Man Page a Day

ssh-vulnkey

Wednesday, June 30th, 2010

ssh-vulnkey -a

DESCRIPTION
ssh-vulnkey checks a key against a blacklist of compromised keys.

A substantial number of keys are known to have been generated using a
broken version of OpenSSL distributed by Debian which failed to seed its
random number generator correctly. Keys generated using these OpenSSL
versions should be assumed to be compromised. This tool may be useful in
checking for such keys.

Keys that are compromised cannot be repaired; replacements must be gener-
ated using ssh-keygen(1). Make sure to update authorized_keys files on
all systems where compromised keys were permitted to authenticate.

The argument list will be interpreted as a list of paths to public key
files or authorized_keys files. If no suitable file is found at a given
path, ssh-vulnkey will append .pub and retry, in case it was given a pri-
vate key file. If no files are given as arguments, ssh-vulnkey will
check ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/identity,
~/.ssh/authorized_keys and ~/.ssh/authorized_keys2, as well as the sys-
tem’s host keys if readable.

If “-” is given as an argument, ssh-vulnkey will read from standard
input. This can be used to process output from ssh-keyscan(1), for exam-
ple:

$ ssh-keyscan -t rsa remote.example.org | ssh-vulnkey -

Unless the PermitBlacklistedKeys option is used, sshd(8) will reject
attempts to authenticate with keys in the compromised list.

The output from ssh-vulnkey looks like this:

/etc/ssh/ssh_host_key:1: COMPROMISED: RSA1 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@host
/home/user/.ssh/id_dsa:1: Not blacklisted: DSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/user/.ssh/id_dsa.pub
/home/user/.ssh/authorized_keys:3: Unknown (blacklist file not installed): RSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@host

Each line is of the following format (any lines beginning with “#”
should be ignored by scripts):

filename:line: status: type size fingerprint comment

It is important to distinguish between the possible values of status:

COMPROMISED
These keys are listed in a blacklist file, normally because their
corresponding private keys are well-known. Replacements must be
generated using ssh-keygen(1).

Not blacklisted
A blacklist file exists for this key type and size, but this key

-a Check keys of all users on the system. You will typically need
to run ssh-vulnkey as root to use this option. For each user,
ssh-vulnkey will check ~/.ssh/id_rsa, ~/.ssh/id_dsa,
~/.ssh/identity, ~/.ssh/authorized_keys and
~/.ssh/authorized_keys2. It will also check the system’s host
keys.

-q Quiet mode. Normally, ssh-vulnkey outputs the fingerprint of
each key scanned, with a description of its status. This option
suppresses that output.

-v Verbose mode. Normally, ssh-vulnkey does not output anything for
keys that are not listed in their corresponding blacklist file
(although it still produces output for keys for which there is no
blacklist file, since their status is unknown). This option
causes ssh-vulnkey to produce output for all keys.

EXIT STATUS
ssh-vulnkey will exit zero if any of the given keys were in the compro-
mised list, otherwise non-zero.

BLACKLIST FILE FORMAT
The blacklist file may start with comments, on lines starting with “#”.
After these initial comments, it must follow a strict format:

o All the lines must be exactly the same length (20 characters
followed by a newline) and must be in sorted order.
o Each line must consist of the lower-case hexadecimal MD5 key
fingerprint, without colons, and with the first 12 characters
removed (that is, the least significant 80 bits of the finger-
print).

The key fingerprint may be generated using ssh-keygen(1):

$ ssh-keygen -l -f /path/to/key

This strict format is necessary to allow the blacklist file to be checked
quickly, using a binary-search algorithm.

FILES
~/.ssh/id_rsa
If present, contains the protocol version 2 RSA authentication
identity of the user.

~/.ssh/id_dsa
If present, contains the protocol version 2 DSA authentication
identity of the user.

~/.ssh/identity
If present, contains the protocol version 1 RSA authentication
identity of the user.

If present, contains the protocol version 2 DSA identity of the
system.

/etc/ssh/ssh_host_key
If present, contains the protocol version 1 RSA identity of the
system.

/usr/share/ssh/blacklist.TYPE-LENGTH
If present, lists the blacklisted keys of type TYPE (“RSA” or
“DSA”) and bit length LENGTH. The format of this file is
described above. RSA1 keys are converted to RSA before being
checked in the blacklist. Note that the fingerprints of RSA1
keys are computed differently, so you will not be able to find
them in the blacklist by hand.

/etc/ssh/blacklist.TYPE-LENGTH
Same as /usr/share/ssh/blacklist.TYPE-LENGTH, but may be edited
by the system administrator to add new blacklist entries.

lkbib

Tuesday, June 29th, 2010

SYNOPSIS
lkbib [ -v ] [ -ifields ] [ -pfilename ] [ -tn ] key…

It is possible to have whitespace between a command line option and its
parameter.

DESCRIPTION
lkbib searches bibliographic databases for references that contain the
keys key… and prints any references found on the standard output.
lkbib will search any databases given by -p options, and then a default
database. The default database is taken from the REFER environment
variable if it is set, otherwise it is /usr/dict/papers/Ind. For each
database filename to be searched, if an index filename.i created by
indxbib(1) exists, then it will be searched instead; each index can
cover multiple databases.

OPTIONS
-v Print the version number.

-pfilename
Search filename. Multiple -p options can be used.

-istring
When searching files for which no index exists, ignore the con-
tents of fields whose names are in string.

-tn Only require the first n characters of keys to be given. Ini-
tially n is 6.

ENVIRONMENT
REFER Default database.

FILES
/usr/dict/papers/Ind Default database to be used if the REFER environ-
ment variable is not set. filename.i Index
files.

SEE ALSO
refer(1), lookbib(1), indxbib(1)

Groff Version 1.18.1 03 March 2005 LKBIB(1)

Posted in Uncategorized | No Comments »

spctoppm

Monday, June 28th, 2010




SYNOPSIS

       spctoppm [spcfile]
DESCRIPTION

       Reads an Atari compressed Spectrum file as input.  Produces a  portable

       pixmap as output.
SEE ALSO

       sputoppm(1), ppm(5)
AUTHOR

       Copyright (C) 1991 by Steve Belczyk (seb3@gte.com) and Jef Poskanzer.
                                 19 July 1990                      spctoppm(1)

Posted in Uncategorized | No Comments »

man2html

Sunday, June 27th, 2010

:23: a tab character is not allowed before an argument
:33: a tab character is not allowed before an argument

SYNOPSIS
man2html [-bare] [-belem name] [-botm lines] [-cgiurl string]
[-cgiurlexp expr] [-compress] [-headmap mapfile] [-help] [-k]
[-leftm chars] [-nodepage] [-noheads] [-pgsize lines]
[-seealso] [-solaris] [-sun] [-title string] [-topm lines]
[-uelem name]

Typical Usage:

man2html [-options] < infile > outfile

man topic | man2html [-options] > outfile

DESCRIPTION
The man2html filter reads formatted nroff text from standard input
(stdin) and writes a HTML document to standard output (stdout).

The formatted nroff output is surrounded with <PRE> tags with the fol-
lowing exceptions/additions:

o Section heads are wrapped in HTML header tags. See the SEC-
TION HEAD MAP FILE section below for additional information. The
-noheads option can be used to disable this feature.

o Bold words designated by a “<char><bs><char>” sequences are wrapped
in <B> tags (or the element specified via the -belem option).

o Underlined words designated by a “_<bs><char>” sequences are
wrapped in <I> tags (or the element specified via the -uelem
option).

OPTIONS
-bare
This option will eliminate HTML <HEAD> and <BODY> tags from the
output. This is useful when you wish to incorporate the output
into another HTML document.

-belem name
Use name as the name of the element to wrap overstriken charac-
ters. The default is B.

-botm lines
The lines argument specifies the number of lines representing the
bottom margin of the formatted nroff input. The line count
includes any running footers. The default value is 7.

-cgiurl string
The string argument specifies a template URL for creating links to
other manpages. See the LINKING TO OTHER MANPAGES section below
for additional information.

-help
Print out a short usage message and then exit immediately.

-k Process input resulting from a manpage keyword search (man -k).
See the KEYWORD SEARCH section below for additional information.

-leftm chars
The chars argument specifies the width of the number of characters
making up the left margin of the formatted nroff input. The
default value is 0.

-nodepage
By default, man2html merges multi-page formatted nroff into a sin-
gle page. This option may be used to disable depagination, caus-
ing running headers and footers in the formatted nroff input to be
carried over into the HTML output.

-noheads
By default, man2html wraps section heads in HTML header tags. See
the SECTION HEAD MAP FILE section below for additional informa-
tion. This option may be specified to disabled this feature.

-pgsize lines
The lines argument specifies the number of lines making up the
page size (length) of the formatted nroff input. The default
value is 66.

-seealso
If the -cgiurl option has been specified, then this option
restricts the creation of links to other manual pages to the
SEE ALSO section only.

-solaris
If the -k option has been specified, then this option modifies its
operation to process the alternate manual page keyword search for-
mat produced by the man(1) utility on systems running Solaris.
See the KEYWORD SEARCH section below for additional information.

-sun Do not require a section head to have bold overstriking in the
formatted nroff input. The option is called sun because it was on
a Sun workstation that section heads in manpages were found to not
be overstruck.

-title string
By default, man2html does not generate a HTML title (<TITLE>).
This option sets the title of the HTML output to the specified
string.

-topm lines
The lines argument specifies number number of lines representing
the top margin of the formatted nroff input. The line count
includes any running headers. The default value is 7.

perl(1) associative arrays. You do not need to be an expert in perl to
write a map file, however, having knowledge of perl allows you to be
more clever.

Augmenting the Default Map
To add to the default mapping defined by man2html, your map file will
contain lines with the following syntax:

$SectionHead{’<section head text>’} = ‘<html header tag>’;

where

<section head text>
is the text of the manpage section head. For example: SYNOPSIS
or DESCRIPTION.

<html header tag>
is the HTML header tag to wrap the section head in. Legal val-
ues are: <H1>, <H2>, <H3>, <H4>, <H5>, <H6>.

Overriding the Default Map
To override the default mapping with your own, then your map file will
have the following syntax:

%SectionHead = (
‘<section head text>’, ‘<html header tag>’,
‘<section head text>’, ‘<html header tag>’,
# … More section head/tag pairs
‘<section head text>’, ‘<html header tag>’,
);

The Default Map
As of this writing, this is the default map used by man2html:

%SectionHead = (
‘\S.*OPTIONS.*’ => ‘<H2>’,
‘AUTHORS?’ => ‘<H2>’,
‘BUGS’ => ‘<H2>’,
‘COMPATIBILITY’ => ‘<H2>’,
‘DEPENDENCIES’ => ‘<H2>’,
‘DESCRIPTION’ => ‘<H2>’,
‘DIAGNOSTICS’ => ‘<H2>’,
‘ENVIRONMENT’ => ‘<H2>’,
‘ERRORS’ => ‘<H2>’,
‘EXAMPLES’ => ‘<H2>’,
‘EXTERNAL INFLUENCES’ => ‘<H2>’,
‘FILES’ => ‘<H2>’,
‘LIMITATIONS’ => ‘<H2>’,
‘NAME’ => ‘<H2>’,
‘NOTES?’ => ‘<H2>’,
‘OPTIONS’ => ‘<H2>’,
‘REFERENCES’ => ‘<H2>’,

You can reassign the $HeadFallback variable to a different value if you
choose. This value is used as the header tag of a section head if no
matches are found in the %SectionHead map.

Using Regular Expressions in the Map File
You may have noticed unusual characters in the default map file, like
“\s” or “*”. The man2html utility actual treats the
<section head text> as a perl regular expression. If you are comfort-
able with perl regular expressions, then you have their full power to
use in your map file.

Caution: The man2html utility already anchors the regular expression to
the beginning of the line with left margin spacing specified by the
-leftm option. Therefore, do not use the `^’ character to anchor your
regular expression to the beginning. However, you may end your expres-
sion with a `$’ to anchor it to the end of the line.

Since the <section head text> is actually a regular expression, you
will have to be careful of special characters if you want them to be
treated literally. Any of the characters `[ ] ( ) . ^ { } $ * ? + |’
should be escaped by prefixing them by the `\’ character if you want
perl to treat them “as is”.

Caution: One should use single quotes instead of double quotes to
delimit <section head text>. This will preserve any `\’ characters for
character escaping or when the `\’ is used for special perl character
matching sequences (e.g., \s, \w, \S).

Other Tid-bits on the Map File
Comments can be inserted in the map file by using the ‘#’ character.
Anything after, and including, the ‘#’ character is ignored, up to the
end of line.

You might be thinking that the above is quite-a-bit-of-stuff just for
doing manpage section heads. However, you will be surprised how much
better the HTML output looks with header tags, even though, everything
else is in a <PRE> tag.

LINKING TO OTHER MANPAGES
The man2html utility allows the ability to link to other manpage refer-
ences. If the -cgiurl option is specified, man2html will create
anchors that link to other manpages.

The URL entered with the -cgiurl option is actually a template that
determines the actual URL used to link to other manpages. The follow-
ing variables are defined during run time that may be used in the tem-
plate string:

$title The title of the manual page referenced.

$section

template to avoid variable interpolation by the CGI program.

Normally, the URL calls a CGI program (hence the option name), but the
URL can easily link to statically converted documents.

Example1:
The following template string is specified to call a CGI program to
retrieve the appropriate manpage linked to:

/cgi-bin/man.cgi?section=${section}${subsection}&topic=${title}

If the ls(1) manpage is referenced in the SEE ALSO section, the above
template will translate to the following URL:

/cgi-bin/man.cgi?section=1&topic=ls

The actual HTML markup will look like the following:

Example2:
The following template string is specified to retrieve pre-converted
manpages:

http://foo.org/man$section/$title.$section$subsection.html

If the mount(1M) manpage is referenced, the above template will trans-
late to the following URL:

http://foo.org/man1/mount.1M.html

The actual HTML markup will look like the following:

<A HREF=”http://foo.org/man1/mount.1M.html”>mount(1M)</A>

-cgiurlexp
The option -cgiurlexp is a more general form of the -cgiurl option.
-cgiurlexp allows one to specify a general Perl expression. For exam-
ple:

$title=~/^db_/i?”$title.html”:”/cgi-bin/man?$title+$section”

A -cgiurl string can be expressed as follows with -cgiurlexp:

return “string”

KEYWORD SEARCH
The man2html utility has the ability to process keyword search output
generated by the man -k or apropos commands, through the use of the -k
option. The man2html utility will generate an HTML document of the
keyword search input having the following format:

your HTML manpages.

Processing Keyword Search Results
Unfortunately, there is no standard controlling the format of keyword
search results. The man2html utility tries it best to handle all the
variations. However, the keyword search results generated by the
Solaris operating system is different enough from other systems that a
special command-line option (-solaris) must be specified to handle its
output.

Example of raw Solaris-type keyword search results:
strcpy strcpy (9f) - copy a string from one location to another.
strcpy string (3c) - string operations
strncpy strcpy (9f) - copy a string from one location to another.
strncpy string (3c) - string operations

If keyword search results on your systems appear in the following for-
mat:

<topic> <actual_manpage> (#) - Description

then you need to specify the -solaris option in addition to the -k
option.

ADDITIONAL NOTES
Different systems format manpages differently. Here is a list of rec-
ommended command-line options for certain systems:

Convex: <defaults should be okay>
HP: -leftm 1 -topm 8
Sun: -sun (and -solaris when using -k)

Some line spacing gets lost in the formatted nroff since the spacing
would occur in the middle of a page break. This can cause text to be
merged that shouldn’t be merged when man2html depaginates the text. To
avoid this problem, man2html keeps track of the margin indent right
before and after a page break. If the margin width of the line after
the page break is less than the line before the page break, then
man2html inserts a blank line in the HTML output.

A manpage cross-reference is detected by the following pseudo expres-
sion: [A-z.-+_]+([0-9][A-z]?)

The man2html utility only recognizes lines with ” - ” (the normal sepa-
rator between manpage references and summary text) while in keyword
search mode.

The man2html utility can be hooked in a CGI script/program to convert
manpages on the fly. This is the reason for the -cgiurl option.

LIMITATIONS
The order that section head mapping is searched is not defined. There-

SEE ALSO
man(1), nroff(1), perl(1)

http://www.oac.uci.edu/indiv/ehood/man2html.html

AUTHOR
Earl Hood
ehood@medusa.acs.uci.edu

ERRORS AND OMISSIONS
Troff version of this document initially created for version 2.1.0 by
C. Jeffery Small (jeff@cjsa.com) by copying, reformatting, rearranging
and partially rewriting the contents of the ascii text file
doc/man2html.txt.

