summaryrefslogtreecommitdiff
path: root/sshd_config.5
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2017-02-03 23:01:19 +0000
committerDamien Miller <djm@mindrot.org>2017-02-04 10:08:15 +1100
commit68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 (patch)
tree4b2ddc75ee7ac985570c4e85c37abfd8f7be4f47 /sshd_config.5
parentc924b2ef941028a1f31e6e94f54dfeeeef462a4e (diff)
upstream commit
support =- for removing methods from algorithms lists, e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like it" markus@ Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
Diffstat (limited to 'sshd_config.5')
-rw-r--r--sshd_config.524
1 files changed, 22 insertions, 2 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 935fda4b7..454e46e0b 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd_config.5,v 1.241 2017/01/06 16:28:12 jmc Exp $ 36.\" $OpenBSD: sshd_config.5,v 1.242 2017/02/03 23:01:19 djm Exp $
37.Dd $Mdocdate: January 6 2017 $ 37.Dd $Mdocdate: February 3 2017 $
38.Dt SSHD_CONFIG 5 38.Dt SSHD_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -437,6 +437,10 @@ If the specified value begins with a
437.Sq + 437.Sq +
438character, then the specified ciphers will be appended to the default set 438character, then the specified ciphers will be appended to the default set
439instead of replacing them. 439instead of replacing them.
440If the specified value begins with a
441.Sq -
442character, then the specified ciphers (including wildcards) will be removed
443from the default set instead of replacing them.
440.Pp 444.Pp
441The supported ciphers are: 445The supported ciphers are:
442.Pp 446.Pp
@@ -649,6 +653,10 @@ Alternately if the specified value begins with a
649.Sq + 653.Sq +
650character, then the specified key types will be appended to the default set 654character, then the specified key types will be appended to the default set
651instead of replacing them. 655instead of replacing them.
656If the specified value begins with a
657.Sq -
658character, then the specified key types (including wildcards) will be removed
659from the default set instead of replacing them.
652The default for this option is: 660The default for this option is:
653.Bd -literal -offset 3n 661.Bd -literal -offset 3n
654ecdsa-sha2-nistp256-cert-v01@openssh.com, 662ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -843,6 +851,10 @@ Alternately if the specified value begins with a
843.Sq + 851.Sq +
844character, then the specified methods will be appended to the default set 852character, then the specified methods will be appended to the default set
845instead of replacing them. 853instead of replacing them.
854If the specified value begins with a
855.Sq -
856character, then the specified methods (including wildcards) will be removed
857from the default set instead of replacing them.
846The supported algorithms are: 858The supported algorithms are:
847.Pp 859.Pp
848.Bl -item -compact -offset indent 860.Bl -item -compact -offset indent
@@ -933,6 +945,10 @@ If the specified value begins with a
933.Sq + 945.Sq +
934character, then the specified algorithms will be appended to the default set 946character, then the specified algorithms will be appended to the default set
935instead of replacing them. 947instead of replacing them.
948If the specified value begins with a
949.Sq -
950character, then the specified algorithms (including wildcards) will be removed
951from the default set instead of replacing them.
936.Pp 952.Pp
937The algorithms that contain 953The algorithms that contain
938.Qq -etm 954.Qq -etm
@@ -1280,6 +1296,10 @@ Alternately if the specified value begins with a
1280.Sq + 1296.Sq +
1281character, then the specified key types will be appended to the default set 1297character, then the specified key types will be appended to the default set
1282instead of replacing them. 1298instead of replacing them.
1299If the specified value begins with a
1300.Sq -
1301character, then the specified key types (including wildcards) will be removed
1302from the default set instead of replacing them.
1283The default for this option is: 1303The default for this option is:
1284.Bd -literal -offset 3n 1304.Bd -literal -offset 3n
1285ecdsa-sha2-nistp256-cert-v01@openssh.com, 1305ecdsa-sha2-nistp256-cert-v01@openssh.com,