This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit e6933a2ffa0659d57f3c7b7c457b2c62b2a84613
Author: jmc@openbsd.org <jmc@openbsd.org>
Date: Thu Sep 20 06:58:48 2018 +0000
upstream: reorder CASignatureAlgorithms, and add them to the
various -o lists; ok djm
OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
---
scp.1 | 5 +++--
sftp.1 | 5 +++--
ssh.1 | 5 +++--
ssh_config.5 | 26 +++++++++++++-------------
4 files changed, 22 insertions(+), 19 deletions(-)
diff --git a/scp.1 b/scp.1
index 92abcaf0..0e5cc1b2 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.80 2018/07/19 10:28:47 dtucker Exp $
+.\" $OpenBSD: scp.1,v 1.81 2018/09/20 06:58:48 jmc Exp $
.\"
-.Dd $Mdocdate: July 19 2018 $
+.Dd $Mdocdate: September 20 2018 $
.Dt SCP 1
.Os
.Sh NAME
@@ -130,6 +130,7 @@ For full details of the options listed below, and their possible values, see
.It CanonicalizeHostname
.It CanonicalizeMaxDots
.It CanonicalizePermittedCNAMEs
+.It CASignatureAlgorithms
.It CertificateFile
.It ChallengeResponseAuthentication
.It CheckHostIP
diff --git a/sftp.1 b/sftp.1
index a25d3890..0fd54cae 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.119 2018/07/23 19:53:55 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.120 2018/09/20 06:58:48 jmc Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: July 23 2018 $
+.Dd $Mdocdate: September 20 2018 $
.Dt SFTP 1
.Os
.Sh NAME
@@ -200,6 +200,7 @@ For full details of the options listed below, and their possible values, see
.It CanonicalizeHostname
.It CanonicalizeMaxDots
.It CanonicalizePermittedCNAMEs
+.It CASignatureAlgorithms
.It CertificateFile
.It ChallengeResponseAuthentication
.It CheckHostIP
diff --git a/ssh.1 b/ssh.1
index 191f35ad..7760c307 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.398 2018/09/12 01:30:10 djm Exp $
-.Dd $Mdocdate: September 12 2018 $
+.\" $OpenBSD: ssh.1,v 1.399 2018/09/20 06:58:48 jmc Exp $
+.Dd $Mdocdate: September 20 2018 $
.Dt SSH 1
.Os
.Sh NAME
@@ -469,6 +469,7 @@ For full details of the options listed below, and their possible values, see
.It CanonicalizeHostname
.It CanonicalizeMaxDots
.It CanonicalizePermittedCNAMEs
+.It CASignatureAlgorithms
.It CertificateFile
.It ChallengeResponseAuthentication
.It CheckHostIP
diff --git a/ssh_config.5 b/ssh_config.5
index a9b44cc4..c7192665 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.282 2018/09/20 03:30:44 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.283 2018/09/20 06:58:48 jmc Exp $
.Dd $Mdocdate: September 20 2018 $
.Dt SSH_CONFIG 5
.Os
@@ -261,18 +261,6 @@ Only useful on systems with more than one address.
.It Cm BindInterface
Use the address of the specified interface on the local machine as the
source address of the connection.
-.It Cm CASignatureAlgorithms
-Specifies which algorithms are allowed for signing of certificates
-by certificate authorities (CAs).
-The default is:
-.Bd -literal -offset indent
-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed
-.Pp
-.Xr ssh 1
-will not accept host certificates signed using algorithms other than those
-specified.
.It Cm CanonicalDomains
When
.Cm CanonicalizeHostname
@@ -348,6 +336,18 @@ to be canonicalized to names in the
or
.Qq *.c.example.com
domains.
+.It Cm CASignatureAlgorithms
+Specifies which algorithms are allowed for signing of certificates
+by certificate authorities (CAs).
+The default is:
+.Bd -literal -offset indent
+ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+.Ed
+.Pp
+.Xr ssh 1
+will not accept host certificates signed using algorithms other than those
+specified.
.It Cm CertificateFile
Specifies a file from which the user's certificate is read.
