summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/ssh_config.0
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/ssh_config.0')
-rw-r--r--crypto/openssh/ssh_config.075
1 files changed, 58 insertions, 17 deletions
diff --git a/crypto/openssh/ssh_config.0 b/crypto/openssh/ssh_config.0
index b0a614b..6548077 100644
--- a/crypto/openssh/ssh_config.0
+++ b/crypto/openssh/ssh_config.0
@@ -180,8 +180,12 @@ DESCRIPTION
Ciphers
Specifies the ciphers allowed for protocol version 2 in order of
- preference. Multiple ciphers must be comma-separated. The
- supported ciphers are:
+ preference. Multiple ciphers must be comma-separated. If the
+ specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
+ ciphers will be appended to the default set instead of replacing
+ them.
+
+ The supported ciphers are:
3des-cbc
aes128-cbc
@@ -435,23 +439,35 @@ DESCRIPTION
HostbasedKeyTypes
Specifies the key types that will be used for hostbased
- authentication as a comma-separated pattern list. The default
- M-bM-^@M-^\*M-bM-^@M-^] will allow all key types. The -Q option of ssh(1) may be
- used to list supported key types.
+ authentication as a comma-separated pattern list. Alternately if
+ the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
+ specified key types will be appended to the default set instead
+ of replacing them. The default for this option is:
+
+ ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ ssh-ed25519-cert-v01@openssh.com,
+ ssh-rsa-cert-v01@openssh.com,
+ ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ ssh-ed25519,ssh-rsa
+
+ The -Q option of ssh(1) may be used to list supported key types.
HostKeyAlgorithms
Specifies the protocol version 2 host key algorithms that the
- client wants to use in order of preference. The default for this
- option is:
+ client wants to use in order of preference. Alternately if the
+ specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
+ key types will be appended to the default set instead of
+ replacing them. The default for this option is:
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
- ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
- ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
+ ssh-rsa-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
- ssh-ed25519,ssh-rsa,ssh-dss
+ ssh-ed25519,ssh-rsa
If hostkeys are known for the destination host then this default
is modified to prefer their algorithms.
@@ -548,14 +564,16 @@ DESCRIPTION
KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms. Multiple
- algorithms must be comma-separated. The default is:
+ algorithms must be comma-separated. Alternately if the specified
+ value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods
+ will be appended to the default set instead of replacing them.
+ The default is:
curve25519-sha256@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group-exchange-sha1,
- diffie-hellman-group14-sha1,
- diffie-hellman-group1-sha1
+ diffie-hellman-group14-sha1
The list of available key exchange algorithms may also be
obtained using the -Q option of ssh(1) with an argument of M-bM-^@M-^\kexM-bM-^@M-^].
@@ -604,9 +622,15 @@ DESCRIPTION
MACs Specifies the MAC (message authentication code) algorithms in
order of preference. The MAC algorithm is used in protocol
version 2 for data integrity protection. Multiple algorithms
- must be comma-separated. The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^]
- calculate the MAC after encryption (encrypt-then-mac). These are
- considered safer and their use recommended. The default is:
+ must be comma-separated. If the specified value begins with a
+ M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified algorithms will be appended to
+ the default set instead of replacing them.
+
+ The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after
+ encryption (encrypt-then-mac). These are considered safer and
+ their use recommended.
+
+ The default is:
umac-64-etm@openssh.com,umac-128-etm@openssh.com,
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
@@ -696,6 +720,23 @@ DESCRIPTION
back to ssh(1) instead of continuing to execute and pass data.
The default is M-bM-^@M-^\noM-bM-^@M-^].
+ PubkeyAcceptedKeyTypes
+ Specifies the key types that will be used for public key
+ authentication as a comma-separated pattern list. Alternately if
+ the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key
+ types after it will be appended to the default instead of
+ replacing it. The default for this option is:
+
+ ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ ssh-ed25519-cert-v01@openssh.com,
+ ssh-rsa-cert-v01@openssh.com,
+ ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ ssh-ed25519,ssh-rsa
+
+ The -Q option of ssh(1) may be used to list supported key types.
+
PubkeyAuthentication
Specifies whether to try public key authentication. The argument
to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^].
@@ -982,4 +1023,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 5.7 June 2, 2015 OpenBSD 5.7
+OpenBSD 5.8 July 30, 2015 OpenBSD 5.8
OpenPOWER on IntegriCloud