On Thu, Aug 15, 2019 at 06:50:38PM +0100, Jason McIntyre wrote:
> what about
>
> If the cipher list begins with a
> .Sq
> character ...
Here's a diff that does s/value/list/ for all options mentioning
"ssh -Q ...": since this part already says "list", it seems quite nice.
The list of available MAC algorithms may also be obtained using
.Qq ssh -Q mac .
> so maybe we could do this for all places where -Q works? but maybe there
> was a solid reason for listing them in the first place?
Actually, removing the defaults cuts relevant information, since without
it users have no easy way to tell available and default options apart,
so I do no longer want to remove anything here.
Feedback? OK?
Index: ssh_config.5
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v
retrieving revision 1.298
diff -u -p -r1.298 ssh_config.5
--- ssh_config.5 9 Aug 2019 04:24:03 -0000 1.298
+++ ssh_config.5 15 Aug 2019 20:56:17 -0000
@@ -422,11 +422,11 @@ the check will not be executed.
.It Cm Ciphers
Specifies the ciphers allowed and their order of preference.
Multiple ciphers must be comma-separated.
-If the specified value begins with a
+If the specified list begins with a
.Sq +
character, then the specified ciphers will be appended to the default set
instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
.Sq -
character, then the specified ciphers (including wildcards) will be removed
from the default set instead of replacing them.
@@ -1044,11 +1044,11 @@ and
.It Cm KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms.
Multiple algorithms must be comma-separated.
-Alternately if the specified value begins with a
+If the specified list begins with a
.Sq +
character, then the specified methods will be appended to the default set
instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
.Sq -
character, then the specified methods (including wildcards) will be removed
from the default set instead of replacing them.
@@ -1125,11 +1125,11 @@ Specifies the MAC (message authenticatio
in order of preference.
The MAC algorithm is used for data integrity protection.
Multiple algorithms must be comma-separated.
-If the specified value begins with a
+If the specified list begins with a
.Sq +
character, then the specified algorithms will be appended to the default set
instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
.Sq -
character, then the specified algorithms (including wildcards) will be removed
from the default set instead of replacing them.
@@ -1282,11 +1282,11 @@ The default is
.It Cm PubkeyAcceptedKeyTypes
Specifies the key types that will be used for public key authentication
as a comma-separated list of patterns.
-Alternately if the specified value begins with a
+If the specified list begins with a
.Sq +
character, then the key types after it will be appended to the default
instead of replacing it.
-If the specified value begins with a
+If the specified list begins with a
.Sq -
character, then the specified key types (including wildcards) will be removed
from the default set instead of replacing them.
