On Thu, Aug 15, 2019 at 10:57:38PM +0200, Klemens Nanni wrote: > On Thu, Aug 15, 2019 at 06:50:38PM +0100, Jason McIntyre wrote: > > what about > > > > If the cipher list begins with a > > .Sq > > character ... > Here's a diff that does s/value/list/ for all options mentioning > "ssh -Q ...": since this part already says "list", it seems quite nice. > > The list of available MAC algorithms may also be obtained using > > > .Qq ssh -Q mac . > > > so maybe we could do this for all places where -Q works? but maybe there > > was a solid reason for listing them in the first place? > Actually, removing the defaults cuts relevant information, since without > it users have no easy way to tell available and default options apart, > so I do no longer want to remove anything here. >
ah, that was the reason for documenting the defaults! ok for your diff. jmc > Feedback? OK? > > Index: ssh_config.5 > =================================================================== > RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v > retrieving revision 1.298 > diff -u -p -r1.298 ssh_config.5 > --- ssh_config.5 9 Aug 2019 04:24:03 -0000 1.298 > +++ ssh_config.5 15 Aug 2019 20:56:17 -0000 > @@ -422,11 +422,11 @@ the check will not be executed. > .It Cm Ciphers > Specifies the ciphers allowed and their order of preference. > Multiple ciphers must be comma-separated. > -If the specified value begins with a > +If the specified list begins with a > .Sq + > character, then the specified ciphers will be appended to the default set > instead of replacing them. > -If the specified value begins with a > +If the specified list begins with a > .Sq - > character, then the specified ciphers (including wildcards) will be removed > from the default set instead of replacing them. > @@ -1044,11 +1044,11 @@ and > .It Cm KexAlgorithms > Specifies the available KEX (Key Exchange) algorithms. > Multiple algorithms must be comma-separated. > -Alternately if the specified value begins with a > +If the specified list begins with a > .Sq + > character, then the specified methods will be appended to the default set > instead of replacing them. > -If the specified value begins with a > +If the specified list begins with a > .Sq - > character, then the specified methods (including wildcards) will be removed > from the default set instead of replacing them. > @@ -1125,11 +1125,11 @@ Specifies the MAC (message authenticatio > in order of preference. > The MAC algorithm is used for data integrity protection. > Multiple algorithms must be comma-separated. > -If the specified value begins with a > +If the specified list begins with a > .Sq + > character, then the specified algorithms will be appended to the default set > instead of replacing them. > -If the specified value begins with a > +If the specified list begins with a > .Sq - > character, then the specified algorithms (including wildcards) will be > removed > from the default set instead of replacing them. > @@ -1282,11 +1282,11 @@ The default is > .It Cm PubkeyAcceptedKeyTypes > Specifies the key types that will be used for public key authentication > as a comma-separated list of patterns. > -Alternately if the specified value begins with a > +If the specified list begins with a > .Sq + > character, then the key types after it will be appended to the default > instead of replacing it. > -If the specified value begins with a > +If the specified list begins with a > .Sq - > character, then the specified key types (including wildcards) will be removed > from the default set instead of replacing them. >
