summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
authornaddy@openbsd.org <naddy@openbsd.org>2019-09-06 14:45:34 +0000
committerDamien Miller <djm@mindrot.org>2019-09-08 14:49:04 +1000
commit91a2135f32acdd6378476c5bae475a6e7811a6a2 (patch)
treeda8ddb5e4236cb12f3c70ab939e3abe674aa8ba4 /ssh_config.5
parentc8bdd2db77ac2369d5cdee237656f266c8f41552 (diff)
upstream: Allow prepending a list of algorithms to the default set
by starting the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@ OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.528
1 files changed, 26 insertions, 2 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 14d96beaf..e114b1dfe 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.300 2019/09/04 20:31:15 naddy Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.301 2019/09/06 14:45:34 naddy Exp $
37.Dd $Mdocdate: September 4 2019 $ 37.Dd $Mdocdate: September 6 2019 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -430,6 +430,10 @@ If the specified list begins with a
430.Sq - 430.Sq -
431character, then the specified ciphers (including wildcards) will be removed 431character, then the specified ciphers (including wildcards) will be removed
432from the default set instead of replacing them. 432from the default set instead of replacing them.
433If the specified list begins with a
434.Sq ^
435character, then the specified ciphers will be placed at the head of the
436default set.
433.Pp 437.Pp
434The supported ciphers are: 438The supported ciphers are:
435.Bd -literal -offset indent 439.Bd -literal -offset indent
@@ -794,6 +798,10 @@ If the specified list begins with a
794.Sq - 798.Sq -
795character, then the specified key types (including wildcards) will be removed 799character, then the specified key types (including wildcards) will be removed
796from the default set instead of replacing them. 800from the default set instead of replacing them.
801If the specified list begins with a
802.Sq ^
803character, then the specified key types will be placed at the head of the
804default set.
797The default for this option is: 805The default for this option is:
798.Bd -literal -offset 3n 806.Bd -literal -offset 3n
799ecdsa-sha2-nistp256-cert-v01@openssh.com, 807ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -822,6 +830,10 @@ If the specified list begins with a
822.Sq - 830.Sq -
823character, then the specified key types (including wildcards) will be removed 831character, then the specified key types (including wildcards) will be removed
824from the default set instead of replacing them. 832from the default set instead of replacing them.
833If the specified list begins with a
834.Sq ^
835character, then the specified key types will be placed at the head of the
836default set.
825The default for this option is: 837The default for this option is:
826.Bd -literal -offset 3n 838.Bd -literal -offset 3n
827ecdsa-sha2-nistp256-cert-v01@openssh.com, 839ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -1051,6 +1063,10 @@ If the specified list begins with a
1051.Sq - 1063.Sq -
1052character, then the specified methods (including wildcards) will be removed 1064character, then the specified methods (including wildcards) will be removed
1053from the default set instead of replacing them. 1065from the default set instead of replacing them.
1066If the specified list begins with a
1067.Sq ^
1068character, then the specified methods will be placed at the head of the
1069default set.
1054The default is: 1070The default is:
1055.Bd -literal -offset indent 1071.Bd -literal -offset indent
1056curve25519-sha256,curve25519-sha256@libssh.org, 1072curve25519-sha256,curve25519-sha256@libssh.org,
@@ -1132,6 +1148,10 @@ If the specified list begins with a
1132.Sq - 1148.Sq -
1133character, then the specified algorithms (including wildcards) will be removed 1149character, then the specified algorithms (including wildcards) will be removed
1134from the default set instead of replacing them. 1150from the default set instead of replacing them.
1151If the specified list begins with a
1152.Sq ^
1153character, then the specified algorithms will be placed at the head of the
1154default set.
1135.Pp 1155.Pp
1136The algorithms that contain 1156The algorithms that contain
1137.Qq -etm 1157.Qq -etm
@@ -1289,6 +1309,10 @@ If the specified list begins with a
1289.Sq - 1309.Sq -
1290character, then the specified key types (including wildcards) will be removed 1310character, then the specified key types (including wildcards) will be removed
1291from the default set instead of replacing them. 1311from the default set instead of replacing them.
1312If the specified list begins with a
1313.Sq ^
1314character, then the specified key types will be placed at the head of the
1315default set.
1292The default for this option is: 1316The default for this option is:
1293.Bd -literal -offset 3n 1317.Bd -literal -offset 3n
1294ecdsa-sha2-nistp256-cert-v01@openssh.com, 1318ecdsa-sha2-nistp256-cert-v01@openssh.com,