diff options
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 61 |
1 files changed, 55 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 596a728f80bdd..c3d6df30a60f8 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -1,4 +1,3 @@ -.\" -*- nroff -*- .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -34,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $ -.Dd $Mdocdate: June 30 2010 $ +.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $ +.Dd $Mdocdate: December 8 2010 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -470,9 +469,10 @@ used by SSH. The default is .Pa /etc/ssh/ssh_host_key for protocol version 1, and -.Pa /etc/ssh/ssh_host_rsa_key +.Pa /etc/ssh/ssh_host_dsa_key , +.Pa /etc/ssh/ssh_host_ecdsa_key and -.Pa /etc/ssh/ssh_host_dsa_key +.Pa /etc/ssh/ssh_host_rsa_key for protocol version 2. Note that .Xr sshd 8 @@ -480,7 +480,8 @@ will refuse to use a file if it is group/world-accessible. It is possible to have multiple host key files. .Dq rsa1 keys are used for version 1 and -.Dq dsa +.Dq dsa , +.Dq ecdsa or .Dq rsa are used for version 2 of the SSH protocol. @@ -511,6 +512,43 @@ or .Cm HostbasedAuthentication . The default is .Dq no . +.It Cm IPQoS +Specifies the IPv4 type-of-service or DSCP class for the connection. +Accepted values are +.Dq af11 , +.Dq af12 , +.Dq af13 , +.Dq af14 , +.Dq af22 , +.Dq af23 , +.Dq af31 , +.Dq af32 , +.Dq af33 , +.Dq af41 , +.Dq af42 , +.Dq af43 , +.Dq cs0 , +.Dq cs1 , +.Dq cs2 , +.Dq cs3 , +.Dq cs4 , +.Dq cs5 , +.Dq cs6 , +.Dq cs7 , +.Dq ef , +.Dq lowdelay , +.Dq throughput , +.Dq reliability , +or a numeric value. +This option may take one or two arguments, separated by whitespace. +If one argument is specified, it is used as the packet class unconditionally. +If two values are specified, the first is automatically selected for +interactive sessions and the second for non-interactive sessions. +The default is +.Dq lowdelay +for interactive sessions and +.Dq throughput +for non-interactive sessions. .It Cm KerberosAuthentication Specifies whether the password provided by the user for .Cm PasswordAuthentication @@ -536,6 +574,17 @@ Specifies whether to automatically destroy the user's ticket cache file on logout. The default is .Dq yes . +.It Cm KexAlgorithms +Specifies the available KEX (Key Exchange) algorithms. +Multiple algorithms must be comma-separated. +The default is +.Dq ecdh-sha2-nistp256 , +.Dq ecdh-sha2-nistp384 , +.Dq ecdh-sha2-nistp521 , +.Dq diffie-hellman-group-exchange-sha256 , +.Dq diffie-hellman-group-exchange-sha1 , +.Dq diffie-hellman-group14-sha1 , +.Dq diffie-hellman-group1-sha1 . .It Cm KeyRegenerationInterval In protocol version 1, the ephemeral server key is automatically regenerated after this many seconds (if it has been used). |