diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | channels.c | 26 | ||||
| -rw-r--r-- | channels.h | 3 | ||||
| -rw-r--r-- | misc.c | 39 | ||||
| -rw-r--r-- | misc.h | 4 | ||||
| -rw-r--r-- | readconf.c | 22 | ||||
| -rw-r--r-- | readconf.h | 4 | ||||
| -rw-r--r-- | scp.1 | 5 | ||||
| -rw-r--r-- | servconf.c | 11 | ||||
| -rw-r--r-- | servconf.h | 4 | ||||
| -rw-r--r-- | sftp.1 | 5 | ||||
| -rw-r--r-- | ssh-keyscan.1 | 7 | ||||
| -rw-r--r-- | ssh-keyscan.c | 17 | ||||
| -rw-r--r-- | ssh.1 | 5 | ||||
| -rw-r--r-- | ssh.c | 3 | ||||
| -rw-r--r-- | ssh_config.5 | 7 | ||||
| -rw-r--r-- | sshconnect.c | 5 | ||||
| -rw-r--r-- | sshd.c | 9 | ||||
| -rw-r--r-- | sshd_config.5 | 7 |
19 files changed, 149 insertions, 40 deletions
@@ -30,6 +30,12 @@ Request roaming to be enabled if UseRoaming is true and the server supports it. ok markus@ + - reyk@cvs.openbsd.org 2009/10/28 16:38:18 + [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c + channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 + sftp.1 sshd_config.5 readconf.c ssh.c misc.c] + Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. + ok markus@ 20091226 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.296 2009/05/25 06:48:00 andreas Exp $ */ +/* $OpenBSD: channels.c,v 1.297 2009/10/28 16:38:18 reyk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -162,6 +162,9 @@ static u_int x11_fake_data_len; /* AF_UNSPEC or AF_INET or AF_INET6 */ static int IPv4or6 = AF_UNSPEC; +/* Set the routing domain a.k.a. VRF */ +static int channel_rdomain = -1; + /* helper */ static void port_open_helper(Channel *c, char *rtype); @@ -2461,6 +2464,12 @@ channel_set_af(int af) IPv4or6 = af; } +void +channel_set_rdomain(int rdomain) +{ + channel_rdomain = rdomain; +} + static int channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, int *allocated_listen_port, @@ -2569,7 +2578,8 @@ channel_setup_fwd_listener(int type, const char *listen_addr, continue; } /* Create a port to listen for the host. */ - sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + sock = socket_rdomain(ai->ai_family, ai->ai_socktype, + ai->ai_protocol, channel_rdomain); if (sock < 0) { /* this is no error since kernel may not support ipv6 */ verbose("socket: %.100s", strerror(errno)); @@ -2910,8 +2920,9 @@ connect_next(struct channel_connect *cctx) error("connect_next: getnameinfo failed"); continue; } - if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype, - cctx->ai->ai_protocol)) == -1) { + if ((sock = socket_rdomain(cctx->ai->ai_family, + cctx->ai->ai_socktype, cctx->ai->ai_protocol, + channel_rdomain)) == -1) { if (cctx->ai->ai_next == NULL) error("socket: %.100s", strerror(errno)); else @@ -3097,8 +3108,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, for (ai = aitop; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue; - sock = socket(ai->ai_family, ai->ai_socktype, - ai->ai_protocol); + sock = socket_rdomain(ai->ai_family, ai->ai_socktype, + ai->ai_protocol, channel_rdomain); if (sock < 0) { if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { error("socket: %.100s", strerror(errno)); @@ -3273,7 +3284,8 @@ x11_connect_display(void) } for (ai = aitop; ai; ai = ai->ai_next) { /* Create a socket. */ - sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + sock = socket_rdomain(ai->ai_family, ai->ai_socktype, + ai->ai_protocol, channel_rdomain); if (sock < 0) { debug2("socket: %.100s", strerror(errno)); continue; @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.98 2009/02/12 03:00:56 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.99 2009/10/28 16:38:18 reyk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -231,6 +231,7 @@ int channel_find_open(void); /* tcp forwarding */ void channel_set_af(int af); +void channel_set_rdomain(int); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); int channel_add_adm_permitted_opens(char *, int); @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.71 2009/02/21 19:32:04 tobias Exp $ */ +/* $OpenBSD: misc.c,v 1.72 2009/10/28 16:38:18 reyk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -151,6 +151,43 @@ set_nodelay(int fd) error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); } +/* open a socket in the specified routing domain */ +int +socket_rdomain(int domain, int type, int protocol, int rdomain) +{ + int sock, ipproto = IPPROTO_IP; + + if ((sock = socket(domain, type, protocol)) == -1) + return (-1); + + if (rdomain == -1) + return (sock); + + switch (domain) { + case AF_INET6: + ipproto = IPPROTO_IPV6; + /* FALLTHROUGH */ + case AF_INET: + debug2("socket %d af %d setting rdomain %d", + sock, domain, rdomain); + if (setsockopt(sock, ipproto, SO_RDOMAIN, &rdomain, + sizeof(rdomain)) == -1) { + debug("setsockopt SO_RDOMAIN: %.100s", + strerror(errno)); + close(sock); + return (-1); + } + break; + default: + debug("socket %d af %d does not support rdomain %d", + sock, domain, rdomain); + close(sock); + return (-1); + } + + return (sock); +} + /* Characters considered whitespace in strsep calls. */ #define WHITESPACE " \t\r\n" #define QUOTE "\"" @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.38 2008/06/12 20:38:28 dtucker Exp $ */ +/* $OpenBSD: misc.h,v 1.39 2009/10/28 16:38:18 reyk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -54,6 +54,8 @@ void freeargs(arglist *); int tun_open(int, int); +int socket_rdomain(int, int, int, int); + /* Common definitions for ssh tunnel device forwarding */ #define SSH_TUNMODE_NO 0x00 #define SSH_TUNMODE_POINTOPOINT 0x01 @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.178 2009/10/08 14:03:41 markus Exp $ */ +/* $OpenBSD: readconf.c,v 1.179 2009/10/28 16:38:18 reyk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -130,8 +130,8 @@ typedef enum { oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, - oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, - oDeprecated, oUnsupported + oVisualHostKey, oUseRoaming, oRDomain, + oZeroKnowledgePasswordAuthentication, oDeprecated, oUnsupported } OpCodes; /* Textual representations of the tokens. */ @@ -229,6 +229,7 @@ static struct { { "permitlocalcommand", oPermitLocalCommand }, { "visualhostkey", oVisualHostKey }, { "useroaming", oUseRoaming }, + { "rdomain", oRDomain }, #ifdef JPAKE { "zeroknowledgepasswordauthentication", oZeroKnowledgePasswordAuthentication }, @@ -919,6 +920,19 @@ parse_int: intptr = &options->use_roaming; goto parse_flag; + case oRDomain: + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", + filename, linenum); + value = a2port(arg); + if (value == -1) + fatal("%.200s line %d: Bad rdomain.", + filename, linenum); + if (*activep) + options->rdomain = value; + break; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -1069,6 +1083,7 @@ initialize_options(Options * options) options->local_command = NULL; options->permit_local_command = -1; options->use_roaming = -1; + options->rdomain = -1; options->visual_host_key = -1; options->zero_knowledge_password_authentication = -1; } @@ -1217,6 +1232,7 @@ fill_default_options(Options * options) /* options->hostname will be set in the main program if appropriate */ /* options->host_key_alias should not be set by default */ /* options->preferred_authentications will be set in ssh */ + /* options->rdomain should not be set by default */ } /* @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.79 2009/06/27 09:35:06 andreas Exp $ */ +/* $OpenBSD: readconf.h,v 1.80 2009/10/28 16:38:18 reyk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -125,6 +125,8 @@ typedef struct { int use_roaming; + int rdomain; /* routing domain a.k.a. VRF */ + } Options; #define SSHCTL_MASTER_NO 0 @@ -9,9 +9,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.46 2008/07/12 05:33:41 djm Exp $ +.\" $OpenBSD: scp.1,v 1.47 2009/10/28 16:38:18 reyk Exp $ .\" -.Dd $Mdocdate: July 12 2008 $ +.Dd $Mdocdate: October 28 2009 $ .Dt SCP 1 .Os .Sh NAME @@ -158,6 +158,7 @@ For full details of the options listed below, and their possible values, see .It Protocol .It ProxyCommand .It PubkeyAuthentication +.It RDomain .It RekeyLimit .It RhostsRSAAuthentication .It RSAAuthentication @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.196 2009/10/08 14:03:41 markus Exp $ */ +/* $OpenBSD: servconf.c,v 1.197 2009/10/28 16:38:18 reyk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -128,6 +128,7 @@ initialize_server_options(ServerOptions *options) options->adm_forced_command = NULL; options->chroot_directory = NULL; options->zero_knowledge_password_authentication = -1; + options->rdomain = -1; } void @@ -304,7 +305,7 @@ typedef enum { sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, + sUsePrivilegeSeparation, sAllowAgentForwarding, sRDomain, sZeroKnowledgePasswordAuthentication, sDeprecated, sUnsupported } ServerOpCodes; @@ -423,6 +424,7 @@ static struct { { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, { "forcecommand", sForceCommand, SSHCFG_ALL }, + { "rdomain", sRDomain, SSHCFG_GLOBAL }, { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -1294,6 +1296,10 @@ process_server_config_line(ServerOptions *options, char *line, *charptr = xstrdup(arg); break; + case sRDomain: + intptr = &options->rdomain; + goto parse_int; + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); @@ -1570,6 +1576,7 @@ dump_config(ServerOptions *o) dump_cfg_int(sMaxSessions, o->max_sessions); dump_cfg_int(sClientAliveInterval, o->client_alive_interval); dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); + dump_cfg_int(sRDomain, o->rdomain); /* formatted integer arguments */ dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.87 2009/01/22 10:02:34 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.88 2009/10/28 16:38:18 reyk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -150,6 +150,8 @@ typedef struct { int num_permitted_opens; + int rdomain; + char *chroot_directory; } ServerOptions; @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.76 2009/08/19 04:56:03 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.77 2009/10/28 16:38:18 reyk Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 19 2009 $ +.Dd $Mdocdate: October 28 2009 $ .Dt SFTP 1 .Os .Sh NAME @@ -209,6 +209,7 @@ For full details of the options listed below, and their possible values, see .It PubkeyAuthentication .It RekeyLimit .It RhostsRSAAuthentication +.It RDomain .It RSAAuthentication .It SendEnv .It ServerAliveInterval diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 4a586456..c9fb597e 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.26 2008/12/29 01:12:36 stevesk Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.27 2009/10/28 16:38:18 reyk Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: December 29 2008 $ +.Dd $Mdocdate: October 28 2009 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -20,6 +20,7 @@ .Op Fl p Ar port .Op Fl T Ar timeout .Op Fl t Ar type +.Op Fl V Ar rdomain .Op Ar host | addrlist namelist .Ar ... .Ek @@ -95,6 +96,8 @@ for protocol version 2. Multiple values may be specified by separating them with commas. The default is .Dq rsa . +.It Fl V Ar rdomain +Set the routing domain. .It Fl v Verbose mode. Causes diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 9a91be49..f30e8504 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.78 2009/01/22 10:02:34 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.79 2009/10/28 16:38:18 reyk Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -68,6 +68,9 @@ int timeout = 5; int maxfd; #define MAXCON (maxfd - 10) +/* The default routing domain */ +int scan_rdomain = -1; + extern char *__progname; fd_set *read_wait; size_t read_wait_nfdset; @@ -412,7 +415,8 @@ tcpconnect(char *host) if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr)); for (ai = aitop; ai; ai = ai->ai_next) { - s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + s = socket_rdomain(ai->ai_family, ai->ai_socktype, + ai->ai_protocol, scan_rdomain); if (s < 0) { error("socket: %s", strerror(errno)); continue; @@ -715,7 +719,7 @@ usage(void) { fprintf(stderr, "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" - "\t\t [host | addrlist namelist] ...\n", + "\t\t [-V rdomain] [host | addrlist namelist] ...