diff options
author | naddy@openbsd.org <naddy@openbsd.org> | 2019-12-19 15:09:30 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2019-12-20 14:25:08 +1100 |
commit | ae024b22c4fd68e7f39681d605585889f9511108 (patch) | |
tree | 13b0f16f9f778ba7169ccc5a7ab11a62dec36368 /ssh_config.5 | |
parent | bc2dc091e0ac4ff6245c43a61ebe12c7e9ea0b7f (diff) |
upstream: Document that security key-hosted keys can act as host
keys.
Update the list of default host key algorithms in ssh_config.5 and
sshd_config.5. Copy the description of the SecurityKeyProvider
option to sshd_config.5.
ok jmc@
OpenBSD-Commit-ID: edadf3566ab5e94582df4377fee3b8b702c7eca0
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 93029031a..dc7a2143d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.310 2019/11/30 07:07:59 jmc Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.311 2019/12/19 15:09:30 naddy Exp $ |
37 | .Dd $Mdocdate: November 30 2019 $ | 37 | .Dd $Mdocdate: December 19 2019 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -809,12 +809,16 @@ The default for this option is: | |||
809 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 809 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
810 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 810 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
811 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | 811 | ecdsa-sha2-nistp521-cert-v01@openssh.com, |
812 | sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
812 | ssh-ed25519-cert-v01@openssh.com, | 813 | ssh-ed25519-cert-v01@openssh.com, |
814 | sk-ssh-ed25519-cert-v01@openssh.com, | ||
813 | rsa-sha2-512-cert-v01@openssh.com, | 815 | rsa-sha2-512-cert-v01@openssh.com, |
814 | rsa-sha2-256-cert-v01@openssh.com, | 816 | rsa-sha2-256-cert-v01@openssh.com, |
815 | ssh-rsa-cert-v01@openssh.com, | 817 | ssh-rsa-cert-v01@openssh.com, |
816 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 818 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
817 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | 819 | sk-ecdsa-sha2-nistp256@openssh.com, |
820 | ssh-ed25519,sk-ssh-ed25519@openssh.com, | ||
821 | rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
818 | .Ed | 822 | .Ed |
819 | .Pp | 823 | .Pp |
820 | The | 824 | The |
@@ -842,12 +846,16 @@ The default for this option is: | |||
842 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 846 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
843 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 847 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
844 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | 848 | ecdsa-sha2-nistp521-cert-v01@openssh.com, |
849 | sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
845 | ssh-ed25519-cert-v01@openssh.com, | 850 | ssh-ed25519-cert-v01@openssh.com, |
851 | sk-ssh-ed25519-cert-v01@openssh.com, | ||
846 | rsa-sha2-512-cert-v01@openssh.com, | 852 | rsa-sha2-512-cert-v01@openssh.com, |
847 | rsa-sha2-256-cert-v01@openssh.com, | 853 | rsa-sha2-256-cert-v01@openssh.com, |
848 | ssh-rsa-cert-v01@openssh.com, | 854 | ssh-rsa-cert-v01@openssh.com, |
849 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 855 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
850 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | 856 | sk-ecdsa-sha2-nistp256@openssh.com, |
857 | ssh-ed25519,sk-ssh-ed25519@openssh.com, | ||
858 | rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
851 | .Ed | 859 | .Ed |
852 | .Pp | 860 | .Pp |
853 | If hostkeys are known for the destination host then this default is modified | 861 | If hostkeys are known for the destination host then this default is modified |
@@ -1323,19 +1331,19 @@ character, then the specified key types will be placed at the head of the | |||
1323 | default set. | 1331 | default set. |
1324 | The default for this option is: | 1332 | The default for this option is: |
1325 | .Bd -literal -offset 3n | 1333 | .Bd -literal -offset 3n |
1326 | sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
1327 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 1334 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
1328 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 1335 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
1329 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | 1336 | ecdsa-sha2-nistp521-cert-v01@openssh.com, |
1330 | sk-ssh-ed25519-cert-v01@openssh.com, | 1337 | sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, |
1331 | ssh-ed25519-cert-v01@openssh.com, | 1338 | ssh-ed25519-cert-v01@openssh.com, |
1339 | sk-ssh-ed25519-cert-v01@openssh.com, | ||
1332 | rsa-sha2-512-cert-v01@openssh.com, | 1340 | rsa-sha2-512-cert-v01@openssh.com, |
1333 | rsa-sha2-256-cert-v01@openssh.com, | 1341 | rsa-sha2-256-cert-v01@openssh.com, |
1334 | ssh-rsa-cert-v01@openssh.com, | 1342 | ssh-rsa-cert-v01@openssh.com, |
1335 | sk-ecdsa-sha2-nistp256@openssh.com, | ||
1336 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 1343 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
1337 | sk-ssh-ed25519@openssh.com, | 1344 | sk-ecdsa-sha2-nistp256@openssh.com, |
1338 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | 1345 | ssh-ed25519,sk-ssh-ed25519@openssh.com, |
1346 | rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
1339 | .Ed | 1347 | .Ed |
1340 | .Pp | 1348 | .Pp |
1341 | The list of available key types may also be obtained using | 1349 | The list of available key types may also be obtained using |