import openssh-4.2p1-gsskex-20050926-2.patch

author: Colin Watson <cjwatson@debian.org> 2009-12-29 21:32:03 +0000
committer: Colin Watson <cjwatson@debian.org> 2009-12-29 21:32:03 +0000
commit: 04942aa41fa94ec6f2c3ce1d348f600f31bb7c78 (patch)
tree: af8e928bd79d3f2d0219bb5b2c78b573ec31d94c /sshd_config.5
parent: 9ad7b718d42e43f3a285fcbc8f91193931fce324 (diff)
parent: 16704d57999d987fb8d9ba53379841a79f016d67 (diff)
1 files changed, 28 insertions, 17 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 8d291e61d..5af4b1b27 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.44 2005/07/25 11:59:40 markus Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -168,24 +168,18 @@ The supported ciphers are
 .Dq aes128-ctr ,
 .Dq aes192-ctr ,
 .Dq aes256-ctr ,
+.Dq arcfour128 ,
+.Dq arcfour256 ,
 .Dq arcfour ,
 .Dq blowfish-cbc ,
 and
 .Dq cast128-cbc .
 The default is
 .Bd -literal
-  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
+  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
-    aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr''
+    arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
+    aes192-ctr,aes256-ctr''
 .Ed
-.It Cm ClientAliveInterval
-Sets a timeout interval in seconds after which if no data has been received
-from the client,
-.Nm sshd
-will send a message through the encrypted
-channel to request a response from the client.
-The default
-is 0, indicating that these messages will not be sent to the client.
-This option applies to protocol version 2 only.
 .It Cm ClientAliveCountMax
 Sets the number of client alive messages (see above) which may be
 sent without
@@ -213,14 +207,25 @@ If
 .Cm ClientAliveCountMax
 is left at the default, unresponsive ssh clients
 will be disconnected after approximately 45 seconds.
+.It Cm ClientAliveInterval
+Sets a timeout interval in seconds after which if no data has been received
+from the client,
+.Nm sshd
+will send a message through the encrypted
+channel to request a response from the client.
+The default
+is 0, indicating that these messages will not be sent to the client.
+This option applies to protocol version 2 only.
 .It Cm Compression
-Specifies whether compression is allowed.
+Specifies whether compression is allowed, or delayed until
+the user has authenticated successfully.
 The argument must be
-.Dq yes
+.Dq yes ,
+.Dq delayed ,
 or
 .Dq no .
 The default is
-.Dq yes .
+.Dq delayed .
 .It Cm DenyGroups
 This keyword can be followed by a list of group name patterns, separated
 by spaces.
@@ -272,6 +277,12 @@ Specifies whether user authentication based on GSSAPI is allowed.
 The default is
 .Dq no .
 Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIKeyExchange
+Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange 
+doesn't rely on ssh keys to verify host identity.
+The default is
+.Dq no .
+Note that this option applies to protocol version 2 only.
 .It Cm GSSAPICleanupCredentials
 Specifies whether to automatically destroy the user's credentials cache
 on logout.
@@ -327,7 +338,7 @@ The default is
 Specifies whether
 .Nm sshd
 should ignore the user's
-.Pa $HOME/.ssh/known_hosts
+.Pa ~/.ssh/known_hosts
 during
 .Cm RhostsRSAAuthentication
 or
@@ -630,7 +641,7 @@ To disable TCP keepalive messages, the value should be set to
 .It Cm UseDNS
 Specifies whether
 .Nm sshd
-should lookup the remote host name and check that
+should look up the remote host name and check that
 the resolved host name for the remote IP address maps back to the
 very same IP address.
 The default is
author	Colin Watson <cjwatson@debian.org>	2009-12-29 21:32:03 +0000
committer	Colin Watson <cjwatson@debian.org>	2009-12-29 21:32:03 +0000
commit	04942aa41fa94ec6f2c3ce1d348f600f31bb7c78 (patch)
tree	af8e928bd79d3f2d0219bb5b2c78b573ec31d94c /sshd_config.5
parent	9ad7b718d42e43f3a285fcbc8f91193931fce324 (diff)
parent	16704d57999d987fb8d9ba53379841a79f016d67 (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index 8d291e61d..5af4b1b27 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $	37	.\" $OpenBSD: sshd_config.5,v 1.44 2005/07/25 11:59:40 markus Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD_CONFIG 5	39	.Dt SSHD_CONFIG 5
40	.Os	40	.Os
@@ -168,24 +168,18 @@ The supported ciphers are
168	.Dq aes128-ctr ,	168	.Dq aes128-ctr ,
169	.Dq aes192-ctr ,	169	.Dq aes192-ctr ,
170	.Dq aes256-ctr ,	170	.Dq aes256-ctr ,
		171	.Dq arcfour128 ,
		172	.Dq arcfour256 ,
171	.Dq arcfour ,	173	.Dq arcfour ,
172	.Dq blowfish-cbc ,	174	.Dq blowfish-cbc ,
173	and	175	and
174	.Dq cast128-cbc .	176	.Dq cast128-cbc .
175	The default is	177	The default is
176	.Bd -literal	178	.Bd -literal
177	``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,	179	``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
178	aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr''	180	arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
		181	aes192-ctr,aes256-ctr''
179	.Ed	182	.Ed
180	.It Cm ClientAliveInterval
181	Sets a timeout interval in seconds after which if no data has been received
182	from the client,
183	.Nm sshd
184	will send a message through the encrypted
185	channel to request a response from the client.
186	The default
187	is 0, indicating that these messages will not be sent to the client.
188	This option applies to protocol version 2 only.
189	.It Cm ClientAliveCountMax	183	.It Cm ClientAliveCountMax
190	Sets the number of client alive messages (see above) which may be	184	Sets the number of client alive messages (see above) which may be
191	sent without	185	sent without
@@ -213,14 +207,25 @@ If
213	.Cm ClientAliveCountMax	207	.Cm ClientAliveCountMax
214	is left at the default, unresponsive ssh clients	208	is left at the default, unresponsive ssh clients
215	will be disconnected after approximately 45 seconds.	209	will be disconnected after approximately 45 seconds.
		210	.It Cm ClientAliveInterval
		211	Sets a timeout interval in seconds after which if no data has been received
		212	from the client,
		213	.Nm sshd
		214	will send a message through the encrypted
		215	channel to request a response from the client.
		216	The default
		217	is 0, indicating that these messages will not be sent to the client.
		218	This option applies to protocol version 2 only.
216	.It Cm Compression	219	.It Cm Compression
217	Specifies whether compression is allowed.	220	Specifies whether compression is allowed, or delayed until
		221	the user has authenticated successfully.
218	The argument must be	222	The argument must be
219	.Dq yes	223	.Dq yes ,
		224	.Dq delayed ,
220	or	225	or
221	.Dq no .	226	.Dq no .
222	The default is	227	The default is
223	.Dq yes .	228	.Dq delayed .
224	.It Cm DenyGroups	229	.It Cm DenyGroups
225	This keyword can be followed by a list of group name patterns, separated	230	This keyword can be followed by a list of group name patterns, separated
226	by spaces.	231	by spaces.
@@ -272,6 +277,12 @@ Specifies whether user authentication based on GSSAPI is allowed.
272	The default is	277	The default is
273	.Dq no .	278	.Dq no .
274	Note that this option applies to protocol version 2 only.	279	Note that this option applies to protocol version 2 only.
		280	.It Cm GSSAPIKeyExchange
		281	Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
		282	doesn't rely on ssh keys to verify host identity.
		283	The default is
		284	.Dq no .
		285	Note that this option applies to protocol version 2 only.
275	.It Cm GSSAPICleanupCredentials	286	.It Cm GSSAPICleanupCredentials
276	Specifies whether to automatically destroy the user's credentials cache	287	Specifies whether to automatically destroy the user's credentials cache
277	on logout.	288	on logout.
@@ -327,7 +338,7 @@ The default is
327	Specifies whether	338	Specifies whether
328	.Nm sshd	339	.Nm sshd
329	should ignore the user's	340	should ignore the user's
330	.Pa $HOME/.ssh/known_hosts	341	.Pa ~/.ssh/known_hosts
331	during	342	during
332	.Cm RhostsRSAAuthentication	343	.Cm RhostsRSAAuthentication
333	or	344	or
@@ -630,7 +641,7 @@ To disable TCP keepalive messages, the value should be set to
630	.It Cm UseDNS	641	.It Cm UseDNS
631	Specifies whether	642	Specifies whether
632	.Nm sshd	643	.Nm sshd
633	should lookup the remote host name and check that	644	should look up the remote host name and check that
634	the resolved host name for the remote IP address maps back to the	645	the resolved host name for the remote IP address maps back to the
635	very same IP address.	646	very same IP address.
636	The default is	647	The default is