1 files changed, 13 insertions, 2 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 15b82e84d..ba50a30f1 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.281 2018/07/20 05:01:10 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.282 2018/09/20 03:28:06 djm Exp $
-.Dd $Mdocdate: July 20 2018 $
+.Dd $Mdocdate: September 20 2018 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -404,6 +404,17 @@ If the argument is
 .Cm none
 then no banner is displayed.
 By default, no banner is displayed.
+.It Cm CASignatureAlgorithms
+Specifies which algorithms are allowed for signing of certificates
+by certificate authorities (CAs).
+The default is:
+.Bd -literal -offset indent
+ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+.Ed
+.Pp
+Certificates signed using other algorithms will not be accepted for
+public key or host-based authentication.
 .It Cm ChallengeResponseAuthentication
 Specifies whether challenge-response authentication is allowed (e.g. via
 PAM).

diff --git a/sshd_config.5 b/sshd_config.5 index 15b82e84d..ba50a30f1 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.281 2018/07/20 05:01:10 djm Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.282 2018/09/20 03:28:06 djm Exp $
37	.Dd $Mdocdate: July 20 2018 $	37	.Dd $Mdocdate: September 20 2018 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -404,6 +404,17 @@ If the argument is
404	.Cm none	404	.Cm none
405	then no banner is displayed.	405	then no banner is displayed.
406	By default, no banner is displayed.	406	By default, no banner is displayed.
		407	.It Cm CASignatureAlgorithms
		408	Specifies which algorithms are allowed for signing of certificates
		409	by certificate authorities (CAs).
		410	The default is:
		411	.Bd -literal -offset indent
		412	ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
		413	ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
		414	.Ed
		415	.Pp
		416	Certificates signed using other algorithms will not be accepted for
		417	public key or host-based authentication.
407	.It Cm ChallengeResponseAuthentication	418	.It Cm ChallengeResponseAuthentication
408	Specifies whether challenge-response authentication is allowed (e.g. via	419	Specifies whether challenge-response authentication is allowed (e.g. via
409	PAM).	420	PAM).