- OpenBSD CVS update

- markus@cvs.openbsd.org [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c] [ssh.h sshconnect1.c sshconnect2.c sshd.8] - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only) - hugh@cvs.openbsd.org [ssh.1] - zap typo [ssh-keygen.1] - One last nit fix. (markus approved) [sshd.8] - some markus certified spelling adjustments - markus@cvs.openbsd.org [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c] [sshconnect2.c ] - bug compat w/ ssh-2.0.13 x11, split out bugs [nchan.c] - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@ [ssh-keygen.c] - handle escapes in real and original key format, ok millert@ [version.h] - OpenSSH-2.1
author: Damien Miller <djm@mindrot.org> 2000-05-09 11:02:59 +1000
committer: Damien Miller <djm@mindrot.org> 2000-05-09 11:02:59 +1000
commit: 30c3d429306bb4afe71c18db92816b981f7b6d9d (patch)
tree: a65f45e0073cb55ad42957a36b4636ff21405108 /ssh.1
parent: 61e50f10c276009bf9472fdd797bf6be60fc2a83 (diff)
1 files changed, 11 insertions, 6 deletions
diff --git a/ssh.1 b/ssh.1
index a4738e63f..48040c439 100644
--- a/ssh.1
+++ b/ssh.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: ssh.1,v 1.24 2000/05/07 02:03:19 damien Exp $
+.\" $Id: ssh.1,v 1.25 2000/05/09 01:03:02 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH 1
@@ -25,7 +25,7 @@
 .Pp
 .Nm ssh
 .Op Fl afgknqtvxCPX246
-.Op Fl c Ar blowfish | 3des
+.Op Fl c Ar cipher_spec
 .Op Fl e Ar escape_char
 .Op Fl i Ar identity_file
 .Op Fl l Ar login_name
@@ -202,7 +202,7 @@ This protocol 2 implementation does not yet support Kerberos or
 S/Key authentication.
 .Pp
 Protocol 2 provides additional mechanisms for confidentiality
-(the traffic is encrypted using 3DES, blowfish, cast128 or arcfour)
+(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
 and integrity (hmac-sha1, hmac-md5).
 Note that protocol 1 lacks a strong mechanism for ensuring the
 integrity of the connection.
@@ -342,10 +342,15 @@ It is believed to be secure.
 (triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
 It is presumably more secure than the
 .Ar des
-cipher which is no longer supported in ssh.
+cipher which is no longer supported in
+.Nm ssh .
 .Ar blowfish
 is a fast block cipher, it appears very secure and is much faster than
 .Ar 3des .
+.It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc"
+Additionally, for protocol version 2 a comma-separated list of ciphers can
+be specified in order of preference. Protocol version 2 supports
+3DES, Blowfish and CAST128 in CBC mode and Arcfour.
 .It Fl e Ar ch|^ch|none
 Sets the escape character for sessions with a pty (default:
 .Ql ~ ) .
@@ -601,7 +606,7 @@ Specifies the ciphers allowed for protocol version 2
 in order of preference.
 Multiple ciphers must be comma-separated.
 The default is
-.Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc .
+.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc .
 .It Cm Compression
 Specifies whether to use compression.
 The argument must be
@@ -785,7 +790,7 @@ The default is
 This means that
 .Nm
 tries version 1 and falls back to version 2
-if version 1 is no available.
+if version 1 is not available.
 .It Cm ProxyCommand
 Specifies the command to use to connect to the server.