97/08/12 MAN2HTML(1)

Posted in Uncategorized | No Comments »

unlink

Saturday, June 26th, 2010

SYNOPSIS
unlink FILE
unlink OPTION

DESCRIPTION
Call the unlink function to remove the specified FILE.

–help display this help and exit

–version
output version information and exit

AUTHOR
Written by Michael Stone.

REPORTING BUGS
Report bugs to <bug-coreutils@gnu.org>.

COPYRIGHT
Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU
GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

fail2ban-client

Friday, June 25th, 2010





SYNOPSIS

       fail2ban-client [OPTIONS] <COMMAND>
DESCRIPTION

       Fail2Ban  v0.8.2  reads  log file that contains password failure report

       and bans the corresponding IP addresses using firewall rules.
OPTIONS

       -c <DIR>

              configuration directory
       -s <FILE>

              socket path
       -d     dump configuration. For debugging
       -i     interactive mode
       -v     increase verbosity
       -q     decrease verbosity
       -x     force execution of the server (remove socket file)
       -h, –help

              display this help message
       -V, –version

              print the version
COMMAND

              BASIC
       start  starts the server and the jails
       reload reloads the configuration
       reload <JAIL>

              reloads the jail <JAIL>
       stop   stops all jails and terminate the server
       status gets the current status of the server
       ping   tests if the server is alive
              LOGGING
       set loglevel <LEVEL>

              sets logging level to <LEVEL>. 0 is minimal, 4 is debug
       get loglevel

       start <JAIL>

              starts the jail <JAIL>
       stop <JAIL>

              stops the jail <JAIL>. The jail is removed
       status <JAIL>

              gets the current status of <JAIL>
              JAIL CONFIGURATION
       set <JAIL> idle on|off

              sets the idle state of <JAIL>
       set <JAIL> addignoreip <IP>

              adds <IP> to the ignore list of <JAIL>
       set <JAIL> delignoreip <IP>

              removes <IP> from the ignore list of <JAIL>
       set <JAIL> addlogpath <FILE>

              adds <FILE> to the monitoring list of <JAIL>
       set <JAIL> dellogpath <FILE>

              removes <FILE> to the monitoring list of <JAIL>
       set <JAIL> addfailregex <REGEX>

              adds  the  regular  expression <REGEX> which must match failures

              for <JAIL>
       set <JAIL> delfailregex <INDEX>

              removes the regular expression at <INDEX> for failregex
       set <JAIL> addignoreregex <REGEX>

              adds the regular expression <REGEX> which should  match  pattern

              to exclude for <JAIL>
       set <JAIL> delignoreregex <INDEX>

              removes the regular expression at <INDEX> for ignoreregex
       set <JAIL> findtime <TIME>

              sets the number of seconds <TIME> for which the filter will look

              back for <JAIL>
       set <JAIL> bantime <TIME>

              sets the number of seconds <TIME> a  host  will  be  banned  for

              <JAIL>
       set <JAIL> maxretry <RETRY>

              sets  the number of failures <RETRY> before banning the host for

              <JAIL>
       set <JAIL> actionstop <ACT> <CMD>

              sets the stop command <CMD> of the action <ACT> for <JAIL>
       set <JAIL> actioncheck <ACT> <CMD>

              sets the check command <CMD> of the action <ACT> for <JAIL>
       set <JAIL> actionban <ACT> <CMD>

              sets the ban command <CMD> of the action <ACT> for <JAIL>
       set <JAIL> actionunban <ACT> <CMD>

              sets the unban command <CMD> of the action <ACT> for <JAIL>
              JAIL INFORMATION
       get <JAIL> logpath

              gets the list of the monitored files for <JAIL>
       get <JAIL> ignoreip

              gets the list of ignored IP addresses for <JAIL>
       get <JAIL> timeregex

              gets the regular expression used  for  the  time  detection  for

              <JAIL>
       get <JAIL> timepattern

              gets the pattern used for the time detection for <JAIL>
       get <JAIL> failregex

              gets  the list of regular expressions which matches the failures

              for <JAIL>
       get <JAIL> ignoreregex

              gets the list of regular expressions which matches  patterns  to

              ignore for <JAIL>
       get <JAIL> findtime

              gets  the  time for which the filter will look back for failures

              for <JAIL>
       get <JAIL> bantime

              gets the time a host is banned for <JAIL>
       get <JAIL> maxretry

              gets the number of failures allowed for <JAIL>
       get <JAIL> addaction

              gets the last action which has been added for <JAIL>
       get <JAIL> actionstart <ACT>

              gets the start command for the action <ACT> for <JAIL>
AUTHOR

       Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.  Many  contribu-

       tions by Yaroslav O. Halchenko <debian@onerussian.com>.
REPORTING BUGS

       Please     report    bugs    via    Debian    bug    tracking    system

       http://www.debian.org/Bugs/.
COPYRIGHT

       Copyright (C) 2004-2008 Cyril Jaquier

       Copyright of modifications held by their respective authors.   Licensed

       under the GNU General Public License v2 (GPL).
SEE ALSO

       fail2ban-server(1)
fail2ban-client v0.8.2            March 2008                FAIL2BAN-CLIENT(1)

Posted in Uncategorized | No Comments »

ppmtomitsu

Thursday, June 24th, 2010

SYNOPSIS
ppmtomitsu [-sharpness val] [-enlarge val] [-media string] [-copy val]
[-dpi300] [-tiny] [ppmfile]

DESCRIPTION
Reads a portable pixmap as input and converts it into a format suitable
to be printed by a Mitsubishi S340-10 printer, or any other Mitsubishi
color sublimation printer.

