Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3a37311

Timestamp:

05/03/2012 07:24:30 PM (12 years ago)

Author:

Andrew Benton <andy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

Parents:

Message:

openssh-6.0p1

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@10073 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

: 4 edited

general.ent (modified) (1 diff)
introduction/welcome/changelog.xml (modified) (1 diff)
postlfs/security/openssh.xml (modified) (27 diffs)
xsoft/other/rox-filer.xml (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

general.ent

r5a9e610	r3a37311
127	127	<!ENTITY nettle-version "2.4">
128	128	<!ENTITY nss-version "3.13.4">
129		<!ENTITY openssh-version "~~5.9~~p1">
	129	<!ENTITY openssh-version "6.0p1">
130	130	<!ENTITY openssl-version "1.0.1a">
131	131	<!-- version no longer used, we take whatever mozilla is offering

introduction/welcome/changelog.xml

-              r5a9e610
+              r3a37311
           <para>[abenton] - Added Ntfs-3g 2012.1.15.</para>
         </listitem>
+        <listitem>
+          <para>[abenton] - Updated Openssh to 6.0p1.</para>
+        </listitem>
       </itemizedlist>
     </listitem>

postlfs/security/openssh.xml

-              r5a9e610
+              r3a37311
   %general-entities;
+  <!ENTITY openssh-download-http "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
+  <!ENTITY openssh-download-ftp  "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
+  <!ENTITY openssh-md5sum        "afe17eee7e98d3b8550cc349834a85d0">
+  <!ENTITY openssh-download-http
+    "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
+  <!ENTITY openssh-download-ftp
+    "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
+  <!ENTITY openssh-md5sum        "3c9347aa67862881c5da3f3b1c08da7b">
   <!ENTITY openssh-size          "1.1 MB">
   <!ENTITY openssh-buildsize     "44 MB">
   <!ENTITY openssh-time          "3.5 SBU (including the test suite)">
+  <!ENTITY openssh-buildsize     "31 MB">
+  <!ENTITY openssh-time          "0.6 SBU">
 ]>
 …
   <title>OpenSSH-&openssh-version;</title>
+  <para>The <application>OpenSSH</application> package contains
+  <command>ssh</command> clients and the <command>sshd</command> daemon.
+  This is useful for encrypting authentication and subsequent traffic
+  over a network. The <command>ssh</command> and <command>scp</command>
+  commands are secure implementions of <command>telnet</command> and
+  <command>rcp</command> respectively.</para>
+  &lfs70_checked;
+  <para>
+    The <application>OpenSSH</application> package contains
+    <command>ssh</command> clients and the <command>sshd</command> daemon. This
+    is useful for encrypting authentication and subsequent traffic over a
+    network. The <command>ssh</command> and <command>scp</command> commands are
+    secure implementions of <command>telnet</command> and <command>rcp</command>
+    respectively.
+  </para>
+  &lfs71_checked;
   <indexterm zone="openssh">
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&openssh-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&openssh-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &openssh-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &openssh-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &openssh-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &openssh-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&openssh-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&openssh-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &openssh-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &openssh-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &openssh-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &openssh-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional"><xref linkend="linux-pam"/>,
+    <xref linkend="tcpwrappers"/>,
+    <xref linkend="x-window-system"/>,
+    <xref linkend="mitkrb"/>,
+    <ulink url="http://www.thrysoee.dk/editline/">libedit</ulink>
+    (provides a command-line history feature to <command>sftp</command>),
+    <ulink url="http://www.opensc-project.org/">OpenSC</ulink>, and
+    <ulink
+    url="http://www.citi.umich.edu/projects/smartcard/sectok.html">libsectok</ulink></para>
+    <para role="optional">
+      <xref linkend="linux-pam"/>,
+      <xref linkend="tcpwrappers"/>,
+      <xref linkend="x-window-system"/>,
+      <xref linkend="mitkrb"/>,
+      <ulink url="http://www.thrysoee.dk/editline/">libedit</ulink>
+      (provides a command-line history feature to <command>sftp</command>),
+      <ulink url="http://www.opensc-project.org/">OpenSC</ulink> and
+      <ulink url="http://www.citi.umich.edu/projects/smartcard/sectok.html">libsectok</ulink>
+    </para>
     <bridgehead renderas="sect4">Optional Runtime (Used only to gather entropy)</bridgehead>
+    <para role="optional"><xref linkend="icedtea6"/> or <xref linkend="jdk"/>,
+    <xref linkend="net-tools"/>, and
+    <xref linkend="sysstat"/>.</para>
