1 files changed, 68 insertions, 9 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 321a94db6..269d3941b 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1,4 +1,3 @@
-.\"  -*- nroff -*-
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.138 2010/08/04 05:37:01 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $
-.Dd $Mdocdate: August 4 2010 $
+.Dd $Mdocdate: December 8 2010 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -579,7 +578,18 @@ is similar to
 Specifies the protocol version 2 host key algorithms
 that the client wants to use in order of preference.
 The default for this option is:
-.Dq ssh-rsa,ssh-dss .
+.Bd -literal -offset 3n
+ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
+ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-rsa,ssh-dss
+.Ed
+.Pp
+If hostkeys are known for the destination host then this default is modified
+to prefer their algorithms.
 .It Cm HostKeyAlias
 Specifies an alias that should be used instead of the
 real host name when looking up or saving the host key
@@ -615,14 +625,15 @@ offers many different identities.
 The default is
 .Dq no .
 .It Cm IdentityFile
-Specifies a file from which the user's RSA or DSA authentication identity
+Specifies a file from which the user's DSA, ECDSA or DSA authentication
-is read.
+identity is read.
 The default is
 .Pa ~/.ssh/identity
 for protocol version 1, and
-.Pa ~/.ssh/id_rsa
+.Pa ~/.ssh/id_dsa ,
+.Pa ~/.ssh/id_ecdsa
 and
-.Pa ~/.ssh/id_dsa
+.Pa ~/.ssh/id_rsa
 for protocol version 2.
 Additionally, any identities represented by the authentication agent
 will be used for authentication.
@@ -650,6 +661,43 @@ escape characters:
 It is possible to have
 multiple identity files specified in configuration files; all these
 identities will be tried in sequence.
+.It Cm IPQoS
+Specifies the IPv4 type-of-service or DSCP class for connections.
+Accepted values are
+.Dq af11 ,
+.Dq af12 ,
+.Dq af13 ,
+.Dq af14 ,
+.Dq af22 ,
+.Dq af23 ,
+.Dq af31 ,
+.Dq af32 ,
+.Dq af33 ,
+.Dq af41 ,
+.Dq af42 ,
+.Dq af43 ,
+.Dq cs0 ,
+.Dq cs1 ,
+.Dq cs2 ,
+.Dq cs3 ,
+.Dq cs4 ,
+.Dq cs5 ,
+.Dq cs6 ,
+.Dq cs7 ,
+.Dq ef ,
+.Dq lowdelay ,
+.Dq throughput ,
+.Dq reliability ,
+or a numeric value.
+This option may take one or two arguments, separated by whitespace.
+If one argument is specified, it is used as the packet class unconditionally.
+If two values are specified, the first is automatically selected for
+interactive sessions and the second for non-interactive sessions.
+The default is
+.Dq lowdelay
+for interactive sessions and
+.Dq throughput
+for non-interactive sessions.
 .It Cm KbdInteractiveAuthentication
 Specifies whether to use keyboard-interactive authentication.
 The argument to this keyword must be
@@ -669,6 +717,17 @@ it may be zero or more of:
 .Dq pam ,
 and
 .Dq skey .
+.It Cm KexAlgorithms
+Specifies the available KEX (Key Exchange) algorithms.
+Multiple algorithms must be comma-separated.
+The default is:
+.Bd -literal -offset indent
+ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+diffie-hellman-group-exchange-sha256,
+diffie-hellman-group-exchange-sha1,
+diffie-hellman-group14-sha1,
+diffie-hellman-group1-sha1
+.Ed
 .It Cm LocalCommand
 Specifies a command to execute on the local machine after successfully
 connecting to the server.
@@ -782,7 +841,7 @@ The default is
 .Dq no .
 .It Cm PKCS11Provider
 Specifies which PKCS#11 provider to use.
-The argument to this keyword is the PKCS#11 shared libary
+The argument to this keyword is the PKCS#11 shared library
 .Xr ssh 1
 should use to communicate with a PKCS#11 token providing the user's
 private RSA key.

diff --git a/ssh_config.5 b/ssh_config.5 index 321a94db6..269d3941b 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1,4 +1,3 @@
1	.\" -- nroff --
2	.\"	1	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	2	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +33,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	35	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.138 2010/08/04 05:37:01 djm Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $
38	.Dd $Mdocdate: August 4 2010 $	37	.Dd $Mdocdate: December 8 2010 $
39	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
40	.Os	39	.Os
41	.Sh NAME	40	.Sh NAME
@@ -579,7 +578,18 @@ is similar to
579	Specifies the protocol version 2 host key algorithms	578	Specifies the protocol version 2 host key algorithms
580	that the client wants to use in order of preference.	579	that the client wants to use in order of preference.
581	The default for this option is:	580	The default for this option is:
582	.Dq ssh-rsa,ssh-dss .	581	.Bd -literal -offset 3n
		582	ecdsa-sha2-nistp256-cert-v01@openssh.com,
		583	ecdsa-sha2-nistp384-cert-v01@openssh.com,
		584	ecdsa-sha2-nistp521-cert-v01@openssh.com,
		585	ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
		586	ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
		587	ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
		588	ssh-rsa,ssh-dss
		589	.Ed
		590	.Pp
		591	If hostkeys are known for the destination host then this default is modified
		592	to prefer their algorithms.
583	.It Cm HostKeyAlias	593	.It Cm HostKeyAlias
584	Specifies an alias that should be used instead of the	594	Specifies an alias that should be used instead of the
585	real host name when looking up or saving the host key	595	real host name when looking up or saving the host key
@@ -615,14 +625,15 @@ offers many different identities.
615	The default is	625	The default is
616	.Dq no .	626	.Dq no .
617	.It Cm IdentityFile	627	.It Cm IdentityFile
618	Specifies a file from which the user's RSA or DSA authentication identity	628	Specifies a file from which the user's DSA, ECDSA or DSA authentication
619	is read.	629	identity is read.
620	The default is	630	The default is
621	.Pa ~/.ssh/identity	631	.Pa ~/.ssh/identity
622	for protocol version 1, and	632	for protocol version 1, and
623	.Pa ~/.ssh/id_rsa	633	.Pa ~/.ssh/id_dsa ,
		634	.Pa ~/.ssh/id_ecdsa
624	and	635	and
625	.Pa ~/.ssh/id_dsa	636	.Pa ~/.ssh/id_rsa
626	for protocol version 2.	637	for protocol version 2.
627	Additionally, any identities represented by the authentication agent	638	Additionally, any identities represented by the authentication agent
628	will be used for authentication.	639	will be used for authentication.
@@ -650,6 +661,43 @@ escape characters:
650	It is possible to have	661	It is possible to have
651	multiple identity files specified in configuration files; all these	662	multiple identity files specified in configuration files; all these
652	identities will be tried in sequence.	663	identities will be tried in sequence.
		664	.It Cm IPQoS
		665	Specifies the IPv4 type-of-service or DSCP class for connections.
		666	Accepted values are
		667	.Dq af11 ,
		668	.Dq af12 ,
		669	.Dq af13 ,
		670	.Dq af14 ,
		671	.Dq af22 ,
		672	.Dq af23 ,
		673	.Dq af31 ,
		674	.Dq af32 ,
		675	.Dq af33 ,
		676	.Dq af41 ,
		677	.Dq af42 ,
		678	.Dq af43 ,
		679	.Dq cs0 ,
		680	.Dq cs1 ,
		681	.Dq cs2 ,
		682	.Dq cs3 ,
		683	.Dq cs4 ,
		684	.Dq cs5 ,
		685	.Dq cs6 ,
		686	.Dq cs7 ,
		687	.Dq ef ,
		688	.Dq lowdelay ,
		689	.Dq throughput ,
		690	.Dq reliability ,
		691	or a numeric value.
		692	This option may take one or two arguments, separated by whitespace.
		693	If one argument is specified, it is used as the packet class unconditionally.
		694	If two values are specified, the first is automatically selected for
		695	interactive sessions and the second for non-interactive sessions.
		696	The default is
		697	.Dq lowdelay
		698	for interactive sessions and
		699	.Dq throughput
		700	for non-interactive sessions.
653	.It Cm KbdInteractiveAuthentication	701	.It Cm KbdInteractiveAuthentication
654	Specifies whether to use keyboard-interactive authentication.	702	Specifies whether to use keyboard-interactive authentication.
655	The argument to this keyword must be	703	The argument to this keyword must be
@@ -669,6 +717,17 @@ it may be zero or more of:
669	.Dq pam ,	717	.Dq pam ,
670	and	718	and
671	.Dq skey .	719	.Dq skey .
		720	.It Cm KexAlgorithms
		721	Specifies the available KEX (Key Exchange) algorithms.
		722	Multiple algorithms must be comma-separated.
		723	The default is:
		724	.Bd -literal -offset indent
		725	ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
		726	diffie-hellman-group-exchange-sha256,
		727	diffie-hellman-group-exchange-sha1,
		728	diffie-hellman-group14-sha1,
		729	diffie-hellman-group1-sha1
		730	.Ed
672	.It Cm LocalCommand	731	.It Cm LocalCommand
673	Specifies a command to execute on the local machine after successfully	732	Specifies a command to execute on the local machine after successfully
674	connecting to the server.	733	connecting to the server.
@@ -782,7 +841,7 @@ The default is
782	.Dq no .	841	.Dq no .
783	.It Cm PKCS11Provider	842	.It Cm PKCS11Provider
784	Specifies which PKCS#11 provider to use.	843	Specifies which PKCS#11 provider to use.
785	The argument to this keyword is the PKCS#11 shared libary	844	The argument to this keyword is the PKCS#11 shared library
786	.Xr ssh 1	845	.Xr ssh 1
787	should use to communicate with a PKCS#11 token providing the user's	846	should use to communicate with a PKCS#11 token providing the user's
788	private RSA key.	847	private RSA key.