diff options
-rw-r--r-- | readconf.c | 27 | ||||
-rw-r--r-- | readconf.h | 7 | ||||
-rw-r--r-- | ssh.1 | 57 | ||||
-rw-r--r-- | ssh_config | 4 | ||||
-rw-r--r-- | ssh_config.5 | 77 |
5 files changed, 12 insertions, 160 deletions
diff --git a/readconf.c b/readconf.c index 5a7197c14..aee5a8a79 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.274 2017/04/30 23:15:04 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.275 2017/04/30 23:18:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -951,14 +951,6 @@ parse_time: | |||
951 | intptr = &options->pubkey_authentication; | 951 | intptr = &options->pubkey_authentication; |
952 | goto parse_flag; | 952 | goto parse_flag; |
953 | 953 | ||
954 | case oRSAAuthentication: | ||
955 | intptr = &options->rsa_authentication; | ||
956 | goto parse_flag; | ||
957 | |||
958 | case oRhostsRSAAuthentication: | ||
959 | intptr = &options->rhosts_rsa_authentication; | ||
960 | goto parse_flag; | ||
961 | |||
962 | case oHostbasedAuthentication: | 954 | case oHostbasedAuthentication: |
963 | intptr = &options->hostbased_authentication; | 955 | intptr = &options->hostbased_authentication; |
964 | goto parse_flag; | 956 | goto parse_flag; |
@@ -1009,10 +1001,6 @@ parse_time: | |||
1009 | intptr = &options->number_of_password_prompts; | 1001 | intptr = &options->number_of_password_prompts; |
1010 | goto parse_int; | 1002 | goto parse_int; |
1011 | 1003 | ||
1012 | case oCompressionLevel: | ||
1013 | intptr = &options->compression_level; | ||
1014 | goto parse_int; | ||
1015 | |||
1016 | case oRekeyLimit: | 1004 | case oRekeyLimit: |
1017 | arg = strdelim(&s); | 1005 | arg = strdelim(&s); |
1018 | if (!arg || *arg == '\0') | 1006 | if (!arg || *arg == '\0') |
@@ -1777,7 +1765,6 @@ initialize_options(Options * options) | |||
1777 | options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; | 1765 | options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
1778 | options->fwd_opts.streamlocal_bind_unlink = -1; | 1766 | options->fwd_opts.streamlocal_bind_unlink = -1; |
1779 | options->use_privileged_port = -1; | 1767 | options->use_privileged_port = -1; |
1780 | options->rsa_authentication = -1; | ||
1781 | options->pubkey_authentication = -1; | 1768 | options->pubkey_authentication = -1; |
1782 | options->challenge_response_authentication = -1; | 1769 | options->challenge_response_authentication = -1; |
1783 | options->gss_authentication = -1; | 1770 | options->gss_authentication = -1; |
@@ -1785,14 +1772,12 @@ initialize_options(Options * options) | |||
1785 | options->password_authentication = -1; | 1772 | options->password_authentication = -1; |
1786 | options->kbd_interactive_authentication = -1; | 1773 | options->kbd_interactive_authentication = -1; |
1787 | options->kbd_interactive_devices = NULL; | 1774 | options->kbd_interactive_devices = NULL; |
1788 | options->rhosts_rsa_authentication = -1; | ||
1789 | options->hostbased_authentication = -1; | 1775 | options->hostbased_authentication = -1; |
1790 | options->batch_mode = -1; | 1776 | options->batch_mode = -1; |
1791 | options->check_host_ip = -1; | 1777 | options->check_host_ip = -1; |
1792 | options->strict_host_key_checking = -1; | 1778 | options->strict_host_key_checking = -1; |
1793 | options->compression = -1; | 1779 | options->compression = -1; |
1794 | options->tcp_keep_alive = -1; | 1780 | options->tcp_keep_alive = -1; |
1795 | options->compression_level = -1; | ||
1796 | options->port = -1; | 1781 | options->port = -1; |
1797 | options->address_family = -1; | 1782 | options->address_family = -1; |
1798 | options->connection_attempts = -1; | 1783 | options->connection_attempts = -1; |
@@ -1916,8 +1901,6 @@ fill_default_options(Options * options) | |||
1916 | options->fwd_opts.streamlocal_bind_unlink = 0; | 1901 | options->fwd_opts.streamlocal_bind_unlink = 0; |
