diff options
author | Colin Watson <cjwatson@debian.org> | 2019-10-09 22:59:48 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2019-10-09 22:59:48 +0100 |
commit | 4213eec74e74de6310c27a40c3e9759a08a73996 (patch) | |
tree | e97a6dcafc6763aea7c804e4e113c2750cb1400d /sshd_config.0 | |
parent | 102062f825fb26a74295a1c089c00c4c4c76b68a (diff) | |
parent | cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c (diff) |
Import openssh_8.1p1.orig.tar.gz
Diffstat (limited to 'sshd_config.0')
-rw-r--r-- | sshd_config.0 | 50 |
1 files changed, 30 insertions, 20 deletions
diff --git a/sshd_config.0 b/sshd_config.0 index 545b9a89c..1b732197c 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
@@ -210,7 +210,7 @@ DESCRIPTION | |||
210 | Specifies which algorithms are allowed for signing of | 210 | Specifies which algorithms are allowed for signing of |
211 | certificates by certificate authorities (CAs). The default is: | 211 | certificates by certificate authorities (CAs). The default is: |
212 | 212 | ||
213 | ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 213 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
214 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | 214 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa |
215 | 215 | ||
216 | Certificates signed using other algorithms will not be accepted | 216 | Certificates signed using other algorithms will not be accepted |
@@ -249,11 +249,13 @@ DESCRIPTION | |||
249 | 249 | ||
250 | Ciphers | 250 | Ciphers |
251 | Specifies the ciphers allowed. Multiple ciphers must be comma- | 251 | Specifies the ciphers allowed. Multiple ciphers must be comma- |
252 | separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | 252 | separated. If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, |
253 | then the specified ciphers will be appended to the default set | 253 | then the specified ciphers will be appended to the default set |
254 | instead of replacing them. If the specified value begins with a | 254 | instead of replacing them. If the specified list begins with a |
255 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards) | 255 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards) |
256 | will be removed from the default set instead of replacing them. | 256 | will be removed from the default set instead of replacing them. |
257 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the | ||
258 | specified ciphers will be placed at the head of the default set. | ||
257 | 259 | ||
258 | The supported ciphers are: | 260 | The supported ciphers are: |
259 | 261 | ||
@@ -288,7 +290,7 @@ DESCRIPTION | |||
288 | spoofable. The TCP keepalive option enabled by TCPKeepAlive is | 290 | spoofable. The TCP keepalive option enabled by TCPKeepAlive is |
289 | spoofable. The client alive mechanism is valuable when the | 291 | spoofable. The client alive mechanism is valuable when the |
290 | client or server depend on knowing when a connection has become | 292 | client or server depend on knowing when a connection has become |
291 | inactive. | 293 | unresponsive. |
292 | 294 | ||
293 | The default value is 3. If ClientAliveInterval is set to 15, and | 295 | The default value is 3. If ClientAliveInterval is set to 15, and |
294 | ClientAliveCountMax is left at the default, unresponsive SSH | 296 | ClientAliveCountMax is left at the default, unresponsive SSH |
@@ -393,12 +395,14 @@ DESCRIPTION | |||
393 | HostbasedAcceptedKeyTypes | 395 | HostbasedAcceptedKeyTypes |
394 | Specifies the key types that will be accepted for hostbased | 396 | Specifies the key types that will be accepted for hostbased |
395 | authentication as a list of comma-separated patterns. | 397 | authentication as a list of comma-separated patterns. |
396 | Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | 398 | Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, |
397 | then the specified key types will be appended to the default set | 399 | then the specified key types will be appended to the default set |
398 | instead of replacing them. If the specified value begins with a | 400 | instead of replacing them. If the specified list begins with a |
399 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) | 401 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) |
400 | will be removed from the default set instead of replacing them. | 402 | will be removed from the default set instead of replacing them. |
401 | The default for this option is: | 403 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the |
404 | specified key types will be placed at the head of the default | ||
405 | set. The default for this option is: | ||
402 | 406 | ||
403 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 407 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
404 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 408 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
@@ -524,12 +528,13 @@ DESCRIPTION | |||
524 | KexAlgorithms | 528 | KexAlgorithms |
525 | Specifies the available KEX (Key Exchange) algorithms. Multiple | 529 | Specifies the available KEX (Key Exchange) algorithms. Multiple |
526 | algorithms must be comma-separated. Alternately if the specified | 530 | algorithms must be comma-separated. Alternately if the specified |
