import openssh-5.2p1-gsskex-all-20090726.patch

author: Colin Watson <cjwatson@debian.org> 2010-01-01 17:15:23 +0000
committer: Colin Watson <cjwatson@debian.org> 2010-01-01 17:15:23 +0000
commit: 99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (patch)
tree: 1d24ce54c9981ea8cbb4c5a9309964a0e4c4b320 /sshd_config.5
parent: 87552344215a38d3a2b0d4d63dc151e05978bbe1 (diff)
parent: 54af7a4ae8d455791a631bdfaade4b64436ae16a (diff)
1 files changed, 14 insertions, 7 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index e58b7cfc7..a3357d445 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $
-.Dd $Mdocdate: July 2 2008 $
+.Dd $Mdocdate: February 22 2009 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -240,9 +240,9 @@ and
 .Dq cast128-cbc .
 The default is:
 .Bd -literal -offset 3n
-aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
+aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
-arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
+aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
-aes192-ctr,aes256-ctr
+aes256-cbc,arcfour
 .Ed
 .It Cm ClientAliveCountMax
 Sets the number of client alive messages (see below) which may be
@@ -375,7 +375,7 @@ The default is
 .Dq no .
 Note that this option applies to protocol version 2 only.
 .It Cm GSSAPIKeyExchange
-Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange 
+Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
 doesn't rely on ssh keys to verify host identity.
 The default is
 .Dq no .
@@ -403,6 +403,11 @@ Note that this option applies only to protocol version 2 GSSAPI connections,
 and setting it to 
 .Dq no
 may only work with recent Kerberos GSSAPI libraries.
+.It Cm GSSAPIStoreCredentialsOnRekey
+Controls whether the user's GSSAPI credentials should be updated following a 
+successful connection rekeying. This option can be used to accepted renewed 
+or updated credentials from a compatible client. The default is
+.Dq no .
 .It Cm HostbasedAuthentication
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful public key client host authentication is allowed
@@ -616,6 +621,7 @@ Only a subset of keywords may be used on the lines following a
 .Cm Match
 keyword.
 Available keywords are
+.Cm AllowAgentForwarding ,
 .Cm AllowTcpForwarding ,
 .Cm Banner ,
 .Cm ChrootDirectory ,
@@ -628,12 +634,13 @@ Available keywords are
 .Cm MaxAuthTries ,
 .Cm MaxSessions ,
 .Cm PasswordAuthentication ,
+.Cm PermitEmptyPasswords ,
 .Cm PermitOpen ,
 .Cm PermitRootLogin ,
 .Cm RhostsRSAAuthentication ,
 .Cm RSAAuthentication ,
 .Cm X11DisplayOffset ,
-.Cm X11Forwarding ,
+.Cm X11Forwarding
 and
 .Cm X11UseLocalHost .
 .It Cm MaxAuthTries
author	Colin Watson <cjwatson@debian.org>	2010-01-01 17:15:23 +0000
committer	Colin Watson <cjwatson@debian.org>	2010-01-01 17:15:23 +0000
commit	99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (patch)
tree	1d24ce54c9981ea8cbb4c5a9309964a0e4c4b320 /sshd_config.5
parent	87552344215a38d3a2b0d4d63dc151e05978bbe1 (diff)
parent	54af7a4ae8d455791a631bdfaade4b64436ae16a (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index e58b7cfc7..a3357d445 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $	37	.\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $
38	.Dd $Mdocdate: July 2 2008 $	38	.Dd $Mdocdate: February 22 2009 $
39	.Dt SSHD_CONFIG 5	39	.Dt SSHD_CONFIG 5
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -240,9 +240,9 @@ and
240	.Dq cast128-cbc .	240	.Dq cast128-cbc .
241	The default is:	241	The default is:
242	.Bd -literal -offset 3n	242	.Bd -literal -offset 3n
243	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,	243	aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
244	arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,	244	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
245	aes192-ctr,aes256-ctr	245	aes256-cbc,arcfour
246	.Ed	246	.Ed
247	.It Cm ClientAliveCountMax	247	.It Cm ClientAliveCountMax
248	Sets the number of client alive messages (see below) which may be	248	Sets the number of client alive messages (see below) which may be
@@ -375,7 +375,7 @@ The default is
375	.Dq no .	375	.Dq no .
376	Note that this option applies to protocol version 2 only.	376	Note that this option applies to protocol version 2 only.
377	.It Cm GSSAPIKeyExchange	377	.It Cm GSSAPIKeyExchange
378	Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange	378	Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
379	doesn't rely on ssh keys to verify host identity.	379	doesn't rely on ssh keys to verify host identity.
380	The default is	380	The default is
381	.Dq no .	381	.Dq no .
@@ -403,6 +403,11 @@ Note that this option applies only to protocol version 2 GSSAPI connections,
403	and setting it to	403	and setting it to
404	.Dq no	404	.Dq no
405	may only work with recent Kerberos GSSAPI libraries.	405	may only work with recent Kerberos GSSAPI libraries.
		406	.It Cm GSSAPIStoreCredentialsOnRekey
		407	Controls whether the user's GSSAPI credentials should be updated following a
		408	successful connection rekeying. This option can be used to accepted renewed
		409	or updated credentials from a compatible client. The default is
		410	.Dq no .
406	.It Cm HostbasedAuthentication	411	.It Cm HostbasedAuthentication
407	Specifies whether rhosts or /etc/hosts.equiv authentication together	412	Specifies whether rhosts or /etc/hosts.equiv authentication together
408	with successful public key client host authentication is allowed	413	with successful public key client host authentication is allowed
@@ -616,6 +621,7 @@ Only a subset of keywords may be used on the lines following a
616	.Cm Match	621	.Cm Match
617	keyword.	622	keyword.
618	Available keywords are	623	Available keywords are
		624	.Cm AllowAgentForwarding ,
619	.Cm AllowTcpForwarding ,	625	.Cm AllowTcpForwarding ,
620	.Cm Banner ,	626	.Cm Banner ,
621	.Cm ChrootDirectory ,	627	.Cm ChrootDirectory ,
@@ -628,12 +634,13 @@ Available keywords are
628	.Cm MaxAuthTries ,	634	.Cm MaxAuthTries ,
629	.Cm MaxSessions ,	635	.Cm MaxSessions ,
630	.Cm PasswordAuthentication ,	636	.Cm PasswordAuthentication ,
		637	.Cm PermitEmptyPasswords ,
631	.Cm PermitOpen ,	638	.Cm PermitOpen ,
632	.Cm PermitRootLogin ,	639	.Cm PermitRootLogin ,
633	.Cm RhostsRSAAuthentication ,	640	.Cm RhostsRSAAuthentication ,
634	.Cm RSAAuthentication ,	641	.Cm RSAAuthentication ,
635	.Cm X11DisplayOffset ,	642	.Cm X11DisplayOffset ,
636	.Cm X11Forwarding ,	643	.Cm X11Forwarding
637	and	644	and
638	.Cm X11UseLocalHost .	645	.Cm X11UseLocalHost .
639	.It Cm MaxAuthTries	646	.It Cm MaxAuthTries