diff options
author | djm@openbsd.org <djm@openbsd.org> | 2021-02-23 22:55:08 +0100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2021-02-23 22:56:22 +0100 |
commit | 8b8b60542d6652b2c91e0ef9e9cc81bcb65e6b42 (patch) | |
tree | 26e2bd8c3e9b267967e7ab3f7cee3babbb0db7c0 | |
parent | upstream: Correct reference to signature algorithms as keys; from (diff) | |
download | openssh-8b8b60542d6652b2c91e0ef9e9cc81bcb65e6b42.tar.xz openssh-8b8b60542d6652b2c91e0ef9e9cc81bcb65e6b42.zip |
upstream: lots more s/key types/signature algorithms/ mostly in
HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen
OpenBSD-Commit-ID: 3f719de4385b1a89e4323b2549c66aae050129cb
-rw-r--r-- | ssh_config.5 | 40 | ||||
-rw-r--r-- | sshd_config.5 | 24 |
2 files changed, 32 insertions, 32 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 8764e87b5..fc6668fdf 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.347 2021/02/15 20:43:15 markus Exp $ -.Dd $Mdocdate: February 15 2021 $ +.\" $OpenBSD: ssh_config.5,v 1.348 2021/02/23 21:55:08 djm Exp $ +.Dd $Mdocdate: February 23 2021 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -801,20 +801,20 @@ will not be converted automatically, but may be manually hashed using .Xr ssh-keygen 1 . .It Cm HostbasedAcceptedAlgorithms -Specifies the key types that will be used for hostbased authentication -as a comma-separated list of patterns. +Specifies the signature algorithms that will be used for hostbased +authentication as a comma-separated list of patterns. Alternately if the specified list begins with a .Sq + -character, then the specified key types will be appended to the default set -instead of replacing them. +character, then the specified signature algorithms will be appended +to the default set instead of replacing them. If the specified list begins with a .Sq - -character, then the specified key types (including wildcards) will be removed -from the default set instead of replacing them. +character, then the specified signature algorithms (including wildcards) +will be removed from the default set instead of replacing them. If the specified list begins with a .Sq ^ -character, then the specified key types will be placed at the head of the -default set. +character, then the specified signature algorithms will be placed +at the head of the default set. The default for this option is: .Bd -literal -offset 3n ssh-ed25519-cert-v01@openssh.com, @@ -837,7 +837,7 @@ The .Fl Q option of .Xr ssh 1 -may be used to list supported key types. +may be used to list supported signature algorithms. This was formerly named HostbasedKeyTypes. .It Cm HostbasedAuthentication Specifies whether to try rhosts based authentication with public key @@ -848,20 +848,20 @@ or .Cm no (the default). .It Cm HostKeyAlgorithms -Specifies the host key algorithms +Specifies the host key signature algorithms that the client wants to use in order of preference. Alternately if the specified list begins with a .Sq + -character, then the specified key types will be appended to the default set -instead of replacing them. +character, then the specified signature algorithms will be appended to +the default set instead of replacing them. If the specified list begins with a .Sq - -character, then the specified key types (including wildcards) will be removed -from the default set instead of replacing them. +character, then the specified signature algorithms (including wildcards) +will be removed from the default set instead of replacing them. If the specified list begins with a .Sq ^ -character, then the specified key types will be placed at the head of the -default set. +character, then the specified signature algorithms will be placed +at the head of the default set. The default for this option is: .Bd -literal -offset 3n ssh-ed25519-cert-v01@openssh.com, @@ -883,7 +883,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa If hostkeys are known for the destination host then this default is modified to prefer their algorithms. .Pp -The list of available key types may also be obtained using +The list of available signature algorithms may also be obtained using .Qq ssh -Q HostKeyAlgorithms . .It Cm HostKeyAlias Specifies an alias that should be used instead of the @@ -1461,7 +1461,7 @@ sk-ecdsa-sha2-nistp256@openssh.com, rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp -The list of available key types may also be obtained using +The list of available signature algorithms may also be obtained using .Qq ssh -Q PubkeyAcceptedAlgorithms . .It Cm PubkeyAuthentication Specifies whether to try public key authentication. diff --git a/sshd_config.5 b/sshd_config.5 index 7ad2e5c3f..c7e360fb4 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.326 2021/02/23 21:50:18 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.327 2021/02/23 21:55:08 djm Exp $ .Dd $Mdocdate: February 23 2021 $ .Dt SSHD_CONFIG 5 .Os @@ -659,20 +659,20 @@ This facility is provided to assist with operation on multi homed machines. The default is .Cm yes . .It Cm HostbasedAcceptedAlgorithms -Specifies the key types that will be accepted for hostbased authentication -as a list of comma-separated patterns. +Specifies the signature algorithms that will be accepted for hostbased +authentication as a list of comma-separated patterns. Alternately if the specified list begins with a .Sq + -character, then the specified key types will be appended to the default set -instead of replacing them. +character, then the specified signature algorithms will be appended to +the default set instead of replacing them. If the specified list begins with a .Sq - -character, then the specified key types (including wildcards) will be removed -from the default set instead of replacing them. +character, then the specified signature algorithms (including wildcards) +will be removed from the default set instead of replacing them. If the specified list begins with a .Sq ^ -character, then the specified key types will be placed at the head of the -default set. +character, then the specified signature algorithms will be placed at +the head of the default set. The default for this option is: .Bd -literal -offset 3n ssh-ed25519-cert-v01@openssh.com, @@ -691,7 +691,7 @@ sk-ecdsa-sha2-nistp256@openssh.com, rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp -The list of available key types may also be obtained using +The list of available signature algorithms may also be obtained using .Qq ssh -Q HostbasedAcceptedAlgorithms . This was formerly named HostbasedAcceptedKeyTypes. .It Cm HostbasedAuthentication @@ -756,7 +756,7 @@ is specified, the location of the socket will be read from the .Ev SSH_AUTH_SOCK environment variable. .It Cm HostKeyAlgorithms -Specifies the host key algorithms +Specifies the host key signature algorithms that the server offers. The default for this option is: .Bd -literal -offset 3n @@ -776,7 +776,7 @@ sk-ecdsa-sha2-nistp256@openssh.com, rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp -The list of available key types may also be obtained using +The list of available signature algorithms may also be obtained using .Qq ssh -Q HostKeyAlgorithms . .It Cm IgnoreRhosts Specifies whether to ignore per-user |