Bug 3335 - sshd_config docs for CASignatureAlgorithms don't mention the '+' argument
Summary: sshd_config docs for CASignatureAlgorithms don't mention the '+' argument
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 8.2p1
Hardware: All All
: P5 trivial
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_8_7
  Show dependency treegraph
 
Reported: 2021-07-29 01:18 AEST by Walter
Modified: 2022-02-25 13:57 AEDT (History)
3 users (show)

See Also:

Attachments
Patched sshd_config file (496 bytes, patch)
2021-08-05 07:25 AEST, Walter 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Walter 2021-07-29 01:18:18 AEST 
Hi, 

The CASignatureAlgorithms config line in sshd_config acts the same as the Ciphers and HostSignatureAlgorithms in that you can add additional algorithms to the list by prepending the algorithm name with a '+'. But the documentation does not make this clear.

Suggest adding additional description text like the following:

If the specified list begins with a ‘+’ character, then the specified algorithms will be appended
             to the default set instead of replacing them.  If the specified list begins with a ‘-’ character, then the specified algorithms (including wildcards) will be removed from
             the default set instead of replacing them.  If the specified list begins with a ‘^’ character, then the specified algorithms will be placed at the head of the default set.

Thanks,
Walter
Comment 1 Walter 2021-08-05 07:25:14 AEST 
Created attachment 3540 [details]
Patched sshd_config file

Adds additional commentary on use of modifiers to CASignatureAlgorithm list.
Comment 2 Damien Miller 2021-08-13 10:00:21 AEST 
I have added some text to the manual pages to describe +/- here.
Comment 3 Walter 2021-09-01 12:26:00 AEST 
Thank you for the fix!
Comment 4 Damien Miller 2022-02-25 13:57:18 AEDT 
closing bugs resolved before openssh-8.9