From ffe6549c2f7a999cc5264b873a60322e91862581 Mon Sep 17 00:00:00 2001 From: "naddy@openbsd.org" Date: Mon, 15 Aug 2016 12:32:04 +0000 Subject: upstream commit Catch up with the SSH1 code removal and delete all mention of protocol 1 particularities, key files and formats, command line options, and configuration keywords from the server documentation and examples. ok jmc@ Upstream-ID: 850328854675b4b6a0d4a90f0b4a9dd9ca4e905f --- sshd.8 | 108 ++++++++++++++--------------------------------------------------- 1 file changed, 23 insertions(+), 85 deletions(-) (limited to 'sshd.8') diff --git a/sshd.8 b/sshd.8 index 6c521f23e..148a8b923 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $ -.Dd $Mdocdate: February 17 2016 $ +.\" $OpenBSD: sshd.8,v 1.285 2016/08/15 12:32:04 naddy Exp $ +.Dd $Mdocdate: August 15 2016 $ .Dt SSHD 8 .Os .Sh NAME @@ -44,14 +44,12 @@ .Nm sshd .Bk -words .Op Fl 46DdeiqTt -.Op Fl b Ar bits .Op Fl C Ar connection_spec .Op Fl c Ar host_certificate_file .Op Fl E Ar log_file .Op Fl f Ar config_file .Op Fl g Ar login_grace_time .Op Fl h Ar host_key_file -.Op Fl k Ar key_gen_time .Op Fl o Ar option .Op Fl p Ar port .Op Fl u Ar len @@ -96,9 +94,6 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. -.It Fl b Ar bits -Specifies the number of bits in the ephemeral protocol version 1 -server key (default 1024). .It Fl C Ar connection_spec Specify the connection parameters to use for the .Fl T @@ -169,36 +164,18 @@ This option must be given if is not run as root (as the normal host key files are normally not readable by anyone but root). The default is -.Pa /etc/ssh/ssh_host_key -for protocol version 1, and .Pa /etc/ssh/ssh_host_dsa_key , -.Pa /etc/ssh/ssh_host_ecdsa_key . +.Pa /etc/ssh/ssh_host_ecdsa_key , .Pa /etc/ssh/ssh_host_ed25519_key and -.Pa /etc/ssh/ssh_host_rsa_key -for protocol version 2. +.Pa /etc/ssh/ssh_host_rsa_key . It is possible to have multiple host key files for -the different protocol versions and host key algorithms. +the different host key algorithms. .It Fl i Specifies that .Nm is being run from .Xr inetd 8 . -If SSH protocol 1 is enabled, -.Nm -should not normally be run -from inetd because it needs to generate the server key before it can -respond to the client, and this may take some time. -Clients may have to wait too long if the key was regenerated every time. -.It Fl k Ar key_gen_time -Specifies how often the ephemeral protocol version 1 server key is -regenerated (default 3600 seconds, or one hour). -The motivation for regenerating the key fairly -often is that the key is not stored anywhere, and after about an hour -it becomes impossible to recover the key for decrypting intercepted -communications even if the machine is cracked into or physically -seized. -A value of zero indicates that the key will never be regenerated. .It Fl o Ar option Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate @@ -257,8 +234,7 @@ may also be used to prevent from making DNS requests unless the authentication mechanism or configuration requires it. Authentication mechanisms that may require DNS include -.Cm RhostsRSAAuthentication , -.Cm HostbasedAuthentication , +.Cm HostbasedAuthentication and using a .Cm from="pattern-list" option in a key file. @@ -269,42 +245,14 @@ or .Cm DenyUsers . .El .Sh AUTHENTICATION -The OpenSSH SSH daemon supports SSH protocols 1 and 2. -The default is to use protocol 2 only, -though this can be changed via the -.Cm Protocol -option in -.Xr sshd_config 5 . -Protocol 1 should not be used -and is only offered to support legacy devices. -.Pp +The OpenSSH SSH daemon supports SSH protocol 2 only. Each host has a host-specific key, used to identify the host. -Partial forward security for protocol 1 is provided through -an additional server key, -normally 1024 bits, -generated when the server starts. -This key is normally regenerated every hour if it has been used, and -is never stored on disk. Whenever a client connects, the daemon responds with its public -host and server keys. +host key. The client compares the -RSA host key against its own database to verify that it has not changed. -The client then generates a 256-bit random number. -It encrypts this -random number using both the host key and the server key, and sends -the encrypted number to the server. -Both sides then use this -random number as a session key which is used to encrypt all further -communications in the session. -The rest of the session is encrypted -using a conventional cipher, currently Blowfish or 3DES, with 3DES -being used by default. -The client selects the encryption algorithm -to use from those offered by the server. -.Pp -For protocol 2, -forward security is provided through a Diffie-Hellman key agreement. +host key against its own database to verify that it has not changed. +Forward security is provided through a Diffie-Hellman key agreement. This key agreement results in a shared session key. The rest of the session is encrypted using a symmetric cipher, currently 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. @@ -477,32 +425,25 @@ key (empty lines and lines starting with a .Ql # are ignored as comments). -Protocol 1 public keys consist of the following space-separated fields: -options, bits, exponent, modulus, comment. -Protocol 2 public key consist of: +Public keys consist of the following space-separated fields: options, keytype, base64-encoded key, comment. -The options field is optional; -its presence is determined by whether the line starts -with a number or not (the options field never starts with a number). -The bits, exponent, modulus, and comment fields give the RSA key for -protocol version 1; the -comment field is not used for anything (but may be convenient for the -user to identify the key). -For protocol version 2 the keytype is +The options field is optional. +The keytype is .Dq ecdsa-sha2-nistp256 , .Dq ecdsa-sha2-nistp384 , .Dq ecdsa-sha2-nistp521 , .Dq ssh-ed25519 , .Dq ssh-dss or -.Dq ssh-rsa . +.Dq ssh-rsa ; +the comment field is not used for anything (but may be convenient for the +user to identify the key). .Pp -Note that lines in this file are usually several hundred bytes long +Note that lines in this file can be several hundred bytes long (because of the size of the public key encoding) up to a limit of 8 kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 kilobits. You don't want to type them in; instead, copy the -.Pa identity.pub , .Pa id_dsa.pub , .Pa id_ecdsa.pub , .Pa id_ed25519.pub , @@ -511,8 +452,7 @@ or the file and edit it. .Pp .Nm -enforces a minimum RSA key modulus size for protocol 1 -and protocol 2 keys of 768 bits. +enforces a minimum RSA key modulus size of 768 bits. .Pp The options (if present) consist of comma-separated option specifications. @@ -690,7 +630,7 @@ maintained automatically: whenever the user connects from an unknown host, its key is added to the per-user file. .Pp Each line in these files contains the following fields: markers (optional), -hostnames, bits, exponent, modulus, comment. +hostnames, keytype, base64-encoded key, comment. The fields are separated by spaces. .Pp The marker is optional, but if it is present then it must be one of @@ -731,9 +671,9 @@ character. Only one hashed hostname may appear on a single line and none of the above negation or wildcard operators may be applied. .Pp -Bits, exponent, and modulus are taken directly from the RSA host key; they +The keytype and base64-encoded key are taken directly from the host key; they can be obtained, for example, from -.Pa /etc/ssh/ssh_host_key.pub . +.Pa /etc/ssh/ssh_host_rsa_key.pub . The optional comment field continues to the end of the line, and is not used. .Pp Lines starting with @@ -772,8 +712,8 @@ Note that the lines in these files are typically hundreds of characters long, and you definitely don't want to type in the host keys by hand. Rather, generate them by a script, .Xr ssh-keyscan 1 -or by taking -.Pa /etc/ssh/ssh_host_key.pub +or by taking, for example, +.Pa /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the front. .Xr ssh-keygen 1 also offers some basic automated editing for @@ -912,7 +852,6 @@ This file is used in exactly the same way as but allows host-based authentication without permitting login with rlogin/rsh. .Pp -.It Pa /etc/ssh/ssh_host_key .It Pa /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_ed25519_key @@ -924,7 +863,6 @@ Note that .Nm does not start if these files are group/world-accessible. .Pp -.It Pa /etc/ssh/ssh_host_key.pub .It Pa /etc/ssh/ssh_host_dsa_key.pub .It Pa /etc/ssh/ssh_host_ecdsa_key.pub .It Pa /etc/ssh/ssh_host_ed25519_key.pub -- cgit v1.2.3