diff options
author | naddy@openbsd.org <naddy@openbsd.org> | 2019-12-19 15:09:30 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2019-12-20 14:25:08 +1100 |
commit | ae024b22c4fd68e7f39681d605585889f9511108 (patch) | |
tree | 13b0f16f9f778ba7169ccc5a7ab11a62dec36368 /ssh_config.5 | |
parent | bc2dc091e0ac4ff6245c43a61ebe12c7e9ea0b7f (diff) | |
download | openssh-git-ae024b22c4fd68e7f39681d605585889f9511108.tar.gz |
upstream: Document that security key-hosted keys can act as host
keys.
Update the list of default host key algorithms in ssh_config.5 and
sshd_config.5. Copy the description of the SecurityKeyProvider
option to sshd_config.5.
ok jmc@
OpenBSD-Commit-ID: edadf3566ab5e94582df4377fee3b8b702c7eca0
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 93029031..dc7a2143 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.310 2019/11/30 07:07:59 jmc Exp $ -.Dd $Mdocdate: November 30 2019 $ +.\" $OpenBSD: ssh_config.5,v 1.311 2019/12/19 15:09:30 naddy Exp $ +.Dd $Mdocdate: December 19 2019 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -809,12 +809,16 @@ The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, +sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +sk-ssh-ed25519-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +sk-ecdsa-sha2-nistp256@openssh.com, +ssh-ed25519,sk-ssh-ed25519@openssh.com, +rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The @@ -842,12 +846,16 @@ The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, +sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +sk-ssh-ed25519-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +sk-ecdsa-sha2-nistp256@openssh.com, +ssh-ed25519,sk-ssh-ed25519@openssh.com, +rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp If hostkeys are known for the destination host then this default is modified @@ -1323,19 +1331,19 @@ character, then the specified key types will be placed at the head of the default set. The default for this option is: .Bd -literal -offset 3n -sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, -sk-ssh-ed25519-cert-v01@openssh.com, +sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +sk-ssh-ed25519-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, -sk-ecdsa-sha2-nistp256@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -sk-ssh-ed25519@openssh.com, -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +sk-ecdsa-sha2-nistp256@openssh.com, +ssh-ed25519,sk-ssh-ed25519@openssh.com, +rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using |