.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.347 2021/02/15 20:43:15 markus Exp $
-.Dd $Mdocdate: February 15 2021 $
+.\" $OpenBSD: ssh_config.5,v 1.348 2021/02/23 21:55:08 djm Exp $
+.Dd $Mdocdate: February 23 2021 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
but may be manually hashed using
.Xr ssh-keygen 1 .
.It Cm HostbasedAcceptedAlgorithms
-Specifies the key types that will be used for hostbased authentication
-as a comma-separated list of patterns.
+Specifies the signature algorithms that will be used for hostbased
+authentication as a comma-separated list of patterns.
Alternately if the specified list begins with a
.Sq +
-character, then the specified key types will be appended to the default set
-instead of replacing them.
+character, then the specified signature algorithms will be appended
+to the default set instead of replacing them.
If the specified list begins with a
.Sq -
-character, then the specified key types (including wildcards) will be removed
-from the default set instead of replacing them.
+character, then the specified signature algorithms (including wildcards)
+will be removed from the default set instead of replacing them.
If the specified list begins with a
.Sq ^
-character, then the specified key types will be placed at the head of the
-default set.
+character, then the specified signature algorithms will be placed
+at the head of the default set.
The default for this option is:
.Bd -literal -offset 3n
ssh-ed25519-cert-v01@openssh.com,
.Fl Q
option of
.Xr ssh 1
-may be used to list supported key types.
+may be used to list supported signature algorithms.
This was formerly named HostbasedKeyTypes.
.It Cm HostbasedAuthentication
Specifies whether to try rhosts based authentication with public key
.Cm no
(the default).
.It Cm HostKeyAlgorithms
-Specifies the host key algorithms
+Specifies the host key signature algorithms
that the client wants to use in order of preference.
Alternately if the specified list begins with a
.Sq +
-character, then the specified key types will be appended to the default set
-instead of replacing them.
+character, then the specified signature algorithms will be appended to
+the default set instead of replacing them.
If the specified list begins with a
.Sq -
-character, then the specified key types (including wildcards) will be removed
-from the default set instead of replacing them.
+character, then the specified signature algorithms (including wildcards)
+will be removed from the default set instead of replacing them.
If the specified list begins with a
.Sq ^
-character, then the specified key types will be placed at the head of the
-default set.
+character, then the specified signature algorithms will be placed
+at the head of the default set.
The default for this option is:
.Bd -literal -offset 3n
ssh-ed25519-cert-v01@openssh.com,
If hostkeys are known for the destination host then this default is modified
to prefer their algorithms.
.Pp
-The list of available key types may also be obtained using
+The list of available signature algorithms may also be obtained using
.Qq ssh -Q HostKeyAlgorithms .
.It Cm HostKeyAlias
Specifies an alias that should be used instead of the
rsa-sha2-512,rsa-sha2-256,ssh-rsa
.Ed
.Pp
-The list of available key types may also be obtained using
+The list of available signature algorithms may also be obtained using
.Qq ssh -Q PubkeyAcceptedAlgorithms .
.It Cm PubkeyAuthentication
Specifies whether to try public key authentication.
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.326 2021/02/23 21:50:18 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.327 2021/02/23 21:55:08 djm Exp $
.Dd $Mdocdate: February 23 2021 $
.Dt SSHD_CONFIG 5
.Os
The default is
.Cm yes .
.It Cm HostbasedAcceptedAlgorithms
-Specifies the key types that will be accepted for hostbased authentication
-as a list of comma-separated patterns.
+Specifies the signature algorithms that will be accepted for hostbased
+authentication as a list of comma-separated patterns.
Alternately if the specified list begins with a
.Sq +
-character, then the specified key types will be appended to the default set
-instead of replacing them.
+character, then the specified signature algorithms will be appended to
+the default set instead of replacing them.
If the specified list begins with a
.Sq -
-character, then the specified key types (including wildcards) will be removed
-from the default set instead of replacing them.
+character, then the specified signature algorithms (including wildcards)
+will be removed from the default set instead of replacing them.
If the specified list begins with a
.Sq ^
-character, then the specified key types will be placed at the head of the
-default set.
+character, then the specified signature algorithms will be placed at
+the head of the default set.
The default for this option is:
.Bd -literal -offset 3n
ssh-ed25519-cert-v01@openssh.com,
rsa-sha2-512,rsa-sha2-256,ssh-rsa
.Ed
.Pp
-The list of available key types may also be obtained using
+The list of available signature algorithms may also be obtained using
.Qq ssh -Q HostbasedAcceptedAlgorithms .
This was formerly named HostbasedAcceptedKeyTypes.
.It Cm HostbasedAuthentication
.Ev SSH_AUTH_SOCK
environment variable.
.It Cm HostKeyAlgorithms
-Specifies the host key algorithms
+Specifies the host key signature algorithms
that the server offers.
The default for this option is:
.Bd -literal -offset 3n
rsa-sha2-512,rsa-sha2-256,ssh-rsa
.Ed
.Pp
-The list of available key types may also be obtained using
+The list of available signature algorithms may also be obtained using
.Qq ssh -Q HostKeyAlgorithms .
.It Cm IgnoreRhosts
Specifies whether to ignore per-user
projects / openbsd / commitdiff