The current wording explaining how to append or exclude ciphers seems
ambiguous as to whether an optional dash or plus character is to be
prepended once to the entire list or every cipher in the list.

Diff below slightly tweaks it without substantial changes, making it
clearer (at least for non-native speakers, I think).

We could also a simple example excluding weak ciphers, but if we nailed
the wording it would not be needed to extend this already length manual
much further.

Also, to sync `Ciphers' and `KexAlgorithms', stop listing supported
ciphers in the first one since we already point to `ssh -Q ...' for
listing all available ones already, and add a missing `.Pp' to the latter.

Feedback?

Index: ssh_config.5
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v
retrieving revision 1.298
diff -u -p -r1.298 ssh_config.5
--- ssh_config.5        9 Aug 2019 04:24:03 -0000       1.298
+++ ssh_config.5        15 Aug 2019 16:27:43 -0000
@@ -424,27 +424,13 @@ Specifies the ciphers allowed and their 
 Multiple ciphers must be comma-separated.
 If the specified value begins with a
 .Sq +
-character, then the specified ciphers will be appended to the default set
+character, all specified ciphers will be appended to the default set
 instead of replacing them.
 If the specified value begins with a
 .Sq -
-character, then the specified ciphers (including wildcards) will be removed
+character, all specified ciphers (including wildcards) will be removed
 from the default set instead of replacing them.
 .Pp
-The supported ciphers are:
-.Bd -literal -offset indent
-3des-cbc
-aes128-cbc
-aes192-cbc
-aes256-cbc
-aes128-ctr
-aes192-ctr
-aes256-ctr
-aes128-...@openssh.com
-aes256-...@openssh.com
-chacha20-poly1...@openssh.com
-.Ed
-.Pp
 The default is:
 .Bd -literal -offset indent
 chacha20-poly1...@openssh.com,
@@ -1044,14 +1030,15 @@ and
 .It Cm KexAlgorithms
 Specifies the available KEX (Key Exchange) algorithms.
 Multiple algorithms must be comma-separated.
-Alternately if the specified value begins with a
+If the specified value begins with a
 .Sq +
-character, then the specified methods will be appended to the default set
+character, all specified methods will be appended to the default set
 instead of replacing them.
 If the specified value begins with a
 .Sq -
-character, then the specified methods (including wildcards) will be removed
+character, all specified methods (including wildcards) will be removed
 from the default set instead of replacing them.
+.Pp
 The default is:
 .Bd -literal -offset indent
 curve25519-sha256,curve25519-sha...@libssh.org,

Reply via email to