diff options
author | naddy@openbsd.org <naddy@openbsd.org> | 2019-12-17 16:21:07 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2019-12-20 14:25:08 +1100 |
commit | e905f7260d72bc0e33ef5f10a0db737ff6e77ba7 (patch) | |
tree | 02365802851f4fe68b28fb86d003530ef8be32d4 /sshd.8 | |
parent | f65cf1163ff01531ae02f3f9210391d0d692f699 (diff) |
upstream: cut obsolete lists of crypto algorithms from outline of
how SSH works ok markus@ jmc@
OpenBSD-Commit-ID: 8e34973f232ab48c4d4f5d07df48d501708b9160
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 11 |
1 files changed, 4 insertions, 7 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd.8,v 1.308 2019/11/30 07:07:59 jmc Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.309 2019/12/17 16:21:07 naddy Exp $ |
37 | .Dd $Mdocdate: November 30 2019 $ | 37 | .Dd $Mdocdate: December 17 2019 $ |
38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -255,14 +255,11 @@ The client compares the | |||
255 | host key against its own database to verify that it has not changed. | 255 | host key against its own database to verify that it has not changed. |
256 | Forward security is provided through a Diffie-Hellman key agreement. | 256 | Forward security is provided through a Diffie-Hellman key agreement. |
257 | This key agreement results in a shared session key. | 257 | This key agreement results in a shared session key. |
258 | The rest of the session is encrypted using a symmetric cipher, currently | 258 | The rest of the session is encrypted using a symmetric cipher. |
259 | 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. | ||
260 | The client selects the encryption algorithm | 259 | The client selects the encryption algorithm |
261 | to use from those offered by the server. | 260 | to use from those offered by the server. |
262 | Additionally, session integrity is provided | 261 | Additionally, session integrity is provided |
263 | through a cryptographic message authentication code | 262 | through a cryptographic message authentication code. |
264 | (hmac-md5, hmac-sha1, umac-64, umac-128, | ||
265 | hmac-sha2-256 or hmac-sha2-512). | ||
266 | .Pp | 263 | .Pp |
267 | Finally, the server and the client enter an authentication dialog. | 264 | Finally, the server and the client enter an authentication dialog. |
268 | The client tries to authenticate itself using | 265 | The client tries to authenticate itself using |