diff options
author | jmc@openbsd.org <jmc@openbsd.org> | 2016-02-17 07:38:19 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-02-18 09:24:40 +1100 |
commit | a685ae8d1c24fb7c712c55a4f3280ee76f5f1e4b (patch) | |
tree | e584cc9a85e18c54887ca626295a6222d075e6ae /sshd.8 | |
parent | c5c3f3279a0e4044b8de71b70d3570d692d0f29d (diff) |
upstream commit
since these pages now clearly tell folks to avoid v1,
normalise the docs from a v2 perspective (i.e. stop pointing out which bits
are v2 only);
ok/tweaks djm ok markus
Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 16 |
1 files changed, 7 insertions, 9 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd.8,v 1.283 2016/02/05 03:07:06 djm Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $ |
37 | .Dd $Mdocdate: February 5 2016 $ | 37 | .Dd $Mdocdate: February 17 2016 $ |
38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -275,14 +275,12 @@ though this can be changed via the | |||
275 | .Cm Protocol | 275 | .Cm Protocol |
276 | option in | 276 | option in |
277 | .Xr sshd_config 5 . | 277 | .Xr sshd_config 5 . |
278 | Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys; | 278 | Protocol 1 should not be used |
279 | protocol 1 only supports RSA keys. | 279 | and is only offered to support legacy devices. |
280 | For both protocols, | ||
281 | each host has a host-specific key, | ||
282 | normally 2048 bits, | ||
283 | used to identify the host. | ||
284 | .Pp | 280 | .Pp |
285 | Forward security for protocol 1 is provided through | 281 | Each host has a host-specific key, |
282 | used to identify the host. | ||
283 | Partial forward security for protocol 1 is provided through | ||
286 | an additional server key, | 284 | an additional server key, |
287 | normally 1024 bits, | 285 | normally 1024 bits, |
288 | generated when the server starts. | 286 | generated when the server starts. |