kentpeacock / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone
Source Code
GIT

Blame SOURCES/openssh-8.0p1-crypto-policy-doc.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-meta
  1.   6c1f4de3304af6dcce1fa5073d555337e2830774
  2.   SOURCES
  3.   openssh-8.0p1-crypto-policy-doc.patch
Blob History Raw
6c1f4d 
diff --color -ru a/sshd.8 b/sshd.8
6c1f4d 
--- a/sshd.8	2022-05-31 13:39:10.231843926 +0200
6c1f4d 
+++ b/sshd.8	2022-05-31 14:34:01.460815420 +0200
6c1f4d 
@@ -78,6 +78,7 @@
6c1f4d 
 .Xr sshd_config 5 ) ;
6c1f4d 
 command-line options override values specified in the
6c1f4d 
 configuration file.
6c1f4d 
+This mechanism is used by systemd to apply system-wide crypto-policies to ssh server.
6c1f4d 
 .Nm
6c1f4d 
 rereads its configuration file when it receives a hangup signal,
6c1f4d 
 .Dv SIGHUP ,
6c1f4d 
@@ -207,6 +208,13 @@
6c1f4d 
 rules may be applied by specifying the connection parameters using one or more
6c1f4d 
 .Fl C
6c1f4d 
 options.
6c1f4d 
+The configuration does not contain the system-wide crypto-policy configuration.
6c1f4d 
+To show the most accurate runtime configuration, use:
6c1f4d 
+.Bd -literal -offset 3n
6c1f4d 
+source /etc/crypto-policies/back-ends/opensshserver.config
6c1f4d 
+source /etc/sysconfig/sshd
6c1f4d 
+sshd -T $OPTIONS $CRYPTO_POLICY
6c1f4d 
+.Ed
6c1f4d 
 .It Fl t
6c1f4d 
 Test mode.
6c1f4d 
 Only check the validity of the configuration file and sanity of the keys.

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation