1 files changed, 35 insertions, 14 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index ca4cb193a..e7ac84644 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.170 2013/12/08 09:53:27 dtucker Exp $
-.Dd $Mdocdate: July 19 2013 $
+.Dd $Mdocdate: December 8 2013 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -361,7 +361,8 @@ The default is not to
 .It Cm Ciphers
 Specifies the ciphers allowed for protocol version 2.
 Multiple ciphers must be comma-separated.
-The supported ciphers are
+The supported ciphers are:
+.Pp
 .Dq 3des-cbc ,
 .Dq aes128-cbc ,
 .Dq aes192-cbc ,
@@ -375,15 +376,23 @@ The supported ciphers are
 .Dq arcfour256 ,
 .Dq arcfour ,
 .Dq blowfish-cbc ,
+.Dq cast128-cbc ,
 and
-.Dq cast128-cbc .
+.Dq chacha20-poly1305@openssh.com .
+.Pp
 The default is:
 .Bd -literal -offset 3n
 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
 aes128-gcm@openssh.com,aes256-gcm@openssh.com,
+chacha20-poly1305@openssh.com,
 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
 aes256-cbc,arcfour
 .Ed
+.Pp
+The list of available ciphers may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1 .
 .It Cm ClientAliveCountMax
 Sets the number of client alive messages (see below) which may be
 sent without
@@ -590,7 +599,8 @@ The default is
 .Pa /etc/ssh/ssh_host_key
 for protocol version 1, and
 .Pa /etc/ssh/ssh_host_dsa_key ,
-.Pa /etc/ssh/ssh_host_ecdsa_key
+.Pa /etc/ssh/ssh_host_ecdsa_key ,
+.Pa /etc/ssh/ssh_host_ed25519_key
 and
 .Pa /etc/ssh/ssh_host_rsa_key
 for protocol version 2.
@@ -601,7 +611,8 @@ It is possible to have multiple host key files.
 .Dq rsa1
 keys are used for version 1 and
 .Dq dsa ,
-.Dq ecdsa
+.Dq ecdsa ,
+.Dq ed25519
 or
 .Dq rsa
 are used for version 2 of the SSH protocol.
@@ -710,13 +721,14 @@ The default is
 Specifies the available KEX (Key Exchange) algorithms.
 Multiple algorithms must be comma-separated.
 The default is
-.Dq ecdh-sha2-nistp256 ,
+.Bd -literal -offset indent
-.Dq ecdh-sha2-nistp384 ,
+curve25519-sha256@libssh.org,
-.Dq ecdh-sha2-nistp521 ,
+ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
-.Dq diffie-hellman-group-exchange-sha256 ,
+diffie-hellman-group-exchange-sha256,
-.Dq diffie-hellman-group-exchange-sha1 ,
+diffie-hellman-group-exchange-sha1,
-.Dq diffie-hellman-group14-sha1 ,
+diffie-hellman-group14-sha1,
-.Dq diffie-hellman-group1-sha1 .
+diffie-hellman-group1-sha1
+.Ed
 .It Cm KeyRegenerationInterval
 In protocol version 1, the ephemeral server key is automatically regenerated
 after this many seconds (if it has been used).
@@ -809,7 +821,9 @@ line or the end of the file.
 .Pp
 The arguments to
 .Cm Match
-are one or more criteria-pattern pairs.
+are one or more criteria-pattern pairs or the single token
+.Cm All
+which matches all criteria.
 The available criteria are
 .Cm User ,
 .Cm Group ,
@@ -870,6 +884,7 @@ Available keywords are
 .Cm PermitEmptyPasswords ,
 .Cm PermitOpen ,
 .Cm PermitRootLogin ,
+.Cm PermitTTY ,
 .Cm PermitTunnel ,
 .Cm PubkeyAuthentication ,
 .Cm RekeyLimit ,
@@ -999,6 +1014,12 @@ and
 .Dq ethernet .
 The default is
 .Dq no .
+.It Cm PermitTTY
+Specifies whether
+.Xr pty 4
+allocation is permitted.
+The default is
+.Dq yes .
 .It Cm PermitUserEnvironment
 Specifies whether
 .Pa ~/.ssh/environment

diff --git a/sshd_config.5 b/sshd_config.5 index ca4cb193a..e7ac84644 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.170 2013/12/08 09:53:27 dtucker Exp $
37	.Dd $Mdocdate: July 19 2013 $	37	.Dd $Mdocdate: December 8 2013 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -361,7 +361,8 @@ The default is not to
361	.It Cm Ciphers	361	.It Cm Ciphers
362	Specifies the ciphers allowed for protocol version 2.	362	Specifies the ciphers allowed for protocol version 2.
363	Multiple ciphers must be comma-separated.	363	Multiple ciphers must be comma-separated.
364	The supported ciphers are	364	The supported ciphers are:
		365	.Pp
365	.Dq 3des-cbc ,	366	.Dq 3des-cbc ,
366	.Dq aes128-cbc ,	367	.Dq aes128-cbc ,
367	.Dq aes192-cbc ,	368	.Dq aes192-cbc ,
@@ -375,15 +376,23 @@ The supported ciphers are
375	.Dq arcfour256 ,	376	.Dq arcfour256 ,
376	.Dq arcfour ,	377	.Dq arcfour ,
377	.Dq blowfish-cbc ,	378	.Dq blowfish-cbc ,
		379	.Dq cast128-cbc ,
378	and	380	and
379	.Dq cast128-cbc .	381	.Dq chacha20-poly1305@openssh.com .
		382	.Pp
380	The default is:	383	The default is:
381	.Bd -literal -offset 3n	384	.Bd -literal -offset 3n
382	aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,	385	aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
383	aes128-gcm@openssh.com,aes256-gcm@openssh.com,	386	aes128-gcm@openssh.com,aes256-gcm@openssh.com,
		387	chacha20-poly1305@openssh.com,
384	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,	388	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
385	aes256-cbc,arcfour	389	aes256-cbc,arcfour
386	.Ed	390	.Ed
		391	.Pp
		392	The list of available ciphers may also be obtained using the
		393	.Fl Q
		394	option of
		395	.Xr ssh 1 .
387	.It Cm ClientAliveCountMax	396	.It Cm ClientAliveCountMax
388	Sets the number of client alive messages (see below) which may be	397	Sets the number of client alive messages (see below) which may be
389	sent without	398	sent without
@@ -590,7 +599,8 @@ The default is
590	.Pa /etc/ssh/ssh_host_key	599	.Pa /etc/ssh/ssh_host_key
591	for protocol version 1, and	600	for protocol version 1, and
592	.Pa /etc/ssh/ssh_host_dsa_key ,	601	.Pa /etc/ssh/ssh_host_dsa_key ,
593	.Pa /etc/ssh/ssh_host_ecdsa_key	602	.Pa /etc/ssh/ssh_host_ecdsa_key ,
		603	.Pa /etc/ssh/ssh_host_ed25519_key
594	and	604	and
595	.Pa /etc/ssh/ssh_host_rsa_key	605	.Pa /etc/ssh/ssh_host_rsa_key
596	for protocol version 2.	606	for protocol version 2.
@@ -601,7 +611,8 @@ It is possible to have multiple host key files.
601	.Dq rsa1	611	.Dq rsa1
602	keys are used for version 1 and	612	keys are used for version 1 and
603	.Dq dsa ,	613	.Dq dsa ,
604	.Dq ecdsa	614	.Dq ecdsa ,
		615	.Dq ed25519
605	or	616	or
606	.Dq rsa	617	.Dq rsa
607	are used for version 2 of the SSH protocol.	618	are used for version 2 of the SSH protocol.
@@ -710,13 +721,14 @@ The default is
710	Specifies the available KEX (Key Exchange) algorithms.	721	Specifies the available KEX (Key Exchange) algorithms.
711	Multiple algorithms must be comma-separated.	722	Multiple algorithms must be comma-separated.
712	The default is	723	The default is
713	.Dq ecdh-sha2-nistp256 ,	724	.Bd -literal -offset indent
714	.Dq ecdh-sha2-nistp384 ,	725	curve25519-sha256@libssh.org,
715	.Dq ecdh-sha2-nistp521 ,	726	ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
716	.Dq diffie-hellman-group-exchange-sha256 ,	727	diffie-hellman-group-exchange-sha256,
717	.Dq diffie-hellman-group-exchange-sha1 ,	728	diffie-hellman-group-exchange-sha1,
718	.Dq diffie-hellman-group14-sha1 ,	729	diffie-hellman-group14-sha1,
719	.Dq diffie-hellman-group1-sha1 .	730	diffie-hellman-group1-sha1
		731	.Ed
720	.It Cm KeyRegenerationInterval	732	.It Cm KeyRegenerationInterval
721	In protocol version 1, the ephemeral server key is automatically regenerated	733	In protocol version 1, the ephemeral server key is automatically regenerated
722	after this many seconds (if it has been used).	734	after this many seconds (if it has been used).
@@ -809,7 +821,9 @@ line or the end of the file.
809	.Pp	821	.Pp
810	The arguments to	822	The arguments to
811	.Cm Match	823	.Cm Match
812	are one or more criteria-pattern pairs.	824	are one or more criteria-pattern pairs or the single token
		825	.Cm All
		826	which matches all criteria.
813	The available criteria are	827	The available criteria are
814	.Cm User ,	828	.Cm User ,
815	.Cm Group ,	829	.Cm Group ,
@@ -870,6 +884,7 @@ Available keywords are
870	.Cm PermitEmptyPasswords ,	884	.Cm PermitEmptyPasswords ,
871	.Cm PermitOpen ,	885	.Cm PermitOpen ,
872	.Cm PermitRootLogin ,	886	.Cm PermitRootLogin ,
		887	.Cm PermitTTY ,
873	.Cm PermitTunnel ,	888	.Cm PermitTunnel ,
874	.Cm PubkeyAuthentication ,	889	.Cm PubkeyAuthentication ,
875	.Cm RekeyLimit ,	890	.Cm RekeyLimit ,
@@ -999,6 +1014,12 @@ and
999	.Dq ethernet .	1014	.Dq ethernet .
1000	The default is	1015	The default is
1001	.Dq no .	1016	.Dq no .
		1017	.It Cm PermitTTY
		1018	Specifies whether
		1019	.Xr pty 4
		1020	allocation is permitted.
		1021	The default is
		1022	.Dq yes .
1002	.It Cm PermitUserEnvironment	1023	.It Cm PermitUserEnvironment
1003	Specifies whether	1024	Specifies whether
1004	.Pa ~/.ssh/environment	1025	.Pa ~/.ssh/environment