From a685ae8d1c24fb7c712c55a4f3280ee76f5f1e4b Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Wed, 17 Feb 2016 07:38:19 +0000 Subject: [PATCH] upstream commit since these pages now clearly tell folks to avoid v1, normalise the docs from a v2 perspective (i.e. stop pointing out which bits are v2 only); ok/tweaks djm ok markus Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129 --- ssh-keygen.1 | 14 +++++++---- ssh-keysign.8 | 6 ++--- ssh.1 | 66 +++++++++++++++++++-------------------------------- ssh_config.5 | 23 ++++-------------- sshd.8 | 16 ++++++------- sshd_config.5 | 27 ++++++--------------- 6 files changed, 55 insertions(+), 97 deletions(-) diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 74b3124f5..37a4fc2b2 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.129 2015/11/13 04:34:15 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.130 2016/02/17 07:38:19 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 13 2015 $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -141,8 +141,12 @@ generates, manages and converts authentication keys for .Xr ssh 1 . .Nm -can create RSA keys for use by SSH protocol version 1 and -DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2. +can create keys for use by SSH protocol versions 1 and 2. +Protocol 1 should not be used +and is only offered to support legacy devices. +It suffers from a number of cryptographic weaknesses +and doesn't support many of the advanced features available for protocol 2. +.Pp The type of key to be generated is specified with the .Fl t option. @@ -474,7 +478,7 @@ At present, no options are valid for host keys. .It Fl o Causes .Nm -to save SSH protocol 2 private keys using the new OpenSSH format rather than +to save private keys using the new OpenSSH format rather than the more compatible PEM format. The new format has increased resistance to brute-force password cracking but is not supported by versions of OpenSSH prior to 6.5. diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 69d082954..19b0dbc53 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.14 2013/12/07 11:58:46 naddy Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.15 2016/02/17 07:38:19 jmc Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 7 2013 $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSH-KEYSIGN 8 .Os .Sh NAME @@ -35,7 +35,7 @@ is used by .Xr ssh 1 to access the local host keys and generate the digital signature -required during host-based authentication with SSH protocol version 2. +required during host-based authentication. .Pp .Nm is disabled by default and can only be enabled in the diff --git a/ssh.1 b/ssh.1 index afc3537b0..cc5334338 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.368 2016/02/16 07:47:54 jmc Exp $ -.Dd $Mdocdate: February 16 2016 $ +.\" $OpenBSD: ssh.1,v 1.369 2016/02/17 07:38:19 jmc Exp $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSH 1 .Os .Sh NAME @@ -402,17 +402,15 @@ in for details. .Pp .It Fl m Ar mac_spec -Additionally, for protocol version 2 a comma-separated list of MAC -(message authentication code) algorithms can -be specified in order of preference. +A comma-separated list of MAC (message authentication code) algorithms, +specified in order of preference. See the .Cm MACs keyword for more information. .Pp .It Fl N Do not execute a remote command. -This is useful for just forwarding ports -(protocol version 2 only). +This is useful for just forwarding ports. .Pp .It Fl n Redirects stdin from @@ -664,8 +662,8 @@ for details. .Pp .It Fl s May be used to request invocation of a subsystem on the remote system. -Subsystems are a feature of the SSH2 protocol which facilitate the use -of SSH as a secure transport for other applications (eg.\& +Subsystems facilitate the use of SSH +as a secure transport for other applications (e.g.