rcolebaugh / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone
Norbert Pocs 415f8e
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/ssh_config.5 openssh-8.7p1-patched/ssh_config.5
Norbert Pocs 415f8e
--- openssh-8.7p1/ssh_config.5	2023-06-02 09:14:40.279373577 +0200
Norbert Pocs 415f8e
+++ openssh-8.7p1-patched/ssh_config.5	2023-05-30 16:01:04.533848172 +0200
Norbert Pocs 415f8e
@@ -989,6 +989,17 @@
Norbert Pocs 415f8e
 .Pp
Norbert Pocs 415f8e
 The list of available signature algorithms may also be obtained using
Norbert Pocs 415f8e
 .Qq ssh -Q HostKeyAlgorithms .
Norbert Pocs 415f8e
+.Pp
Norbert Pocs 415f8e
+The proposed
Norbert Pocs 415f8e
+.Cm HostKeyAlgorithms
Norbert Pocs 415f8e
+during KEX are limited to the set of algorithms that is defined in
Norbert Pocs 415f8e
+.Cm PubkeyAcceptedAlgorithms
Norbert Pocs 415f8e
+and therefore they are indirectly affected by system-wide
Norbert Pocs 415f8e
+.Xr crypto_policies 7 .
Norbert Pocs 415f8e
+.Xr crypto_policies 7 can not handle the list of host key algorithms directly as doing so
Norbert Pocs 415f8e
+would break the order given by the
Norbert Pocs 415f8e
+.Pa known_hosts
Norbert Pocs 415f8e
+file.
Norbert Pocs 415f8e
 .It Cm HostKeyAlias
Norbert Pocs 415f8e
 Specifies an alias that should be used instead of the
Norbert Pocs 415f8e
 real host name when looking up or saving the host key
Norbert Pocs 415f8e
@@ -1564,6 +1575,9 @@
Norbert Pocs 415f8e
 .Pp
Norbert Pocs 415f8e
 The list of available signature algorithms may also be obtained using
Norbert Pocs 415f8e
 .Qq ssh -Q PubkeyAcceptedAlgorithms .
Norbert Pocs 415f8e
+.Pp
Norbert Pocs 415f8e
+This option affects also
Norbert Pocs 415f8e
+.Cm HostKeyAlgorithms
Norbert Pocs 415f8e
 .It Cm PubkeyAuthentication
Norbert Pocs 415f8e
 Specifies whether to try public key authentication.
Norbert Pocs 415f8e
 The argument to this keyword must be