+    <para condition="html" role="usernotes">User Notes:
+    <ulink url='&blfs-wiki;/OpenSSH'/></para>
+    <para role="optional">
+      <xref linkend="icedtea6"/> or <xref linkend="jdk"/>,
+      <xref linkend="net-tools"/> and
+      <xref linkend="sysstat"/>.
+    </para>
+    <para condition="html" role="usernotes">
+        User Notes: <ulink url='&blfs-wiki;/OpenSSH'/>
+    </para>
   </sect2>
 …
     <title>Installation of OpenSSH</title>
+    <para><application>OpenSSH</application> runs as two processes when
+    connecting to other computers. The first process is a privileged process
+    and controls the issuance of privileges as necessary. The second process
+    communicates with the network. Additional installation steps are necessary
+    to set up the proper environment, which are performed by issuing the
+    following commands as the <systemitem class="username">root</systemitem>
+    user:</para>
+    <para>
+      <application>OpenSSH</application> runs as two processes when connecting
+      to other computers. The first process is a privileged process and controls
+      the issuance of privileges as necessary. The second process communicates
+      with the network. Additional installation steps are necessary to set up
+      the proper environment, which are performed by issuing the following
+      commands as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>install -v -m700 -d /var/lib/sshd &amp;&amp;
 …
     -s /bin/false -u 50 sshd</userinput></screen>
+    <para><application>OpenSSH</application> is very sensitive to changes in
+    the linked <application>OpenSSL</application> libraries. If you recompile
+    <application>OpenSSL</application>, <application>OpenSSH</application> may
+    fail to start up. An alternative is to link against the static
+    <application>OpenSSL</application> library. To link against the static
+    library, execute the following command:</para>
+    <para>
+      <application>OpenSSH</application> is very sensitive to changes in the
+      linked <application>OpenSSL</application> libraries. If you recompile
+      <application>OpenSSL</application>, <application>OpenSSH</application> may
+      fail to start up. An alternative is to link against the static
+      <application>OpenSSL</application> library. To link against the static
+      library, execute the following command:
+    </para>
 <screen><userinput>sed -i 's@-lcrypto@/usr/lib/libcrypto.a -ldl@' configure</userinput></screen>
+    <para>Install <application>OpenSSH</application> by running
+    the following commands:</para>
+    <para>
+      Install <application>OpenSSH</application> by running the following
+      commands:
+    </para>
 <screen><userinput>sed -i.bak '/K5LIBS=/s/ -ldes//' configure &amp;&amp;
 …
             --sysconfdir=/etc/ssh \
             --datadir=/usr/share/sshd \
-            --libexecdir=/usr/lib/openssh \
             --with-md5-passwords \
             --with-privsep-path=/var/lib/sshd &amp;&amp;
 make</userinput></screen>
+    <para>If you linked <application>tcp_wrappers</application> into the
+    build using the <option>--with-tcp-wrappers</option> parameter, ensure
+    you add 127.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename>
+    if you have a restrictive <filename>/etc/hosts.deny</filename> file, or the
+    test suite will fail. Additionally, the testsuite requires an installed
+    copy of <command>scp</command> to complete the multiplexing tests.  To
+    run the test suite, first copy the scp program to
+    <filename class="directory">/usr/bin</filename>, making sure that you
+    back up any existing copy first.</para>
+    <para>To run the test suite, issue the following commands:</para>
+    <para>
+      If you linked <application>tcp_wrappers</application> into the build using
+      the <option>--with-tcp-wrappers</option> parameter, ensure you add
+.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename> if you
+      have a restrictive <filename>/etc/hosts.deny</filename> file, or the test
+      suite will fail. Additionally, the testsuite requires an installed copy of
+      <command>scp</command> to complete the multiplexing tests. To run the test
+      suite, first copy the scp program to
+      <filename class="directory">/usr/bin</filename>, making sure that you back
+      up any existing copy first.
+    </para>
+    <para>
+      To run the test suite, issue the following commands:
+    </para>
 <screen role="root"><userinput>make tests 2&gt;&amp;1 | tee check.log
 grep FATAL check.log</userinput></screen>
+    <para>If the above command produces no 'FATAL' errors, then proceed
+    with the installation, as the
+    <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      If the above command produces no 'FATAL' errors, then proceed with the
+      installation, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make install &amp;&amp;
 …
 install -v -m644 INSTALL LICENCE OVERVIEW README* \
     /usr/share/doc/openssh-&openssh-version;</userinput></screen>
