upstream commit

mention ssh -Q feature to list supported { MAC, cipher, KEX, key } algorithms in more places and include the query string used to list the relevant information; bz#2288
author: djm@openbsd.org <djm@openbsd.org> 2014-12-22 09:05:17 +0000
committer: Damien Miller <djm@mindrot.org> 2014-12-22 20:05:41 +1100
commit: 8f6784f0cb56dc4fd00af3e81a10050a5785228d (patch)
tree: c0b53cd5da9e63f07e760c83332b9f7586d91969
parent: 449e11b4d7847079bd0a2daa6e3e7ea03d8ef700 (diff)
2 files changed, 44 insertions, 5 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 33da983ea..7a5dd52c8 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.197 2014/12/21 23:12:42 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.198 2014/12/22 09:05:17 djm Exp $
-.Dd $Mdocdate: December 21 2014 $
+.Dd $Mdocdate: December 22 2014 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -417,7 +417,9 @@ aes192-cbc,aes256-cbc,arcfour
 The list of available ciphers may also be obtained using the
 .Fl Q
 option of
-.Xr ssh 1 .
+.Xr ssh 1
+with an argument of
+.Dq cipher .
 .It Cm ClearAllForwardings
 Specifies that all local, remote, and dynamic port forwardings
 specified in the configuration files or on the command line be
@@ -793,6 +795,13 @@ ssh-ed25519,ssh-rsa,ssh-dss
 .Pp
 If hostkeys are known for the destination host then this default is modified
 to prefer their algorithms.
+.Pp
+The list of available key types may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq key .
 .It Cm HostKeyAlias
 Specifies an alias that should be used instead of the
 real host name when looking up or saving the host key
@@ -963,6 +972,13 @@ diffie-hellman-group14-sha1,
 diffie-hellman-group-exchange-sha1,
 diffie-hellman-group1-sha1
 .Ed
+.Pp
+The list of available key exchange algorithms may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq kex .
 .It Cm LocalCommand
 Specifies a command to execute on the local machine after successfully
 connecting to the server.
@@ -1052,6 +1068,13 @@ hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,
 hmac-md5,hmac-sha1,hmac-ripemd160,
 hmac-sha1-96,hmac-md5-96
 .Ed
+.Pp
+The list of available MAC algorithms may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq mac .
 .It Cm NoHostAuthenticationForLocalhost
 This option can be used if the home directory is shared across machines.
 In this case localhost will refer to a different machine on each of
diff --git a/sshd_config.5 b/sshd_config.5
index b48088e41..cec2a023a 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.187 2014/12/22 08:24:17 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.188 2014/12/22 09:05:17 djm Exp $
 .Dd $Mdocdate: December 22 2014 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -418,7 +418,9 @@ chacha20-poly1305@openssh.com
 The list of available ciphers may also be obtained using the
 .Fl Q
 option of
-.Xr ssh 1 .
+.Xr ssh 1
+with an argument of
+.Dq cipher .
 .It Cm ClientAliveCountMax
 Sets the number of client alive messages (see below) which may be
 sent without
@@ -760,6 +762,13 @@ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
 diffie-hellman-group-exchange-sha256,
 diffie-hellman-group14-sha1
 .Ed
+.Pp
+The list of available key exchange algorithms may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq kex .
 .It Cm KeyRegenerationInterval
 In protocol version 1, the ephemeral server key is automatically regenerated
 after this many seconds (if it has been used).
@@ -878,6 +887,13 @@ hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
 umac-64@openssh.com,umac-128@openssh.com,
 hmac-sha2-256,hmac-sha2-512
 .Ed
+.Pp
+The list of available MAC algorithms may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq mac .
 .It Cm Match
 Introduces a conditional block.
 If all of the criteria on the
author	djm@openbsd.org <djm@openbsd.org>	2014-12-22 09:05:17 +0000
committer	Damien Miller <djm@mindrot.org>	2014-12-22 20:05:41 +1100
commit	8f6784f0cb56dc4fd00af3e81a10050a5785228d (patch)
tree	c0b53cd5da9e63f07e760c83332b9f7586d91969
parent	449e11b4d7847079bd0a2daa6e3e7ea03d8ef700 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 33da983ea..7a5dd52c8 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.197 2014/12/21 23:12:42 djm Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.198 2014/12/22 09:05:17 djm Exp $
37	.Dd $Mdocdate: December 21 2014 $	37	.Dd $Mdocdate: December 22 2014 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -417,7 +417,9 @@ aes192-cbc,aes256-cbc,arcfour
417	The list of available ciphers may also be obtained using the	417	The list of available ciphers may also be obtained using the
418	.Fl Q	418	.Fl Q
419	option of	419	option of
420	.Xr ssh 1 .	420	.Xr ssh 1
		421	with an argument of
		422	.Dq cipher .
