diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 14863cbf9..6961b0c90 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.103 2020/12/22 00:12:22 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.104 2021/01/22 02:44:58 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -150,8 +150,8 @@ userauth_pubkey(struct ssh *ssh) logit("refusing previously-used %s key", sshkey_type(key)); goto done; } - if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) { - logit_f("key type %s not in PubkeyAcceptedKeyTypes", + if (match_pattern_list(pkalg, options.pubkey_accepted_algos, 0) != 1) { + logit_f("key type %s not in PubkeyAcceptedAlgorithms", sshkey_ssh_name(key)); goto done; } diff --git a/monitor.c b/monitor.c index 79d003ae9..559eb9f68 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.219 2020/12/29 00:59:15 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.220 2021/01/22 02:44:58 dtucker Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1186,7 +1186,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) if (auth2_key_already_used(authctxt, key)) break; if (!key_base_type_match(auth_method, key, - options.pubkey_key_types)) + options.pubkey_accepted_algos)) break; allowed = user_key_allowed(ssh, authctxt->pw, key, pubkey_auth_attempt, &opts); diff --git a/readconf.c b/readconf.c index 37f92e25a..c7df93de0 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.348 2021/01/08 04:49:13 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.349 2021/01/22 02:44:58 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -171,7 +171,7 @@ typedef enum { oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, - oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, + oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump, oSecurityKeyProvider, oKnownHostsCommand, oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; @@ -307,7 +307,8 @@ static struct { { "fingerprinthash", oFingerprintHash }, { "updatehostkeys", oUpdateHostkeys }, { "hostbasedkeytypes", oHostbasedKeyTypes }, - { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, + { "pubkeyacceptedkeytypes", oPubkeyAcceptedAlgorithms }, /* obsolete */ + { "pubkeyacceptedalgorithms", oPubkeyAcceptedAlgorithms }, { "ignoreunknown", oIgnoreUnknown }, { "proxyjump", oProxyJump }, { "securitykeyprovider", oSecurityKeyProvider }, @@ -1373,7 +1374,7 @@ parse_int: case oHostKeyAlgorithms: charptr = &options->hostkeyalgorithms; -parse_keytypes: +parse_pubkey_algos: arg = strdelim(&s); if (!arg || *arg == '\0') { error("%.200s line %d: Missing argument.", @@ -1393,7 +1394,7 @@ parse_keytypes: case oCASignatureAlgorithms: charptr = &options->ca_sign_algorithms; - goto parse_keytypes; + goto parse_pubkey_algos; case oLogLevel: log_level_ptr = &options->log_level; @@ -1934,11 +1935,11 @@ parse_keytypes: case oHostbasedKeyTypes: charptr = &options->hostbased_key_types; - goto parse_keytypes; + goto parse_pubkey_algos; - case oPubkeyAcceptedKeyTypes: - charptr = &options->pubkey_key_types; - goto parse_keytypes; + case oPubkeyAcceptedAlgorithms: + charptr = &options->pubkey_accepted_algos; + goto parse_pubkey_algos; case oAddKeysToAgent: arg = strdelim(&s); @@ -2221,7 +2222,7 @@ initialize_options(Options * options) options->fingerprint_hash = -1; options->update_hostkeys = -1; options->hostbased_key_types = NULL; - options->pubkey_key_types = NULL; + options->pubkey_accepted_algos = NULL; options->known_hosts_command = NULL; } @@ -2440,7 +2441,7 @@ fill_default_options(Options * options) ASSEMBLE(macs, def_mac, all_mac); ASSEMBLE(kex_algorithms, def_kex, all_kex); ASSEMBLE(hostbased_key_types, def_key, all_key); - ASSEMBLE(pubkey_key_types, def_key, all_key); + ASSEMBLE(pubkey_accepted_algos, def_key, all_key); ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); #undef ASSEMBLE @@ -2560,7 +2561,7 @@ free_options(Options *o) } free(o->revoked_host_keys); free(o->hostbased_key_types); - free(o->pubkey_key_types); + free(o->pubkey_accepted_algos); free(o->jump_user); free(o->jump_host); free(o->jump_extra); @@ -3101,7 +3102,7 @@ dump_client_config(Options *o, const char *host) #endif dump_cfg_string(oSecurityKeyProvider, o->sk_provider); dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); - dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); + dump_cfg_string(oPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos); dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); dump_cfg_string(oXAuthLocation, o->xauth_location); dump_cfg_string(oKnownHostsCommand, o->known_hosts_command); diff --git a/readconf.h b/readconf.h index 85ea2e112..4ee730b95 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.137 2020/12/22 00:15:23 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.138 2021/01/22 02:44:58 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -162,7 +162,7 @@ typedef struct { int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */ char *hostbased_key_types; - char *pubkey_key_types; + char *pubkey_accepted_algos; char *jump_user; char *jump_host; diff --git a/scp.1 b/scp.1 index a5bd723eb..c0e0082c0 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.92 2020/12/22 07:40:26 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.93 2021/01/22 02:44:58 dtucker Exp $ .\" -.Dd $Mdocdate: December 22 2020 $ +.Dd $Mdocdate: January 22 2021 $ .Dt SCP 1 .Os .Sh NAME @@ -195,7 +195,7 @@ For full details of the options listed below, and their possible values, see .It PreferredAuthentications .It ProxyCommand .It ProxyJump -.It PubkeyAcceptedKeyTypes +.It PubkeyAcceptedAlgorithms .It PubkeyAuthentication .It RekeyLimit .It SendEnv diff --git a/servconf.c b/servconf.c index 8d7ef5dc3..a28918e2f 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.373 2021/01/11 04:48:22 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.374 2021/01/22 02:44:58 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -130,7 +130,7 @@ initialize_server_options(ServerOptions *options) options->hostkeyalgorithms = NULL; options->pubkey_authentication = -1; options->pubkey_auth_options = -1; - options->pubkey_key_types = NULL; + options->pubkey_accepted_algos = NULL; options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; options->kerberos_ticket_cleanup = -1; @@ -233,7 +233,7 @@ assemble_algorithms(ServerOptions *o) ASSEMBLE(kex_algorithms, def_kex, all_kex); ASSEMBLE(hostkeyalgorithms, def_key, all_key); ASSEMBLE(hostbased_key_types, def_key, all_key); - ASSEMBLE(pubkey_key_types, def_key, all_key); + ASSEMBLE(pubkey_accepted_algos, def_key, all_key); ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); #undef ASSEMBLE free(all_cipher); @@ -527,7 +527,7 @@ typedef enum { sPermitUserEnvironment, sAllowTcpForwarding, sCompression, sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, - sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, + sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms, sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, sBanner, sUseDNS, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, @@ -589,7 +589,8 @@ static struct { { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, { "rsaauthentication", sDeprecated, SSHCFG_ALL }, { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, - { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, + { "pubkeyacceptedkeytypes", sPubkeyAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */ + { "pubkeyacceptedalgorithms", sPubkeyAcceptedAlgorithms, SSHCFG_ALL }, { "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL }, { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ #ifdef KRB5 @@ -1501,7 +1502,7 @@ process_server_config_line_depth(ServerOptions *options, char *line, case sHostbasedAcceptedKeyTypes: charptr = &options->hostbased_key_types; - parse_keytypes: + parse_pubkey_algos: arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", @@ -1517,19 +1518,19 @@ process_server_config_line_depth(ServerOptions *options, char *line, case sHostKeyAlgorithms: charptr = &options->hostkeyalgorithms; - goto parse_keytypes; + goto parse_pubkey_algos; case sCASignatureAlgorithms: charptr = &options->ca_sign_algorithms; - goto parse_keytypes; + goto parse_pubkey_algos; case sPubkeyAuthentication: intptr = &options->pubkey_authentication; goto parse_flag; - case sPubkeyAcceptedKeyTypes: - charptr = &options->pubkey_key_types; - goto parse_keytypes; + case sPubkeyAcceptedAlgorithms: + charptr = &options->pubkey_accepted_algos; + goto parse_pubkey_algos; case sPubkeyAuthOptions: intptr = &options->pubkey_auth_options; @@ -2921,7 +2922,7 @@ dump_config(ServerOptions *o) dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms); dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types); dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms); - dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types); + dump_cfg_string(sPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos); #if