From f74e883352a52dd3ed454627dc159aa65f98d7f3 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 26 Aug 2024 09:43:00 +0200 Subject: Merging upstream version 1:9.8p1. Signed-off-by: Daniel Baumann --- ssh_config.5 | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'ssh_config.5') diff --git a/ssh_config.5 b/ssh_config.5 index 2931d80..2e19022 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.394 2024/02/21 06:01:13 djm Exp $ -.Dd $Mdocdate: February 21 2024 $ +.\" $OpenBSD: ssh_config.5,v 1.396 2024/06/17 08:30:29 djm Exp $ +.Dd $Mdocdate: June 17 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1114,7 +1114,7 @@ section and environment variables as described in the .Sx ENVIRONMENT VARIABLES section. .It Cm IdentityFile -Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, +Specifies a file from which the user's ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read. You can also specify a public key file to use the corresponding private key that is loaded in @@ -1124,10 +1124,9 @@ The default is .Pa ~/.ssh/id_rsa , .Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_ecdsa_sk , -.Pa ~/.ssh/id_ed25519 , -.Pa ~/.ssh/id_ed25519_sk +.Pa ~/.ssh/id_ed25519 and -.Pa ~/.ssh/id_dsa . +.Pa ~/.ssh/id_ed25519_sk . Additionally, any identities represented by the authentication agent will be used for authentication unless .Cm IdentitiesOnly @@ -1261,8 +1260,12 @@ it may be zero or more of: and .Cm pam . .It Cm KexAlgorithms -Specifies the available KEX (Key Exchange) algorithms. +Specifies the permitted KEX (Key Exchange) algorithms that will be used and +their preference order. +The selected algorithm will the the first algorithm in this list that +the server also supports. Multiple algorithms must be comma-separated. +.Pp If the specified list begins with a .Sq + character, then the specified algorithms will be appended to the default set @@ -1275,6 +1278,7 @@ If the specified list begins with a .Sq ^ character, then the specified algorithms will be placed at the head of the default set. +.Pp The default is: .Bd -literal -offset indent sntrup761x25519-sha512@openssh.com, @@ -1286,7 +1290,7 @@ diffie-hellman-group18-sha512, diffie-hellman-group14-sha256 .Ed .Pp -The list of available key exchange algorithms may also be obtained using +The list of supported key exchange algorithms may also be obtained using .Qq ssh -Q kex . .It Cm KnownHostsCommand Specifies a command to use to obtain a list of host keys, in addition to -- cgit v1.2.3