From 788ac799a6efa40517f2ac0d895a610394298ffc Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 30 Apr 2017 23:18:22 +0000 Subject: upstream commit remove SSHv1 configuration options and man pages bits ok markus@ Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424 --- ssh_config.5 | 77 ++++-------------------------------------------------------- 1 file changed, 4 insertions(+), 73 deletions(-) (limited to 'ssh_config.5') diff --git a/ssh_config.5 b/ssh_config.5 index c9dca08d8..a565f330d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.244 2017/04/28 06:15:03 jmc Exp $ -.Dd $Mdocdate: April 28 2017 $ +.\" $OpenBSD: ssh_config.5,v 1.245 2017/04/30 23:18:22 djm Exp $ +.Dd $Mdocdate: April 30 2017 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -391,25 +391,8 @@ in the process, regardless of the setting of If the option is set to .Cm no , the check will not be executed. -.It Cm Cipher -Specifies the cipher to use for encrypting the session -in protocol version 1. -Currently, -.Cm blowfish , -.Cm 3des -(the default), -and -.Cm des -are supported, -though -.Cm des -is only supported in the -.Xr ssh 1 -client for interoperability with legacy protocol 1 implementations; -its use is strongly discouraged due to cryptographic weaknesses. .It Cm Ciphers -Specifies the ciphers allowed for protocol version 2 -in order of preference. +Specifies the ciphers allowed and their order of preference. Multiple ciphers must be comma-separated. If the specified value begins with a .Sq + @@ -472,18 +455,6 @@ The argument must be or .Cm no (the default). -.It Cm CompressionLevel -Specifies the compression level to use if compression is enabled. -The argument must be an integer from 1 (fast) to 9 (slow, best). -The default level is 6, which is good for most applications. -The meaning of the values is the same as in -.Xr gzip 1 . -Note that this option applies to protocol version 1 only. -.It Cm ConnectionAttempts -Specifies the number of tries (one per second) to make before exiting. -The argument must be an integer. -This may be useful in scripts if the connection sometimes fails. -The default is 1. .It Cm ConnectTimeout Specifies the timeout (in seconds) used when connecting to the SSH server, instead of using the default system TCP timeout. @@ -902,14 +873,11 @@ section. Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication identity is read. The default is -.Pa ~/.ssh/identity -for protocol version 1, and .Pa ~/.ssh/id_dsa , .Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_ed25519 and -.Pa ~/.ssh/id_rsa -for protocol version 2. +.Pa ~/.ssh/id_rsa . Additionally, any identities represented by the authentication agent will be used for authentication unless .Cm IdentitiesOnly @@ -1192,21 +1160,6 @@ The default is: gssapi-with-mic,hostbased,publickey, keyboard-interactive,password .Ed -.It Cm Protocol -Specifies the protocol versions -.Xr ssh 1 -should support in order of preference. -The possible values are 1 and 2. -Multiple versions must be comma-separated. -When this option is set to -.Cm 2,1 -.Nm ssh -will try version 2 and fall back to version 1 -if version 2 is not available. -The default is version 2. -Protocol 1 suffers from a number of cryptographic weaknesses and should -not be used. -It is only offered to support legacy devices. .It Cm ProxyCommand Specifies the command to use to connect to the server. The command @@ -1397,28 +1350,6 @@ an OpenSSH Key Revocation List (KRL) as generated by .Xr ssh-keygen 1 . For more information on KRLs, see the KEY REVOCATION LISTS section in .Xr ssh-keygen 1 . -.It Cm RhostsRSAAuthentication -Specifies whether to try rhosts based authentication with RSA host -authentication. -The argument must be -.Cm yes -or -.Cm no -(the default). -This option applies to protocol version 1 only and requires -.Xr ssh 1 -to be setuid root. -.It Cm RSAAuthentication -Specifies whether to try RSA authentication. -The argument to this keyword must be -.Cm yes -(the default) -or -.Cm no . -RSA authentication will only be -attempted if the identity file exists, or an authentication agent is -running. -Note that this option applies to protocol version 1 only. .It Cm SendEnv Specifies what variables from the local .Xr environ 7 -- cgit v1.2.3