diff options
author | Colin Watson <cjwatson@debian.org> | 2015-08-22 10:05:45 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2015-08-22 10:05:45 +0100 |
commit | 58ddb8ad21f21f5358db0204c4ba9abf94a1ca11 (patch) | |
tree | c55df1f23e6fa0fb87a96d8ec4c06a68c3a82b45 /ssh_config.0 | |
parent | 544df7a04ae5b5c1fc30be7c445ad685d7a02dc9 (diff) | |
parent | 1dc8d93ce69d6565747eb44446ed117187621b26 (diff) |
Import openssh_7.0p1.orig.tar.gz
Diffstat (limited to 'ssh_config.0')
-rw-r--r-- | ssh_config.0 | 75 |
1 files changed, 58 insertions, 17 deletions
diff --git a/ssh_config.0 b/ssh_config.0 index b0a614b8a..654807779 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -180,8 +180,12 @@ DESCRIPTION | |||
180 | 180 | ||
181 | Ciphers | 181 | Ciphers |
182 | Specifies the ciphers allowed for protocol version 2 in order of | 182 | Specifies the ciphers allowed for protocol version 2 in order of |
183 | preference. Multiple ciphers must be comma-separated. The | 183 | preference. Multiple ciphers must be comma-separated. If the |
184 | supported ciphers are: | 184 | specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified |
185 | ciphers will be appended to the default set instead of replacing | ||
186 | them. | ||
187 | |||
188 | The supported ciphers are: | ||
185 | 189 | ||
186 | 3des-cbc | 190 | 3des-cbc |
187 | aes128-cbc | 191 | aes128-cbc |
@@ -435,23 +439,35 @@ DESCRIPTION | |||
435 | 439 | ||
436 | HostbasedKeyTypes | 440 | HostbasedKeyTypes |
437 | Specifies the key types that will be used for hostbased | 441 | Specifies the key types that will be used for hostbased |
438 | authentication as a comma-separated pattern list. The default | 442 | authentication as a comma-separated pattern list. Alternately if |
439 | M-bM-^@M-^\*M-bM-^@M-^] will allow all key types. The -Q option of ssh(1) may be | 443 | the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the |
440 | used to list supported key types. | 444 | specified key types will be appended to the default set instead |
445 | of replacing them. The default for this option is: | ||
446 | |||
447 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
448 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
449 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
450 | ssh-ed25519-cert-v01@openssh.com, | ||
451 | ssh-rsa-cert-v01@openssh.com, | ||
452 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
453 | ssh-ed25519,ssh-rsa | ||
454 | |||
455 | The -Q option of ssh(1) may be used to list supported key types. | ||
441 | 456 | ||
442 | HostKeyAlgorithms | 457 | HostKeyAlgorithms |
443 | Specifies the protocol version 2 host key algorithms that the | 458 | Specifies the protocol version 2 host key algorithms that the |
444 | client wants to use in order of preference. The default for this | 459 | client wants to use in order of preference. Alternately if the |
445 | option is: | 460 | specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified |
461 | key types will be appended to the default set instead of | ||
462 | replacing them. The default for this option is: | ||
446 | 463 | ||
447 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 464 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
448 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 465 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
449 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | 466 | ecdsa-sha2-nistp521-cert-v01@openssh.com, |
450 | ssh-ed25519-cert-v01@openssh.com, | 467 | ssh-ed25519-cert-v01@openssh.com, |
451 | ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, | 468 | ssh-rsa-cert-v01@openssh.com, |
452 | ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com, | ||
453 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 469 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
454 | ssh-ed25519,ssh-rsa,ssh-dss | 470 | ssh-ed25519,ssh-rsa |
455 | 471 | ||
456 | If hostkeys are known for the destination host then this default | 472 | If hostkeys are known for the destination host then this default |
457 | is modified to prefer their algorithms. | 473 | is modified to prefer their algorithms. |
@@ -548,14 +564,16 @@ DESCRIPTION | |||
548 | 564 | ||
549 | KexAlgorithms | 565 | KexAlgorithms |
550 | Specifies the available KEX (Key Exchange) algorithms. Multiple | 566 | Specifies the available KEX (Key Exchange) algorithms. Multiple |
551 | algorithms must be comma-separated. The default is: | 567 | algorithms must be comma-separated. Alternately if the specified |
568 | value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods | ||
569 | will be appended to the default set instead of replacing them. | ||
570 | The default is: | ||
552 | 571 | ||
553 | curve25519-sha256@libssh.org, | 572 | curve25519-sha256@libssh.org, |
554 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, | 573 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, |
555 | diffie-hellman-group-exchange-sha256, | 574 | diffie-hellman-group-exchange-sha256, |
556 | diffie-hellman-group-exchange-sha1, | 575 | diffie-hellman-group-exchange-sha1, |
557 | diffie-hellman-group14-sha1, | 576 | diffie-hellman-group14-sha1 |
558 | diffie-hellman-group1-sha1 | ||
559 | 577 | ||
560 | The list of available key exchange algorithms may also be | 578 | The list of available key exchange algorithms may also be |
561 | obtained using the -Q option of ssh(1) with an argument of M-bM-^@M-^\kexM-bM-^@M-^]. | 579 | obtained using the -Q option of ssh(1) with an argument of M-bM-^@M-^\kexM-bM-^@M-^]. |
@@ -604,9 +622,15 @@ DESCRIPTION | |||
604 | MACs Specifies the MAC (message authentication code) algorithms in | 622 | MACs Specifies the MAC (message authentication code) algorithms in |
605 | order of preference. The MAC algorithm is used in protocol | 623 | order of preference. The MAC algorithm is used in protocol |
606 | version 2 for data integrity protection. Multiple algorithms | 624 | version 2 for data integrity protection. Multiple algorithms |
607 | must be comma-separated. The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] | 625 | must be comma-separated. If the specified value begins with a |
608 | calculate the MAC after encryption (encrypt-then-mac). These are | 626 | M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified algorithms will be appended to |
609 | considered safer and their use recommended. The default is: | 627 | the default set instead of replacing them. |
628 | |||
629 | The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after | ||
630 | encryption (encrypt-then-mac). These are considered safer and | ||
631 | their use recommended. | ||
632 | |||
633 | The default is: | ||
610 | 634 | ||
611 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | 635 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, |
612 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, | 636 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, |
@@ -696,6 +720,23 @@ DESCRIPTION | |||
696 | back to ssh(1) instead of continuing to execute and pass data. | 720 | back to ssh(1) instead of continuing to execute and pass data. |
697 | The default is M-bM-^@M-^\noM-bM-^@M-^]. | 721 | The default is M-bM-^@M-^\noM-bM-^@M-^]. |
698 | 722 | ||
723 | PubkeyAcceptedKeyTypes | ||
724 | Specifies the key types that will be used for public key | ||
725 | authentication as a comma-separated pattern list. Alternately if | ||
726 | the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key | ||
727 | types after it will be appended to the default instead of | ||
728 | replacing it. The default for this option is: | ||
729 | |||
730 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
731 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
732 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
733 | ssh-ed25519-cert-v01@openssh.com, | ||
734 | ssh-rsa-cert-v01@openssh.com, | ||
735 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
736 | ssh-ed25519,ssh-rsa | ||
737 | |||
738 | The -Q option of ssh(1) may be used to list supported key types. | ||
739 | |||
699 | PubkeyAuthentication | 740 | PubkeyAuthentication |
700 | Specifies whether to try public key authentication. The argument | 741 | Specifies whether to try public key authentication. The argument |
701 | to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. | 742 | to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. |
@@ -982,4 +1023,4 @@ AUTHORS | |||
982 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 1023 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
983 | versions 1.5 and 2.0. | 1024 | versions 1.5 and 2.0. |
984 | 1025 | ||
985 | OpenBSD 5.7 June 2, 2015 OpenBSD 5.7 | 1026 | OpenBSD 5.8 July 30, 2015 OpenBSD 5.8 |