1917 | if (options->use_privileged_port == -1) | 1902 | if (options->use_privileged_port == -1) |
1918 | options->use_privileged_port = 0; | 1903 | options->use_privileged_port = 0; |
1919 | if (options->rsa_authentication == -1) | ||
1920 | options->rsa_authentication = 1; | ||
1921 | if (options->pubkey_authentication == -1) | 1904 | if (options->pubkey_authentication == -1) |
1922 | options->pubkey_authentication = 1; | 1905 | options->pubkey_authentication = 1; |
1923 | if (options->challenge_response_authentication == -1) | 1906 | if (options->challenge_response_authentication == -1) |
@@ -1930,8 +1913,6 @@ fill_default_options(Options * options) | |||
1930 | options->password_authentication = 1; | 1913 | options->password_authentication = 1; |
1931 | if (options->kbd_interactive_authentication == -1) | 1914 | if (options->kbd_interactive_authentication == -1) |
1932 | options->kbd_interactive_authentication = 1; | 1915 | options->kbd_interactive_authentication = 1; |
1933 | if (options->rhosts_rsa_authentication == -1) | ||
1934 | options->rhosts_rsa_authentication = 0; | ||
1935 | if (options->hostbased_authentication == -1) | 1916 | if (options->hostbased_authentication == -1) |
1936 | options->hostbased_authentication = 0; | 1917 | options->hostbased_authentication = 0; |
1937 | if (options->batch_mode == -1) | 1918 | if (options->batch_mode == -1) |
@@ -1944,8 +1925,6 @@ fill_default_options(Options * options) | |||
1944 | options->compression = 0; | 1925 | options->compression = 0; |
1945 | if (options->tcp_keep_alive == -1) | 1926 | if (options->tcp_keep_alive == -1) |
1946 | options->tcp_keep_alive = 1; | 1927 | options->tcp_keep_alive = 1; |
1947 | if (options->compression_level == -1) | ||
1948 | options->compression_level = 6; | ||
1949 | if (options->port == -1) | 1928 | if (options->port == -1) |
1950 | options->port = 0; /* Filled in ssh_connect. */ | 1929 | options->port = 0; /* Filled in ssh_connect. */ |
1951 | if (options->address_family == -1) | 1930 | if (options->address_family == -1) |
@@ -2502,10 +2481,6 @@ dump_client_config(Options *o, const char *host) | |||
2502 | dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); | 2481 | dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); |
2503 | dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); | 2482 | dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); |
2504 | dump_cfg_fmtint(oRequestTTY, o->request_tty); | 2483 | dump_cfg_fmtint(oRequestTTY, o->request_tty); |
2505 | #ifdef WITH_RSA1 | ||
2506 | dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication); | ||
2507 | dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication); | ||
2508 | #endif | ||
2509 | dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); | 2484 | dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); |
2510 | dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); | 2485 | dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); |
2511 | dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); | 2486 | dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); |
diff --git a/readconf.h b/readconf.h index c2ffd9ed4..f47f53402 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.h,v 1.120 2017/04/30 23:15:04 djm Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.121 2017/04/30 23:18:22 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -37,9 +37,6 @@ typedef struct { | |||
37 | char *xauth_location; /* Location for xauth program */ | 37 | char *xauth_location; /* Location for xauth program */ |
38 | struct ForwardOptions fwd_opts; /* forwarding options */ | 38 | struct ForwardOptions fwd_opts; /* forwarding options */ |
39 | int use_privileged_port; /* Don't use privileged port if false. */ | 39 | int use_privileged_port; /* Don't use privileged port if false. */ |
