1 files changed, 55 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 55e8d8503..449afb302 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -1,4 +1,3 @@
-.\"  -*- nroff -*-
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $
-.Dd $Mdocdate: June 30 2010 $
+.Dd $Mdocdate: December 8 2010 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -498,9 +497,10 @@ used by SSH.
 The default is
 .Pa /etc/ssh/ssh_host_key
 for protocol version 1, and
-.Pa /etc/ssh/ssh_host_rsa_key
+.Pa /etc/ssh/ssh_host_dsa_key ,
+.Pa /etc/ssh/ssh_host_ecdsa_key
 and
-.Pa /etc/ssh/ssh_host_dsa_key
+.Pa /etc/ssh/ssh_host_rsa_key
 for protocol version 2.
 Note that
 .Xr sshd 8
@@ -508,7 +508,8 @@ will refuse to use a file if it is group/world-accessible.
 It is possible to have multiple host key files.
 .Dq rsa1
 keys are used for version 1 and
-.Dq dsa
+.Dq dsa ,
+.Dq ecdsa
 or
 .Dq rsa
 are used for version 2 of the SSH protocol.
@@ -539,6 +540,43 @@ or
 .Cm HostbasedAuthentication .
 The default is
 .Dq no .
+.It Cm IPQoS
+Specifies the IPv4 type-of-service or DSCP class for the connection.
+Accepted values are
+.Dq af11 ,
+.Dq af12 ,
+.Dq af13 ,
+.Dq af14 ,
+.Dq af22 ,
+.Dq af23 ,
+.Dq af31 ,
+.Dq af32 ,
+.Dq af33 ,
+.Dq af41 ,
+.Dq af42 ,
+.Dq af43 ,
+.Dq cs0 ,
+.Dq cs1 ,
+.Dq cs2 ,
+.Dq cs3 ,
+.Dq cs4 ,
+.Dq cs5 ,
+.Dq cs6 ,
+.Dq cs7 ,
+.Dq ef ,
+.Dq lowdelay ,
+.Dq throughput ,
+.Dq reliability ,
+or a numeric value.
+This option may take one or two arguments, separated by whitespace.
+If one argument is specified, it is used as the packet class unconditionally.
+If two values are specified, the first is automatically selected for
+interactive sessions and the second for non-interactive sessions.
+The default is
+.Dq lowdelay
+for interactive sessions and
+.Dq throughput
+for non-interactive sessions.
 .It Cm KerberosAuthentication
 Specifies whether the password provided by the user for
 .Cm PasswordAuthentication
@@ -564,6 +602,17 @@ Specifies whether to automatically destroy the user's ticket cache
 file on logout.
 The default is
 .Dq yes .
+.It Cm KexAlgorithms
+Specifies the available KEX (Key Exchange) algorithms.
+Multiple algorithms must be comma-separated.
+The default is
+.Dq ecdh-sha2-nistp256 ,
+.Dq ecdh-sha2-nistp384 ,
+.Dq ecdh-sha2-nistp521 ,
+.Dq diffie-hellman-group-exchange-sha256 ,
+.Dq diffie-hellman-group-exchange-sha1 ,
+.Dq diffie-hellman-group14-sha1 ,
+.Dq diffie-hellman-group1-sha1 .
 .It Cm KeyRegenerationInterval
 In protocol version 1, the ephemeral server key is automatically regenerated
 after this many seconds (if it has been used).

diff --git a/sshd_config.5 b/sshd_config.5 index 55e8d8503..449afb302 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -1,4 +1,3 @@
1	.\" -- nroff --
2	.\"	1	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	2	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +33,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	35	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $
38	.Dd $Mdocdate: June 30 2010 $	37	.Dd $Mdocdate: December 8 2010 $
39	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
40	.Os	39	.Os
41	.Sh NAME	40	.Sh NAME
@@ -498,9 +497,10 @@ used by SSH.
498	The default is	497	The default is
499	.Pa /etc/ssh/ssh_host_key	498	.Pa /etc/ssh/ssh_host_key
500	for protocol version 1, and	499	for protocol version 1, and
501	.Pa /etc/ssh/ssh_host_rsa_key	500	.Pa /etc/ssh/ssh_host_dsa_key ,
		501	.Pa /etc/ssh/ssh_host_ecdsa_key
502	and	502	and
503	.Pa /etc/ssh/ssh_host_dsa_key	503	.Pa /etc/ssh/ssh_host_rsa_key
504	for protocol version 2.	504	for protocol version 2.
505	Note that	505	Note that
506	.Xr sshd 8	506	.Xr sshd 8
@@ -508,7 +508,8 @@ will refuse to use a file if it is group/world-accessible.
508	It is possible to have multiple host key files.	508	It is possible to have multiple host key files.
509	.Dq rsa1	509	.Dq rsa1
510	keys are used for version 1 and	510	keys are used for version 1 and
511	.Dq dsa	511	.Dq dsa ,
		512	.Dq ecdsa
512	or	513	or
513	.Dq rsa	514	.Dq rsa
514	are used for version 2 of the SSH protocol.	515	are used for version 2 of the SSH protocol.
@@ -539,6 +540,43 @@ or
539	.Cm HostbasedAuthentication .	540	.Cm HostbasedAuthentication .
540	The default is	541	The default is
541	.Dq no .	542	.Dq no .
		543	.It Cm IPQoS
		544	Specifies the IPv4 type-of-service or DSCP class for the connection.
		545	Accepted values are
		546	.Dq af11 ,
		547	.Dq af12 ,
		548	.Dq af13 ,
		549	.Dq af14 ,
		550	.Dq af22 ,
		551	.Dq af23 ,
		552	.Dq af31 ,
		553	.Dq af32 ,
		554	.Dq af33 ,
		555	.Dq af41 ,
		556	.Dq af42 ,
		557	.Dq af43 ,
		558	.Dq cs0 ,
		559	.Dq cs1 ,
		560	.Dq cs2 ,
		561	.Dq cs3 ,
		562	.Dq cs4 ,
		563	.Dq cs5 ,
		564	.Dq cs6 ,
		565	.Dq cs7 ,
		566	.Dq ef ,
		567	.Dq lowdelay ,
		568	.Dq throughput ,
		569	.Dq reliability ,
		570	or a numeric value.
		571	This option may take one or two arguments, separated by whitespace.
		572	If one argument is specified, it is used as the packet class unconditionally.
		573	If two values are specified, the first is automatically selected for
		574	interactive sessions and the second for non-interactive sessions.
		575	The default is
		576	.Dq lowdelay
		577	for interactive sessions and
		578	.Dq throughput
		579	for non-interactive sessions.
542	.It Cm KerberosAuthentication	580	.It Cm KerberosAuthentication
543	Specifies whether the password provided by the user for	581	Specifies whether the password provided by the user for
544	.Cm PasswordAuthentication	582	.Cm PasswordAuthentication
@@ -564,6 +602,17 @@ Specifies whether to automatically destroy the user's ticket cache
564	file on logout.	602	file on logout.
565	The default is	603	The default is
566	.Dq yes .	604	.Dq yes .
		605	.It Cm KexAlgorithms
		606	Specifies the available KEX (Key Exchange) algorithms.
		607	Multiple algorithms must be comma-separated.
		608	The default is
		609	.Dq ecdh-sha2-nistp256 ,
		610	.Dq ecdh-sha2-nistp384 ,
		611	.Dq ecdh-sha2-nistp521 ,
		612	.Dq diffie-hellman-group-exchange-sha256 ,
		613	.Dq diffie-hellman-group-exchange-sha1 ,
		614	.Dq diffie-hellman-group14-sha1 ,
		615	.Dq diffie-hellman-group1-sha1 .
567	.It Cm KeyRegenerationInterval	616	.It Cm KeyRegenerationInterval
568	In protocol version 1, the ephemeral server key is automatically regenerated	617	In protocol version 1, the ephemeral server key is automatically regenerated
569	after this many seconds (if it has been used).	618	after this many seconds (if it has been used).