summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/ssh.1
diff options
context:
space:
mode:
authorKevin Steves <stevesk@cvs.openbsd.org>2001-08-22 17:45:17 +0000
committerKevin Steves <stevesk@cvs.openbsd.org>2001-08-22 17:45:17 +0000
commit7ec0b9cd922be19aa300ba8f05570557ce9d99b2 (patch)
treec03c87f108fe5fde4d86fccb857ba8b583dfae10 /usr.bin/ssh/ssh.1
parent29da4ba14b54118fa89b7ad4d6214b47b22220eb (diff)
document cipher des for protocol 1; ok deraadt@
Diffstat (limited to 'usr.bin/ssh/ssh.1')
-rw-r--r--usr.bin/ssh/ssh.129
1 files changed, 21 insertions, 8 deletions
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index ff08013bb4a..4fef3d5875f 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.130 2001/08/22 16:21:21 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.131 2001/08/22 17:45:16 stevesk Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -389,20 +389,24 @@ This can also be specified on a per-host basis in a configuration file.
.It Fl b Ar bind_address
Specify the interface to transmit from on machines with multiple
interfaces or aliased addresses.
-.It Fl c Ar blowfish|3des
+.It Fl c Ar blowfish|3des|des
Selects the cipher to use for encrypting the session.
.Ar 3des
is used by default.
It is believed to be secure.
.Ar 3des
(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
-It is presumably more secure than the
-.Ar des
-cipher which is no longer fully supported in
-.Nm ssh .
.Ar blowfish
is a fast block cipher, it appears very secure and is much faster than
.Ar 3des .
+.Ar des
+is only supported in the
+.Nm
+client for interoperability with legacy protocol 1 implementations
+that do not support the
+.Ar 3des
+cipher. Its use is strongly discouraged due to cryptographic
+weaknesses.
.It Fl c Ar cipher_spec
Additionally, for protocol version 2 a comma-separated list of ciphers can
be specified in order of preference.
@@ -714,10 +718,19 @@ The default is
Specifies the cipher to use for encrypting the session
in protocol version 1.
Currently,
-.Dq blowfish
+.Dq blowfish ,
+.Dq 3des ,
and
-.Dq 3des
+.Dq des
are supported.
+.Ar des
+is only supported in the
+.Nm
+client for interoperability with legacy protocol 1 implementations
+that do not support the
+.Ar 3des
+cipher. Its use is strongly discouraged due to cryptographic
+weaknesses.
The default is
.Dq 3des .
.It Cm Ciphers