diff options
author | naddy@openbsd.org <naddy@openbsd.org> | 2019-09-06 14:45:34 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-09-08 14:49:04 +1000 |
commit | 91a2135f32acdd6378476c5bae475a6e7811a6a2 (patch) | |
tree | da8ddb5e4236cb12f3c70ab939e3abe674aa8ba4 /ssh_config.5 | |
parent | c8bdd2db77ac2369d5cdee237656f266c8f41552 (diff) |
upstream: Allow prepending a list of algorithms to the default set
by starting the list with the '^' character, e.g.
HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com
ok djm@ dtucker@
OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 14d96beaf..e114b1dfe 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.300 2019/09/04 20:31:15 naddy Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.301 2019/09/06 14:45:34 naddy Exp $ |
37 | .Dd $Mdocdate: September 4 2019 $ | 37 | .Dd $Mdocdate: September 6 2019 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -430,6 +430,10 @@ If the specified list begins with a | |||
430 | .Sq - | 430 | .Sq - |
431 | character, then the specified ciphers (including wildcards) will be removed | 431 | character, then the specified ciphers (including wildcards) will be removed |
432 | from the default set instead of replacing them. | 432 | from the default set instead of replacing them. |
433 | If the specified list begins with a | ||
434 | .Sq ^ | ||
435 | character, then the specified ciphers will be placed at the head of the | ||
436 | default set. | ||
433 | .Pp | 437 | .Pp |
434 | The supported ciphers are: | 438 | The supported ciphers are: |
435 | .Bd -literal -offset indent | 439 | .Bd -literal -offset indent |
@@ -794,6 +798,10 @@ If the specified list begins with a | |||
794 | .Sq - | 798 | .Sq - |
795 | character, then the specified key types (including wildcards) will be removed | 799 | character, then the specified key types (including wildcards) will be removed |
796 | from the default set instead of replacing them. | 800 | from the default set instead of replacing them. |
801 | If the specified list begins with a | ||
802 | .Sq ^ | ||
803 | character, then the specified key types will be placed at the head of the | ||
804 | default set. | ||
797 | The default for this option is: | 805 | The default for this option is: |
798 | .Bd -literal -offset 3n | 806 | .Bd -literal -offset 3n |
799 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 807 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
@@ -822,6 +830,10 @@ If the specified list begins with a | |||
822 | .Sq - | 830 | .Sq - |
823 | character, then the specified key types (including wildcards) will be removed | 831 | character, then the specified key types (including wildcards) will be removed |
824 | from the default set instead of replacing them. | 832 | from the default set instead of replacing them. |
833 | If the specified list begins with a | ||
834 | .Sq ^ | ||
835 | character, then the specified key types will be placed at the head of the | ||
836 | default set. | ||
825 | The default for this option is: | 837 | The default for this option is: |
826 | .Bd -literal -offset 3n | 838 | .Bd -literal -offset 3n |
827 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 839 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
@@ -1051,6 +1063,10 @@ If the specified list begins with a | |||
1051 | .Sq - | 1063 | .Sq - |
1052 | character, then the specified methods (including wildcards) will be removed | 1064 | character, then the specified methods (including wildcards) will be removed |
1053 | from the default set instead of replacing them. | 1065 | from the default set instead of replacing them. |
1066 | If the specified list begins with a | ||
1067 | .Sq ^ | ||
1068 | character, then the specified methods will be placed at the head of the | ||
1069 | default set. | ||
1054 | The default is: | 1070 | The default is: |
1055 | .Bd -literal -offset indent | 1071 | .Bd -literal -offset indent |
1056 | curve25519-sha256,curve25519-sha256@libssh.org, | 1072 | curve25519-sha256,curve25519-sha256@libssh.org, |
@@ -1132,6 +1148,10 @@ If the specified list begins with a | |||
1132 | .Sq - | 1148 | .Sq - |
1133 | character, then the specified algorithms (including wildcards) will be removed | 1149 | character, then the specified algorithms (including wildcards) will be removed |
1134 | from the default set instead of replacing them. | 1150 | from the default set instead of replacing them. |
1151 | If the specified list begins with a | ||
1152 | .Sq ^ | ||
1153 | character, then the specified algorithms will be placed at the head of the | ||
1154 | default set. | ||
1135 | .Pp | 1155 | .Pp |
1136 | The algorithms that contain | 1156 | The algorithms that contain |
1137 | .Qq -etm | 1157 | .Qq -etm |
@@ -1289,6 +1309,10 @@ If the specified list begins with a | |||
1289 | .Sq - | 1309 | .Sq - |
1290 | character, then the specified key types (including wildcards) will be removed | 1310 | character, then the specified key types (including wildcards) will be removed |
1291 | from the default set instead of replacing them. | 1311 | from the default set instead of replacing them. |
1312 | If the specified list begins with a | ||
1313 | .Sq ^ | ||
1314 | character, then the specified key types will be placed at the head of the | ||
1315 | default set. | ||
1292 | The default for this option is: | 1316 | The default for this option is: |
1293 | .Bd -literal -offset 3n | 1317 | .Bd -literal -offset 3n |
1294 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 1318 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |