From ffa1dd681712f92c71444cea28975265b826e8e8 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Wed, 12 Sep 2001 16:52:28 +0000 Subject: [PATCH] - stevesk@cvs.openbsd.org 2001/08/22 17:45:16 [ssh.1] document cipher des for protocol 1; ok deraadt@ --- ChangeLog | 5 ++++- ssh.1 | 29 +++++++++++++++++++++-------- 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 61f07163d..900b40fbd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,9 @@ - stevesk@cvs.openbsd.org 2001/08/22 16:30:02 [sshd.8] no rexd; ok markus@ + - stevesk@cvs.openbsd.org 2001/08/22 17:45:16 + [ssh.1] + document cipher des for protocol 1; ok deraadt@ 20010815 - (bal) Fixed stray code in readconf.c that went in by mistake. @@ -6342,4 +6345,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1490 2001/09/12 16:46:08 mouring Exp $ +$Id: ChangeLog,v 1.1491 2001/09/12 16:52:28 mouring Exp $ diff --git a/ssh.1 b/ssh.1 index ff08013bb..4fef3d587 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.130 2001/08/22 16:21:21 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.131 2001/08/22 17:45:16 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -389,20 +389,24 @@ This can also be specified on a per-host basis in a configuration file. .It Fl b Ar bind_address Specify the interface to transmit from on machines with multiple interfaces or aliased addresses. -.It Fl c Ar blowfish|3des +.It Fl c Ar blowfish|3des|des Selects the cipher to use for encrypting the session. .Ar 3des is used by default. It is believed to be secure. .Ar 3des (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. -It is presumably more secure than the -.Ar des -cipher which is no longer fully supported in -.Nm ssh . .Ar blowfish is a fast block cipher, it appears very secure and is much faster than .Ar 3des . +.Ar des +is only supported in the +.Nm +client for interoperability with legacy protocol 1 implementations +that do not support the +.Ar 3des +cipher. Its use is strongly discouraged due to cryptographic +weaknesses. .It Fl c Ar cipher_spec Additionally, for protocol version 2 a comma-separated list of ciphers can be specified in order of preference. @@ -714,10 +718,19 @@ The default is Specifies the cipher to use for encrypting the session in protocol version 1. Currently, -.Dq blowfish +.Dq blowfish , +.Dq 3des , and -.Dq 3des +.Dq des are supported. +.Ar des +is only supported in the +.Nm +client for interoperability with legacy protocol 1 implementations +that do not support the +.Ar 3des +cipher. Its use is strongly discouraged due to cryptographic +weaknesses. The default is .Dq 3des . .It Cm Ciphers