40 | int rhosts_rsa_authentication; /* Try rhosts with RSA | ||
41 | * authentication. */ | ||
42 | int rsa_authentication; /* Try RSA authentication. */ | ||
43 | int pubkey_authentication; /* Try ssh2 pubkey authentication. */ | 40 | int pubkey_authentication; /* Try ssh2 pubkey authentication. */ |
44 | int hostbased_authentication; /* ssh2's rhosts_rsa */ | 41 | int hostbased_authentication; /* ssh2's rhosts_rsa */ |
45 | int challenge_response_authentication; | 42 | int challenge_response_authentication; |
@@ -54,8 +51,6 @@ typedef struct { | |||
54 | int check_host_ip; /* Also keep track of keys for IP address */ | 51 | int check_host_ip; /* Also keep track of keys for IP address */ |
55 | int strict_host_key_checking; /* Strict host key checking. */ | 52 | int strict_host_key_checking; /* Strict host key checking. */ |
56 | int compression; /* Compress packets in both directions. */ | 53 | int compression; /* Compress packets in both directions. */ |
57 | int compression_level; /* Compression level 1 (fast) to 9 | ||
58 | * (best). */ | ||
59 | int tcp_keep_alive; /* Set SO_KEEPALIVE. */ | 54 | int tcp_keep_alive; /* Set SO_KEEPALIVE. */ |
60 | int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ | 55 | int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ |
61 | int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ | 56 | int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.376 2016/07/16 06:57:55 jmc Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.377 2017/04/30 23:18:22 djm Exp $ |
37 | .Dd $Mdocdate: July 16 2016 $ | 37 | .Dd $Mdocdate: April 30 2017 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -43,7 +43,7 @@ | |||
43 | .Sh SYNOPSIS | 43 | .Sh SYNOPSIS |
44 | .Nm ssh | 44 | .Nm ssh |
45 | .Bk -words | 45 | .Bk -words |
46 | .Op Fl 1246AaCfGgKkMNnqsTtVvXxYy | 46 | .Op Fl 46AaCfGgKkMNnqsTtVvXxYy |
47 | .Op Fl b Ar bind_address | 47 | .Op Fl b Ar bind_address |
48 | .Op Fl c Ar cipher_spec | 48 | .Op Fl c Ar cipher_spec |
49 | .Op Fl D Oo Ar bind_address : Oc Ns Ar port | 49 | .Op Fl D Oo Ar bind_address : Oc Ns Ar port |
@@ -95,16 +95,6 @@ it is executed on the remote host instead of a login shell. | |||
95 | The options are as follows: | 95 | The options are as follows: |
96 | .Pp | 96 | .Pp |
97 | .Bl -tag -width Ds -compact | 97 | .Bl -tag -width Ds -compact |
98 | .It Fl 1 | ||
99 | Forces | ||
100 | .Nm | ||
101 | to try protocol version 1 only. | ||
102 | .Pp | ||
103 | .It Fl 2 | ||
104 | Forces | ||
105 | .Nm | ||
106 | to try protocol version 2 only. | ||
107 | .Pp | ||
108 | .It Fl 4 | 98 | .It Fl 4 |
109 | Forces | 99 | Forces |
110 | .Nm | 100 | .Nm |
@@ -144,12 +134,7 @@ data for forwarded X11, TCP and | |||
144 | .Ux Ns -domain | 134 | .Ux Ns -domain |
145 | connections). | 135 | connections). |
146 | The compression algorithm is the same used by | 136 | The compression algorithm is the same used by |
147 | .Xr gzip 1 , | 137 | .Xr gzip 1 . |
148 | and the | ||
149 | .Dq level | ||
150 | can be controlled by the | ||
151 | .Cm CompressionLevel | ||
152 | option for protocol version 1. | ||
153 | Compression is desirable on modem lines and other | 138 | Compression is desirable on modem lines and other |
154 | slow connections, but will only slow down things on fast networks. | 139 | slow connections, but will only slow down things on fast networks. |
155 | The default value can be set on a host-by-host basis in the | 140 | The default value can be set on a host-by-host basis in the |
@@ -159,14 +144,6 @@ option. | |||
159 | .Pp | 144 | .Pp |
160 | .It Fl c Ar cipher_spec | 145 | .It Fl c Ar cipher_spec |
161 | Selects the cipher specification for encrypting the session. | 146 | Selects the cipher specification for encrypting the session. |
162 | .Pp | ||
163 | Protocol version 1 allows specification of a single cipher. | ||
164 | The supported values are | ||
165 | .Dq 3des , | ||
166 | .Dq blowfish , | ||
167 | and | ||
168 | .Dq des . | ||
169 | For protocol version 2, | ||
170 | .Ar cipher_spec | 147 | .Ar cipher_spec |
171 | is a comma-separated list of ciphers | 148 | is a comma-separated list of ciphers |
172 | listed in order of preference. | 149 | listed in order of preference. |
@@ -290,8 +267,6 @@ private RSA key. | |||
290 | Selects a file from which the identity (private key) for | 267 | Selects a file from which the identity (private key) for |
291 | public key authentication is read. | 268 | public key authentication is read. |
292 | The default is | 269 | The default is |
293 | .Pa ~/.ssh/identity | ||
294 | for protocol version 1, and | ||
295 | .Pa ~/.ssh/id_dsa , | 270 | .Pa ~/.ssh/id_dsa , |
296 | .Pa ~/.ssh/id_ecdsa , | 271 | .Pa ~/.ssh/id_ecdsa , |
297 | .Pa ~/.ssh/id_ed25519 | 272 | .Pa ~/.ssh/id_ed25519 |
@@ -495,7 +470,6 @@ For full details of the options listed below, and their possible values, see | |||
495 | .It Ciphers | 470 | .It Ciphers |
496 | .It ClearAllForwardings | 471 | .It ClearAllForwardings |
497 | .It Compression | 472 | .It Compression |
498 | .It CompressionLevel | ||
499 | .It ConnectionAttempts | 473 | .It ConnectionAttempts |
500 | .It ConnectTimeout | 474 | .It ConnectTimeout |
501 | .It ControlMaster | 475 | .It ControlMaster |
@@ -540,7 +514,6 @@ For full details of the options listed below, and their possible values, see | |||
540 | .It PKCS11Provider | 514 | .It PKCS11Provider |
541 | .It Port | 515 | .It Port |
542 | .It PreferredAuthentications | 516 | .It PreferredAuthentications |
543 | .It Protocol | ||
544 | .It ProxyCommand | 517 | .It ProxyCommand |
545 | .It ProxyJump | 518 | .It ProxyJump |
546 | .It ProxyUseFdpass | 519 | .It ProxyUseFdpass |
@@ -549,8 +522,6 @@ For full details of the options listed below, and their possible values, see | |||
549 | .It RekeyLimit | 522 | .It RekeyLimit |
550 | .It RemoteForward | 523 | .It RemoteForward |
551 | .It RequestTTY | 524 | .It RequestTTY |
552 | .It RhostsRSAAuthentication | ||
553 | .It RSAAuthentication | ||
554 | .It SendEnv | 525 | .It SendEnv |
555 | .It ServerAliveInterval | 526 | .It ServerAliveInterval |
556 | .It ServerAliveCountMax | 527 | .It ServerAliveCountMax |
@@ -806,21 +777,7 @@ a per-user configuration file and a system-wide configuration file. | |||
806 | The file format and configuration options are described in | 777 | The file format and configuration options are described in |
807 | .Xr ssh_config 5 . | 778 | .Xr ssh_config 5 . |
808 | .Sh AUTHENTICATION | 779 | .Sh AUTHENTICATION |
809 | The OpenSSH SSH client supports SSH protocols 1 and 2. | 780 | The OpenSSH SSH client supports SSH protocol 2. |
810 | The default is to use protocol 2 only, | ||
811 | though this can be changed via the | ||
812 | .Cm Protocol | ||
813 | option in | ||
814 | .Xr ssh_config 5 | ||
815 | or the | ||
816 | .Fl 1 | ||
817 | and | ||
818 | .Fl 2 | ||
819 | options (see above). | ||
820 | Protocol 1 should not be used | ||
821 | and is only offered to support legacy devices. | ||
822 | It suffers from a number of cryptographic weaknesses | ||
823 | and doesn't support many of the advanced features available for protocol 2. | ||
824 | .Pp | 781 | .Pp |
825 | The methods available for authentication are: | 782 | The methods available for authentication are: |
826 | GSSAPI-based authentication, | 783 | GSSAPI-based authentication, |
@@ -893,8 +850,6 @@ is authorized to accept the account. | |||
893 | The user creates his/her key pair by running | 850 | The user creates his/her key pair by running |
894 | .Xr ssh-keygen 1 . | 851 | .Xr ssh-keygen 1 . |
895 | This stores the private key in | 852 | This stores the private key in |
896 | .Pa ~/.ssh/identity | ||
