diff options
author | Damien Miller <djm@mindrot.org> | 2004-06-15 10:30:39 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2004-06-15 10:30:39 +1000 |
commit | 05202ffe214115afa24bf6e7a6d8c8457e6759bb (patch) | |
tree | f3641217991b813f50e30515cd66ab87f4d7786d /ssh.1 | |
parent | f675fc4948b2ec2c9ff86bcdd58e00947f0e319b (diff) |
- dtucker@cvs.openbsd.org 2004/06/13 14:01:42
[ssh.1 ssh_config.5 sshd_config.5]
List supported ciphers in man pages, tidy up ssh -c;
"looks fine" jmc@, ok markus@
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 51 |
1 files changed, 37 insertions, 14 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.188 2004/05/22 16:01:05 jmc Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.189 2004/06/13 14:01:42 dtucker Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -241,8 +241,8 @@ Additionally, | |||
241 | supports hostbased or challenge response authentication. | 241 | supports hostbased or challenge response authentication. |
242 | .Pp | 242 | .Pp |
243 | Protocol 2 provides additional mechanisms for confidentiality | 243 | Protocol 2 provides additional mechanisms for confidentiality |
244 | (the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) | 244 | (the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour) |
245 | and integrity (hmac-md5, hmac-sha1). | 245 | and integrity (hmac-md5, hmac-sha1, hmac-ripemd160). |
246 | Note that protocol 1 lacks a strong mechanism for ensuring the | 246 | Note that protocol 1 lacks a strong mechanism for ensuring the |
247 | integrity of the connection. | 247 | integrity of the connection. |
248 | .Ss Login session and remote execution | 248 | .Ss Login session and remote execution |
@@ -449,13 +449,18 @@ The default value can be set on a host-by-host basis in the | |||
449 | configuration files; see the | 449 | configuration files; see the |
450 | .Cm Compression | 450 | .Cm Compression |
451 | option. | 451 | option. |
452 | .It Fl c Ar blowfish | 3des | des | 452 | .It Fl c Ar cipher_spec |
453 | Selects the cipher to use for encrypting the session. | 453 | Selects the cipher specification for encrypting the session. |
454 | .Ar 3des | 454 | .Pp |
455 | is used by default. | 455 | Protocol version 1 allows specification of a single cipher. |
456 | It is believed to be secure. | 456 | The suported values are |
457 | .Dq 3des , | ||
458 | .Dq blowfish | ||
459 | and | ||
460 | .Dq des . | ||
457 | .Ar 3des | 461 | .Ar 3des |
458 | (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. | 462 | (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. |
463 | It is believed to be secure. | ||
459 | .Ar blowfish | 464 | .Ar blowfish |
460 | is a fast block cipher; it appears very secure and is much faster than | 465 | is a fast block cipher; it appears very secure and is much faster than |
461 | .Ar 3des . | 466 | .Ar 3des . |
@@ -467,12 +472,30 @@ that do not support the | |||
467 | .Ar 3des | 472 | .Ar 3des |
468 | cipher. | 473 | cipher. |
469 | Its use is strongly discouraged due to cryptographic weaknesses. | 474 | Its use is strongly discouraged due to cryptographic weaknesses. |
470 | .It Fl c Ar cipher_spec | 475 | The default is |
471 | Additionally, for protocol version 2 a comma-separated list of ciphers can | 476 | .Dq 3des . |
472 | be specified in order of preference. | 477 | .Pp |
473 | See | 478 | For protocol version 2 |
474 | .Cm Ciphers | 479 | .Ar cipher_spec |
475 | for more information. | 480 | is a comma-separated list of ciphers |
481 | listed in order of preference. | ||
482 | The supported ciphers are | ||
483 | .Dq 3des-cbc , | ||
484 | .Dq aes128-cbc , | ||
485 | .Dq aes192-cbc , | ||
486 | .Dq aes256-cbc , | ||
487 | .Dq aes128-ctr , | ||
488 | .Dq aes192-ctr , | ||
489 | .Dq aes256-ctr , | ||
490 | .Dq arcfour , | ||
491 | .Dq blowfish-cbc , | ||
492 | and | ||
493 | .Dq cast128-cbc . | ||
494 | The default is | ||
495 | .Bd -literal | ||
496 | ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, | ||
497 | aes192-cbc,aes256-cbc'' | ||
498 | .Ed | ||
476 | .It Fl D Ar port | 499 | .It Fl D Ar port |
477 | Specifies a local | 500 | Specifies a local |
478 | .Dq dynamic | 501 | .Dq dynamic |