1 files changed, 21 insertions, 11 deletions
diff --git a/ssh_config.0 b/ssh_config.0
index d8256d137..164d11817 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -97,10 +97,13 @@ DESCRIPTION
             preference.  Multiple ciphers must be comma-separated.  The
             supported ciphers are ``3des-cbc'', ``aes128-cbc'',
             ``aes192-cbc'', ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'',
-             ``aes256-ctr'', ``arcfour128'', ``arcfour256'', ``arcfour'',
+             ``aes256-ctr'', ``aes128-gcm@openssh.com'',
-             ``blowfish-cbc'', and ``cast128-cbc''.  The default is:
+             ``aes256-gcm@openssh.com'', ``arcfour128'', ``arcfour256'',
+             ``arcfour'', ``blowfish-cbc'', and ``cast128-cbc''.  The default
+             is:
                aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
+                aes128-gcm@openssh.com,aes256-gcm@openssh.com,
                aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
                aes256-cbc,arcfour
@@ -354,11 +357,11 @@ DESCRIPTION
     IdentitiesOnly
             Specifies that ssh(1) should only use the authentication identity
-             files configured in the ssh_config files, even if ssh-agent(1)
+             files configured in the ssh_config files, even if ssh-agent(1) or
-             offers more identities.  The argument to this keyword must be
+             a PKCS11Provider offers more identities.  The argument to this
-             ``yes'' or ``no''.  This option is intended for situations where
+             keyword must be ``yes'' or ``no''.  This option is intended for
-             ssh-agent offers many different identities.  The default is
+             situations where ssh-agent offers many different identities.  The
-             ``no''.
+             default is ``no''.
     IdentityFile
             Specifies a file from which the user's DSA, ECDSA or RSA
@@ -460,9 +463,16 @@ DESCRIPTION
     MACs    Specifies the MAC (message authentication code) algorithms in
             order of preference.  The MAC algorithm is used in protocol
             version 2 for data integrity protection.  Multiple algorithms
-             must be comma-separated.  The default is:
+             must be comma-separated.  The algorithms that contain ``-etm''
+             calculate the MAC after encryption (encrypt-then-mac).  These are
-                   hmac-md5,hmac-sha1,umac-64@openssh.com,
+             considered safer and their use recommended.  The default is:
+                   hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
+                   umac-64-etm@openssh.com,umac-128-etm@openssh.com,
+                   hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
+                   hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
+                   hmac-md5-96-etm@openssh.com,
+                   hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
                   hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
                   hmac-sha1-96,hmac-md5-96
@@ -763,4 +773,4 @@ AUTHORS
     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
     versions 1.5 and 2.0.
-OpenBSD 5.2                      June 29, 2012                     OpenBSD 5.2
+OpenBSD 5.3                     January 8, 2013                    OpenBSD 5.3

diff --git a/ssh_config.0 b/ssh_config.0 index d8256d137..164d11817 100644 --- a/ssh_config.0 +++ b/ssh_config.0
@@ -97,10 +97,13 @@ DESCRIPTION
97	preference. Multiple ciphers must be comma-separated. The	97	preference. Multiple ciphers must be comma-separated. The
98	supported ciphers are ``3des-cbc'', ``aes128-cbc'',	98	supported ciphers are ``3des-cbc'', ``aes128-cbc'',
99	``aes192-cbc'', ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'',	99	``aes192-cbc'', ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'',
100	``aes256-ctr'', ``arcfour128'', ``arcfour256'', ``arcfour'',	100	``aes256-ctr'', ``aes128-gcm@openssh.com'',
101	``blowfish-cbc'', and ``cast128-cbc''. The default is:	101	``aes256-gcm@openssh.com'', ``arcfour128'', ``arcfour256'',
		102	``arcfour'', ``blowfish-cbc'', and ``cast128-cbc''. The default
		103	is:
102		104
103	aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,	105	aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
		106	aes128-gcm@openssh.com,aes256-gcm@openssh.com,
104	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,	107	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
105	aes256-cbc,arcfour	108	aes256-cbc,arcfour
106		109
@@ -354,11 +357,11 @@ DESCRIPTION
354		357
355	IdentitiesOnly	358	IdentitiesOnly
356	Specifies that ssh(1) should only use the authentication identity	359	Specifies that ssh(1) should only use the authentication identity
357	files configured in the ssh_config files, even if ssh-agent(1)	360	files configured in the ssh_config files, even if ssh-agent(1) or
358	offers more identities. The argument to this keyword must be	361	a PKCS11Provider offers more identities. The argument to this
359	``yes'' or ``no''. This option is intended for situations where	362	keyword must be ``yes'' or ``no''. This option is intended for
360	ssh-agent offers many different identities. The default is	363	situations where ssh-agent offers many different identities. The
361	``no''.	364	default is ``no''.
362		365
363	IdentityFile	366	IdentityFile
364	Specifies a file from which the user's DSA, ECDSA or RSA	367	Specifies a file from which the user's DSA, ECDSA or RSA
@@ -460,9 +463,16 @@ DESCRIPTION
460	MACs Specifies the MAC (message authentication code) algorithms in	463	MACs Specifies the MAC (message authentication code) algorithms in
461	order of preference. The MAC algorithm is used in protocol	464	order of preference. The MAC algorithm is used in protocol
462	version 2 for data integrity protection. Multiple algorithms	465	version 2 for data integrity protection. Multiple algorithms
463	must be comma-separated. The default is:	466	must be comma-separated. The algorithms that contain ``-etm''
464		467	calculate the MAC after encryption (encrypt-then-mac). These are
465	hmac-md5,hmac-sha1,umac-64@openssh.com,	468	considered safer and their use recommended. The default is:
		469
		470	hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
		471	umac-64-etm@openssh.com,umac-128-etm@openssh.com,
		472	hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
		473	hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
		474	hmac-md5-96-etm@openssh.com,
		475	hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
466	hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,	476	hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
467	hmac-sha1-96,hmac-md5-96	477	hmac-sha1-96,hmac-md5-96
468		478
@@ -763,4 +773,4 @@ AUTHORS
763	created OpenSSH. Markus Friedl contributed the support for SSH protocol	773	created OpenSSH. Markus Friedl contributed the support for SSH protocol
764	versions 1.5 and 2.0.	774	versions 1.5 and 2.0.
765		775
766	OpenBSD 5.2 June 29, 2012 OpenBSD 5.2	776	OpenBSD 5.3 January 8, 2013 OpenBSD 5.3