897 | (protocol 1), | ||
898 | .Pa ~/.ssh/id_dsa | 853 | .Pa ~/.ssh/id_dsa |
899 | (DSA), | 854 | (DSA), |
900 | .Pa ~/.ssh/id_ecdsa | 855 | .Pa ~/.ssh/id_ecdsa |
@@ -905,8 +860,6 @@ or | |||
905 | .Pa ~/.ssh/id_rsa | 860 | .Pa ~/.ssh/id_rsa |
906 | (RSA) | 861 | (RSA) |
907 | and stores the public key in | 862 | and stores the public key in |
908 | .Pa ~/.ssh/identity.pub | ||
909 | (protocol 1), | ||
910 | .Pa ~/.ssh/id_dsa.pub | 863 | .Pa ~/.ssh/id_dsa.pub |
911 | (DSA), | 864 | (DSA), |
912 | .Pa ~/.ssh/id_ecdsa.pub | 865 | .Pa ~/.ssh/id_ecdsa.pub |
diff --git a/ssh_config b/ssh_config index 90fb63f0b..b986d52ce 100644 --- a/ssh_config +++ b/ssh_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $ | 1 | # $OpenBSD: ssh_config,v 1.31 2017/04/30 23:18:22 djm Exp $ |
2 | 2 | ||
3 | # This is the ssh client system-wide configuration file. See | 3 | # This is the ssh client system-wide configuration file. See |
4 | # ssh_config(5) for more information. This file provides defaults for | 4 | # ssh_config(5) for more information. This file provides defaults for |
@@ -20,8 +20,6 @@ | |||
20 | # Host * | 20 | # Host * |
21 | # ForwardAgent no | 21 | # ForwardAgent no |
22 | # ForwardX11 no | 22 | # ForwardX11 no |
23 | # RhostsRSAAuthentication no | ||
24 | # RSAAuthentication yes | ||
25 | # PasswordAuthentication yes | 23 | # PasswordAuthentication yes |
26 | # HostbasedAuthentication no | 24 | # HostbasedAuthentication no |
27 | # GSSAPIAuthentication no | 25 | # GSSAPIAuthentication no |
diff --git a/ssh_config.5 b/ssh_config.5 index c9dca08d8..a565f330d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.244 2017/04/28 06:15:03 jmc Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.245 2017/04/30 23:18:22 djm Exp $ |
37 | .Dd $Mdocdate: April 28 2017 $ | 37 | .Dd $Mdocdate: April 30 2017 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -391,25 +391,8 @@ in the process, regardless of the setting of | |||
391 | If the option is set to | 391 | If the option is set to |
392 | .Cm no , | 392 | .Cm no , |
393 | the check will not be executed. | 393 | the check will not be executed. |
394 | .It Cm Cipher | ||
395 | Specifies the cipher to use for encrypting the session | ||
396 | in protocol version 1. | ||
397 | Currently, | ||
398 | .Cm blowfish , | ||
399 | .Cm 3des | ||
400 | (the default), | ||
401 | and | ||
402 | .Cm des | ||
403 | are supported, | ||
404 | though | ||
405 | .Cm des | ||
406 | is only supported in the | ||
407 | .Xr ssh 1 | ||
408 | client for interoperability with legacy protocol 1 implementations; | ||
409 | its use is strongly discouraged due to cryptographic weaknesses. | ||
410 | .It Cm Ciphers | 394 | .It Cm Ciphers |
411 | Specifies the ciphers allowed for protocol version 2 | 395 | Specifies the ciphers allowed and their order of preference. |
412 | in order of preference. | ||
413 | Multiple ciphers must be comma-separated. | 396 | Multiple ciphers must be comma-separated. |
414 | If the specified value begins with a | 397 | If the specified value begins with a |
415 | .Sq + | 398 | .Sq + |
@@ -472,18 +455,6 @@ The argument must be | |||
472 | or | 455 | or |
473 | .Cm no | 456 | .Cm no |
474 | (the default). | 457 | (the default). |
475 | .It Cm CompressionLevel | ||
476 | Specifies the compression level to use if compression is enabled. | ||
477 | The argument must be an integer from 1 (fast) to 9 (slow, best). | ||
478 | The default level is 6, which is good for most applications. | ||
479 | The meaning of the values is the same as in | ||
480 | .Xr gzip 1 . | ||
481 | Note that this option applies to protocol version 1 only. | ||
482 | .It Cm ConnectionAttempts | ||
483 | Specifies the number of tries (one per second) to make before exiting. | ||
484 | The argument must be an integer. | ||
