diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2017-02-03 23:01:20 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2017-02-03 23:01:20 +0000 |
| commit | 2045604aea45bac776d9ba6ab1f403983f454377 (patch) | |
| tree | 7298d1bf80c8e4d662a2f3a3041aa5c5a5c3394a /usr.bin/ssh/sshd_config.5 | |
| parent | f77ec57434f859ccae5cbe617b9a3c3336c622c9 (diff) | |
support =- for removing methods from algorithms lists, e.g.
Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671
"I like it" markus@
Diffstat (limited to 'usr.bin/ssh/sshd_config.5')
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 620dfd077ad..53ee5601f7d 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.241 2017/01/06 16:28:12 jmc Exp $ -.Dd $Mdocdate: January 6 2017 $ +.\" $OpenBSD: sshd_config.5,v 1.242 2017/02/03 23:01:19 djm Exp $ +.Dd $Mdocdate: February 3 2017 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -438,6 +438,10 @@ If the specified value begins with a .Sq + character, then the specified ciphers will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified ciphers (including wildcards) will be removed +from the default set instead of replacing them. .Pp The supported ciphers are: .Pp @@ -650,6 +654,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified key types (including wildcards) will be removed +from the default set instead of replacing them. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -844,6 +852,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified methods will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified methods (including wildcards) will be removed +from the default set instead of replacing them. The supported algorithms are: .Pp .Bl -item -compact -offset indent @@ -934,6 +946,10 @@ If the specified value begins with a .Sq + character, then the specified algorithms will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified algorithms (including wildcards) will be removed +from the default set instead of replacing them. .Pp The algorithms that contain .Qq -etm @@ -1281,6 +1297,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified key types (including wildcards) will be removed +from the default set instead of replacing them. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, |