summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarkus@openbsd.org <markus@openbsd.org>2015-07-10 06:21:53 +0000
committerDamien Miller <djm@mindrot.org>2015-07-15 15:38:02 +1000
commit3a1638dda19bbc73d0ae02b4c251ce08e564b4b9 (patch)
treee74e4219344349a4f9a4393aa4c2c6b7baecb127
parent16db0a7ee9a87945cc594d13863cfcb86038db59 (diff)
upstream commit
Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@ Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
-rw-r--r--clientloop.c10
-rw-r--r--myproposal.h6
-rw-r--r--readconf.c37
-rw-r--r--readconf.h5
-rw-r--r--scp.15
-rw-r--r--servconf.c17
-rw-r--r--servconf.h3
-rw-r--r--ssh.15
-rw-r--r--ssh_config.542
-rw-r--r--sshconnect2.c39
-rw-r--r--sshd.c10
-rw-r--r--sshd_config.560
12 files changed, 173 insertions, 66 deletions
diff --git a/clientloop.c b/clientloop.c
index dc0e557a..87ceb3da 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.274 2015/07/01 02:26:31 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -100,6 +100,7 @@
#include "key.h"
#include "cipher.h"
#include "kex.h"
+#include "myproposal.h"
#include "log.h"
#include "misc.h"
#include "readconf.h"
@@ -2362,10 +2363,11 @@ client_input_hostkeys(void)
debug3("%s: received %s key %s", __func__,
sshkey_type(key), fp);
free(fp);
+
/* Check that the key is accepted in HostkeyAlgorithms */
- if (options.hostkeyalgorithms != NULL &&
- match_pattern_list(sshkey_ssh_name(key),
- options.hostkeyalgorithms, 0) != 1) {
+ if (match_pattern_list(sshkey_ssh_name(key),
+ options.hostkeyalgorithms ? options.hostkeyalgorithms :
+ KEX_DEFAULT_PK_ALG, 0) != 1) {
debug3("%s: %s key not permitted by HostkeyAlgorithms",
__func__, sshkey_ssh_name(key));
continue;
diff --git a/myproposal.h b/myproposal.h
index 371f27ca..46e5b988 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.46 2015/07/03 03:47:00 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.47 2015/07/10 06:21:53 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -99,11 +99,9 @@
HOSTKEY_ECDSA_CERT_METHODS \
"ssh-ed25519-cert-v01@openssh.com," \
"ssh-rsa-cert-v01@openssh.com," \
- "ssh-dss-cert-v01@openssh.com," \
HOSTKEY_ECDSA_METHODS \
"ssh-ed25519," \
- "ssh-rsa," \
- "ssh-dss"
+ "ssh-rsa" \
/* the actual algorithms */
diff --git a/readconf.c b/readconf.c
index db7d0bbb..f1c860b9 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.237 2015/06/26 05:13:20 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.238 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -157,6 +157,7 @@ typedef enum {
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
+ oPubkeyAcceptedKeyTypes,
oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
@@ -275,6 +276,7 @@ static struct {
{ "fingerprinthash", oFingerprintHash },
{ "updatehostkeys", oUpdateHostkeys },
{ "hostbasedkeytypes", oHostbasedKeyTypes },
+ { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
{ "ignoreunknown", oIgnoreUnknown },
{ NULL, oBadOption }
@@ -1115,14 +1117,17 @@ parse_int:
break;
case oHostKeyAlgorithms:
+ charptr = &options->hostkeyalgorithms;
+parse_keytypes:
arg = strdelim(&s);
if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing argument.", filename, linenum);
+ fatal("%.200s line %d: Missing argument.",
+ filename, linenum);
if (!sshkey_names_valid2(arg, 1))
- fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
- filename, linenum, arg ? arg : "<NONE>");
- if (*activep && options->hostkeyalgorithms == NULL)
- options->hostkeyalgorithms = xstrdup(arg);
+ fatal("%s line %d: Bad key types '%s'.",
+ filename, linenum, arg ? arg : "<NONE>");
+ if (*activep && *charptr == NULL)
+ *charptr = xstrdup(arg);
break;
case oProtocol:
@@ -1485,16 +1490,11 @@ parse_int:
case oHostbasedKeyTypes:
charptr = &options->hostbased_key_types;
- arg = strdelim(&s);
- if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing argument.",
- filename, linenum);
- if (!sshkey_names_valid2(arg, 1))
- fatal("%s line %d: Bad key types '%s'.",
- filename, linenum, arg ? arg : "<NONE>");
- if (*activep && *charptr == NULL)
- *charptr = xstrdup(arg);
- break;
+ goto parse_keytypes;
+
+ case oPubkeyAcceptedKeyTypes:
+ charptr = &options->pubkey_key_types;
+ goto parse_keytypes;
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
