bmh10 / rpms / openssh

Forked from rpms/openssh 10 days ago
Clone

Blame SOURCES/openssh-8.0p1-crypto-policy-doc.patch

3a2fd7
diff --color -ru a/sshd.8 b/sshd.8
3a2fd7
--- a/sshd.8	2022-05-31 13:39:10.231843926 +0200
3a2fd7
+++ b/sshd.8	2022-05-31 14:34:01.460815420 +0200
3a2fd7
@@ -78,6 +78,7 @@
3a2fd7
 .Xr sshd_config 5 ) ;
3a2fd7
 command-line options override values specified in the
3a2fd7
 configuration file.
3a2fd7
+This mechanism is used by systemd to apply system-wide crypto-policies to ssh server.
3a2fd7
 .Nm
3a2fd7
 rereads its configuration file when it receives a hangup signal,
3a2fd7
 .Dv SIGHUP ,
3a2fd7
@@ -207,6 +208,13 @@
3a2fd7
 rules may be applied by specifying the connection parameters using one or more
3a2fd7
 .Fl C
3a2fd7
 options.
3a2fd7
+The configuration does not contain the system-wide crypto-policy configuration.
3a2fd7
+To show the most accurate runtime configuration, use:
3a2fd7
+.Bd -literal -offset 3n
3a2fd7
+source /etc/crypto-policies/back-ends/opensshserver.config
3a2fd7
+source /etc/sysconfig/sshd
3a2fd7
+sshd -T $OPTIONS $CRYPTO_POLICY
3a2fd7
+.Ed
3a2fd7
 .It Fl t
3a2fd7
 Test mode.
3a2fd7
 Only check the validity of the configuration file and sanity of the keys.