diff options
| -rw-r--r-- | usr.bin/ssh/ssh.1 | 12 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 19 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 12 |
4 files changed, 34 insertions, 17 deletions
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index 97133752058..60de6087a75 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.409 2019/12/21 20:22:34 naddy Exp $ -.Dd $Mdocdate: December 21 2019 $ +.\" $OpenBSD: ssh.1,v 1.410 2020/02/07 03:54:44 dtucker Exp $ +.Dd $Mdocdate: February 7 2020 $ .Dt SSH 1 .Os .Sh NAME @@ -585,10 +585,18 @@ flag), (certificate key types), .Ar key-plain (non-certificate key types), +.Ar key-sig +(all key types and signature algorithms), .Ar protocol-version (supported SSH protocol versions), and .Ar sig (supported signature algorithms). +Alternatively, any keyword from +.Xr ssh_config 5 +or +.Xr sshd_config 5 +that takes an algorithm list may be used as an alias for the corresponding +query_option. .Pp .It Fl q Quiet mode. diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 7ef7122fdd9..30365fb590d 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.518 2020/02/06 22:30:54 naddy Exp $ */ +/* $OpenBSD: ssh.c,v 1.519 2020/02/07 03:54:44 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -710,13 +710,16 @@ main(int ac, char **av) break; case 'Q': cp = NULL; - if (strcmp(optarg, "cipher") == 0) + if (strcmp(optarg, "cipher") == 0 || + strcasecmp(optarg, "Ciphers") == 0) cp = cipher_alg_list('\n', 0); else if (strcmp(optarg, "cipher-auth") == 0) cp = cipher_alg_list('\n', 1); - else if (strcmp(optarg, "mac") == 0) + else if (strcmp(optarg, "mac") == 0 || + strcasecmp(optarg, "MACs") == 0) cp = mac_alg_list('\n'); - else if (strcmp(optarg, "kex") == 0) + else if (strcmp(optarg, "kex") == 0 || + strcasecmp(optarg, "KexAlgorithms") == 0) cp = kex_alg_list('\n'); else if (strcmp(optarg, "key") == 0) cp = sshkey_alg_list(0, 0, 0, '\n'); @@ -724,6 +727,12 @@ main(int ac, char **av) cp = sshkey_alg_list(1, 0, 0, '\n'); else if (strcmp(optarg, "key-plain") == 0) cp = sshkey_alg_list(0, 1, 0, '\n'); + else if (strcmp(optarg, "key-sig") == 0 || + strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || + strcasecmp(optarg, "HostKeyAlgorithms") == 0 || + strcasecmp(optarg, "HostbasedKeyTypes") == 0 || + strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0) + cp = sshkey_alg_list(0, 0, 1, '\n'); else if (strcmp(optarg, "sig") == 0) cp = sshkey_alg_list(0, 1, 1, '\n'); else if (strcmp(optarg, "protocol-version") == 0) @@ -737,7 +746,7 @@ main(int ac, char **av) } else if (strcmp(optarg, "help") == 0) { cp = xstrdup( "cipher\ncipher-auth\ncompression\nkex\n" - "key\nkey-cert\nkey-plain\nmac\n" + "key\nkey-cert\nkey-plain\nkey-sig\nmac\n" "protocol-version\nsig"); } if (cp == NULL) diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 2237769ea13..14afcdbd602 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.321 2020/01/31 22:25:59 jmc Exp $ -.Dd $Mdocdate: January 31 2020 $ +.\" $OpenBSD: ssh_config.5,v 1.322 2020/02/07 03:54:44 dtucker Exp $ +.Dd $Mdocdate: February 7 2020 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -868,7 +868,7 @@ If hostkeys are known for the destination host then this default is modified to prefer their algorithms. .Pp The list of available key types may also be obtained using -.Qq ssh -Q key . +.Qq ssh -Q HostKeyAlgorithms . .It Cm HostKeyAlias Specifies an alias that should be used instead of the real host name when looking up or saving the host key @@ -1354,7 +1354,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using -.Qq ssh -Q key . +.Qq ssh -Q PubkeyAcceptedKeyTypes . .It Cm PubkeyAuthentication Specifies whether to try public key authentication. The argument to this keyword must be diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index f037f920525..cf88f2acfe2 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.306 2020/02/06 22:34:58 naddy Exp $ -.Dd $Mdocdate: February 6 2020 $ +.\" $OpenBSD: sshd_config.5,v 1.307 2020/02/07 03:54:44 dtucker Exp $ +.Dd $Mdocdate: February 7 2020 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -695,7 +695,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using -.Qq ssh -Q key . +.Qq ssh -Q HostbasedAcceptedKeyTypes . .It Cm HostbasedAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed @@ -778,7 +778,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using -.Qq ssh -Q key . +.Qq ssh -Q HostKeyAlgorithms . .It Cm IgnoreRhosts Specifies that .Pa .rhosts @@ -951,7 +951,7 @@ diffie-hellman-group14-sha256 .Ed .Pp The list of available key exchange algorithms may also be obtained using -.Qq ssh -Q kex . +.Qq ssh -Q KexAlgorithms . .It Cm ListenAddress Specifies the local addresses .Xr sshd 8 @@ -1463,7 +1463,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using -.Qq ssh -Q key . +.Qq ssh -Q PubkeyAcceptedKeyTypes . .It Cm PubkeyAuthOptions Sets one or more public key authentication options. Two option keywords are currently supported: |