diff options
| author | markus@openbsd.org <markus@openbsd.org> | 2015-07-10 06:21:53 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-07-15 15:38:02 +1000 |
| commit | 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9 (patch) | |
| tree | e74e4219344349a4f9a4393aa4c2c6b7baecb127 /ssh_config.5 | |
| parent | 16db0a7ee9a87945cc594d13863cfcb86038db59 (diff) | |
| download | openssh-git-3a1638dda19bbc73d0ae02b4c251ce08e564b4b9.tar.gz | |
upstream commit
Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@
Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
Diffstat (limited to 'ssh_config.5')
| -rw-r--r-- | ssh_config.5 | 42 |
1 files changed, 34 insertions, 8 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index d29963c1..e5143984 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.212 2015/07/03 03:47:00 djm Exp $ -.Dd $Mdocdate: July 3 2015 $ +.\" $OpenBSD: ssh_config.5,v 1.213 2015/07/10 06:21:53 markus Exp $ +.Dd $Mdocdate: July 10 2015 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -781,9 +781,17 @@ is similar to .It Cm HostbasedKeyTypes Specifies the key types that will be used for hostbased authentication as a comma-separated pattern list. -The default -.Dq * -will allow all key types. +The default for this option is: +.Bd -literal -offset 3n +ecdsa-sha2-nistp256-cert-v01@openssh.com, +ecdsa-sha2-nistp384-cert-v01@openssh.com, +ecdsa-sha2-nistp521-cert-v01@openssh.com, +ssh-ed25519-cert-v01@openssh.com, +ssh-rsa-cert-v01@openssh.com, +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +ssh-ed25519,ssh-rsa +.Ed +.Pp The .Fl Q option of @@ -798,10 +806,9 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, -ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, -ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com, +ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa,ssh-dss +ssh-ed25519,ssh-rsa .Ed .Pp If hostkeys are known for the destination host then this default is modified @@ -1206,6 +1213,25 @@ will pass a connected file descriptor back to instead of continuing to execute and pass data. The default is .Dq no . +.It Cm PubkeyAcceptedKeyTypes +Specifies the key types that will be used for public key authentication +as a comma-separated pattern list. +The default for this option is: +.Bd -literal -offset 3n +ecdsa-sha2-nistp256-cert-v01@openssh.com, +ecdsa-sha2-nistp384-cert-v01@openssh.com, +ecdsa-sha2-nistp521-cert-v01@openssh.com, +ssh-ed25519-cert-v01@openssh.com, +ssh-rsa-cert-v01@openssh.com, +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +ssh-ed25519,ssh-rsa +.Ed +.Pp +The +.Fl Q +option of +.Xr ssh 1 +may be used to list supported key types. .It Cm PubkeyAuthentication Specifies whether to try public key authentication. The argument to this keyword must be |