src/usr.bin/ssh/sshd_config.5 - diff

Return to sshd_config.5 CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshd_config.5 between version 1.172 and 1.173

-version 1.172, 2014/02/27 22:47:07
+version 1.173, 2014/03/28 05:17:11
 Line 338
 Line 338
 Line 338
  Multiple ciphers must be comma-separated.
  The supported ciphers are:
  .Pp
- .Dq 3des-cbc ,
+ .Bl -item -compact -offset indent
- .Dq aes128-cbc ,
+ .It
- .Dq aes192-cbc ,
+des-cbc
- .Dq aes256-cbc ,
+ .It
- .Dq aes128-ctr ,
+ aes128-cbc
- .Dq aes192-ctr ,
+ .It
- .Dq aes256-ctr ,
+ aes192-cbc
- .Dq aes128-gcm@openssh.com ,
+ .It
- .Dq aes256-gcm@openssh.com ,
+ aes256-cbc
- .Dq arcfour128 ,
+ .It
- .Dq arcfour256 ,
+ aes128-ctr
- .Dq arcfour ,
+ .It
- .Dq blowfish-cbc ,
+ aes192-ctr
- .Dq cast128-cbc ,
+ .It
- and
+ aes256-ctr
- .Dq chacha20-poly1305@openssh.com .
+ .It
+ aes128-gcm@openssh.com
+ .It
+ aes256-gcm@openssh.com
+ .It
+ arcfour
+ .It
+ arcfour128
+ .It
+ arcfour256
+ .It
+ blowfish-cbc
+ .It
+ cast128-cbc
+ .It
+ chacha20-poly1305@openssh.com
+ .El
  .Pp
  The default is:
- .Bd -literal -offset 3n
+ .Bd -literal -offset indent
- aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
+ aes128-ctr,aes192-ctr,aes256-ctr,
  aes128-gcm@openssh.com,aes256-gcm@openssh.com,
- chacha20-poly1305@openssh.com,
+ chacha20-poly1305@openssh.com
- aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
- aes256-cbc,arcfour
  .Ed
  .Pp
  The list of available ciphers may also be obtained using the
-Line 673
+Line 687
 Line 673
 Line 687
  .It Cm KexAlgorithms
  Specifies the available KEX (Key Exchange) algorithms.
  Multiple algorithms must be comma-separated.
- The default is
+ The supported algorithms are:
+ .Pp
+ .Bl -item -compact -offset indent
+ .It
+ curve25519-sha256@libssh.org
+ .It
+ diffie-hellman-group1-sha1
+ .It
+ diffie-hellman-group14-sha1
+ .It
+ diffie-hellman-group-exchange-sha1
+ .It
+ diffie-hellman-group-exchange-sha256
+ .It
+ ecdh-sha2-nistp256
+ .It
+ ecdh-sha2-nistp384
+ .It
+ ecdh-sha2-nistp521
+ .El
+ .Pp
+ The default is:
  .Bd -literal -offset indent
  curve25519-sha256@libssh.org,
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
  diffie-hellman-group-exchange-sha256,
- diffie-hellman-group-exchange-sha1,
+ diffie-hellman-group14-sha1
- diffie-hellman-group14-sha1,
- diffie-hellman-group1-sha1
  .Ed
  .It Cm KeyRegenerationInterval
  In protocol version 1, the ephemeral server key is automatically regenerated
-Line 752
+Line 785
 Line 752
 Line 785
  .Dq -etm
  calculate the MAC after encryption (encrypt-then-mac).
  These are considered safer and their use recommended.
+ The supported MACs are:
+ .Pp
+ .Bl -item -compact -offset indent
+ .It
+ hmac-md5
+ .It
+ hmac-md5-96
+ .It
+ hmac-ripemd160
+ .It
+ hmac-sha1
+ .It
+ hmac-sha1-96
+ .It
+ hmac-sha2-256
+ .It
+ hmac-sha2-512
+ .It
+ umac-64@openssh.com
+ .It
+ umac-128@openssh.com
+ .It
+ hmac-md5-etm@openssh.com
+ .It
+ hmac-md5-96-etm@openssh.com
+ .It
+ hmac-ripemd160-etm@openssh.com
+ .It
+ hmac-sha1-etm@openssh.com
+ .It
+ hmac-sha1-96-etm@openssh.com
+ .It
+ hmac-sha2-256-etm@openssh.com
+ .It
+ hmac-sha2-512-etm@openssh.com
+ .It
+ umac-64-etm@openssh.com
+ .It
+ umac-128-etm@openssh.com
+ .El
+ .Pp
  The default is:
  .Bd -literal -offset indent
- hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
  umac-64-etm@openssh.com,umac-128-etm@openssh.com,
  hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
- hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
+ umac-64@openssh.com,umac-128@openssh.com,
- hmac-md5-96-etm@openssh.com,
+ hmac-sha2-256,hmac-sha2-512
- hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
- hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
- hmac-sha1-96,hmac-md5-96
  .Ed
  .It Cm Match
  Introduces a conditional block.