diff -up openssh-8.2p1/ssh_config.5.crypto-policies openssh-8.2p1/ssh_config.5

--- openssh-8.2p1/ssh_config.5.crypto-policies	2020-03-26 14:40:44.546775605 +0100

+++ openssh-8.2p1/ssh_config.5	2020-03-26 14:52:20.700649727 +0100

@@ -359,17 +359,17 @@ or

 .Qq *.c.example.com

 domains.

 .It Cm CASignatureAlgorithms

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 Specifies which algorithms are allowed for signing of certificates

 by certificate authorities (CAs).

-The default is:

-.Bd -literal -offset indent

-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,

-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

-.Ed

-.Pp

 .Xr ssh 1

 will not accept host certificates signed using algorithms other than those

 specified.

+.Pp

 .It Cm CertificateFile

 Specifies a file from which the user's certificate is read.

 A corresponding private key must be provided separately in order

@@ -424,20 +424,25 @@ If the option is set to

 .Cm no ,

 the check will not be executed.

 .It Cm Ciphers

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 Specifies the ciphers allowed and their order of preference.

 Multiple ciphers must be comma-separated.

 If the specified list begins with a

 .Sq +

-character, then the specified ciphers will be appended to the default set

+character, then the specified ciphers will be appended to the built-in default set

 instead of replacing them.

 If the specified list begins with a

 .Sq -

 character, then the specified ciphers (including wildcards) will be removed

-from the default set instead of replacing them.

+from the built-in default set instead of replacing them.

 If the specified list begins with a

 .Sq ^

 character, then the specified ciphers will be placed at the head of the

-default set.

+built-in default set.

 .Pp

 The supported ciphers are:

 .Bd -literal -offset indent

@@ -453,13 +458,6 @@ aes256-gcm@openssh.com

 chacha20-poly1305@openssh.com

 .Ed

 .Pp

-The default is:

-.Bd -literal -offset indent

-chacha20-poly1305@openssh.com,

-aes128-ctr,aes192-ctr,aes256-ctr,

-aes128-gcm@openssh.com,aes256-gcm@openssh.com

-.Ed

-.Pp

 The list of available ciphers may also be obtained using

 .Qq ssh -Q cipher .

 .It Cm ClearAllForwardings

@@ -812,6 +810,11 @@ command line will be passed untouched to

 The default is

 .Dq no .

 .It Cm GSSAPIKexAlgorithms

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 The list of key exchange algorithms that are offered for GSSAPI

 key exchange. Possible values are

 .Bd -literal -offset 3n

@@ -824,10 +827,8 @@ gss-nistp256-sha256-,

 gss-curve25519-sha256-

 .Ed

 .Pp

-The default is

-.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,

-gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .

 This option only applies to connections using GSSAPI.

+.Pp

 .It Cm HashKnownHosts

 Indicates that

 .Xr ssh 1

@@ -1149,29 +1150,25 @@ it may be zero or more of:

 and

 .Cm pam .

 .It Cm KexAlgorithms

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 Specifies the available KEX (Key Exchange) algorithms.

 Multiple algorithms must be comma-separated.

 If the specified list begins with a

 .Sq +

-character, then the specified methods will be appended to the default set

+character, then the specified methods will be appended to the built-in default set

 instead of replacing them.

 If the specified list begins with a

 .Sq -

 character, then the specified methods (including wildcards) will be removed

-from the default set instead of replacing them.

+from the built-in default set instead of replacing them.

 If the specified list begins with a

 .Sq ^

 character, then the specified methods will be placed at the head of the

-default set.

-The default is:

-.Bd -literal -offset indent

-curve25519-sha256,curve25519-sha256@libssh.org,

-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,

-diffie-hellman-group-exchange-sha256,

-diffie-hellman-group16-sha512,

-diffie-hellman-group18-sha512,

-diffie-hellman-group14-sha256

-.Ed

+built-in default set.

 .Pp

 The list of available key exchange algorithms may also be obtained using

 .Qq ssh -Q kex .

@@ -1231,37 +1228,33 @@ The default is INFO.

 DEBUG and DEBUG1 are equivalent.

 DEBUG2 and DEBUG3 each specify higher levels of verbose output.

 .It Cm MACs

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 Specifies the MAC (message authentication code) algorithms

 in order of preference.

 The MAC algorithm is used for data integrity protection.

 Multiple algorithms must be comma-separated.

 If the specified list begins with a

 .Sq +

-character, then the specified algorithms will be appended to the default set

+character, then the specified algorithms will be appended to the built-in default set

 instead of replacing them.

 If the specified list begins with a

 .Sq -

 character, then the specified algorithms (including wildcards) will be removed

-from the default set instead of replacing them.

+from the built-in default set instead of replacing them.

 If the specified list begins with a

 .Sq ^

 character, then the specified algorithms will be placed at the head of the

-default set.

+built-in default set.

 .Pp

 The algorithms that contain

 .Qq -etm

 calculate the MAC after encryption (encrypt-then-mac).

 These are considered safer and their use recommended.

 .Pp

-The default is:

-.Bd -literal -offset indent

-umac-64-etm@openssh.com,umac-128-etm@openssh.com,

-hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,

-hmac-sha1-etm@openssh.com,

-umac-64@openssh.com,umac-128@openssh.com,

-hmac-sha2-256,hmac-sha2-512,hmac-sha1

-.Ed

-.Pp

 The list of available MAC algorithms may also be obtained using

 .Qq ssh -Q mac .

 .It Cm NoHostAuthenticationForLocalhost

@@ -1394,36 +1387,25 @@ instead of continuing to execute and pas

 The default is

 .Cm no .

 .It Cm PubkeyAcceptedKeyTypes

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 Specifies the key types that will be used for public key authentication

 as a comma-separated list of patterns.

 If the specified list begins with a

 .Sq +

-character, then the key types after it will be appended to the default

+character, then the key types after it will be appended to the built-in default

 instead of replacing it.

 If the specified list begins with a

 .Sq -

 character, then the specified key types (including wildcards) will be removed

-from the default set instead of replacing them.

+from the built-in default set instead of replacing them.

 If the specified list begins with a

 .Sq ^

 character, then the specified key types will be placed at the head of the

-default set.

-The default for this option is:

-.Bd -literal -offset 3n

-ecdsa-sha2-nistp256-cert-v01@openssh.com,

-ecdsa-sha2-nistp384-cert-v01@openssh.com,

-ecdsa-sha2-nistp521-cert-v01@openssh.com,

-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,

-ssh-ed25519-cert-v01@openssh.com,

-sk-ssh-ed25519-cert-v01@openssh.com,

-rsa-sha2-512-cert-v01@openssh.com,

-rsa-sha2-256-cert-v01@openssh.com,

-ssh-rsa-cert-v01@openssh.com,

-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,

-sk-ecdsa-sha2-nistp256@openssh.com,

-ssh-ed25519,sk-ssh-ed25519@openssh.com,

-rsa-sha2-512,rsa-sha2-256,ssh-rsa

-.Ed

+built-in default set.

 .Pp

 The list of available key types may also be obtained using

 .Qq ssh -Q PubkeyAcceptedKeyTypes .

diff -up openssh-8.2p1/sshd_config.5.crypto-policies openssh-8.2p1/sshd_config.5

--- openssh-8.2p1/sshd_config.5.crypto-policies	2020-03-26 14:40:44.530775355 +0100

+++ openssh-8.2p1/sshd_config.5	2020-03-26 14:48:56.732468099 +0100

@@ -375,16 +375,16 @@ If the argument is

 then no banner is displayed.

 By default, no banner is displayed.

 .It Cm CASignatureAlgorithms

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 Specifies which algorithms are allowed for signing of certificates

 by certificate authorities (CAs).

-The default is:

-.Bd -literal -offset indent

-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,

-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

-.Ed

-.Pp

 Certificates signed using other algorithms will not be accepted for

 public key or host-based authentication.

+.Pp

 .It Cm ChallengeResponseAuthentication

 Specifies whether challenge-response authentication is allowed (e.g. via

 PAM or through authentication styles supported in

@@ -446,20 +446,25 @@ The default is

 indicating not to

 .Xr chroot 2 .

