diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-07-04 13:49:31 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-04 23:51:52 +1000 |
commit | 312d2f2861a2598ed08587cb6c45c0e98a85408f (patch) | |
tree | e3bdc4facef48a89cd76fa793d9e70211b7ff8d2 /sshd_config.5 | |
parent | 303af5803bd74bf05d375c04e1a83b40c30b2be5 (diff) |
upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA
signature work - returns ability to add/remove/specify algorithms by
wildcard.
Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.
Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.
(lots of) feedback, ok markus@
OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index cc019ec7d..aa888796e 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.279 2018/07/03 11:39:54 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.280 2018/07/04 13:49:31 djm Exp $ |
37 | .Dd $Mdocdate: July 3 2018 $ | 37 | .Dd $Mdocdate: July 4 2018 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -659,7 +659,7 @@ The default is | |||
659 | .Cm yes . | 659 | .Cm yes . |
660 | .It Cm HostbasedAcceptedKeyTypes | 660 | .It Cm HostbasedAcceptedKeyTypes |
661 | Specifies the key types that will be accepted for hostbased authentication | 661 | Specifies the key types that will be accepted for hostbased authentication |
662 | as a comma-separated pattern list. | 662 | as a list of comma-separated patterns. |
663 | Alternately if the specified value begins with a | 663 | Alternately if the specified value begins with a |
664 | .Sq + | 664 | .Sq + |
665 | character, then the specified key types will be appended to the default set | 665 | character, then the specified key types will be appended to the default set |
@@ -1386,7 +1386,7 @@ The default is | |||
1386 | .Cm yes . | 1386 | .Cm yes . |
1387 | .It Cm PubkeyAcceptedKeyTypes | 1387 | .It Cm PubkeyAcceptedKeyTypes |
1388 | Specifies the key types that will be accepted for public key authentication | 1388 | Specifies the key types that will be accepted for public key authentication |
1389 | as a comma-separated pattern list. | 1389 | as a list of comma-separated patterns. |
1390 | Alternately if the specified value begins with a | 1390 | Alternately if the specified value begins with a |
1391 | .Sq + | 1391 | .Sq + |
1392 | character, then the specified key types will be appended to the default set | 1392 | character, then the specified key types will be appended to the default set |