summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2015-08-22 10:05:45 +0100
committerColin Watson <cjwatson@debian.org>2015-08-22 10:05:45 +0100
commit58ddb8ad21f21f5358db0204c4ba9abf94a1ca11 (patch)
treec55df1f23e6fa0fb87a96d8ec4c06a68c3a82b45 /ssh_config.5
parent544df7a04ae5b5c1fc30be7c445ad685d7a02dc9 (diff)
parent1dc8d93ce69d6565747eb44446ed117187621b26 (diff)
Import openssh_7.0p1.orig.tar.gz
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.572
1 files changed, 62 insertions, 10 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 268a627b2..5b0975f87 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.211 2015/06/02 09:10:40 djm Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.214 2015/07/30 00:01:34 djm Exp $
37.Dd $Mdocdate: June 2 2015 $ 37.Dd $Mdocdate: July 30 2015 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -373,6 +373,11 @@ The default is
373Specifies the ciphers allowed for protocol version 2 373Specifies the ciphers allowed for protocol version 2
374in order of preference. 374in order of preference.
375Multiple ciphers must be comma-separated. 375Multiple ciphers must be comma-separated.
376If the specified value begins with a
377.Sq +
378character, then the specified ciphers will be appended to the default set
379instead of replacing them.
380.Pp
376The supported ciphers are: 381The supported ciphers are:
377.Pp 382.Pp
378.Bl -item -compact -offset indent 383.Bl -item -compact -offset indent
@@ -781,9 +786,21 @@ is similar to
781.It Cm HostbasedKeyTypes 786.It Cm HostbasedKeyTypes
782Specifies the key types that will be used for hostbased authentication 787Specifies the key types that will be used for hostbased authentication
783as a comma-separated pattern list. 788as a comma-separated pattern list.
784The default 789Alternately if the specified value begins with a
785.Dq * 790.Sq +
786will allow all key types. 791character, then the specified key types will be appended to the default set
792instead of replacing them.
793The default for this option is:
794.Bd -literal -offset 3n
795ecdsa-sha2-nistp256-cert-v01@openssh.com,
796ecdsa-sha2-nistp384-cert-v01@openssh.com,
797ecdsa-sha2-nistp521-cert-v01@openssh.com,
798ssh-ed25519-cert-v01@openssh.com,
799ssh-rsa-cert-v01@openssh.com,
800ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
801ssh-ed25519,ssh-rsa
802.Ed
803.Pp
787The 804The
788.Fl Q 805.Fl Q
789option of 806option of
@@ -792,16 +809,19 @@ may be used to list supported key types.
792.It Cm HostKeyAlgorithms 809.It Cm HostKeyAlgorithms
793Specifies the protocol version 2 host key algorithms 810Specifies the protocol version 2 host key algorithms
794that the client wants to use in order of preference. 811that the client wants to use in order of preference.
812Alternately if the specified value begins with a
813.Sq +
814character, then the specified key types will be appended to the default set
815instead of replacing them.
795The default for this option is: 816The default for this option is:
796.Bd -literal -offset 3n 817.Bd -literal -offset 3n
797ecdsa-sha2-nistp256-cert-v01@openssh.com, 818ecdsa-sha2-nistp256-cert-v01@openssh.com,
798ecdsa-sha2-nistp384-cert-v01@openssh.com, 819ecdsa-sha2-nistp384-cert-v01@openssh.com,
799ecdsa-sha2-nistp521-cert-v01@openssh.com, 820ecdsa-sha2-nistp521-cert-v01@openssh.com,
800ssh-ed25519-cert-v01@openssh.com, 821ssh-ed25519-cert-v01@openssh.com,
801ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, 822ssh-rsa-cert-v01@openssh.com,
802ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
803ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 823ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
804ssh-ed25519,ssh-rsa,ssh-dss 824ssh-ed25519,ssh-rsa
805.Ed 825.Ed
806.Pp 826.Pp
807If hostkeys are known for the destination host then this default is modified 827If hostkeys are known for the destination host then this default is modified
@@ -974,14 +994,17 @@ and
974.It Cm KexAlgorithms 994.It Cm KexAlgorithms
975Specifies the available KEX (Key Exchange) algorithms. 995Specifies the available KEX (Key Exchange) algorithms.
976Multiple algorithms must be comma-separated. 996Multiple algorithms must be comma-separated.
997Alternately if the specified value begins with a
998.Sq +
999character, then the specified methods will be appended to the default set
1000instead of replacing them.
977The default is: 1001The default is:
978.Bd -literal -offset indent 1002.Bd -literal -offset indent
979curve25519-sha256@libssh.org, 1003curve25519-sha256@libssh.org,
980ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 1004ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
981diffie-hellman-group-exchange-sha256, 1005diffie-hellman-group-exchange-sha256,
982diffie-hellman-group-exchange-sha1, 1006diffie-hellman-group-exchange-sha1,
983diffie-hellman-group14-sha1, 1007diffie-hellman-group14-sha1
984diffie-hellman-group1-sha1
985.Ed 1008.Ed
986.Pp 1009.Pp
987The list of available key exchange algorithms may also be obtained using the 1010The list of available key exchange algorithms may also be obtained using the
@@ -1063,10 +1086,16 @@ in order of preference.
1063The MAC algorithm is used in protocol version 2 1086The MAC algorithm is used in protocol version 2
1064for data integrity protection. 1087for data integrity protection.
1065Multiple algorithms must be comma-separated. 1088Multiple algorithms must be comma-separated.
1089If the specified value begins with a
1090.Sq +
1091character, then the specified algorithms will be appended to the default set
1092instead of replacing them.
1093.Pp
1066The algorithms that contain 1094The algorithms that contain
1067.Dq -etm 1095.Dq -etm
1068calculate the MAC after encryption (encrypt-then-mac). 1096calculate the MAC after encryption (encrypt-then-mac).
1069These are considered safer and their use recommended. 1097These are considered safer and their use recommended.
1098.Pp
1070The default is: 1099The default is:
1071.Bd -literal -offset indent 1100.Bd -literal -offset indent
1072umac-64-etm@openssh.com,umac-128-etm@openssh.com, 1101umac-64-etm@openssh.com,umac-128-etm@openssh.com,
@@ -1207,6 +1236,29 @@ will pass a connected file descriptor back to
1207instead of continuing to execute and pass data. 1236instead of continuing to execute and pass data.
1208The default is 1237The default is
1209.Dq no . 1238.Dq no .
1239.It Cm PubkeyAcceptedKeyTypes
1240Specifies the key types that will be used for public key authentication
1241as a comma-separated pattern list.
1242Alternately if the specified value begins with a
1243.Sq +
1244character, then the key types after it will be appended to the default
1245instead of replacing it.
1246The default for this option is:
1247.Bd -literal -offset 3n
1248ecdsa-sha2-nistp256-cert-v01@openssh.com,
1249ecdsa-sha2-nistp384-cert-v01@openssh.com,
1250ecdsa-sha2-nistp521-cert-v01@openssh.com,
1251ssh-ed25519-cert-v01@openssh.com,
1252ssh-rsa-cert-v01@openssh.com,
1253ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1254ssh-ed25519,ssh-rsa
1255.Ed
1256.Pp
1257The
1258.Fl Q
1259option of
1260.Xr ssh 1
1261may be used to list supported key types.
1210.It Cm PubkeyAuthentication 1262.It Cm PubkeyAuthentication
1211Specifies whether to try public key authentication. 1263Specifies whether to try public key authentication.
1212The argument to this keyword must be 1264The argument to this keyword must be