1 files changed, 55 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index a5e20d1e8..e7a5f0a08 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -1,4 +1,3 @@
-.\"  -*- nroff -*-
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $
-.Dd $Mdocdate: June 30 2010 $
+.Dd $Mdocdate: December 8 2010 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -529,9 +528,10 @@ used by SSH.
 The default is
 .Pa /etc/ssh/ssh_host_key
 for protocol version 1, and
-.Pa /etc/ssh/ssh_host_rsa_key
+.Pa /etc/ssh/ssh_host_dsa_key ,
+.Pa /etc/ssh/ssh_host_ecdsa_key
 and
-.Pa /etc/ssh/ssh_host_dsa_key
+.Pa /etc/ssh/ssh_host_rsa_key
 for protocol version 2.
 Note that
 .Xr sshd 8
@@ -539,7 +539,8 @@ will refuse to use a file if it is group/world-accessible.
 It is possible to have multiple host key files.
 .Dq rsa1
 keys are used for version 1 and
-.Dq dsa
+.Dq dsa ,
+.Dq ecdsa
 or
 .Dq rsa
 are used for version 2 of the SSH protocol.
@@ -570,6 +571,43 @@ or
 .Cm HostbasedAuthentication .
 The default is
 .Dq no .
+.It Cm IPQoS
+Specifies the IPv4 type-of-service or DSCP class for the connection.
+Accepted values are
+.Dq af11 ,
+.Dq af12 ,
+.Dq af13 ,
+.Dq af14 ,
+.Dq af22 ,
+.Dq af23 ,
+.Dq af31 ,
+.Dq af32 ,
+.Dq af33 ,
+.Dq af41 ,
+.Dq af42 ,
+.Dq af43 ,
+.Dq cs0 ,
+.Dq cs1 ,
+.Dq cs2 ,
+.Dq cs3 ,
+.Dq cs4 ,
+.Dq cs5 ,
+.Dq cs6 ,
+.Dq cs7 ,
+.Dq ef ,
+.Dq lowdelay ,
+.Dq throughput ,
+.Dq reliability ,
+or a numeric value.
+This option may take one or two arguments, separated by whitespace.
+If one argument is specified, it is used as the packet class unconditionally.
+If two values are specified, the first is automatically selected for
+interactive sessions and the second for non-interactive sessions.
+The default is
+.Dq lowdelay
+for interactive sessions and
+.Dq throughput
+for non-interactive sessions.
 .It Cm KerberosAuthentication
 Specifies whether the password provided by the user for
 .Cm PasswordAuthentication
@@ -595,6 +633,17 @@ Specifies whether to automatically destroy the user's ticket cache
 file on logout.
 The default is
 .Dq yes .
+.It Cm KexAlgorithms
+Specifies the available KEX (Key Exchange) algorithms.
+Multiple algorithms must be comma-separated.
+The default is
+.Dq ecdh-sha2-nistp256 ,
+.Dq ecdh-sha2-nistp384 ,
+.Dq ecdh-sha2-nistp521 ,
+.Dq diffie-hellman-group-exchange-sha256 ,
+.Dq diffie-hellman-group-exchange-sha1 ,
+.Dq diffie-hellman-group14-sha1 ,
+.Dq diffie-hellman-group1-sha1 .
 .It Cm KeyRegenerationInterval
 In protocol version 1, the ephemeral server key is automatically regenerated
 after this many seconds (if it has been used).

diff --git a/sshd_config.5 b/sshd_config.5 index a5e20d1e8..e7a5f0a08 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -1,4 +1,3 @@
1	.\" -- nroff --
2	.\"	1	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	2	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +33,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	35	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $
38	.Dd $Mdocdate: June 30 2010 $	37	.Dd $Mdocdate: December 8 2010 $
39	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
40	.Os	39	.Os
41	.Sh NAME	40	.Sh NAME
@@ -529,9 +528,10 @@ used by SSH.
529	The default is	528	The default is
530	.Pa /etc/ssh/ssh_host_key	529	.Pa /etc/ssh/ssh_host_key
531	for protocol version 1, and	530	for protocol version 1, and
532	.Pa /etc/ssh/ssh_host_rsa_key	531	.Pa /etc/ssh/ssh_host_dsa_key ,
		532	.Pa /etc/ssh/ssh_host_ecdsa_key
533	and	533	and
534	.Pa /etc/ssh/ssh_host_dsa_key	534	.Pa /etc/ssh/ssh_host_rsa_key
535	for protocol version 2.	535	for protocol version 2.
536	Note that	536	Note that
537	.Xr sshd 8	537	.Xr sshd 8
@@ -539,7 +539,8 @@ will refuse to use a file if it is group/world-accessible.
539	It is possible to have multiple host key files.	539	It is possible to have multiple host key files.
540	.Dq rsa1	540	.Dq rsa1
541	keys are used for version 1 and	541	keys are used for version 1 and
542	.Dq dsa	542	.Dq dsa ,
		543	.Dq ecdsa
543	or	544	or
544	.Dq rsa	545	.Dq rsa
545	are used for version 2 of the SSH protocol.	546	are used for version 2 of the SSH protocol.
@@ -570,6 +571,43 @@ or
570	.Cm HostbasedAuthentication .	571	.Cm HostbasedAuthentication .
571	The default is	572	The default is
572	.Dq no .	573	.Dq no .
		574	.It Cm IPQoS
		575	Specifies the IPv4 type-of-service or DSCP class for the connection.
		576	Accepted values are
		577	.Dq af11 ,
		578	.Dq af12 ,
		579	.Dq af13 ,
		580	.Dq af14 ,
		581	.Dq af22 ,
		582	.Dq af23 ,
		583	.Dq af31 ,
		584	.Dq af32 ,
		585	.Dq af33 ,
		586	.Dq af41 ,
		587	.Dq af42 ,
		588	.Dq af43 ,
		589	.Dq cs0 ,
		590	.Dq cs1 ,
		591	.Dq cs2 ,
		592	.Dq cs3 ,
		593	.Dq cs4 ,
		594	.Dq cs5 ,
		595	.Dq cs6 ,
		596	.Dq cs7 ,
		597	.Dq ef ,
		598	.Dq lowdelay ,
		599	.Dq throughput ,
		600	.Dq reliability ,
		601	or a numeric value.
		602	This option may take one or two arguments, separated by whitespace.
		603	If one argument is specified, it is used as the packet class unconditionally.
		604	If two values are specified, the first is automatically selected for
		605	interactive sessions and the second for non-interactive sessions.
		606	The default is
		607	.Dq lowdelay
		608	for interactive sessions and
		609	.Dq throughput
		610	for non-interactive sessions.
573	.It Cm KerberosAuthentication	611	.It Cm KerberosAuthentication
574	Specifies whether the password provided by the user for	612	Specifies whether the password provided by the user for
575	.Cm PasswordAuthentication	613	.Cm PasswordAuthentication
@@ -595,6 +633,17 @@ Specifies whether to automatically destroy the user's ticket cache
595	file on logout.	633	file on logout.
596	The default is	634	The default is
597	.Dq yes .	635	.Dq yes .
		636	.It Cm KexAlgorithms
		637	Specifies the available KEX (Key Exchange) algorithms.
		638	Multiple algorithms must be comma-separated.
		639	The default is
		640	.Dq ecdh-sha2-nistp256 ,
		641	.Dq ecdh-sha2-nistp384 ,
		642	.Dq ecdh-sha2-nistp521 ,
		643	.Dq diffie-hellman-group-exchange-sha256 ,
		644	.Dq diffie-hellman-group-exchange-sha1 ,
		645	.Dq diffie-hellman-group14-sha1 ,
		646	.Dq diffie-hellman-group1-sha1 .
598	.It Cm KeyRegenerationInterval	647	.It Cm KeyRegenerationInterval
599	In protocol version 1, the ephemeral server key is automatically regenerated	648	In protocol version 1, the ephemeral server key is automatically regenerated
600	after this many seconds (if it has been used).	649	after this many seconds (if it has been used).