upstream: sync CASignatureAlgorithms lists with reality. GHPR#174 from

Matt Hazinski

OpenBSD-Commit-ID: f05e4ca54d7e67b90fe58fe1bdb1d2a37e0e2696

ssh_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.350 2021/03/12 05:18:01 jsg Exp $
+.\" $OpenBSD: ssh_config.5,v 1.351 2021/04/03 06:55:52 djm Exp $
-.Dd $Mdocdate: March 12 2021 $
+.Dd $Mdocdate: April 3 2021 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -372,8 +372,9 @@ Specifies which algorithms are allowed for signing of certificates
 by certificate authorities (CAs).
 The default is:
 .Bd -literal -offset indent
-ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,i
+rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp
 .Xr ssh 1

sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.329 2021/03/12 04:08:19 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.330 2021/04/03 06:55:52 djm Exp $
-.Dd $Mdocdate: March 12 2021 $
+.Dd $Mdocdate: April 3 2021 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -377,8 +377,9 @@ Specifies which algorithms are allowed for signing of certificates
 by certificate authorities (CAs).
 The default is:
 .Bd -literal -offset indent
-ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,i
+rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp
 Certificates signed using other algorithms will not be accepted for