Import openssh_6.5p1.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2014-02-10 00:18:28 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-10 00:18:28 +0000
commit: 9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch)
tree: 764a885ec9a963f6a8b15de6e1765f16b9ac4738 /sshd_config.5
parent: ee196dab7c5f97f0b80c8099343a375bead92010 (diff)
parent: cdb6c90811caa5df2df856be9b0b16db020fe31d (diff)
1 files changed, 35 insertions, 14 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 3abac6c10..3b21ea6e7 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.170 2013/12/08 09:53:27 dtucker Exp $
-.Dd $Mdocdate: July 19 2013 $
+.Dd $Mdocdate: December 8 2013 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -335,7 +335,8 @@ The default is not to
 .It Cm Ciphers
 Specifies the ciphers allowed for protocol version 2.
 Multiple ciphers must be comma-separated.
-The supported ciphers are
+The supported ciphers are:
+.Pp
 .Dq 3des-cbc ,
 .Dq aes128-cbc ,
 .Dq aes192-cbc ,
@@ -349,15 +350,23 @@ The supported ciphers are
 .Dq arcfour256 ,
 .Dq arcfour ,
 .Dq blowfish-cbc ,
+.Dq cast128-cbc ,
 and
-.Dq cast128-cbc .
+.Dq chacha20-poly1305@openssh.com .
+.Pp
 The default is:
 .Bd -literal -offset 3n
 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
 aes128-gcm@openssh.com,aes256-gcm@openssh.com,
+chacha20-poly1305@openssh.com,
 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
 aes256-cbc,arcfour
 .Ed
+.Pp
+The list of available ciphers may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1 .
 .It Cm ClientAliveCountMax
 Sets the number of client alive messages (see below) which may be
 sent without
@@ -531,7 +540,8 @@ The default is
 .Pa /etc/ssh/ssh_host_key
 for protocol version 1, and
 .Pa /etc/ssh/ssh_host_dsa_key ,
-.Pa /etc/ssh/ssh_host_ecdsa_key
+.Pa /etc/ssh/ssh_host_ecdsa_key ,
+.Pa /etc/ssh/ssh_host_ed25519_key
 and
 .Pa /etc/ssh/ssh_host_rsa_key
 for protocol version 2.
@@ -542,7 +552,8 @@ It is possible to have multiple host key files.
 .Dq rsa1
 keys are used for version 1 and
 .Dq dsa ,
-.Dq ecdsa
+.Dq ecdsa ,
+.Dq ed25519
 or
 .Dq rsa
 are used for version 2 of the SSH protocol.
@@ -651,13 +662,14 @@ The default is
 Specifies the available KEX (Key Exchange) algorithms.
 Multiple algorithms must be comma-separated.
 The default is
-.Dq ecdh-sha2-nistp256 ,
+.Bd -literal -offset indent
-.Dq ecdh-sha2-nistp384 ,
+curve25519-sha256@libssh.org,
-.Dq ecdh-sha2-nistp521 ,
+ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
-.Dq diffie-hellman-group-exchange-sha256 ,
+diffie-hellman-group-exchange-sha256,
-.Dq diffie-hellman-group-exchange-sha1 ,
+diffie-hellman-group-exchange-sha1,
-.Dq diffie-hellman-group14-sha1 ,
+diffie-hellman-group14-sha1,
-.Dq diffie-hellman-group1-sha1 .
+diffie-hellman-group1-sha1
+.Ed
 .It Cm KeyRegenerationInterval
 In protocol version 1, the ephemeral server key is automatically regenerated
 after this many seconds (if it has been used).
@@ -750,7 +762,9 @@ line or the end of the file.
 .Pp
 The arguments to
 .Cm Match
-are one or more criteria-pattern pairs.
+are one or more criteria-pattern pairs or the single token
+.Cm All
+which matches all criteria.
 The available criteria are
 .Cm User ,
 .Cm Group ,
@@ -811,6 +825,7 @@ Available keywords are
 .Cm PermitEmptyPasswords ,
 .Cm PermitOpen ,
 .Cm PermitRootLogin ,
+.Cm PermitTTY ,
 .Cm PermitTunnel ,
 .Cm PubkeyAuthentication ,
 .Cm RekeyLimit ,
@@ -940,6 +955,12 @@ and
 .Dq ethernet .
 The default is
 .Dq no .
+.It Cm PermitTTY
+Specifies whether
+.Xr pty 4
+allocation is permitted.
+The default is
+.Dq yes .
 .It Cm PermitUserEnvironment
 Specifies whether
 .Pa ~/.ssh/environment
author	Colin Watson <cjwatson@debian.org>	2014-02-10 00:18:28 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-10 00:18:28 +0000
commit	9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch)
tree	764a885ec9a963f6a8b15de6e1765f16b9ac4738 /sshd_config.5
parent	ee196dab7c5f97f0b80c8099343a375bead92010 (diff)
parent	cdb6c90811caa5df2df856be9b0b16db020fe31d (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index 3abac6c10..3b21ea6e7 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.170 2013/12/08 09:53:27 dtucker Exp $
37	.Dd $Mdocdate: July 19 2013 $	37	.Dd $Mdocdate: December 8 2013 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -335,7 +335,8 @@ The default is not to
335	.It Cm Ciphers	335	.It Cm Ciphers
336	Specifies the ciphers allowed for protocol version 2.	336	Specifies the ciphers allowed for protocol version 2.
337	Multiple ciphers must be comma-separated.	337	Multiple ciphers must be comma-separated.
338	The supported ciphers are	338	The supported ciphers are:
		339	.Pp
339	.Dq 3des-cbc ,	340	.Dq 3des-cbc ,
340	.Dq aes128-cbc ,	341	.Dq aes128-cbc ,
341	.Dq aes192-cbc ,	342	.Dq aes192-cbc ,
@@ -349,15 +350,23 @@ The supported ciphers are
349	.Dq arcfour256 ,	350	.Dq arcfour256 ,
350	.Dq arcfour ,	351	.Dq arcfour ,
351	.Dq blowfish-cbc ,	352	.Dq blowfish-cbc ,
		353	.Dq cast128-cbc ,
352	and	354	and
353	.Dq cast128-cbc .	355	.Dq chacha20-poly1305@openssh.com .
		356	.Pp
354	The default is:	357	The default is:
355	.Bd -literal -offset 3n	358	.Bd -literal -offset 3n
356	aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,	359	aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
357	aes128-gcm@openssh.com,aes256-gcm@openssh.com,	360	aes128-gcm@openssh.com,aes256-gcm@openssh.com,
		361	chacha20-poly1305@openssh.com,
358	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,	362	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
359	aes256-cbc,arcfour	363	aes256-cbc,arcfour
360	.Ed	364	.Ed
		365	.Pp
		366	The list of available ciphers may also be obtained using the
		367	.Fl Q
		368	option of
		369	.Xr ssh 1 .
361	.It Cm ClientAliveCountMax	370	.It Cm ClientAliveCountMax
362	Sets the number of client alive messages (see below) which may be	371	Sets the number of client alive messages (see below) which may be
363	sent without	372	sent without
@@ -531,7 +540,8 @@ The default is
531	.Pa /etc/ssh/ssh_host_key	540	.Pa /etc/ssh/ssh_host_key
532	for protocol version 1, and	541	for protocol version 1, and
533	.Pa /etc/ssh/ssh_host_dsa_key ,	542	.Pa /etc/ssh/ssh_host_dsa_key ,
534	.Pa /etc/ssh/ssh_host_ecdsa_key	543	.Pa /etc/ssh/ssh_host_ecdsa_key ,
		544	.Pa /etc/ssh/ssh_host_ed25519_key
535	and	545	and
536	.Pa /etc/ssh/ssh_host_rsa_key	546	.Pa /etc/ssh/ssh_host_rsa_key
537	for protocol version 2.	547	for protocol version 2.
@@ -542,7 +552,8 @@ It is possible to have multiple host key files.
542	.Dq rsa1	552	.Dq rsa1
543	keys are used for version 1 and	553	keys are used for version 1 and
544	.Dq dsa ,	554	.Dq dsa ,
545	.Dq ecdsa	555	.Dq ecdsa ,
		556	.Dq ed25519
546	or	557	or
547	.Dq rsa	558	.Dq rsa
548	are used for version 2 of the SSH protocol.	559	are used for version 2 of the SSH protocol.
@@ -651,13 +662,14 @@ The default is
651	Specifies the available KEX (Key Exchange) algorithms.	662	Specifies the available KEX (Key Exchange) algorithms.
652	Multiple algorithms must be comma-separated.	663	Multiple algorithms must be comma-separated.
653	The default is	664	The default is
654	.Dq ecdh-sha2-nistp256 ,	665	.Bd -literal -offset indent
655	.Dq ecdh-sha2-nistp384 ,	666	curve25519-sha256@libssh.org,
656	.Dq ecdh-sha2-nistp521 ,	667	ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
657	.Dq diffie-hellman-group-exchange-sha256 ,	668	diffie-hellman-group-exchange-sha256,
658	.Dq diffie-hellman-group-exchange-sha1 ,	669	diffie-hellman-group-exchange-sha1,
659	.Dq diffie-hellman-group14-sha1 ,	670	diffie-hellman-group14-sha1,
660	.Dq diffie-hellman-group1-sha1 .	671	diffie-hellman-group1-sha1
		672	.Ed
661	.It Cm KeyRegenerationInterval	673	.It Cm KeyRegenerationInterval
662	In protocol version 1, the ephemeral server key is automatically regenerated	674	In protocol version 1, the ephemeral server key is automatically regenerated
663	after this many seconds (if it has been used).	675	after this many seconds (if it has been used).
@@ -750,7 +762,9 @@ line or the end of the file.
750	.Pp	762	.Pp
751	The arguments to	763	The arguments to
752	.Cm Match	764	.Cm Match
753	are one or more criteria-pattern pairs.	765	are one or more criteria-pattern pairs or the single token
		766	.Cm All
		767	which matches all criteria.
754	The available criteria are	768	The available criteria are
755	.Cm User ,	769	.Cm User ,
756	.Cm Group ,	770	.Cm Group ,
@@ -811,6 +825,7 @@ Available keywords are
811	.Cm PermitEmptyPasswords ,	825	.Cm PermitEmptyPasswords ,
812	.Cm PermitOpen ,	826	.Cm PermitOpen ,
813	.Cm PermitRootLogin ,	827	.Cm PermitRootLogin ,
		828	.Cm PermitTTY ,
814	.Cm PermitTunnel ,	829	.Cm PermitTunnel ,
815	.Cm PubkeyAuthentication ,	830	.Cm PubkeyAuthentication ,
816	.Cm RekeyLimit ,	831	.Cm RekeyLimit ,
@@ -940,6 +955,12 @@ and
940	.Dq ethernet .	955	.Dq ethernet .
941	The default is	956	The default is
942	.Dq no .	957	.Dq no .
		958	.It Cm PermitTTY
		959	Specifies whether
		960	.Xr pty 4
		961	allocation is permitted.
		962	The default is
		963	.Dq yes .
943	.It Cm PermitUserEnvironment	964	.It Cm PermitUserEnvironment
944	Specifies whether	965	Specifies whether
945	.Pa ~/.ssh/environment	966	.Pa ~/.ssh/environment