upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA

signature work - returns ability to add/remove/specify algorithms by
wildcard.

Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.

Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.

(lots of) feedback, ok markus@

OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207

1 files changed, 4 insertions, 4 deletions

diff --git a/sshd_config.5 b/sshd_config.5
index cc019ec7d..aa888796e 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.279 2018/07/03 11:39:54 djm Exp $
-.Dd $Mdocdate: July 3 2018 $
+.\" $OpenBSD: sshd_config.5,v 1.280 2018/07/04 13:49:31 djm Exp $
+.Dd $Mdocdate: July 4 2018 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -659,7 +659,7 @@ The default is
 .Cm yes .
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
-as a comma-separated pattern list.
+as a list of comma-separated patterns.
 Alternately if the specified value begins with a
 .Sq +
 character, then the specified key types will be appended to the default set
@@ -1386,7 +1386,7 @@ The default is
 .Cm yes .
 .It Cm PubkeyAcceptedKeyTypes
 Specifies the key types that will be accepted for public key authentication
-as a comma-separated pattern list.
+as a list of comma-separated patterns.
 Alternately if the specified value begins with a
 .Sq +
 character, then the specified key types will be appended to the default set