527 | value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods | 531 | list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods will |
528 | will be appended to the default set instead of replacing them. | 532 | be appended to the default set instead of replacing them. If the |
529 | If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the | 533 | specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified |
530 | specified methods (including wildcards) will be removed from the | 534 | methods (including wildcards) will be removed from the default |
531 | default set instead of replacing them. The supported algorithms | 535 | set instead of replacing them. If the specified list begins with |
532 | are: | 536 | a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified methods will be placed at the |
537 | head of the default set. The supported algorithms are: | ||
533 | 538 | ||
534 | curve25519-sha256 | 539 | curve25519-sha256 |
535 | curve25519-sha256@libssh.org | 540 | curve25519-sha256@libssh.org |
@@ -588,11 +593,14 @@ DESCRIPTION | |||
588 | MACs Specifies the available MAC (message authentication code) | 593 | MACs Specifies the available MAC (message authentication code) |
589 | algorithms. The MAC algorithm is used for data integrity | 594 | algorithms. The MAC algorithm is used for data integrity |
590 | protection. Multiple algorithms must be comma-separated. If the | 595 | protection. Multiple algorithms must be comma-separated. If the |
591 | specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified | 596 | specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified |
592 | algorithms will be appended to the default set instead of | 597 | algorithms will be appended to the default set instead of |
593 | replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y | 598 | replacing them. If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y |
594 | character, then the specified algorithms (including wildcards) | 599 | character, then the specified algorithms (including wildcards) |
595 | will be removed from the default set instead of replacing them. | 600 | will be removed from the default set instead of replacing them. |
601 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the | ||
602 | specified algorithms will be placed at the head of the default | ||
603 | set. | ||
596 | 604 | ||
597 | The algorithms that contain "-etm" calculate the MAC after | 605 | The algorithms that contain "-etm" calculate the MAC after |
598 | encryption (encrypt-then-mac). These are considered safer and | 606 | encryption (encrypt-then-mac). These are considered safer and |
@@ -668,7 +676,7 @@ DESCRIPTION | |||
668 | PermitTTY, PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, | 676 | PermitTTY, PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, |
669 | PubkeyAuthentication, RekeyLimit, RevokedKeys, RDomain, SetEnv, | 677 | PubkeyAuthentication, RekeyLimit, RevokedKeys, RDomain, SetEnv, |
670 | StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys, | 678 | StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys, |
671 | X11DisplayOffset, X11Forwarding and X11UseLocalHost. | 679 | X11DisplayOffset, X11Forwarding and X11UseLocalhost. |
672 | 680 | ||
673 | MaxAuthTries | 681 | MaxAuthTries |
674 | Specifies the maximum number of authentication attempts permitted | 682 | Specifies the maximum number of authentication attempts permitted |
@@ -811,12 +819,14 @@ DESCRIPTION | |||
811 | PubkeyAcceptedKeyTypes | 819 | PubkeyAcceptedKeyTypes |
812 | Specifies the key types that will be accepted for public key | 820 | Specifies the key types that will be accepted for public key |
813 | authentication as a list of comma-separated patterns. | 821 | authentication as a list of comma-separated patterns. |
814 | Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | 822 | Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, |
815 | then the specified key types will be appended to the default set | 823 | then the specified key types will be appended to the default set |
816 | instead of replacing them. If the specified value begins with a | 824 | instead of replacing them. If the specified list begins with a |
817 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) | 825 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) |
818 | will be removed from the default set instead of replacing them. | 826 | will be removed from the default set instead of replacing them. |
819 | The default for this option is: | 827 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the |
828 | specified key types will be placed at the head of the default | ||
829 | set. The default for this option is: | ||
820 | 830 | ||
821 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 831 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
822 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 832 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
@@ -1089,4 +1099,4 @@ AUTHORS | |||
1089 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 1099 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
1090 | for privilege separation. | 1100 | for privilege separation. |
1091 | 1101 | ||
1092 | OpenBSD 6.5 March 22, 2019 OpenBSD 6.5 | 1102 | OpenBSD 6.6 September 6, 2019 OpenBSD 6.6 |