From bfa8ac40e032d4d204ab6a9202531198cee9706e Mon Sep 17 00:00:00 2001 From: Timo Weingärtner Date: Sat, 27 Aug 2016 21:44:17 +0200 Subject: exploit more help2man features use an include file for explanatory text add environment, author and bug report information to the program's output --- Makefile | 4 ++-- ssh-agent-filter.C | 14 ++++++++++---- ssh-agent-filter.help2man | 12 ++++++++++++ 3 files changed, 24 insertions(+), 6 deletions(-) create mode 100644 ssh-agent-filter.help2man diff --git a/Makefile b/Makefile index a0dd007..e655ff1 100644 --- a/Makefile +++ b/Makefile @@ -27,8 +27,8 @@ all: ssh-agent-filter.1 afssh.1 ssh-askpass-noinput.1 %.1: %.1.md pandoc -s -w man $< -o $@ -ssh-agent-filter.1: ssh-agent-filter - help2man -n $< -o $@ -N ./$< +%.1: %.help2man % + help2man -i $< -o $@ -N -L C.UTF-8 $(*D)/$(*F) ssh-agent-filter: ssh-agent-filter.o diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C index 30aaf9a..0fb6861 100644 --- a/ssh-agent-filter.C +++ b/ssh-agent-filter.C @@ -192,7 +192,7 @@ int make_listen_sock () { } void parse_cmdline (int const argc, char const * const * const argv) { - po::options_description opts{"OPTIONS"}; + po::options_description opts{"Options"}; opts.add_options() ("all-confirmed,A", po::bool_switch(&all_confirmed),"allow all other keys with confirmation") ("comment,c", po::value(&allowed_comment), "key specified by comment") @@ -211,13 +211,19 @@ void parse_cmdline (int const argc, char const * const * const argv) { notify(config); if (config.count("help")) { - cout << "Usage: ssh-agent-filter [ OPTIONS ]" << endl; - cout << opts << endl; + cout << "Usage: ssh-agent-filter [ OPTIONS ]\n"; + cout << opts; + cout << "Environment:\n"; + cout << " SSH_AUTH_SOCK socket of upstream ssh-agent\n"; + cout << " SSH_ASKPASS command to run for confirmation questions\n"; exit(EX_OK); } if (config.count("version")) { - cout << SSH_AGENT_FILTER_VERSION << endl; + cout << SSH_AGENT_FILTER_VERSION "\n"; + cout << "Written by Timo Weingärtner.\n"; + cout << "Report bugs to the Debian BTS at https://bugs.debian.org/\n"; + cout << "or by mail to timo@tiwe.de.\n"; exit(EX_OK); } diff --git a/ssh-agent-filter.help2man b/ssh-agent-filter.help2man new file mode 100644 index 0000000..e546c9e --- /dev/null +++ b/ssh-agent-filter.help2man @@ -0,0 +1,12 @@ +[NAME] +ssh\-agent\-filter \- filtering proxy for ssh\-agent meant to be forwarded to untrusted servers +[DESCRIPTION] +ssh\-agent\-filter provides the unix domain socket interface of an ssh\-agent. +By default it forks and outputs shell code setting SSH_AUTH_SOCK and SSH_AGENT_PID, just like ssh\-agent does. + +It filters each request according to its command line options. +No crypto operations are done by ssh\-agent\-filter; they are delegated to the upstream ssh\-agent. + +ssh\-agent\-filter is not meant to be used directly, but through afssh. +[SEE ALSO] +afssh(1), ssh(1), ssh\-agent(1) -- cgit v1.2.3