mirror of git://anongit.mindrot.org/openssh.git
- dtucker@cvs.openbsd.org 2004/06/13 14:01:42
[ssh.1 ssh_config.5 sshd_config.5]
List supported ciphers in man pages, tidy up ssh -c;
"looks fine" jmc@, ok markus@
This commit is contained in:
Damien Miller
parent
f675fc4948
commit
05202ffe21
|
|
@ -20,6 +20,10 @@
|
|||
[ssh-keyscan.c sshconnect2.c sshd.c]
|
||||
implement diffie-hellman-group14-sha1 kex method (trivial extension to
|
||||
existing diffie-hellman-group1-sha1); ok markus@
|
||||
- dtucker@cvs.openbsd.org 2004/06/13 14:01:42
|
||||
[ssh.1 ssh_config.5 sshd_config.5]
|
||||
List supported ciphers in man pages, tidy up ssh -c;
|
||||
"looks fine" jmc@, ok markus@
|
||||
|
||||
20040603
|
||||
- (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions.
|
||||
|
|
@ -1204,4 +1208,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.3380 2004/06/15 00:30:09 djm Exp $
|
||||
$Id: ChangeLog,v 1.3381 2004/06/15 00:30:39 djm Exp $
|
||||
|
|
|
|||
51
ssh.1
51
ssh.1
|
|
@ -34,7 +34,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.188 2004/05/22 16:01:05 jmc Exp $
|
||||
.\" $OpenBSD: ssh.1,v 1.189 2004/06/13 14:01:42 dtucker Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
|
|
@ -241,8 +241,8 @@ Additionally,
|
|||
supports hostbased or challenge response authentication.
|
||||
.Pp
|
||||
Protocol 2 provides additional mechanisms for confidentiality
|
||||
(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
|
||||
and integrity (hmac-md5, hmac-sha1).
|
||||
(the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour)
|
||||
and integrity (hmac-md5, hmac-sha1, hmac-ripemd160).
|
||||
Note that protocol 1 lacks a strong mechanism for ensuring the
|
||||
integrity of the connection.
|
||||
.Ss Login session and remote execution
|
||||
|
|
@ -449,13 +449,18 @@ The default value can be set on a host-by-host basis in the
|
|||
configuration files; see the
|
||||
.Cm Compression
|
||||
option.
|
||||
.It Fl c Ar blowfish | 3des | des
|
||||
Selects the cipher to use for encrypting the session.
|
||||
.Ar 3des
|
||||
is used by default.
|
||||
It is believed to be secure.
|
||||
.It Fl c Ar cipher_spec
|
||||
Selects the cipher specification for encrypting the session.
|
||||
.Pp
|
||||
Protocol version 1 allows specification of a single cipher.
|
||||
The suported values are
|
||||
.Dq 3des ,
|
||||
.Dq blowfish
|
||||
and
|
||||
.Dq des .
|
||||
.Ar 3des
|
||||
(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
|
||||
It is believed to be secure.
|
||||
.Ar blowfish
|
||||
is a fast block cipher; it appears very secure and is much faster than
|
||||
.Ar 3des .
|
||||
|
|
@ -467,12 +472,30 @@ that do not support the
|
|||
.Ar 3des
|
||||
cipher.
|
||||
Its use is strongly discouraged due to cryptographic weaknesses.
|
||||
.It Fl c Ar cipher_spec
|
||||
Additionally, for protocol version 2 a comma-separated list of ciphers can
|
||||
be specified in order of preference.
|
||||
See
|
||||
.Cm Ciphers
|
||||
for more information.
|
||||
The default is
|
||||
.Dq 3des .
|
||||
.Pp
|
||||
For protocol version 2
|
||||
.Ar cipher_spec
|
||||
is a comma-separated list of ciphers
|
||||
listed in order of preference.
|
||||
The supported ciphers are
|
||||
.Dq 3des-cbc ,
|
||||
.Dq aes128-cbc ,
|
||||
.Dq aes192-cbc ,
|
||||
.Dq aes256-cbc ,
|
||||
.Dq aes128-ctr ,
|
||||
.Dq aes192-ctr ,
|
||||
.Dq aes256-ctr ,
|
||||
.Dq arcfour ,
|
||||
.Dq blowfish-cbc ,
|
||||
and
|
||||
.Dq cast128-cbc .
|
||||
The default is
|
||||
.Bd -literal
|
||||
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
|
||||
aes192-cbc,aes256-cbc''
|
||||
.Ed
|
||||
.It Fl D Ar port
|
||||
Specifies a local
|
||||
.Dq dynamic
|
||||
|
|
|
|||
14
ssh_config.5
14
ssh_config.5
|
|
@ -34,7 +34,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh_config.5,v 1.34 2004/05/06 11:24:23 jmc Exp $
|
||||
.\" $OpenBSD: ssh_config.5,v 1.35 2004/06/13 14:01:42 dtucker Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSH_CONFIG 5
|
||||
.Os
|
||||
|
|
@ -185,6 +185,18 @@ The default is
|
|||
Specifies the ciphers allowed for protocol version 2
|
||||
in order of preference.
|
||||
Multiple ciphers must be comma-separated.
|
||||
The supported ciphers are
|
||||
.Dq 3des-cbc ,
|
||||
.Dq aes128-cbc ,
|
||||
.Dq aes192-cbc ,
|
||||
.Dq aes256-cbc ,
|
||||
.Dq aes128-ctr ,
|
||||
.Dq aes192-ctr ,
|
||||
.Dq aes256-ctr ,
|
||||
.Dq arcfour ,
|
||||
.Dq blowfish-cbc ,
|
||||
and
|
||||
.Dq cast128-cbc .
|
||||
The default is
|
||||
.Bd -literal
|
||||
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.33 2004/05/23 23:59:53 dtucker Exp $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.34 2004/06/13 14:01:42 dtucker Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
|
|
@ -149,6 +149,18 @@ The default is
|
|||
.It Cm Ciphers
|
||||
Specifies the ciphers allowed for protocol version 2.
|
||||
Multiple ciphers must be comma-separated.
|
||||
The supported ciphers are
|
||||
.Dq 3des-cbc ,
|
||||
.Dq aes128-cbc ,
|
||||
.Dq aes192-cbc ,
|
||||
.Dq aes256-cbc ,
|
||||
.Dq aes128-ctr ,
|
||||
.Dq aes192-ctr ,
|
||||
.Dq aes256-ctr ,
|
||||
.Dq arcfour ,
|
||||
.Dq blowfish-cbc ,
|
||||
and
|
||||
.Dq cast128-cbc .
|
||||
The default is
|
||||
.Bd -literal
|
||||
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
|
||||
|
|
|
|||
Loading…
Reference in New Issue