upstream: lots more s/key types/signature algorithms/ mostly in
HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen OpenBSD-Commit-ID: 3f719de4385b1a89e4323b2549c66aae050129cb
This commit is contained in:
djm@openbsd.org
Damien Miller
parent
0aeb508aaa
commit
8b8b60542d
40
ssh_config.5
40
ssh_config.5
|
|
@ -33,8 +33,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh_config.5,v 1.347 2021/02/15 20:43:15 markus Exp $
|
||||
.Dd $Mdocdate: February 15 2021 $
|
||||
.\" $OpenBSD: ssh_config.5,v 1.348 2021/02/23 21:55:08 djm Exp $
|
||||
.Dd $Mdocdate: February 23 2021 $
|
||||
.Dt SSH_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -801,20 +801,20 @@ will not be converted automatically,
|
|||
but may be manually hashed using
|
||||
.Xr ssh-keygen 1 .
|
||||
.It Cm HostbasedAcceptedAlgorithms
|
||||
Specifies the key types that will be used for hostbased authentication
|
||||
as a comma-separated list of patterns.
|
||||
Specifies the signature algorithms that will be used for hostbased
|
||||
authentication as a comma-separated list of patterns.
|
||||
Alternately if the specified list begins with a
|
||||
.Sq +
|
||||
character, then the specified key types will be appended to the default set
|
||||
instead of replacing them.
|
||||
character, then the specified signature algorithms will be appended
|
||||
to the default set instead of replacing them.
|
||||
If the specified list begins with a
|
||||
.Sq -
|
||||
character, then the specified key types (including wildcards) will be removed
|
||||
from the default set instead of replacing them.
|
||||
character, then the specified signature algorithms (including wildcards)
|
||||
will be removed from the default set instead of replacing them.
|
||||
If the specified list begins with a
|
||||
.Sq ^
|
||||
character, then the specified key types will be placed at the head of the
|
||||
default set.
|
||||
character, then the specified signature algorithms will be placed
|
||||
at the head of the default set.
|
||||
The default for this option is:
|
||||
.Bd -literal -offset 3n
|
||||
ssh-ed25519-cert-v01@openssh.com,
|
||||
|
|
@ -837,7 +837,7 @@ The
|
|||
.Fl Q
|
||||
option of
|
||||
.Xr ssh 1
|
||||
may be used to list supported key types.
|
||||
may be used to list supported signature algorithms.
|
||||
This was formerly named HostbasedKeyTypes.
|
||||
.It Cm HostbasedAuthentication
|
||||
Specifies whether to try rhosts based authentication with public key
|
||||
|
|
@ -848,20 +848,20 @@ or
|
|||
.Cm no
|
||||
(the default).
|
||||
.It Cm HostKeyAlgorithms
|
||||
Specifies the host key algorithms
|
||||
Specifies the host key signature algorithms
|
||||
that the client wants to use in order of preference.
|
||||
Alternately if the specified list begins with a
|
||||
.Sq +
|
||||
character, then the specified key types will be appended to the default set
|
||||
instead of replacing them.
|
||||
character, then the specified signature algorithms will be appended to
|
||||
the default set instead of replacing them.
|
||||
If the specified list begins with a
|
||||
.Sq -
|
||||
character, then the specified key types (including wildcards) will be removed
|
||||
from the default set instead of replacing them.
|
||||
character, then the specified signature algorithms (including wildcards)
|
||||
will be removed from the default set instead of replacing them.
|
||||
If the specified list begins with a
|
||||
.Sq ^
|
||||
character, then the specified key types will be placed at the head of the
|
||||
default set.
|
||||
character, then the specified signature algorithms will be placed
|
||||
at the head of the default set.
|
||||
The default for this option is:
|
||||
.Bd -literal -offset 3n
|
||||
ssh-ed25519-cert-v01@openssh.com,
|
||||
|
|
@ -883,7 +883,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
|
|||
If hostkeys are known for the destination host then this default is modified
|
||||
to prefer their algorithms.
|
||||
.Pp
|
||||
The list of available key types may also be obtained using
|
||||
The list of available signature algorithms may also be obtained using
|
||||
.Qq ssh -Q HostKeyAlgorithms .
|
||||
.It Cm HostKeyAlias
|
||||
Specifies an alias that should be used instead of the
|
||||
|
|
@ -1461,7 +1461,7 @@ sk-ecdsa-sha2-nistp256@openssh.com,
|
|||
rsa-sha2-512,rsa-sha2-256,ssh-rsa
|
||||
.Ed
|
||||
.Pp
|
||||
The list of available key types may also be obtained using
|
||||
The list of available signature algorithms may also be obtained using
|
||||
.Qq ssh -Q PubkeyAcceptedAlgorithms .
|
||||
.It Cm PubkeyAuthentication
|
||||
Specifies whether to try public key authentication.
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.326 2021/02/23 21:50:18 djm Exp $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.327 2021/02/23 21:55:08 djm Exp $
|
||||
.Dd $Mdocdate: February 23 2021 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
|
|
@ -659,20 +659,20 @@ This facility is provided to assist with operation on multi homed machines.
|
|||
The default is
|
||||
.Cm yes .
|
||||
.It Cm HostbasedAcceptedAlgorithms
|
||||
Specifies the key types that will be accepted for hostbased authentication
|
||||
as a list of comma-separated patterns.
|
||||
Specifies the signature algorithms that will be accepted for hostbased
|
||||
authentication as a list of comma-separated patterns.
|
||||
Alternately if the specified list begins with a
|
||||
.Sq +
|
||||
character, then the specified key types will be appended to the default set
|
||||
instead of replacing them.
|
||||
character, then the specified signature algorithms will be appended to
|
||||
the default set instead of replacing them.
|
||||
If the specified list begins with a
|
||||
.Sq -
|
||||
character, then the specified key types (including wildcards) will be removed
|
||||
from the default set instead of replacing them.
|
||||
character, then the specified signature algorithms (including wildcards)
|
||||
will be removed from the default set instead of replacing them.
|
||||
If the specified list begins with a
|
||||
.Sq ^
|
||||
character, then the specified key types will be placed at the head of the
|
||||
default set.
|
||||
character, then the specified signature algorithms will be placed at
|
||||
the head of the default set.
|
||||
The default for this option is:
|
||||
.Bd -literal -offset 3n
|
||||
ssh-ed25519-cert-v01@openssh.com,
|
||||
|
|
@ -691,7 +691,7 @@ sk-ecdsa-sha2-nistp256@openssh.com,
|
|||
rsa-sha2-512,rsa-sha2-256,ssh-rsa
|
||||
.Ed
|
||||
.Pp
|
||||
The list of available key types may also be obtained using
|
||||
The list of available signature algorithms may also be obtained using
|
||||
.Qq ssh -Q HostbasedAcceptedAlgorithms .
|
||||
This was formerly named HostbasedAcceptedKeyTypes.
|
||||
.It Cm HostbasedAuthentication
|
||||
|
|
@ -756,7 +756,7 @@ is specified, the location of the socket will be read from the
|
|||
.Ev SSH_AUTH_SOCK
|
||||
environment variable.
|
||||
.It Cm HostKeyAlgorithms
|
||||
Specifies the host key algorithms
|
||||
Specifies the host key signature algorithms
|
||||
that the server offers.
|
||||
The default for this option is:
|
||||
.Bd -literal -offset 3n
|
||||
|
|
@ -776,7 +776,7 @@ sk-ecdsa-sha2-nistp256@openssh.com,
|
|||
rsa-sha2-512,rsa-sha2-256,ssh-rsa
|
||||
.Ed
|
||||
.Pp
|
||||
The list of available key types may also be obtained using
|
||||
The list of available signature algorithms may also be obtained using
|
||||
.Qq ssh -Q HostKeyAlgorithms .
|
||||
.It Cm IgnoreRhosts
|
||||
Specifies whether to ignore per-user
|
||||
|
|
|
|||
Loading…
Reference in New Issue