diff options
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 72 |
1 files changed, 62 insertions, 10 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 268a627b2..5b0975f87 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.211 2015/06/02 09:10:40 djm Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.214 2015/07/30 00:01:34 djm Exp $ |
37 | .Dd $Mdocdate: June 2 2015 $ | 37 | .Dd $Mdocdate: July 30 2015 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -373,6 +373,11 @@ The default is | |||
373 | Specifies the ciphers allowed for protocol version 2 | 373 | Specifies the ciphers allowed for protocol version 2 |
374 | in order of preference. | 374 | in order of preference. |
375 | Multiple ciphers must be comma-separated. | 375 | Multiple ciphers must be comma-separated. |
376 | If the specified value begins with a | ||
377 | .Sq + | ||
378 | character, then the specified ciphers will be appended to the default set | ||
379 | instead of replacing them. | ||
380 | .Pp | ||
376 | The supported ciphers are: | 381 | The supported ciphers are: |
377 | .Pp | 382 | .Pp |
378 | .Bl -item -compact -offset indent | 383 | .Bl -item -compact -offset indent |
@@ -781,9 +786,21 @@ is similar to | |||
781 | .It Cm HostbasedKeyTypes | 786 | .It Cm HostbasedKeyTypes |
782 | Specifies the key types that will be used for hostbased authentication | 787 | Specifies the key types that will be used for hostbased authentication |
783 | as a comma-separated pattern list. | 788 | as a comma-separated pattern list. |
784 | The default | 789 | Alternately if the specified value begins with a |
785 | .Dq * | 790 | .Sq + |
786 | will allow all key types. | 791 | character, then the specified key types will be appended to the default set |
792 | instead of replacing them. | ||
793 | The default for this option is: | ||
794 | .Bd -literal -offset 3n | ||
795 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
796 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
797 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
798 | ssh-ed25519-cert-v01@openssh.com, | ||
799 | ssh-rsa-cert-v01@openssh.com, | ||
800 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
801 | ssh-ed25519,ssh-rsa | ||
802 | .Ed | ||
803 | .Pp | ||
787 | The | 804 | The |
788 | .Fl Q | 805 | .Fl Q |
789 | option of | 806 | option of |
@@ -792,16 +809,19 @@ may be used to list supported key types. | |||
792 | .It Cm HostKeyAlgorithms | 809 | .It Cm HostKeyAlgorithms |
793 | Specifies the protocol version 2 host key algorithms | 810 | Specifies the protocol version 2 host key algorithms |
794 | that the client wants to use in order of preference. | 811 | that the client wants to use in order of preference. |
812 | Alternately if the specified value begins with a | ||
813 | .Sq + | ||
814 | character, then the specified key types will be appended to the default set | ||
815 | instead of replacing them. | ||
795 | The default for this option is: | 816 | The default for this option is: |
796 | .Bd -literal -offset 3n | 817 | .Bd -literal -offset 3n |
797 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 818 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
798 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 819 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
799 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | 820 | ecdsa-sha2-nistp521-cert-v01@openssh.com, |
800 | ssh-ed25519-cert-v01@openssh.com, | 821 | ssh-ed25519-cert-v01@openssh.com, |
801 | ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, | 822 | ssh-rsa-cert-v01@openssh.com, |
802 | ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com, | ||
803 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 823 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
804 | ssh-ed25519,ssh-rsa,ssh-dss | 824 | ssh-ed25519,ssh-rsa |
805 | .Ed | 825 | .Ed |
806 | .Pp | 826 | .Pp |
807 | If hostkeys are known for the destination host then this default is modified | 827 | If hostkeys are known for the destination host then this default is modified |
@@ -974,14 +994,17 @@ and | |||
974 | .It Cm KexAlgorithms | 994 | .It Cm KexAlgorithms |
975 | Specifies the available KEX (Key Exchange) algorithms. | 995 | Specifies the available KEX (Key Exchange) algorithms. |
976 | Multiple algorithms must be comma-separated. | 996 | Multiple algorithms must be comma-separated. |
997 | Alternately if the specified value begins with a | ||
998 | .Sq + | ||
999 | character, then the specified methods will be appended to the default set | ||
1000 | instead of replacing them. | ||
977 | The default is: | 1001 | The default is: |
978 | .Bd -literal -offset indent | 1002 | .Bd -literal -offset indent |
979 | curve25519-sha256@libssh.org, | 1003 | curve25519-sha256@libssh.org, |
980 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, | 1004 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, |
981 | diffie-hellman-group-exchange-sha256, | 1005 | diffie-hellman-group-exchange-sha256, |
982 | diffie-hellman-group-exchange-sha1, | 1006 | diffie-hellman-group-exchange-sha1, |
983 | diffie-hellman-group14-sha1, | 1007 | diffie-hellman-group14-sha1 |
984 | diffie-hellman-group1-sha1 | ||
985 | .Ed | 1008 | .Ed |
986 | .Pp | 1009 | .Pp |
987 | The list of available key exchange algorithms may also be obtained using the | 1010 | The list of available key exchange algorithms may also be obtained using the |
@@ -1063,10 +1086,16 @@ in order of preference. | |||
1063 | The MAC algorithm is used in protocol version 2 | 1086 | The MAC algorithm is used in protocol version 2 |
1064 | for data integrity protection. | 1087 | for data integrity protection. |
1065 | Multiple algorithms must be comma-separated. | 1088 | Multiple algorithms must be comma-separated. |
1089 | If the specified value begins with a | ||
1090 | .Sq + | ||
1091 | character, then the specified algorithms will be appended to the default set | ||
1092 | instead of replacing them. | ||
1093 | .Pp | ||
1066 | The algorithms that contain | 1094 | The algorithms that contain |
1067 | .Dq -etm | 1095 | .Dq -etm |
1068 | calculate the MAC after encryption (encrypt-then-mac). | 1096 | calculate the MAC after encryption (encrypt-then-mac). |
1069 | These are considered safer and their use recommended. | 1097 | These are considered safer and their use recommended. |
1098 | .Pp | ||
1070 | The default is: | 1099 | The default is: |
1071 | .Bd -literal -offset indent | 1100 | .Bd -literal -offset indent |
1072 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | 1101 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, |
@@ -1207,6 +1236,29 @@ will pass a connected file descriptor back to | |||
1207 | instead of continuing to execute and pass data. | 1236 | instead of continuing to execute and pass data. |
1208 | The default is | 1237 | The default is |
1209 | .Dq no . | 1238 | .Dq no . |
1239 | .It Cm PubkeyAcceptedKeyTypes | ||
1240 | Specifies the key types that will be used for public key authentication | ||
1241 | as a comma-separated pattern list. | ||
1242 | Alternately if the specified value begins with a | ||
1243 | .Sq + | ||
1244 | character, then the key types after it will be appended to the default | ||
1245 | instead of replacing it. | ||
1246 | The default for this option is: | ||
1247 | .Bd -literal -offset 3n | ||
1248 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
1249 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
1250 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
1251 | ssh-ed25519-cert-v01@openssh.com, | ||
1252 | ssh-rsa-cert-v01@openssh.com, | ||
1253 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
1254 | ssh-ed25519,ssh-rsa | ||
1255 | .Ed | ||
1256 | .Pp | ||
1257 | The | ||
1258 | .Fl Q | ||
1259 | option of | ||
1260 | .Xr ssh 1 | ||
1261 | may be used to list supported key types. | ||
1210 | .It Cm PubkeyAuthentication | 1262 | .It Cm PubkeyAuthentication |
1211 | Specifies whether to try public key authentication. | 1263 | Specifies whether to try public key authentication. |
1212 | The argument to this keyword must be | 1264 | The argument to this keyword must be |