From nobody Sun Mar 05 10:19:46 2023 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PTyPZ2XXBz3wJkM for ; Sun, 5 Mar 2023 10:19:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PTyPZ23zPz4GPJ; Sun, 5 Mar 2023 10:19:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678011586; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RHxRgL2H6ym0NoiHuq1p6RmjYMuiW7Q9I2AU0ugQ2RA=; b=FrZVY/BI6e/HXgTl/VirnOzMToihLZKhMuIXnpUw2nQIrfXxmhjUBzZ8gRbux43TuXh0HL CrL4NH/dQv5rNdzdQPfNVzF4Wy6Z4lebTpNsSx3hOC5DMO6JVfVbZeieZ7A2wuJ1vU245D IjEAbgIDAiea4k/yFt+SLK26szZqFmZpGiG/1NGBTChMTA4NuC/brH+CExQoAHLQReXfw5 Wzr9Afa/20g/l9p9TAhmXOlGsD0QmoBVfpaLv30+k9wLVxw5m3PMuvi9fFtH0NlfDHEl08 0LcgM6Tt9/6lqNKzYwWAS8FdJe68TFU4Djzci1h7Ynq9IkkiZaLNSsdd25wNbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678011586; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RHxRgL2H6ym0NoiHuq1p6RmjYMuiW7Q9I2AU0ugQ2RA=; b=qfMggGM3S7giG77V1LrruXHU65jIwBn8I/uzSfgY5Hg8FKNNhu+ICOvuRSJEZHE7H/tQss ZnaFz99lXymgw+3nShmtBFVswC601niSLTYAJo/qP/AvQJL9pJfNfjBTTeVFrAmC0/x42X LkAhliGvzF3SeMs+U91eAGdnkY6YXHwgOfRJYGu23dspLKTGuQVUCnotjxL2yIcZKTJysu egOaCh4V5rDxp/t7i9vJ9F7gb3FVBOxtrPXNBrFsyer5SJeJAl41FRheu0RZaqqZ3xXNyN arNc/hEhqw2Gk3+me4U8+k6UitoUMM+w5YZoKXxA2KoMZgbV+CmMqkOE7xxp2g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1678011586; a=rsa-sha256; cv=none; b=RiyOk021ZFk0ar2+3yVCtUtUTsWWug0JlaeuFyFvR5aQ8HSXGHLitUSsizNXT1nyforG35 dgiWjPnT/y9aXMBFUSB4NiKuzHgDnVh7HawsS/miu2beZxVwRgIAgb5694hJQshm1+WD9P sPlPjAJ8CQl0F+jM5KIQb5V7eCEBCOBYhsUy1S0SXBU2GTSjrgVIrlOlS9Gi3vzgaFn+8v PAhNWwUQV86McPuP/BhvCFCqS2j95rA7Wfxz14HVPebmI+vAxFMmgVeb+/0iY79c7FOvNY CYLA3l72V13zwU0WxXxhwAvwzyI0SO59tT+pgGNXt4gC5IchxPn9U5uFLxpu5w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PTyPZ11WqzHHD; Sun, 5 Mar 2023 10:19:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 325AJkxC038420; Sun, 5 Mar 2023 10:19:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 325AJk9I038419; Sun, 5 Mar 2023 10:19:46 GMT (envelope-from git) Date: Sun, 5 Mar 2023 10:19:46 GMT Message-Id: <202303051019.325AJk9I038419@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Sergio Carlavilla Delgado Subject: git: bb022d98ed - main - Security Handbook Chapter - Stop using -2 argument in ssh(1) List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-doc-all@freebsd.org X-BeenThere: dev-commits-doc-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: carlavilla X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: bb022d98edf57003f5bb6519b49ba95f6c2e408f Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by carlavilla: URL: https://cgit.FreeBSD.org/doc/commit/?id=bb022d98edf57003f5bb6519b49ba95f6c2e408f commit bb022d98edf57003f5bb6519b49ba95f6c2e408f Author: Tom Hukins AuthorDate: 2023-03-05 10:17:41 +0000 Commit: Sergio Carlavilla Delgado CommitDate: 2023-03-05 10:17:41 +0000 Security Handbook Chapter - Stop using -2 argument in ssh(1) Pull Request: https://github.com/freebsd/freebsd-doc/pull/118 --- documentation/content/en/books/handbook/security/_index.adoc | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/documentation/content/en/books/handbook/security/_index.adoc b/documentation/content/en/books/handbook/security/_index.adoc index 13aea12147..0185fea3b4 100644 --- a/documentation/content/en/books/handbook/security/_index.adoc +++ b/documentation/content/en/books/handbook/security/_index.adoc @@ -1747,15 +1747,12 @@ The following command tells `ssh` to create a tunnel for telnet: [source,shell] .... -% ssh -2 -N -f -L 5023:localhost:23 user@foo.example.com +% ssh -N -f -L 5023:localhost:23 user@foo.example.com % .... This example uses the following options: -`-2`:: -Forces `ssh` to use version 2 to connect to the server. - `-N`:: Indicates no command, or tunnel only. If omitted, `ssh` initiates a normal session. @@ -1782,7 +1779,7 @@ This method can be used to wrap any number of insecure TCP protocols such as SMT [source,shell] .... -% ssh -2 -N -f -L 5025:localhost:25 user@mailserver.example.com +% ssh -N -f -L 5025:localhost:25 user@mailserver.example.com user@mailserver.example.com's password: ***** % telnet localhost 5025 Trying 127.0.0.1... @@ -1803,7 +1800,7 @@ To check email in a secure manner, create an SSH connection to the SSH server an [source,shell] .... -% ssh -2 -N -f -L 2110:mail.example.com:110 user@ssh-server.example.com +% ssh -N -f -L 2110:mail.example.com:110 user@ssh-server.example.com user@ssh-server.example.com's password: ****** .... @@ -1822,7 +1819,7 @@ The solution is to create an SSH connection to a machine outside of the network' [source,shell] .... -% ssh -2 -N -f -L 8888:music.example.com:8000 user@unfirewalled-system.example.org +% ssh -N -f -L 8888:music.example.com:8000 user@unfirewalled-system.example.org user@unfirewalled-system.example.org's password: ******* ....