RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: clarify KEXAlgorithms supported vs available. Inspired by 

bz3701 from Colin Watson.

OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7
This commit is contained in:
djm@openbsd.org 2024-06-14 05:01:22 +00:00 committed by Damien Miller
parent d172ad56df
commit dd7807bbe8
No known key found for this signature in database
2 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ssh_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.394 2024/02/21 06:01:13 djm Exp $
.Dd $Mdocdate: February 21 2024 $
.\" $OpenBSD: ssh_config.5,v 1.395 2024/06/14 05:01:22 djm Exp $
.Dd $Mdocdate: June 14 2024 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@ -1261,8 +1261,12 @@ it may be zero or more of:
and
.Cm pam .
.It Cm KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms.
Specifies the permitted KEX (Key Exchange) algorithms that will be used and
their preference order.
The selected algorithm will the the first algorithm in this list that
the server also supports.
Multiple algorithms must be comma-separated.
.Pp
If the specified list begins with a
.Sq +
character, then the specified algorithms will be appended to the default set
@ -1275,6 +1279,7 @@ If the specified list begins with a
.Sq ^
character, then the specified algorithms will be placed at the head of the
default set.
.Pp
The default is:
.Bd -literal -offset indent
sntrup761x25519-sha512@openssh.com,
@ -1286,7 +1291,7 @@ diffie-hellman-group18-sha512,
diffie-hellman-group14-sha256
.Ed
.Pp
The list of available key exchange algorithms may also be obtained using
The list of supported key exchange algorithms may also be obtained using
.Qq ssh -Q kex .
.It Cm KnownHostsCommand
Specifies a command to use to obtain a list of host keys, in addition to

15
sshd_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.362 2024/06/13 15:06:33 naddy Exp $
.Dd $Mdocdate: June 13 2024 $
.\" $OpenBSD: sshd_config.5,v 1.363 2024/06/14 05:01:22 djm Exp $
.Dd $Mdocdate: June 14 2024 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@ -1003,9 +1003,13 @@ file on logout.
The default is
.Cm yes .
.It Cm KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms.
Specifies the permitted KEX (Key Exchange) algorithms that the server will
offer to clients.
The ordering of this list is not important, as the client specifies the
preference order.
Multiple algorithms must be comma-separated.
Alternately if the specified list begins with a
.Pp
If the specified list begins with a
.Sq +
character, then the specified algorithms will be appended to the default set
instead of replacing them.
@ -1017,6 +1021,7 @@ If the specified list begins with a
.Sq ^
character, then the specified algorithms will be placed at the head of the
default set.
.Pp
The supported algorithms are:
.Pp
.Bl -item -compact -offset indent
@ -1058,7 +1063,7 @@ diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
diffie-hellman-group14-sha256
.Ed
.Pp
The list of available key exchange algorithms may also be obtained using
The list of supported key exchange algorithms may also be obtained using
.Qq ssh -Q KexAlgorithms .
.It Cm ListenAddress
Specifies the local addresses