authentication to a specific device by appending a colon followed by
the "
"device identifier E<.Cm bsdauth> or E<.Cm pam>. depending on the
server "
"configuration. For example, E<.Qq keyboard-interactive:bsdauth> would
"
"restrict keyboard interactive authentication to the E<.Cm bsdauth>
device."
--> bug in OpenSSH-Portable
--
15.
Man page: sshd_config.5
Issue: No section TIME FORMATS in this page (but in sshd_config(5))
"The timeout value E<.Dq interval> is specified in seconds or may use
any of "
"the units documented in the E<.Sx TIME FORMATS> section. For example,
E<.Dq "
"session=5m> would cause interactive sessions to terminate after five
minutes "
"of inactivity. Specifying a zero value disables the inactivity
timeout."
--> invalid, as sshd_config.5 is the same as sshd_config(5)
--
16.
Man page: sshd_config.5
Issue: E<.Xr sshd 8 (default: 90s).> → E<.Xr sshd 8> (default:
90s).
"Specifies how long to refuse clients that cause a crash of E<.Xr sshd
8 "
"(default: 90s).>"
--> bug in OpenSSH-Portable
--
17.
Man page: sshd_config.5
Issue: Superfluous space before comma in first line
"When set to E<.Dq yes> , the checks whether the account has been
locked with "
"E<.Pa passwd -l> are performed even when PAM authentication is enabled
via "
"E<.Cm UsePAM>. This is to ensure that it is not possible to log in
with e."
"g. a public key (in such a case PAM is used only to set up the session
and "
"some PAM modules will not check whether the account is locked in this
"
"scenario). The default is E<.Dq no>."
--> cannot find source
Summary:
actually affects OpenSSH-Portable: 2, 3, 4, 5, 13, 14, 16
actually affects OpenSSH-Portable, but originates in third-party
project: 12
affects only Fedora and derivatives: 1, 6, 7, 8, 9, 10
affects only Debian and derivatives: 4
cannot reproduce: 1, 11, 15, 17
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list