sshd config: Add reference to the implementation sections upstream
Also consistently move default setting description to the bottom of the
configuration section.
Release-Notes: sshd config: Reference implementation sections upstream
Change-Id: I467d0158b48924324768e3d99bff0be18c582a8b
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt
index 3e60e0e..2e26ad3 100644
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -5083,10 +5083,12 @@
* `3des-cbc`
* `none`
+
-By default, all supported ciphers except `none` are available.
-+
If your setup allows for it, it's recommended to disable all ciphers except
the AES-CTR modes.
++
+See also link:https://github.com/apache/mina-sshd/tree/master#ciphers[ciphers,role=external,window=_blank].
++
+By default, all supported ciphers except `none` are available.
[[sshd.mac]]sshd.mac::
+
@@ -5108,6 +5110,8 @@
* `hmac-sha2-256-etm@openssh.com`
* `hmac-sha2-512-etm@openssh.com`
+
+See also link:https://github.com/apache/mina-sshd/tree/master#macs[macs,role=external,window=_blank].
++
By default, all supported MACs are available.
[[sshd.enableDeprecatedKexAlgorithms]]sshd.enableDeprecatedKexAlgorithms::
@@ -5148,12 +5152,14 @@
See link:#sshd.enableDeprecatedKexAlgorithms[sshd.enableDeprecatedKexAlgorithms]
for deprecated key algorithms and how to enable them.
-By default, all supported key exchange algorithms are available.
-
It is strongly recommended to disable at least `diffie-hellman-group1-sha1`
as it's known to be vulnerable (logjam attack). Additionally, if your setup
allows for it, it is recommended to disable the remaining two `sha1` key
exchange algorithms.
+
+See also link:https://github.com/apache/mina-sshd/tree/master#key-exchange[key exchange,role=external,window=_blank].
+
+By default, all supported key exchange algorithms are available.
--
[[sshd.kerberosKeytab]]sshd.kerberosKeytab::
