1 files changed, 11 insertions, 1 deletions

diff --git a/sshd_config.0 b/sshd_config.0
index 0498495fe693..af54da6b2220 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -206,6 +206,16 @@ DESCRIPTION
              before authentication is allowed.  If the argument is none then
              no banner is displayed.  By default, no banner is displayed.
 
+     CASignatureAlgorithms
+             Specifies which algorithms are allowed for signing of
+             certificates by certificate authorities (CAs).  The default is:
+
+                   ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+                   ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+
+             Certificates signed using other algorithms will not be accepted
+             for public key or host-based authentication.
+
      ChallengeResponseAuthentication
              Specifies whether challenge-response authentication is allowed
              (e.g. via PAM or through authentication styles supported in
@@ -1079,4 +1089,4 @@ AUTHORS
      versions 1.5 and 2.0.  Niels Provos and Markus Friedl contributed support
      for privilege separation.
 
-OpenBSD 6.4                      July 20, 2018                     OpenBSD 6.4
+OpenBSD 6.4                   September 20, 2018                   OpenBSD 6.4