diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 136 |
1 files changed, 103 insertions, 33 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index ce71efe3c..88be8d984 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.172 2014/02/27 22:47:07 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.173 2014/03/28 05:17:11 naddy Exp $ |
37 | .Dd $Mdocdate: February 27 2014 $ | 37 | .Dd $Mdocdate: March 28 2014 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -337,30 +337,44 @@ Specifies the ciphers allowed for protocol version 2. | |||
337 | Multiple ciphers must be comma-separated. | 337 | Multiple ciphers must be comma-separated. |
338 | The supported ciphers are: | 338 | The supported ciphers are: |
339 | .Pp | 339 | .Pp |
340 | .Dq 3des-cbc , | 340 | .Bl -item -compact -offset indent |
341 | .Dq aes128-cbc , | 341 | .It |
342 | .Dq aes192-cbc , | 342 | 3des-cbc |
343 | .Dq aes256-cbc , | 343 | .It |
344 | .Dq aes128-ctr , | 344 | aes128-cbc |
345 | .Dq aes192-ctr , | 345 | .It |
346 | .Dq aes256-ctr , | 346 | aes192-cbc |
347 | .Dq aes128-gcm@openssh.com , | 347 | .It |
348 | .Dq aes256-gcm@openssh.com , | 348 | aes256-cbc |
349 | .Dq arcfour128 , | 349 | .It |
350 | .Dq arcfour256 , | 350 | aes128-ctr |
351 | .Dq arcfour , | 351 | .It |
352 | .Dq blowfish-cbc , | 352 | aes192-ctr |
353 | .Dq cast128-cbc , | 353 | .It |
354 | and | 354 | aes256-ctr |
355 | .Dq chacha20-poly1305@openssh.com . | 355 | .It |
356 | aes128-gcm@openssh.com | ||
357 | .It | ||
358 | aes256-gcm@openssh.com | ||
359 | .It | ||
360 | arcfour | ||
361 | .It | ||
362 | arcfour128 | ||
363 | .It | ||
364 | arcfour256 | ||
365 | .It | ||
366 | blowfish-cbc | ||
367 | .It | ||
368 | cast128-cbc | ||
369 | .It | ||
370 | chacha20-poly1305@openssh.com | ||
371 | .El | ||
356 | .Pp | 372 | .Pp |
357 | The default is: | 373 | The default is: |
358 | .Bd -literal -offset 3n | 374 | .Bd -literal -offset indent |
359 | aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, | 375 | aes128-ctr,aes192-ctr,aes256-ctr, |
360 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, | 376 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, |
361 | chacha20-poly1305@openssh.com, | 377 | chacha20-poly1305@openssh.com |
362 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, | ||
363 | aes256-cbc,arcfour | ||
364 | .Ed | 378 | .Ed |
365 | .Pp | 379 | .Pp |
366 | The list of available ciphers may also be obtained using the | 380 | The list of available ciphers may also be obtained using the |
@@ -672,14 +686,33 @@ The default is | |||
672 | .It Cm KexAlgorithms | 686 | .It Cm KexAlgorithms |
673 | Specifies the available KEX (Key Exchange) algorithms. | 687 | Specifies the available KEX (Key Exchange) algorithms. |
674 | Multiple algorithms must be comma-separated. | 688 | Multiple algorithms must be comma-separated. |
675 | The default is | 689 | The supported algorithms are: |
690 | .Pp | ||
691 | .Bl -item -compact -offset indent | ||
692 | .It | ||
693 | curve25519-sha256@libssh.org | ||
694 | .It | ||
695 | diffie-hellman-group1-sha1 | ||
696 | .It | ||
697 | diffie-hellman-group14-sha1 | ||
698 | .It | ||
699 | diffie-hellman-group-exchange-sha1 | ||
700 | .It | ||
701 | diffie-hellman-group-exchange-sha256 | ||
702 | .It | ||
703 | ecdh-sha2-nistp256 | ||
704 | .It | ||
705 | ecdh-sha2-nistp384 | ||
706 | .It | ||
707 | ecdh-sha2-nistp521 | ||
708 | .El | ||
709 | .Pp | ||
710 | The default is: | ||
676 | .Bd -literal -offset indent | 711 | .Bd -literal -offset indent |
677 | curve25519-sha256@libssh.org, | 712 | curve25519-sha256@libssh.org, |
678 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, | 713 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, |
679 | diffie-hellman-group-exchange-sha256, | 714 | diffie-hellman-group-exchange-sha256, |
680 | diffie-hellman-group-exchange-sha1, | 715 | diffie-hellman-group14-sha1 |
681 | diffie-hellman-group14-sha1, | ||
682 | diffie-hellman-group1-sha1 | ||
683 | .Ed | 716 | .Ed |
684 | .It Cm KeyRegenerationInterval | 717 | .It Cm KeyRegenerationInterval |
685 | In protocol version 1, the ephemeral server key is automatically regenerated | 718 | In protocol version 1, the ephemeral server key is automatically regenerated |
@@ -751,16 +784,53 @@ The algorithms that contain | |||
751 | .Dq -etm | 784 | .Dq -etm |
752 | calculate the MAC after encryption (encrypt-then-mac). | 785 | calculate the MAC after encryption (encrypt-then-mac). |
753 | These are considered safer and their use recommended. | 786 | These are considered safer and their use recommended. |
787 | The supported MACs are: | ||
788 | .Pp | ||
789 | .Bl -item -compact -offset indent | ||
790 | .It | ||
791 | hmac-md5 | ||
792 | .It | ||
793 | hmac-md5-96 | ||
794 | .It | ||
795 | hmac-ripemd160 | ||
796 | .It | ||
797 | hmac-sha1 | ||
798 | .It | ||
799 | hmac-sha1-96 | ||
800 | .It | ||
801 | hmac-sha2-256 | ||
802 | .It | ||
803 | hmac-sha2-512 | ||
804 | .It | ||
805 | umac-64@openssh.com | ||
806 | .It | ||
807 | umac-128@openssh.com | ||
808 | .It | ||
809 | hmac-md5-etm@openssh.com | ||
810 | .It | ||
811 | hmac-md5-96-etm@openssh.com | ||
812 | .It | ||
813 | hmac-ripemd160-etm@openssh.com | ||
814 | .It | ||
815 | hmac-sha1-etm@openssh.com | ||
816 | .It | ||
817 | hmac-sha1-96-etm@openssh.com | ||
818 | .It | ||
819 | hmac-sha2-256-etm@openssh.com | ||
820 | .It | ||
821 | hmac-sha2-512-etm@openssh.com | ||
822 | .It | ||
823 | umac-64-etm@openssh.com | ||
824 | .It | ||
825 | umac-128-etm@openssh.com | ||
826 | .El | ||
827 | .Pp | ||
754 | The default is: | 828 | The default is: |
755 | .Bd -literal -offset indent | 829 | .Bd -literal -offset indent |
756 | hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, | ||
757 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | 830 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, |
758 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, | 831 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, |
759 | hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com, | 832 | umac-64@openssh.com,umac-128@openssh.com, |
760 | hmac-md5-96-etm@openssh.com, | 833 | hmac-sha2-256,hmac-sha2-512 |
761 | hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com, | ||
762 | hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, | ||
763 | hmac-sha1-96,hmac-md5-96 | ||
764 | .Ed | 834 | .Ed |
765 | .It Cm Match | 835 | .It Cm Match |
766 | Introduces a conditional block. | 836 | Introduces a conditional block. |