tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-30 01:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream: mention that CASignatureAlgorithms accepts +/- similarly to

Browse Source 
the other algorithm list directives; ok jmc bz#3335

OpenBSD-Commit-ID: 0d46b53995817052c78e2dce9dbd133963b073d9
This commit is contained in:
djm@openbsd.org 2021-08-12 23:59:25 +00:00 committed by Damien Miller
parent 090a82486e
commit dcce2a2bcf
2 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ssh_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh_config.5,v 1.361 2021/08/06 05:04:42 dtucker Exp $ .\" $OpenBSD: ssh_config.5,v 1.362 2021/08/12 23:59:25 djm Exp $
.Dd $Mdocdate: August 6 2021 $ .Dd $Mdocdate: August 12 2021 $
.Dt SSH_CONFIG 5 .Dt SSH_CONFIG 5
.Os .Os
.Sh NAME .Sh NAME
@ -377,11 +377,22 @@ Specifies which algorithms are allowed for signing of certificates
by certificate authorities (CAs). by certificate authorities (CAs).
The default is: The default is:
.Bd -literal -offset indent .Bd -literal -offset indent
ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ecdsa-sha2-nistp256,
sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com, ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
sk-ssh-ed25519@openssh.com,
sk-ecdsa-sha2-nistp256@openssh.com,
rsa-sha2-512,rsa-sha2-256 rsa-sha2-512,rsa-sha2-256
.Ed .Ed
.Pp .Pp
If the specified list begins with a
.Sq +
character, then the specified algorithms will be appended to the default set
instead of replacing them.
If the specified list begins with a
.Sq -
character, then the specified algorithms (including wildcards) will be removed
from the default set instead of replacing them.
.Pp
.Xr ssh 1 .Xr ssh 1
will not accept host certificates signed using algorithms other than those will not accept host certificates signed using algorithms other than those
specified. specified.

19
sshd_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.333 2021/07/27 14:28:46 jmc Exp $ .\" $OpenBSD: sshd_config.5,v 1.334 2021/08/12 23:59:25 djm Exp $
.Dd $Mdocdate: July 27 2021 $ .Dd $Mdocdate: August 12 2021 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
.Sh NAME .Sh NAME
@ -377,11 +377,22 @@ Specifies which algorithms are allowed for signing of certificates
by certificate authorities (CAs). by certificate authorities (CAs).
The default is: The default is:
.Bd -literal -offset indent .Bd -literal -offset indent
ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ecdsa-sha2-nistp256,
sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com, ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
sk-ssh-ed25519@openssh.com,
sk-ecdsa-sha2-nistp256@openssh.com,
rsa-sha2-512,rsa-sha2-256 rsa-sha2-512,rsa-sha2-256
.Ed .Ed
.Pp .Pp
If the specified list begins with a
.Sq +
character, then the specified algorithms will be appended to the default set
instead of replacing them.
If the specified list begins with a
.Sq -
character, then the specified algorithms (including wildcards) will be removed
from the default set instead of replacing them.
.Pp
Certificates signed using other algorithms will not be accepted for Certificates signed using other algorithms will not be accepted for
public key or host-based authentication. public key or host-based authentication.
.It Cm ChrootDirectory .It Cm ChrootDirectory