   </sect2>
 …
     <title>Command Explanations</title>
+    <para><command>sed -i.bak '/K5LIBS=/s/ -ldes//' configure</command>:
+    This command fixes a build crash if you used the
+    <option>--with-kerberos5</option> parameter and you built the
+    <application>Heimdal</application> package in accordance with the BLFS
+    instructions. The command is harmless in all other instances.</para>
+    <para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents
+    the configuration files from being installed in
+    <filename class="directory">/usr/etc</filename>.</para>
+    <para><parameter>--datadir=/usr/share/sshd</parameter>: This switch
+    puts the Ssh.bin file (used for SmartCard authentication) in
+    <filename class="directory">/usr/share/sshd</filename>.</para>
+    <para><parameter>--with-md5-passwords</parameter>: This is required
+    with the default configuration of Shadow password suite in LFS.</para>
+    <para><parameter>--libexecdir=/usr/lib/openssh</parameter>: This parameter
+    changes the installation path of some programs to
+    <filename class="directory">/usr/lib/openssh</filename> instead of
+    <filename class="directory">/usr/libexec</filename>.</para>
+    <para><parameter>--with-pam</parameter>: This parameter enables
+    <application>Linux-PAM</application> support in the build.</para>
+    <para><parameter>--with-xauth=/usr/bin/xauth</parameter>: Set the
+    default location for the <command>xauth</command> binary for X
+    authentication. Change the location if <command>xauth</command> will
+    be installed to a different path. This can also be controlled from
+    <filename>sshd_config</filename> with the XAuthLocation keyword.
+    You can omit this switch if <application>Xorg</application> is already
+    installed.
+    </para>
+    <para><parameter>--with-kerberos5=/usr</parameter>: This option is used to
+    include Heimdal support in the build.</para>
+    <para>
+      <command>sed -i.bak '/K5LIBS=/s/ -ldes//' configure</command>: This sed
+      fixes a build crash if you used the <option>--with-kerberos5</option>
+      option. The command is harmless in all other instances.
+    </para>
+    <para>
+      <parameter>--sysconfdir=/etc/ssh</parameter>: This prevents the
+      configuration files from being installed in
+      <filename class="directory">/usr/etc</filename>.
+    </para>
+    <para>
+      <parameter>--datadir=/usr/share/sshd</parameter>: This switch puts the
+      Ssh.bin file (used for SmartCard authentication) in
+      <filename class="directory">/usr/share/sshd</filename>.
+    </para>
+    <para>
+      <parameter>--with-md5-passwords</parameter>: This enables the use of MD5
+      passwords.
+    </para>
+    <para>
+      <parameter>--with-pam</parameter>: This parameter enables
+      <application>Linux-PAM</application> support in the build.
+    </para>
+    <para>
+      <parameter>--with-xauth=/usr/bin/xauth</parameter>: Set the default
+      location for the <command>xauth</command> binary for X authentication.
+      Change the location if <command>xauth</command> will be installed to a
+      different path. This can also be controlled from
+      <filename>sshd_config</filename> with the XAuthLocation keyword. You can
+      omit this switch if <application>Xorg</application> is already installed.
+    </para>
+    <para>
+      <parameter>--with-kerberos5=/usr</parameter>: This option is used to
+      include Kerberos 5 support in the build.
+    </para>
   </sect2>
 …
     <title>Configuring OpenSSH</title>
-    <para>If you are only going to use the <command>ssh</command> or
-    <command>scp</command> clients, no configuration or boot scripts are
-    required.</para>
     <sect3 id="openssh-config">
       <title>Config Files</title>
+      <para><filename>~/.ssh/*</filename>,
+      <para>
+        <filename>~/.ssh/*</filename>,
       <filename>/etc/ssh/ssh_config</filename>, and
+      <filename>/etc/ssh/sshd_config</filename></para>
+      <filename>/etc/ssh/sshd_config</filename>
+        </para>
       <indexterm zone="openssh openssh-config">
 …
       </indexterm>
+      <para>There are no required changes to any of these files. However,
+      you may wish to view the <filename class='directory'>/etc/ssh/</filename>
+      files and make any changes appropriate for the security of your system.
+      One recommended change is that you disable
+      <systemitem class='username'>root</systemitem> login via
+      <command>ssh</command>. Execute the following command as the
+      <systemitem class='username'>root</systemitem> user to disable
+      <systemitem class='username'>root</systemitem> login via
+      <command>ssh</command>:</para>
+      <para>
+        There are no required changes to any of these files. However,
+        you may wish to view the
+        <filename class='directory'>/etc/ssh/</filename> files and make any
+        changes appropriate for the security of your system. One recommended
