sync with OpenBSD -current

usr.bin/ssh/ssh-keyscan.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keyscan.1,v 1.49 2023/02/10 06:41:53 jmc Exp $
+.\"	$OpenBSD: ssh-keyscan.1,v 1.51 2024/06/14 05:20:34 jmc Exp $
 .\"
 .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
 .\"
@@ -6,7 +6,7 @@
 .\" permitted provided that due credit is given to the author and the
 .\" OpenBSD project by leaving this copyright notice intact.
 .\"
-.Dd $Mdocdate: February 10 2023 $
+.Dd $Mdocdate: June 14 2024 $
 .Dt SSH-KEYSCAN 1
 .Os
 .Sh NAME
@@ -14,7 +14,7 @@
 .Nd gather SSH public keys from servers
 .Sh SYNOPSIS
 .Nm ssh-keyscan
-.Op Fl 46cDHv
+.Op Fl 46cDHqv
 .Op Fl f Ar file
 .Op Fl O Ar option
 .Op Fl p Ar port
@@ -116,6 +116,9 @@ The default is to print both.
 Connect to
 .Ar port
 on the remote host.
+.It Fl q
+Quiet mode:
+do not print server host name and banners in comments.
 .It Fl T Ar timeout
 Set the timeout for connection attempts.
 If

usr.bin/ssh/ssh_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.394 2024/02/21 06:01:13 djm Exp $
-.Dd $Mdocdate: February 21 2024 $
+.\" $OpenBSD: ssh_config.5,v 1.395 2024/06/14 05:01:22 djm Exp $
+.Dd $Mdocdate: June 14 2024 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1262,8 +1262,12 @@ it may be zero or more of:
 and
 .Cm skey .
 .It Cm KexAlgorithms
-Specifies the available KEX (Key Exchange) algorithms.
+Specifies the permitted KEX (Key Exchange) algorithms that will be used and
+their preference order.
+The selected algorithm will the the first algorithm in this list that
+the server also supports.
 Multiple algorithms must be comma-separated.
+.Pp
 If the specified list begins with a
 .Sq +
 character, then the specified algorithms will be appended to the default set
@@ -1276,6 +1280,7 @@ If the specified list begins with a
 .Sq ^
 character, then the specified algorithms will be placed at the head of the
 default set.
+.Pp
 The default is:
 .Bd -literal -offset indent
 sntrup761x25519-sha512@openssh.com,
@@ -1287,7 +1292,7 @@ diffie-hellman-group18-sha512,
 diffie-hellman-group14-sha256
 .Ed
 .Pp
-The list of available key exchange algorithms may also be obtained using
+The list of supported key exchange algorithms may also be obtained using
 .Qq ssh -Q kex .
 .It Cm KnownHostsCommand
 Specifies a command to use to obtain a list of host keys, in addition to

usr.bin/ssh/sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.362 2024/06/13 15:06:33 naddy Exp $
-.Dd $Mdocdate: June 13 2024 $
+.\" $OpenBSD: sshd_config.5,v 1.363 2024/06/14 05:01:22 djm Exp $
+.Dd $Mdocdate: June 14 2024 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1004,9 +1004,13 @@ file on logout.
 The default is
 .Cm yes .
 .It Cm KexAlgorithms
-Specifies the available KEX (Key Exchange) algorithms.
+Specifies the permitted KEX (Key Exchange) algorithms that the server will
+offer to clients.
+The ordering of this list is not important, as the client specifies the
+preference order.
 Multiple algorithms must be comma-separated.
-Alternately if the specified list begins with a
+.Pp
+If the specified list begins with a
 .Sq +
 character, then the specified algorithms will be appended to the default set
 instead of replacing them.
@@ -1018,6 +1022,7 @@ If the specified list begins with a
 .Sq ^
 character, then the specified algorithms will be placed at the head of the
 default set.
+.Pp
 The supported algorithms are:
 .Pp
 .Bl -item -compact -offset indent
@@ -1059,7 +1064,7 @@ diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
 diffie-hellman-group14-sha256
 .Ed
 .Pp
-The list of available key exchange algorithms may also be obtained using
+The list of supported key exchange algorithms may also be obtained using
 .Qq ssh -Q KexAlgorithms .
 .It Cm ListenAddress
 Specifies the local addresses