diff options
Diffstat (limited to 'openssh-8.0p1-crypto-policies.patch')
| -rw-r--r-- | openssh-8.0p1-crypto-policies.patch | 632 |
1 files changed, 0 insertions, 632 deletions
diff --git a/openssh-8.0p1-crypto-policies.patch b/openssh-8.0p1-crypto-policies.patch deleted file mode 100644 index 86c08db..0000000 --- a/openssh-8.0p1-crypto-policies.patch +++ /dev/null @@ -1,632 +0,0 @@ -diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-9.3p1/ssh_config.5 openssh-9.3p1-patched/ssh_config.5 ---- openssh-9.3p1/ssh_config.5 2023-06-07 10:26:48.284590156 +0200 -+++ openssh-9.3p1-patched/ssh_config.5 2023-06-07 10:26:00.623052194 +0200 -@@ -378,17 +378,13 @@ - causes no CNAMEs to be considered for canonicalization. - This is the default behaviour. - .It Cm CASignatureAlgorithms -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies which algorithms are allowed for signing of certificates - by certificate authorities (CAs). --The default is: --.Bd -literal -offset indent --ssh-ed25519,ecdsa-sha2-nistp256, --ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, --sk-ssh-ed25519@openssh.com, --sk-ecdsa-sha2-nistp256@openssh.com, --rsa-sha2-512,rsa-sha2-256 --.Ed --.Pp - If the specified list begins with a - .Sq + - character, then the specified algorithms will be appended to the default set -@@ -450,20 +446,25 @@ - (the default), - the check will not be executed. - .It Cm Ciphers -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies the ciphers allowed and their order of preference. - Multiple ciphers must be comma-separated. - If the specified list begins with a - .Sq + --character, then the specified ciphers will be appended to the default set --instead of replacing them. -+character, then the specified ciphers will be appended to the built-in -+openssh default set instead of replacing them. - If the specified list begins with a - .Sq - - character, then the specified ciphers (including wildcards) will be removed --from the default set instead of replacing them. -+from the built-in openssh default set instead of replacing them. - If the specified list begins with a - .Sq ^ - character, then the specified ciphers will be placed at the head of the --default set. -+built-in openssh default set. - .Pp - The supported ciphers are: - .Bd -literal -offset indent -@@ -479,13 +480,6 @@ - chacha20-poly1305@openssh.com - .Ed - .Pp --The default is: --.Bd -literal -offset indent --chacha20-poly1305@openssh.com, --aes128-ctr,aes192-ctr,aes256-ctr, --aes128-gcm@openssh.com,aes256-gcm@openssh.com --.Ed --.Pp - The list of available ciphers may also be obtained using - .Qq ssh -Q cipher . - .It Cm ClearAllForwardings -@@ -885,6 +879,11 @@ - The default is - .Dq no . - .It Cm GSSAPIKexAlgorithms -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - The list of key exchange algorithms that are offered for GSSAPI - key exchange. Possible values are - .Bd -literal -offset 3n -@@ -897,10 +896,8 @@ - gss-curve25519-sha256- - .Ed - .Pp --The default is --.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-, --gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- . - This option only applies to connections using GSSAPI. -+.Pp - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 -@@ -919,36 +916,25 @@ - but may be manually hashed using - .Xr ssh-keygen 1 . - .It Cm HostbasedAcceptedAlgorithms -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies the signature algorithms that will be used for hostbased - authentication as a comma-separated list of patterns. - Alternately if the specified list begins with a - .Sq + - character, then the specified signature algorithms will be appended --to the default set instead of replacing them. -+to the built-in openssh default set instead of replacing them. - If the specified list begins with a - .Sq - - character, then the specified signature algorithms (including wildcards) --will be removed from the default set instead of replacing them. -+will be removed from the built-in openssh default set instead of replacing them. - If the specified list begins with a - .Sq ^ - character, then the specified signature algorithms will be placed --at the head of the default set. --The default for this option is: --.Bd -literal -offset 3n --ssh-ed25519-cert-v01@openssh.com, --ecdsa-sha2-nistp256-cert-v01@openssh.com, --ecdsa-sha2-nistp384-cert-v01@openssh.com, --ecdsa-sha2-nistp521-cert-v01@openssh.com, --sk-ssh-ed25519-cert-v01@openssh.com, --sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, --rsa-sha2-512-cert-v01@openssh.com, --rsa-sha2-256-cert-v01@openssh.com, --ssh-ed25519, --ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, --sk-ssh-ed25519@openssh.com, --sk-ecdsa-sha2-nistp256@openssh.com, --rsa-sha2-512,rsa-sha2-256 --.Ed -+at the head of the built-in openssh default set. - .Pp - The - .Fl Q -@@ -1001,6 +987,17 @@ - .Pp - The list of available signature algorithms may also be obtained using - .Qq ssh -Q HostKeyAlgorithms . -+.Pp -+The proposed -+.Cm HostKeyAlgorithms -+during KEX are limited to the set of algorithms that is defined in -+.Cm PubkeyAcceptedAlgorithms -+and therefore they are indirectly affected by system-wide -+.Xr crypto_policies 7 . -+.Xr crypto_policies 7 can not handle the list of host key algorithms directly as doing so -+would break the order given by the -+.Pa known_hosts -+file. - .It Cm HostKeyAlias - Specifies an alias that should be used instead of the - real host name when looking up or saving the host key -@@ -1232,30 +1229,25 @@ - and - .Cm pam . - .It Cm KexAlgorithms -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies the available KEX (Key Exchange) algorithms. - Multiple algorithms must be comma-separated. - If the specified list begins with a - .Sq + --character, then the specified algorithms will be appended to the default set --instead of replacing them. -+character, then the specified methods will be appended to the built-in -+openssh default set instead of replacing them. - If the specified list begins with a - .Sq - - character, then the specified algorithms (including wildcards) will be removed --from the default set instead of replacing them. -+from the built-in openssh default set instead of replacing them. - If the specified list begins with a - .Sq ^ - character, then the specified algorithms will be placed at the head of the --default set. --The default is: --.Bd -literal -offset indent --sntrup761x25519-sha512@openssh.com, --curve25519-sha256,curve25519-sha256@libssh.org, --ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, --diffie-hellman-group-exchange-sha256, --diffie-hellman-group16-sha512, --diffie-hellman-group18-sha512, --diffie-hellman-group14-sha256 --.Ed -+built-in openssh default set. - .Pp - The list of available key exchange algorithms may also be obtained using - .Qq ssh -Q kex . -@@ -1365,37 +1357,33 @@ - file. - This option is intended for debugging and no overrides are enabled by default. - .It Cm MACs -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies the MAC (message authentication code) algorithms - in order of preference. - The MAC algorithm is used for data integrity protection. - Multiple algorithms must be comma-separated. - If the specified list begins with a - .Sq + --character, then the specified algorithms will be appended to the default set --instead of replacing them. -+character, then the specified algorithms will be appended to the built-in -+openssh default set instead of replacing them. - If the specified list begins with a - .Sq - - character, then the specified algorithms (including wildcards) will be removed --from the default set instead of replacing them. -+from the built-in openssh default set instead of replacing them. - If the specified list begins with a - .Sq ^ - character, then the specified algorithms will be placed at the head of the --default set. -+built-in openssh default set. - .Pp - The algorithms that contain - .Qq -etm - calculate the MAC after encryption (encrypt-then-mac). - These are considered safer and their use recommended. - .Pp --The default is: --.Bd -literal -offset indent --umac-64-etm@openssh.com,umac-128-etm@openssh.com, --hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, --hmac-sha1-etm@openssh.com, --umac-64@openssh.com,umac-128@openssh.com, --hmac-sha2-256,hmac-sha2-512,hmac-sha1 --.Ed --.Pp - The list of available MAC algorithms may also be obtained using - .Qq ssh -Q mac . - .It Cm NoHostAuthenticationForLocalhost -@@ -1567,39 +1555,31 @@ - The default is - .Cm no . - .It Cm PubkeyAcceptedAlgorithms -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies the signature algorithms that will be used for public key - authentication as a comma-separated list of patterns. - If the specified list begins with a - .Sq + --character, then the algorithms after it will be appended to the default --instead of replacing it. -+character, then the algorithms after it will be appended to the built-in -+openssh default instead of replacing it. - If the specified list begins with a - .Sq - - character, then the specified algorithms (including wildcards) will be removed --from the default set instead of replacing them. -+from the built-in openssh default set instead of replacing them. - If the specified list begins with a - .Sq ^ - character, then the specified algorithms will be placed at the head of the --default set. --The default for this option is: --.Bd -literal -offset 3n --ssh-ed25519-cert-v01@openssh.com, --ecdsa-sha2-nistp256-cert-v01@openssh.com, --ecdsa-sha2-nistp384-cert-v01@openssh.com, --ecdsa-sha2-nistp521-cert-v01@openssh.com, --sk-ssh-ed25519-cert-v01@openssh.com, --sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, --rsa-sha2-512-cert-v01@openssh.com, --rsa-sha2-256-cert-v01@openssh.com, --ssh-ed25519, --ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, --sk-ssh-ed25519@openssh.com, --sk-ecdsa-sha2-nistp256@openssh.com, --rsa-sha2-512,rsa-sha2-256 --.Ed -+built-in openssh default set. - .Pp - The list of available signature algorithms may also be obtained using - .Qq ssh -Q PubkeyAcceptedAlgorithms . -+.Pp -+This option affects also -+.Cm HostKeyAlgorithms - .It Cm PubkeyAuthentication - Specifies whether to try public key authentication. - The argument to this keyword must be -@@ -2265,7 +2245,9 @@ - This file must be world-readable. - .El - .Sh SEE ALSO --.Xr ssh 1 -+.Xr ssh 1 , -+.Xr crypto-policies 7 , -+.Xr update-crypto-policies 8 - .Sh AUTHORS - .An -nosplit - OpenSSH is a derivative of the original and free -diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-9.3p1/sshd_config.5 openssh-9.3p1-patched/sshd_config.5 ---- openssh-9.3p1/sshd_config.5 2023-06-07 10:26:48.277590077 +0200 -+++ openssh-9.3p1-patched/sshd_config.5 2023-06-07 10:26:00.592051845 +0200 -@@ -379,17 +379,13 @@ - then no banner is displayed. - By default, no banner is displayed. - .It Cm CASignatureAlgorithms -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies which algorithms are allowed for signing of certificates - by certificate authorities (CAs). --The default is: --.Bd -literal -offset indent --ssh-ed25519,ecdsa-sha2-nistp256, --ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, --sk-ssh-ed25519@openssh.com, --sk-ecdsa-sha2-nistp256@openssh.com, --rsa-sha2-512,rsa-sha2-256 --.Ed --.Pp - If the specified list begins with a - .Sq + - character, then the specified algorithms will be appended to the default set -@@ -525,20 +521,25 @@ - indicating not to - .Xr chroot 2 . - .It Cm Ciphers -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies the ciphers allowed. - Multiple ciphers must be comma-separated. - If the specified list begins with a - .Sq + --character, then the specified ciphers will be appended to the default set --instead of replacing them. -+character, then the specified ciphers will be appended to the built-in -+openssh default set instead of replacing them. - If the specified list begins with a - .Sq - - character, then the specified ciphers (including wildcards) will be removed --from the default set instead of replacing them. -+from the built-in openssh default set instead of replacing them. - If the specified list begins with a - .Sq ^ - character, then the specified ciphers will be placed at the head of the --default set. -+built-in openssh default set. - .Pp - The supported ciphers are: - .Pp -@@ -565,13 +566,6 @@ - chacha20-poly1305@openssh.com - .El - .Pp --The default is: --.Bd -literal -offset indent --chacha20-poly1305@openssh.com, --aes128-ctr,aes192-ctr,aes256-ctr, --aes128-gcm@openssh.com,aes256-gcm@openssh.com --.Ed --.Pp - The list of available ciphers may also be obtained using - .Qq ssh -Q cipher . - .It Cm ClientAliveCountMax -@@ -766,53 +760,43 @@ - .Cm GSSAPIKeyExchange - needs to be enabled in the server and also used by the client. - .It Cm GSSAPIKexAlgorithms -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - The list of key exchange algorithms that are accepted by GSSAPI - key exchange. Possible values are - .Bd -literal -offset 3n --gss-gex-sha1-, --gss-group1-sha1-, --gss-group14-sha1-, --gss-group14-sha256-, --gss-group16-sha512-, --gss-nistp256-sha256-, -+gss-gex-sha1- -+gss-group1-sha1- -+gss-group14-sha1- -+gss-group14-sha256- -+gss-group16-sha512- -+gss-nistp256-sha256- - gss-curve25519-sha256- - .Ed --.Pp --The default is --.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-, --gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- . - This option only applies to connections using GSSAPI. - .It Cm HostbasedAcceptedAlgorithms -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies the signature algorithms that will be accepted for hostbased - authentication as a list of comma-separated patterns. - Alternately if the specified list begins with a - .Sq + - character, then the specified signature algorithms will be appended to --the default set instead of replacing them. -+the built-in openssh default set instead of replacing them. - If the specified list begins with a - .Sq - - character, then the specified signature algorithms (including wildcards) --will be removed from the default set instead of replacing them. -+will be removed from the built-in openssh default set instead of replacing them. - If the specified list begins with a - .Sq ^ - character, then the specified signature algorithms will be placed at --the head of the default set. --The default for this option is: --.Bd -literal -offset 3n --ssh-ed25519-cert-v01@openssh.com, --ecdsa-sha2-nistp256-cert-v01@openssh.com, --ecdsa-sha2-nistp384-cert-v01@openssh.com, --ecdsa-sha2-nistp521-cert-v01@openssh.com, --sk-ssh-ed25519-cert-v01@openssh.com, --sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, --rsa-sha2-512-cert-v01@openssh.com, --rsa-sha2-256-cert-v01@openssh.com, --ssh-ed25519, --ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, --sk-ssh-ed25519@openssh.com, --sk-ecdsa-sha2-nistp256@openssh.com, --rsa-sha2-512,rsa-sha2-256 --.Ed -+the head of the built-in openssh default set. - .Pp - The list of available signature algorithms may also be obtained using - .Qq ssh -Q HostbasedAcceptedAlgorithms . -@@ -879,25 +863,14 @@ - .Ev SSH_AUTH_SOCK - environment variable. - .It Cm HostKeyAlgorithms -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies the host key signature algorithms - that the server offers. - The default for this option is: --.Bd -literal -offset 3n --ssh-ed25519-cert-v01@openssh.com, --ecdsa-sha2-nistp256-cert-v01@openssh.com, --ecdsa-sha2-nistp384-cert-v01@openssh.com, --ecdsa-sha2-nistp521-cert-v01@openssh.com, --sk-ssh-ed25519-cert-v01@openssh.com, --sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, --rsa-sha2-512-cert-v01@openssh.com, --rsa-sha2-256-cert-v01@openssh.com, --ssh-ed25519, --ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, --sk-ssh-ed25519@openssh.com, --sk-ecdsa-sha2-nistp256@openssh.com, --rsa-sha2-512,rsa-sha2-256 --.Ed --.Pp - The list of available signature algorithms may also be obtained using - .Qq ssh -Q HostKeyAlgorithms . - .It Cm IgnoreRhosts -@@ -1044,20 +1017,25 @@ - The default is - .Cm yes . - .It Cm KexAlgorithms -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies the available KEX (Key Exchange) algorithms. - Multiple algorithms must be comma-separated. - Alternately if the specified list begins with a - .Sq + --character, then the specified algorithms will be appended to the default set --instead of replacing them. -+character, then the specified methods will be appended to the built-in -+openssh default set instead of replacing them. - If the specified list begins with a - .Sq - - character, then the specified algorithms (including wildcards) will be removed --from the default set instead of replacing them. -+from the built-in openssh default set instead of replacing them. - If the specified list begins with a - .Sq ^ - character, then the specified algorithms will be placed at the head of the --default set. -+built-in openssh default