19261079b7
Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
50 lines
1.6 KiB
Plaintext
50 lines
1.6 KiB
Plaintext
# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $
|
|
# $FreeBSD$
|
|
|
|
# This is the ssh client system-wide configuration file. See
|
|
# ssh_config(5) for more information. This file provides defaults for
|
|
# users, and the values can be changed in per-user configuration files
|
|
# or on the command line.
|
|
|
|
# Configuration data is parsed as follows:
|
|
# 1. command line options
|
|
# 2. user-specific file
|
|
# 3. system-wide file
|
|
# Any configuration value is only changed the first time it is set.
|
|
# Thus, host-specific definitions should be at the beginning of the
|
|
# configuration file, and defaults at the end.
|
|
|
|
# Site-wide defaults for some commonly used options. For a comprehensive
|
|
# list of available options, their meanings and defaults, please see the
|
|
# ssh_config(5) man page.
|
|
|
|
# Host *
|
|
# ForwardAgent no
|
|
# ForwardX11 no
|
|
# PasswordAuthentication yes
|
|
# HostbasedAuthentication no
|
|
# GSSAPIAuthentication no
|
|
# GSSAPIDelegateCredentials no
|
|
# BatchMode no
|
|
# CheckHostIP no
|
|
# AddressFamily any
|
|
# ConnectTimeout 0
|
|
# StrictHostKeyChecking ask
|
|
# IdentityFile ~/.ssh/id_rsa
|
|
# IdentityFile ~/.ssh/id_dsa
|
|
# IdentityFile ~/.ssh/id_ecdsa
|
|
# IdentityFile ~/.ssh/id_ed25519
|
|
# Port 22
|
|
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
|
|
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
|
|
# EscapeChar ~
|
|
# Tunnel no
|
|
# TunnelDevice any:any
|
|
# PermitLocalCommand no
|
|
# VisualHostKey no
|
|
# ProxyCommand ssh -q -W %h:%p gateway.example.com
|
|
# RekeyLimit 1G 1h
|
|
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
|
|
# VerifyHostKeyDNS yes
|
|
# VersionAddendum FreeBSD-20210907
|