+        change is that you disable
+        <systemitem class='username'>root</systemitem> login via
+        <command>ssh</command>. Execute the following command as the
+        <systemitem class='username'>root</systemitem> user to disable
+        <systemitem class='username'>root</systemitem> login via
+        <command>ssh</command>:
+      </para>
 <screen role="root"><userinput>echo "PermitRootLogin no" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
+      <para>If you added <application>LinuxPAM</application> support, then you
+      will need to add a configuration file for
+      <application>sshd</application> and enable use of
+      <application>LinuxPAM</application>.  Issue the following commands as the
+      <systemitem class='username'>root</systemitem> user:</para>
+      <para>
+        If you want to be able to log in without typing in your password, first
+        create ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub with
+        <command>ssh-keygen</command> and then copy ~/.ssh/id_rsa.pub to
+        ~/.ssh/authorized_keys on the remote computer that you want to log into.
+        You'll need to change REMOTE_HOSTNAME for the hostname of the remote
+        computer and you'll also need to enter you password for the ssh command
+        to succeed:
+      </para>
+<screen><userinput>ssh-keygen &amp;&amp;
+public_key="$(cat ~/.ssh/id_rsa.pub)" &amp;&amp;
+ssh REMOTE_HOSTNAME "echo ${public_key} &gt;&gt; ~/.ssh/authorized_keys" &amp;&amp;
+unset public_key</userinput></screen>
+      <para>
+        Once you've got passwordless logins working it's actually more secure
+        than logging in with a password (as the private key is much longer than
+        most people's passwords). If you would like to now disable password
+        logins, as the <systemitem class="username">root</systemitem> user:
+      </para>
+<screen role="root"><userinput>echo "PasswordAuthentication no" >> /etc/ssh/sshd_config &amp;&amp;
+echo "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_config</userinput></screen>
+      <para>
+        If you added <application>LinuxPAM</application> support and you want
+        ssh to use it then you will need to add a configuration file for
+        <application>sshd</application> and enable use of
+        <application>LinuxPAM</application>. Note, ssh only uses PAM to check
+        passwords, if you've disabled password logins these commands are not
+        needed. If you want to use PAM issue the following commands as the
+        <systemitem class='username'>root</systemitem> user:
+      </para>
 <screen role="root"><userinput>sed 's@d/login@d/sshd@g' /etc/pam.d/login &gt; /etc/pam.d/sshd &amp;&amp;
 …
 echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
+      <para>Additional configuration information can be found in the man
+      pages for <command>sshd</command>, <command>ssh</command> and
+      <command>ssh-agent</command>.</para>
+      <para>
+        Additional configuration information can be found in the man
+        pages for <command>sshd</command>, <command>ssh</command> and
+        <command>ssh-agent</command>.
+      </para>
     </sect3>
 …
       <title>Boot Script</title>
+      <para>To start the SSH server at system boot, install the
+      <para>
+        To start the SSH server at system boot, install the
       <filename>/etc/rc.d/init.d/sshd</filename> init script included
+      in the <xref linkend="bootscripts"/> package.</para>
+      in the <xref linkend="bootscripts"/> package.
+        </para>
       <indexterm zone="openssh openssh-init">
 …
 <screen role="root"><userinput>make install-sshd</userinput></screen>
     </sect3>
   </sect2>
 …
     <segmentedlist>
       <segtitle>Installed Programs</segtitle>
-      <segtitle>Installed Libraries</segtitle>
       <segtitle>Installed Directories</segtitle>
       <seglistitem>
+        <seg>scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent,
+        ssh-keygen, ssh-keyscan, and ssh-keysign</seg>
+        <seg>None</seg>
+        <seg>/etc/ssh, /var/lib/sshd, /usr/lib/openssh, and
+        /usr/share/doc/openssh-&openssh-version;</seg>
+        <seg>
+          scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent,
+          ssh-keygen, ssh-keyscan and ssh-keysign.
+        </seg>
+        <seg>
+          /etc/ssh,
+          /var/lib/sshd,
+          /usr/lib/openssh and
+          /usr/share/doc/openssh-&openssh-version;.
+        </seg>
       </seglistitem>
     </segmentedlist>
 …
         <term><command>scp</command></term>
         <listitem>
+          <para>is a file copy program that acts like <command>rcp</command>
+          except it uses an encrypted protocol.</para>
+          <para>
+            is a file copy program that acts like <command>rcp</command> except
+            it uses an encrypted protocol.
+          </para>
           <indexterm zone="openssh scp">
             <primary sortas="b-scp">scp</primary>
