diff options
| author | Colin Watson <cjwatson@debian.org> | 2019-10-09 22:59:48 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2019-10-09 22:59:48 +0100 |
| commit | 4213eec74e74de6310c27a40c3e9759a08a73996 (patch) | |
| tree | e97a6dcafc6763aea7c804e4e113c2750cb1400d /sshd_config.0 | |
| parent | 102062f825fb26a74295a1c089c00c4c4c76b68a (diff) | |
| parent | cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c (diff) | |
Import openssh_8.1p1.orig.tar.gz
Diffstat (limited to 'sshd_config.0')
| -rw-r--r-- | sshd_config.0 | 50 |
1 files changed, 30 insertions, 20 deletions
diff --git a/sshd_config.0 b/sshd_config.0 index 545b9a89c..1b732197c 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
| @@ -210,7 +210,7 @@ DESCRIPTION | |||
| 210 | Specifies which algorithms are allowed for signing of | 210 | Specifies which algorithms are allowed for signing of |
| 211 | certificates by certificate authorities (CAs). The default is: | 211 | certificates by certificate authorities (CAs). The default is: |
| 212 | 212 | ||
| 213 | ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 213 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
| 214 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | 214 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa |
| 215 | 215 | ||
| 216 | Certificates signed using other algorithms will not be accepted | 216 | Certificates signed using other algorithms will not be accepted |
| @@ -249,11 +249,13 @@ DESCRIPTION | |||
| 249 | 249 | ||
| 250 | Ciphers | 250 | Ciphers |
| 251 | Specifies the ciphers allowed. Multiple ciphers must be comma- | 251 | Specifies the ciphers allowed. Multiple ciphers must be comma- |
| 252 | separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | 252 | separated. If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, |
| 253 | then the specified ciphers will be appended to the default set | 253 | then the specified ciphers will be appended to the default set |
| 254 | instead of replacing them. If the specified value begins with a | 254 | instead of replacing them. If the specified list begins with a |
| 255 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards) | 255 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards) |
| 256 | will be removed from the default set instead of replacing them. | 256 | will be removed from the default set instead of replacing them. |
| 257 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the | ||
| 258 | specified ciphers will be placed at the head of the default set. | ||
| 257 | 259 | ||
| 258 | The supported ciphers are: | 260 | The supported ciphers are: |
| 259 | 261 | ||
| @@ -288,7 +290,7 @@ DESCRIPTION | |||
| 288 | spoofable. The TCP keepalive option enabled by TCPKeepAlive is | 290 | spoofable. The TCP keepalive option enabled by TCPKeepAlive is |
| 289 | spoofable. The client alive mechanism is valuable when the | 291 | spoofable. The client alive mechanism is valuable when the |
| 290 | client or server depend on knowing when a connection has become | 292 | client or server depend on knowing when a connection has become |
| 291 | inactive. | 293 | unresponsive. |
| 292 | 294 | ||
| 293 | The default value is 3. If ClientAliveInterval is set to 15, and | 295 | The default value is 3. If ClientAliveInterval is set to 15, and |
| 294 | ClientAliveCountMax is left at the default, unresponsive SSH | 296 | ClientAliveCountMax is left at the default, unresponsive SSH |
| @@ -393,12 +395,14 @@ DESCRIPTION | |||
| 393 | HostbasedAcceptedKeyTypes | 395 | HostbasedAcceptedKeyTypes |
| 394 | Specifies the key types that will be accepted for hostbased | 396 | Specifies the key types that will be accepted for hostbased |
| 395 | authentication as a list of comma-separated patterns. | 397 | authentication as a list of comma-separated patterns. |
| 396 | Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | 398 | Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, |
| 397 | then the specified key types will be appended to the default set | 399 | then the specified key types will be appended to the default set |
| 398 | instead of replacing them. If the specified value begins with a | 400 | instead of replacing them. If the specified list begins with a |
| 399 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) | 401 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) |
| 400 | will be removed from the default set instead of replacing them. | 402 | will be removed from the default set instead of replacing them. |
| 401 | The default for this option is: | 403 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the |
| 404 | specified key types will be placed at the head of the default | ||
| 405 | set. The default for this option is: | ||
| 402 | 406 | ||
| 403 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 407 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
| 404 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 408 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
| @@ -524,12 +528,13 @@ DESCRIPTION | |||
| 524 | KexAlgorithms | 528 | KexAlgorithms |
| 525 | Specifies the available KEX (Key Exchange) algorithms. Multiple | 529 | Specifies the available KEX (Key Exchange) algorithms. Multiple |
| 526 | algorithms must be comma-separated. Alternately if the specified | 530 | algorithms must be comma-separated. Alternately if the specified |
