upstream: Allow prepending a list of algorithms to the default set

by starting the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@ OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
author: naddy@openbsd.org <naddy@openbsd.org> 2019-09-06 14:45:34 +0000
committer: Damien Miller <djm@mindrot.org> 2019-09-08 14:49:04 +1000
commit: 91a2135f32acdd6378476c5bae475a6e7811a6a2 (patch)
tree: da8ddb5e4236cb12f3c70ab939e3abe674aa8ba4 /ssh_config.5
parent: c8bdd2db77ac2369d5cdee237656f266c8f41552 (diff)
1 files changed, 26 insertions, 2 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 14d96beaf..e114b1dfe 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.300 2019/09/04 20:31:15 naddy Exp $
+.\" $OpenBSD: ssh_config.5,v 1.301 2019/09/06 14:45:34 naddy Exp $
-.Dd $Mdocdate: September 4 2019 $
+.Dd $Mdocdate: September 6 2019 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -430,6 +430,10 @@ If the specified list begins with a
 .Sq -
 character, then the specified ciphers (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified ciphers will be placed at the head of the
+default set.
 .Pp
 The supported ciphers are:
 .Bd -literal -offset indent
@@ -794,6 +798,10 @@ If the specified list begins with a
 .Sq -
 character, then the specified key types (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified key types will be placed at the head of the
+default set.
 The default for this option is:
 .Bd -literal -offset 3n
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -822,6 +830,10 @@ If the specified list begins with a
 .Sq -
 character, then the specified key types (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified key types will be placed at the head of the
+default set.
 The default for this option is:
 .Bd -literal -offset 3n
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -1051,6 +1063,10 @@ If the specified list begins with a
 .Sq -
 character, then the specified methods (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified methods will be placed at the head of the
+default set.
 The default is:
 .Bd -literal -offset indent
 curve25519-sha256,curve25519-sha256@libssh.org,
@@ -1132,6 +1148,10 @@ If the specified list begins with a
 .Sq -
 character, then the specified algorithms (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified algorithms will be placed at the head of the
+default set.
 .Pp
 The algorithms that contain
 .Qq -etm
@@ -1289,6 +1309,10 @@ If the specified list begins with a
 .Sq -
 character, then the specified key types (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified key types will be placed at the head of the
+default set.
 The default for this option is:
 .Bd -literal -offset 3n
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
author	naddy@openbsd.org <naddy@openbsd.org>	2019-09-06 14:45:34 +0000
committer	Damien Miller <djm@mindrot.org>	2019-09-08 14:49:04 +1000
commit	91a2135f32acdd6378476c5bae475a6e7811a6a2 (patch)
tree	da8ddb5e4236cb12f3c70ab939e3abe674aa8ba4 /ssh_config.5
parent	c8bdd2db77ac2369d5cdee237656f266c8f41552 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 14d96beaf..e114b1dfe 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.300 2019/09/04 20:31:15 naddy Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.301 2019/09/06 14:45:34 naddy Exp $
37	.Dd $Mdocdate: September 4 2019 $	37	.Dd $Mdocdate: September 6 2019 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -430,6 +430,10 @@ If the specified list begins with a
430	.Sq -	430	.Sq -
431	character, then the specified ciphers (including wildcards) will be removed	431	character, then the specified ciphers (including wildcards) will be removed
432	from the default set instead of replacing them.	432	from the default set instead of replacing them.
		433	If the specified list begins with a
		434	.Sq ^
		435	character, then the specified ciphers will be placed at the head of the
		436	default set.
433	.Pp	437	.Pp
434	The supported ciphers are:	438	The supported ciphers are:
435	.Bd -literal -offset indent	439	.Bd -literal -offset indent
@@ -794,6 +798,10 @@ If the specified list begins with a
794	.Sq -	798	.Sq -
795	character, then the specified key types (including wildcards) will be removed	799	character, then the specified key types (including wildcards) will be removed
796	from the default set instead of replacing them.	800	from the default set instead of replacing them.
		801	If the specified list begins with a
		802	.Sq ^
		803	character, then the specified key types will be placed at the head of the
		804	default set.
797	The default for this option is:	805	The default for this option is:
798	.Bd -literal -offset 3n	806	.Bd -literal -offset 3n
799	ecdsa-sha2-nistp256-cert-v01@openssh.com,	807	ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -822,6 +830,10 @@ If the specified list begins with a
822	.Sq -	830	.Sq -
823	character, then the specified key types (including wildcards) will be removed	831	character, then the specified key types (including wildcards) will be removed
824	from the default set instead of replacing them.	832	from the default set instead of replacing them.
		833	If the specified list begins with a
		834	.Sq ^
		835	character, then the specified key types will be placed at the head of the
		836	default set.
825	The default for this option is:	837	The default for this option is:
826	.Bd -literal -offset 3n	838	.Bd -literal -offset 3n
827	ecdsa-sha2-nistp256-cert-v01@openssh.com,	839	ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -1051,6 +1063,10 @@ If the specified list begins with a
1051	.Sq -	1063	.Sq -
1052	character, then the specified methods (including wildcards) will be removed	1064	character, then the specified methods (including wildcards) will be removed
1053	from the default set instead of replacing them.	1065	from the default set instead of replacing them.
		1066	If the specified list begins with a
		1067	.Sq ^
		1068	character, then the specified methods will be placed at the head of the
		1069	default set.
1054	The default is:	1070	The default is:
1055	.Bd -literal -offset indent	1071	.Bd -literal -offset indent
1056	curve25519-sha256,curve25519-sha256@libssh.org,	1072	curve25519-sha256,curve25519-sha256@libssh.org,
@@ -1132,6 +1148,10 @@ If the specified list begins with a
1132	.Sq -	1148	.Sq -
1133	character, then the specified algorithms (including wildcards) will be removed	1149	character, then the specified algorithms (including wildcards) will be removed
1134	from the default set instead of replacing them.	1150	from the default set instead of replacing them.
		1151	If the specified list begins with a
		1152	.Sq ^
		1153	character, then the specified algorithms will be placed at the head of the
		1154	default set.
1135	.Pp	1155	.Pp
1136	The algorithms that contain	1156	The algorithms that contain
1137	.Qq -etm	1157	.Qq -etm
@@ -1289,6 +1309,10 @@ If the specified list begins with a
1289	.Sq -	1309	.Sq -
1290	character, then the specified key types (including wildcards) will be removed	1310	character, then the specified key types (including wildcards) will be removed
1291	from the default set instead of replacing them.	1311	from the default set instead of replacing them.
		1312	If the specified list begins with a
		1313	.Sq ^
		1314	character, then the specified key types will be placed at the head of the
		1315	default set.
1292	The default for this option is:	1316	The default for this option is:
1293	.Bd -literal -offset 3n	1317	.Bd -literal -offset 3n
1294	ecdsa-sha2-nistp256-cert-v01@openssh.com,	1318	ecdsa-sha2-nistp256-cert-v01@openssh.com,