diff options
author | des <des@FreeBSD.org> | 2014-01-31 13:12:02 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2014-01-31 13:12:02 +0000 |
commit | 7573e91b127f1c198210fd345d3ca198b598cfc6 (patch) | |
tree | d32fb61cec38c52314210c3459fd436685dacdba /crypto/openssh/sshd.0 | |
parent | c692973c992c321bb10e631f572fab1500ae5b0e (diff) | |
parent | 45d0197dd79eceffb5bbc29f75199eb09af5a5f9 (diff) | |
download | FreeBSD-src-7573e91b127f1c198210fd345d3ca198b598cfc6.zip FreeBSD-src-7573e91b127f1c198210fd345d3ca198b598cfc6.tar.gz |
Upgrade to OpenSSH 6.5p1.
Diffstat (limited to 'crypto/openssh/sshd.0')
-rw-r--r-- | crypto/openssh/sshd.0 | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/crypto/openssh/sshd.0 b/crypto/openssh/sshd.0 index c48b987..154009c 100644 --- a/crypto/openssh/sshd.0 +++ b/crypto/openssh/sshd.0 @@ -82,10 +82,11 @@ DESCRIPTION be given if sshd is not run as root (as the normal host key files are normally not readable by anyone but root). The default is /etc/ssh/ssh_host_key for protocol version 1, and - /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and - /etc/ssh/ssh_host_rsa_key for protocol version 2. It is possible - to have multiple host key files for the different protocol - versions and host key algorithms. + /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key. + /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for + protocol version 2. It is possible to have multiple host key + files for the different protocol versions and host key + algorithms. -i Specifies that sshd is being run from inetd(8). sshd is normally not run from inetd because it needs to generate the server key @@ -147,9 +148,9 @@ DESCRIPTION AUTHENTICATION The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to use protocol 2 only, though this can be changed via the Protocol option - in sshd_config(5). Protocol 2 supports DSA, ECDSA and RSA keys; protocol - 1 only supports RSA keys. For both protocols, each host has a host- - specific key, normally 2048 bits, used to identify the host. + in sshd_config(5). Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys; + protocol 1 only supports RSA keys. For both protocols, each host has a + host-specific key, normally 2048 bits, used to identify the host. Forward security for protocol 1 is provided through an additional server key, normally 768 bits, generated when the server starts. This key is @@ -278,15 +279,15 @@ AUTHORIZED_KEYS FILE FORMAT give the RSA key for protocol version 1; the comment field is not used for anything (but may be convenient for the user to identify the key). For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'', - ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-dss'' or - ``ssh-rsa''. + ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-ed25519'', + ``ssh-dss'' or ``ssh-rsa''. Note that lines in this file are usually several hundred bytes long (because of the size of the public key encoding) up to a limit of 8 kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 kilobits. You don't want to type them in; instead, copy the - identity.pub, id_dsa.pub, id_ecdsa.pub, or the id_rsa.pub file and edit - it. + identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub + file and edit it. sshd enforces a minimum RSA key modulus size for protocol 1 and protocol 2 keys of 768 bits. @@ -512,11 +513,11 @@ FILES for the user, and not accessible by others. ~/.ssh/authorized_keys - Lists the public keys (DSA/ECDSA/RSA) that can be used for - logging in as this user. The format of this file is described - above. The content of the file is not highly sensitive, but the - recommended permissions are read/write for the user, and not - accessible by others. + Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used + for logging in as this user. The format of this file is + described above. The content of the file is not highly + sensitive, but the recommended permissions are read/write for the + user, and not accessible by others. If this file, the ~/.ssh directory, or the user's home directory are writable by other users, then the file could be modified or @@ -574,6 +575,7 @@ FILES /etc/ssh/ssh_host_key /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_ecdsa_key + /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and @@ -583,6 +585,7 @@ FILES /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub + /etc/ssh/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_rsa_key.pub These files contain the public parts of the host keys. These files should be world-readable but writable only by root. Their @@ -637,4 +640,4 @@ CAVEATS System security is not improved unless rshd, rlogind, and rexecd are disabled (thus completely disabling rlogin and rsh into the machine). -OpenBSD 5.4 June 27, 2013 OpenBSD 5.4 +OpenBSD 5.4 December 7, 2013 OpenBSD 5.4 |