external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index fe9bb6e..6bbc480 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keyscan.1,v 1.29 2010/08/31 11:54:45 djm Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.36 2014/08/30 15:33:50 sobrado Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@@ -6,7 +6,7 @@
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
-.Dd $Mdocdate: August 31 2010 $
+.Dd $Mdocdate: August 30 2014 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
@@ -56,14 +56,16 @@
to use IPv6 addresses only.
.It Fl f Ar file
Read hosts or
-.Pa addrlist namelist
-pairs from this file, one per line.
+.Dq addrlist namelist
+pairs from
+.Ar file ,
+one per line.
If
.Pa -
is supplied instead of a filename,
.Nm
will read hosts or
-.Pa addrlist namelist
+.Dq addrlist namelist
pairs from the standard input.
.It Fl H
Hash all hostnames and addresses in the output.
@@ -78,7 +80,7 @@
.It Fl T Ar timeout
Set the timeout for connection attempts.
If
-.Pa timeout
+.Ar timeout
seconds have elapsed since a connection was initiated to a host or since the
last time anything was read from that host, then the connection is
closed and the host in question considered unavailable.
@@ -89,13 +91,18 @@
.Dq rsa1
for protocol version 1 and
.Dq dsa ,
-.Dq ecdsa
+.Dq ecdsa ,
+.Dq ed25519 ,
or
.Dq rsa
for protocol version 2.
Multiple values may be specified by separating them with commas.
-The default is
-.Dq rsa .
+The default is to fetch
+.Dq rsa ,
+.Dq ecdsa ,
+and
+.Dq ed25519
+keys.
.It Fl v
Verbose mode.
Causes
@@ -113,37 +120,36 @@
can help in the detection of tampered keyfiles or man in the middle
attacks which have begun after the ssh_known_hosts file was created.
.Sh FILES
-.Pa Input format:
+Input format:
.Bd -literal
1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
.Ed
.Pp
-.Pa Output format for rsa1 keys:
+Output format for RSA1 keys:
.Bd -literal
host-or-namelist bits exponent modulus
.Ed
.Pp
-.Pa Output format for rsa, dsa and ecdsa keys:
+Output format for RSA, DSA, ECDSA, and Ed25519 keys:
.Bd -literal
host-or-namelist keytype base64-encoded-key
.Ed
.Pp
Where
-.Pa keytype
+.Ar keytype
is either
.Dq ecdsa-sha2-nistp256 ,
.Dq ecdsa-sha2-nistp384 ,
.Dq ecdsa-sha2-nistp521 ,
+.Dq ssh-ed25519 ,
.Dq ssh-dss
or
.Dq ssh-rsa .
.Pp
.Pa /etc/ssh/ssh_known_hosts
.Sh EXAMPLES
-Print the
-.Pa rsa
-host key for machine
-.Pa hostname :
+Print the rsa host key for machine
+.Ar hostname :
.Bd -literal
$ ssh-keyscan hostname
.Ed
@@ -153,7 +159,7 @@
which have new or different keys from those in the sorted file
.Pa ssh_known_hosts :
.Bd -literal
-$ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \e
+$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e
sort -u - ssh_known_hosts | diff ssh_known_hosts -
.Ed
.Sh SEE ALSO
@@ -161,9 +167,9 @@
.Xr sshd 8
.Sh AUTHORS
.An -nosplit
-.An David Mazieres Aq dm@lcs.mit.edu
+.An David Mazieres Aq Mt dm@lcs.mit.edu
wrote the initial version, and
-.An Wayne Davison Aq wayned@users.sourceforge.net
+.An Wayne Davison Aq Mt wayned@users.sourceforge.net
added support for protocol version 2.
.Sh BUGS
It generates "Connection closed by remote host" messages on the consoles