Bug 3335

Summary:

sshd_config docs for CASignatureAlgorithms don't mention the '+' argument

Product:

Portable OpenSSH

Reporter:

Walter <wgoulet>

Component:

sshd

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED FIXED

Severity:

trivial

CC:

djm, dtucker, wgoulet

Priority:

Version:

8.2p1

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

3302

Attachments:

Description	Flags
Patched sshd_config file	none

Description Walter 2021-07-29 01:18:18 AEST

Hi, 

The CASignatureAlgorithms config line in sshd_config acts the same as the Ciphers and HostSignatureAlgorithms in that you can add additional algorithms to the list by prepending the algorithm name with a '+'. But the documentation does not make this clear.

Suggest adding additional description text like the following:

If the specified list begins with a ‘+’ character, then the specified algorithms will be appended
             to the default set instead of replacing them.  If the specified list begins with a ‘-’ character, then the specified algorithms (including wildcards) will be removed from
             the default set instead of replacing them.  If the specified list begins with a ‘^’ character, then the specified algorithms will be placed at the head of the default set.

Thanks,
Walter

Comment 1 Walter 2021-08-05 07:25:14 AEST

Created attachment 3540 [details]
Patched sshd_config file

Adds additional commentary on use of modifiers to CASignatureAlgorithm list.

Comment 2 Damien Miller 2021-08-13 10:00:21 AEST

I have added some text to the manual pages to describe +/- here.

Comment 3 Walter 2021-09-01 12:26:00 AEST

Thank you for the fix!

Comment 4 Damien Miller 2022-02-25 13:57:18 AEDT

closing bugs resolved before openssh-8.9