set. - The supported algorithms are: - .Pp - .Bl -item -compact -offset indent -@@ -1089,16 +1067,6 @@ - sntrup761x25519-sha512@openssh.com - .El - .Pp --The default is: --.Bd -literal -offset indent --sntrup761x25519-sha512@openssh.com, --curve25519-sha256,curve25519-sha256@libssh.org, --ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, --diffie-hellman-group-exchange-sha256, --diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, --diffie-hellman-group14-sha256 --.Ed --.Pp - The list of available key exchange algorithms may also be obtained using - .Qq ssh -Q KexAlgorithms . - .It Cm ListenAddress -@@ -1184,21 +1152,26 @@ - file. - This option is intended for debugging and no overrides are enabled by default. - .It Cm MACs -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies the available MAC (message authentication code) algorithms. - The MAC algorithm is used for data integrity protection. - Multiple algorithms must be comma-separated. - If the specified list begins with a - .Sq + --character, then the specified algorithms will be appended to the default set --instead of replacing them. -+character, then the specified algorithms will be appended to the built-in -+openssh default set instead of replacing them. - If the specified list begins with a - .Sq - - character, then the specified algorithms (including wildcards) will be removed --from the default set instead of replacing them. -+from the built-in openssh default set instead of replacing them. - If the specified list begins with a - .Sq ^ - character, then the specified algorithms will be placed at the head of the --default set. -+built-in openssh default set. - .Pp - The algorithms that contain - .Qq -etm -@@ -1241,15 +1214,6 @@ - umac-128-etm@openssh.com - .El - .Pp --The default is: --.Bd -literal -offset indent --umac-64-etm@openssh.com,umac-128-etm@openssh.com, --hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, --hmac-sha1-etm@openssh.com, --umac-64@openssh.com,umac-128@openssh.com, --hmac-sha2-256,hmac-sha2-512,hmac-sha1 --.Ed --.Pp - The list of available MAC algorithms may also be obtained using - .Qq ssh -Q mac . - .It Cm Match -@@ -1633,36 +1597,25 @@ - The default is - .Cm yes . - .It Cm PubkeyAcceptedAlgorithms -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+Information about defaults, how to modify the defaults and how to customize existing policies with sub-policies are present in manual page -+.Xr update-crypto-policies 8 . -+.Pp - Specifies the signature algorithms that will be accepted for public key - authentication as a list of comma-separated patterns. - Alternately if the specified list begins with a - .Sq + --character, then the specified algorithms will be appended to the default set --instead of replacing them. -+character, then the specified algorithms will be appended to the built-in -+openssh default set instead of replacing them. - If the specified list begins with a - .Sq - - character, then the specified algorithms (including wildcards) will be removed --from the default set instead of replacing them. -+from the built-in openssh default set instead of replacing them. - If the specified list begins with a - .Sq ^ - character, then the specified algorithms will be placed at the head of the --default set. --The default for this option is: --.Bd -literal -offset 3n --ssh-ed25519-cert-v01@openssh.com, --ecdsa-sha2-nistp256-cert-v01@openssh.com, --ecdsa-sha2-nistp384-cert-v01@openssh.com, --ecdsa-sha2-nistp521-cert-v01@openssh.com, --sk-ssh-ed25519-cert-v01@openssh.com, --sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, --rsa-sha2-512-cert-v01@openssh.com, --rsa-sha2-256-cert-v01@openssh.com, --ssh-ed25519, --ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, --sk-ssh-ed25519@openssh.com, --sk-ecdsa-sha2-nistp256@openssh.com, --rsa-sha2-512,rsa-sha2-256 --.Ed -+built-in openssh default set. - .Pp - The list of available signature algorithms may also be obtained using - .Qq ssh -Q PubkeyAcceptedAlgorithms . -@@ -2131,7 +2084,9 @@ - .El - .Sh SEE ALSO - .Xr sftp-server 8 , --.Xr sshd 8 -+.Xr sshd 8 , -+.Xr crypto-policies 7 , -+.Xr update-crypto-policies 8 - .Sh AUTHORS - .An -nosplit - OpenSSH is a derivative of the original and free |