The Mitsubishi S340-10 Color Sublimation printer supports 24bit color.
Images of the available sizes take so long to transfer that there is a
fast method, employing a lookuptable, that ppmtomitsu will use if there
is a maximum of 256 colors in the pixmap. ppmtomitsu will try to posi-
tion your image to the center of the paper, and will rotate your image
for you if xsize is larger than ysize. If your image is larger than
the media allows, ppmtomitsu will quit with an error message. (We
decided that the media were too expensive to have careless users pro-
duce misprints.) Once data transmission has started, the job can’t be
stopped in a sane way without resetting the printer. The printer
understands putting together images in the printers memory; ppmtomitsu
doesn’t utilize this as pnmcat etc provide the same functionality and
let you view the result on-screen, too. The S340-10 is the lowest com-
mon denominator printer; for higher resolution printers there’s the
dpi300 option. The other printers also support higher values for
enlarge eg, but I don’t think that’s essential enough to warrant a
change in the program.

-sharpness 1-4
’sharpness’ designation. Default is to use the current sharp-
ness.

-enlarge 1-3
Enlarge by a factor; Default is 1 (no enlarge)

-media A, A4, AS, A4S
Designate the media you’re using. Default is 1184 x 1350, which
will fit on any media. A is 1216 x 1350, A4 is 1184 x 1452, AS
is 1216 x 1650 and A4S is 1184 x 1754. A warning: If you specify
a different media than the printer currently has, the printer
will wait until you put in the correct media or switch it off.

-copy 1-9
The number of copies to produce. Default is 1.

-dpi300
Double the number of allowed pixels for a S3600-30 Printer in
S340-10 compatibility mode. (The S3600-30 has 300 dpi).

-tiny Memory-safing, but always slow. The printer will get the data
line-by-line in 24bit. It’s probably a good idea to use this if
your machine starts paging a lot without this option.

29 Jan 1992 ppmtomitsu(1)

Posted in Uncategorized | No Comments »

sftp

Wednesday, June 23rd, 2010

[-o ssh_option] [-P sftp_server_path] [-R num_requests] [-S program]
[-s subsystem | sftp_server] host
sftp [[user@]host[:file [file]]]
sftp [[user@]host[:dir[/]]]
sftp -b batchfile [user@]host

DESCRIPTION
sftp is an interactive file transfer program, similar to ftp(1), which
performs all operations over an encrypted ssh(1) transport. It may also
use many features of ssh, such as public key authentication and compres-
sion. sftp connects and logs into the specified host, then enters an
interactive command mode.

The second usage format will retrieve files automatically if a non-inter-
active authentication method is used; otherwise it will do so after suc-
cessful interactive authentication.

The third usage format allows sftp to start in a remote directory.

The final usage format allows for automated sessions using the -b option.
In such cases, it is necessary to configure non-interactive authentica-
tion to obviate the need to enter a password at connection time (see
sshd(8) and ssh-keygen(1) for details). The options are as follows:

-1 Specify the use of protocol version 1.

-B buffer_size
Specify the size of the buffer that sftp uses when transferring
files. Larger buffers require fewer round trips at the cost of
higher memory consumption. The default is 32768 bytes.

-b batchfile
Batch mode reads a series of commands from an input batchfile
instead of stdin. Since it lacks user interaction it should be
used in conjunction with non-interactive authentication. A
batchfile of ‘-’ may be used to indicate standard input. sftp
will abort if any of the following commands fail: get, put,
rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, chgrp,
lpwd, df, and lmkdir. Termination on error can be suppressed on
a command by command basis by prefixing the command with a ‘-’
character (for example, -rm /tmp/blah*).

-C Enables compression (via ssh’s -C flag).

-F ssh_config
Specifies an alternative per-user configuration file for ssh(1).
This option is directly passed to ssh(1).

-o ssh_option
Can be used to pass options to ssh in the format used in
ssh_config(5). This is useful for specifying options for which
there is no separate sftp command-line flag. For example, to
ConnectTimeout
ControlMaster
ControlPath
GlobalKnownHostsFile
GSSAPIAuthentication
GSSAPIDelegateCredentials
HashKnownHosts
Host
HostbasedAuthentication
HostKeyAlgorithms
HostKeyAlias
HostName
IdentityFile
IdentitiesOnly
KbdInteractiveDevices
LogLevel
MACs
NoHostAuthenticationForLocalhost
NumberOfPasswordPrompts
PasswordAuthentication
Port
PreferredAuthentications
Protocol
ProxyCommand
PubkeyAuthentication
RekeyLimit
RhostsRSAAuthentication
RSAAuthentication
SendEnv
ServerAliveInterval
ServerAliveCountMax
SmartcardDevice
StrictHostKeyChecking
TCPKeepAlive
UsePrivilegedPort
User
UserKnownHostsFile
VerifyHostKeyDNS

-P sftp_server_path
Connect directly to a local sftp server (rather than via ssh(1)).
This option may be useful in debugging the client and server.

-R num_requests
Specify how many requests may be outstanding at any one time.
Increasing this may slightly improve file transfer speed but will
increase memory usage. The default is 64 outstanding requests.

