=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd_config.5,v retrieving revision 1.228 retrieving revision 1.229 diff -u -r1.228 -r1.229 --- src/usr.bin/ssh/sshd_config.5 2016/08/12 19:19:04 1.228 +++ src/usr.bin/ssh/sshd_config.5 2016/08/15 12:32:04 1.229 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.228 2016/08/12 19:19:04 jca Exp $ -.Dd $Mdocdate: August 12 2016 $ +.\" $OpenBSD: sshd_config.5,v 1.229 2016/08/15 12:32:04 naddy Exp $ +.Dd $Mdocdate: August 15 2016 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -230,8 +230,6 @@ .Dq publickey,publickey will require successful authentication using two different public keys. .Pp -This option will yield a fatal -error if enabled if protocol 1 is also enabled. Note that each authentication method listed should also be explicitly enabled in the configuration. The default @@ -710,15 +708,12 @@ .It Cm HostKey Specifies a file containing a private host key used by SSH. -The default is -.Pa /etc/ssh/ssh_host_key -for protocol version 1, and +The defaults are .Pa /etc/ssh/ssh_host_dsa_key , .Pa /etc/ssh/ssh_host_ecdsa_key , .Pa /etc/ssh/ssh_host_ed25519_key and -.Pa /etc/ssh/ssh_host_rsa_key -for protocol version 2. +.Pa /etc/ssh/ssh_host_rsa_key . .Pp Note that .Xr sshd 8 @@ -729,14 +724,6 @@ .Xr sshd 8 . .Pp It is possible to have multiple host key files. -.Dq rsa1 -keys are used for version 1 and -.Dq dsa , -.Dq ecdsa , -.Dq ed25519 -or -.Dq rsa -are used for version 2 of the SSH protocol. It is also possible to specify public host key files instead. In this case operations on the private key will be delegated to an @@ -775,8 +762,6 @@ and .Pa .shosts files will not be used in -.Cm RhostsRSAAuthentication -or .Cm HostbasedAuthentication . .Pp .Pa /etc/hosts.equiv @@ -791,8 +776,6 @@ should ignore the user's .Pa ~/.ssh/known_hosts during -.Cm RhostsRSAAuthentication -or .Cm HostbasedAuthentication . The default is .Dq no . @@ -911,15 +894,6 @@ .Xr ssh 1 with an argument of .Dq kex . -.It Cm KeyRegenerationInterval -In protocol version 1, the ephemeral server key is automatically regenerated -after this many seconds (if it has been used). -The purpose of regeneration is to prevent -decrypting captured sessions by later breaking into the machine and -stealing the keys. -The key is never stored anywhere. -If the value is 0, the key is never regenerated. -The default is 3600 (seconds). .It Cm ListenAddress Specifies the local addresses .Xr sshd 8 @@ -1128,8 +1102,6 @@ .Cm PubkeyAuthentication , .Cm RekeyLimit , .Cm RevokedKeys , -.Cm RhostsRSAAuthentication , -.Cm RSAAuthentication , .Cm StreamLocalBindMask , .Cm StreamLocalBindUnlink , .Cm TrustedUserCAKeys , @@ -1334,28 +1306,6 @@ or equivalent.) The default is .Dq yes . -.It Cm Protocol -Specifies the protocol versions -.Xr sshd 8 -supports. -The possible values are -.Sq 1 -and -.Sq 2 . -Multiple versions must be comma-separated. -The default is -.Sq 2 . -Protocol 1 suffers from a number of cryptographic weaknesses and should -not be used. -It is only offered to support legacy devices. -.Pp -Note that the order of the protocol list does not indicate preference, -because the client selects among multiple protocol versions offered -by the server. -Specifying -.Dq 2,1 -is identical to -.Dq 1,2 . .It Cm PubkeyAcceptedKeyTypes Specifies the key types that will be accepted for public key authentication as a comma-separated pattern list. @@ -1420,20 +1370,6 @@ .Xr ssh-keygen 1 . For more information on KRLs, see the KEY REVOCATION LISTS section in .Xr ssh-keygen 1 . -.It Cm RhostsRSAAuthentication -Specifies whether rhosts or /etc/hosts.equiv authentication together -with successful RSA host authentication is allowed. -The default is -.Dq no . -This option applies to protocol version 1 only. -.It Cm RSAAuthentication -Specifies whether pure RSA authentication is allowed. -The default is -.Dq yes . -This option applies to protocol version 1 only. -.It Cm ServerKeyBits -Defines the number of bits in the ephemeral protocol version 1 server key. -The default and minimum value is 1024. .It Cm StreamLocalBindMask Sets the octal file creation mode mask .Pq umask