1 files changed, 68 insertions, 9 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index ddb806ec0..50bcae82f 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1,4 +1,3 @@
-.\"  -*- nroff -*-
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.138 2010/08/04 05:37:01 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $
-.Dd $Mdocdate: August 4 2010 $
+.Dd $Mdocdate: December 8 2010 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -547,7 +546,18 @@ is similar to
 Specifies the protocol version 2 host key algorithms
 that the client wants to use in order of preference.
 The default for this option is:
-.Dq ssh-rsa,ssh-dss .
+.Bd -literal -offset 3n
+ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
+ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-rsa,ssh-dss
+.Ed
+.Pp
+If hostkeys are known for the destination host then this default is modified
+to prefer their algorithms.
 .It Cm HostKeyAlias
 Specifies an alias that should be used instead of the
 real host name when looking up or saving the host key
@@ -583,14 +593,15 @@ offers many different identities.
 The default is
 .Dq no .
 .It Cm IdentityFile
-Specifies a file from which the user's RSA or DSA authentication identity
+Specifies a file from which the user's DSA, ECDSA or DSA authentication
-is read.
+identity is read.
 The default is
 .Pa ~/.ssh/identity
 for protocol version 1, and
-.Pa ~/.ssh/id_rsa
+.Pa ~/.ssh/id_dsa ,
+.Pa ~/.ssh/id_ecdsa
 and
-.Pa ~/.ssh/id_dsa
+.Pa ~/.ssh/id_rsa
 for protocol version 2.
 Additionally, any identities represented by the authentication agent
 will be used for authentication.
@@ -618,6 +629,43 @@ escape characters:
 It is possible to have
 multiple identity files specified in configuration files; all these
 identities will be tried in sequence.
+.It Cm IPQoS
+Specifies the IPv4 type-of-service or DSCP class for connections.
+Accepted values are
+.Dq af11 ,
+.Dq af12 ,
+.Dq af13 ,
+.Dq af14 ,
+.Dq af22 ,
+.Dq af23 ,
+.Dq af31 ,
+.Dq af32 ,
+.Dq af33 ,
+.Dq af41 ,
+.Dq af42 ,
+.Dq af43 ,
+.Dq cs0 ,
+.Dq cs1 ,
+.Dq cs2 ,
+.Dq cs3 ,
+.Dq cs4 ,
+.Dq cs5 ,
+.Dq cs6 ,
+.Dq cs7 ,
+.Dq ef ,
+.Dq lowdelay ,
+.Dq throughput ,
+.Dq reliability ,
+or a numeric value.
+This option may take one or two arguments, separated by whitespace.
+If one argument is specified, it is used as the packet class unconditionally.
+If two values are specified, the first is automatically selected for
+interactive sessions and the second for non-interactive sessions.
+The default is
+.Dq lowdelay
+for interactive sessions and
+.Dq throughput
+for non-interactive sessions.
 .It Cm KbdInteractiveAuthentication
 Specifies whether to use keyboard-interactive authentication.
 The argument to this keyword must be
@@ -637,6 +685,17 @@ it may be zero or more of:
 .Dq pam ,
 and
 .Dq skey .
+.It Cm KexAlgorithms
+Specifies the available KEX (Key Exchange) algorithms.
+Multiple algorithms must be comma-separated.
+The default is:
+.Bd -literal -offset indent
+ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+diffie-hellman-group-exchange-sha256,
+diffie-hellman-group-exchange-sha1,
+diffie-hellman-group14-sha1,
+diffie-hellman-group1-sha1
+.Ed
 .It Cm LocalCommand
 Specifies a command to execute on the local machine after successfully
 connecting to the server.
@@ -750,7 +809,7 @@ The default is
 .Dq no .
 .It Cm PKCS11Provider
 Specifies which PKCS#11 provider to use.
-The argument to this keyword is the PKCS#11 shared libary
+The argument to this keyword is the PKCS#11 shared library
 .Xr ssh 1
 should use to communicate with a PKCS#11 token providing the user's
 private RSA key.

diff --git a/ssh_config.5 b/ssh_config.5 index ddb806ec0..50bcae82f 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1,4 +1,3 @@
1	.\" -- nroff --
2	.\"	1	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	2	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +33,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	35	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.138 2010/08/04 05:37:01 djm Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $
38	.Dd $Mdocdate: August 4 2010 $	37	.Dd $Mdocdate: December 8 2010 $
39	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
40	.Os	39	.Os
41	.Sh NAME	40	.Sh NAME
@@ -547,7 +546,18 @@ is similar to
547	Specifies the protocol version 2 host key algorithms	546	Specifies the protocol version 2 host key algorithms
548	that the client wants to use in order of preference.	547	that the client wants to use in order of preference.
549	The default for this option is:	548	The default for this option is:
550	.Dq ssh-rsa,ssh-dss .	549	.Bd -literal -offset 3n
		550	ecdsa-sha2-nistp256-cert-v01@openssh.com,
		551	ecdsa-sha2-nistp384-cert-v01@openssh.com,
		552	ecdsa-sha2-nistp521-cert-v01@openssh.com,
		553	ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
		554	ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
		555	ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
		556	ssh-rsa,ssh-dss
		557	.Ed
		558	.Pp
		559	If hostkeys are known for the destination host then this default is modified
		560	to prefer their algorithms.
551	.It Cm HostKeyAlias	561	.It Cm HostKeyAlias
552	Specifies an alias that should be used instead of the	562	Specifies an alias that should be used instead of the
553	real host name when looking up or saving the host key	563	real host name when looking up or saving the host key
@@ -583,14 +593,15 @@ offers many different identities.
583	The default is	593	The default is
584	.Dq no .	594	.Dq no .
585	.It Cm IdentityFile	595	.It Cm IdentityFile
586	Specifies a file from which the user's RSA or DSA authentication identity	596	Specifies a file from which the user's DSA, ECDSA or DSA authentication
587	is read.	597	identity is read.
588	The default is	598	The default is
589	.Pa ~/.ssh/identity	599	.Pa ~/.ssh/identity
590	for protocol version 1, and	600	for protocol version 1, and
591	.Pa ~/.ssh/id_rsa	601	.Pa ~/.ssh/id_dsa ,
		602	.Pa ~/.ssh/id_ecdsa
592	and	603	and
593	.Pa ~/.ssh/id_dsa	604	.Pa ~/.ssh/id_rsa
594	for protocol version 2.	605	for protocol version 2.
595	Additionally, any identities represented by the authentication agent	606	Additionally, any identities represented by the authentication agent
596	will be used for authentication.	607	will be used for authentication.
@@ -618,6 +629,43 @@ escape characters:
618	It is possible to have	629	It is possible to have
619	multiple identity files specified in configuration files; all these	630	multiple identity files specified in configuration files; all these
620	identities will be tried in sequence.	631	identities will be tried in sequence.
		632	.It Cm IPQoS
		633	Specifies the IPv4 type-of-service or DSCP class for connections.
		634	Accepted values are
		635	.Dq af11 ,
		636	.Dq af12 ,
		637	.Dq af13 ,
		638	.Dq af14 ,
		639	.Dq af22 ,
		640	.Dq af23 ,
		641	.Dq af31 ,
		642	.Dq af32 ,
		643	.Dq af33 ,
		644	.Dq af41 ,
		645	.Dq af42 ,
		646	.Dq af43 ,
		647	.Dq cs0 ,
		648	.Dq cs1 ,
		649	.Dq cs2 ,
		650	.Dq cs3 ,
		651	.Dq cs4 ,
		652	.Dq cs5 ,
		653	.Dq cs6 ,
		654	.Dq cs7 ,
		655	.Dq ef ,
		656	.Dq lowdelay ,
		657	.Dq throughput ,
		658	.Dq reliability ,
		659	or a numeric value.
		660	This option may take one or two arguments, separated by whitespace.
		661	If one argument is specified, it is used as the packet class unconditionally.
		662	If two values are specified, the first is automatically selected for
		663	interactive sessions and the second for non-interactive sessions.
		664	The default is
		665	.Dq lowdelay
		666	for interactive sessions and
		667	.Dq throughput
		668	for non-interactive sessions.
621	.It Cm KbdInteractiveAuthentication	669	.It Cm KbdInteractiveAuthentication
622	Specifies whether to use keyboard-interactive authentication.	670	Specifies whether to use keyboard-interactive authentication.
623	The argument to this keyword must be	671	The argument to this keyword must be
@@ -637,6 +685,17 @@ it may be zero or more of:
637	.Dq pam ,	685	.Dq pam ,
638	and	686	and
639	.Dq skey .	687	.Dq skey .
		688	.It Cm KexAlgorithms
		689	Specifies the available KEX (Key Exchange) algorithms.
		690	Multiple algorithms must be comma-separated.
		691	The default is:
		692	.Bd -literal -offset indent
		693	ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
		694	diffie-hellman-group-exchange-sha256,
		695	diffie-hellman-group-exchange-sha1,
		696	diffie-hellman-group14-sha1,
		697	diffie-hellman-group1-sha1
		698	.Ed
640	.It Cm LocalCommand	699	.It Cm LocalCommand
641	Specifies a command to execute on the local machine after successfully	700	Specifies a command to execute on the local machine after successfully
642	connecting to the server.	701	connecting to the server.
@@ -750,7 +809,7 @@ The default is
750	.Dq no .	809	.Dq no .
751	.It Cm PKCS11Provider	810	.It Cm PKCS11Provider
752	Specifies which PKCS#11 provider to use.	811	Specifies which PKCS#11 provider to use.
753	The argument to this keyword is the PKCS#11 shared libary	812	The argument to this keyword is the PKCS#11 shared library
754	.Xr ssh 1	813	.Xr ssh 1
755	should use to communicate with a PKCS#11 token providing the user's	814	should use to communicate with a PKCS#11 token providing the user's
756	private RSA key.	815	private RSA key.