diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-02-03 23:01:19 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-02-04 10:08:15 +1100 |
| commit | 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 (patch) | |
| tree | 4b2ddc75ee7ac985570c4e85c37abfd8f7be4f47 /sshd_config.5 | |
| parent | c924b2ef941028a1f31e6e94f54dfeeeef462a4e (diff) | |
upstream commit
support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@
Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 935fda4b7..454e46e0b 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: sshd_config.5,v 1.241 2017/01/06 16:28:12 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.242 2017/02/03 23:01:19 djm Exp $ |
| 37 | .Dd $Mdocdate: January 6 2017 $ | 37 | .Dd $Mdocdate: February 3 2017 $ |
| 38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -437,6 +437,10 @@ If the specified value begins with a | |||
| 437 | .Sq + | 437 | .Sq + |
| 438 | character, then the specified ciphers will be appended to the default set | 438 | character, then the specified ciphers will be appended to the default set |
| 439 | instead of replacing them. | 439 | instead of replacing them. |
| 440 | If the specified value begins with a | ||
| 441 | .Sq - | ||
| 442 | character, then the specified ciphers (including wildcards) will be removed | ||
| 443 | from the default set instead of replacing them. | ||
| 440 | .Pp | 444 | .Pp |
| 441 | The supported ciphers are: | 445 | The supported ciphers are: |
| 442 | .Pp | 446 | .Pp |
| @@ -649,6 +653,10 @@ Alternately if the specified value begins with a | |||
| 649 | .Sq + | 653 | .Sq + |
| 650 | character, then the specified key types will be appended to the default set | 654 | character, then the specified key types will be appended to the default set |
| 651 | instead of replacing them. | 655 | instead of replacing them. |
| 656 | If the specified value begins with a | ||
| 657 | .Sq - | ||
| 658 | character, then the specified key types (including wildcards) will be removed | ||
| 659 | from the default set instead of replacing them. | ||
| 652 | The default for this option is: | 660 | The default for this option is: |
| 653 | .Bd -literal -offset 3n | 661 | .Bd -literal -offset 3n |
| 654 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 662 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
| @@ -843,6 +851,10 @@ Alternately if the specified value begins with a | |||
| 843 | .Sq + | 851 | .Sq + |
| 844 | character, then the specified methods will be appended to the default set | 852 | character, then the specified methods will be appended to the default set |
| 845 | instead of replacing them. | 853 | instead of replacing them. |
| 854 | If the specified value begins with a | ||
| 855 | .Sq - | ||
| 856 | character, then the specified methods (including wildcards) will be removed | ||
| 857 | from the default set instead of replacing them. | ||
| 846 | The supported algorithms are: | 858 | The supported algorithms are: |
| 847 | .Pp | 859 | .Pp |
| 848 | .Bl -item -compact -offset indent | 860 | .Bl -item -compact -offset indent |
| @@ -933,6 +945,10 @@ If the specified value begins with a | |||
| 933 | .Sq + | 945 | .Sq + |
| 934 | character, then the specified algorithms will be appended to the default set | 946 | character, then the specified algorithms will be appended to the default set |
| 935 | instead of replacing them. | 947 | instead of replacing them. |
| 948 | If the specified value begins with a | ||
| 949 | .Sq - | ||
| 950 | character, then the specified algorithms (including wildcards) will be removed | ||
| 951 | from the default set instead of replacing them. | ||
| 936 | .Pp | 952 | .Pp |
| 937 | The algorithms that contain | 953 | The algorithms that contain |
| 938 | .Qq -etm | 954 | .Qq -etm |
| @@ -1280,6 +1296,10 @@ Alternately if the specified value begins with a | |||
| 1280 | .Sq + | 1296 | .Sq + |
| 1281 | character, then the specified key types will be appended to the default set | 1297 | character, then the specified key types will be appended to the default set |
| 1282 | instead of replacing them. | 1298 | instead of replacing them. |
| 1299 | If the specified value begins with a | ||
| 1300 | .Sq - | ||
| 1301 | character, then the specified key types (including wildcards) will be removed | ||
| 1302 | from the default set instead of replacing them. | ||
| 1283 | The default for this option is: | 1303 | The default for this option is: |
| 1284 | .Bd -literal -offset 3n | 1304 | .Bd -literal -offset 3n |
| 1285 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 1305 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |