summaryrefslogtreecommitdiff
path: root/sshd.0
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.0')
-rw-r--r--sshd.024
1 files changed, 15 insertions, 9 deletions
diff --git a/sshd.0 b/sshd.0
index 6cd5f038c..92c8ec533 100644
--- a/sshd.0
+++ b/sshd.0
@@ -134,7 +134,7 @@ AUTHENTICATION
134 client selects the encryption algorithm to use from those offered by the 134 client selects the encryption algorithm to use from those offered by the
135 server. Additionally, session integrity is provided through a 135 server. Additionally, session integrity is provided through a
136 cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64, 136 cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64,
137 umac-128, hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512). 137 umac-128, hmac-sha2-256 or hmac-sha2-512).
138 138
139 Finally, the server and the client enter an authentication dialog. The 139 Finally, the server and the client enter an authentication dialog. The
140 client tries to authenticate itself using host-based authentication, 140 client tries to authenticate itself using host-based authentication,
@@ -412,13 +412,19 @@ SSH_KNOWN_HOSTS FILE FORMAT
412 should be used on a key line. 412 should be used on a key line.
413 413
414 Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as 414 Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as
415 wildcards); each pattern in turn is matched against the canonical host 415 wildcards); each pattern in turn is matched against the host name. When
416 name (when authenticating a client) or against the user-supplied name 416 sshd is authenticating a client, such as when using
417 (when authenticating a server). A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to 417 HostbasedAuthentication, this will be the canonical client host name.
418 indicate negation: if the host name matches a negated pattern, it is not 418 When ssh(1) is authenticating a server, this will be the host name given
419 accepted (by that line) even if it matched another pattern on the line. 419 by the user, the value of the ssh(1) HostkeyAlias if it was specified, or
420 A hostname or address may optionally be enclosed within M-bM-^@M-^X[M-bM-^@M-^Y and M-bM-^@M-^X]M-bM-^@M-^Y 420 the canonical server hostname if the ssh(1) CanonicalizeHostname option
421 brackets then followed by M-bM-^@M-^X:M-bM-^@M-^Y and a non-standard port number. 421 was used.
422
423 A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to indicate negation: if the host
424 name matches a negated pattern, it is not accepted (by that line) even if
425 it matched another pattern on the line. A hostname or address may
426 optionally be enclosed within M-bM-^@M-^X[M-bM-^@M-^Y and M-bM-^@M-^X]M-bM-^@M-^Y brackets then followed by M-bM-^@M-^X:M-bM-^@M-^Y
427 and a non-standard port number.
422 428
423 Alternately, hostnames may be stored in a hashed form which hides host 429 Alternately, hostnames may be stored in a hashed form which hides host
424 names and addresses should the file's contents be disclosed. Hashed 430 names and addresses should the file's contents be disclosed. Hashed
@@ -623,4 +629,4 @@ AUTHORS
623 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 629 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
624 for privilege separation. 630 for privilege separation.
625 631
626OpenBSD 6.0 January 30, 2017 OpenBSD 6.0 632OpenBSD 6.2 June 24, 2017 OpenBSD 6.2