\& .Xr sftp 1 ) . The subsystem is specified as the remote command. .Pp @@ -710,7 +708,6 @@ Implies .Cm ExitOnForwardFailure and .Cm ClearAllForwardings . -Works with Protocol version 2 only. .Pp .It Fl w Xo .Ar local_tun Ns Op : Ns Ar remote_tun @@ -795,8 +792,10 @@ or the and .Fl 2 options (see above). -Protocol 1 should not be used - it suffers from a number of cryptographic -weaknesses and is only offered to support legacy devices. +Protocol 1 should not be used +and is only offered to support legacy devices. +It suffers from a number of cryptographic weaknesses +and doesn't support many of the advanced features available for protocol 2. .Pp The methods available for authentication are: GSSAPI-based authentication, @@ -805,8 +804,9 @@ public key authentication, challenge-response authentication, and password authentication. Authentication methods are tried in the order specified above, -though protocol 2 has a configuration option to change the default order: -.Cm PreferredAuthentications . +though +.Cm PreferredAuthentications +can be used to change the default order. .Pp Host-based authentication works as follows: If the machine the user logs in from is listed in @@ -850,8 +850,6 @@ The server knows the public key, and only the user knows the private key. .Nm implements public key authentication protocol automatically, using one of the DSA, ECDSA, Ed25519 or RSA algorithms. -Protocol 1 is restricted to using only RSA keys, -but protocol 2 may use any. The HISTORY section of .Xr ssl 8 contains a brief discussion of the DSA and RSA algorithms. @@ -873,26 +871,26 @@ This stores the private key in .Pa ~/.ssh/identity (protocol 1), .Pa ~/.ssh/id_dsa -(protocol 2 DSA), +(DSA), .Pa ~/.ssh/id_ecdsa -(protocol 2 ECDSA), +(ECDSA), .Pa ~/.ssh/id_ed25519 -(protocol 2 Ed25519), +(Ed25519), or .Pa ~/.ssh/id_rsa -(protocol 2 RSA) +(RSA) and stores the public key in .Pa ~/.ssh/identity.pub (protocol 1), .Pa ~/.ssh/id_dsa.pub -(protocol 2 DSA), +(DSA), .Pa ~/.ssh/id_ecdsa.pub -(protocol 2 ECDSA), +(ECDSA), .Pa ~/.ssh/id_ed25519.pub -(protocol 2 Ed25519), +(Ed25519), or .Pa ~/.ssh/id_rsa.pub -(protocol 2 RSA) +(RSA) in the user's home directory. The user should then copy the public key to @@ -930,8 +928,6 @@ Challenge-response authentication works as follows: The server sends an arbitrary .Qq challenge text, and prompts for a response. -Protocol 2 allows multiple challenges and responses; -protocol 1 is restricted to just one challenge/response. Examples of challenge-response authentication include .Bx Authentication (see @@ -1030,7 +1026,7 @@ at logout when waiting for forwarded connection / X11 sessions to terminate. Display a list of escape characters. .It Cm ~B Send a BREAK to the remote system -(only useful for SSH protocol version 2 and if the peer supports it). +(only useful if the peer supports it). .It Cm ~C Open command line. Currently this allows the addition of port forwardings using the @@ -1063,7 +1059,7 @@ Basic help is available, using the option. .It Cm ~R Request rekeying of the connection -(only useful for SSH protocol version 2 and if the peer supports it). +(only useful if the peer supports it). .It Cm ~V Decrease the verbosity .Pq Ic LogLevel @@ -1531,20 +1527,6 @@ The file format and configuration options are described in .It Pa /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys and are used for host-based authentication. -If protocol version 1 is used, -.Nm -must be setuid root, since the host key is readable only by root. -For protocol version 2, -.Nm -uses -.Xr ssh-keysign 8 -to access the host keys, -eliminating the requirement that -.Nm -be setuid root when host-based authentication is used. -By default -.Nm -is not setuid root. .Pp .It Pa /etc/ssh/ssh_known_hosts Systemwide list of known host keys. diff --git a/ssh_config.5 b/ssh_config.5 index c8ccfecb4..fcd538066 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.225 2016/02/16 05:11:04 djm Exp $ -.Dd $Mdocdate: February 16 2016 $ +.