defined(__OpenBSD__) || defined(HAVE_SYS_SET_PROCESS_RDOMAIN) dump_cfg_string(sRDomain, o->routing_domain); #endif diff --git a/servconf.h b/servconf.h index e0c3ff60a..364cd947f 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.149 2021/01/09 12:10:02 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.150 2021/01/22 02:44:58 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -126,7 +126,7 @@ typedef struct { char *hostkeyalgorithms; /* SSH2 server key types */ char *ca_sign_algorithms; /* Allowed CA signature algorithms */ int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ - char *pubkey_key_types; /* Key types allowed for public key */ + char *pubkey_accepted_algos; /* Signature algos allowed for pubkey */ int pubkey_auth_options; /* -1 or mask of PUBKEYAUTH_* flags */ int kerberos_authentication; /* If true, permit Kerberos * authentication. */ @@ -272,7 +272,7 @@ TAILQ_HEAD(include_list, include_item); M_CP_STROPT(authorized_principals_command); \ M_CP_STROPT(authorized_principals_command_user); \ M_CP_STROPT(hostbased_key_types); \ - M_CP_STROPT(pubkey_key_types); \ + M_CP_STROPT(pubkey_accepted_algos); \ M_CP_STROPT(ca_sign_algorithms); \ M_CP_STROPT(routing_domain); \ M_CP_STROPT(permit_user_env_allowlist); \ diff --git a/sftp.1 b/sftp.1 index ea99aad13..685b3ff91 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.133 2020/12/22 07:40:26 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.134 2021/01/22 02:44:58 dtucker Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 22 2020 $ +.Dd $Mdocdate: January 22 2021 $ .Dt SFTP 1 .Os .Sh NAME @@ -269,7 +269,7 @@ For full details of the options listed below, and their possible values, see .It PreferredAuthentications .It ProxyCommand .It ProxyJump -.It PubkeyAcceptedKeyTypes +.It PubkeyAcceptedAlgorithms .It PubkeyAuthentication .It RekeyLimit .It SendEnv diff --git a/ssh.c b/ssh.c index 06598c7e1..ccba18310 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.546 2020/12/20 23:40:19 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.547 2021/01/22 02:44:58 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -799,7 +799,8 @@ main(int ac, char **av) else if (strcmp(optarg, "key-plain") == 0) cp = sshkey_alg_list(0, 1, 0, '\n'); else if (strcmp(optarg, "key-sig") == 0 || - strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || + strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || /* deprecated name */ + strcasecmp(optarg, "PubkeyAcceptedAlgorithms") == 0 || strcasecmp(optarg, "HostKeyAlgorithms") == 0 || strcasecmp(optarg, "HostbasedKeyTypes") == 0 || strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0) diff --git a/ssh_config.5 b/ssh_config.5 index 8c70962b6..96d6f6583 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.342 2021/01/14 19:45:06 rob Exp $ -.Dd $Mdocdate: January 14 2021 $ +.\" $OpenBSD: ssh_config.5,v 1.343 2021/01/22 02:44:58 dtucker Exp $ +.Dd $Mdocdate: January 22 2021 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1388,20 +1388,20 @@ will pass a connected file descriptor back to instead of continuing to execute and pass data. The default is .Cm no . -.It Cm PubkeyAcceptedKeyTypes -Specifies the key types that will be used for public key authentication -as a comma-separated list of patterns. +.It Cm PubkeyAcceptedAlgorithms +Specifies the signature algorithms that will be used for public key +authentication as a comma-separated list of patterns. If the specified list begins with a .Sq + -character, then the key types after it will be appended to the default +character, then the algorithms after it will be appended to the default instead of replacing it. If the specified list begins with a .Sq - -character, then the specified key types (including wildcards) will be removed +character, then the specified algorithms (including wildcards) will be removed from the default set instead of replacing them. If the specified list begins with a .Sq ^ -character, then the specified key types will be placed at the head of the +character, then the specified algorithms will be placed at the head of the default set. The default for this option is: .Bd -literal -offset 3n @@ -1422,7 +1422,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using -.Qq ssh -Q PubkeyAcceptedKeyTypes . +.Qq ssh -Q PubkeyAcceptedAlgorithms . .It Cm PubkeyAuthentication Specifies whether to try public key authentication. The argument to this keyword must be diff --git a/sshconnect2.c b/sshconnect2.c index 108fd9707..de89b7617 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.341 2021/01/08 02:57:24 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.342 2021/01/22 02:44:58 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1191,16 +1191,16 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) { /* Filter base key signature alg against our configuration */ return match_list(sshkey_ssh_name(key), - options.pubkey_key_types, NULL); + options.pubkey_accepted_algos, NULL); } /* * For RSA keys/certs, since these might have a different sig type: - * find the first entry in PubkeyAcceptedKeyTypes of the right type + * find the first entry in PubkeyAcceptedAlgorithms of the right type * that also appears in the supported signature algorithms list from * the server. */ - oallowed = allowed = xstrdup(options.pubkey_key_types); + oallowed = allowed = xstrdup(options.pubkey_accepted_algos); while ((cp = strsep(&allowed, ",")) != NULL) { if (sshkey_type_from_name(cp) != key->type) continue; @@ -1597,25 +1597,25 @@ static int key_type_allowed_by_config(struct sshkey *key) { if (match_pattern_list(sshkey_ssh_name(key), - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; /* RSA keys/certs might be allowed by alternate signature types */ switch (key->type) { case KEY_RSA: if (match_pattern_list("rsa-sha2-512", - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; if (match_pattern_list("rsa-sha2-256", - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; break; case KEY_RSA_CERT: if (match_pattern_list("rsa-sha2-512-cert-v01@openssh.com", - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; if (match_pattern_list("rsa-sha2-256-cert-v01@openssh.com", - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; break; } @@ -1757,11 +1757,11 @@ pubkey_prepare(Authctxt *authctxt) } /* append remaining keys from the config file */ TAILQ_CONCAT(preferred, &files, next); - /* finally, filter by PubkeyAcceptedKeyTypes */ + /* finally, filter by PubkeyAcceptedAlgorithms */ TAILQ_FOREACH_SAFE(id, preferred, next, id2) { if (id->key != NULL && !key_type_allowed_by_config(id->key)) { debug("Skipping %s key %s - " - "not in PubkeyAcceptedKeyTypes", + "corresponding algo not in PubkeyAcceptedAlgorithms", sshkey_ssh_name(id->key), id->filename); TAILQ_REMOVE(preferred, id, next); sshkey_free(id->key); diff --git a/sshd_config.5 b/sshd_config.5 index 1f59ebc61..9b7a89168 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.323 2021/01/14 19:45:06 rob Exp $ -.Dd $Mdocdate: January 14 2021 $ +.\" $OpenBSD: sshd_config.5,v 1.324 2021/01/22 02:44:58 dtucker Exp $ +.Dd $Mdocdate: January 22 2021 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1209,7 +1209,7 @@ Available keywords are .Cm PermitTTY , .Cm PermitTunnel , .Cm PermitUserRC , -.Cm PubkeyAcceptedKeyTypes , +.Cm PubkeyAcceptedAlgorithms , .Cm PubkeyAuthentication , .Cm RekeyLimit , .Cm RevokedKeys , @@ -1477,20 +1477,20 @@ when a user logs in interactively. or equivalent.) The default is .Cm yes . -.It Cm PubkeyAcceptedKeyTypes -Specifies the key types that will be accepted for public key authentication -as a list of comma-separated patterns. +.It Cm PubkeyAcceptedAlgorithms +Specifies the signature algorithms that will be accepted for public key +authentication as a list of comma-separated patterns. Alternately if the specified list begins with a .Sq + -character, then the specified key types will be appended to the default set +character, then the specified algorithms will be appended to the default set instead of replacing them. If the specified list begins with a .Sq - -character, then the specified key types (including wildcards) will be removed +character, then the specified algorithms (including wildcards) will be removed from the default set instead of replacing them. If the specified list begins with a .Sq ^ -character, then the specified key types will be placed at the head of the +character, then the specified algorithms will be placed at the head of the default set. The default for this option is: .Bd -literal -offset 3n @@ -1511,7 +1511,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using -.Qq ssh -Q PubkeyAcceptedKeyTypes . +.Qq ssh -Q PubkeyAcceptedAlgorithms . .It Cm PubkeyAuthOptions Sets one or more public key authentication options. The supported keywords are: