From 50a74e4b749e4e1662c9f7564b2bff8d5bbc701e Mon Sep 17 00:00:00 2001 From: djm Date: Mon, 22 Dec 2014 09:05:17 +0000 Subject: [PATCH] mention ssh -Q feature to list supported { MAC, cipher, KEX, key } algorithms in more places and include the query string used to list the relevant information; bz#2288 --- usr.bin/ssh/ssh_config.5 | 29 ++++++++++++++++++++++++++--- usr.bin/ssh/sshd_config.5 | 20 ++++++++++++++++++-- 2 files changed, 44 insertions(+), 5 deletions(-) diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 33da983ea7a..7a5dd52c852 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.197 2014/12/21 23:12:42 djm Exp $ -.Dd $Mdocdate: December 21 2014 $ +.\" $OpenBSD: ssh_config.5,v 1.198 2014/12/22 09:05:17 djm Exp $ +.Dd $Mdocdate: December 22 2014 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -417,7 +417,9 @@ aes192-cbc,aes256-cbc,arcfour The list of available ciphers may also be obtained using the .Fl Q option of -.Xr ssh 1 . +.Xr ssh 1 +with an argument of +.Dq cipher . .It Cm ClearAllForwardings Specifies that all local, remote, and dynamic port forwardings specified in the configuration files or on the command line be @@ -793,6 +795,13 @@ ssh-ed25519,ssh-rsa,ssh-dss .Pp If hostkeys are known for the destination host then this default is modified to prefer their algorithms. +.Pp +The list of available key types may also be obtained using the +.Fl Q +option of +.Xr ssh 1 +with an argument of +.Dq key . .It Cm HostKeyAlias Specifies an alias that should be used instead of the real host name when looking up or saving the host key @@ -963,6 +972,13 @@ diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1 .Ed +.Pp +The list of available key exchange algorithms may also be obtained using the +.Fl Q +option of +.Xr ssh 1 +with an argument of +.Dq kex . .It Cm LocalCommand Specifies a command to execute on the local machine after successfully connecting to the server. @@ -1052,6 +1068,13 @@ hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com, hmac-md5,hmac-sha1,hmac-ripemd160, hmac-sha1-96,hmac-md5-96 .Ed +.Pp +The list of available MAC algorithms may also be obtained using the +.Fl Q +option of +.Xr ssh 1 +with an argument of +.Dq mac . .It Cm NoHostAuthenticationForLocalhost This option can be used if the home directory is shared across machines. In this case localhost will refer to a different machine on each of diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 5c8de9ba8ab..7f79255789c 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.187 2014/12/22 08:24:17 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.188 2014/12/22 09:05:17 djm Exp $ .Dd $Mdocdate: December 22 2014 $ .Dt SSHD_CONFIG 5 .Os @@ -419,7 +419,9 @@ chacha20-poly1305@openssh.com The list of available ciphers may also be obtained using the .Fl Q option of -.Xr ssh 1 . +.Xr ssh 1 +with an argument of +.Dq cipher . .It Cm ClientAliveCountMax Sets the number of client alive messages (see below) which may be sent without @@ -761,6 +763,13 @@ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1 .Ed +.Pp +The list of available key exchange algorithms may also be obtained using the +.Fl Q +option of +.Xr ssh 1 +with an argument of +.Dq kex . .It Cm KeyRegenerationInterval In protocol version 1, the ephemeral server key is automatically regenerated after this many seconds (if it has been used). @@ -879,6 +888,13 @@ hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, umac-64@openssh.com,umac-128@openssh.com, hmac-sha2-256,hmac-sha2-512 .Ed +.Pp +The list of available MAC algorithms may also be obtained using the +.Fl Q +option of +.Xr ssh 1 +with an argument of +.Dq mac . .It Cm Match Introduces a conditional block. If all of the criteria on the -- 2.20.1