\" $OpenBSD: ssh_config.5,v 1.226 2016/02/17 07:38:19 jmc Exp $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -824,12 +824,10 @@ The default is Specifies whether user authentication based on GSSAPI is allowed. The default is .Dq no . -Note that this option applies to protocol version 2 only. .It Cm GSSAPIDelegateCredentials Forward (delegate) credentials to the server. The default is .Dq no . -Note that this option applies to protocol version 2 only. .It Cm HashKnownHosts Indicates that .Xr ssh 1 @@ -856,9 +854,6 @@ or .Dq no . The default is .Dq no . -This option applies to protocol version 2 only and -is similar to -.Cm RhostsRSAAuthentication . .It Cm HostbasedKeyTypes Specifies the key types that will be used for hostbased authentication as a comma-separated pattern list. @@ -883,7 +878,7 @@ option of .Xr ssh 1 may be used to list supported key types. .It Cm HostKeyAlgorithms -Specifies the protocol version 2 host key algorithms +Specifies the host key algorithms that the client wants to use in order of preference. Alternately if the specified value begins with a .Sq + @@ -1170,8 +1165,7 @@ DEBUG2 and DEBUG3 each specify higher levels of verbose output. .It Cm MACs Specifies the MAC (message authentication code) algorithms in order of preference. -The MAC algorithm is used in protocol version 2 -for data integrity protection. +The MAC algorithm is used for data integrity protection. Multiple algorithms must be comma-separated. If the specified value begins with a .Sq + @@ -1243,8 +1237,7 @@ private RSA key. Specifies the port number to connect on the remote host. The default is 22. .It Cm PreferredAuthentications -Specifies the order in which the client should try protocol 2 -authentication methods. +Specifies the order in which the client should try authentication methods. This allows a client to prefer one method (e.g.\& .Cm keyboard-interactive ) over another method (e.g.\& @@ -1353,7 +1346,6 @@ or .Dq no . The default is .Dq yes . -This option applies to protocol version 2 only. .It Cm RekeyLimit Specifies the maximum amount of data that may be transmitted before the session key is renegotiated, optionally followed a maximum amount of @@ -1379,7 +1371,6 @@ is .Dq default none , which means that rekeying is performed after the cipher's default amount of data has been sent or received and no time based rekeying is done. -This option applies to protocol version 2 only. .It Cm RemoteForward Specifies that a TCP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. @@ -1472,7 +1463,6 @@ Note that this option applies to protocol version 1 only. Specifies what variables from the local .Xr environ 7 should be sent to the server. -Note that environment passing is only supported for protocol 2. The server must also support it, and the server must be configured to accept these environment variables. Note that the @@ -1520,7 +1510,6 @@ If, for example, .Cm ServerAliveCountMax is left at the default, if the server becomes unresponsive, ssh will disconnect after approximately 45 seconds. -This option applies to protocol version 2 only. .It Cm ServerAliveInterval Sets a timeout interval in seconds after which if no data has been received from the server, @@ -1529,7 +1518,6 @@ will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server. -This option applies to protocol version 2 only. .It Cm StreamLocalBindMask Sets the octal file creation mode mask .Pq umask @@ -1726,7 +1714,6 @@ or .Dq ask . The default is .Dq no . -Note that this option applies to protocol version 2 only. .Pp See also VERIFYING HOST KEYS in .Xr ssh 1 . diff --git a/sshd.8 b/sshd.8 index e658523a5..6c521f23e 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.283 2016/02/05 03:07:06 djm Exp $ -.Dd $Mdocdate: February 5 2016 $ +.\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSHD 8 .Os .Sh NAME @@ -275,14 +275,12 @@ though this can be changed via the .Cm Protocol option in .Xr sshd_config 5 . -Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys; -protocol 1 only supports RSA keys. -For both protocols, -each host has a host-specific key, -normally 2048 bits, -used to identify the host. +Protocol 1 should not be used +and is only offered to support legacy devices. .Pp -Forward security for protocol 1 is provided through +Each host has a host-specific key, +used to identify the host. +Partial forward security for protocol 1 is provided through an additional server key, normally 1024 bits, generated when the server starts. diff --git a/sshd_config.5 b/sshd_config.5 index 711a02524..ef9190568 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.218 2016/02/16 05:11:04 djm Exp $ -.Dd $Mdocdate: February 16 2016 $ +.\" $OpenBSD: sshd_config.5,v 1.219 2016/02/17 07:38:19 jmc Exp $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -70,8 +70,7 @@ See in .Xr ssh_config 5 for how to configure the client. -Note that environment passing is only supported for protocol 2, and -that the +The .Ev TERM environment variable is always sent whenever the client requests a pseudo-terminal as it is required by the protocol. @@ -226,7 +225,7 @@ of .Dq publickey,publickey will require successful authentication using two different public keys. .Pp -This option is only available for SSH protocol 2 and will yield a fatal +This option will yield a fatal error if enabled if protocol 1 is also enabled. Note that each authentication method listed should also be explicitly enabled in the configuration. @@ -373,7 +372,6 @@ authentication is allowed. If the argument is .Dq none then no banner is displayed. -This option is only available for protocol version 2. By default, no banner is displayed. .It Cm ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed (e.g. via @@ -437,7 +435,7 @@ The default is indicating not to .Xr chroot 2 . .It Cm Ciphers -Specifies the ciphers allowed for protocol version 2. +Specifies the ciphers allowed. Multiple ciphers must be comma-separated. If the specified value begins with a .Sq + @@ -518,7 +516,6 @@ If .Cm ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. -This option applies to protocol version 2 only. .It Cm ClientAliveInterval Sets a timeout interval in seconds after which if no data has been received from the client, @@ -527,7 +524,6 @@ will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. -This option applies to protocol version 2 only. .It Cm Compression Specifies whether compression is allowed, or delayed until the user has authenticated successfully. @@ -627,13 +623,11 @@ The default is Specifies whether user authentication based on GSSAPI is allowed. The default is .Dq no . -Note that this option applies to protocol version 2 only. .It Cm GSSAPICleanupCredentials Specifies whether to automatically destroy the user's credentials cache on logout. The default is .Dq yes . -Note that this option applies to protocol version 2 only. .It Cm GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. @@ -676,9 +670,6 @@ may be used to list supported key types. Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed (host-based authentication). -This option is similar to -.Cm RhostsRSAAuthentication -and applies to protocol version 2 only. The default is .Dq no . .It Cm HostbasedUsesNameFromPacketOnly @@ -749,7 +740,7 @@ is specified, the location of the socket will be read from the .Ev SSH_AUTH_SOCK environment variable. .It Cm HostKeyAlgorithms -Specifies the protocol version 2 host key algorithms +Specifies the host key algorithms that the server offers. The default for this option is: .Bd -literal -offset 3n @@ -970,8 +961,7 @@ DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level violates the privacy of users and is not recommended. .It Cm MACs Specifies the available MAC (message authentication code) algorithms. -The MAC algorithm is used in protocol version 2 -for data integrity protection. +The MAC algorithm is used for data integrity protection. Multiple algorithms must be comma-separated. If the specified value begins with a .Sq + @@ -1380,7 +1370,6 @@ may be used to list supported key types. Specifies whether public key authentication is allowed. The default is .Dq yes . -Note that this option applies to protocol version 2 only. .It Cm RekeyLimit Specifies the maximum amount of data that may be transmitted before the session key is renegotiated, optionally followed a maximum amount of @@ -1406,7 +1395,6 @@ is .Dq default none , which means that rekeying is performed after the cipher's default amount of data has been sent or received and no time based rekeying is done. -This option applies to protocol version 2 only. .It Cm RevokedKeys Specifies revoked public keys file, or .Dq none @@ -1493,7 +1481,6 @@ This may simplify configurations using to force a different filesystem root on clients. .Pp By default no subsystems are defined. -Note that this option applies to protocol version 2 only. .It Cm SyslogFacility Gives the facility code that is used when logging messages from .Xr sshd 8 .