DEFAULT ALGORITHMs in man pages of ssh_config(5) and sshd_config(5) differ with what openssh actually take. NOTE: the following diff-style sections have the last algorithm ends with ",". It's only for getting pretty diff result. KEX_SERVER_MAC: sshd_config(5) didn't tell me hmac-sha1-etm@openssh.com and hman-sha1 is taken by default. --- DOCUMENT_SERVER_MAC +++ CODE_SERVER_MAC umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, +hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, +hmac-sha1, KEX_CLIENT_ENCRYPT: rijndael-cbc@lysator.liu.se is missing in ssh_config(5). --- DOCUMENT_CLIENT_ENCRYPT +++ CODE_CLIENT_ENCRYPT chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, +rijndael-cbc@lysator.liu.se, KEX_CLIENT_MAC: hmac-sha1 series has higher priority than them in ssh_config(5), and hmac-ripemd160@openssh.com is removed. (Probably it's just an alias to hmac-ripemd160?) --- DOCUMENT_CLIENT_MAC +++ CODE_CLIENT_MAC umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, +hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, +hmac-sha1, hmac-md5-etm@openssh.com, -hmac-sha1-etm@openssh.com, hmac-ripemd160-etm@openssh.com, hmac-sha1-96-etm@openssh.com, hmac-md5-96-etm@openssh.com, hmac-md5, -hmac-sha1, hmac-ripemd160, -hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96, P.S.: KEX_SERVER_KEX, KEX_CLIENT_KEX, KEX_DEFAULT_PK_ALG, KEX_SERVER_ENCRYPT are correct.
Thanks, there were a couple more changes since we introduced RSA/SHA2
Close all resolved bugs after 7.3p1 release