tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- dtucker@cvs.openbsd.org 2004/06/13 14:01:42 

[ssh.1 ssh_config.5 sshd_config.5]
     List supported ciphers in man pages, tidy up ssh -c;
     "looks fine" jmc@, ok markus@
This commit is contained in:
Damien Miller 2004-06-15 10:30:39 +10:00
parent f675fc4948
commit 05202ffe21
4 changed files with 68 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -20,6 +20,10 @@
[ssh-keyscan.c sshconnect2.c sshd.c] [ssh-keyscan.c sshconnect2.c sshd.c]
implement diffie-hellman-group14-sha1 kex method (trivial extension to implement diffie-hellman-group14-sha1 kex method (trivial extension to
existing diffie-hellman-group1-sha1); ok markus@ existing diffie-hellman-group1-sha1); ok markus@
- dtucker@cvs.openbsd.org 2004/06/13 14:01:42
[ssh.1 ssh_config.5 sshd_config.5]
List supported ciphers in man pages, tidy up ssh -c;
"looks fine" jmc@, ok markus@
20040603 20040603
- (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions. - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions.
@ -1204,4 +1208,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3380 2004/06/15 00:30:09 djm Exp $ $Id: ChangeLog,v 1.3381 2004/06/15 00:30:39 djm Exp $

51
ssh.1
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh.1,v 1.188 2004/05/22 16:01:05 jmc Exp $ .\" $OpenBSD: ssh.1,v 1.189 2004/06/13 14:01:42 dtucker Exp $
.Dd September 25, 1999 .Dd September 25, 1999
.Dt SSH 1 .Dt SSH 1
.Os .Os
@ -241,8 +241,8 @@ Additionally,
supports hostbased or challenge response authentication. supports hostbased or challenge response authentication.
.Pp .Pp
Protocol 2 provides additional mechanisms for confidentiality Protocol 2 provides additional mechanisms for confidentiality
(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) (the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour)
and integrity (hmac-md5, hmac-sha1). and integrity (hmac-md5, hmac-sha1, hmac-ripemd160).
Note that protocol 1 lacks a strong mechanism for ensuring the Note that protocol 1 lacks a strong mechanism for ensuring the
integrity of the connection. integrity of the connection.
.Ss Login session and remote execution .Ss Login session and remote execution
@ -449,13 +449,18 @@ The default value can be set on a host-by-host basis in the
configuration files; see the configuration files; see the
.Cm Compression .Cm Compression
option. option.
.It Fl c Ar blowfish | 3des | des .It Fl c Ar cipher_spec
Selects the cipher to use for encrypting the session. Selects the cipher specification for encrypting the session.
.Ar 3des .Pp
is used by default. Protocol version 1 allows specification of a single cipher.
It is believed to be secure. The suported values are
.Dq 3des ,
.Dq blowfish
and
.Dq des .
.Ar 3des .Ar 3des
(triple-des) is an encrypt-decrypt-encrypt triple with three different keys. (triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
It is believed to be secure.
.Ar blowfish .Ar blowfish
is a fast block cipher; it appears very secure and is much faster than is a fast block cipher; it appears very secure and is much faster than
.Ar 3des . .Ar 3des .
@ -467,12 +472,30 @@ that do not support the
.Ar 3des .Ar 3des
cipher. cipher.
Its use is strongly discouraged due to cryptographic weaknesses. Its use is strongly discouraged due to cryptographic weaknesses.
.It Fl c Ar cipher_spec The default is
Additionally, for protocol version 2 a comma-separated list of ciphers can .Dq 3des .
be specified in order of preference. .Pp
See For protocol version 2
.Cm Ciphers .Ar cipher_spec
for more information. is a comma-separated list of ciphers
listed in order of preference.
The supported ciphers are
.Dq 3des-cbc ,
.Dq aes128-cbc ,
.Dq aes192-cbc ,
.Dq aes256-cbc ,
.Dq aes128-ctr ,
.Dq aes192-ctr ,
.Dq aes256-ctr ,
.Dq arcfour ,
.Dq blowfish-cbc ,
and
.Dq cast128-cbc .
The default is
.Bd -literal
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc''
.Ed
.It Fl D Ar port .It Fl D Ar port
Specifies a local Specifies a local
.Dq dynamic .Dq dynamic

14
ssh_config.5
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh_config.5,v 1.34 2004/05/06 11:24:23 jmc Exp $ .\" $OpenBSD: ssh_config.5,v 1.35 2004/06/13 14:01:42 dtucker Exp $
.Dd September 25, 1999 .Dd September 25, 1999
.Dt SSH_CONFIG 5 .Dt SSH_CONFIG 5
.Os .Os
@ -185,6 +185,18 @@ The default is
Specifies the ciphers allowed for protocol version 2 Specifies the ciphers allowed for protocol version 2
in order of preference. in order of preference.
Multiple ciphers must be comma-separated. Multiple ciphers must be comma-separated.
The supported ciphers are
.Dq 3des-cbc ,
.Dq aes128-cbc ,
.Dq aes192-cbc ,
.Dq aes256-cbc ,
.Dq aes128-ctr ,
.Dq aes192-ctr ,
.Dq aes256-ctr ,
.Dq arcfour ,
.Dq blowfish-cbc ,
and
.Dq cast128-cbc .
The default is The default is
.Bd -literal .Bd -literal
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,

14
sshd_config.5
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.33 2004/05/23 23:59:53 dtucker Exp $ .\" $OpenBSD: sshd_config.5,v 1.34 2004/06/13 14:01:42 dtucker Exp $
.Dd September 25, 1999 .Dd September 25, 1999
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
@ -149,6 +149,18 @@ The default is
.It Cm Ciphers .It Cm Ciphers
Specifies the ciphers allowed for protocol version 2. Specifies the ciphers allowed for protocol version 2.
Multiple ciphers must be comma-separated. Multiple ciphers must be comma-separated.
The supported ciphers are
.Dq 3des-cbc ,
.Dq aes128-cbc ,
.Dq aes192-cbc ,
.Dq aes256-cbc ,
.Dq aes128-ctr ,
.Dq aes192-ctr ,
.Dq aes256-ctr ,
.Dq arcfour ,
.Dq blowfish-cbc ,
and
.Dq cast128-cbc .
The default is The default is
.Bd -literal .Bd -literal
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,