diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2021-01-22 02:44:58 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2021-01-22 15:03:56 +1100 |
| commit | ee9c0da8035b3168e8e57c1dedc2d1b0daf00eec (patch) | |
| tree | f7e1994cbf8c3da79a7ea53d71147851e89de30c /sshd_config.5 | |
| parent | a8e798feabe36d02de292bcfd274712cae1d8d17 (diff) | |
| download | openssh-git-ee9c0da8035b3168e8e57c1dedc2d1b0daf00eec.tar.gz | |
upstream: Rename PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. While the two were originally equivalent, this
actually specifies the signature algorithms that are accepted. Some key
types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512)
so the old name is becoming increasingly misleading. The old name is
retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 1f59ebc6..9b7a8916 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.323 2021/01/14 19:45:06 rob Exp $ -.Dd $Mdocdate: January 14 2021 $ +.\" $OpenBSD: sshd_config.5,v 1.324 2021/01/22 02:44:58 dtucker Exp $ +.Dd $Mdocdate: January 22 2021 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1209,7 +1209,7 @@ Available keywords are .Cm PermitTTY , .Cm PermitTunnel , .Cm PermitUserRC , -.Cm PubkeyAcceptedKeyTypes , +.Cm PubkeyAcceptedAlgorithms , .Cm PubkeyAuthentication , .Cm RekeyLimit , .Cm RevokedKeys , @@ -1477,20 +1477,20 @@ when a user logs in interactively. or equivalent.) The default is .Cm yes . -.It Cm PubkeyAcceptedKeyTypes -Specifies the key types that will be accepted for public key authentication -as a list of comma-separated patterns. +.It Cm PubkeyAcceptedAlgorithms +Specifies the signature algorithms that will be accepted for public key +authentication as a list of comma-separated patterns. Alternately if the specified list begins with a .Sq + -character, then the specified key types will be appended to the default set +character, then the specified algorithms will be appended to the default set instead of replacing them. If the specified list begins with a .Sq - -character, then the specified key types (including wildcards) will be removed +character, then the specified algorithms (including wildcards) will be removed from the default set instead of replacing them. If the specified list begins with a .Sq ^ -character, then the specified key types will be placed at the head of the +character, then the specified algorithms will be placed at the head of the default set. The default for this option is: .Bd -literal -offset 3n @@ -1511,7 +1511,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using -.Qq ssh -Q PubkeyAcceptedKeyTypes . +.Qq ssh -Q PubkeyAcceptedAlgorithms . .It Cm PubkeyAuthOptions Sets one or more public key authentication options. The supported keywords are: |