 …
         <term><command>sftp</command></term>
         <listitem>
+          <para>is an FTP-like program that works over
+          SSH1 and SSH2 protocols.</para>
+          <para>
+            is an FTP-like program that works over the SSH1 and SSH2 protocols.
+          </para>
           <indexterm zone="openssh sftp">
             <primary sortas="b-sftp">sftp</primary>
 …
         <term><command>sftp-server</command></term>
         <listitem>
+          <para>is an SFTP server subsystem. This program is not normally
+          called directly by the user.</para>
+          <para>
+            is an SFTP server subsystem. This program is not normally called
+            directly by the user.
+          </para>
           <indexterm zone="openssh sftp-server">
             <primary sortas="b-sftp-server">sftp-server</primary>
 …
         <term><command>slogin</command></term>
         <listitem>
+          <para>is a symlink to <command>ssh</command>.</para>
+          <para>
+            is a symlink to <command>ssh</command>.
+          </para>
           <indexterm zone="openssh slogin">
             <primary sortas="g-slogin">slogin</primary>
 …
         <term><command>ssh</command></term>
         <listitem>
+          <para>is an <command>rlogin</command>/<command>rsh</command>-like
+          client program except it uses an encrypted protocol.</para>
+          <para>
+            is an <command>rlogin</command>/<command>rsh</command>-like client
+            program except it uses an encrypted protocol.
+          </para>
           <indexterm zone="openssh ssh">
             <primary sortas="b-ssh">ssh</primary>
 …
         <term><command>sshd</command></term>
         <listitem>
+          <para>is a daemon that listens for <command>ssh</command> login
+          requests.</para>
+          <para>
+            is a daemon that listens for <command>ssh</command> login requests.
+          </para>
           <indexterm zone="openssh sshd">
             <primary sortas="b-sshd">sshd</primary>
 …
         <term><command>ssh-add</command></term>
         <listitem>
+          <para>is a tool which adds keys to the
+          <command>ssh-agent</command>.</para>
+          <para>
+            is a tool which adds keys to the <command>ssh-agent</command>.
+          </para>
           <indexterm zone="openssh ssh-add">
             <primary sortas="b-ssh-add">ssh-add</primary>
 …
         <term><command>ssh-agent</command></term>
         <listitem>
+          <para>is an authentication agent that can store private keys.</para>
+          <para>
+            is an authentication agent that can store private keys.
+          </para>
           <indexterm zone="openssh ssh-agent">
             <primary sortas="b-ssh-agent">ssh-agent</primary>
 …
         <term><command>ssh-keygen</command></term>
         <listitem>
+          <para>is a key generation tool.</para>
+          <para>
+            is a key generation tool.
+          </para>
           <indexterm zone="openssh ssh-keygen">
             <primary sortas="b-ssh-keygen">ssh-keygen</primary>
 …
         <term><command>ssh-keyscan</command></term>
         <listitem>
+          <para>is a utility for gathering public host keys from a
+          number of hosts.</para>
+          <para>
+            is a utility for gathering public host keys from a number of hosts.
+          </para>
           <indexterm zone="openssh ssh-keyscan">
             <primary sortas="b-ssh-keyscan">ssh-keyscan</primary>
 …
         <term><command>ssh-keysign</command></term>
         <listitem>
+          <para>is used by <command>ssh</command> to access the local host
+          keys and generate the digital signature required during hostbased
+          authentication with SSH protocol version 2. This program is not normally
+          called directly by the user.</para>
+          <para>
+            is used by <command>ssh</command> to access the local host keys and
+            generate the digital signature required during hostbased
+            authentication with SSH protocol version 2. This program is not
+            normally called directly by the user.
+          </para>
           <indexterm zone="openssh ssh-keysign">
             <primary sortas="b-ssh-keysign">ssh-keysign</primary>
 …
         </listitem>
       </varlistentry>
     </variablelist>
   </sect2>
 </sect1>

xsoft/other/rox-filer.xml

-              r5a9e610
+              r3a37311
         <application>Gnome</application> or <application>KDE</application> you
         may like to create a <filename>rox.desktop</filename> file so that
         <application>rox-filer</application> appears in the panel's menus. As the
         <systemitem class="username">root</systemitem> user:
+        <application>rox-filer</application> appears in the panel's menus. As
+        the <systemitem class="username">root</systemitem> user:
       </para>

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: