diff options
Diffstat (limited to 'ssh_config.5')
| -rw-r--r-- | ssh_config.5 | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 2931d80..2e19022 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.394 2024/02/21 06:01:13 djm Exp $ -.Dd $Mdocdate: February 21 2024 $ +.\" $OpenBSD: ssh_config.5,v 1.396 2024/06/17 08:30:29 djm Exp $ +.Dd $Mdocdate: June 17 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1114,7 +1114,7 @@ section and environment variables as described in the .Sx ENVIRONMENT VARIABLES section. .It Cm IdentityFile -Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, +Specifies a file from which the user's ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read. You can also specify a public key file to use the corresponding private key that is loaded in @@ -1124,10 +1124,9 @@ The default is .Pa ~/.ssh/id_rsa , .Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_ecdsa_sk , -.Pa ~/.ssh/id_ed25519 , -.Pa ~/.ssh/id_ed25519_sk +.Pa ~/.ssh/id_ed25519 and -.Pa ~/.ssh/id_dsa . +.Pa ~/.ssh/id_ed25519_sk . Additionally, any identities represented by the authentication agent will be used for authentication unless .Cm IdentitiesOnly @@ -1261,8 +1260,12 @@ it may be zero or more of: and .Cm pam . .It Cm KexAlgorithms -Specifies the available KEX (Key Exchange) algorithms. +Specifies the permitted KEX (Key Exchange) algorithms that will be used and +their preference order. +The selected algorithm will the the first algorithm in this list that +the server also supports. Multiple algorithms must be comma-separated. +.Pp If the specified list begins with a .Sq + character, then the specified algorithms will be appended to the default set @@ -1275,6 +1278,7 @@ If the specified list begins with a .Sq ^ character, then the specified algorithms will be placed at the head of the default set. +.Pp The default is: .Bd -literal -offset indent sntrup761x25519-sha512@openssh.com, @@ -1286,7 +1290,7 @@ diffie-hellman-group18-sha512, diffie-hellman-group14-sha256 .Ed .Pp -The list of available key exchange algorithms may also be obtained using +The list of supported key exchange algorithms may also be obtained using .Qq ssh -Q kex . .It Cm KnownHostsCommand Specifies a command to use to obtain a list of host keys, in addition to |