[openssh-commits] [openssh] 02/02: upstream: clarify KEXAlgorithms supported vs available. Inspired by
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Jun 14 15:03:19 AEST 2024
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit dd7807bbe80a93ffb4616f2bd5cf83ad5a5595fb
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Fri Jun 14 05:01:22 2024 +0000
upstream: clarify KEXAlgorithms supported vs available. Inspired by
bz3701 from Colin Watson.
OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7
---
ssh_config.5 | 13 +++++++++----
sshd_config.5 | 15 ++++++++++-----
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/ssh_config.5 b/ssh_config.5
index 2931d807..0f8dddcb 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.394 2024/02/21 06:01:13 djm Exp $
-.Dd $Mdocdate: February 21 2024 $
+.\" $OpenBSD: ssh_config.5,v 1.395 2024/06/14 05:01:22 djm Exp $
+.Dd $Mdocdate: June 14 2024 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -1261,8 +1261,12 @@ it may be zero or more of:
and
.Cm pam .
.It Cm KexAlgorithms
-Specifies the available KEX (Key Exchange) algorithms.
+Specifies the permitted KEX (Key Exchange) algorithms that will be used and
+their preference order.
+The selected algorithm will the the first algorithm in this list that
+the server also supports.
Multiple algorithms must be comma-separated.
+.Pp
If the specified list begins with a
.Sq +
character, then the specified algorithms will be appended to the default set
@@ -1275,6 +1279,7 @@ If the specified list begins with a
.Sq ^
character, then the specified algorithms will be placed at the head of the
default set.
+.Pp
The default is:
.Bd -literal -offset indent
sntrup761x25519-sha512 at openssh.com,
@@ -1286,7 +1291,7 @@ diffie-hellman-group18-sha512,
diffie-hellman-group14-sha256
.Ed
.Pp
-The list of available key exchange algorithms may also be obtained using
+The list of supported key exchange algorithms may also be obtained using
.Qq ssh -Q kex .
.It Cm KnownHostsCommand
Specifies a command to use to obtain a list of host keys, in addition to
diff --git a/sshd_config.5 b/sshd_config.5
index b228e905..d5019f8e 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.362 2024/06/13 15:06:33 naddy Exp $
-.Dd $Mdocdate: June 13 2024 $
+.\" $OpenBSD: sshd_config.5,v 1.363 2024/06/14 05:01:22 djm Exp $
+.Dd $Mdocdate: June 14 2024 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -1003,9 +1003,13 @@ file on logout.
The default is
.Cm yes .
.It Cm KexAlgorithms
-Specifies the available KEX (Key Exchange) algorithms.
+Specifies the permitted KEX (Key Exchange) algorithms that the server will
+offer to clients.
+The ordering of this list is not important, as the client specifies the
+preference order.
Multiple algorithms must be comma-separated.
-Alternately if the specified list begins with a
+.Pp
+If the specified list begins with a
.Sq +
character, then the specified algorithms will be appended to the default set
instead of replacing them.
@@ -1017,6 +1021,7 @@ If the specified list begins with a
.Sq ^
character, then the specified algorithms will be placed at the head of the
default set.
+.Pp
The supported algorithms are:
.Pp
.Bl -item -compact -offset indent
@@ -1058,7 +1063,7 @@ diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
diffie-hellman-group14-sha256
.Ed
.Pp
-The list of available key exchange algorithms may also be obtained using
+The list of supported key exchange algorithms may also be obtained using
.Qq ssh -Q KexAlgorithms .
.It Cm ListenAddress
Specifies the local addresses
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list