diff options
| author | naddy@openbsd.org <naddy@openbsd.org> | 2019-12-19 15:09:30 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2019-12-20 14:25:08 +1100 |
| commit | ae024b22c4fd68e7f39681d605585889f9511108 (patch) | |
| tree | 13b0f16f9f778ba7169ccc5a7ab11a62dec36368 /ssh_config.5 | |
| parent | bc2dc091e0ac4ff6245c43a61ebe12c7e9ea0b7f (diff) | |
upstream: Document that security key-hosted keys can act as host
keys.
Update the list of default host key algorithms in ssh_config.5 and
sshd_config.5. Copy the description of the SecurityKeyProvider
option to sshd_config.5.
ok jmc@
OpenBSD-Commit-ID: edadf3566ab5e94582df4377fee3b8b702c7eca0
Diffstat (limited to 'ssh_config.5')
| -rw-r--r-- | ssh_config.5 | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 93029031a..dc7a2143d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: ssh_config.5,v 1.310 2019/11/30 07:07:59 jmc Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.311 2019/12/19 15:09:30 naddy Exp $ |
| 37 | .Dd $Mdocdate: November 30 2019 $ | 37 | .Dd $Mdocdate: December 19 2019 $ |
| 38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -809,12 +809,16 @@ The default for this option is: | |||
| 809 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 809 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
| 810 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 810 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
| 811 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | 811 | ecdsa-sha2-nistp521-cert-v01@openssh.com, |
| 812 | sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
| 812 | ssh-ed25519-cert-v01@openssh.com, | 813 | ssh-ed25519-cert-v01@openssh.com, |
| 814 | sk-ssh-ed25519-cert-v01@openssh.com, | ||
| 813 | rsa-sha2-512-cert-v01@openssh.com, | 815 | rsa-sha2-512-cert-v01@openssh.com, |
| 814 | rsa-sha2-256-cert-v01@openssh.com, | 816 | rsa-sha2-256-cert-v01@openssh.com, |
| 815 | ssh-rsa-cert-v01@openssh.com, | 817 | ssh-rsa-cert-v01@openssh.com, |
| 816 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 818 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
| 817 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | 819 | sk-ecdsa-sha2-nistp256@openssh.com, |
| 820 | ssh-ed25519,sk-ssh-ed25519@openssh.com, | ||
| 821 | rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
| 818 | .Ed | 822 | .Ed |
| 819 | .Pp | 823 | .Pp |
| 820 | The | 824 | The |
| @@ -842,12 +846,16 @@ The default for this option is: | |||
| 842 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 846 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
| 843 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 847 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
| 844 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | 848 | ecdsa-sha2-nistp521-cert-v01@openssh.com, |
| 849 | sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
| 845 | ssh-ed25519-cert-v01@openssh.com, | 850 | ssh-ed25519-cert-v01@openssh.com, |
| 851 | sk-ssh-ed25519-cert-v01@openssh.com, | ||
| 846 | rsa-sha2-512-cert-v01@openssh.com, | 852 | rsa-sha2-512-cert-v01@openssh.com, |
| 847 | rsa-sha2-256-cert-v01@openssh.com, | 853 | rsa-sha2-256-cert-v01@openssh.com, |
| 848 | ssh-rsa-cert-v01@openssh.com, | 854 | ssh-rsa-cert-v01@openssh.com, |
| 849 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 855 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
| 850 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | 856 | sk-ecdsa-sha2-nistp256@openssh.com, |
| 857 | ssh-ed25519,sk-ssh-ed25519@openssh.com, | ||
| 858 | rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
| 851 | .Ed | 859 | .Ed |
| 852 | .Pp | 860 | .Pp |
| 853 | If hostkeys are known for the destination host then this default is modified | 861 | If hostkeys are known for the destination host then this default is modified |
| @@ -1323,19 +1331,19 @@ character, then the specified key types will be placed at the head of the | |||
| 1323 | default set. | 1331 | default set. |
| 1324 | The default for this option is: | 1332 | The default for this option is: |
| 1325 | .Bd -literal -offset 3n | 1333 | .Bd -literal -offset 3n |
| 1326 | sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
| 1327 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 1334 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
| 1328 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 1335 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
| 1329 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | 1336 | ecdsa-sha2-nistp521-cert-v01@openssh.com, |
| 1330 | sk-ssh-ed25519-cert-v01@openssh.com, | 1337 | sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, |
| 1331 | ssh-ed25519-cert-v01@openssh.com, | 1338 | ssh-ed25519-cert-v01@openssh.com, |
| 1339 | sk-ssh-ed25519-cert-v01@openssh.com, | ||
| 1332 | rsa-sha2-512-cert-v01@openssh.com, | 1340 | rsa-sha2-512-cert-v01@openssh.com, |
| 1333 | rsa-sha2-256-cert-v01@openssh.com, | 1341 | rsa-sha2-256-cert-v01@openssh.com, |
| 1334 | ssh-rsa-cert-v01@openssh.com, | 1342 | ssh-rsa-cert-v01@openssh.com, |
| 1335 | sk-ecdsa-sha2-nistp256@openssh.com, | ||
| 1336 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 1343 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
| 1337 | sk-ssh-ed25519@openssh.com, | 1344 | sk-ecdsa-sha2-nistp256@openssh.com, |
| 1338 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | 1345 | ssh-ed25519,sk-ssh-ed25519@openssh.com, |
| 1346 | rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
| 1339 | .Ed | 1347 | .Ed |
| 1340 | .Pp | 1348 | .Pp |
| 1341 | The list of available key types may also be obtained using | 1349 | The list of available key types may also be obtained using |