37,38c37,38
< .\" $FreeBSD: head/crypto/openssh/ssh.1 128460 2004-04-20 09:46:41Z des $
< .\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $
---
> .\" $OpenBSD: ssh.1,v 1.194 2004/08/12 21:41:13 jakob Exp $
> .\" $FreeBSD: head/crypto/openssh/ssh.1 137019 2004-10-28 16:11:31Z des $
47c47
< .Op Fl 1246AaCfgkNnqsTtVvXxY
---
> .Op Fl 1246AaCfgkMNnqsTtVvXxY
49a50
> .Bk -words
54d54
< .Bk -words
77a78
> .Op Fl S Ar ctl
245,246c246,247
< (the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
< and integrity (hmac-md5, hmac-sha1).
---
> (the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour)
> and integrity (hmac-md5, hmac-sha1, hmac-ripemd160).
306c307,308
< Open command line (only useful for adding port forwardings using the
---
> Open command line.
> Currently this allows the addition of port forwardings using the
310c312,318
< options).
---
> options (see below).
> It also allows the cancellation of existing remote port-forwardings
> using
> .Fl KR Ar hostport .
> Basic help is available, using the
> .Fl h
> option.
396a405,413
> .Nm
> can be configured to verify host identification using fingerprint resource
> records (SSHFP) published in DNS.
> The
> .Cm VerifyHostKeyDNS
> option can be used to control how DNS lookups are performed.
> SSHFP resource records can be generated using
> .Xr ssh-keygen 1 .
> .Pp
447,448c464,472
< .It Fl c Ar blowfish | 3des | des
< Selects the cipher to use for encrypting the session.
---
> .It Fl c Ar cipher_spec
> Selects the cipher specification for encrypting the session.
> .Pp
> Protocol version 1 allows specification of a single cipher.
> The suported values are
> .Dq 3des ,
> .Dq blowfish
> and
> .Dq des .
450,452d473
< is used by default.
< It is believed to be secure.
< .Ar 3des
453a475
> It is believed to be secure.
465,470c487,510
< .It Fl c Ar cipher_spec
< Additionally, for protocol version 2 a comma-separated list of ciphers can
< be specified in order of preference.
< See
< .Cm Ciphers
< for more information.
---
> The default is
> .Dq 3des .
> .Pp
> For protocol version 2
> .Ar cipher_spec
> is a comma-separated list of ciphers
> listed in order of preference.
> The supported ciphers are
> .Dq 3des-cbc ,
> .Dq aes128-cbc ,
> .Dq aes192-cbc ,
> .Dq aes256-cbc ,
> .Dq aes128-ctr ,
> .Dq aes192-ctr ,
> .Dq aes256-ctr ,
> .Dq arcfour ,
> .Dq blowfish-cbc ,
> and
> .Dq cast128-cbc .
> The default is
> .Bd -literal
> ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
> aes192-cbc,aes256-cbc''
> .Ed
572a613,623
> .It Fl M
> Places the
> .Nm
> client into
> .Dq master
> mode for connection sharing.
> Refer to the description of
> .Cm ControlMaster
> in
> .Xr ssh_config 5
> for details.
623c674,676
< .It ConnectionTimeout
---
> .It ConnectTimeout
> .It ControlMaster
> .It ControlPath
653a707
> .It SendEnv
697a752,760
> .It Fl S Ar ctl
> Specifies the location of a control socket for connection sharing.
> Refer to the description of
> .Cm ControlPath
> and
> .Cm ControlMaster
> in
> .Xr ssh_config 5
> for details.
889a953,954
> Because of the potential for abuse, this file must have strict permissions:
> read/write for the user, and not accessible by others.
< .\" $FreeBSD: head/crypto/openssh/ssh.1 128460 2004-04-20 09:46:41Z des $
< .\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $
---
> .\" $OpenBSD: ssh.1,v 1.194 2004/08/12 21:41:13 jakob Exp $
> .\" $FreeBSD: head/crypto/openssh/ssh.1 137019 2004-10-28 16:11:31Z des $
47c47
< .Op Fl 1246AaCfgkNnqsTtVvXxY
---
> .Op Fl 1246AaCfgkMNnqsTtVvXxY
49a50
> .Bk -words
54d54
< .Bk -words
77a78
> .Op Fl S Ar ctl
245,246c246,247
< (the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
< and integrity (hmac-md5, hmac-sha1).
---
> (the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour)
> and integrity (hmac-md5, hmac-sha1, hmac-ripemd160).
306c307,308
< Open command line (only useful for adding port forwardings using the
---
> Open command line.
> Currently this allows the addition of port forwardings using the
310c312,318
< options).
---
> options (see below).
> It also allows the cancellation of existing remote port-forwardings
> using
> .Fl KR Ar hostport .
> Basic help is available, using the
> .Fl h
> option.
396a405,413
> .Nm
> can be configured to verify host identification using fingerprint resource
> records (SSHFP) published in DNS.
> The
> .Cm VerifyHostKeyDNS
> option can be used to control how DNS lookups are performed.
> SSHFP resource records can be generated using
> .Xr ssh-keygen 1 .
> .Pp
447,448c464,472
< .It Fl c Ar blowfish | 3des | des
< Selects the cipher to use for encrypting the session.
---
> .It Fl c Ar cipher_spec
> Selects the cipher specification for encrypting the session.
> .Pp
> Protocol version 1 allows specification of a single cipher.
> The suported values are
> .Dq 3des ,
> .Dq blowfish
> and
> .Dq des .
450,452d473
< is used by default.
< It is believed to be secure.
< .Ar 3des
453a475
> It is believed to be secure.
465,470c487,510
< .It Fl c Ar cipher_spec
< Additionally, for protocol version 2 a comma-separated list of ciphers can
< be specified in order of preference.
< See
< .Cm Ciphers
< for more information.
---
> The default is
> .Dq 3des .
> .Pp
> For protocol version 2
> .Ar cipher_spec
> is a comma-separated list of ciphers
> listed in order of preference.
> The supported ciphers are
> .Dq 3des-cbc ,
> .Dq aes128-cbc ,
> .Dq aes192-cbc ,
> .Dq aes256-cbc ,
> .Dq aes128-ctr ,
> .Dq aes192-ctr ,
> .Dq aes256-ctr ,
> .Dq arcfour ,
> .Dq blowfish-cbc ,
> and
> .Dq cast128-cbc .
> The default is
> .Bd -literal
> ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
> aes192-cbc,aes256-cbc''
> .Ed
572a613,623
> .It Fl M
> Places the
> .Nm
> client into
> .Dq master
> mode for connection sharing.
> Refer to the description of
> .Cm ControlMaster
> in
> .Xr ssh_config 5
> for details.
623c674,676
< .It ConnectionTimeout
---
> .It ConnectTimeout
> .It ControlMaster
> .It ControlPath
653a707
> .It SendEnv
697a752,760
> .It Fl S Ar ctl
> Specifies the location of a control socket for connection sharing.
> Refer to the description of
> .Cm ControlPath
> and
> .Cm ControlMaster
> in
> .Xr ssh_config 5
> for details.
889a953,954
> Because of the potential for abuse, this file must have strict permissions:
> read/write for the user, and not accessible by others.