Commit 7a4a7657 authored by Darren Tucker's avatar Darren Tucker

- jmc@cvs.openbsd.org 2009/10/08 20:42:12

     [sshd_config.5 ssh_config.5 sshd.8 ssh.1]
     some tweaks now that protocol 1 is not offered by default; ok markus
parent bad5076b
...@@ -7,6 +7,9 @@ ...@@ -7,6 +7,9 @@
[sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5] [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
disable protocol 1 by default (after a transition period of about 10 years) disable protocol 1 by default (after a transition period of about 10 years)
ok deraadt ok deraadt
- jmc@cvs.openbsd.org 2009/10/08 20:42:12
[sshd_config.5 ssh_config.5 sshd.8 ssh.1]
some tweaks now that protocol 1 is not offered by default; ok markus
20091007 20091007
- (dtucker) OpenBSD CVS Sync - (dtucker) OpenBSD CVS Sync
......
...@@ -34,8 +34,8 @@ ...@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh.1,v 1.283 2009/03/19 15:15:09 jmc Exp $ .\" $OpenBSD: ssh.1,v 1.284 2009/10/08 20:42:12 jmc Exp $
.Dd $Mdocdate: March 19 2009 $ .Dd $Mdocdate: October 8 2009 $
.Dt SSH 1 .Dt SSH 1
.Os .Os
.Sh NAME .Sh NAME
...@@ -666,20 +666,18 @@ exits with the exit status of the remote command or with 255 ...@@ -666,20 +666,18 @@ exits with the exit status of the remote command or with 255
if an error occurred. if an error occurred.
.Sh AUTHENTICATION .Sh AUTHENTICATION
The OpenSSH SSH client supports SSH protocols 1 and 2. The OpenSSH SSH client supports SSH protocols 1 and 2.
Protocol 2 is the default, with The default is to use protocol 2 only,
.Nm though this can be changed via the
falling back to protocol 1 if it detects protocol 2 is unsupported.
These settings may be altered using the
.Cm Protocol .Cm Protocol
option in option in
.Xr ssh_config 5 , .Xr ssh_config 5
or enforced using the or the
.Fl 1 .Fl 1
and and
.Fl 2 .Fl 2
options (see above). options (see above).
Both protocols support similar authentication methods, Both protocols support similar authentication methods,
but protocol 2 is preferred since but protocol 2 is the default since
it provides additional mechanisms for confidentiality it provides additional mechanisms for confidentiality
(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) (the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
and integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160). and integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160).
......
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh_config.5,v 1.120 2009/10/08 14:03:41 markus Exp $ .\" $OpenBSD: ssh_config.5,v 1.121 2009/10/08 20:42:13 jmc Exp $
.Dd $Mdocdate: October 8 2009 $ .Dd $Mdocdate: October 8 2009 $
.Dt SSH_CONFIG 5 .Dt SSH_CONFIG 5
.Os .Os
...@@ -731,12 +731,12 @@ and ...@@ -731,12 +731,12 @@ and
.Sq 2 . .Sq 2 .
Multiple versions must be comma-separated. Multiple versions must be comma-separated.
When this option is set to When this option is set to
.Dq 2,1 .Dq 2,1
.Nm ssh .Nm ssh
will try version 2 and fall back to version 1 will try version 2 and fall back to version 1
if version 2 is not available. if version 2 is not available.
The default is The default is
.Dq 2 . .Sq 2 .
.It Cm ProxyCommand .It Cm ProxyCommand
Specifies the command to use to connect to the server. Specifies the command to use to connect to the server.
The command The command
......
...@@ -34,8 +34,8 @@ ...@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd.8,v 1.248 2009/03/26 08:38:39 sobrado Exp $ .\" $OpenBSD: sshd.8,v 1.249 2009/10/08 20:42:13 jmc Exp $
.Dd $Mdocdate: March 26 2009 $ .Dd $Mdocdate: October 8 2009 $
.Dt SSHD 8 .Dt SSHD 8
.Os .Os
.Sh NAME .Sh NAME
...@@ -260,7 +260,7 @@ or ...@@ -260,7 +260,7 @@ or
.El .El
.Sh AUTHENTICATION .Sh AUTHENTICATION
The OpenSSH SSH daemon supports SSH protocols 1 and 2. The OpenSSH SSH daemon supports SSH protocols 1 and 2.
Both protocols are supported by default, The default is to use protocol 2 only,
though this can be changed via the though this can be changed via the
.Cm Protocol .Cm Protocol
option in option in
......
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.108 2009/10/08 14:03:41 markus Exp $ .\" $OpenBSD: sshd_config.5,v 1.109 2009/10/08 20:42:13 jmc Exp $
.Dd $Mdocdate: October 8 2009 $ .Dd $Mdocdate: October 8 2009 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
...@@ -793,7 +793,7 @@ and ...@@ -793,7 +793,7 @@ and
.Sq 2 . .Sq 2 .
Multiple versions must be comma-separated. Multiple versions must be comma-separated.
The default is The default is
.Dq 2 . .Sq 2 .
Note that the order of the protocol list does not indicate preference, Note that the order of the protocol list does not indicate preference,
because the client selects among multiple protocol versions offered because the client selects among multiple protocol versions offered
by the server. by the server.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment