rpms
/
openssh
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve crypto policies mention in manual pages (#1881301)

This commit is contained in:
Jakub Jelen 2020-09-22 15:55:35 +02:00
parent 7e9d046986
commit 9c88962b82
1 changed files with 40 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
openssh-8.0p1-crypto-policies.patch
View File

@ -39,18 +39,19 @@ diff -up openssh-8.2p1/ssh_config.5.crypto-policies openssh-8.2p1/ssh_config.5
If the specified list begins with a If the specified list begins with a
.Sq + .Sq +
-character, then the specified ciphers will be appended to the default set -character, then the specified ciphers will be appended to the default set
+character, then the specified ciphers will be appended to the built-in default set -instead of replacing them.
instead of replacing them. +character, then the specified ciphers will be appended to the built-in
+openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq - .Sq -
character, then the specified ciphers (including wildcards) will be removed character, then the specified ciphers (including wildcards) will be removed
-from the default set instead of replacing them. -from the default set instead of replacing them.
+from the built-in default set instead of replacing them. +from the built-in openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq ^ .Sq ^
character, then the specified ciphers will be placed at the head of the character, then the specified ciphers will be placed at the head of the
-default set. -default set.
+built-in default set. +built-in openssh default set.
.Pp .Pp
The supported ciphers are: The supported ciphers are:
.Bd -literal -offset indent .Bd -literal -offset indent
@ -106,13 +107,14 @@ diff -up openssh-8.2p1/ssh_config.5.crypto-policies openssh-8.2p1/ssh_config.5
If the specified list begins with a If the specified list begins with a
.Sq + .Sq +
-character, then the specified methods will be appended to the default set -character, then the specified methods will be appended to the default set
+character, then the specified methods will be appended to the built-in default set -instead of replacing them.
instead of replacing them. +character, then the specified methods will be appended to the built-in
+openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq - .Sq -
character, then the specified methods (including wildcards) will be removed character, then the specified methods (including wildcards) will be removed
-from the default set instead of replacing them. -from the default set instead of replacing them.
+from the built-in default set instead of replacing them. +from the built-in openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq ^ .Sq ^
character, then the specified methods will be placed at the head of the character, then the specified methods will be placed at the head of the
@ -126,7 +128,7 @@ diff -up openssh-8.2p1/ssh_config.5.crypto-policies openssh-8.2p1/ssh_config.5
-diffie-hellman-group18-sha512, -diffie-hellman-group18-sha512,
-diffie-hellman-group14-sha256 -diffie-hellman-group14-sha256
-.Ed -.Ed
+built-in default set. +built-in openssh default set.
.Pp .Pp
The list of available key exchange algorithms may also be obtained using The list of available key exchange algorithms may also be obtained using
.Qq ssh -Q kex . .Qq ssh -Q kex .
@ -146,18 +148,19 @@ diff -up openssh-8.2p1/ssh_config.5.crypto-policies openssh-8.2p1/ssh_config.5
If the specified list begins with a If the specified list begins with a
.Sq + .Sq +
-character, then the specified algorithms will be appended to the default set -character, then the specified algorithms will be appended to the default set
+character, then the specified algorithms will be appended to the built-in default set -instead of replacing them.
instead of replacing them. +character, then the specified algorithms will be appended to the built-in
+openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq - .Sq -
character, then the specified algorithms (including wildcards) will be removed character, then the specified algorithms (including wildcards) will be removed
-from the default set instead of replacing them. -from the default set instead of replacing them.
+from the built-in default set instead of replacing them. +from the built-in openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq ^ .Sq ^
character, then the specified algorithms will be placed at the head of the character, then the specified algorithms will be placed at the head of the
-default set. -default set.
+built-in default set. +built-in openssh default set.
.Pp .Pp
The algorithms that contain The algorithms that contain
.Qq -etm .Qq -etm
@ -190,13 +193,14 @@ diff -up openssh-8.2p1/ssh_config.5.crypto-policies openssh-8.2p1/ssh_config.5
If the specified list begins with a If the specified list begins with a
.Sq + .Sq +
-character, then the key types after it will be appended to the default -character, then the key types after it will be appended to the default
+character, then the key types after it will be appended to the built-in default -instead of replacing it.
instead of replacing it. +character, then the key types after it will be appended to the built-in
+openssh default instead of replacing it.
If the specified list begins with a If the specified list begins with a
.Sq - .Sq -
character, then the specified key types (including wildcards) will be removed character, then the specified key types (including wildcards) will be removed
-from the default set instead of replacing them. -from the default set instead of replacing them.
+from the built-in default set instead of replacing them. +from the built-in openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq ^ .Sq ^
character, then the specified key types will be placed at the head of the character, then the specified key types will be placed at the head of the
@ -217,7 +221,7 @@ diff -up openssh-8.2p1/ssh_config.5.crypto-policies openssh-8.2p1/ssh_config.5
-ssh-ed25519,sk-ssh-ed25519@openssh.com, -ssh-ed25519,sk-ssh-ed25519@openssh.com,
-rsa-sha2-512,rsa-sha2-256,ssh-rsa -rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed -.Ed
+built-in default set. +built-in openssh default set.
.Pp .Pp
The list of available key types may also be obtained using The list of available key types may also be obtained using
.Qq ssh -Q PubkeyAcceptedKeyTypes . .Qq ssh -Q PubkeyAcceptedKeyTypes .
@ -261,18 +265,19 @@ diff -up openssh-8.2p1/sshd_config.5.crypto-policies openssh-8.2p1/sshd_config.5
If the specified list begins with a If the specified list begins with a
.Sq + .Sq +
-character, then the specified ciphers will be appended to the default set -character, then the specified ciphers will be appended to the default set
+character, then the specified ciphers will be appended to the built-in default set -instead of replacing them.
instead of replacing them. +character, then the specified ciphers will be appended to the built-in
+openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq - .Sq -
character, then the specified ciphers (including wildcards) will be removed character, then the specified ciphers (including wildcards) will be removed
-from the default set instead of replacing them. -from the default set instead of replacing them.
+from the built-in default set instead of replacing them. +from the built-in openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq ^ .Sq ^
character, then the specified ciphers will be placed at the head of the character, then the specified ciphers will be placed at the head of the
-default set. -default set.
+built-in default set. +built-in openssh default set.
.Pp .Pp
The supported ciphers are: The supported ciphers are:
.Pp .Pp
@ -370,18 +375,19 @@ diff -up openssh-8.2p1/sshd_config.5.crypto-policies openssh-8.2p1/sshd_config.5
Alternately if the specified list begins with a Alternately if the specified list begins with a
.Sq + .Sq +
-character, then the specified methods will be appended to the default set -character, then the specified methods will be appended to the default set
+character, then the specified methods will be appended to the built-in default set -instead of replacing them.
instead of replacing them. +character, then the specified methods will be appended to the built-in
+openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq - .Sq -
character, then the specified methods (including wildcards) will be removed character, then the specified methods (including wildcards) will be removed
-from the default set instead of replacing them. -from the default set instead of replacing them.
+from the built-in default set instead of replacing them. +from the built-in openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq ^ .Sq ^
character, then the specified methods will be placed at the head of the character, then the specified methods will be placed at the head of the
-default set. -default set.
+built-in default set. +built-in openssh default set.
The supported algorithms are: The supported algorithms are:
.Pp .Pp
.Bl -item -compact -offset indent .Bl -item -compact -offset indent
@ -416,18 +422,19 @@ diff -up openssh-8.2p1/sshd_config.5.crypto-policies openssh-8.2p1/sshd_config.5
If the specified list begins with a If the specified list begins with a
.Sq + .Sq +
-character, then the specified algorithms will be appended to the default set -character, then the specified algorithms will be appended to the default set
+character, then the specified algorithms will be appended to the built-in default set -instead of replacing them.
instead of replacing them. +character, then the specified algorithms will be appended to the built-in
+openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq - .Sq -
character, then the specified algorithms (including wildcards) will be removed character, then the specified algorithms (including wildcards) will be removed
-from the default set instead of replacing them. -from the default set instead of replacing them.
+from the built-in default set instead of replacing them. +from the built-in openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq ^ .Sq ^
character, then the specified algorithms will be placed at the head of the character, then the specified algorithms will be placed at the head of the
-default set. -default set.
+built-in default set. +built-in openssh default set.
.Pp .Pp
The algorithms that contain The algorithms that contain
.Qq -etm .Qq -etm
@ -461,13 +468,14 @@ diff -up openssh-8.2p1/sshd_config.5.crypto-policies openssh-8.2p1/sshd_config.5
Alternately if the specified list begins with a Alternately if the specified list begins with a
.Sq + .Sq +
-character, then the specified key types will be appended to the default set -character, then the specified key types will be appended to the default set
+character, then the specified key types will be appended to the built-in default set -instead of replacing them.
instead of replacing them. +character, then the specified key types will be appended to the built-in
+openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq - .Sq -
character, then the specified key types (including wildcards) will be removed character, then the specified key types (including wildcards) will be removed
-from the default set instead of replacing them. -from the default set instead of replacing them.
+from the built-in default set instead of replacing them. +from the built-in openssh default set instead of replacing them.
If the specified list begins with a If the specified list begins with a
.Sq ^ .Sq ^
character, then the specified key types will be placed at the head of the character, then the specified key types will be placed at the head of the
@ -488,7 +496,7 @@ diff -up openssh-8.2p1/sshd_config.5.crypto-policies openssh-8.2p1/sshd_config.5
-ssh-ed25519,sk-ssh-ed25519@openssh.com, -ssh-ed25519,sk-ssh-ed25519@openssh.com,
-rsa-sha2-512,rsa-sha2-256,ssh-rsa -rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed -.Ed
+built-in default set. +built-in openssh default set.
.Pp .Pp
The list of available key types may also be obtained using The list of available key types may also be obtained using
.Qq ssh -Q PubkeyAcceptedKeyTypes . .Qq ssh -Q PubkeyAcceptedKeyTypes .