1 files changed, 34 insertions, 8 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index d29963c15..e51439849 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.212 2015/07/03 03:47:00 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.213 2015/07/10 06:21:53 markus Exp $
-.Dd $Mdocdate: July 3 2015 $
+.Dd $Mdocdate: July 10 2015 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -781,9 +781,17 @@ is similar to
 .It Cm HostbasedKeyTypes
 Specifies the key types that will be used for hostbased authentication
 as a comma-separated pattern list.
-The default
+The default for this option is:
-.Dq *
+.Bd -literal -offset 3n
-will allow all key types.
+ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ssh-ed25519-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
+.Ed
+.Pp
 The
 .Fl Q
 option of
@@ -798,10 +806,9 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com,
 ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 ssh-ed25519-cert-v01@openssh.com,
-ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,
-ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa,ssh-dss
+ssh-ed25519,ssh-rsa
 .Ed
 .Pp
 If hostkeys are known for the destination host then this default is modified
@@ -1206,6 +1213,25 @@ will pass a connected file descriptor back to
 instead of continuing to execute and pass data.
 The default is
 .Dq no .
+.It Cm PubkeyAcceptedKeyTypes
+Specifies the key types that will be used for public key authentication
+as a comma-separated pattern list.
+The default for this option is:
+.Bd -literal -offset 3n
+ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ssh-ed25519-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
+.Ed
+.Pp
+The
+.Fl Q
+option of
+.Xr ssh 1
+may be used to list supported key types.
 .It Cm PubkeyAuthentication
 Specifies whether to try public key authentication.
 The argument to this keyword must be

diff --git a/ssh_config.5 b/ssh_config.5 index d29963c15..e51439849 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.212 2015/07/03 03:47:00 djm Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.213 2015/07/10 06:21:53 markus Exp $
37	.Dd $Mdocdate: July 3 2015 $	37	.Dd $Mdocdate: July 10 2015 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -781,9 +781,17 @@ is similar to
781	.It Cm HostbasedKeyTypes	781	.It Cm HostbasedKeyTypes
782	Specifies the key types that will be used for hostbased authentication	782	Specifies the key types that will be used for hostbased authentication
783	as a comma-separated pattern list.	783	as a comma-separated pattern list.
784	The default	784	The default for this option is:
785	.Dq *	785	.Bd -literal -offset 3n
786	will allow all key types.	786	ecdsa-sha2-nistp256-cert-v01@openssh.com,
		787	ecdsa-sha2-nistp384-cert-v01@openssh.com,
		788	ecdsa-sha2-nistp521-cert-v01@openssh.com,
		789	ssh-ed25519-cert-v01@openssh.com,
		790	ssh-rsa-cert-v01@openssh.com,
		791	ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
		792	ssh-ed25519,ssh-rsa
		793	.Ed
		794	.Pp
787	The	795	The
788	.Fl Q	796	.Fl Q
789	option of	797	option of
@@ -798,10 +806,9 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com,
798	ecdsa-sha2-nistp384-cert-v01@openssh.com,	806	ecdsa-sha2-nistp384-cert-v01@openssh.com,
799	ecdsa-sha2-nistp521-cert-v01@openssh.com,	807	ecdsa-sha2-nistp521-cert-v01@openssh.com,
800	ssh-ed25519-cert-v01@openssh.com,	808	ssh-ed25519-cert-v01@openssh.com,
801	ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,	809	ssh-rsa-cert-v01@openssh.com,
802	ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
803	ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,	810	ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
804	ssh-ed25519,ssh-rsa,ssh-dss	811	ssh-ed25519,ssh-rsa
805	.Ed	812	.Ed
806	.Pp	813	.Pp
807	If hostkeys are known for the destination host then this default is modified	814	If hostkeys are known for the destination host then this default is modified
@@ -1206,6 +1213,25 @@ will pass a connected file descriptor back to
1206	instead of continuing to execute and pass data.	1213	instead of continuing to execute and pass data.
1207	The default is	1214	The default is
1208	.Dq no .	1215	.Dq no .
		1216	.It Cm PubkeyAcceptedKeyTypes
		1217	Specifies the key types that will be used for public key authentication
		1218	as a comma-separated pattern list.
		1219	The default for this option is:
		1220	.Bd -literal -offset 3n
		1221	ecdsa-sha2-nistp256-cert-v01@openssh.com,
		1222	ecdsa-sha2-nistp384-cert-v01@openssh.com,
		1223	ecdsa-sha2-nistp521-cert-v01@openssh.com,
		1224	ssh-ed25519-cert-v01@openssh.com,
		1225	ssh-rsa-cert-v01@openssh.com,
		1226	ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
		1227	ssh-ed25519,ssh-rsa
		1228	.Ed
		1229	.Pp
		1230	The
		1231	.Fl Q
		1232	option of
		1233	.Xr ssh 1
		1234	may be used to list supported key types.
1209	.It Cm PubkeyAuthentication	1235	.It Cm PubkeyAuthentication
1210	Specifies whether to try public key authentication.	1236	Specifies whether to try public key authentication.
1211	The argument to this keyword must be	1237	The argument to this keyword must be