diff options
| author | Christian Weisgerber <naddy@cvs.openbsd.org> | 2019-09-06 14:45:35 +0000 |
|---|---|---|
| committer | Christian Weisgerber <naddy@cvs.openbsd.org> | 2019-09-06 14:45:35 +0000 |
| commit | 6017ffca4547be4e94667228be8446da7727df13 (patch) | |
| tree | 6e2ba292590a490de692928cb04f115bee3660e8 /usr.bin/ssh/sshd_config.5 | |
| parent | 3caab1ffbcc814667301f49a55012c0dbc6cbcc1 (diff) | |
Allow prepending a list of algorithms to the default set by starting
the list with the '^' character, e.g.
HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com
ok djm@ dtucker@
Diffstat (limited to 'usr.bin/ssh/sshd_config.5')
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 6b8f1566b1a..23cf7000ed2 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.289 2019/09/04 20:31:15 naddy Exp $ -.Dd $Mdocdate: September 4 2019 $ +.\" $OpenBSD: sshd_config.5,v 1.290 2019/09/06 14:45:34 naddy Exp $ +.Dd $Mdocdate: September 6 2019 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -464,6 +464,10 @@ If the specified list begins with a .Sq - character, then the specified ciphers (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified ciphers will be placed at the head of the +default set. .Pp The supported ciphers are: .Pp @@ -678,6 +682,10 @@ If the specified list begins with a .Sq - character, then the specified key types (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified key types will be placed at the head of the +default set. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -883,6 +891,10 @@ If the specified list begins with a .Sq - character, then the specified methods (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified methods will be placed at the head of the +default set. The supported algorithms are: .Pp .Bl -item -compact -offset indent @@ -1000,6 +1012,10 @@ If the specified list begins with a .Sq - character, then the specified algorithms (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified algorithms will be placed at the head of the +default set. .Pp The algorithms that contain .Qq -etm @@ -1405,6 +1421,10 @@ If the specified list begins with a .Sq - character, then the specified key types (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified key types will be placed at the head of the +default set. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, |