@@ -1676,6 +1676,7 @@ initialize_options(Options * options)
options->fingerprint_hash = -1;
options->update_hostkeys = -1;
options->hostbased_key_types = NULL;
+ options->pubkey_key_types = NULL;
}
/*
@@ -1858,7 +1859,9 @@ fill_default_options(Options * options)
if (options->update_hostkeys == -1)
options->update_hostkeys = 0;
if (options->hostbased_key_types == NULL)
- options->hostbased_key_types = xstrdup("*");
+ options->hostbased_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
+ if (options->pubkey_key_types == NULL)
+ options->pubkey_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
#define CLEAR_ON_NONE(v) \
do { \
diff --git a/readconf.h b/readconf.h
index 576b9e35..bb2d5528 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.109 2015/02/16 22:13:32 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.110 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -150,7 +150,8 @@ typedef struct {
int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */
- char *hostbased_key_types;
+ char *hostbased_key_types;
+ char *pubkey_key_types;
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
} Options;
diff --git a/scp.1 b/scp.1
index 0e84780e..279b0d70 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.66 2015/01/30 11:43:14 djm Exp $
+.\" $OpenBSD: scp.1,v 1.67 2015/07/10 06:21:53 markus Exp $
.\"
-.Dd $Mdocdate: January 30 2015 $
+.Dd $Mdocdate: July 10 2015 $
.Dt SCP 1
.Os
.Sh NAME
@@ -170,6 +170,7 @@ For full details of the options listed below, and their possible values, see
.It PreferredAuthentications
.It Protocol
.It ProxyCommand
+.It PubkeyAcceptedKeyTypes
.It PubkeyAuthentication
.It RekeyLimit
.It RhostsRSAAuthentication
diff --git a/servconf.c b/servconf.c
index 80465ecc..018f251c 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.275 2015/07/01 02:39:06 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.276 2015/07/10 06:21:53 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -108,6 +108,7 @@ initialize_server_options(ServerOptions *options)
options->hostbased_authentication = -1;
options->hostbased_uses_name_from_packet_only = -1;
options->hostbased_key_types = NULL;
+ options->hostkeyalgorithms = NULL;
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
options->pubkey_key_types = NULL;
@@ -259,13 +260,15 @@ fill_default_server_options(ServerOptions *options)
if (options->hostbased_uses_name_from_packet_only == -1)
options->hostbased_uses_name_from_packet_only = 0;
if (options->hostbased_key_types == NULL)
- options->hostbased_key_types = xstrdup("*");
+ options->hostbased_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
+ if (options->hostkeyalgorithms == NULL)
+ options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
if (options->rsa_authentication == -1)
options->rsa_authentication = 1;
if (options->pubkey_authentication == -1)
options->pubkey_authentication = 1;
if (options->pubkey_key_types == NULL)
- options->pubkey_key_types = xstrdup("*");
+ options->pubkey_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
if (options->kerberos_authentication == -1)
options->kerberos_authentication = 0;
if (options->kerberos_or_local_passwd == -1)
@@ -400,6 +403,7 @@ typedef enum {
sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
+ sHostKeyAlgorithms,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
sAcceptEnv, sPermitTunnel,
@@ -450,6 +454,7 @@ static struct {
{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
{ "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL },
+ { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
{ "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
{ "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL },
@@ -1183,6 +1188,10 @@ process_server_config_line(ServerOptions *options, char *line,
*charptr = xstrdup(arg);
break;
+ case sHostKeyAlgorithms:
+ charptr = &options->hostkeyalgorithms;
+ goto parse_keytypes;
+
case sRSAAuthentication:
intptr = &options->rsa_authentication;
goto parse_flag;
@@ -2280,6 +2289,8 @@ dump_config(ServerOptions *o)
o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX);
dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ?
o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
+ dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ?
