diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2013-03-22 11:19:48 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2013-03-22 11:19:48 +0000 |
| commit | 9b81c128761e4627fc5291f371e0d07903eb4e72 (patch) | |
| tree | 7ff06aa6c4c960e7fe13b294a9c2eaddce18a2f1 /ssh_config.5 | |
| parent | 925f1fb7e466dbf645650dc4ea9d2a34e728ef9c (diff) | |
| download | src-9b81c128761e4627fc5291f371e0d07903eb4e72.tar.gz src-9b81c128761e4627fc5291f371e0d07903eb4e72.zip | |
Vendor import of OpenSSH 6.2p1.vendor/openssh/6.2p1
Notes
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=248613
svn path=/vendor-crypto/openssh/6.2p1/; revision=248614; tag=vendor/openssh/6.2p1
Diffstat (limited to 'ssh_config.5')
| -rw-r--r-- | ssh_config.5 | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 36b1af195d62..269529c0082a 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.157 2012/06/29 13:57:25 naddy Exp $ -.Dd $Mdocdate: June 29 2012 $ +.\" $OpenBSD: ssh_config.5,v 1.161 2013/01/08 18:49:04 markus Exp $ +.Dd $Mdocdate: January 8 2013 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -204,6 +204,8 @@ The supported ciphers are .Dq aes128-ctr , .Dq aes192-ctr , .Dq aes256-ctr , +.Dq aes128-gcm@openssh.com , +.Dq aes256-gcm@openssh.com , .Dq arcfour128 , .Dq arcfour256 , .Dq arcfour , @@ -213,6 +215,7 @@ and The default is: .Bd -literal -offset 3n aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, +aes128-gcm@openssh.com,aes256-gcm@openssh.com, aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, aes256-cbc,arcfour .Ed @@ -602,6 +605,8 @@ should only use the authentication identity files configured in the files, even if .Xr ssh-agent 1 +or a +.Cm PKCS11Provider offers more identities. The argument to this keyword must be .Dq yes @@ -790,9 +795,18 @@ in order of preference. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. +The algorithms that contain +.Dq -etm +calculate the MAC after encryption (encrypt-then-mac). +These are considered safer and their use recommended. The default is: .Bd -literal -offset indent -hmac-md5,hmac-sha1,umac-64@openssh.com, +hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, +umac-64-etm@openssh.com,umac-128-etm@openssh.com, +hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, +hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com, +hmac-md5-96-etm@openssh.com, +hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com, hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, hmac-sha1-96,hmac-md5-96 .Ed |