-S program
Name of the program to use for the encrypted connection. The
program must understand ssh(1) options.

bye Quit sftp.

cd path
Change remote directory to path.

chgrp grp path
Change group of file path to grp. path may contain glob(3) char-
acters and may match multiple files. grp must be a numeric GID.

chmod mode path
Change permissions of file path to mode. path may contain
glob(3) characters and may match multiple files.

chown own path
Change owner of file path to own. path may contain glob(3) char-
acters and may match multiple files. own must be a numeric UID.

df [-hi] [path]
Display usage information for the filesystem holding the current
directory (or path if specified). If the -h flag is specified,
the capacity information will be displayed using “human-readable”
suffixes. The -i flag requests display of inode information in
addition to capacity information. This command is only supported
on servers that implement the “statvfs@openssh.com” extension.

exit Quit sftp.

get [-P] remote-path [local-path]
Retrieve the remote-path and store it on the local machine. If
the local path name is not specified, it is given the same name
it has on the remote machine. remote-path may contain glob(3)
characters and may match multiple files. If it does and
local-path is specified, then local-path must specify a direc-
tory. If the -P flag is specified, then full file permissions
and access times are copied too.

help Display help text.

lcd path
Change local directory to path.

lls [ls-options [path]]
Display local directory listing of either path or current direc-
tory if path is not specified. ls-options may contain any flags
supported by the local system’s ls(1) command. path may contain
glob(3) characters and may match multiple files.

lmkdir path
Create local directory specified by path.

ln oldpath newpath
-a List files beginning with a dot (’.').

-f Do not sort the listing. The default sort order is lexi-
cographical.

-l Display additional details including permissions and own-
ership information.

-n Produce a long listing with user and group information
presented numerically.

-r Reverse the sort order of the listing.

-S Sort the listing by file size.

-t Sort the listing by last modification time.

lumask umask
Set local umask to umask.

mkdir path
Create remote directory specified by path.

progress
Toggle display of progress meter.

put [-P] local-path [remote-path]
Upload local-path and store it on the remote machine. If the
remote path name is not specified, it is given the same name it
has on the local machine. local-path may contain glob(3) charac-
ters and may match multiple files. If it does and remote-path is
specified, then remote-path must specify a directory. If the -P
flag is specified, then the file’s full permission and access
time are copied too.

pwd Display remote working directory.

quit Quit sftp.

rename oldpath newpath
Rename remote file from oldpath to newpath.

rm path
Delete remote file specified by path.

rmdir path
Remove remote directory specified by path.

symlink oldpath newpath
Create a symbolic link from oldpath to newpath.

version
filexfer-00.txt, January 2001, work in progress material.

BSD June 23, 2010 BSD

Posted in Uncategorized | No Comments »

dsaparam

Tuesday, June 22nd, 2010

SYNOPSIS
openssl dsaparam [-inform DER|PEM] [-outform DER|PEM] [-in filename]
[-out filename] [-noout] [-text] [-C] [-rand file(s)] [-genkey]
[-engine id] [numbits]

DESCRIPTION
This command is used to manipulate or generate DSA parameter files.

OPTIONS
-inform DER|PEM
This specifies the input format. The DER option uses an ASN1 DER
encoded form compatible with RFC2459 (PKIX) DSS-Parms that is a
SEQUENCE consisting of p, q and g respectively. The PEM form is the
default format: it consists of the DER format base64 encoded with
additional header and footer lines.

-outform DER|PEM
This specifies the output format, the options have the same meaning
as the -inform option.

-in filename
This specifies the input filename to read parameters from or
standard input if this option is not specified. If the numbits
parameter is included then this option will be ignored.

-out filename
This specifies the output filename parameters to. Standard output
is used if this option is not present. The output filename should
not be the same as the input filename.

-noout
this option inhibits the output of the encoded version of the
parameters.

-text
this option prints out the DSA parameters in human readable form.

-C this option converts the parameters into C code. The parameters can
then be loaded by calling the get_dsaXXX() function.

-genkey
this option will generate a DSA either using the specified or
generated parameters.

-rand file(s)
a file or files containing random data used to seed the random
number generator, or an EGD socket (see RAND_egd(3)). Multiple
files can be specified separated by a OS-dependent character. The
separator is ; for MS-Windows, , for OpenVMS, and : for all others.

numbits
this option specifies that a parameter set should be generated of

DSA parameter generation is a slow process and as a result the same set
of DSA parameters is often used to generate several distinct keys.

SEE ALSO
gendsa(1), dsa(1), genrsa(1), rsa(1)

0.9.8g 2003-01-30 DSAPARAM(1SSL)

Posted in Uncategorized | No Comments »

gprof

Monday, June 21st, 2010





SYNOPSIS

       gprof [ -[abcDhilLrsTvwxyz] ] [ -[ACeEfFJnNOpPqQZ][name] ]

        [ -I dirs ] [ -d[num] ] [ -k from/to ]

        [ -m min-count ] [ -R map_file ] [ -t table-length ]

        [ --[no-]annotated-source[=name] ]

        [ --[no-]exec-counts[=name] ]

        [ --[no-]flat-profile[=name] ] [ --[no-]graph[=name] ]

        [ --[no-]time=name] [ --all-lines ] [ --brief ]

        [ --debug[=level] ] [ --function-ordering ]

        [ --file-ordering map_file ] [ --directory-path=dirs ]

        [ --display-unused-functions ] [ --file-format=name ]

        [ --file-info ] [ --help ] [ --line ] [ --min-count=n ]

        [ --no-static ] [ --print-path ] [ --separate-files ]

        [ --static-call-graph ] [ --sum ] [ --table-length=len ]

        [ --traditional ] [ --version ] [ --width=n ]

        [ --ignore-non-functions ] [ --demangle[=STYLE] ]

