diff options
| author | Colin Watson <cjwatson@debian.org> | 2019-10-09 22:59:48 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2019-10-09 22:59:48 +0100 |
| commit | 4213eec74e74de6310c27a40c3e9759a08a73996 (patch) | |
| tree | e97a6dcafc6763aea7c804e4e113c2750cb1400d /ssh_config.0 | |
| parent | 102062f825fb26a74295a1c089c00c4c4c76b68a (diff) | |
| parent | cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c (diff) | |
Import openssh_8.1p1.orig.tar.gz
Diffstat (limited to 'ssh_config.0')
| -rw-r--r-- | ssh_config.0 | 94 |
1 files changed, 54 insertions, 40 deletions
diff --git a/ssh_config.0 b/ssh_config.0 index 10f1c2e9d..94ef73676 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
| @@ -171,7 +171,7 @@ DESCRIPTION | |||
| 171 | Specifies which algorithms are allowed for signing of | 171 | Specifies which algorithms are allowed for signing of |
| 172 | certificates by certificate authorities (CAs). The default is: | 172 | certificates by certificate authorities (CAs). The default is: |
| 173 | 173 | ||
| 174 | ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 174 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
| 175 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | 175 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa |
| 176 | 176 | ||
| 177 | ssh(1) will not accept host certificates signed using algorithms | 177 | ssh(1) will not accept host certificates signed using algorithms |
| @@ -206,12 +206,14 @@ DESCRIPTION | |||
| 206 | 206 | ||
| 207 | Ciphers | 207 | Ciphers |
| 208 | Specifies the ciphers allowed and their order of preference. | 208 | Specifies the ciphers allowed and their order of preference. |
| 209 | Multiple ciphers must be comma-separated. If the specified value | 209 | Multiple ciphers must be comma-separated. If the specified list |
| 210 | begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be | 210 | begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be |
| 211 | appended to the default set instead of replacing them. If the | 211 | appended to the default set instead of replacing them. If the |
| 212 | specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified | 212 | specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified |
| 213 | ciphers (including wildcards) will be removed from the default | 213 | ciphers (including wildcards) will be removed from the default |
| 214 | set instead of replacing them. | 214 | set instead of replacing them. If the specified list begins with |
| 215 | a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified ciphers will be placed at the | ||
| 216 | head of the default set. | ||
| 215 | 217 | ||
| 216 | The supported ciphers are: | 218 | The supported ciphers are: |
| 217 | 219 | ||
| @@ -255,8 +257,9 @@ DESCRIPTION | |||
| 255 | ConnectTimeout | 257 | ConnectTimeout |
| 256 | Specifies the timeout (in seconds) used when connecting to the | 258 | Specifies the timeout (in seconds) used when connecting to the |
| 257 | SSH server, instead of using the default system TCP timeout. | 259 | SSH server, instead of using the default system TCP timeout. |
| 258 | This value is used only when the target is down or really | 260 | This timeout is applied both to establishing the connection and |
| 259 | unreachable, not when it refuses the connection. | 261 | to performing the initial SSH protocol handshake and key |
| 262 | exchange. | ||
| 260 | 263 | ||
| 261 | ControlMaster | 264 | ControlMaster |
| 262 | Enables the sharing of multiple sessions over a single network | 265 | Enables the sharing of multiple sessions over a single network |
| @@ -445,12 +448,14 @@ DESCRIPTION | |||
| 445 | HostbasedKeyTypes | 448 | HostbasedKeyTypes |
| 446 | Specifies the key types that will be used for hostbased | 449 | Specifies the key types that will be used for hostbased |
| 447 | authentication as a comma-separated list of patterns. | 450 | authentication as a comma-separated list of patterns. |
| 448 | Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | 451 | Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, |
| 449 | then the specified key types will be appended to the default set | 452 | then the specified key types will be appended to the default set |
| 450 | instead of replacing them. If the specified value begins with a | 453 | instead of replacing them. If the specified list begins with a |
| 451 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) | 454 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) |
| 452 | will be removed from the default set instead of replacing them. | 455 | will be removed from the default set instead of replacing them. |
| 453 | The default for this option is: | 456 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the |
| 457 | specified key types will be placed at the head of the default | ||
| 458 | set. The default for this option is: | ||
| 454 | 459 | ||
| 455 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 460 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
| 456 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 461 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
| @@ -465,12 +470,14 @@ DESCRIPTION | |||
| 465 | 470 | ||
| 466 | HostKeyAlgorithms | 471 | HostKeyAlgorithms |
| 467 | Specifies the host key algorithms that the client wants to use in | 472 | Specifies the host key algorithms that the client wants to use in |
| 468 | order of preference. Alternately if the specified value begins | 473 | order of preference. Alternately if the specified list begins |
| 469 | with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be | 474 | with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be |
