diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-10 00:27:24 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-02-10 02:40:28 +0000 |
commit | a2b8818c5d21cfcba443625251f691a2ea3a29c7 (patch) | |
tree | 8fe1fe448cde57eecf71a7bcd57186661b90313f /sshd.8 | |
parent | d399ecd8eb7d4aed3b7ba0d2727e619607fb901b (diff) | |
parent | ee8d8b97cc2c6081df3af453a228992b87309ec4 (diff) |
Merge 6.5p1.
* New upstream release (http://www.openssh.com/txt/release-6.5,
LP: #1275068):
- ssh(1): Add support for client-side hostname canonicalisation using a
set of DNS suffixes and rules in ssh_config(5). This allows
unqualified names to be canonicalised to fully-qualified domain names
to eliminate ambiguity when looking up keys in known_hosts or checking
host certificate names (closes: #115286).
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 17 |
1 files changed, 11 insertions, 6 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd.8,v 1.270 2013/06/27 14:05:37 jmc Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $ |
37 | .Dd $Mdocdate: June 27 2013 $ | 37 | .Dd $Mdocdate: December 7 2013 $ |
38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -178,7 +178,8 @@ The default is | |||
178 | .Pa /etc/ssh/ssh_host_key | 178 | .Pa /etc/ssh/ssh_host_key |
179 | for protocol version 1, and | 179 | for protocol version 1, and |
180 | .Pa /etc/ssh/ssh_host_dsa_key , | 180 | .Pa /etc/ssh/ssh_host_dsa_key , |
181 | .Pa /etc/ssh/ssh_host_ecdsa_key | 181 | .Pa /etc/ssh/ssh_host_ecdsa_key . |
182 | .Pa /etc/ssh/ssh_host_ed25519_key | ||
182 | and | 183 | and |
183 | .Pa /etc/ssh/ssh_host_rsa_key | 184 | .Pa /etc/ssh/ssh_host_rsa_key |
184 | for protocol version 2. | 185 | for protocol version 2. |
@@ -283,7 +284,7 @@ though this can be changed via the | |||
283 | .Cm Protocol | 284 | .Cm Protocol |
284 | option in | 285 | option in |
285 | .Xr sshd_config 5 . | 286 | .Xr sshd_config 5 . |
286 | Protocol 2 supports DSA, ECDSA and RSA keys; | 287 | Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys; |
287 | protocol 1 only supports RSA keys. | 288 | protocol 1 only supports RSA keys. |
288 | For both protocols, | 289 | For both protocols, |
289 | each host has a host-specific key, | 290 | each host has a host-specific key, |
@@ -497,6 +498,7 @@ For protocol version 2 the keytype is | |||
497 | .Dq ecdsa-sha2-nistp256 , | 498 | .Dq ecdsa-sha2-nistp256 , |
498 | .Dq ecdsa-sha2-nistp384 , | 499 | .Dq ecdsa-sha2-nistp384 , |
499 | .Dq ecdsa-sha2-nistp521 , | 500 | .Dq ecdsa-sha2-nistp521 , |
501 | .Dq ssh-ed25519 , | ||
500 | .Dq ssh-dss | 502 | .Dq ssh-dss |
501 | or | 503 | or |
502 | .Dq ssh-rsa . | 504 | .Dq ssh-rsa . |
@@ -509,6 +511,7 @@ You don't want to type them in; instead, copy the | |||
509 | .Pa identity.pub , | 511 | .Pa identity.pub , |
510 | .Pa id_dsa.pub , | 512 | .Pa id_dsa.pub , |
511 | .Pa id_ecdsa.pub , | 513 | .Pa id_ecdsa.pub , |
514 | .Pa id_ed25519.pub , | ||
512 | or the | 515 | or the |
513 | .Pa id_rsa.pub | 516 | .Pa id_rsa.pub |
514 | file and edit it. | 517 | file and edit it. |
@@ -808,8 +811,8 @@ secret, but the recommended permissions are read/write/execute for the user, | |||
808 | and not accessible by others. | 811 | and not accessible by others. |
809 | .Pp | 812 | .Pp |
810 | .It Pa ~/.ssh/authorized_keys | 813 | .It Pa ~/.ssh/authorized_keys |
811 | Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in | 814 | Lists the public keys (DSA, ECDSA, ED25519, RSA) |
812 | as this user. | 815 | that can be used for logging in as this user. |
813 | The format of this file is described above. | 816 | The format of this file is described above. |
814 | The content of the file is not highly sensitive, but the recommended | 817 | The content of the file is not highly sensitive, but the recommended |
815 | permissions are read/write for the user, and not accessible by others. | 818 | permissions are read/write for the user, and not accessible by others. |
@@ -889,6 +892,7 @@ rlogin/rsh. | |||
889 | .It Pa /etc/ssh/ssh_host_key | 892 | .It Pa /etc/ssh/ssh_host_key |
890 | .It Pa /etc/ssh/ssh_host_dsa_key | 893 | .It Pa /etc/ssh/ssh_host_dsa_key |
891 | .It Pa /etc/ssh/ssh_host_ecdsa_key | 894 | .It Pa /etc/ssh/ssh_host_ecdsa_key |
895 | .It Pa /etc/ssh/ssh_host_ed25519_key | ||
892 | .It Pa /etc/ssh/ssh_host_rsa_key | 896 | .It Pa /etc/ssh/ssh_host_rsa_key |
893 | These files contain the private parts of the host keys. | 897 | These files contain the private parts of the host keys. |
894 | These files should only be owned by root, readable only by root, and not | 898 | These files should only be owned by root, readable only by root, and not |
@@ -900,6 +904,7 @@ does not start if these files are group/world-accessible. | |||
900 | .It Pa /etc/ssh/ssh_host_key.pub | 904 | .It Pa /etc/ssh/ssh_host_key.pub |
901 | .It Pa /etc/ssh/ssh_host_dsa_key.pub | 905 | .It Pa /etc/ssh/ssh_host_dsa_key.pub |
902 | .It Pa /etc/ssh/ssh_host_ecdsa_key.pub | 906 | .It Pa /etc/ssh/ssh_host_ecdsa_key.pub |
907 | .It Pa /etc/ssh/ssh_host_ed25519_key.pub | ||
903 | .It Pa /etc/ssh/ssh_host_rsa_key.pub | 908 | .It Pa /etc/ssh/ssh_host_rsa_key.pub |
904 | These files contain the public parts of the host keys. | 909 | These files contain the public parts of the host keys. |
905 | These files should be world-readable but writable only by | 910 | These files should be world-readable but writable only by |