+ o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
diff --git a/servconf.h b/servconf.h
index 606d80c9..f4137af7 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.119 2015/05/22 03:50:02 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.120 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -102,6 +102,7 @@ typedef struct {
int hostbased_authentication; /* If true, permit ssh2 hostbased auth */
int hostbased_uses_name_from_packet_only; /* experimental */
char *hostbased_key_types; /* Key types allowed for hostbased */
+ char *hostkeyalgorithms; /* SSH2 server key types */
int rsa_authentication; /* If true, permit RSA authentication. */
int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
char *pubkey_key_types; /* Key types allowed for public key */
diff --git a/ssh.1 b/ssh.1
index df7ac86a..fa87c279 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.358 2015/05/22 05:28:45 djm Exp $
-.Dd $Mdocdate: May 22 2015 $
+.\" $OpenBSD: ssh.1,v 1.359 2015/07/10 06:21:53 markus Exp $
+.Dd $Mdocdate: July 10 2015 $
.Dt SSH 1
.Os
.Sh NAME
@@ -470,6 +470,7 @@ For full details of the options listed below, and their possible values, see
.It Protocol
.It ProxyCommand
.It ProxyUseFdpass
+.It PubkeyAcceptedKeyTypes
.It PubkeyAuthentication
.It RekeyLimit
.It RemoteForward
diff --git a/ssh_config.5 b/ssh_config.5
index d29963c1..e5143984 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.212 2015/07/03 03:47:00 djm Exp $
-.Dd $Mdocdate: July 3 2015 $
+.\" $OpenBSD: ssh_config.5,v 1.213 2015/07/10 06:21:53 markus Exp $
+.Dd $Mdocdate: July 10 2015 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -781,9 +781,17 @@ is similar to
.It Cm HostbasedKeyTypes
Specifies the key types that will be used for hostbased authentication
as a comma-separated pattern list.
-The default
-.Dq *
-will allow all key types.
+The default for this option is:
+.Bd -literal -offset 3n
+ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ssh-ed25519-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
+.Ed
+.Pp
The
.Fl Q
option of
@@ -798,10 +806,9 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
-ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
-ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
+ssh-rsa-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa,ssh-dss
+ssh-ed25519,ssh-rsa
.Ed
.Pp
If hostkeys are known for the destination host then this default is modified
@@ -1206,6 +1213,25 @@ will pass a connected file descriptor back to
instead of continuing to execute and pass data.
The default is
.Dq no .
+.It Cm PubkeyAcceptedKeyTypes
+Specifies the key types that will be used for public key authentication
+as a comma-separated pattern list.
+The default for this option is:
+.Bd -literal -offset 3n
+ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ssh-ed25519-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
+.Ed
+.Pp
+The
+.Fl Q
+option of
+.Xr ssh 1
+may be used to list supported key types.
.It Cm PubkeyAuthentication
Specifies whether to try public key authentication.
The argument to this keyword must be
diff --git a/sshconnect2.c b/sshconnect2.c
index fcaed6b0..34dbf9a7 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.224 2015/05/04 06:10:48 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.225 2015/07/10 06:21:53 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -190,6 +190,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
compat_pkalg_proposal(options.hostkeyalgorithms);
else {
+ /* Enforce default */
+ options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
/* Prefer algorithms that we already have keys for */
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
compat_pkalg_proposal(
@@ -1315,6 +1317,26 @@ pubkey_cleanup(Authctxt *authctxt)
}
}
+static int
+try_identity(Identity *id)
+{
+ if (!id->key)
+ return (0);
+ if (match_pattern_list(sshkey_ssh_name(id->key),
+ options.pubkey_key_types, 0) != 1) {
+ debug("Skipping %s key %s for not in PubkeyAcceptedKeyTypes",
+ sshkey_ssh_name(id->key), id->filename);
+ return (0);
+ }
+ if (key_type_plain(id->key->type) == KEY_RSA &&
+ (datafellows & SSH_BUG_RSASIGMD5) != 0) {
+ debug("Skipped %s key %s for RSA/MD5 server",
+ key_type(id->key), id->filename);
+ return (0);
+ }
+ return (id->key->type != KEY_RSA1);
+}
+
int
userauth_pubkey(Authctxt *authctxt)
{
@@ -1333,11 +1355,7 @@ userauth_pubkey(Authctxt *authctxt)
* private key instead
*/
if (id->key != NULL) {
- if (key_type_plain(id->key->type) == KEY_RSA &&
- (datafellows & SSH_BUG_RSASIGMD5) != 0) {
- debug("Skipped %s key %s for RSA/MD5 server",
- key_type(id->key), id->filename);
- } else if (id->key->type != KEY_RSA1) {
+ if (try_identity(id)) {
debug("Offering %s public key: %s",
key_type(id->key), id->filename);
sent = send_pubkey_test(authctxt, id);
@@ -1347,13 +1365,8 @@ userauth_pubkey(Authctxt *authctxt)
id->key = load_identity_file(id->filename,
id->userprovided);
if (id->key != NULL) {
- id->isprivate = 1;
- if (key_type_plain(id->key->type) == KEY_RSA &&
- (datafellows & SSH_BUG_RSASIGMD5) != 0) {
- debug("Skipped %s key %s for RSA/MD5 "
- "server", key_type(id->key),
- id->filename);
- } else {
+ if (try_identity(id)) {
+ id->isprivate = 1;
sent = sign_and_send_pubkey(
authctxt, id);
}
diff --git a/sshd.c b/sshd.c
index 86b3c643..81a9b824 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.453 2015/07/03 03:49:45 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.454 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -95,6 +95,7 @@
#include "log.h"
#include "buffer.h"
#include "misc.h"
+#include "match.h"
#include "servconf.h"
#include "uidswap.h"
#include "compat.h"
@@ -799,6 +800,13 @@ list_hostkey_types(void)
key = sensitive_data.host_pubkeys[i];
if (key == NULL)
continue;
+ /* Check that the key is accepted in HostkeyAlgorithms */
+ if (match_pattern_list(sshkey_ssh_name(key),
+ options.hostkeyalgorithms, 0) != 1) {
+ debug3("%s: %s key not permitted by HostkeyAlgorithms",
+ __func__, sshkey_ssh_name(key));
+ continue;
+ }
switch (key->type) {
case KEY_RSA:
case KEY_DSA:
diff --git a/sshd_config.5 b/sshd_config.5
index edd4cc9b..b49e9191 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.205 2015/07/03 03:49:45 djm Exp $
-.Dd $Mdocdate: July 3 2015 $
+.\" $OpenBSD: sshd_config.5,v 1.206 2015/07/10 06:21:53 markus Exp $
+.Dd $Mdocdate: July 10 2015 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -640,9 +640,17 @@ The default is
.It Cm HostbasedAcceptedKeyTypes
Specifies the key types that will be accepted for hostbased authentication
as a comma-separated pattern list.
-The default
-.Dq *
-will allow all key types.
+The default for this option is:
+.Bd -literal -offset 3n
+ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ssh-ed25519-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
+.Ed
+.Pp
The
.Fl Q
option of
@@ -694,9 +702,15 @@ for protocol version 1, and
and
.Pa /etc/ssh/ssh_host_rsa_key
for protocol version 2.
+.Pp
Note that
.Xr sshd 8
-will refuse to use a file if it is group/world-accessible.
+will refuse to use a file if it is group/world-accessible
+and that the
+.Cm HostKeyAlgorithms
+option restricts which of the keys are actually used by
+.Xr sshd 8 .
+.Pp
It is possible to have multiple host key files.
.Dq rsa1
keys are used for version 1 and
@@ -718,6 +732,26 @@ If
is specified, the location of the socket will be read from the
.Ev SSH_AUTH_SOCK
environment variable.
+.It Cm HostKeyAlgorithms
+Specifies the protocol version 2 host key algorithms
+that the server offers.
+The default for this option is:
+.Bd -literal -offset 3n
+ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ssh-ed25519-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
+.Ed
+.Pp
+The list of available key types may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq key .
.It Cm IgnoreRhosts
Specifies that
.Pa .rhosts
@@ -1279,9 +1313,17 @@ is identical to
.It Cm PubkeyAcceptedKeyTypes
Specifies the key types that will be accepted for public key authentication
as a comma-separated pattern list.
-The default
-.Dq *
-will allow all key types.
+The default for this option is:
+.Bd -literal -offset 3n
+ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ssh-ed25519-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
+.Ed
+.Pp
The
.Fl Q
option of