summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh.1 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* mention -Q key-plain and -Q key-cert;djm2015-09-111-5/+9
| | | | bz#2455 pointed out by Jakub Jelen
* Move .Pp before .Bl, not after to quiet mandoc -Tlint.millert2015-07-201-2/+2
| | | | Noticed by jmc@
* Better desciption of Unix domain socket forwarding.millert2015-07-201-21/+107
| | | | bz#2423; ok jmc@
* Turn off DSA by default; add HostKeyAlgorithms to the server andmarkus2015-07-101-2/+3
| | | | | PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@
* mention ssh-keygen -E for comparing legacy MD5 fingerprints; bz#2332djm2015-05-221-2/+7
|
* Clarify pseudo-terminal request behaviour and use "pseudo-terminal"dtucker2015-05-061-8/+19
| | | | consistently. bz#1716, ok jmc@ "I like it" deraadt@.
* Allow "ssh -Q protocol-version" to list supported SSH protocoldjm2015-03-031-5/+7
| | | | | versions. Useful for detecting builds without SSH v.1 support; idea and ok markus@
* Add a ssh_config HostbasedKeyType option to control whichdjm2015-01-301-2/+3
| | | | | | | | | host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
* correct description of UpdateHostKeys in ssh_config.5 anddjm2015-01-261-2/+3
| | | | | add it to -o lists for ssh, scp and sftp; pointed out by jmc@
* add fingerprinthash to the options list;jmc2014-12-221-2/+3
|
* Add FingerprintHash option to control algorithm used for keydjm2014-12-211-3/+3
| | | | | | | fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* tweak previous;jmc2014-10-091-3/+3
|
* Tweak config reparsing with host canonicalisationdjm2014-10-081-3/+11
| | | | | | | | | | | | | | | | Make the second pass through the config files always run when hostname canonicalisation is enabled. Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T" Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored). bz#2267 bz#2286; ok markus
* improve capitalization for the Ed25519 public-key signature system.sobrado2014-08-301-6/+6
| | | | ok djm@
* Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@millert2014-07-241-5/+8
|
* add the streamlocal* options to ssh's -o list; millert says they'rejmc2014-07-161-2/+4
| | | | | | irrelevant for scp/sftp; ok markus millert
* document that -g will only work in the multiplexed case if applied todjm2014-07-031-2/+4
| | | | the mux master
* delete .xr to hosts.equiv. there's still an unfortunate amount oftedu2014-04-191-3/+2
| | | | documentation referring to rhosts equivalency in here.
* old descriptions of des and blowfish are old. maybe ok deraadttedu2014-03-171-19/+2
|
* add missing mentions of ed25519; ok djm@naddy2013-12-071-6/+14
|
* - put -Q in the right placejmc2013-11-261-5/+4
| | | | | | | | - Ar was a poor choice for the arguments to -Q. i've chosen an admittedly equally poor Cm, at least consistent with the rest of the docs. also no need for multiple instances - zap a now redundant Nm - usage() sync
* improve -Q usage and such. One usage change is that the option is nowderaadt2013-11-251-13/+11
| | | | | case-sensitive ok dtucker markus djm
* Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com"djm2013-11-211-2/+4
| | | | | | | | | | | | | | that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
* s/canonicalise/canonicalize/ for consistency with existing spelling,djm2013-10-161-5/+5
| | | | e.g. authorized_keys; pointed out by naddy@
* Implement client-side hostname canonicalisation to allow an explicitdjm2013-10-161-2/+7
| | | | | | | | | | search path of domain suffixes to use to convert unqualified host names to fully-qualified ones for host key matching. This is particularly useful for host certificates, which would otherwise need to list unqualified names alongside fully-qualified ones (and this causes a number of problems). "looks fine" markus@
* tweak previous;jmc2013-10-151-2/+3
|
* some proxyusefdpass tweaks;jmc2013-08-201-2/+3
|
* some Bx/Ox conversion;jmc2013-08-141-4/+7
| | | | From: Jan Stary
* be more exact wrt perms for ~/.ssh/config; bz#2078djm2013-07-181-3/+3
|
* do not use Sx for sections outwith the man page - ingo informs me thatjmc2013-06-271-8/+4
| | | | | | stuff like html will render with broken links; issue reported by Eric S. Raymond, via djm
* add the ability to query supported ciphers, MACs, key type and KEXdjm2013-04-191-2/+19
| | | | | algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
* Add -E option to ssh and sshd to append debugging logs to a specified filedtucker2013-04-071-2/+7
| | | | instead of stderr or syslog. ok markus@, man page help jmc@
* add umac128 variant; ok djm@ at n2k12markus2012-10-041-3/+3
|
* last stage of rfc changes, using consistent Rs/Re blocks, and moving thejmc2012-09-261-30/+71
| | | | references into a STANDARDS section;
* missing letter in previous;jmc2012-09-061-2/+2
|
* Add ~v and ~V escape sequences to raise and lower the logging leveldtucker2012-09-061-2/+10
| | | | respectively. Man page help from jmc, ok deraadt jmc
* Clarify description of -W. Noted by Steve.McClellan at radisys com, ok jmcdtucker2012-06-181-3/+3
|
* Remove mention of 'three' key files since there are now four. Fromdtucker2012-06-181-3/+3
| | | | Steve.McClellan at radisys com.
* use "brackets" instead of "braces", for consistency;jmc2012-04-201-3/+3
|
* document new -O cancel command; ok djm@okan2011-09-111-2/+4
|
* support cancellation of local/dynamic forwardings from ~C commandline;markus2011-09-101-5/+14
| | | | ok & feedback djm@
* Add some missing ssh_config(5) options that can be used in ssh(1)'sdjm2011-08-261-2/+5
| | | | -o argument. Patch from duclare AT guu.fi
* Add new SHA256 and SHA512 based HMAC modes fromdjm2011-08-021-3/+5
| | | | | | http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt feedback and ok markus@
* +.It RequestTTYjmc2011-05-071-2/+3
|
* tweak previous;jmc2011-04-181-4/+4
|
* allow graceful shutdown of multiplexing: request that a mux server removesdjm2011-04-171-2/+4
| | | | its listener socket and refuse future multiplexing requests; ok markus@
* add IPQoS to the various -o lists, and zap some trailing whitespace;jmc2010-11-181-2/+3
|
* knock out some "-*- nroff -*-" lines;jmc2010-10-281-3/+2
|
* ssh.1: add kexalgorithms to the -o listjmc2010-09-221-2/+3
| | | | | | ssh_config.5: format the kexalgorithms in a more consistent (prettier!) way ok djm
* mention RFC 5656 for ECC stuffdjm2010-09-111-2/+7
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.