 The command
author	Damien Miller <djm@mindrot.org>	2000-05-09 11:02:59 +1000
committer	Damien Miller <djm@mindrot.org>	2000-05-09 11:02:59 +1000
commit	30c3d429306bb4afe71c18db92816b981f7b6d9d (patch)
tree	a65f45e0073cb55ad42957a36b4636ff21405108 /ssh.1
parent	61e50f10c276009bf9472fdd797bf6be60fc2a83 (diff)

diff --git a/ssh.1 b/ssh.1 index a4738e63f..48040c439 100644 --- a/ssh.1 +++ b/ssh.1
@@ -9,7 +9,7 @@
9	.\"	9	.\"
10	.\" Created: Sat Apr 22 21:55:14 1995 ylo	10	.\" Created: Sat Apr 22 21:55:14 1995 ylo
11	.\"	11	.\"
12	.\" $Id: ssh.1,v 1.24 2000/05/07 02:03:19 damien Exp $	12	.\" $Id: ssh.1,v 1.25 2000/05/09 01:03:02 damien Exp $
13	.\"	13	.\"
14	.Dd September 25, 1999	14	.Dd September 25, 1999
15	.Dt SSH 1	15	.Dt SSH 1
@@ -25,7 +25,7 @@
25	.Pp	25	.Pp
26	.Nm ssh	26	.Nm ssh
27	.Op Fl afgknqtvxCPX246	27	.Op Fl afgknqtvxCPX246
28	.Op Fl c Ar blowfish \| 3des	28	.Op Fl c Ar cipher_spec
29	.Op Fl e Ar escape_char	29	.Op Fl e Ar escape_char
30	.Op Fl i Ar identity_file	30	.Op Fl i Ar identity_file
31	.Op Fl l Ar login_name	31	.Op Fl l Ar login_name
@@ -202,7 +202,7 @@ This protocol 2 implementation does not yet support Kerberos or
202	S/Key authentication.	202	S/Key authentication.
203	.Pp	203	.Pp
204	Protocol 2 provides additional mechanisms for confidentiality	204	Protocol 2 provides additional mechanisms for confidentiality
205	(the traffic is encrypted using 3DES, blowfish, cast128 or arcfour)	205	(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
206	and integrity (hmac-sha1, hmac-md5).	206	and integrity (hmac-sha1, hmac-md5).
207	Note that protocol 1 lacks a strong mechanism for ensuring the	207	Note that protocol 1 lacks a strong mechanism for ensuring the
208	integrity of the connection.	208	integrity of the connection.
@@ -342,10 +342,15 @@ It is believed to be secure.
342	(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.	342	(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
343	It is presumably more secure than the	343	It is presumably more secure than the
344	.Ar des	344	.Ar des
345	cipher which is no longer supported in ssh.	345	cipher which is no longer supported in
		346	.Nm ssh .
346	.Ar blowfish	347	.Ar blowfish
347	is a fast block cipher, it appears very secure and is much faster than	348	is a fast block cipher, it appears very secure and is much faster than
348	.Ar 3des .	349	.Ar 3des .
		350	.It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc"
		351	Additionally, for protocol version 2 a comma-separated list of ciphers can
		352	be specified in order of preference. Protocol version 2 supports
		353	3DES, Blowfish and CAST128 in CBC mode and Arcfour.
349	.It Fl e Ar ch\|^ch\|none	354	.It Fl e Ar ch\|^ch\|none
350	Sets the escape character for sessions with a pty (default:	355	Sets the escape character for sessions with a pty (default:
351	.Ql ~ ) .	356	.Ql ~ ) .
@@ -601,7 +606,7 @@ Specifies the ciphers allowed for protocol version 2
601	in order of preference.	606	in order of preference.
602	Multiple ciphers must be comma-separated.	607	Multiple ciphers must be comma-separated.
603	The default is	608	The default is
604	.Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc .	609	.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc .
605	.It Cm Compression	610	.It Cm Compression
606	Specifies whether to use compression.	611	Specifies whether to use compression.
607	The argument must be	612	The argument must be
@@ -785,7 +790,7 @@ The default is
785	This means that	790	This means that
786	.Nm	791	.Nm
787	tries version 1 and falls back to version 2	792	tries version 1 and falls back to version 2
788	if version 1 is no available.	793	if version 1 is not available.
789	.It Cm ProxyCommand	794	.It Cm ProxyCommand
790	Specifies the command to use to connect to the server.	795	Specifies the command to use to connect to the server.
791	The command	796	The command