diff options
Diffstat (limited to 'sshd.0')
| -rw-r--r-- | sshd.0 | 24 |
1 files changed, 15 insertions, 9 deletions
| @@ -134,7 +134,7 @@ AUTHENTICATION | |||
| 134 | client selects the encryption algorithm to use from those offered by the | 134 | client selects the encryption algorithm to use from those offered by the |
| 135 | server. Additionally, session integrity is provided through a | 135 | server. Additionally, session integrity is provided through a |
| 136 | cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64, | 136 | cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64, |
| 137 | umac-128, hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512). | 137 | umac-128, hmac-sha2-256 or hmac-sha2-512). |
| 138 | 138 | ||
| 139 | Finally, the server and the client enter an authentication dialog. The | 139 | Finally, the server and the client enter an authentication dialog. The |
| 140 | client tries to authenticate itself using host-based authentication, | 140 | client tries to authenticate itself using host-based authentication, |
| @@ -412,13 +412,19 @@ SSH_KNOWN_HOSTS FILE FORMAT | |||
| 412 | should be used on a key line. | 412 | should be used on a key line. |
| 413 | 413 | ||
| 414 | Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as | 414 | Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as |
| 415 | wildcards); each pattern in turn is matched against the canonical host | 415 | wildcards); each pattern in turn is matched against the host name. When |
| 416 | name (when authenticating a client) or against the user-supplied name | 416 | sshd is authenticating a client, such as when using |
| 417 | (when authenticating a server). A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to | 417 | HostbasedAuthentication, this will be the canonical client host name. |
| 418 | indicate negation: if the host name matches a negated pattern, it is not | 418 | When ssh(1) is authenticating a server, this will be the host name given |
| 419 | accepted (by that line) even if it matched another pattern on the line. | 419 | by the user, the value of the ssh(1) HostkeyAlias if it was specified, or |
| 420 | A hostname or address may optionally be enclosed within M-bM-^@M-^X[M-bM-^@M-^Y and M-bM-^@M-^X]M-bM-^@M-^Y | 420 | the canonical server hostname if the ssh(1) CanonicalizeHostname option |
| 421 | brackets then followed by M-bM-^@M-^X:M-bM-^@M-^Y and a non-standard port number. | 421 | was used. |
| 422 | |||
| 423 | A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to indicate negation: if the host | ||
| 424 | name matches a negated pattern, it is not accepted (by that line) even if | ||
| 425 | it matched another pattern on the line. A hostname or address may | ||
| 426 | optionally be enclosed within M-bM-^@M-^X[M-bM-^@M-^Y and M-bM-^@M-^X]M-bM-^@M-^Y brackets then followed by M-bM-^@M-^X:M-bM-^@M-^Y | ||
| 427 | and a non-standard port number. | ||
| 422 | 428 | ||
| 423 | Alternately, hostnames may be stored in a hashed form which hides host | 429 | Alternately, hostnames may be stored in a hashed form which hides host |
| 424 | names and addresses should the file's contents be disclosed. Hashed | 430 | names and addresses should the file's contents be disclosed. Hashed |
| @@ -623,4 +629,4 @@ AUTHORS | |||
| 623 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 629 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
| 624 | for privilege separation. | 630 | for privilege separation. |
| 625 | 631 | ||
| 626 | OpenBSD 6.0 January 30, 2017 OpenBSD 6.0 | 632 | OpenBSD 6.2 June 24, 2017 OpenBSD 6.2 |