| 527 | value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods | 531 | list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods will |
| 528 | will be appended to the default set instead of replacing them. | 532 | be appended to the default set instead of replacing them. If the |
| 529 | If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the | 533 | specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified |
| 530 | specified methods (including wildcards) will be removed from the | 534 | methods (including wildcards) will be removed from the default |
| 531 | default set instead of replacing them. The supported algorithms | 535 | set instead of replacing them. If the specified list begins with |
| 532 | are: | 536 | a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified methods will be placed at the |
| 537 | head of the default set. The supported algorithms are: | ||
| 533 | 538 | ||
| 534 | curve25519-sha256 | 539 | curve25519-sha256 |
| 535 | curve25519-sha256@libssh.org | 540 | curve25519-sha256@libssh.org |
| @@ -588,11 +593,14 @@ DESCRIPTION | |||
| 588 | MACs Specifies the available MAC (message authentication code) | 593 | MACs Specifies the available MAC (message authentication code) |
| 589 | algorithms. The MAC algorithm is used for data integrity | 594 | algorithms. The MAC algorithm is used for data integrity |
| 590 | protection. Multiple algorithms must be comma-separated. If the | 595 | protection. Multiple algorithms must be comma-separated. If the |
| 591 | specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified | 596 | specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified |
| 592 | algorithms will be appended to the default set instead of | 597 | algorithms will be appended to the default set instead of |
| 593 | replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y | 598 | replacing them. If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y |
| 594 | character, then the specified algorithms (including wildcards) | 599 | character, then the specified algorithms (including wildcards) |
| 595 | will be removed from the default set instead of replacing them. | 600 | will be removed from the default set instead of replacing them. |
| 601 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the | ||
| 602 | specified algorithms will be placed at the head of the default | ||
| 603 | set. | ||
| 596 | 604 | ||
| 597 | The algorithms that contain "-etm" calculate the MAC after | 605 | The algorithms that contain "-etm" calculate the MAC after |
| 598 | encryption (encrypt-then-mac). These are considered safer and | 606 | encryption (encrypt-then-mac). These are considered safer and |
| @@ -668,7 +676,7 @@ DESCRIPTION | |||
| 668 | PermitTTY, PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, | 676 | PermitTTY, PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, |
| 669 | PubkeyAuthentication, RekeyLimit, RevokedKeys, RDomain, SetEnv, | 677 | PubkeyAuthentication, RekeyLimit, RevokedKeys, RDomain, SetEnv, |
| 670 | StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys, | 678 | StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys, |
| 671 | X11DisplayOffset, X11Forwarding and X11UseLocalHost. | 679 | X11DisplayOffset, X11Forwarding and X11UseLocalhost. |
| 672 | 680 | ||
| 673 | MaxAuthTries | 681 | MaxAuthTries |
| 674 | Specifies the maximum number of authentication attempts permitted | 682 | Specifies the maximum number of authentication attempts permitted |
| @@ -811,12 +819,14 @@ DESCRIPTION | |||
| 811 | PubkeyAcceptedKeyTypes | 819 | PubkeyAcceptedKeyTypes |
| 812 | Specifies the key types that will be accepted for public key | 820 | Specifies the key types that will be accepted for public key |
| 813 | authentication as a list of comma-separated patterns. | 821 | authentication as a list of comma-separated patterns. |
| 814 | Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | 822 | Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, |
| 815 | then the specified key types will be appended to the default set | 823 | then the specified key types will be appended to the default set |
| 816 | instead of replacing them. If the specified value begins with a | 824 | instead of replacing them. If the specified list begins with a |
| 817 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) | 825 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) |
| 818 | will be removed from the default set instead of replacing them. | 826 | will be removed from the default set instead of replacing them. |
| 819 | The default for this option is: | 827 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the |
| 828 | specified key types will be placed at the head of the default | ||
| 829 | set. The default for this option is: | ||
| 820 | 830 | ||
| 821 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 831 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
| 822 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 832 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
| @@ -1089,4 +1099,4 @@ AUTHORS | |||
| 1089 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 1099 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
| 1090 | for privilege separation. | 1100 | for privilege separation. |
| 1091 | 1101 | ||
| 1092 | OpenBSD 6.5 March 22, 2019 OpenBSD 6.5 | 1102 | OpenBSD 6.6 September 6, 2019 OpenBSD 6.6 |