From fc6192731c768938bb38f281b17b2569bf1ad8e2 Mon Sep 17 00:00:00 2001 From: djm Date: Tue, 23 Feb 2021 21:55:08 +0000 Subject: [PATCH] lots more s/key types/signature algorithms/ mostly in HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen --- usr.bin/ssh/ssh_config.5 | 40 +++++++++++++++++++-------------------- usr.bin/ssh/sshd_config.5 | 24 +++++++++++------------ 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 99e7033f661..eb0a4e3a4e0 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.347 2021/02/15 20:43:15 markus Exp $ -.Dd $Mdocdate: February 15 2021 $ +.\" $OpenBSD: ssh_config.5,v 1.348 2021/02/23 21:55:08 djm Exp $ +.Dd $Mdocdate: February 23 2021 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -801,20 +801,20 @@ will not be converted automatically, but may be manually hashed using .Xr ssh-keygen 1 . .It Cm HostbasedAcceptedAlgorithms -Specifies the key types that will be used for hostbased authentication -as a comma-separated list of patterns. +Specifies the signature algorithms that will be used for hostbased +authentication as a comma-separated list of patterns. Alternately if the specified list begins with a .Sq + -character, then the specified key types will be appended to the default set -instead of replacing them. +character, then the specified signature algorithms will be appended +to the default set instead of replacing them. If the specified list begins with a .Sq - -character, then the specified key types (including wildcards) will be removed -from the default set instead of replacing them. +character, then the specified signature algorithms (including wildcards) +will be removed from the default set instead of replacing them. If the specified list begins with a .Sq ^ -character, then the specified key types will be placed at the head of the -default set. +character, then the specified signature algorithms will be placed +at the head of the default set. The default for this option is: .Bd -literal -offset 3n ssh-ed25519-cert-v01@openssh.com, @@ -837,7 +837,7 @@ The .Fl Q option of .Xr ssh 1 -may be used to list supported key types. +may be used to list supported signature algorithms. This was formerly named HostbasedKeyTypes. .It Cm HostbasedAuthentication Specifies whether to try rhosts based authentication with public key @@ -848,20 +848,20 @@ or .Cm no (the default). .It Cm HostKeyAlgorithms -Specifies the host key algorithms +Specifies the host key signature algorithms that the client wants to use in order of preference. Alternately if the specified list begins with a .Sq + -character, then the specified key types will be appended to the default set -instead of replacing them. +character, then the specified signature algorithms will be appended to +the default set instead of replacing them. If the specified list begins with a .Sq - -character, then the specified key types (including wildcards) will be removed -from the default set instead of replacing them. +character, then the specified signature algorithms (including wildcards) +will be removed from the default set instead of replacing them. If the specified list begins with a .Sq ^ -character, then the specified key types will be placed at the head of the -default set. +character, then the specified signature algorithms will be placed +at the head of the default set. The default for this option is: .Bd -literal -offset 3n ssh-ed25519-cert-v01@openssh.com, @@ -883,7 +883,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa If hostkeys are known for the destination host then this default is modified to prefer their algorithms. .Pp -The list of available key types may also be obtained using +The list of available signature algorithms may also be obtained using .Qq ssh -Q HostKeyAlgorithms . .It Cm HostKeyAlias Specifies an alias that should be used instead of the @@ -1462,7 +1462,7 @@ sk-ecdsa-sha2-nistp256@openssh.com, rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp -The list of available key types may also be obtained using +The list of available signature algorithms may also be obtained using .Qq ssh -Q PubkeyAcceptedAlgorithms . .It Cm PubkeyAuthentication Specifies whether to try public key authentication. diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 713e588f1a6..ae4f7210e7f 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.326 2021/02/23 21:50:18 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.327 2021/02/23 21:55:08 djm Exp $ .Dd $Mdocdate: February 23 2021 $ .Dt SSHD_CONFIG 5 .Os @@ -661,20 +661,20 @@ This facility is provided to assist with operation on multi homed machines. The default is .Cm yes . .It Cm HostbasedAcceptedAlgorithms -Specifies the key types that will be accepted for hostbased authentication -as a list of comma-separated patterns. +Specifies the signature algorithms that will be accepted for hostbased +authentication as a list of comma-separated patterns. Alternately if the specified list begins with a .Sq + -character, then the specified key types will be appended to the default set -instead of replacing them. +character, then the specified signature algorithms will be appended to +the default set instead of replacing them. If the specified list begins with a .Sq - -character, then the specified key types (including wildcards) will be removed -from the default set instead of replacing them. +character, then the specified signature algorithms (including wildcards) +will be removed from the default set instead of replacing them. If the specified list begins with a .Sq ^ -character, then the specified key types will be placed at the head of the -default set. +character, then the specified signature algorithms will be placed at +the head of the default set. The default for this option is: .Bd -literal -offset 3n ssh-ed25519-cert-v01@openssh.com, @@ -693,7 +693,7 @@ sk-ecdsa-sha2-nistp256@openssh.com, rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp -The list of available key types may also be obtained using +The list of available signature algorithms may also be obtained using .Qq ssh -Q HostbasedAcceptedAlgorithms . This was formerly named HostbasedAcceptedKeyTypes. .It Cm HostbasedAuthentication @@ -758,7 +758,7 @@ is specified, the location of the socket will be read from the .Ev SSH_AUTH_SOCK environment variable. .It Cm HostKeyAlgorithms -Specifies the host key algorithms +Specifies the host key signature algorithms that the server offers. The default for this option is: .Bd -literal -offset 3n @@ -778,7 +778,7 @@ sk-ecdsa-sha2-nistp256@openssh.com, rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp -The list of available key types may also be obtained using +The list of available signature algorithms may also be obtained using .Qq ssh -Q HostKeyAlgorithms . .It Cm IgnoreRhosts Specifies whether to ignore per-user -- 2.20.1