421	.It Cm ClearAllForwardings	423	.It Cm ClearAllForwardings
422	Specifies that all local, remote, and dynamic port forwardings	424	Specifies that all local, remote, and dynamic port forwardings
423	specified in the configuration files or on the command line be	425	specified in the configuration files or on the command line be
@@ -793,6 +795,13 @@ ssh-ed25519,ssh-rsa,ssh-dss
793	.Pp	795	.Pp
794	If hostkeys are known for the destination host then this default is modified	796	If hostkeys are known for the destination host then this default is modified
795	to prefer their algorithms.	797	to prefer their algorithms.
		798	.Pp
		799	The list of available key types may also be obtained using the
		800	.Fl Q
		801	option of
		802	.Xr ssh 1
		803	with an argument of
		804	.Dq key .
796	.It Cm HostKeyAlias	805	.It Cm HostKeyAlias
797	Specifies an alias that should be used instead of the	806	Specifies an alias that should be used instead of the
798	real host name when looking up or saving the host key	807	real host name when looking up or saving the host key
@@ -963,6 +972,13 @@ diffie-hellman-group14-sha1,
963	diffie-hellman-group-exchange-sha1,	972	diffie-hellman-group-exchange-sha1,
964	diffie-hellman-group1-sha1	973	diffie-hellman-group1-sha1
965	.Ed	974	.Ed
		975	.Pp
		976	The list of available key exchange algorithms may also be obtained using the
		977	.Fl Q
		978	option of
		979	.Xr ssh 1
		980	with an argument of
		981	.Dq kex .
966	.It Cm LocalCommand	982	.It Cm LocalCommand
967	Specifies a command to execute on the local machine after successfully	983	Specifies a command to execute on the local machine after successfully
968	connecting to the server.	984	connecting to the server.
@@ -1052,6 +1068,13 @@ hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,
1052	hmac-md5,hmac-sha1,hmac-ripemd160,	1068	hmac-md5,hmac-sha1,hmac-ripemd160,
1053	hmac-sha1-96,hmac-md5-96	1069	hmac-sha1-96,hmac-md5-96
1054	.Ed	1070	.Ed
		1071	.Pp
		1072	The list of available MAC algorithms may also be obtained using the
		1073	.Fl Q
		1074	option of
		1075	.Xr ssh 1
		1076	with an argument of
		1077	.Dq mac .
1055	.It Cm NoHostAuthenticationForLocalhost	1078	.It Cm NoHostAuthenticationForLocalhost
1056	This option can be used if the home directory is shared across machines.	1079	This option can be used if the home directory is shared across machines.
1057	In this case localhost will refer to a different machine on each of	1080	In this case localhost will refer to a different machine on each of


diff --git a/sshd_config.5 b/sshd_config.5 index b48088e41..cec2a023a 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,7 +33,7 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.187 2014/12/22 08:24:17 jmc Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.188 2014/12/22 09:05:17 djm Exp $
37	.Dd $Mdocdate: December 22 2014 $	37	.Dd $Mdocdate: December 22 2014 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
@@ -418,7 +418,9 @@ chacha20-poly1305@openssh.com
418	The list of available ciphers may also be obtained using the	418	The list of available ciphers may also be obtained using the
419	.Fl Q	419	.Fl Q
420	option of	420	option of
421	.Xr ssh 1 .	421	.Xr ssh 1
		422	with an argument of
		423	.Dq cipher .
422	.It Cm ClientAliveCountMax	424	.It Cm ClientAliveCountMax
423	Sets the number of client alive messages (see below) which may be	425	Sets the number of client alive messages (see below) which may be
424	sent without	426	sent without
@@ -760,6 +762,13 @@ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
760	diffie-hellman-group-exchange-sha256,	762	diffie-hellman-group-exchange-sha256,
761	diffie-hellman-group14-sha1	763	diffie-hellman-group14-sha1
762	.Ed	764	.Ed
		765	.Pp
		766	The list of available key exchange algorithms may also be obtained using the
		767	.Fl Q
		768	option of
		769	.Xr ssh 1
		770	with an argument of
		771	.Dq kex .
763	.It Cm KeyRegenerationInterval	772	.It Cm KeyRegenerationInterval
764	In protocol version 1, the ephemeral server key is automatically regenerated	773	In protocol version 1, the ephemeral server key is automatically regenerated
765	after this many seconds (if it has been used).	774	after this many seconds (if it has been used).
@@ -878,6 +887,13 @@ hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
878	umac-64@openssh.com,umac-128@openssh.com,	887	umac-64@openssh.com,umac-128@openssh.com,
879	hmac-sha2-256,hmac-sha2-512	888	hmac-sha2-256,hmac-sha2-512
880	.Ed	889	.Ed
		890	.Pp
		891	The list of available MAC algorithms may also be obtained using the
		892	.Fl Q
		893	option of
		894	.Xr ssh 1
		895	with an argument of
		896	.Dq mac .
881	.It Cm Match	897	.It Cm Match
882	Introduces a conditional block.	898	Introduces a conditional block.
883	If all of the criteria on the	899	If all of the criteria on the