version 1.213, 2015/07/10 06:21:53 |
version 1.214, 2015/07/30 00:01:34 |
|
|
Specifies the ciphers allowed for protocol version 2 |
Specifies the ciphers allowed for protocol version 2 |
in order of preference. |
in order of preference. |
Multiple ciphers must be comma-separated. |
Multiple ciphers must be comma-separated. |
|
If the specified value begins with a |
|
.Sq + |
|
character, then the specified ciphers will be appended to the default set |
|
instead of replacing them. |
|
.Pp |
The supported ciphers are: |
The supported ciphers are: |
.Pp |
.Pp |
.Bl -item -compact -offset indent |
.Bl -item -compact -offset indent |
|
|
.It Cm HostbasedKeyTypes |
.It Cm HostbasedKeyTypes |
Specifies the key types that will be used for hostbased authentication |
Specifies the key types that will be used for hostbased authentication |
as a comma-separated pattern list. |
as a comma-separated pattern list. |
|
Alternately if the specified value begins with a |
|
.Sq + |
|
character, then the specified key types will be appended to the default set |
|
instead of replacing them. |
The default for this option is: |
The default for this option is: |
.Bd -literal -offset 3n |
.Bd -literal -offset 3n |
ecdsa-sha2-nistp256-cert-v01@openssh.com, |
ecdsa-sha2-nistp256-cert-v01@openssh.com, |
|
|
.It Cm HostKeyAlgorithms |
.It Cm HostKeyAlgorithms |
Specifies the protocol version 2 host key algorithms |
Specifies the protocol version 2 host key algorithms |
that the client wants to use in order of preference. |
that the client wants to use in order of preference. |
|
Alternately if the specified value begins with a |
|
.Sq + |
|
character, then the specified key types will be appended to the default set |
|
instead of replacing them. |
The default for this option is: |
The default for this option is: |
.Bd -literal -offset 3n |
.Bd -literal -offset 3n |
ecdsa-sha2-nistp256-cert-v01@openssh.com, |
ecdsa-sha2-nistp256-cert-v01@openssh.com, |
|
|
.It Cm KexAlgorithms |
.It Cm KexAlgorithms |
Specifies the available KEX (Key Exchange) algorithms. |
Specifies the available KEX (Key Exchange) algorithms. |
Multiple algorithms must be comma-separated. |
Multiple algorithms must be comma-separated. |
|
Alternately if the specified value begins with a |
|
.Sq + |
|
character, then the specified methods will be appended to the default set |
|
instead of replacing them. |
The default is: |
The default is: |
.Bd -literal -offset indent |
.Bd -literal -offset indent |
curve25519-sha256@libssh.org, |
curve25519-sha256@libssh.org, |
|
|
The MAC algorithm is used in protocol version 2 |
The MAC algorithm is used in protocol version 2 |
for data integrity protection. |
for data integrity protection. |
Multiple algorithms must be comma-separated. |
Multiple algorithms must be comma-separated. |
|
If the specified value begins with a |
|
.Sq + |
|
character, then the specified algorithms will be appended to the default set |
|
instead of replacing them. |
|
.Pp |
The algorithms that contain |
The algorithms that contain |
.Dq -etm |
.Dq -etm |
calculate the MAC after encryption (encrypt-then-mac). |
calculate the MAC after encryption (encrypt-then-mac). |
These are considered safer and their use recommended. |
These are considered safer and their use recommended. |
|
.Pp |
The default is: |
The default is: |
.Bd -literal -offset indent |
.Bd -literal -offset indent |
umac-64-etm@openssh.com,umac-128-etm@openssh.com, |
umac-64-etm@openssh.com,umac-128-etm@openssh.com, |
|
|
.It Cm PubkeyAcceptedKeyTypes |
.It Cm PubkeyAcceptedKeyTypes |
Specifies the key types that will be used for public key authentication |
Specifies the key types that will be used for public key authentication |
as a comma-separated pattern list. |
as a comma-separated pattern list. |
|
Alternately if the specified value begins with a |
|
.Sq + |
|
character, then the key types after it will be appended to the default |
|
instead of replacing it. |
The default for this option is: |
The default for this option is: |
.Bd -literal -offset 3n |
.Bd -literal -offset 3n |
ecdsa-sha2-nistp256-cert-v01@openssh.com, |
ecdsa-sha2-nistp256-cert-v01@openssh.com, |