diff options
author | jmc@openbsd.org <jmc@openbsd.org> | 2018-09-20 06:58:48 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-09-21 09:41:10 +1000 |
commit | e6933a2ffa0659d57f3c7b7c457b2c62b2a84613 (patch) | |
tree | 3eb1d7864ad1439ec7ca2960a2748c22bca16855 /ssh_config.5 | |
parent | aa083aa9624ea7b764d5a81c4c676719a1a3e42b (diff) |
upstream: reorder CASignatureAlgorithms, and add them to the
various -o lists; ok djm
OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index a9b44cc44..c7192665f 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,7 +33,7 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.282 2018/09/20 03:30:44 djm Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.283 2018/09/20 06:58:48 jmc Exp $ |
37 | .Dd $Mdocdate: September 20 2018 $ | 37 | .Dd $Mdocdate: September 20 2018 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
@@ -261,18 +261,6 @@ Only useful on systems with more than one address. | |||
261 | .It Cm BindInterface | 261 | .It Cm BindInterface |
262 | Use the address of the specified interface on the local machine as the | 262 | Use the address of the specified interface on the local machine as the |
263 | source address of the connection. | 263 | source address of the connection. |
264 | .It Cm CASignatureAlgorithms | ||
265 | Specifies which algorithms are allowed for signing of certificates | ||
266 | by certificate authorities (CAs). | ||
267 | The default is: | ||
268 | .Bd -literal -offset indent | ||
269 | ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
270 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
271 | .Ed | ||
272 | .Pp | ||
273 | .Xr ssh 1 | ||
274 | will not accept host certificates signed using algorithms other than those | ||
275 | specified. | ||
276 | .It Cm CanonicalDomains | 264 | .It Cm CanonicalDomains |
277 | When | 265 | When |
278 | .Cm CanonicalizeHostname | 266 | .Cm CanonicalizeHostname |
@@ -348,6 +336,18 @@ to be canonicalized to names in the | |||
348 | or | 336 | or |
349 | .Qq *.c.example.com | 337 | .Qq *.c.example.com |
350 | domains. | 338 | domains. |
339 | .It Cm CASignatureAlgorithms | ||
340 | Specifies which algorithms are allowed for signing of certificates | ||
341 | by certificate authorities (CAs). | ||
342 | The default is: | ||
343 | .Bd -literal -offset indent | ||
344 | ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
345 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
346 | .Ed | ||
347 | .Pp | ||
348 | .Xr ssh 1 | ||
349 | will not accept host certificates signed using algorithms other than those | ||
350 | specified. | ||
351 | .It Cm CertificateFile | 351 | .It Cm CertificateFile |
352 | Specifies a file from which the user's certificate is read. | 352 | Specifies a file from which the user's certificate is read. |
353 | A corresponding private key must be provided separately in order | 353 | A corresponding private key must be provided separately in order |