Dear OpenSSH Team, i have found another typo. Updated patches attached. They are now based on the newer commit 0a847bbc2bfac01583979556a0a959543e8ea269 with best regards, Max
From 69ea7e295886d96ed3c49dca928b90ac362e5e8a Mon Sep 17 00:00:00 2001 From: Max-Julian Pogner <max-julian@xxxxxxxxx> Date: Mon, 4 Aug 2025 11:18:41 +0200 Subject: [PATCH 1/3] document that 'no-pty' is identical to 'PermitTTY=no' --- usr.bin/ssh/sshd.8 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index ec5a0af777..d3037ff58b 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -557,6 +557,9 @@ This might be used, e.g. in connection with the option. .It Cm no-pty Prevents tty allocation (a request to allocate a pty will fail). +Same as +.Xr sshd_config 5 +.Cm PermitTTY=no . .It Cm no-user-rc Disables execution of .Pa ~/.ssh/rc . -- 2.39.5
From 455f93f0d3fcf3fdf365de1e0baa443bda73def1 Mon Sep 17 00:00:00 2001 From: Max-Julian Pogner <max-julian@xxxxxxxxx> Date: Mon, 4 Aug 2025 12:06:58 +0200 Subject: [PATCH 2/3] =?UTF-8?q?document=20that=20command=3D"=E2=80=A6"=20i?= =?UTF-8?q?s=20identical=20to=20ForceCommand.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- usr.bin/ssh/sshd.8 | 20 +++++++------------- usr.bin/ssh/sshd_config.5 | 4 ++++ 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index d3037ff58b..9f5be7dc8d 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -483,31 +483,25 @@ restrictive union of the two is applied. .It Cm command="command" Specifies that the command is executed whenever this key is used for authentication. -The command supplied by the user (if any) is ignored. -The command is run on a pty if the client requests a pty; -otherwise it is run without a tty. -If an 8-bit clean channel is required, -one must not request a pty or should specify -.Cm no-pty . A quote may be included in the command by quoting it with a backslash. +The execution of the command is equivalent to +.Xr sshd_config 5 +.Cm ForceCommand +(see there for more details). .Pp This option might be useful to restrict certain public keys to perform just a specific operation. An example might be a key that permits remote backups but nothing else. Note that the client may specify TCP and/or X11 -forwarding unless they are explicitly prohibited, e.g. using the +forwarding, or request a pty, unless they are explicitly prohibited, +e.g. using the .Cm restrict key option. .Pp -The command originally supplied by the client is available in the -.Ev SSH_ORIGINAL_COMMAND -environment variable. -Note that this option applies to shell, command or subsystem execution. -Also note that this command may be superseded by a +This option may be superseded by a .Xr sshd_config 5 .Cm ForceCommand directive. -.Pp If a command is specified and a forced-command is embedded in a certificate used for authentication, then the certificate will be accepted only if the two commands are identical. diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 57bc57a6ac..14930525c1 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -698,6 +698,10 @@ ignoring any command supplied by the client and if present. The command is invoked by using the user's login shell with the -c option. This applies to shell, command, or subsystem execution. +The command is run on a pty if the client requests a pty; +otherwise it is run without a tty. If an 8-bit clean channel is required, +one must not request a pty or should specify +.Cm PermitTTY=no . It is most useful inside a .Cm Match block. -- 2.39.5
From a4de12d2b696a7670c6170f2f070642efa680a57 Mon Sep 17 00:00:00 2001 From: Max-Julian Pogner <max-julian@xxxxxxxxx> Date: Mon, 4 Aug 2025 12:14:44 +0200 Subject: [PATCH 3/3] document, that the internal-sftp accepts options same as sftp-server --- usr.bin/ssh/sshd_config.5 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 14930525c1..ac102c6eff 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -712,7 +712,10 @@ Specifying a command of .Cm internal-sftp will force the use of an in-process SFTP server that requires no support files when used with -.Cm ChrootDirectory . +.Cm ChrootDirectory , +and that does not invoke the user's login shell. +The in-process SFTP server accepts the same options as the external +sftp server. The default is .Cm none . .It Cm GatewayPorts -- 2.39.5
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
