From d994eeedda788efc28b630e10a33548453293473 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Wed, 26 Aug 2015 09:25:17 +0000 Subject: Vendor import of OpenSSH 7.0p1 --- ssh_config.0 | 75 ++++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 58 insertions(+), 17 deletions(-) (limited to 'ssh_config.0') diff --git a/ssh_config.0 b/ssh_config.0 index b0a614b8a3a1..654807779d25 100644 --- a/ssh_config.0 +++ b/ssh_config.0 @@ -180,8 +180,12 @@ DESCRIPTION Ciphers Specifies the ciphers allowed for protocol version 2 in order of - preference. Multiple ciphers must be comma-separated. The - supported ciphers are: + preference. Multiple ciphers must be comma-separated. If the + specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified + ciphers will be appended to the default set instead of replacing + them. + + The supported ciphers are: 3des-cbc aes128-cbc @@ -435,23 +439,35 @@ DESCRIPTION HostbasedKeyTypes Specifies the key types that will be used for hostbased - authentication as a comma-separated pattern list. The default - M-bM-^@M-^\*M-bM-^@M-^] will allow all key types. The -Q option of ssh(1) may be - used to list supported key types. + authentication as a comma-separated pattern list. Alternately if + the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the + specified key types will be appended to the default set instead + of replacing them. The default for this option is: + + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + ssh-ed25519-cert-v01@openssh.com, + ssh-rsa-cert-v01@openssh.com, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + ssh-ed25519,ssh-rsa + + The -Q option of ssh(1) may be used to list supported key types. HostKeyAlgorithms Specifies the protocol version 2 host key algorithms that the - client wants to use in order of preference. The default for this - option is: + client wants to use in order of preference. Alternately if the + specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified + key types will be appended to the default set instead of + replacing them. The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, - ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, - ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com, + ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa,ssh-dss + ssh-ed25519,ssh-rsa If hostkeys are known for the destination host then this default is modified to prefer their algorithms. @@ -548,14 +564,16 @@ DESCRIPTION KexAlgorithms Specifies the available KEX (Key Exchange) algorithms. Multiple - algorithms must be comma-separated. The default is: + algorithms must be comma-separated. Alternately if the specified + value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods + will be appended to the default set instead of replacing them. + The default is: curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, - diffie-hellman-group14-sha1, - diffie-hellman-group1-sha1 + diffie-hellman-group14-sha1 The list of available key exchange algorithms may also be obtained using the -Q option of ssh(1) with an argument of M-bM-^@M-^\kexM-bM-^@M-^]. @@ -604,9 +622,15 @@ DESCRIPTION MACs Specifies the MAC (message authentication code) algorithms in order of preference. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms - must be comma-separated. The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] - calculate the MAC after encryption (encrypt-then-mac). These are - considered safer and their use recommended. The default is: + must be comma-separated. If the specified value begins with a + M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified algorithms will be appended to + the default set instead of replacing them. + + The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after + encryption (encrypt-then-mac). These are considered safer and + their use recommended. + + The default is: umac-64-etm@openssh.com,umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, @@ -696,6 +720,23 @@ DESCRIPTION back to ssh(1) instead of continuing to execute and pass data. The default is M-bM-^@M-^\noM-bM-^@M-^]. + PubkeyAcceptedKeyTypes + Specifies the key types that will be used for public key + authentication as a comma-separated pattern list. Alternately if + the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key + types after it will be appended to the default instead of + replacing it. The default for this option is: + + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + ssh-ed25519-cert-v01@openssh.com, + ssh-rsa-cert-v01@openssh.com, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + ssh-ed25519,ssh-rsa + + The -Q option of ssh(1) may be used to list supported key types. + PubkeyAuthentication Specifies whether to try public key authentication. The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. @@ -982,4 +1023,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 5.7 June 2, 2015 OpenBSD 5.7 +OpenBSD 5.8 July 30, 2015 OpenBSD 5.8 -- cgit v1.2.3