Clarify HostKeyAlgorithms option on man page

Clarify HostkeyAlgorithms and crypto-policies relation on the ssh_config
man page

Signed-off-by: Norbert Pocs <npocs@redhat.com>

openssh-9.0p1-man-hostkeyalgos.patch

@@ -0,0 +1,16 @@
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/ssh_config.5 openssh-8.7p1-patched/ssh_config.5
+--- openssh-8.7p1/ssh_config.5	2023-05-29 13:41:19.731835097 +0200
++++ openssh-8.7p1-patched/ssh_config.5	2023-05-29 13:40:58.806604144 +0200
+@@ -989,6 +989,12 @@
+ .Pp
+ The list of available signature algorithms may also be obtained using
+ .Qq ssh -Q HostKeyAlgorithms .
++.Pp
++.Xr crypto_policies 7 does not handle the list of algorithms as doing so
++would break the order given by the
++.Pa known_hosts
++file. Therefore the list is filtered by
++.Cm PubkeyAcceptedAlgorithms.
+ .It Cm HostKeyAlias
+ Specifies an alias that should be used instead of the
+ real host name when looking up or saving the host key

openssh.spec

@@ -249,6 +249,9 @@ Patch1013: openssh-9.0p1-evp-fips-ecdh.patch
 Patch1014: openssh-8.7p1-nohostsha1proof.patch
 Patch1015: openssh-9.0p1-evp-pkcs11.patch
 
+# clarify rhbz#2068423 on the man page of ssh_config
+Patch1016: openssh-9.0p1-man-hostkeyalgos.patch
+
 License: BSD
 Requires: /sbin/nologin
 
@@ -463,6 +466,8 @@ popd
 %patch1014 -p1 -b .nosha1hostproof
 %patch1015 -p1 -b .evp-pkcs11
 
+%patch1016 -p1 -b .man-hostkeyalgos
+
 %patch100 -p1 -b .coverity
 
 autoreconf
@@ -772,6 +777,7 @@ test -f %{sysconfig_anaconda} && \
 * Wed May 24 2023 Norbert Pocs <npocs@redhat.com> - 9.0p1-18
 - Fix pkcs11 issue with the recent changes
 - Add support for 'serial' in PKCS#11 URI
+- Clarify HostKeyAlgorithms relation with crypto-policies
 
 * Fri Apr 14 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-17
 - In case when sha1 signatures are not supported, fallback to sha2 in hostproof