summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-01-21 12:38:03 +0100
committerChristian Poessinger <christian@poessinger.com>2020-01-21 12:38:03 +0100
commit5698c2e186a494f45ef469778ba01743ad431da2 (patch)
tree1dec22a005c8d8d21dba38d67c0c346d4abca61b /docs
parent4151910b8af1559f7a11a3279c8264eb57600b6f (diff)
downloadvyos-documentation-5698c2e186a494f45ef469778ba01743ad431da2.tar.gz
vyos-documentation-5698c2e186a494f45ef469778ba01743ad431da2.zip
ssh: use comma separated list on mac/cipher suites
Diffstat (limited to 'docs')
-rw-r--r--docs/services/ssh.rst51
1 files changed, 12 insertions, 39 deletions
diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst
index 1dd996d4..b60d592d 100644
--- a/docs/services/ssh.rst
+++ b/docs/services/ssh.rst
@@ -43,29 +43,16 @@ defined.
.. cfgcmd:: set service ssh ciphers <cipher>
Define allowed ciphers used for the SSH connection. A number of allowed ciphers
-can be specified, use multiple occurrences to allow multiple ciphers.
-
-* ``3des-cbc``
-* ``aes128-cbc``
-* ``aes192-cbc``
-* ``aes256-cbc``
-* ``aes128-ctr``
-* ``aes192-ctr``
-* ``aes256-ctr``
-* ``arcfour128``
-* ``arcfour256``
-* ``arcfour``
-* ``blowfish-cbc``
-* ``cast128-cbc``
-
-This could be used to harden security.
+can be specified, use multiple occurrences to allow multiple ciphers. You can
+choose from the following ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``,
+``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``,
+``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``
.. cfgcmd:: set service ssh disable-password-authentication
Disable password based authentication. Login via SSH keys only. This hardens
security!
-
.. cfgcmd: set service ssh disable-host-validation
Disable the host validation through reverse DNS lookups - can speedup login
@@ -75,28 +62,14 @@ time when reverse lookup is not possible.
Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms.
The MAC algorithm is used in protocol version 2 for data integrity protection.
-Multiple algorithms can be provided. Supported MACs:
-
-* ``hmac-md5``
-* ``hmac-md5-96``
-* ``hmac-ripemd160``
-* ``hmac-sha1``
-* ``hmac-sha1-96``
-* ``hmac-sha2-256``
-* ``hmac-sha2-512``
-* ``umac-64@openssh.com``
-* ``umac-128@openssh.com``
-* ``hmac-md5-etm@openssh.com``
-* ``hmac-md5-96-etm@openssh.com``
-* ``hmac-ripemd160-etm@openssh.com``
-* ``hmac-sha1-etm@openssh.com``
-* ``hmac-sha1-96-etm@openssh.com``
-* ``hmac-sha2-256-etm@openssh.com``
-* ``hmac-sha2-512-etm@openssh.com``
-* ``umac-64-etm@openssh.com``
-* ``umac-128-etm@openssh.com``
-
-This could be used to harden security.
+Multiple algorithms can be provided. Supported MACs: ``hmac-md5``,
+``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``,
+``hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``,
+``umac-128@openssh.com``, ``hmac-md5-etm@openssh.com``,
+``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``,
+``hmac-sha1-etm@openssh.com``, ``hmac-sha1-96-etm@openssh.com``,
+``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``,
+``umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``
.. note:: VyOS 1.1 supported login as user ``root``. This has been removed due
to tighter security in VyOS 1.2.