From 30c3d429306bb4afe71c18db92816b981f7b6d9d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 9 May 2000 11:02:59 +1000 Subject: - OpenBSD CVS update - markus@cvs.openbsd.org [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c] [ssh.h sshconnect1.c sshconnect2.c sshd.8] - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only) - hugh@cvs.openbsd.org [ssh.1] - zap typo [ssh-keygen.1] - One last nit fix. (markus approved) [sshd.8] - some markus certified spelling adjustments - markus@cvs.openbsd.org [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c] [sshconnect2.c ] - bug compat w/ ssh-2.0.13 x11, split out bugs [nchan.c] - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@ [ssh-keygen.c] - handle escapes in real and original key format, ok millert@ [version.h] - OpenSSH-2.1 --- ssh.1 | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'ssh.1') diff --git a/ssh.1 b/ssh.1 index a4738e63f..48040c439 100644 --- a/ssh.1 +++ b/ssh.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: ssh.1,v 1.24 2000/05/07 02:03:19 damien Exp $ +.\" $Id: ssh.1,v 1.25 2000/05/09 01:03:02 damien Exp $ .\" .Dd September 25, 1999 .Dt SSH 1 @@ -25,7 +25,7 @@ .Pp .Nm ssh .Op Fl afgknqtvxCPX246 -.Op Fl c Ar blowfish | 3des +.Op Fl c Ar cipher_spec .Op Fl e Ar escape_char .Op Fl i Ar identity_file .Op Fl l Ar login_name @@ -202,7 +202,7 @@ This protocol 2 implementation does not yet support Kerberos or S/Key authentication. .Pp Protocol 2 provides additional mechanisms for confidentiality -(the traffic is encrypted using 3DES, blowfish, cast128 or arcfour) +(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity (hmac-sha1, hmac-md5). Note that protocol 1 lacks a strong mechanism for ensuring the integrity of the connection. @@ -342,10 +342,15 @@ It is believed to be secure. (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. It is presumably more secure than the .Ar des -cipher which is no longer supported in ssh. +cipher which is no longer supported in +.Nm ssh . .Ar blowfish is a fast block cipher, it appears very secure and is much faster than .Ar 3des . +.It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc" +Additionally, for protocol version 2 a comma-separated list of ciphers can +be specified in order of preference. Protocol version 2 supports +3DES, Blowfish and CAST128 in CBC mode and Arcfour. .It Fl e Ar ch|^ch|none Sets the escape character for sessions with a pty (default: .Ql ~ ) . @@ -601,7 +606,7 @@ Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. The default is -.Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc . +.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . .It Cm Compression Specifies whether to use compression. The argument must be @@ -785,7 +790,7 @@ The default is This means that .Nm tries version 1 and falls back to version 2 -if version 1 is no available. +if version 1 is not available. .It Cm ProxyCommand Specifies the command to use to connect to the server. The command -- cgit v1.2.3