summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-09-20 03:30:44 +0000
committerDamien Miller <djm@mindrot.org>2018-09-20 14:00:29 +1000
commitecac7e1f7add6b28874959a11f2238d149dc2c07 (patch)
tree58cde218f604646101ff838423b7beeafb46b909 /ssh_config.5
parent86e5737c39153af134158f24d0cab5827cbd5852 (diff)
upstream: add CASignatureAlgorithms option for the client, allowing
it to specify which signature algorithms may be used by CAs when signing certificates. Useful if you want to ban RSA/SHA1; ok markus@ OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.516
1 files changed, 14 insertions, 2 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index f499396a..a9b44cc4 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.281 2018/07/23 19:02:49 kn Exp $
-.Dd $Mdocdate: July 23 2018 $
+.\" $OpenBSD: ssh_config.5,v 1.282 2018/09/20 03:30:44 djm Exp $
+.Dd $Mdocdate: September 20 2018 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -261,6 +261,18 @@ Only useful on systems with more than one address.
.It Cm BindInterface
Use the address of the specified interface on the local machine as the
source address of the connection.
+.It Cm CASignatureAlgorithms
+Specifies which algorithms are allowed for signing of certificates
+by certificate authorities (CAs).
+The default is:
+.Bd -literal -offset indent
+ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+.Ed
+.Pp
+.Xr ssh 1
+will not accept host certificates signed using algorithms other than those
+specified.
.It Cm CanonicalDomains
When
.Cm CanonicalizeHostname