upstream: reorder CASignatureAlgorithms, and add them to the

various -o lists; ok djm OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
author: jmc@openbsd.org <jmc@openbsd.org> 2018-09-20 06:58:48 +0000
committer: Damien Miller <djm@mindrot.org> 2018-09-21 09:41:10 +1000
commit: e6933a2ffa0659d57f3c7b7c457b2c62b2a84613 (patch)
tree: 3eb1d7864ad1439ec7ca2960a2748c22bca16855 /ssh_config.5
parent: aa083aa9624ea7b764d5a81c4c676719a1a3e42b (diff)
1 files changed, 13 insertions, 13 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index a9b44cc44..c7192665f 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.282 2018/09/20 03:30:44 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.283 2018/09/20 06:58:48 jmc Exp $
 .Dd $Mdocdate: September 20 2018 $
 .Dt SSH_CONFIG 5
 .Os
@@ -261,18 +261,6 @@ Only useful on systems with more than one address.
 .It Cm BindInterface
 Use the address of the specified interface on the local machine as the
 source address of the connection.
-.It Cm CASignatureAlgorithms
-Specifies which algorithms are allowed for signing of certificates
-by certificate authorities (CAs).
-The default is:
-.Bd -literal -offset indent
-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed
-.Pp
-.Xr ssh 1
-will not accept host certificates signed using algorithms other than those
-specified.
 .It Cm CanonicalDomains
 When
 .Cm CanonicalizeHostname
@@ -348,6 +336,18 @@ to be canonicalized to names in the
 or
 .Qq *.c.example.com
 domains.
+.It Cm CASignatureAlgorithms
+Specifies which algorithms are allowed for signing of certificates
+by certificate authorities (CAs).
+The default is:
+.Bd -literal -offset indent
+ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+.Ed
+.Pp
+.Xr ssh 1
+will not accept host certificates signed using algorithms other than those
+specified.
 .It Cm CertificateFile
 Specifies a file from which the user's certificate is read.
 A corresponding private key must be provided separately in order
author	jmc@openbsd.org <jmc@openbsd.org>	2018-09-20 06:58:48 +0000
committer	Damien Miller <djm@mindrot.org>	2018-09-21 09:41:10 +1000
commit	e6933a2ffa0659d57f3c7b7c457b2c62b2a84613 (patch)
tree	3eb1d7864ad1439ec7ca2960a2748c22bca16855 /ssh_config.5
parent	aa083aa9624ea7b764d5a81c4c676719a1a3e42b (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index a9b44cc44..c7192665f 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,7 +33,7 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.282 2018/09/20 03:30:44 djm Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.283 2018/09/20 06:58:48 jmc Exp $
37	.Dd $Mdocdate: September 20 2018 $	37	.Dd $Mdocdate: September 20 2018 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
@@ -261,18 +261,6 @@ Only useful on systems with more than one address.
261	.It Cm BindInterface	261	.It Cm BindInterface
262	Use the address of the specified interface on the local machine as the	262	Use the address of the specified interface on the local machine as the
263	source address of the connection.	263	source address of the connection.
264	.It Cm CASignatureAlgorithms
265	Specifies which algorithms are allowed for signing of certificates
266	by certificate authorities (CAs).
267	The default is:
268	.Bd -literal -offset indent
269	ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
270	ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
271	.Ed
272	.Pp
273	.Xr ssh 1
274	will not accept host certificates signed using algorithms other than those
275	specified.
276	.It Cm CanonicalDomains	264	.It Cm CanonicalDomains
277	When	265	When
278	.Cm CanonicalizeHostname	266	.Cm CanonicalizeHostname
@@ -348,6 +336,18 @@ to be canonicalized to names in the
348	or	336	or
349	.Qq *.c.example.com	337	.Qq *.c.example.com
350	domains.	338	domains.
		339	.It Cm CASignatureAlgorithms
		340	Specifies which algorithms are allowed for signing of certificates
		341	by certificate authorities (CAs).
		342	The default is:
		343	.Bd -literal -offset indent
		344	ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
		345	ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
		346	.Ed
		347	.Pp
		348	.Xr ssh 1
		349	will not accept host certificates signed using algorithms other than those
		350	specified.
351	.It Cm CertificateFile	351	.It Cm CertificateFile
352	Specifies a file from which the user's certificate is read.	352	Specifies a file from which the user's certificate is read.
353	A corresponding private key must be provided separately in order	353	A corresponding private key must be provided separately in order