A corresponding private key must be provided separately in order
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits
djm pushed a commit to branch master
in repository openssh.
commit e6933a2ffa0659d57f3c7b7c457b2c62b2a84613
Author: jmc@openbsd.org <jmc@openbsd.org>
Date: Thu Sep 20 06:58:48 2018 +0000
upstream: reorder CASignatureAlgorithms, and add them to the
various -o lists; ok djm
OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
---
scp.1 | 5 +++--
sftp.1 | 5 +++--
ssh.1 | 5 +++--
ssh_config.5 | 26 +++++++++++++-------------
4 files changed, 22 insertions(+), 19 deletions(-)
diff --git a/scp.1 b/scp.1
index 92abcaf0..0e5cc1b2 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.80 2018/07/19 10:28:47 dtucker Exp $
+.\" $OpenBSD: scp.1,v 1.81 2018/09/20 06:58:48 jmc Exp $
.\"
-.Dd $Mdocdate: July 19 2018 $
+.Dd $Mdocdate: September 20 2018 $
.Dt SCP 1
.Os
.Sh NAME
@@ -130,6 +130,7 @@ For full details of the options listed below, and their possible values, see
.It CanonicalizeHostname
.It CanonicalizeMaxDots
.It CanonicalizePermittedCNAMEs
+.It CASignatureAlgorithms
.It CertificateFile
.It ChallengeResponseAuthentication
.It CheckHostIP
diff --git a/sftp.1 b/sftp.1
index a25d3890..0fd54cae 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.119 2018/07/23 19:53:55 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.120 2018/09/20 06:58:48 jmc Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: July 23 2018 $
+.Dd $Mdocdate: September 20 2018 $
.Dt SFTP 1
.Os
.Sh NAME
@@ -200,6 +200,7 @@ For full details of the options listed below, and their possible values, see
.It CanonicalizeHostname
.It CanonicalizeMaxDots
.It CanonicalizePermittedCNAMEs
+.It CASignatureAlgorithms
.It CertificateFile
.It ChallengeResponseAuthentication
.It CheckHostIP
diff --git a/ssh.1 b/ssh.1
index 191f35ad..7760c307 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.398 2018/09/12 01:30:10 djm Exp $
-.Dd $Mdocdate: September 12 2018 $
+.\" $OpenBSD: ssh.1,v 1.399 2018/09/20 06:58:48 jmc Exp $
+.Dd $Mdocdate: September 20 2018 $
.Dt SSH 1
.Os
.Sh NAME
@@ -469,6 +469,7 @@ For full details of the options listed below, and their possible values, see
.It CanonicalizeHostname
.It CanonicalizeMaxDots
.It CanonicalizePermittedCNAMEs
+.It CASignatureAlgorithms
.It CertificateFile
.It ChallengeResponseAuthentication
.It CheckHostIP
diff --git a/ssh_config.5 b/ssh_config.5
index a9b44cc4..c7192665 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.282 2018/09/20 03:30:44 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.283 2018/09/20 06:58:48 jmc Exp $
.Dd $Mdocdate: September 20 2018 $
.Dt SSH_CONFIG 5
.Os
@@ -261,18 +261,6 @@ Only useful on systems with more than one address.
.It Cm BindInterface
Use the address of the specified interface on the local machine as the
source address of the connection.
-.It Cm CASignatureAlgorithms
-Specifies which algorithms are allowed for signing of certificates
-by certificate authorities (CAs).
-The default is:
-.Bd -literal -offset indent
-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed
-.Pp
-.Xr ssh 1
-will not accept host certificates signed using algorithms other than those
-specified.
.It Cm CanonicalDomains
When
.Cm CanonicalizeHostname
@@ -348,6 +336,18 @@ to be canonicalized to names in the
or
.Qq *.c.example.com
domains.
+.It Cm CASignatureAlgorithms
+Specifies which algorithms are allowed for signing of certificates
+by certificate authorities (CAs).
+The default is:
+.Bd -literal -offset indent
+ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+.Ed
+.Pp
+.Xr ssh 1
+will not accept host certificates signed using algorithms other than those
+specified.
.It Cm CertificateFile
Specifies a file from which the user's certificate is read.
A corresponding private key must be provided separately in order
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits