* New upstream release (http://www.openssh.org/txt/release-5.7):

- Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. - sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. It is available through the "ln" command in the client. The old "ln" behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command. - scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host (closes: #508613). - ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. This allows the mux clients to determine that the server socket is either ready or stale without races (closes: #454784). Stale server sockets are now automatically removed (closes: #523250). - ssh(1): install a SIGCHLD handler to reap expired child process (closes: #594687). - ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent temporary directories (closes: #357469, although only if you arrange for ssh-agent to actually see $TMPDIR since the setgid bit will cause it to be stripped off).
author: Colin Watson <cjwatson@debian.org> 2011-01-24 12:43:25 +0000
committer: Colin Watson <cjwatson@debian.org> 2011-01-24 12:43:25 +0000
commit: 626f1d986ff72aa514da63e34744e1de9cf21b9a (patch)
tree: d215a5280bc2e57251e4a9e08bfd3674ad824a94 /sshd_config.5
parent: 6ed622cb6fe8f71bbe0d998cdd12280410bfb420 (diff)
parent: 0970072c89b079b022538e3c366fbfa2c53fc821 (diff)
1 files changed, 55 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index a5e20d1e8..e7a5f0a08 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -1,4 +1,3 @@
-.\"  -*- nroff -*-
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $
-.Dd $Mdocdate: June 30 2010 $
+.Dd $Mdocdate: December 8 2010 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -529,9 +528,10 @@ used by SSH.
 The default is
 .Pa /etc/ssh/ssh_host_key
 for protocol version 1, and
-.Pa /etc/ssh/ssh_host_rsa_key
+.Pa /etc/ssh/ssh_host_dsa_key ,
+.Pa /etc/ssh/ssh_host_ecdsa_key
 and
-.Pa /etc/ssh/ssh_host_dsa_key
+.Pa /etc/ssh/ssh_host_rsa_key
 for protocol version 2.
 Note that
 .Xr sshd 8
@@ -539,7 +539,8 @@ will refuse to use a file if it is group/world-accessible.
 It is possible to have multiple host key files.
 .Dq rsa1
 keys are used for version 1 and
-.Dq dsa
+.Dq dsa ,
+.Dq ecdsa
 or
 .Dq rsa
 are used for version 2 of the SSH protocol.
@@ -570,6 +571,43 @@ or
 .Cm HostbasedAuthentication .
 The default is
 .Dq no .
+.It Cm IPQoS
+Specifies the IPv4 type-of-service or DSCP class for the connection.
+Accepted values are
+.Dq af11 ,
+.Dq af12 ,
+.Dq af13 ,
+.Dq af14 ,
+.Dq af22 ,
+.Dq af23 ,
+.Dq af31 ,
+.Dq af32 ,
+.Dq af33 ,
+.Dq af41 ,
+.Dq af42 ,
+.Dq af43 ,
+.Dq cs0 ,
+.Dq cs1 ,
+.Dq cs2 ,
+.Dq cs3 ,
+.Dq cs4 ,
+.Dq cs5 ,
+.Dq cs6 ,
+.Dq cs7 ,
+.Dq ef ,
+.Dq lowdelay ,
+.Dq throughput ,
+.Dq reliability ,
+or a numeric value.
+This option may take one or two arguments, separated by whitespace.
+If one argument is specified, it is used as the packet class unconditionally.
+If two values are specified, the first is automatically selected for
+interactive sessions and the second for non-interactive sessions.
+The default is
+.Dq lowdelay
+for interactive sessions and
+.Dq throughput
+for non-interactive sessions.
 .It Cm KerberosAuthentication
 Specifies whether the password provided by the user for
 .Cm PasswordAuthentication
@@ -595,6 +633,17 @@ Specifies whether to automatically destroy the user's ticket cache
 file on logout.
 The default is
 .Dq yes .
+.It Cm KexAlgorithms
+Specifies the available KEX (Key Exchange) algorithms.
+Multiple algorithms must be comma-separated.
+The default is
+.Dq ecdh-sha2-nistp256 ,
+.Dq ecdh-sha2-nistp384 ,
+.Dq ecdh-sha2-nistp521 ,
+.Dq diffie-hellman-group-exchange-sha256 ,
+.Dq diffie-hellman-group-exchange-sha1 ,
+.Dq diffie-hellman-group14-sha1 ,
+.Dq diffie-hellman-group1-sha1 .
