diff --git a/ssh_config.5 b/ssh_config.5 index 93029031a..dc7a2143d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.310 2019/11/30 07:07:59 jmc Exp $ -.Dd $Mdocdate: November 30 2019 $ +.\" $OpenBSD: ssh_config.5,v 1.311 2019/12/19 15:09:30 naddy Exp $ +.Dd $Mdocdate: December 19 2019 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -809,12 +809,16 @@ The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, +sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +sk-ssh-ed25519-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +sk-ecdsa-sha2-nistp256@openssh.com, +ssh-ed25519,sk-ssh-ed25519@openssh.com, +rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The @@ -842,12 +846,16 @@ The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, +sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +sk-ssh-ed25519-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +sk-ecdsa-sha2-nistp256@openssh.com, +ssh-ed25519,sk-ssh-ed25519@openssh.com, +rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp If hostkeys are known for the destination host then this default is modified @@ -1323,19 +1331,19 @@ character, then the specified key types will be placed at the head of the default set. The default for this option is: .Bd -literal -offset 3n -sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, -sk-ssh-ed25519-cert-v01@openssh.com, +sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +sk-ssh-ed25519-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, -sk-ecdsa-sha2-nistp256@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -sk-ssh-ed25519@openssh.com, -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +sk-ecdsa-sha2-nistp256@openssh.com, +ssh-ed25519,sk-ssh-ed25519@openssh.com, +rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using diff --git a/sshd_config.5 b/sshd_config.5 index 8bfb3b6c8..222193170 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.295 2019/11/30 07:07:59 jmc Exp $ -.Dd $Mdocdate: November 30 2019 $ +.\" $OpenBSD: sshd_config.5,v 1.296 2019/12/19 15:09:30 naddy Exp $ +.Dd $Mdocdate: December 19 2019 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -689,12 +689,16 @@ The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, +sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +sk-ssh-ed25519-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +sk-ecdsa-sha2-nistp256@openssh.com, +ssh-ed25519,sk-ssh-ed25519@openssh.com, +rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using @@ -768,12 +772,16 @@ The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, +sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +sk-ssh-ed25519-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +sk-ecdsa-sha2-nistp256@openssh.com, +ssh-ed25519,sk-ssh-ed25519@openssh.com, +rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using @@ -1427,19 +1435,19 @@ character, then the specified key types will be placed at the head of the default set. The default for this option is: .Bd -literal -offset 3n -sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, -sk-ssh-ed25519-cert-v01@openssh.com, +sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +sk-ssh-ed25519-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, -sk-ecdsa-sha2-nistp256@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -sk-ssh-ed25519@openssh.com, -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +sk-ecdsa-sha2-nistp256@openssh.com, +ssh-ed25519,sk-ssh-ed25519@openssh.com, +rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using @@ -1518,6 +1526,10 @@ will be bound to this If the routing domain is set to .Cm \&%D , then the domain in which the incoming connection was received will be applied. +.It Cm SecurityKeyProvider +Specifies a path to a security key provider library that will be used when +loading any security key-hosted keys, overriding the default of using +the built-in support for USB HID keys. .It Cm SetEnv Specifies one or more environment variables to set in child sessions started by