- djm@cvs.openbsd.org 2010/09/22 05:01:30
[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
[servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
add a KexAlgorithms knob to the client and server configuration to allow
selection of which key exchange methods are used by ssh(1) and sshd(8)
and their order of preference.
ok markus@
diff --git a/sshd_config.5 b/sshd_config.5
index af3d89b..d87f602 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.126 2010/08/31 11:54:45 djm Exp $
-.Dd $Mdocdate: August 31 2010 $
+.\" $OpenBSD: sshd_config.5,v 1.127 2010/09/22 05:01:30 djm Exp $
+.Dd $Mdocdate: September 22 2010 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -538,6 +538,17 @@
file on logout.
The default is
.Dq yes .
+.It Cm KexAlgorithms
+Specifies the available KEX (Key Exchange) algorithms.
+Multiple algorithms must be comma-separated.
+The default is
+.Dq ecdh-sha2-nistp256 ,
+.Dq ecdh-sha2-nistp384 ,
+.Dq ecdh-sha2-nistp521 ,
+.Dq diffie-hellman-group-exchange-sha256 ,
+.Dq diffie-hellman-group-exchange-sha1 ,
+.Dq diffie-hellman-group14-sha1 ,
+.Dq diffie-hellman-group1-sha1 .
.It Cm KeyRegenerationInterval
In protocol version 1, the ephemeral server key is automatically regenerated
after this many seconds (if it has been used).