diff options
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 17 |
1 files changed, 7 insertions, 10 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd.8,v 1.279 2015/05/01 07:11:47 djm Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $ |
37 | .Dd $Mdocdate: May 1 2015 $ | 37 | .Dd $Mdocdate: July 3 2015 $ |
38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -184,15 +184,12 @@ Specifies that | |||
184 | .Nm | 184 | .Nm |
185 | is being run from | 185 | is being run from |
186 | .Xr inetd 8 . | 186 | .Xr inetd 8 . |
187 | If SSH protocol 1 is enabled, | ||
187 | .Nm | 188 | .Nm |
188 | is normally not run | 189 | should not normally be run |
189 | from inetd because it needs to generate the server key before it can | 190 | from inetd because it needs to generate the server key before it can |
190 | respond to the client, and this may take tens of seconds. | 191 | respond to the client, and this may take some time. |
191 | Clients would have to wait too long if the key was regenerated every time. | 192 | Clients may have to wait too long if the key was regenerated every time. |
192 | However, with small key sizes (e.g. 512) using | ||
193 | .Nm | ||
194 | from inetd may | ||
195 | be feasible. | ||
196 | .It Fl k Ar key_gen_time | 193 | .It Fl k Ar key_gen_time |
197 | Specifies how often the ephemeral protocol version 1 server key is | 194 | Specifies how often the ephemeral protocol version 1 server key is |
198 | regenerated (default 3600 seconds, or one hour). | 195 | regenerated (default 3600 seconds, or one hour). |
@@ -287,7 +284,7 @@ used to identify the host. | |||
287 | .Pp | 284 | .Pp |
288 | Forward security for protocol 1 is provided through | 285 | Forward security for protocol 1 is provided through |
289 | an additional server key, | 286 | an additional server key, |
290 | normally 768 bits, | 287 | normally 1024 bits, |
291 | generated when the server starts. | 288 | generated when the server starts. |
292 | This key is normally regenerated every hour if it has been used, and | 289 | This key is normally regenerated every hour if it has been used, and |
293 | is never stored on disk. | 290 | is never stored on disk. |