diff options
-rw-r--r-- | ssh.1 | 12 | ||||
-rw-r--r-- | ssh.c | 19 | ||||
-rw-r--r-- | ssh_config.5 | 8 | ||||
-rw-r--r-- | sshd_config.5 | 12 |
4 files changed, 34 insertions, 17 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.409 2019/12/21 20:22:34 naddy Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.410 2020/02/07 03:54:44 dtucker Exp $ |
37 | .Dd $Mdocdate: December 21 2019 $ | 37 | .Dd $Mdocdate: February 7 2020 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -585,10 +585,18 @@ flag), | |||
585 | (certificate key types), | 585 | (certificate key types), |
586 | .Ar key-plain | 586 | .Ar key-plain |
587 | (non-certificate key types), | 587 | (non-certificate key types), |
588 | .Ar key-sig | ||
589 | (all key types and signature algorithms), | ||
588 | .Ar protocol-version | 590 | .Ar protocol-version |
589 | (supported SSH protocol versions), and | 591 | (supported SSH protocol versions), and |
590 | .Ar sig | 592 | .Ar sig |
591 | (supported signature algorithms). | 593 | (supported signature algorithms). |
594 | Alternatively, any keyword from | ||
595 | .Xr ssh_config 5 | ||
596 | or | ||
597 | .Xr sshd_config 5 | ||
598 | that takes an algorithm list may be used as an alias for the corresponding | ||
599 | query_option. | ||
592 | .Pp | 600 | .Pp |
593 | .It Fl q | 601 | .It Fl q |
594 | Quiet mode. | 602 | Quiet mode. |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.518 2020/02/06 22:30:54 naddy Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.519 2020/02/07 03:54:44 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -736,13 +736,16 @@ main(int ac, char **av) | |||
736 | break; | 736 | break; |
737 | case 'Q': | 737 | case 'Q': |
738 | cp = NULL; | 738 | cp = NULL; |
739 | if (strcmp(optarg, "cipher") == 0) | 739 | if (strcmp(optarg, "cipher") == 0 || |
740 | strcasecmp(optarg, "Ciphers") == 0) | ||
740 | cp = cipher_alg_list('\n', 0); | 741 | cp = cipher_alg_list('\n', 0); |
741 | else if (strcmp(optarg, "cipher-auth") == 0) | 742 | else if (strcmp(optarg, "cipher-auth") == 0) |
742 | cp = cipher_alg_list('\n', 1); | 743 | cp = cipher_alg_list('\n', 1); |
743 | else if (strcmp(optarg, "mac") == 0) | 744 | else if (strcmp(optarg, "mac") == 0 || |
745 | strcasecmp(optarg, "MACs") == 0) | ||
744 | cp = mac_alg_list('\n'); | 746 | cp = mac_alg_list('\n'); |
745 | else if (strcmp(optarg, "kex") == 0) | 747 | else if (strcmp(optarg, "kex") == 0 || |
748 | strcasecmp(optarg, "KexAlgorithms") == 0) | ||
746 | cp = kex_alg_list('\n'); | 749 | cp = kex_alg_list('\n'); |
747 | else if (strcmp(optarg, "key") == 0) | 750 | else if (strcmp(optarg, "key") == 0) |
748 | cp = sshkey_alg_list(0, 0, 0, '\n'); | 751 | cp = sshkey_alg_list(0, 0, 0, '\n'); |
@@ -750,6 +753,12 @@ main(int ac, char **av) | |||
750 | cp = sshkey_alg_list(1, 0, 0, '\n'); | 753 | cp = sshkey_alg_list(1, 0, 0, '\n'); |
751 | else if (strcmp(optarg, "key-plain") == 0) | 754 | else if (strcmp(optarg, "key-plain") == 0) |
752 | cp = sshkey_alg_list(0, 1, 0, '\n'); | 755 | cp = sshkey_alg_list(0, 1, 0, '\n'); |
756 | else if (strcmp(optarg, "key-sig") == 0 || | ||
757 | strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || | ||
758 | strcasecmp(optarg, "HostKeyAlgorithms") == 0 || | ||
759 | strcasecmp(optarg, "HostbasedKeyTypes") == 0 || | ||
760 | strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0) | ||
761 | cp = sshkey_alg_list(0, 0, 1, '\n'); | ||
753 | else if (strcmp(optarg, "sig") == 0) | 762 | else if (strcmp(optarg, "sig") == 0) |
754 | cp = sshkey_alg_list(0, 1, 1, '\n'); | 763 | cp = sshkey_alg_list(0, 1, 1, '\n'); |
755 | else if (strcmp(optarg, "protocol-version") == 0) | 764 | else if (strcmp(optarg, "protocol-version") == 0) |
@@ -763,7 +772,7 @@ main(int ac, char **av) | |||
763 | } else if (strcmp(optarg, "help") == 0) { | 772 | } else if (strcmp(optarg, "help") == 0) { |
764 | cp = xstrdup( | 773 | cp = xstrdup( |
765 | "cipher\ncipher-auth\ncompression\nkex\n" | 774 | "cipher\ncipher-auth\ncompression\nkex\n" |
766 | "key\nkey-cert\nkey-plain\nmac\n" | 775 | "key\nkey-cert\nkey-plain\nkey-sig\nmac\n" |
767 | "protocol-version\nsig"); | 776 | "protocol-version\nsig"); |
768 | } | 777 | } |
769 | if (cp == NULL) | 778 | if (cp == NULL) |
diff --git a/ssh_config.5 b/ssh_config.5 index 0a6d80544..06a32d314 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.321 2020/01/31 22:25:59 jmc Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.322 2020/02/07 03:54:44 dtucker Exp $ |
37 | .Dd $Mdocdate: January 31 2020 $ | 37 | .Dd $Mdocdate: February 7 2020 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -868,7 +868,7 @@ If hostkeys are known for the destination host then this default is modified | |||
868 | to prefer their algorithms. | 868 | to prefer their algorithms. |
869 | .Pp | 869 | .Pp |
870 | The list of available key types may also be obtained using | 870 | The list of available key types may also be obtained using |
871 | .Qq ssh -Q key . | 871 | .Qq ssh -Q HostKeyAlgorithms . |
872 | .It Cm HostKeyAlias | 872 | .It Cm HostKeyAlias |
873 | Specifies an alias that should be used instead of the | 873 | Specifies an alias that should be used instead of the |
874 | real host name when looking up or saving the host key | 874 | real host name when looking up or saving the host key |
@@ -1353,7 +1353,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa | |||
1353 | .Ed | 1353 | .Ed |
1354 | .Pp | 1354 | .Pp |
1355 | The list of available key types may also be obtained using | 1355 | The list of available key types may also be obtained using |
1356 | .Qq ssh -Q key . | 1356 | .Qq ssh -Q PubkeyAcceptedKeyTypes . |
1357 | .It Cm PubkeyAuthentication | 1357 | .It Cm PubkeyAuthentication |
1358 | Specifies whether to try public key authentication. | 1358 | Specifies whether to try public key authentication. |
1359 | The argument to this keyword must be | 1359 | The argument to this keyword must be |
diff --git a/sshd_config.5 b/sshd_config.5 index 15a108676..70ccea449 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.306 2020/02/06 22:34:58 naddy Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.307 2020/02/07 03:54:44 dtucker Exp $ |
37 | .Dd $Mdocdate: February 6 2020 $ | 37 | .Dd $Mdocdate: February 7 2020 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -693,7 +693,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa | |||
693 | .Ed | 693 | .Ed |
694 | .Pp | 694 | .Pp |
695 | The list of available key types may also be obtained using | 695 | The list of available key types may also be obtained using |
696 | .Qq ssh -Q key . | 696 | .Qq ssh -Q HostbasedAcceptedKeyTypes . |
697 | .It Cm HostbasedAuthentication | 697 | .It Cm HostbasedAuthentication |
698 | Specifies whether rhosts or /etc/hosts.equiv authentication together | 698 | Specifies whether rhosts or /etc/hosts.equiv authentication together |
699 | with successful public key client host authentication is allowed | 699 | with successful public key client host authentication is allowed |
@@ -776,7 +776,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa | |||
776 | .Ed | 776 | .Ed |
777 | .Pp | 777 | .Pp |
778 | The list of available key types may also be obtained using | 778 | The list of available key types may also be obtained using |
779 | .Qq ssh -Q key . | 779 | .Qq ssh -Q HostKeyAlgorithms . |
780 | .It Cm IgnoreRhosts | 780 | .It Cm IgnoreRhosts |
781 | Specifies that | 781 | Specifies that |
782 | .Pa .rhosts | 782 | .Pa .rhosts |
@@ -949,7 +949,7 @@ diffie-hellman-group14-sha256 | |||
949 | .Ed | 949 | .Ed |
950 | .Pp | 950 | .Pp |
951 | The list of available key exchange algorithms may also be obtained using | 951 | The list of available key exchange algorithms may also be obtained using |
952 | .Qq ssh -Q kex . | 952 | .Qq ssh -Q KexAlgorithms . |
953 | .It Cm ListenAddress | 953 | .It Cm ListenAddress |
954 | Specifies the local addresses | 954 | Specifies the local addresses |
955 | .Xr sshd 8 | 955 | .Xr sshd 8 |
@@ -1461,7 +1461,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa | |||
1461 | .Ed | 1461 | .Ed |
1462 | .Pp | 1462 | .Pp |
1463 | The list of available key types may also be obtained using | 1463 | The list of available key types may also be obtained using |
1464 | .Qq ssh -Q key . | 1464 | .Qq ssh -Q PubkeyAcceptedKeyTypes . |
1465 | .It Cm PubkeyAuthOptions | 1465 | .It Cm PubkeyAuthOptions |
1466 | Sets one or more public key authentication options. | 1466 | Sets one or more public key authentication options. |
1467 | Two option keywords are currently supported: | 1467 | Two option keywords are currently supported: |