 .It Cm Ciphers

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 Specifies the ciphers allowed.

 Multiple ciphers must be comma-separated.

 If the specified list begins with a

 .Sq +

-character, then the specified ciphers will be appended to the default set

+character, then the specified ciphers will be appended to the built-in default set

 instead of replacing them.

 If the specified list begins with a

 .Sq -

 character, then the specified ciphers (including wildcards) will be removed

-from the default set instead of replacing them.

+from the built-in default set instead of replacing them.

 If the specified list begins with a

 .Sq ^

 character, then the specified ciphers will be placed at the head of the

-default set.

+built-in default set.

 .Pp

 The supported ciphers are:

 .Pp

@@ -486,13 +491,6 @@ aes256-gcm@openssh.com

 chacha20-poly1305@openssh.com

 .El

 .Pp

-The default is:

-.Bd -literal -offset indent

-chacha20-poly1305@openssh.com,

-aes128-ctr,aes192-ctr,aes256-ctr,

-aes128-gcm@openssh.com,aes256-gcm@openssh.com

-.Ed

-.Pp

 The list of available ciphers may also be obtained using

 .Qq ssh -Q cipher .

 .It Cm ClientAliveCountMax

@@ -681,22 +679,24 @@ For this to work

 .Cm GSSAPIKeyExchange

 needs to be enabled in the server and also used by the client.

 .It Cm GSSAPIKexAlgorithms

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 The list of key exchange algorithms that are accepted by GSSAPI

 key exchange. Possible values are

 .Bd -literal -offset 3n

-gss-gex-sha1-,

-gss-group1-sha1-,

-gss-group14-sha1-,

-gss-group14-sha256-,

-gss-group16-sha512-,

-gss-nistp256-sha256-,

+gss-gex-sha1-

+gss-group1-sha1-

+gss-group14-sha1-

+gss-group14-sha256-

+gss-group16-sha512-

+gss-nistp256-sha256-

 gss-curve25519-sha256-

 .Ed

-.Pp

-The default is

-.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,

-gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .

 This option only applies to connections using GSSAPI.

+.Pp

 .It Cm HostbasedAcceptedKeyTypes

 Specifies the key types that will be accepted for hostbased authentication

 as a list of comma-separated patterns.

@@ -793,25 +793,13 @@ is specified, the location of the socket

 .Ev SSH_AUTH_SOCK

 environment variable.

 .It Cm HostKeyAlgorithms

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 Specifies the host key algorithms

 that the server offers.

-The default for this option is:

-.Bd -literal -offset 3n

-ecdsa-sha2-nistp256-cert-v01@openssh.com,

-ecdsa-sha2-nistp384-cert-v01@openssh.com,

-ecdsa-sha2-nistp521-cert-v01@openssh.com,

-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,

-ssh-ed25519-cert-v01@openssh.com,

-sk-ssh-ed25519-cert-v01@openssh.com,

-rsa-sha2-512-cert-v01@openssh.com,

-rsa-sha2-256-cert-v01@openssh.com,

-ssh-rsa-cert-v01@openssh.com,

-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,

-sk-ecdsa-sha2-nistp256@openssh.com,

-ssh-ed25519,sk-ssh-ed25519@openssh.com,

-rsa-sha2-512,rsa-sha2-256,ssh-rsa

-.Ed

-.Pp

 The list of available key types may also be obtained using

 .Qq ssh -Q HostKeyAlgorithms .

 .It Cm IgnoreRhosts

@@ -943,20 +931,25 @@ Specifies whether to look at .k5login fi

 The default is

 .Cm yes .

 .It Cm KexAlgorithms

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 Specifies the available KEX (Key Exchange) algorithms.

 Multiple algorithms must be comma-separated.

 Alternately if the specified list begins with a

 .Sq +

-character, then the specified methods will be appended to the default set

+character, then the specified methods will be appended to the built-in default set

 instead of replacing them.

 If the specified list begins with a

 .Sq -

 character, then the specified methods (including wildcards) will be removed

-from the default set instead of replacing them.

+from the built-in default set instead of replacing them.

 If the specified list begins with a

 .Sq ^

 character, then the specified methods will be placed at the head of the

-default set.

