Clarify rhbz#2068423 on the ssh_config man page

Resolves: rhbz#2209096

Signed-off-by: Norbert Pocs <npocs@redhat.com>
This commit is contained in:
Norbert Pocs 2023-05-29 13:46:14 +02:00
parent 6b2353418c
commit 415f8e730b
2 changed files with 38 additions and 1 deletions

View File

@ -0,0 +1,31 @@
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/ssh_config.5 openssh-8.7p1-patched/ssh_config.5
--- openssh-8.7p1/ssh_config.5 2023-06-02 09:14:40.279373577 +0200
+++ openssh-8.7p1-patched/ssh_config.5 2023-05-30 16:01:04.533848172 +0200
@@ -989,6 +989,17 @@
.Pp
The list of available signature algorithms may also be obtained using
.Qq ssh -Q HostKeyAlgorithms .
+.Pp
+The proposed
+.Cm HostKeyAlgorithms
+during KEX are limited to the set of algorithms that is defined in
+.Cm PubkeyAcceptedAlgorithms
+and therefore they are indirectly affected by system-wide
+.Xr crypto_policies 7 .
+.Xr crypto_policies 7 can not handle the list of host key algorithms directly as doing so
+would break the order given by the
+.Pa known_hosts
+file.
.It Cm HostKeyAlias
Specifies an alias that should be used instead of the
real host name when looking up or saving the host key
@@ -1564,6 +1575,9 @@
.Pp
The list of available signature algorithms may also be obtained using
.Qq ssh -Q PubkeyAcceptedAlgorithms .
+.Pp
+This option affects also
+.Cm HostKeyAlgorithms
.It Cm PubkeyAuthentication
Specifies whether to try public key authentication.
The argument to this keyword must be

View File

@ -272,6 +272,9 @@ Patch1010: openssh-8.7p1-evp-fips-compl-dh.patch
Patch1011: openssh-8.7p1-evp-fips-compl-ecdh.patch Patch1011: openssh-8.7p1-evp-fips-compl-ecdh.patch
Patch1012: openssh-8.7p1-evp-pkcs11.patch Patch1012: openssh-8.7p1-evp-pkcs11.patch
# clarify rhbz#2068423 on the man page of ssh_config
Patch1013: openssh-8.7p1-man-hostkeyalgos.patch
License: BSD License: BSD
Requires: /sbin/nologin Requires: /sbin/nologin
@ -487,6 +490,8 @@ popd
%patch1011 -p1 -b .evp_fips_ecdh %patch1011 -p1 -b .evp_fips_ecdh
%patch1012 -p1 -b .evp_pkcs11 %patch1012 -p1 -b .evp_pkcs11
%patch1013 -p1 -b .man-hostkeyalgos
autoreconf autoreconf
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver} pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
autoreconf autoreconf
@ -775,7 +780,8 @@ test -f %{sysconfig_anaconda} && \
* Wed May 24 2023 Norbert Pocs <npocs@redhat.com> - 8.7p1-32 * Wed May 24 2023 Norbert Pocs <npocs@redhat.com> - 8.7p1-32
- Fix pkcs11 issue with the recent changes - Fix pkcs11 issue with the recent changes
- Delete unnecessary log messages from previous compl-dh patch - Delete unnecessary log messages from previous compl-dh patch
- Resolves: rhbz#2207793 - Add ssh_config man page explanation on rhbz#2068423
- Resolves: rhbz#2207793, rhbz#2209096
* Tue May 16 2023 Norbert Pocs <npocs@redhat.com> - 8.7p1-31 * Tue May 16 2023 Norbert Pocs <npocs@redhat.com> - 8.7p1-31
- Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch: - Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch: