1 files changed, 37 insertions, 14 deletions
diff --git a/ssh.1 b/ssh.1
index 203e8f288..6cef0851d 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.188 2004/05/22 16:01:05 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.189 2004/06/13 14:01:42 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -241,8 +241,8 @@ Additionally,
 supports hostbased or challenge response authentication.
 .Pp
 Protocol 2 provides additional mechanisms for confidentiality
-(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
+(the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour)
-and integrity (hmac-md5, hmac-sha1).
+and integrity (hmac-md5, hmac-sha1, hmac-ripemd160).
 Note that protocol 1 lacks a strong mechanism for ensuring the
 integrity of the connection.
 .Ss Login session and remote execution
@@ -449,13 +449,18 @@ The default value can be set on a host-by-host basis in the
 configuration files; see the
 .Cm Compression
 option.
-.It Fl c Ar blowfish | 3des | des
+.It Fl c Ar cipher_spec
-Selects the cipher to use for encrypting the session.
+Selects the cipher specification for encrypting the session.
-.Ar 3des
+.Pp
-is used by default.
+Protocol version 1 allows specification of a single cipher.
-It is believed to be secure.
+The suported values are
+.Dq 3des ,
+.Dq blowfish
+and
+.Dq des .
 .Ar 3des
 (triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
+It is believed to be secure.
 .Ar blowfish
 is a fast block cipher; it appears very secure and is much faster than
 .Ar 3des .
@@ -467,12 +472,30 @@ that do not support the
 .Ar 3des
 cipher.
 Its use is strongly discouraged due to cryptographic weaknesses.
-.It Fl c Ar cipher_spec
+The default is
-Additionally, for protocol version 2 a comma-separated list of ciphers can
+.Dq 3des .
-be specified in order of preference.
+.Pp
-See
+For protocol version 2
-.Cm Ciphers
+.Ar cipher_spec
-for more information.
+is a comma-separated list of ciphers
+listed in order of preference.
+The supported ciphers are
+.Dq 3des-cbc ,
+.Dq aes128-cbc ,
+.Dq aes192-cbc ,
+.Dq aes256-cbc ,
+.Dq aes128-ctr ,
+.Dq aes192-ctr ,
+.Dq aes256-ctr ,
+.Dq arcfour ,
+.Dq blowfish-cbc ,
+and
+.Dq cast128-cbc .
+The default is
+.Bd -literal
+  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
+    aes192-cbc,aes256-cbc''
+.Ed
 .It Fl D Ar port
 Specifies a local
 .Dq dynamic

diff --git a/ssh.1 b/ssh.1 index 203e8f288..6cef0851d 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.188 2004/05/22 16:01:05 jmc Exp $	37	.\" $OpenBSD: ssh.1,v 1.189 2004/06/13 14:01:42 dtucker Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -241,8 +241,8 @@ Additionally,
241	supports hostbased or challenge response authentication.	241	supports hostbased or challenge response authentication.
242	.Pp	242	.Pp
243	Protocol 2 provides additional mechanisms for confidentiality	243	Protocol 2 provides additional mechanisms for confidentiality
244	(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)	244	(the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour)
245	and integrity (hmac-md5, hmac-sha1).	245	and integrity (hmac-md5, hmac-sha1, hmac-ripemd160).
246	Note that protocol 1 lacks a strong mechanism for ensuring the	246	Note that protocol 1 lacks a strong mechanism for ensuring the
247	integrity of the connection.	247	integrity of the connection.
248	.Ss Login session and remote execution	248	.Ss Login session and remote execution
@@ -449,13 +449,18 @@ The default value can be set on a host-by-host basis in the
449	configuration files; see the	449	configuration files; see the
450	.Cm Compression	450	.Cm Compression
451	option.	451	option.
452	.It Fl c Ar blowfish \| 3des \| des	452	.It Fl c Ar cipher_spec
453	Selects the cipher to use for encrypting the session.	453	Selects the cipher specification for encrypting the session.
454	.Ar 3des	454	.Pp
455	is used by default.	455	Protocol version 1 allows specification of a single cipher.
456	It is believed to be secure.	456	The suported values are
		457	.Dq 3des ,
		458	.Dq blowfish
		459	and
		460	.Dq des .
457	.Ar 3des	461	.Ar 3des
458	(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.	462	(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
		463	It is believed to be secure.
459	.Ar blowfish	464	.Ar blowfish
460	is a fast block cipher; it appears very secure and is much faster than	465	is a fast block cipher; it appears very secure and is much faster than
461	.Ar 3des .	466	.Ar 3des .
@@ -467,12 +472,30 @@ that do not support the
467	.Ar 3des	472	.Ar 3des
468	cipher.	473	cipher.
469	Its use is strongly discouraged due to cryptographic weaknesses.	474	Its use is strongly discouraged due to cryptographic weaknesses.
470	.It Fl c Ar cipher_spec	475	The default is
471	Additionally, for protocol version 2 a comma-separated list of ciphers can	476	.Dq 3des .
472	be specified in order of preference.	477	.Pp
473	See	478	For protocol version 2
474	.Cm Ciphers	479	.Ar cipher_spec
475	for more information.	480	is a comma-separated list of ciphers
		481	listed in order of preference.
		482	The supported ciphers are
		483	.Dq 3des-cbc ,
		484	.Dq aes128-cbc ,
		485	.Dq aes192-cbc ,
		486	.Dq aes256-cbc ,
		487	.Dq aes128-ctr ,
		488	.Dq aes192-ctr ,
		489	.Dq aes256-ctr ,
		490	.Dq arcfour ,
		491	.Dq blowfish-cbc ,
		492	and
		493	.Dq cast128-cbc .
		494	The default is
		495	.Bd -literal
		496	``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
		497	aes192-cbc,aes256-cbc''
		498	.Ed
476	.It Fl D Ar port	499	.It Fl D Ar port
477	Specifies a local	500	Specifies a local
478	.Dq dynamic	501	.Dq dynamic