[openssh-commits] [openssh] 03/04: upstream: allow -A to explicitly enable agent forwarding in scp and

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Aug 3 14:28:07 AEST 2020


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit a8732d74cb8e72f0c6366015687f1e649f60be87
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Aug 3 02:43:41 2020 +0000

    upstream: allow -A to explicitly enable agent forwarding in scp and
    
    sftp. The default remains to not forward an agent, even when ssh_config
    enables it. ok jmc dtucker markus
    
    OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
---
 scp.1  | 11 ++++++++---
 scp.c  | 11 +++++++----
 sftp.1 | 11 ++++++++---
 sftp.c | 11 +++++++----
 4 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/scp.1 b/scp.1
index d5f65af4..feb839e9 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.89 2020/04/30 18:28:37 jmc Exp $
+.\" $OpenBSD: scp.1,v 1.90 2020/08/03 02:43:41 djm Exp $
 .\"
-.Dd $Mdocdate: April 30 2020 $
+.Dd $Mdocdate: August 3 2020 $
 .Dt SCP 1
 .Os
 .Sh NAME
@@ -18,7 +18,7 @@
 .Nd OpenSSH secure file copy
 .Sh SYNOPSIS
 .Nm scp
-.Op Fl 346BCpqrTv
+.Op Fl 346ABCpqrTv
 .Op Fl c Ar cipher
 .Op Fl F Ar ssh_config
 .Op Fl i Ar identity_file
@@ -86,6 +86,11 @@ to use IPv4 addresses only.
 Forces
 .Nm
 to use IPv6 addresses only.
+.It Fl A
+Allows forwarding of
+.Xr ssh-agent 1
+to the remote system.
+The default is not to forward an authentication agent.
 .It Fl B
 Selects batch mode (prevents asking for passwords or passphrases).
 .It Fl C
diff --git a/scp.c b/scp.c
index 6b1a0c8b..6ae17061 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.211 2020/05/29 21:22:02 millert Exp $ */
+/* $OpenBSD: scp.c,v 1.212 2020/08/03 02:43:41 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -425,7 +425,6 @@ main(int argc, char **argv)
 	args.list = remote_remote_args.list = NULL;
 	addargs(&args, "%s", ssh_program);
 	addargs(&args, "-x");
-	addargs(&args, "-oForwardAgent=no");
 	addargs(&args, "-oPermitLocalCommand=no");
 	addargs(&args, "-oClearAllForwardings=yes");
 	addargs(&args, "-oRemoteCommand=none");
@@ -433,7 +432,7 @@ main(int argc, char **argv)
 
 	fflag = Tflag = tflag = 0;
 	while ((ch = getopt(argc, argv,
-	    "dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) {
+	    "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:")) != -1) {
 		switch (ch) {
 		/* User-visible flags. */
 		case '1':
@@ -442,6 +441,7 @@ main(int argc, char **argv)
 		case '2':
 			/* Ignored */
 			break;
+		case 'A':
 		case '4':
 		case '6':
 		case 'C':
@@ -523,6 +523,9 @@ main(int argc, char **argv)
 	argc -= optind;
 	argv += optind;
 
+	/* Do this last because we want the user to be able to override it */
+	addargs(&args, "-oForwardAgent=no");
+
 	if ((pwd = getpwuid(userid = getuid())) == NULL)
 		fatal("unknown user %u", (u_int) userid);
 
@@ -1593,7 +1596,7 @@ void
 usage(void)
 {
 	(void) fprintf(stderr,
-	    "usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
+	    "usage: scp [-346ABCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
 	    "            [-J destination] [-l limit] [-o ssh_option] [-P port]\n"
 	    "            [-S program] source ... target\n");
 	exit(1);
diff --git a/sftp.1 b/sftp.1
index a305b37d..1cfa5ec2 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.131 2020/04/23 21:28:09 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.132 2020/08/03 02:43:41 djm Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 23 2020 $
+.Dd $Mdocdate: August 3 2020 $
 .Dt SFTP 1
 .Os
 .Sh NAME
@@ -30,7 +30,7 @@
 .Nd OpenSSH secure file transfer
 .Sh SYNOPSIS
 .Nm sftp
-.Op Fl 46aCfNpqrv
+.Op Fl 46AaCfNpqrv
 .Op Fl B Ar buffer_size
 .Op Fl b Ar batchfile
 .Op Fl c Ar cipher
@@ -104,6 +104,11 @@ to use IPv4 addresses only.
 Forces
 .Nm
 to use IPv6 addresses only.
+.It Fl A
+Allows forwarding of
+.Xr ssh-agent 1
+to the remote system.
+The default is not to forward an authentication agent.
 .It Fl a
 Attempt to continue interrupted transfers rather than overwriting
 existing partial or complete copies of files.
diff --git a/sftp.c b/sftp.c
index 2799e4a1..c88c8611 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.200 2020/04/03 05:53:52 jmc Exp $ */
+/* $OpenBSD: sftp.c,v 1.201 2020/08/03 02:43:41 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
  *
@@ -2363,7 +2363,7 @@ usage(void)
 	extern char *__progname;
 
 	fprintf(stderr,
-	    "usage: %s [-46aCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n"
+	    "usage: %s [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n"
 	    "          [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n"
 	    "          [-J destination] [-l limit] [-o ssh_option] [-P port]\n"
 	    "          [-R num_requests] [-S program] [-s subsystem | sftp_server]\n"
@@ -2401,7 +2401,6 @@ main(int argc, char **argv)
 	args.list = NULL;
 	addargs(&args, "%s", ssh_program);
 	addargs(&args, "-oForwardX11 no");
-	addargs(&args, "-oForwardAgent no");
 	addargs(&args, "-oPermitLocalCommand no");
 	addargs(&args, "-oClearAllForwardings yes");
 
@@ -2409,9 +2408,10 @@ main(int argc, char **argv)
 	infile = stdin;
 
 	while ((ch = getopt(argc, argv,
-	    "1246afhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) {
+	    "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) {
 		switch (ch) {
 		/* Passed through to ssh(1) */
+		case 'A':
 		case '4':
 		case '6':
 		case 'C':
@@ -2511,6 +2511,9 @@ main(int argc, char **argv)
 		}
 	}
 
+	/* Do this last because we want the user to be able to override it */
+	addargs(&args, "-oForwardAgent no");
+
 	if (!isatty(STDERR_FILENO))
 		showprogress = 0;
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list