[openssh-commits] [openssh] 03/04: upstream: allow -A to explicitly enable agent forwarding in scp and
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Aug 3 14:28:07 AEST 2020
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit a8732d74cb8e72f0c6366015687f1e649f60be87
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Aug 3 02:43:41 2020 +0000
upstream: allow -A to explicitly enable agent forwarding in scp and
sftp. The default remains to not forward an agent, even when ssh_config
enables it. ok jmc dtucker markus
OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
---
scp.1 | 11 ++++++++---
scp.c | 11 +++++++----
sftp.1 | 11 ++++++++---
sftp.c | 11 +++++++----
4 files changed, 30 insertions(+), 14 deletions(-)
diff --git a/scp.1 b/scp.1
index d5f65af4..feb839e9 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.89 2020/04/30 18:28:37 jmc Exp $
+.\" $OpenBSD: scp.1,v 1.90 2020/08/03 02:43:41 djm Exp $
.\"
-.Dd $Mdocdate: April 30 2020 $
+.Dd $Mdocdate: August 3 2020 $
.Dt SCP 1
.Os
.Sh NAME
@@ -18,7 +18,7 @@
.Nd OpenSSH secure file copy
.Sh SYNOPSIS
.Nm scp
-.Op Fl 346BCpqrTv
+.Op Fl 346ABCpqrTv
.Op Fl c Ar cipher
.Op Fl F Ar ssh_config
.Op Fl i Ar identity_file
@@ -86,6 +86,11 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
+.It Fl A
+Allows forwarding of
+.Xr ssh-agent 1
+to the remote system.
+The default is not to forward an authentication agent.
.It Fl B
Selects batch mode (prevents asking for passwords or passphrases).
.It Fl C
diff --git a/scp.c b/scp.c
index 6b1a0c8b..6ae17061 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.211 2020/05/29 21:22:02 millert Exp $ */
+/* $OpenBSD: scp.c,v 1.212 2020/08/03 02:43:41 djm Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -425,7 +425,6 @@ main(int argc, char **argv)
args.list = remote_remote_args.list = NULL;
addargs(&args, "%s", ssh_program);
addargs(&args, "-x");
- addargs(&args, "-oForwardAgent=no");
addargs(&args, "-oPermitLocalCommand=no");
addargs(&args, "-oClearAllForwardings=yes");
addargs(&args, "-oRemoteCommand=none");
@@ -433,7 +432,7 @@ main(int argc, char **argv)
fflag = Tflag = tflag = 0;
while ((ch = getopt(argc, argv,
- "dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) {
+ "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:")) != -1) {
switch (ch) {
/* User-visible flags. */
case '1':
@@ -442,6 +441,7 @@ main(int argc, char **argv)
case '2':
/* Ignored */
break;
+ case 'A':
case '4':
case '6':
case 'C':
@@ -523,6 +523,9 @@ main(int argc, char **argv)
argc -= optind;
argv += optind;
+ /* Do this last because we want the user to be able to override it */
+ addargs(&args, "-oForwardAgent=no");
+
if ((pwd = getpwuid(userid = getuid())) == NULL)
fatal("unknown user %u", (u_int) userid);
@@ -1593,7 +1596,7 @@ void
usage(void)
{
(void) fprintf(stderr,
- "usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
+ "usage: scp [-346ABCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
" [-J destination] [-l limit] [-o ssh_option] [-P port]\n"
" [-S program] source ... target\n");
exit(1);
diff --git a/sftp.1 b/sftp.1
index a305b37d..1cfa5ec2 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.131 2020/04/23 21:28:09 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.132 2020/08/03 02:43:41 djm Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: April 23 2020 $
+.Dd $Mdocdate: August 3 2020 $
.Dt SFTP 1
.Os
.Sh NAME
@@ -30,7 +30,7 @@
.Nd OpenSSH secure file transfer
.Sh SYNOPSIS
.Nm sftp
-.Op Fl 46aCfNpqrv
+.Op Fl 46AaCfNpqrv
.Op Fl B Ar buffer_size
.Op Fl b Ar batchfile
.Op Fl c Ar cipher
@@ -104,6 +104,11 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
+.It Fl A
+Allows forwarding of
+.Xr ssh-agent 1
+to the remote system.
+The default is not to forward an authentication agent.
.It Fl a
Attempt to continue interrupted transfers rather than overwriting
existing partial or complete copies of files.
diff --git a/sftp.c b/sftp.c
index 2799e4a1..c88c8611 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.200 2020/04/03 05:53:52 jmc Exp $ */
+/* $OpenBSD: sftp.c,v 1.201 2020/08/03 02:43:41 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
*
@@ -2363,7 +2363,7 @@ usage(void)
extern char *__progname;
fprintf(stderr,
- "usage: %s [-46aCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n"
+ "usage: %s [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n"
" [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n"
" [-J destination] [-l limit] [-o ssh_option] [-P port]\n"
" [-R num_requests] [-S program] [-s subsystem | sftp_server]\n"
@@ -2401,7 +2401,6 @@ main(int argc, char **argv)
args.list = NULL;
addargs(&args, "%s", ssh_program);
addargs(&args, "-oForwardX11 no");
- addargs(&args, "-oForwardAgent no");
addargs(&args, "-oPermitLocalCommand no");
addargs(&args, "-oClearAllForwardings yes");
@@ -2409,9 +2408,10 @@ main(int argc, char **argv)
infile = stdin;
while ((ch = getopt(argc, argv,
- "1246afhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) {
+ "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) {
switch (ch) {
/* Passed through to ssh(1) */
+ case 'A':
case '4':
case '6':
case 'C':
@@ -2511,6 +2511,9 @@ main(int argc, char **argv)
}
}
+ /* Do this last because we want the user to be able to override it */
+ addargs(&args, "-oForwardAgent no");
+
if (!isatty(STDERR_FILENO))
showprogress = 0;
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list