485 | This may be useful in scripts if the connection sometimes fails. | ||
486 | The default is 1. | ||
487 | .It Cm ConnectTimeout | 458 | .It Cm ConnectTimeout |
488 | Specifies the timeout (in seconds) used when connecting to the | 459 | Specifies the timeout (in seconds) used when connecting to the |
489 | SSH server, instead of using the default system TCP timeout. | 460 | SSH server, instead of using the default system TCP timeout. |
@@ -902,14 +873,11 @@ section. | |||
902 | Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication | 873 | Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication |
903 | identity is read. | 874 | identity is read. |
904 | The default is | 875 | The default is |
905 | .Pa ~/.ssh/identity | ||
906 | for protocol version 1, and | ||
907 | .Pa ~/.ssh/id_dsa , | 876 | .Pa ~/.ssh/id_dsa , |
908 | .Pa ~/.ssh/id_ecdsa , | 877 | .Pa ~/.ssh/id_ecdsa , |
909 | .Pa ~/.ssh/id_ed25519 | 878 | .Pa ~/.ssh/id_ed25519 |
910 | and | 879 | and |
911 | .Pa ~/.ssh/id_rsa | 880 | .Pa ~/.ssh/id_rsa . |
912 | for protocol version 2. | ||
913 | Additionally, any identities represented by the authentication agent | 881 | Additionally, any identities represented by the authentication agent |
914 | will be used for authentication unless | 882 | will be used for authentication unless |
915 | .Cm IdentitiesOnly | 883 | .Cm IdentitiesOnly |
@@ -1192,21 +1160,6 @@ The default is: | |||
1192 | gssapi-with-mic,hostbased,publickey, | 1160 | gssapi-with-mic,hostbased,publickey, |
1193 | keyboard-interactive,password | 1161 | keyboard-interactive,password |
1194 | .Ed | 1162 | .Ed |
1195 | .It Cm Protocol | ||
1196 | Specifies the protocol versions | ||
1197 | .Xr ssh 1 | ||
1198 | should support in order of preference. | ||
1199 | The possible values are 1 and 2. | ||
1200 | Multiple versions must be comma-separated. | ||
1201 | When this option is set to | ||
1202 | .Cm 2,1 | ||
1203 | .Nm ssh | ||
1204 | will try version 2 and fall back to version 1 | ||
1205 | if version 2 is not available. | ||
1206 | The default is version 2. | ||
1207 | Protocol 1 suffers from a number of cryptographic weaknesses and should | ||
1208 | not be used. | ||
1209 | It is only offered to support legacy devices. | ||
1210 | .It Cm ProxyCommand | 1163 | .It Cm ProxyCommand |
1211 | Specifies the command to use to connect to the server. | 1164 | Specifies the command to use to connect to the server. |
1212 | The command | 1165 | The command |
@@ -1397,28 +1350,6 @@ an OpenSSH Key Revocation List (KRL) as generated by | |||
1397 | .Xr ssh-keygen 1 . | 1350 | .Xr ssh-keygen 1 . |
1398 | For more information on KRLs, see the KEY REVOCATION LISTS section in | 1351 | For more information on KRLs, see the KEY REVOCATION LISTS section in |
1399 | .Xr ssh-keygen 1 . | 1352 | .Xr ssh-keygen 1 . |
1400 | .It Cm RhostsRSAAuthentication | ||
1401 | Specifies whether to try rhosts based authentication with RSA host | ||
1402 | authentication. | ||
1403 | The argument must be | ||
1404 | .Cm yes | ||
1405 | or | ||
1406 | .Cm no | ||
1407 | (the default). | ||
1408 | This option applies to protocol version 1 only and requires | ||
1409 | .Xr ssh 1 | ||
1410 | to be setuid root. | ||
1411 | .It Cm RSAAuthentication | ||
1412 | Specifies whether to try RSA authentication. | ||
1413 | The argument to this keyword must be | ||
1414 | .Cm yes | ||
1415 | (the default) | ||
1416 | or | ||
1417 | .Cm no . | ||
1418 | RSA authentication will only be | ||
1419 | attempted if the identity file exists, or an authentication agent is | ||
1420 | running. | ||
1421 | Note that this option applies to protocol version 1 only. | ||
1422 | .It Cm SendEnv | 1353 | .It Cm SendEnv |
1423 | Specifies what variables from the local | 1354 | Specifies what variables from the local |
1424 | .Xr environ 7 | 1355 | .Xr environ 7 |