merge 6.2p1; reorder additions to monitor.h for easier merging in future

author: Colin Watson <cjwatson@debian.org> 2013-05-07 10:06:42 +0100
committer: Colin Watson <cjwatson@debian.org> 2013-05-07 10:06:42 +0100
commit: ecebda56da46a03dafff923d91c382f31faa9eec (patch)
tree: 449614b6c06a2622c74a609b31fcc46c60037c56 /ssh_config.5
parent: c6a2c0334e45419875687d250aed9bea78480f2e (diff)
parent: ffc06452028ba78cd693d4ed43df8b60a10d6163 (diff)
1 files changed, 17 insertions, 3 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 1c118eefc..bd3a7127a 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.157 2012/06/29 13:57:25 naddy Exp $
+.\" $OpenBSD: ssh_config.5,v 1.161 2013/01/08 18:49:04 markus Exp $
-.Dd $Mdocdate: June 29 2012 $
+.Dd $Mdocdate: January 8 2013 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -204,6 +204,8 @@ The supported ciphers are
 .Dq aes128-ctr ,
 .Dq aes192-ctr ,
 .Dq aes256-ctr ,
+.Dq aes128-gcm@openssh.com ,
+.Dq aes256-gcm@openssh.com ,
 .Dq arcfour128 ,
 .Dq arcfour256 ,
 .Dq arcfour ,
@@ -213,6 +215,7 @@ and
 The default is:
 .Bd -literal -offset 3n
 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
+aes128-gcm@openssh.com,aes256-gcm@openssh.com,
 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
 aes256-cbc,arcfour
 .Ed
@@ -634,6 +637,8 @@ should only use the authentication identity files configured in the
 files,
 even if
 .Xr ssh-agent 1
+or a
+.Cm PKCS11Provider
 offers more identities.
 The argument to this keyword must be
 .Dq yes
@@ -822,9 +827,18 @@ in order of preference.
 The MAC algorithm is used in protocol version 2
 for data integrity protection.
 Multiple algorithms must be comma-separated.
+The algorithms that contain
+.Dq -etm
+calculate the MAC after encryption (encrypt-then-mac).
+These are considered safer and their use recommended.
 The default is:
 .Bd -literal -offset indent
-hmac-md5,hmac-sha1,umac-64@openssh.com,
+hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
+umac-64-etm@openssh.com,umac-128-etm@openssh.com,
+hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
+hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
+hmac-md5-96-etm@openssh.com,
+hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
 hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
 hmac-sha1-96,hmac-md5-96
 .Ed
author	Colin Watson <cjwatson@debian.org>	2013-05-07 10:06:42 +0100
committer	Colin Watson <cjwatson@debian.org>	2013-05-07 10:06:42 +0100
commit	ecebda56da46a03dafff923d91c382f31faa9eec (patch)
tree	449614b6c06a2622c74a609b31fcc46c60037c56 /ssh_config.5
parent	c6a2c0334e45419875687d250aed9bea78480f2e (diff)
parent	ffc06452028ba78cd693d4ed43df8b60a10d6163 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 1c118eefc..bd3a7127a 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.157 2012/06/29 13:57:25 naddy Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.161 2013/01/08 18:49:04 markus Exp $
37	.Dd $Mdocdate: June 29 2012 $	37	.Dd $Mdocdate: January 8 2013 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -204,6 +204,8 @@ The supported ciphers are
204	.Dq aes128-ctr ,	204	.Dq aes128-ctr ,
205	.Dq aes192-ctr ,	205	.Dq aes192-ctr ,
206	.Dq aes256-ctr ,	206	.Dq aes256-ctr ,
		207	.Dq aes128-gcm@openssh.com ,
		208	.Dq aes256-gcm@openssh.com ,
207	.Dq arcfour128 ,	209	.Dq arcfour128 ,
208	.Dq arcfour256 ,	210	.Dq arcfour256 ,
209	.Dq arcfour ,	211	.Dq arcfour ,
@@ -213,6 +215,7 @@ and
213	The default is:	215	The default is:
214	.Bd -literal -offset 3n	216	.Bd -literal -offset 3n
215	aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,	217	aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
		218	aes128-gcm@openssh.com,aes256-gcm@openssh.com,
216	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,	219	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
217	aes256-cbc,arcfour	220	aes256-cbc,arcfour
218	.Ed	221	.Ed
@@ -634,6 +637,8 @@ should only use the authentication identity files configured in the
634	files,	637	files,
635	even if	638	even if
636	.Xr ssh-agent 1	639	.Xr ssh-agent 1
		640	or a
		641	.Cm PKCS11Provider
637	offers more identities.	642	offers more identities.
638	The argument to this keyword must be	643	The argument to this keyword must be
639	.Dq yes	644	.Dq yes
@@ -822,9 +827,18 @@ in order of preference.
822	The MAC algorithm is used in protocol version 2	827	The MAC algorithm is used in protocol version 2
823	for data integrity protection.	828	for data integrity protection.
824	Multiple algorithms must be comma-separated.	829	Multiple algorithms must be comma-separated.
		830	The algorithms that contain
		831	.Dq -etm
		832	calculate the MAC after encryption (encrypt-then-mac).
		833	These are considered safer and their use recommended.
825	The default is:	834	The default is:
826	.Bd -literal -offset indent	835	.Bd -literal -offset indent
827	hmac-md5,hmac-sha1,umac-64@openssh.com,	836	hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
		837	umac-64-etm@openssh.com,umac-128-etm@openssh.com,
		838	hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
		839	hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
		840	hmac-md5-96-etm@openssh.com,
		841	hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
828	hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,	842	hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
829	hmac-sha1-96,hmac-md5-96	843	hmac-sha1-96,hmac-md5-96
830	.Ed	844	.Ed