upstream commit
Catch up with the SSH1 code removal and delete all
mention of protocol 1 particularities, key files and formats, command line
options, and configuration keywords from the server documentation and
examples. ok jmc@
Upstream-ID: 850328854675b4b6a0d4a90f0b4a9dd9ca4e905f
diff --git a/sshd_config.5 b/sshd_config.5
index b70c313..d1a5d1d 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.228 2016/08/12 19:19:04 jca Exp $
-.Dd $Mdocdate: August 12 2016 $
+.\" $OpenBSD: sshd_config.5,v 1.229 2016/08/15 12:32:04 naddy Exp $
+.Dd $Mdocdate: August 15 2016 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -230,8 +230,6 @@
.Dq publickey,publickey
will require successful authentication using two different public keys.
.Pp
-This option will yield a fatal
-error if enabled if protocol 1 is also enabled.
Note that each authentication method listed should also be explicitly enabled
in the configuration.
The default
@@ -709,15 +707,12 @@
.It Cm HostKey
Specifies a file containing a private host key
used by SSH.
-The default is
-.Pa /etc/ssh/ssh_host_key
-for protocol version 1, and
+The defaults are
.Pa /etc/ssh/ssh_host_dsa_key ,
.Pa /etc/ssh/ssh_host_ecdsa_key ,
.Pa /etc/ssh/ssh_host_ed25519_key
and
-.Pa /etc/ssh/ssh_host_rsa_key
-for protocol version 2.
+.Pa /etc/ssh/ssh_host_rsa_key .
.Pp
Note that
.Xr sshd 8
@@ -728,14 +723,6 @@
.Xr sshd 8 .
.Pp
It is possible to have multiple host key files.
-.Dq rsa1
-keys are used for version 1 and
-.Dq dsa ,
-.Dq ecdsa ,
-.Dq ed25519
-or
-.Dq rsa
-are used for version 2 of the SSH protocol.
It is also possible to specify public host key files instead.
In this case operations on the private key will be delegated
to an
@@ -774,8 +761,6 @@
and
.Pa .shosts
files will not be used in
-.Cm RhostsRSAAuthentication
-or
.Cm HostbasedAuthentication .
.Pp
.Pa /etc/hosts.equiv
@@ -790,8 +775,6 @@
should ignore the user's
.Pa ~/.ssh/known_hosts
during
-.Cm RhostsRSAAuthentication
-or
.Cm HostbasedAuthentication .
The default is
.Dq no .
@@ -910,15 +893,6 @@
.Xr ssh 1
with an argument of
.Dq kex .
-.It Cm KeyRegenerationInterval
-In protocol version 1, the ephemeral server key is automatically regenerated
-after this many seconds (if it has been used).
-The purpose of regeneration is to prevent
-decrypting captured sessions by later breaking into the machine and
-stealing the keys.
-The key is never stored anywhere.
-If the value is 0, the key is never regenerated.
-The default is 3600 (seconds).
.It Cm ListenAddress
Specifies the local addresses
.Xr sshd 8
@@ -1127,8 +1101,6 @@
.Cm PubkeyAuthentication ,
.Cm RekeyLimit ,
.Cm RevokedKeys ,
-.Cm RhostsRSAAuthentication ,
-.Cm RSAAuthentication ,
.Cm StreamLocalBindMask ,
.Cm StreamLocalBindUnlink ,
.Cm TrustedUserCAKeys ,
@@ -1333,28 +1305,6 @@
or equivalent.)
The default is
.Dq yes .
-.It Cm Protocol
-Specifies the protocol versions
-.Xr sshd 8
-supports.
-The possible values are
-.Sq 1
-and
-.Sq 2 .
-Multiple versions must be comma-separated.
-The default is
-.Sq 2 .
-Protocol 1 suffers from a number of cryptographic weaknesses and should
-not be used.
-It is only offered to support legacy devices.
-.Pp
-Note that the order of the protocol list does not indicate preference,
-because the client selects among multiple protocol versions offered
-by the server.
-Specifying
-.Dq 2,1
-is identical to
-.Dq 1,2 .
.It Cm PubkeyAcceptedKeyTypes
Specifies the key types that will be accepted for public key authentication
as a comma-separated pattern list.
@@ -1419,20 +1369,6 @@
.Xr ssh-keygen 1 .
For more information on KRLs, see the KEY REVOCATION LISTS section in
.Xr ssh-keygen 1 .
-.It Cm RhostsRSAAuthentication
-Specifies whether rhosts or /etc/hosts.equiv authentication together
-with successful RSA host authentication is allowed.
-The default is
-.Dq no .
-This option applies to protocol version 1 only.
-.It Cm RSAAuthentication
-Specifies whether pure RSA authentication is allowed.
-The default is
-.Dq yes .
-This option applies to protocol version 1 only.
-.It Cm ServerKeyBits
-Defines the number of bits in the ephemeral protocol version 1 server key.
-The default and minimum value is 1024.
.It Cm StreamLocalBindMask
Sets the octal file creation mode mask
.Pq umask