1 files changed, 26 insertions, 19 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index ac6ccc793..251b7467f 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,15 +33,13 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.253 2017/09/27 06:45:53 jmc Exp $
-.Dd $Mdocdate: March 14 2017 $
+.Dd $Mdocdate: September 27 2017 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
 .Nm sshd_config
 .Nd OpenSSH SSH daemon configuration file
-.Sh SYNOPSIS
-.Nm /etc/ssh/sshd_config
 .Sh DESCRIPTION
 .Xr sshd 8
 reads configuration data from
@@ -225,6 +223,18 @@ requires successful authentication using two different public keys.
 .Pp
 Note that each authentication method listed should also be explicitly enabled
 in the configuration.
+.Pp
+The available authentication methods are:
+.Qq gssapi-with-mic ,
+.Qq hostbased ,
+.Qq keyboard-interactive ,
+.Qq none
+(used for access to password-less accounts when
+.Cm PermitEmptyPassword
+is enabled),
+.Qq password
+and
+.Qq publickey .
 .It Cm AuthorizedKeysCommand
 Specifies a program to be used to look up the user's public keys.
 The program must be owned by root, not writable by group or others and
@@ -464,16 +474,6 @@ aes128-gcm@openssh.com
 .It
 aes256-gcm@openssh.com
 .It
-arcfour
-.It
-arcfour128
-.It
-arcfour256
-.It
-blowfish-cbc
-.It
-cast128-cbc
-.It
 chacha20-poly1305@openssh.com
 .El
 .Pp
@@ -574,6 +574,14 @@ Disables all forwarding features, including X11,
 TCP and StreamLocal.
 This option overrides all other forwarding-related options and may
 simplify restricted configurations.
+.It Cm ExposeAuthInfo
+Writes a temporary file containing a list of authentication methods and
+public credentials (e.g. keys) used to authenticate the user.
+The location of the file is exposed to the user session through the
+.Ev SSH_USER_AUTH
+environment variable.
+The default is
+.Cm no .
 .It Cm FingerprintHash
 Specifies the hash algorithm used when logging key fingerprints.
 Valid options are:
@@ -798,7 +806,9 @@ Accepted values are
 .Cm lowdelay ,
 .Cm throughput ,
 .Cm reliability ,
-or a numeric value.
+a numeric value, or
+.Cm none
+to use the operating system default.
 This option may take one or two arguments, separated by whitespace.
 If one argument is specified, it is used as the packet class unconditionally.
 If two values are specified, the first is automatically selected for
@@ -962,8 +972,6 @@ hmac-md5
 .It
 hmac-md5-96
 .It
-hmac-ripemd160
-.It
 hmac-sha1
 .It
 hmac-sha1-96
@@ -980,8 +988,6 @@ hmac-md5-etm@openssh.com
 .It
 hmac-md5-96-etm@openssh.com
 .It
-hmac-ripemd160-etm@openssh.com
-.It
 hmac-sha1-etm@openssh.com
 .It
 hmac-sha1-96-etm@openssh.com
@@ -1080,6 +1086,7 @@ Available keywords are
 .Cm IPQoS ,
 .Cm KbdInteractiveAuthentication ,
 .Cm KerberosAuthentication ,
+.Cm LogLevel ,
 .Cm MaxAuthTries ,
 .Cm MaxSessions ,
 .Cm PasswordAuthentication ,

diff --git a/sshd_config.5 b/sshd_config.5 index ac6ccc793..251b7467f 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,15 +33,13 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.253 2017/09/27 06:45:53 jmc Exp $
37	.Dd $Mdocdate: March 14 2017 $	37	.Dd $Mdocdate: September 27 2017 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
41	.Nm sshd_config	41	.Nm sshd_config
42	.Nd OpenSSH SSH daemon configuration file	42	.Nd OpenSSH SSH daemon configuration file
43	.Sh SYNOPSIS
44	.Nm /etc/ssh/sshd_config
45	.Sh DESCRIPTION	43	.Sh DESCRIPTION
46	.Xr sshd 8	44	.Xr sshd 8
47	reads configuration data from	45	reads configuration data from
@@ -225,6 +223,18 @@ requires successful authentication using two different public keys.
225	.Pp	223	.Pp
226	Note that each authentication method listed should also be explicitly enabled	224	Note that each authentication method listed should also be explicitly enabled
227	in the configuration.	225	in the configuration.
		226	.Pp
		227	The available authentication methods are:
		228	.Qq gssapi-with-mic ,
		229	.Qq hostbased ,
		230	.Qq keyboard-interactive ,
		231	.Qq none
		232	(used for access to password-less accounts when
		233	.Cm PermitEmptyPassword
		234	is enabled),
		235	.Qq password
		236	and
		237	.Qq publickey .
228	.It Cm AuthorizedKeysCommand	238	.It Cm AuthorizedKeysCommand
229	Specifies a program to be used to look up the user's public keys.	239	Specifies a program to be used to look up the user's public keys.
230	The program must be owned by root, not writable by group or others and	240	The program must be owned by root, not writable by group or others and
@@ -464,16 +474,6 @@ aes128-gcm@openssh.com
464	.It	474	.It
465	aes256-gcm@openssh.com	475	aes256-gcm@openssh.com
466	.It	476	.It
467	arcfour
468	.It
469	arcfour128
470	.It
471	arcfour256
472	.It
473	blowfish-cbc
474	.It
475	cast128-cbc
476	.It
477	chacha20-poly1305@openssh.com	477	chacha20-poly1305@openssh.com
478	.El	478	.El
479	.Pp	479	.Pp
@@ -574,6 +574,14 @@ Disables all forwarding features, including X11,
574	TCP and StreamLocal.	574	TCP and StreamLocal.
575	This option overrides all other forwarding-related options and may	575	This option overrides all other forwarding-related options and may
576	simplify restricted configurations.	576	simplify restricted configurations.
		577	.It Cm ExposeAuthInfo
		578	Writes a temporary file containing a list of authentication methods and
		579	public credentials (e.g. keys) used to authenticate the user.
		580	The location of the file is exposed to the user session through the
		581	.Ev SSH_USER_AUTH
		582	environment variable.
		583	The default is
		584	.Cm no .
577	.It Cm FingerprintHash	585	.It Cm FingerprintHash
578	Specifies the hash algorithm used when logging key fingerprints.	586	Specifies the hash algorithm used when logging key fingerprints.
579	Valid options are:	587	Valid options are:
@@ -798,7 +806,9 @@ Accepted values are
798	.Cm lowdelay ,	806	.Cm lowdelay ,
799	.Cm throughput ,	807	.Cm throughput ,
800	.Cm reliability ,	808	.Cm reliability ,
801	or a numeric value.	809	a numeric value, or
		810	.Cm none
		811	to use the operating system default.
802	This option may take one or two arguments, separated by whitespace.	812	This option may take one or two arguments, separated by whitespace.
803	If one argument is specified, it is used as the packet class unconditionally.	813	If one argument is specified, it is used as the packet class unconditionally.
804	If two values are specified, the first is automatically selected for	814	If two values are specified, the first is automatically selected for
@@ -962,8 +972,6 @@ hmac-md5
962	.It	972	.It
963	hmac-md5-96	973	hmac-md5-96
964	.It	974	.It
965	hmac-ripemd160
966	.It
967	hmac-sha1	975	hmac-sha1
968	.It	976	.It
969	hmac-sha1-96	977	hmac-sha1-96
@@ -980,8 +988,6 @@ hmac-md5-etm@openssh.com
980	.It	988	.It
981	hmac-md5-96-etm@openssh.com	989	hmac-md5-96-etm@openssh.com
982	.It	990	.It
983	hmac-ripemd160-etm@openssh.com
984	.It
985	hmac-sha1-etm@openssh.com	991	hmac-sha1-etm@openssh.com
986	.It	992	.It
987	hmac-sha1-96-etm@openssh.com	993	hmac-sha1-96-etm@openssh.com
@@ -1080,6 +1086,7 @@ Available keywords are
1080	.Cm IPQoS ,	1086	.Cm IPQoS ,
1081	.Cm KbdInteractiveAuthentication ,	1087	.Cm KbdInteractiveAuthentication ,
1082	.Cm KerberosAuthentication ,	1088	.Cm KerberosAuthentication ,
		1089	.Cm LogLevel ,
1083	.Cm MaxAuthTries ,	1090	.Cm MaxAuthTries ,
1084	.Cm MaxSessions ,	1091	.Cm MaxSessions ,
1085	.Cm PasswordAuthentication ,	1092	.Cm PasswordAuthentication ,