        [ --no-demangle ] [ image-file ] [ profile-file ... ]
DESCRIPTION

       “gprof”  produces  an execution profile of C, Pascal, or Fortran77 pro-

       grams.  The effect of called routines is incorporated in the profile of

       each  caller.   The  profile  data is taken from the call graph profile

       file (gmon.out default) which is created by programs that are  compiled

       with  the  -pg  option  of  “cc”, “pc”, and “f77″.  The -pg option also

       links in versions of the library routines that are compiled for profil-

       ing.   “Gprof” reads the given object file (the default is “a.out”) and

       establishes the relation between its symbol table and  the  call  graph

       profile from gmon.out.  If more than one profile file is specified, the

       “gprof” output shows the sum of the profile information  in  the  given

       profile files.
       “Gprof”  calculates  the  amount  of time spent in each routine.  Next,

       these times are propagated along the edges of the call  graph.   Cycles

       are  discovered,  and  calls into a cycle are made to share the time of

       the cycle.
       Several forms of output are available from the analysis.
       The flat profile shows how much time your program spent in  each  func-

       tion,  and how many times that function was called.  If you simply want

       to know which functions burn most of the cycles, it is stated concisely

       here.
       The  call  graph  shows,  for each function, which functions called it,

       which other functions it called, and how many times.  There is also  an

       estimate  of  how  much time was spent in the subroutines of each func-

       tion.  This can suggest places where you might try to  eliminate  func-

       tion calls that use a lot of time.
       The  annotated  source  listing is a copy of the program’s source code,

       labeled with the number of times each line of the program was executed.
           symspec is specified, print output only for matching symbols.
       “-b”

       “–brief”

           If the -b option is given, “gprof” doesn’t print the verbose blurbs

           that try to explain the meaning of all of the fields in the tables.

           This  is useful if you intend to print out the output, or are tired

           of seeing the blurbs.
       “-C[symspec]”

       “–exec-counts[=symspec]”

           The -C option causes “gprof” to print a tally of functions and  the

           number  of  times  each was called.  If symspec is specified, print

           tally only for matching symbols.
           If the profile data file contains basic-block count records, speci-

           fying  the  -l option, along with -C, will cause basic-block execu-

           tion counts to be tallied and displayed.
       “-i”

       “–file-info”

           The -i option causes “gprof” to display summary  information  about

           the  profile  data file(s) and then exit.  The number of histogram,

           call graph, and basic-block count records is displayed.
       “-I dirs”

       “–directory-path=dirs”

           The -I option specifies a list of search directories  in  which  to

           find  source  files.   Environment  variable GPROF_PATH can also be

           used to convey this information.  Used mostly for annotated  source

           output.
       “-J[symspec]”

       “–no-annotated-source[=symspec]”

           The  -J  option  causes “gprof” not to print annotated source code.

           If symspec is  specified,  “gprof”  prints  annotated  source,  but

           excludes matching symbols.
       “-L”

       “–print-path”

           Normally, source filenames are printed with the path component sup-

           pressed.  The -L option causes “gprof” to print the  full  pathname

           of  source  filenames,  which is determined from symbolic debugging

           information in the image file and is relative to the  directory  in

           which the compiler was invoked.
       “-p[symspec]”

       “–flat-profile[=symspec]”

           The  -p  option causes “gprof” to print a flat profile.  If symspec

           is specified, print flat profile only for matching symbols.
       “-P[symspec]”

           If  symspec is specified, “gprof” prints a call graph, but excludes

           matching symbols.
       “-t”

       “–table-length=num”

           The -t option causes the num  most  active  source  lines  in  each

           source  file  to  be listed when source annotation is enabled.  The

           default is 10.
       “-y”

       “–separate-files”

           This  option  affects  annotated  source  output  only.   Normally,

           “gprof”  prints annotated source files to standard-output.  If this

           option is specified, annotated source for a file  named  path/file-

           name is generated in the file filename-ann.  If the underlying file

           system would truncate filename-ann so that it overwrites the origi-

           nal  filename, “gprof” generates annotated source in the file file-

           name.ann instead (if the original file name has an extension,  that

           extension is replaced with .ann).
       “-Z[symspec]”

       “–no-exec-counts[=symspec]”

           The  -Z option causes “gprof” not to print a tally of functions and

           the number of times each was  called.   If  symspec  is  specified,

           print tally, but exclude matching symbols.
       “-r”

       “–function-ordering”

           The  –function-ordering option causes “gprof” to print a suggested

           function ordering for the program based on  profiling  data.   This

           option suggests an ordering which may improve paging, tlb and cache

           behavior for the program on systems which support arbitrary  order-

           ing of functions in an executable.
           The  exact details of how to force the linker to place functions in

           a particular order is system dependent and out of the scope of this

           manual.
       “-R map_file”

       “–file-ordering map_file”

           The  –file-ordering  option causes “gprof” to print a suggested .o

           link line ordering for the program based on profiling  data.   This

           option suggests an ordering which may improve paging, tlb and cache

           behavior for the program on systems which do not support  arbitrary

           ordering of functions in an executable.
           Use of the -a argument is highly recommended with this option.
           The  map_file argument is a pathname to a file which provides func-

           tion name to object file mappings.  The format of the file is simi-

           lar to the output of the program “nm”.
           The -T option causes “gprof” to print its output  in  “traditional”

           BSD style.
       “-w width”

       “–width=width”

           Sets  width  of  output  lines  to width.  Currently only used when

           printing the function index at the bottom of the call graph.
       “-x”

       “–all-lines”

           This option affects annotated source output only.  By default, only

           the lines at the beginning of a basic-block are annotated.  If this

           option is specified, every line in a basic-block  is  annotated  by

           repeating the annotation for the first line.  This behavior is sim-

           ilar to “tcov”’s -a.
       “–demangle[=style]”

       “–no-demangle”

           These options control whether C++ symbol names should be  demangled

           when  printing  output.   The  default is to demangle symbols.  The

           “–no-demangle” option may be used to turn off demangling.  Differ-

           ent  compilers have different mangling styles.  The optional deman-

           gling style argument can be used to choose  an  appropriate  deman-

           gling style for your compiler.
       Analysis Options
       “-a”

       “–no-static”

           The -a option causes “gprof” to suppress the printing of statically

           declared (private) functions.  (These are functions whose names are

           not  listed  as  global,  and  which  are  not  visible outside the

           file/function/block where they were defined.)  Time spent in  these

           functions,  calls to/from them, etc., will all be attributed to the

           function that was loaded directly before it in the executable file.

           This option affects both the flat profile and the call graph.
       “-c”

       “–static-call-graph”

           The  -c option causes the call graph of the program to be augmented

           by a heuristic which examines the text space of the object file and

           identifies function calls in the binary machine code.  Since normal

           call graph records are only generated when functions  are  entered,

           this  option  identifies  children that could have been called, but

           never were.  Calls to functions that were not compiled with profil-

           ing  enabled  are also identified, but only if symbol table entries

           are present for them.  Calls to dynamic library routines are  typi-

           cally not found by this option.  Parents or children identified via

           this heuristic are indicated in the call graph with call counts  of

           0.
           of functions.  This feature only works with  programs  compiled  by

           older  versions of the “gcc” compiler.  Newer versions of “gcc” are

           designed to work with the “gcov” tool instead.
           If the program was compiled with basic-block counting enabled, this

           option will also identify how many times each line of code was exe-

           cuted.  While line-by-line profiling can help isolate  where  in  a

           large  function  a  program  is spending its time, it also signifi-

           cantly increases the running time of “gprof”, and magnifies statis-

           tical inaccuracies.
       “-m num”

       “–min-count=num”

           This  option affects execution count output only.  Symbols that are

           executed less than num times are suppressed.
       “-nsymspec”

       “–time=symspec”

           The -n option causes “gprof”, in its call graph analysis,  to  only

           propagate times for symbols matching symspec.
       “-Nsymspec”

       “–no-time=symspec”

           The  -n  option  causes “gprof”, in its call graph analysis, not to

           propagate times for symbols matching symspec.
       “-z”

       “–display-unused-functions”

           If you give the -z option, “gprof” will mention  all  functions  in

           the  flat  profile, even those that were never called, and that had

           no time spent in them.  This is useful in conjunction with  the  -c

           option for discovering which routines were never called.
       Miscellaneous Options
       “-d[num]”

       “–debug[=num]”

           The -d num option specifies debugging options.  If num is not spec-

           ified, enable all debugging.
       “-h”

       “–help”

           The -h option prints command line usage.
       “-Oname”

       “–file-format=name”

           Selects the format of the profile data files.   Recognized  formats

           are  auto (the default), bsd, 4.4bsd, magic, and prof (not yet sup-

           ported).
       “-s”

           then exit.
       Deprecated Options
           These  options have been replaced with newer versions that use sym-

           specs.
       “-e function_name”

           The -e function option tells “gprof” to not print information about

           the function function_name (and its children…) in the call graph.

           The function will still be listed as a child of any functions  that

           call it, but its index number will be shown as [not printed].  More

           than one -e option may be given;  only  one  function_name  may  be

           indicated with each -e option.
       “-E function_name”

           The “-E function” option works like the “-e” option, but time spent

           in the function (and children who were  not  called  from  anywhere

           else),  will not be used to compute the percentages-of-time for the

           call graph.  More than one -E option may be given; only  one  func-

           tion_name may be indicated with each -E option.
       “-f function_name”

           The  -f  function  option causes “gprof” to limit the call graph to

           the function  function_name  and  its  children  (and  their  chil-

           dren…).   More  than  one  -f option may be given; only one func-

           tion_name may be indicated with each -f option.
       “-F function_name”

           The -F function option works like the “-f” option,  but  only  time

           spent in the function and its children (and their children…) will

           be used to determine total-time  and  percentages-of-time  for  the

           call  graph.   More than one -F option may be given; only one func-

           tion_name may be indicated with each  -F  option.   The  -F  option

           overrides the -E option.
FILES

       “a.out”

           the namelist and text space.
       “gmon.out”

           dynamic call graph and profile.
       “gmon.sum”

           summarized dynamic call graph and profile.
BUGS

       The  granularity  of  the sampling is shown, but remains statistical at

       best.  We assume that the time for each execution of a function can  be

       expressed  by  the total time for the function divided by the number of

       times the function is called.  Thus the time propagated along the  call

       graph  arcs  to  the function’s parents is directly proportional to the
SEE ALSO

       monitor(3), profil(2), cc(1), prof(1), and the Info entry for gprof.
       “An Execution Profiler for Modular Programs”, by S. Graham, P. Kessler,

       M.  McKusick; Software - Practice and Experience, Vol. 13, pp. 671-685,

       1983.
       “gprof: A Call Graph Execution Profiler”, by S. Graham, P. Kessler,  M.

       McKusick;  Proceedings  of  the  SIGPLAN ‘82 Symposium on Compiler Con-

       struction, SIGPLAN Notices, Vol. 17, No  6, pp. 120-126, June 1982.
COPYRIGHT

       Copyright (c) 1988, 92, 97, 98, 99, 2000, 2001, 2003, 2007  Free  Soft-

       ware Foundation, Inc.
       Permission  is  granted to copy, distribute and/or modify this document

       under the terms of the GNU Free Documentation License, Version  1.1  or

       any  later  version  published by the Free Software Foundation; with no

       Invariant Sections, with no Front-Cover Texts, and with  no  Back-Cover

       Texts.   A copy of the license is included in the section entitled “GNU

       Free Documentation License”.
binutils-2.17.90                  2007-08-06                          GPROF(1)

Posted in Uncategorized | No Comments »

Archive for June, 2010

ssh-vulnkey

lkbib

spctoppm

man2html

unlink

fail2ban-client

ppmtomitsu

sftp

dsaparam

gprof

Pages

Archives

Categories