MFH (r261320): upgrade openssh to 6.5p1

MFH (r261340): enable sandboxing by default

1 files changed, 20 insertions, 17 deletions

diff --git a/crypto/openssh/sshd.0 b/crypto/openssh/sshd.0
index c48b987..154009c 100644
--- a/crypto/openssh/sshd.0
+++ b/crypto/openssh/sshd.0
@@ -82,10 +82,11 @@ DESCRIPTION
              be given if sshd is not run as root (as the normal host key files
              are normally not readable by anyone but root).  The default is
              /etc/ssh/ssh_host_key for protocol version 1, and
-             /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and
-             /etc/ssh/ssh_host_rsa_key for protocol version 2.  It is possible
-             to have multiple host key files for the different protocol
-             versions and host key algorithms.
+             /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key.
+             /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
+             protocol version 2.  It is possible to have multiple host key
+             files for the different protocol versions and host key
+             algorithms.
 
      -i      Specifies that sshd is being run from inetd(8).  sshd is normally
              not run from inetd because it needs to generate the server key
@@ -147,9 +148,9 @@ DESCRIPTION
 AUTHENTICATION
      The OpenSSH SSH daemon supports SSH protocols 1 and 2.  The default is to
      use protocol 2 only, though this can be changed via the Protocol option
-     in sshd_config(5).  Protocol 2 supports DSA, ECDSA and RSA keys; protocol
-     1 only supports RSA keys.  For both protocols, each host has a host-
-     specific key, normally 2048 bits, used to identify the host.
+     in sshd_config(5).  Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
+     protocol 1 only supports RSA keys.  For both protocols, each host has a
+     host-specific key, normally 2048 bits, used to identify the host.
 
      Forward security for protocol 1 is provided through an additional server
      key, normally 768 bits, generated when the server starts.  This key is
@@ -278,15 +279,15 @@ AUTHORIZED_KEYS FILE FORMAT
      give the RSA key for protocol version 1; the comment field is not used
      for anything (but may be convenient for the user to identify the key).
      For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'',
-     ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-dss'' or
-     ``ssh-rsa''.
+     ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-ed25519'',
+     ``ssh-dss'' or ``ssh-rsa''.
 
      Note that lines in this file are usually several hundred bytes long
      (because of the size of the public key encoding) up to a limit of 8
      kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
      kilobits.  You don't want to type them in; instead, copy the
-     identity.pub, id_dsa.pub, id_ecdsa.pub, or the id_rsa.pub file and edit
-     it.
+     identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub
+     file and edit it.
 
      sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
      2 keys of 768 bits.
@@ -512,11 +513,11 @@ FILES
              for the user, and not accessible by others.
 
      ~/.ssh/authorized_keys
-             Lists the public keys (DSA/ECDSA/RSA) that can be used for
-             logging in as this user.  The format of this file is described
-             above.  The content of the file is not highly sensitive, but the
-             recommended permissions are read/write for the user, and not
-             accessible by others.
+             Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used
+             for logging in as this user.  The format of this file is
+             described above.  The content of the file is not highly
+             sensitive, but the recommended permissions are read/write for the
+             user, and not accessible by others.
 
              If this file, the ~/.ssh directory, or the user's home directory
              are writable by other users, then the file could be modified or
@@ -574,6 +575,7 @@ FILES
      /etc/ssh/ssh_host_key
      /etc/ssh/ssh_host_dsa_key
      /etc/ssh/ssh_host_ecdsa_key
+     /etc/ssh/ssh_host_ed25519_key
      /etc/ssh/ssh_host_rsa_key
              These files contain the private parts of the host keys.  These
              files should only be owned by root, readable only by root, and
@@ -583,6 +585,7 @@ FILES
      /etc/ssh/ssh_host_key.pub
      /etc/ssh/ssh_host_dsa_key.pub
      /etc/ssh/ssh_host_ecdsa_key.pub
+     /etc/ssh/ssh_host_ed25519_key.pub
      /etc/ssh/ssh_host_rsa_key.pub
              These files contain the public parts of the host keys.  These
              files should be world-readable but writable only by root.  Their
@@ -637,4 +640,4 @@ CAVEATS
      System security is not improved unless rshd, rlogind, and rexecd are
      disabled (thus completely disabling rlogin and rsh into the machine).
 
-OpenBSD 5.4                      June 27, 2013                     OpenBSD 5.4
+OpenBSD 5.4                    December 7, 2013                    OpenBSD 5.4