| 470 | appended to the default set instead of replacing them. If the | 475 | appended to the default set instead of replacing them. If the |
| 471 | specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified | 476 | specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified |
| 472 | key types (including wildcards) will be removed from the default | 477 | key types (including wildcards) will be removed from the default |
| 473 | set instead of replacing them. The default for this option is: | 478 | set instead of replacing them. If the specified list begins with |
| 479 | a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified key types will be placed at | ||
| 480 | the head of the default set. The default for this option is: | ||
| 474 | 481 | ||
| 475 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 482 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
| 476 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 483 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
| @@ -494,19 +501,20 @@ DESCRIPTION | |||
| 494 | option is useful for tunneling SSH connections or for multiple | 501 | option is useful for tunneling SSH connections or for multiple |
| 495 | servers running on a single host. | 502 | servers running on a single host. |
| 496 | 503 | ||
| 497 | HostName | 504 | Hostname |
| 498 | Specifies the real host name to log into. This can be used to | 505 | Specifies the real host name to log into. This can be used to |
| 499 | specify nicknames or abbreviations for hosts. Arguments to | 506 | specify nicknames or abbreviations for hosts. Arguments to |
| 500 | HostName accept the tokens described in the TOKENS section. | 507 | Hostname accept the tokens described in the TOKENS section. |
| 501 | Numeric IP addresses are also permitted (both on the command line | 508 | Numeric IP addresses are also permitted (both on the command line |
| 502 | and in HostName specifications). The default is the name given | 509 | and in Hostname specifications). The default is the name given |
| 503 | on the command line. | 510 | on the command line. |
| 504 | 511 | ||
| 505 | IdentitiesOnly | 512 | IdentitiesOnly |
| 506 | Specifies that ssh(1) should only use the authentication identity | 513 | Specifies that ssh(1) should only use the configured |
| 507 | and certificate files explicitly configured in the ssh_config | 514 | authentication identity and certificate files (either the default |
| 508 | files or passed on the ssh(1) command-line, even if ssh-agent(1) | 515 | files, or those explicitly configured in the ssh_config files or |
| 509 | or a PKCS11Provider offers more identities. The argument to this | 516 | passed on the ssh(1) command-line), even if ssh-agent(1) or a |
| 517 | PKCS11Provider offers more identities. The argument to this | ||
| 510 | keyword must be yes or no (the default). This option is intended | 518 | keyword must be yes or no (the default). This option is intended |
| 511 | for situations where ssh-agent offers many different identities. | 519 | for situations where ssh-agent offers many different identities. |
| 512 | 520 | ||
| @@ -597,12 +605,14 @@ DESCRIPTION | |||
| 597 | 605 | ||
| 598 | KexAlgorithms | 606 | KexAlgorithms |
| 599 | Specifies the available KEX (Key Exchange) algorithms. Multiple | 607 | Specifies the available KEX (Key Exchange) algorithms. Multiple |
| 600 | algorithms must be comma-separated. Alternately if the specified | 608 | algorithms must be comma-separated. If the specified list begins |
| 601 | value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods | 609 | with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods will be appended |
| 602 | will be appended to the default set instead of replacing them. | 610 | to the default set instead of replacing them. If the specified |
| 603 | If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the | 611 | list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified methods |
| 604 | specified methods (including wildcards) will be removed from the | 612 | (including wildcards) will be removed from the default set |
| 605 | default set instead of replacing them. The default is: | 613 | instead of replacing them. If the specified list begins with a |
| 614 | M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified methods will be placed at the | ||
| 615 | head of the default set. The default is: | ||
| 606 | 616 | ||
| 607 | curve25519-sha256,curve25519-sha256@libssh.org, | 617 | curve25519-sha256,curve25519-sha256@libssh.org, |
| 608 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, | 618 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, |
| @@ -655,12 +665,14 @@ DESCRIPTION | |||
| 655 | MACs Specifies the MAC (message authentication code) algorithms in | 665 | MACs Specifies the MAC (message authentication code) algorithms in |
| 656 | order of preference. The MAC algorithm is used for data | 666 | order of preference. The MAC algorithm is used for data |
| 657 | integrity protection. Multiple algorithms must be comma- | 667 | integrity protection. Multiple algorithms must be comma- |
| 658 | separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | 668 | separated. If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, |
| 659 | then the specified algorithms will be appended to the default set | 669 | then the specified algorithms will be appended to the default set |
| 660 | instead of replacing them. If the specified value begins with a | 670 | instead of replacing them. If the specified list begins with a |
