summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2017-02-03 23:01:19 +0000
committerDamien Miller <djm@mindrot.org>2017-02-04 10:08:15 +1100
commit68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 (patch)
tree4b2ddc75ee7ac985570c4e85c37abfd8f7be4f47 /ssh_config.5
parentc924b2ef941028a1f31e6e94f54dfeeeef462a4e (diff)
upstream commit
support =- for removing methods from algorithms lists, e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like it" markus@ Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.528
1 files changed, 26 insertions, 2 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 591365f3..016adbc7 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.240 2016/10/15 19:56:25 jmc Exp $
-.Dd $Mdocdate: October 15 2016 $
+.\" $OpenBSD: ssh_config.5,v 1.241 2017/02/03 23:01:19 djm Exp $
+.Dd $Mdocdate: February 3 2017 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -415,6 +415,10 @@ If the specified value begins with a
.Sq +
character, then the specified ciphers will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified ciphers (including wildcards) will be removed
+from the default set instead of replacing them.
.Pp
The supported ciphers are:
.Bd -literal -offset indent
@@ -784,6 +788,10 @@ Alternately if the specified value begins with a
.Sq +
character, then the specified key types will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified key types (including wildcards) will be removed
+from the default set instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -807,6 +815,10 @@ Alternately if the specified value begins with a
.Sq +
character, then the specified key types will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified key types (including wildcards) will be removed
+from the default set instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -1027,6 +1039,10 @@ Alternately if the specified value begins with a
.Sq +
character, then the specified methods will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified methods (including wildcards) will be removed
+from the default set instead of replacing them.
The default is:
.Bd -literal -offset indent
curve25519-sha256,curve25519-sha256@libssh.org,
@@ -1102,6 +1118,10 @@ If the specified value begins with a
.Sq +
character, then the specified algorithms will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified algorithms (including wildcards) will be removed
+from the default set instead of replacing them.
.Pp
The algorithms that contain
.Qq -etm
@@ -1264,6 +1284,10 @@ Alternately if the specified value begins with a
.Sq +
character, then the key types after it will be appended to the default
instead of replacing it.
+If the specified value begins with a
+.Sq -
+character, then the specified key types (including wildcards) will be removed
+from the default set instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,