 .It Cm KeyRegenerationInterval
 In protocol version 1, the ephemeral server key is automatically regenerated
 after this many seconds (if it has been used).
author	Colin Watson <cjwatson@debian.org>	2011-01-24 12:43:25 +0000
committer	Colin Watson <cjwatson@debian.org>	2011-01-24 12:43:25 +0000
commit	626f1d986ff72aa514da63e34744e1de9cf21b9a (patch)
tree	d215a5280bc2e57251e4a9e08bfd3674ad824a94 /sshd_config.5
parent	6ed622cb6fe8f71bbe0d998cdd12280410bfb420 (diff)
parent	0970072c89b079b022538e3c366fbfa2c53fc821 (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index a5e20d1e8..e7a5f0a08 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -1,4 +1,3 @@
1	.\" -- nroff --
2	.\"	1	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	2	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +33,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	35	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $
38	.Dd $Mdocdate: June 30 2010 $	37	.Dd $Mdocdate: December 8 2010 $
39	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
40	.Os	39	.Os
41	.Sh NAME	40	.Sh NAME
@@ -529,9 +528,10 @@ used by SSH.
529	The default is	528	The default is
530	.Pa /etc/ssh/ssh_host_key	529	.Pa /etc/ssh/ssh_host_key
531	for protocol version 1, and	530	for protocol version 1, and
532	.Pa /etc/ssh/ssh_host_rsa_key	531	.Pa /etc/ssh/ssh_host_dsa_key ,
		532	.Pa /etc/ssh/ssh_host_ecdsa_key
533	and	533	and
534	.Pa /etc/ssh/ssh_host_dsa_key	534	.Pa /etc/ssh/ssh_host_rsa_key
535	for protocol version 2.	535	for protocol version 2.
536	Note that	536	Note that
537	.Xr sshd 8	537	.Xr sshd 8
@@ -539,7 +539,8 @@ will refuse to use a file if it is group/world-accessible.
539	It is possible to have multiple host key files.	539	It is possible to have multiple host key files.
540	.Dq rsa1	540	.Dq rsa1
541	keys are used for version 1 and	541	keys are used for version 1 and
542	.Dq dsa	542	.Dq dsa ,
		543	.Dq ecdsa
543	or	544	or
544	.Dq rsa	545	.Dq rsa
545	are used for version 2 of the SSH protocol.	546	are used for version 2 of the SSH protocol.
@@ -570,6 +571,43 @@ or
570	.Cm HostbasedAuthentication .	571	.Cm HostbasedAuthentication .
571	The default is	572	The default is
572	.Dq no .	573	.Dq no .
		574	.It Cm IPQoS
		575	Specifies the IPv4 type-of-service or DSCP class for the connection.
		576	Accepted values are
		577	.Dq af11 ,
		578	.Dq af12 ,
		579	.Dq af13 ,
		580	.Dq af14 ,
		581	.Dq af22 ,
		582	.Dq af23 ,
		583	.Dq af31 ,
		584	.Dq af32 ,
		585	.Dq af33 ,
		586	.Dq af41 ,
		587	.Dq af42 ,
		588	.Dq af43 ,
		589	.Dq cs0 ,
		590	.Dq cs1 ,
		591	.Dq cs2 ,
		592	.Dq cs3 ,
		593	.Dq cs4 ,
		594	.Dq cs5 ,
		595	.Dq cs6 ,
		596	.Dq cs7 ,
		597	.Dq ef ,
		598	.Dq lowdelay ,
		599	.Dq throughput ,
		600	.Dq reliability ,
		601	or a numeric value.
		602	This option may take one or two arguments, separated by whitespace.
		603	If one argument is specified, it is used as the packet class unconditionally.
		604	If two values are specified, the first is automatically selected for
		605	interactive sessions and the second for non-interactive sessions.
		606	The default is
		607	.Dq lowdelay
		608	for interactive sessions and
		609	.Dq throughput
		610	for non-interactive sessions.
573	.It Cm KerberosAuthentication	611	.It Cm KerberosAuthentication
574	Specifies whether the password provided by the user for	612	Specifies whether the password provided by the user for
575	.Cm PasswordAuthentication	613	.Cm PasswordAuthentication
@@ -595,6 +633,17 @@ Specifies whether to automatically destroy the user's ticket cache
595	file on logout.	633	file on logout.
596	The default is	634	The default is
597	.Dq yes .	635	.Dq yes .
		636	.It Cm KexAlgorithms
		637	Specifies the available KEX (Key Exchange) algorithms.
		638	Multiple algorithms must be comma-separated.
		639	The default is
		640	.Dq ecdh-sha2-nistp256 ,
		641	.Dq ecdh-sha2-nistp384 ,
		642	.Dq ecdh-sha2-nistp521 ,
		643	.Dq diffie-hellman-group-exchange-sha256 ,
		644	.Dq diffie-hellman-group-exchange-sha1 ,
		645	.Dq diffie-hellman-group14-sha1 ,
		646	.Dq diffie-hellman-group1-sha1 .
598	.It Cm KeyRegenerationInterval	647	.It Cm KeyRegenerationInterval
599	In protocol version 1, the ephemeral server key is automatically regenerated	648	In protocol version 1, the ephemeral server key is automatically regenerated
600	after this many seconds (if it has been used).	649	after this many seconds (if it has been used).