diff options
author | jmc@openbsd.org <jmc@openbsd.org> | 2018-09-20 06:58:48 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-09-21 09:41:10 +1000 |
commit | e6933a2ffa0659d57f3c7b7c457b2c62b2a84613 (patch) | |
tree | 3eb1d7864ad1439ec7ca2960a2748c22bca16855 | |
parent | aa083aa9624ea7b764d5a81c4c676719a1a3e42b (diff) |
upstream: reorder CASignatureAlgorithms, and add them to the
various -o lists; ok djm
OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
-rw-r--r-- | scp.1 | 5 | ||||
-rw-r--r-- | sftp.1 | 5 | ||||
-rw-r--r-- | ssh.1 | 5 | ||||
-rw-r--r-- | ssh_config.5 | 26 |
4 files changed, 22 insertions, 19 deletions
@@ -8,9 +8,9 @@ | |||
8 | .\" | 8 | .\" |
9 | .\" Created: Sun May 7 00:14:37 1995 ylo | 9 | .\" Created: Sun May 7 00:14:37 1995 ylo |
10 | .\" | 10 | .\" |
11 | .\" $OpenBSD: scp.1,v 1.80 2018/07/19 10:28:47 dtucker Exp $ | 11 | .\" $OpenBSD: scp.1,v 1.81 2018/09/20 06:58:48 jmc Exp $ |
12 | .\" | 12 | .\" |
13 | .Dd $Mdocdate: July 19 2018 $ | 13 | .Dd $Mdocdate: September 20 2018 $ |
14 | .Dt SCP 1 | 14 | .Dt SCP 1 |
15 | .Os | 15 | .Os |
16 | .Sh NAME | 16 | .Sh NAME |
@@ -130,6 +130,7 @@ For full details of the options listed below, and their possible values, see | |||
130 | .It CanonicalizeHostname | 130 | .It CanonicalizeHostname |
131 | .It CanonicalizeMaxDots | 131 | .It CanonicalizeMaxDots |
132 | .It CanonicalizePermittedCNAMEs | 132 | .It CanonicalizePermittedCNAMEs |
133 | .It CASignatureAlgorithms | ||
133 | .It CertificateFile | 134 | .It CertificateFile |
134 | .It ChallengeResponseAuthentication | 135 | .It ChallengeResponseAuthentication |
135 | .It CheckHostIP | 136 | .It CheckHostIP |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp.1,v 1.119 2018/07/23 19:53:55 jmc Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.120 2018/09/20 06:58:48 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: July 23 2018 $ | 25 | .Dd $Mdocdate: September 20 2018 $ |
26 | .Dt SFTP 1 | 26 | .Dt SFTP 1 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -200,6 +200,7 @@ For full details of the options listed below, and their possible values, see | |||
200 | .It CanonicalizeHostname | 200 | .It CanonicalizeHostname |
201 | .It CanonicalizeMaxDots | 201 | .It CanonicalizeMaxDots |
202 | .It CanonicalizePermittedCNAMEs | 202 | .It CanonicalizePermittedCNAMEs |
203 | .It CASignatureAlgorithms | ||
203 | .It CertificateFile | 204 | .It CertificateFile |
204 | .It ChallengeResponseAuthentication | 205 | .It ChallengeResponseAuthentication |
205 | .It CheckHostIP | 206 | .It CheckHostIP |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.398 2018/09/12 01:30:10 djm Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.399 2018/09/20 06:58:48 jmc Exp $ |
37 | .Dd $Mdocdate: September 12 2018 $ | 37 | .Dd $Mdocdate: September 20 2018 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -469,6 +469,7 @@ For full details of the options listed below, and their possible values, see | |||
469 | .It CanonicalizeHostname | 469 | .It CanonicalizeHostname |
470 | .It CanonicalizeMaxDots | 470 | .It CanonicalizeMaxDots |
471 | .It CanonicalizePermittedCNAMEs | 471 | .It CanonicalizePermittedCNAMEs |
472 | .It CASignatureAlgorithms | ||
472 | .It CertificateFile | 473 | .It CertificateFile |
473 | .It ChallengeResponseAuthentication | 474 | .It ChallengeResponseAuthentication |
474 | .It CheckHostIP | 475 | .It CheckHostIP |
diff --git a/ssh_config.5 b/ssh_config.5 index a9b44cc44..c7192665f 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,7 +33,7 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.282 2018/09/20 03:30:44 djm Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.283 2018/09/20 06:58:48 jmc Exp $ |
37 | .Dd $Mdocdate: September 20 2018 $ | 37 | .Dd $Mdocdate: September 20 2018 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
@@ -261,18 +261,6 @@ Only useful on systems with more than one address. | |||
261 | .It Cm BindInterface | 261 | .It Cm BindInterface |
262 | Use the address of the specified interface on the local machine as the | 262 | Use the address of the specified interface on the local machine as the |
263 | source address of the connection. | 263 | source address of the connection. |
264 | .It Cm CASignatureAlgorithms | ||
265 | Specifies which algorithms are allowed for signing of certificates | ||
266 | by certificate authorities (CAs). | ||
267 | The default is: | ||
268 | .Bd -literal -offset indent | ||
269 | ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
270 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
271 | .Ed | ||
272 | .Pp | ||
273 | .Xr ssh 1 | ||
274 | will not accept host certificates signed using algorithms other than those | ||
275 | specified. | ||
276 | .It Cm CanonicalDomains | 264 | .It Cm CanonicalDomains |
277 | When | 265 | When |
278 | .Cm CanonicalizeHostname | 266 | .Cm CanonicalizeHostname |
@@ -348,6 +336,18 @@ to be canonicalized to names in the | |||
348 | or | 336 | or |
349 | .Qq *.c.example.com | 337 | .Qq *.c.example.com |
350 | domains. | 338 | domains. |
339 | .It Cm CASignatureAlgorithms | ||
340 | Specifies which algorithms are allowed for signing of certificates | ||
341 | by certificate authorities (CAs). | ||
342 | The default is: | ||
343 | .Bd -literal -offset indent | ||
344 | ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
345 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
346 | .Ed | ||
347 | .Pp | ||
348 | .Xr ssh 1 | ||
349 | will not accept host certificates signed using algorithms other than those | ||
350 | specified. | ||
351 | .It Cm CertificateFile | 351 | .It Cm CertificateFile |
352 | Specifies a file from which the user's certificate is read. | 352 | Specifies a file from which the user's certificate is read. |
353 | A corresponding private key must be provided separately in order | 353 | A corresponding private key must be provided separately in order |