+built-in default set.

 The supported algorithms are:

 .Pp

 .Bl -item -compact -offset indent

@@ -988,15 +981,6 @@ ecdh-sha2-nistp521

 sntrup4591761x25519-sha512@tinyssh.org

 .El

 .Pp

-The default is:

-.Bd -literal -offset indent

-curve25519-sha256,curve25519-sha256@libssh.org,

-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,

-diffie-hellman-group-exchange-sha256,

-diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,

-diffie-hellman-group14-sha256

-.Ed

-.Pp

 The list of available key exchange algorithms may also be obtained using

 .Qq ssh -Q KexAlgorithms .

 .It Cm ListenAddress

@@ -1065,21 +1049,26 @@ DEBUG and DEBUG1 are equivalent.

 DEBUG2 and DEBUG3 each specify higher levels of debugging output.

 Logging with a DEBUG level violates the privacy of users and is not recommended.

 .It Cm MACs

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 Specifies the available MAC (message authentication code) algorithms.

 The MAC algorithm is used for data integrity protection.

 Multiple algorithms must be comma-separated.

 If the specified list begins with a

 .Sq +

-character, then the specified algorithms will be appended to the default set

+character, then the specified algorithms will be appended to the built-in default set

 instead of replacing them.

 If the specified list begins with a

 .Sq -

 character, then the specified algorithms (including wildcards) will be removed

-from the default set instead of replacing them.

+from the built-in default set instead of replacing them.

 If the specified list begins with a

 .Sq ^

 character, then the specified algorithms will be placed at the head of the

-default set.

+built-in default set.

 .Pp

 The algorithms that contain

 .Qq -etm

@@ -1122,15 +1111,6 @@ umac-64-etm@openssh.com

 umac-128-etm@openssh.com

 .El

 .Pp

-The default is:

-.Bd -literal -offset indent

-umac-64-etm@openssh.com,umac-128-etm@openssh.com,

-hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,

-hmac-sha1-etm@openssh.com,

-umac-64@openssh.com,umac-128@openssh.com,

-hmac-sha2-256,hmac-sha2-512,hmac-sha1

-.Ed

-.Pp

 The list of available MAC algorithms may also be obtained using

 .Qq ssh -Q mac .

 .It Cm Match

@@ -1480,36 +1460,25 @@ or equivalent.)

 The default is

 .Cm yes .

 .It Cm PubkeyAcceptedKeyTypes

+The default is handled system-wide by

+.Xr crypto-policies 7 .

+To see the defaults and how to modify this default, see manual page

+.Xr update-crypto-policies 8 .

+.Pp

 Specifies the key types that will be accepted for public key authentication

 as a list of comma-separated patterns.

 Alternately if the specified list begins with a

 .Sq +

-character, then the specified key types will be appended to the default set

+character, then the specified key types will be appended to the built-in default set

 instead of replacing them.

 If the specified list begins with a

 .Sq -

 character, then the specified key types (including wildcards) will be removed

-from the default set instead of replacing them.

+from the built-in default set instead of replacing them.

 If the specified list begins with a

 .Sq ^

 character, then the specified key types will be placed at the head of the

-default set.

-The default for this option is:

-.Bd -literal -offset 3n

-ecdsa-sha2-nistp256-cert-v01@openssh.com,

-ecdsa-sha2-nistp384-cert-v01@openssh.com,

-ecdsa-sha2-nistp521-cert-v01@openssh.com,

-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,

-ssh-ed25519-cert-v01@openssh.com,

-sk-ssh-ed25519-cert-v01@openssh.com,

-rsa-sha2-512-cert-v01@openssh.com,

-rsa-sha2-256-cert-v01@openssh.com,

-ssh-rsa-cert-v01@openssh.com,

-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,

-sk-ecdsa-sha2-nistp256@openssh.com,

-ssh-ed25519,sk-ssh-ed25519@openssh.com,

-rsa-sha2-512,rsa-sha2-256,ssh-rsa

-.Ed

+built-in default set.

 .Pp

 The list of available key types may also be obtained using

 .Qq ssh -Q PubkeyAcceptedKeyTypes .