\n", __progname); exit(1); } @@ -741,7 +745,7 @@ main(int argc, char **argv) if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { + while ((opt = getopt(argc, argv, "Hv46p:T:t:f:V:")) != -1) { switch (opt) { case 'H': hash_hosts = 1; @@ -802,6 +806,11 @@ main(int argc, char **argv) case '6': IPv4or6 = AF_INET6; break; + case 'V': + scan_rdomain = a2port(optarg); + if (scan_rdomain < 0) + scan_rdomain = -1; + break; case '?': default: usage(); @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.286 2009/10/22 15:02:12 sobrado Exp $ -.Dd $Mdocdate: October 22 2009 $ +.\" $OpenBSD: ssh.1,v 1.287 2009/10/28 16:38:18 reyk Exp $ +.Dd $Mdocdate: October 28 2009 $ .Dt SSH 1 .Os .Sh NAME @@ -475,6 +475,7 @@ For full details of the options listed below, and their possible values, see .It Protocol .It ProxyCommand .It PubkeyAuthentication +.It RDomain .It RekeyLimit .It RemoteForward .It RhostsRSAAuthentication @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.327 2009/10/24 11:23:42 andreas Exp $ */ +/* $OpenBSD: ssh.c,v 1.328 2009/10/28 16:38:18 reyk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -630,6 +630,7 @@ main(int ac, char **av) fill_default_options(&options); channel_set_af(options.address_family); + channel_set_rdomain(options.rdomain); /* reinit */ log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog); diff --git a/ssh_config.5 b/ssh_config.5 index 89f3896e..fde89947 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.121 2009/10/08 20:42:13 jmc Exp $ -.Dd $Mdocdate: October 8 2009 $ +.\" $OpenBSD: ssh_config.5,v 1.122 2009/10/28 16:38:18 reyk Exp $ +.Dd $Mdocdate: October 28 2009 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -782,6 +782,9 @@ or The default is .Dq yes . This option applies to protocol version 2 only. +.It Cm RDomain +Set the routing domain number. +The default routing domain is set by the system. .It Cm RekeyLimit Specifies the maximum amount of data that may be transmitted before the session key is renegotiated. diff --git a/sshconnect.c b/sshconnect.c index 3e57e859..a09026e6 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.214 2009/05/28 16:50:16 andreas Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.215 2009/10/28 16:38:18 reyk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -190,7 +190,8 @@ ssh_create_socket(int privileged, struct addrinfo *ai) debug("Allocated local port %d.", p); return sock; } - sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol, + options.rdomain); if (sock < 0) error("socket: %.100s", strerror(errno)); @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.367 2009/05/28 16:50:16 andreas Exp $ */ +/* $OpenBSD: sshd.c,v 1.368 2009/10/28 16:38:18 reyk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -960,8 +960,8 @@ server_listen(void) continue; } /* Create socket for listening. */ - listen_sock = socket(ai->ai_family, ai->ai_socktype, - ai->ai_protocol); + listen_sock = socket_rdomain(ai->ai_family, ai->ai_socktype, + ai->ai_protocol, options.rdomain); if (listen_sock < 0) { /* kernel may not support ipv6 */ verbose("socket: %.100s", strerror(errno)); @@ -1469,8 +1469,9 @@ main(int ac, char **av) if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; - /* set default channel AF */ + /* set default channel AF and routing domain */ channel_set_af(options.address_family); + channel_set_rdomain(options.rdomain); /* Check that there are no remaining arguments. */ if (optind < ac) { diff --git a/sshd_config.5 b/sshd_config.5 index 4b3793d1..1a30f29c 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.109 2009/10/08 20:42:13 jmc Exp $ -.Dd $Mdocdate: October 8 2009 $ +.\" $OpenBSD: sshd_config.5,v 1.110 2009/10/28 16:38:18 reyk Exp $ +.Dd $Mdocdate: October 28 2009 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -812,6 +812,9 @@ with successful RSA host authentication is allowed. The default is .Dq no . This option applies to protocol version 1 only. +.It Cm RDomain +Set the routing domain number. +The default routing domain is set by the system. .It Cm RSAAuthentication Specifies whether pure RSA authentication is allowed. The default is |