| 661 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including | 671 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including |
| 662 | wildcards) will be removed from the default set instead of | 672 | wildcards) will be removed from the default set instead of |
| 663 | replacing them. | 673 | replacing them. If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y |
| 674 | character, then the specified algorithms will be placed at the | ||
| 675 | head of the default set. | ||
| 664 | 676 | ||
| 665 | The algorithms that contain "-etm" calculate the MAC after | 677 | The algorithms that contain "-etm" calculate the MAC after |
| 666 | encryption (encrypt-then-mac). These are considered safer and | 678 | encryption (encrypt-then-mac). These are considered safer and |
| @@ -724,7 +736,7 @@ DESCRIPTION | |||
| 724 | should read from its standard input and write to its standard | 736 | should read from its standard input and write to its standard |
| 725 | output. It should eventually connect an sshd(8) server running | 737 | output. It should eventually connect an sshd(8) server running |
| 726 | on some machine, or execute sshd -i somewhere. Host key | 738 | on some machine, or execute sshd -i somewhere. Host key |
| 727 | management will be done using the HostName of the host being | 739 | management will be done using the Hostname of the host being |
| 728 | connected (defaulting to the name typed by the user). Setting | 740 | connected (defaulting to the name typed by the user). Setting |
| 729 | the command to none disables this option entirely. Note that | 741 | the command to none disables this option entirely. Note that |
| 730 | CheckHostIP is not available for connects with a proxy command. | 742 | CheckHostIP is not available for connects with a proxy command. |
| @@ -759,13 +771,15 @@ DESCRIPTION | |||
| 759 | 771 | ||
| 760 | PubkeyAcceptedKeyTypes | 772 | PubkeyAcceptedKeyTypes |
| 761 | Specifies the key types that will be used for public key | 773 | Specifies the key types that will be used for public key |
| 762 | authentication as a comma-separated list of patterns. | 774 | authentication as a comma-separated list of patterns. If the |
| 763 | Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | 775 | specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key types |
| 764 | then the key types after it will be appended to the default | 776 | after it will be appended to the default instead of replacing it. |
| 765 | instead of replacing it. If the specified value begins with a | 777 | If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the |
| 766 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) | 778 | specified key types (including wildcards) will be removed from |
| 767 | will be removed from the default set instead of replacing them. | 779 | the default set instead of replacing them. If the specified list |
| 768 | The default for this option is: | 780 | begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified key types will be |
| 781 | placed at the head of the default set. The default for this | ||
| 782 | option is: | ||
| 769 | 783 | ||
| 770 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 784 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
| 771 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 785 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
| @@ -876,7 +890,7 @@ DESCRIPTION | |||
| 876 | therefore will not be spoofable. The TCP keepalive option | 890 | therefore will not be spoofable. The TCP keepalive option |
| 877 | enabled by TCPKeepAlive is spoofable. The server alive mechanism | 891 | enabled by TCPKeepAlive is spoofable. The server alive mechanism |
| 878 | is valuable when the client or server depend on knowing when a | 892 | is valuable when the client or server depend on knowing when a |
| 879 | connection has become inactive. | 893 | connection has become unresponsive. |
| 880 | 894 | ||
| 881 | The default value is 3. If, for example, ServerAliveInterval | 895 | The default value is 3. If, for example, ServerAliveInterval |
| 882 | (see below) is set to 15 and ServerAliveCountMax is left at the | 896 | (see below) is set to 15 and ServerAliveCountMax is left at the |
| @@ -1080,7 +1094,7 @@ TOKENS | |||
| 1080 | ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and | 1094 | ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and |
| 1081 | %u. | 1095 | %u. |
| 1082 | 1096 | ||
| 1083 | HostName accepts the tokens %% and %h. | 1097 | Hostname accepts the tokens %% and %h. |
| 1084 | 1098 | ||
| 1085 | IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %i, %l, %r, | 1099 | IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %i, %l, %r, |
| 1086 | and %u. | 1100 | and %u. |
| @@ -1088,7 +1102,7 @@ TOKENS | |||
| 1088 | LocalCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, | 1102 | LocalCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, |
| 1089 | and %u. | 1103 | and %u. |
| 1090 | 1104 | ||
| 1091 | ProxyCommand accepts the tokens %%, %h, %p, and %r. | 1105 | ProxyCommand accepts the tokens %%, %h, %n, %p, and %r. |
| 1092 | 1106 | ||
| 1093 | RemoteCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and | 1107 | RemoteCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and |
| 1094 | %u. | 1108 | %u. |
| @@ -1116,4 +1130,4 @@ AUTHORS | |||
| 1116 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 1130 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
| 1117 | versions 1.5 and 2.0. | 1131 | versions 1.5 and 2.0. |
| 1118 | 1132 | ||
| 1119 | OpenBSD 6.5 March 1, 2019 OpenBSD 6.5 | 1133 | OpenBSD 6.6 September 13, 2019 OpenBSD 6.6 |