diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-07-30 00:01:34 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-07-30 12:32:16 +1000 |
commit | f9eca249d4961f28ae4b09186d7dc91de74b5895 (patch) | |
tree | f4c86ae2043499a6ed7f8c736f0cd5e1f483102c /sshd_config.5 | |
parent | 5cefe769105a2a2e3ca7479d28d9a325d5ef0163 (diff) |
upstream commit
Allow ssh_config and sshd_config kex parameters options be
prefixed by a '+' to indicate that the specified items be appended to the
default rather than replacing it.
approach suggested by dtucker@, feedback dlg@, ok markus@
Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 0614531c5..2808576a9 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.207 2015/07/20 00:30:01 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.208 2015/07/30 00:01:34 djm Exp $ |
37 | .Dd $Mdocdate: July 20 2015 $ | 37 | .Dd $Mdocdate: July 30 2015 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -434,6 +434,11 @@ The default is not to | |||
434 | .It Cm Ciphers | 434 | .It Cm Ciphers |
435 | Specifies the ciphers allowed for protocol version 2. | 435 | Specifies the ciphers allowed for protocol version 2. |
436 | Multiple ciphers must be comma-separated. | 436 | Multiple ciphers must be comma-separated. |
437 | If the specified value begins with a | ||
438 | .Sq + | ||
439 | character, then the specified ciphers will be appended to the default set | ||
440 | instead of replacing them. | ||
441 | .Pp | ||
437 | The supported ciphers are: | 442 | The supported ciphers are: |
438 | .Pp | 443 | .Pp |
439 | .Bl -item -compact -offset indent | 444 | .Bl -item -compact -offset indent |
@@ -640,6 +645,10 @@ The default is | |||
640 | .It Cm HostbasedAcceptedKeyTypes | 645 | .It Cm HostbasedAcceptedKeyTypes |
641 | Specifies the key types that will be accepted for hostbased authentication | 646 | Specifies the key types that will be accepted for hostbased authentication |
642 | as a comma-separated pattern list. | 647 | as a comma-separated pattern list. |
648 | Alternately if the specified value begins with a | ||
649 | .Sq + | ||
650 | character, then the specified key types will be appended to the default set | ||
651 | instead of replacing them. | ||
643 | The default for this option is: | 652 | The default for this option is: |
644 | .Bd -literal -offset 3n | 653 | .Bd -literal -offset 3n |
645 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 654 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
@@ -855,6 +864,10 @@ The default is | |||
855 | .It Cm KexAlgorithms | 864 | .It Cm KexAlgorithms |
856 | Specifies the available KEX (Key Exchange) algorithms. | 865 | Specifies the available KEX (Key Exchange) algorithms. |
857 | Multiple algorithms must be comma-separated. | 866 | Multiple algorithms must be comma-separated. |
867 | Alternately if the specified value begins with a | ||
868 | .Sq + | ||
869 | character, then the specified methods will be appended to the default set | ||
870 | instead of replacing them. | ||
858 | The supported algorithms are: | 871 | The supported algorithms are: |
859 | .Pp | 872 | .Pp |
860 | .Bl -item -compact -offset indent | 873 | .Bl -item -compact -offset indent |
@@ -953,6 +966,11 @@ Specifies the available MAC (message authentication code) algorithms. | |||
953 | The MAC algorithm is used in protocol version 2 | 966 | The MAC algorithm is used in protocol version 2 |
954 | for data integrity protection. | 967 | for data integrity protection. |
955 | Multiple algorithms must be comma-separated. | 968 | Multiple algorithms must be comma-separated. |
969 | If the specified value begins with a | ||
970 | .Sq + | ||
971 | character, then the specified algorithms will be appended to the default set | ||
972 | instead of replacing them. | ||
973 | .Pp | ||
956 | The algorithms that contain | 974 | The algorithms that contain |
957 | .Dq -etm | 975 | .Dq -etm |
958 | calculate the MAC after encryption (encrypt-then-mac). | 976 | calculate the MAC after encryption (encrypt-then-mac). |
@@ -1313,6 +1331,10 @@ is identical to | |||
1313 | .It Cm PubkeyAcceptedKeyTypes | 1331 | .It Cm PubkeyAcceptedKeyTypes |
1314 | Specifies the key types that will be accepted for public key authentication | 1332 | Specifies the key types that will be accepted for public key authentication |
1315 | as a comma-separated pattern list. | 1333 | as a comma-separated pattern list. |
1334 | Alternately if the specified value begins with a | ||
1335 | .Sq + | ||
1336 | character, then the specified key types will be appended to the default set | ||
1337 | instead of replacing them. | ||
1316 | The default for this option is: | 1338 | The default for this option is: |
1317 | .Bd -literal -offset 3n | 1339 | .Bd -literal -offset 3n |
1318 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 1340 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |