diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 49 |
1 files changed, 35 insertions, 14 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index ca4cb193a..e7ac84644 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.170 2013/12/08 09:53:27 dtucker Exp $ |
37 | .Dd $Mdocdate: July 19 2013 $ | 37 | .Dd $Mdocdate: December 8 2013 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -361,7 +361,8 @@ The default is not to | |||
361 | .It Cm Ciphers | 361 | .It Cm Ciphers |
362 | Specifies the ciphers allowed for protocol version 2. | 362 | Specifies the ciphers allowed for protocol version 2. |
363 | Multiple ciphers must be comma-separated. | 363 | Multiple ciphers must be comma-separated. |
364 | The supported ciphers are | 364 | The supported ciphers are: |
365 | .Pp | ||
365 | .Dq 3des-cbc , | 366 | .Dq 3des-cbc , |
366 | .Dq aes128-cbc , | 367 | .Dq aes128-cbc , |
367 | .Dq aes192-cbc , | 368 | .Dq aes192-cbc , |
@@ -375,15 +376,23 @@ The supported ciphers are | |||
375 | .Dq arcfour256 , | 376 | .Dq arcfour256 , |
376 | .Dq arcfour , | 377 | .Dq arcfour , |
377 | .Dq blowfish-cbc , | 378 | .Dq blowfish-cbc , |
379 | .Dq cast128-cbc , | ||
378 | and | 380 | and |
379 | .Dq cast128-cbc . | 381 | .Dq chacha20-poly1305@openssh.com . |
382 | .Pp | ||
380 | The default is: | 383 | The default is: |
381 | .Bd -literal -offset 3n | 384 | .Bd -literal -offset 3n |
382 | aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, | 385 | aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, |
383 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, | 386 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, |
387 | chacha20-poly1305@openssh.com, | ||
384 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, | 388 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, |
385 | aes256-cbc,arcfour | 389 | aes256-cbc,arcfour |
386 | .Ed | 390 | .Ed |
391 | .Pp | ||
392 | The list of available ciphers may also be obtained using the | ||
393 | .Fl Q | ||
394 | option of | ||
395 | .Xr ssh 1 . | ||
387 | .It Cm ClientAliveCountMax | 396 | .It Cm ClientAliveCountMax |
388 | Sets the number of client alive messages (see below) which may be | 397 | Sets the number of client alive messages (see below) which may be |
389 | sent without | 398 | sent without |
@@ -590,7 +599,8 @@ The default is | |||
590 | .Pa /etc/ssh/ssh_host_key | 599 | .Pa /etc/ssh/ssh_host_key |
591 | for protocol version 1, and | 600 | for protocol version 1, and |
592 | .Pa /etc/ssh/ssh_host_dsa_key , | 601 | .Pa /etc/ssh/ssh_host_dsa_key , |
593 | .Pa /etc/ssh/ssh_host_ecdsa_key | 602 | .Pa /etc/ssh/ssh_host_ecdsa_key , |
603 | .Pa /etc/ssh/ssh_host_ed25519_key | ||
594 | and | 604 | and |
595 | .Pa /etc/ssh/ssh_host_rsa_key | 605 | .Pa /etc/ssh/ssh_host_rsa_key |
596 | for protocol version 2. | 606 | for protocol version 2. |
@@ -601,7 +611,8 @@ It is possible to have multiple host key files. | |||
601 | .Dq rsa1 | 611 | .Dq rsa1 |
602 | keys are used for version 1 and | 612 | keys are used for version 1 and |
603 | .Dq dsa , | 613 | .Dq dsa , |
604 | .Dq ecdsa | 614 | .Dq ecdsa , |
615 | .Dq ed25519 | ||
605 | or | 616 | or |
606 | .Dq rsa | 617 | .Dq rsa |
607 | are used for version 2 of the SSH protocol. | 618 | are used for version 2 of the SSH protocol. |
@@ -710,13 +721,14 @@ The default is | |||
710 | Specifies the available KEX (Key Exchange) algorithms. | 721 | Specifies the available KEX (Key Exchange) algorithms. |
711 | Multiple algorithms must be comma-separated. | 722 | Multiple algorithms must be comma-separated. |
712 | The default is | 723 | The default is |
713 | .Dq ecdh-sha2-nistp256 , | 724 | .Bd -literal -offset indent |
714 | .Dq ecdh-sha2-nistp384 , | 725 | curve25519-sha256@libssh.org, |
715 | .Dq ecdh-sha2-nistp521 , | 726 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, |
716 | .Dq diffie-hellman-group-exchange-sha256 , | 727 | diffie-hellman-group-exchange-sha256, |
717 | .Dq diffie-hellman-group-exchange-sha1 , | 728 | diffie-hellman-group-exchange-sha1, |
718 | .Dq diffie-hellman-group14-sha1 , | 729 | diffie-hellman-group14-sha1, |
719 | .Dq diffie-hellman-group1-sha1 . | 730 | diffie-hellman-group1-sha1 |
731 | .Ed | ||
720 | .It Cm KeyRegenerationInterval | 732 | .It Cm KeyRegenerationInterval |
721 | In protocol version 1, the ephemeral server key is automatically regenerated | 733 | In protocol version 1, the ephemeral server key is automatically regenerated |
722 | after this many seconds (if it has been used). | 734 | after this many seconds (if it has been used). |
@@ -809,7 +821,9 @@ line or the end of the file. | |||
809 | .Pp | 821 | .Pp |
810 | The arguments to | 822 | The arguments to |
811 | .Cm Match | 823 | .Cm Match |
812 | are one or more criteria-pattern pairs. | 824 | are one or more criteria-pattern pairs or the single token |
825 | .Cm All | ||
826 | which matches all criteria. | ||
813 | The available criteria are | 827 | The available criteria are |
814 | .Cm User , | 828 | .Cm User , |
815 | .Cm Group , | 829 | .Cm Group , |
@@ -870,6 +884,7 @@ Available keywords are | |||
870 | .Cm PermitEmptyPasswords , | 884 | .Cm PermitEmptyPasswords , |
871 | .Cm PermitOpen , | 885 | .Cm PermitOpen , |
872 | .Cm PermitRootLogin , | 886 | .Cm PermitRootLogin , |
887 | .Cm PermitTTY , | ||
873 | .Cm PermitTunnel , | 888 | .Cm PermitTunnel , |
874 | .Cm PubkeyAuthentication , | 889 | .Cm PubkeyAuthentication , |
875 | .Cm RekeyLimit , | 890 | .Cm RekeyLimit , |
@@ -999,6 +1014,12 @@ and | |||
999 | .Dq ethernet . | 1014 | .Dq ethernet . |
1000 | The default is | 1015 | The default is |
1001 | .Dq no . | 1016 | .Dq no . |
1017 | .It Cm PermitTTY | ||
1018 | Specifies whether | ||
1019 | .Xr pty 4 | ||
1020 | allocation is permitted. | ||
1021 | The default is | ||
1022 | .Dq yes . | ||
1002 | .It Cm PermitUserEnvironment | 1023 | .It Cm PermitUserEnvironment |
1003 | Specifies whether | 1024 | Specifies whether |
1004 | .Pa ~/.ssh/environment | 1025 | .Pa ~/.ssh/environment |