tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-31 01:35:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream: lots more s/key types/signature algorithms/ mostly in

Browse Source 
HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen

OpenBSD-Commit-ID: 3f719de4385b1a89e4323b2549c66aae050129cb
This commit is contained in:
djm@openbsd.org 2021-02-23 21:55:08 +00:00 committed by Damien Miller
parent 0aeb508aaa
commit 8b8b60542d
2 changed files with 32 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
ssh_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh_config.5,v 1.347 2021/02/15 20:43:15 markus Exp $ .\" $OpenBSD: ssh_config.5,v 1.348 2021/02/23 21:55:08 djm Exp $
.Dd $Mdocdate: February 15 2021 $ .Dd $Mdocdate: February 23 2021 $
.Dt SSH_CONFIG 5 .Dt SSH_CONFIG 5
.Os .Os
.Sh NAME .Sh NAME
@ -801,20 +801,20 @@ will not be converted automatically,
but may be manually hashed using but may be manually hashed using
.Xr ssh-keygen 1 . .Xr ssh-keygen 1 .
.It Cm HostbasedAcceptedAlgorithms .It Cm HostbasedAcceptedAlgorithms
Specifies the key types that will be used for hostbased authentication Specifies the signature algorithms that will be used for hostbased
as a comma-separated list of patterns. authentication as a comma-separated list of patterns.
Alternately if the specified list begins with a Alternately if the specified list begins with a
.Sq + .Sq +
character, then the specified key types will be appended to the default set character, then the specified signature algorithms will be appended
instead of replacing them. to the default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq - .Sq -
character, then the specified key types (including wildcards) will be removed character, then the specified signature algorithms (including wildcards)
from the default set instead of replacing them. will be removed from the default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq ^ .Sq ^
character, then the specified key types will be placed at the head of the character, then the specified signature algorithms will be placed
default set. at the head of the default set.
The default for this option is: The default for this option is:
.Bd -literal -offset 3n .Bd -literal -offset 3n
ssh-ed25519-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com,
@ -837,7 +837,7 @@ The
.Fl Q .Fl Q
option of option of
.Xr ssh 1 .Xr ssh 1
may be used to list supported key types. may be used to list supported signature algorithms.
This was formerly named HostbasedKeyTypes. This was formerly named HostbasedKeyTypes.
.It Cm HostbasedAuthentication .It Cm HostbasedAuthentication
Specifies whether to try rhosts based authentication with public key Specifies whether to try rhosts based authentication with public key
@ -848,20 +848,20 @@ or
.Cm no .Cm no
(the default). (the default).
.It Cm HostKeyAlgorithms .It Cm HostKeyAlgorithms
Specifies the host key algorithms Specifies the host key signature algorithms
that the client wants to use in order of preference. that the client wants to use in order of preference.
Alternately if the specified list begins with a Alternately if the specified list begins with a
.Sq + .Sq +
character, then the specified key types will be appended to the default set character, then the specified signature algorithms will be appended to
instead of replacing them. the default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq - .Sq -
character, then the specified key types (including wildcards) will be removed character, then the specified signature algorithms (including wildcards)
from the default set instead of replacing them. will be removed from the default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq ^ .Sq ^
character, then the specified key types will be placed at the head of the character, then the specified signature algorithms will be placed
default set. at the head of the default set.
The default for this option is: The default for this option is:
.Bd -literal -offset 3n .Bd -literal -offset 3n
ssh-ed25519-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com,
@ -883,7 +883,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
If hostkeys are known for the destination host then this default is modified If hostkeys are known for the destination host then this default is modified
to prefer their algorithms. to prefer their algorithms.
.Pp .Pp
The list of available key types may also be obtained using The list of available signature algorithms may also be obtained using
.Qq ssh -Q HostKeyAlgorithms . .Qq ssh -Q HostKeyAlgorithms .
.It Cm HostKeyAlias .It Cm HostKeyAlias
Specifies an alias that should be used instead of the Specifies an alias that should be used instead of the
@ -1461,7 +1461,7 @@ sk-ecdsa-sha2-nistp256@openssh.com,
rsa-sha2-512,rsa-sha2-256,ssh-rsa rsa-sha2-512,rsa-sha2-256,ssh-rsa
.Ed .Ed
.Pp .Pp
The list of available key types may also be obtained using The list of available signature algorithms may also be obtained using
.Qq ssh -Q PubkeyAcceptedAlgorithms . .Qq ssh -Q PubkeyAcceptedAlgorithms .
.It Cm PubkeyAuthentication .It Cm PubkeyAuthentication
Specifies whether to try public key authentication. Specifies whether to try public key authentication.

24
sshd_config.5
View File

@ -33,7 +33,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.326 2021/02/23 21:50:18 djm Exp $ .\" $OpenBSD: sshd_config.5,v 1.327 2021/02/23 21:55:08 djm Exp $
.Dd $Mdocdate: February 23 2021 $ .Dd $Mdocdate: February 23 2021 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
@ -659,20 +659,20 @@ This facility is provided to assist with operation on multi homed machines.
The default is The default is
.Cm yes . .Cm yes .
.It Cm HostbasedAcceptedAlgorithms .It Cm HostbasedAcceptedAlgorithms
Specifies the key types that will be accepted for hostbased authentication Specifies the signature algorithms that will be accepted for hostbased
as a list of comma-separated patterns. authentication as a list of comma-separated patterns.
Alternately if the specified list begins with a Alternately if the specified list begins with a
.Sq + .Sq +
character, then the specified key types will be appended to the default set character, then the specified signature algorithms will be appended to
instead of replacing them. the default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq - .Sq -
character, then the specified key types (including wildcards) will be removed character, then the specified signature algorithms (including wildcards)
from the default set instead of replacing them. will be removed from the default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq ^ .Sq ^
character, then the specified key types will be placed at the head of the character, then the specified signature algorithms will be placed at
default set. the head of the default set.
The default for this option is: The default for this option is:
.Bd -literal -offset 3n .Bd -literal -offset 3n
ssh-ed25519-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com,
@ -691,7 +691,7 @@ sk-ecdsa-sha2-nistp256@openssh.com,
rsa-sha2-512,rsa-sha2-256,ssh-rsa rsa-sha2-512,rsa-sha2-256,ssh-rsa
.Ed .Ed
.Pp .Pp
The list of available key types may also be obtained using The list of available signature algorithms may also be obtained using
.Qq ssh -Q HostbasedAcceptedAlgorithms . .Qq ssh -Q HostbasedAcceptedAlgorithms .
This was formerly named HostbasedAcceptedKeyTypes. This was formerly named HostbasedAcceptedKeyTypes.
.It Cm HostbasedAuthentication .It Cm HostbasedAuthentication
@ -756,7 +756,7 @@ is specified, the location of the socket will be read from the
.Ev SSH_AUTH_SOCK .Ev SSH_AUTH_SOCK
environment variable. environment variable.
.It Cm HostKeyAlgorithms .It Cm HostKeyAlgorithms
Specifies the host key algorithms Specifies the host key signature algorithms
that the server offers. that the server offers.
The default for this option is: The default for this option is:
.Bd -literal -offset 3n .Bd -literal -offset 3n
@ -776,7 +776,7 @@ sk-ecdsa-sha2-nistp256@openssh.com,
rsa-sha2-512,rsa-sha2-256,ssh-rsa rsa-sha2-512,rsa-sha2-256,ssh-rsa
.Ed .Ed
.Pp .Pp
The list of available key types may also be obtained using The list of available signature algorithms may also be obtained using
.Qq ssh -Q HostKeyAlgorithms . .Qq ssh -Q HostKeyAlgorithms .
.It Cm IgnoreRhosts .It Cm IgnoreRhosts
Specifies whether to ignore per-user Specifies whether to ignore per-user