1 files changed, 43 insertions, 53 deletions
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index 0e5a0706f5..b3f850fc38 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -32,34 +32,10 @@
   <modulesummary>Main API of the ssh application</modulesummary>
   <description>
     <p>Interface module for the <c>ssh</c> application.</p>
+    <p>See <seealso marker="ssh:SSH_app#supported">ssh(6)</seealso> for details of supported version,
+    algorithms and unicode support.</p>
   </description>
 
-   <section>
-    <title>SSH</title>
-    <marker id="supported"/>
-    <list type="bulleted">
-      <item>For application dependencies see <seealso marker="SSH_app"> ssh(6)</seealso> </item>
-      <item>Supported SSH version is 2.0.</item>
-      <item>Supported public key algorithms: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa and ssh-dss.</item>
-      <item>Supported MAC algorithms: hmac-sha2-256, hmac-sha2-512 and hmac-sha1.</item>
-      <item>Supported encryption algorithms: aes256-ctr, aes192-ctr, aes128-ctr, aes128-cb and 3des-cbc.</item>
-      <item>Supported key exchange algorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256 and diffie-hellman-group1-sha1</item>
-      <item>Supported compression algorithms: none, [email protected] and zlib</item>
-      <item>Supports unicode filenames if the emulator and the underlaying OS support it.
-      See section DESCRIPTION in the
-      <seealso marker="kernel:file">file</seealso> manual page in <c>kernel</c>
-      for information about this subject.</item>
-      <item>Supports unicode in shell and CLI.</item>
-    </list>
-    <p>The actual set of algorithms can vary depending on which OpenSSL crypto library that is installed on the machine.
-    For the list on a particular installation, use the command <seealso marker="#default_algorithms/0">default_algorithms/0</seealso>. 
-    The user may override the default algorithm configuration both on the server side and the client side.
-    See the option preferred_algorithms in the <seealso marker="#daemon/1">daemon</seealso> and
-    <seealso marker="#connect/3">connect</seealso> functions.
-</p>
-    
-  </section>
-  
   <section>
     <title>OPTIONS</title>
     <p>The exact behaviour of some functions can be adjusted with the use of options which are documented together
@@ -109,6 +85,15 @@
       <item><p><c>atom()</c> - Name of the Erlang module
       implementing the subsystem using the <c>ssh_channel</c> behavior, see
       <seealso marker="ssh_channel">ssh_channel(3)</seealso></p></item>
+      <tag><c>key_cb() =</c></tag>
+      <item>
+        <p><c>atom() | {atom(), list()}</c></p>
+        <p><c>atom()</c> - Name of the erlang module implementing the behaviours
+        <seealso marker="ssh_client_key_api">ssh_client_key_api</seealso> or
+        <seealso marker="ssh_client_key_api">ssh_client_key_api</seealso> as the
+        case maybe.</p>
+        <p><c>list()</c> - List of options that can be passed to the callback module.</p>
+      </item>
       <tag><c>channel_init_args() =</c></tag>
       <item><p><c>list()</c></p></item>
 
@@ -221,26 +206,25 @@
 	  <tag><c><![CDATA[{public_key_alg, 'ssh-rsa' | 'ssh-dss'}]]></c></tag>
 	  <item>
 	    <note>
-	      <p>This option is kept for compatibility. It is ignored if the <c>preferred_algorithms</c>
-	      option is used. The equivalence of <c>{public_key_alg,'ssh-dss'}</c> is 
-	      <c>{preferred_algorithms, [{public_key,['ssh-dss','ssh-rsa']}]}</c>.</p>
+	      <p>This option will be removed in OTP 20, but is kept for compatibility. It is ignored if
+	      the preferred <c>pref_public_key_algs</c> option is used.</p>
 	    </note>
             <p>Sets the preferred public key algorithm to use for user
 	    authentication. If the preferred algorithm fails,
-	    the other algorithm is tried. The default is
-	    to try <c><![CDATA['ssh-rsa']]></c> first.</p>
+	    the other algorithm is tried. If <c>{public_key_alg, 'ssh-rsa'}</c> is set, it is translated
+	    to <c>{pref_public_key_algs, ['ssh-rsa','ssh-dss']}</c>.  If it is 
+	    <c>{public_key_alg, 'ssh-dss'}</c>, it is translated
+	    to <c>{pref_public_key_algs, ['ssh-dss','ssh-rsa']}</c>.
+	    </p>
 	  </item>
 
 	  <tag><c><![CDATA[{pref_public_key_algs, list()}]]></c></tag>
 	  <item>
-	    <note>
-	      <p>This option is kept for compatibility. It is ignored if the <c>preferred_algorithms</c>
-	      option is used. The equivalence of <c>{pref_public_key_algs,['ssh-dss']}</c> is 
-	      <c>{preferred_algorithms, [{public_key,['ssh-dss']}]}</c>.</p>
-	    </note>
-            <p>List of public key algorithms to try to use.
-	    <c>'ssh-rsa'</c> and <c>'ssh-dss'</c> are available.
-	    Overrides <c><![CDATA[{public_key_alg, 'ssh-rsa' | 'ssh-dss'}]]></c></p>
+            <p>List of user (client) public key algorithms to try to use.</p>
+	    <p>The default value is 
+	    <c><![CDATA[['ssh-rsa','ssh-dss','ecdsa-sha2-nistp256','ecdsa-sha2-nistp384','ecdsa-sha2-nistp521'] ]]></c>
+	    </p>
+	    <p>If there is no public key of a specified type available, the corresponding entry is ignored.</p>
 	  </item>
 
 	  <tag><c><![CDATA[{preferred_algorithms, algs_list()}]]></c></tag>
@@ -248,6 +232,7 @@
             <p>List of algorithms to use in the algorithm negotiation. The default <c>algs_list()</c> can
 	    be obtained from <seealso marker="#default_algorithms/0">default_algorithms/0</seealso>.
 	    </p>
+	    <p>If an alg_entry() is missing in the algs_list(), the default value is used for that entry.</p>
 	    <p>Here is an example of this option:</p>
 	<code>
 {preferred_algorithms, 
@@ -258,9 +243,9 @@
   {compression,[none,zlib]}
 }
 </code>
-        <p>The example specifies different algorithms in the two directions (client2server and server2client), for cipher but specifies the same
-algorithms for mac and compression in both directions. The kex (key exchange) and public key algorithms are set to their default values,
-kex is implicit but public_key is set explicitly.</p>
+        <p>The example specifies different algorithms in the two directions (client2server and server2client),
+	for cipher but specifies the same algorithms for mac and compression in both directions.
+	The kex (key exchange) is implicit but public_key is set explicitly.</p>
 
         <warning>
 	  <p>Changing the values can make a connection less secure. Do not change unless you
@@ -296,11 +281,13 @@ kex is implicit but public_key is set explicitly.</p>
 	    password, if the password authentication method is
 	    attempted.</p>
           </item>
-	  <tag><c><![CDATA[{key_cb, atom()}]]></c></tag>
+	  <tag><c><![CDATA[{key_cb, key_cb()}]]></c></tag>
 	  <item>
-	    <p>Module implementing the behaviour
-	    <seealso marker="ssh_client_key_api">ssh_client_key_api</seealso>.
-	    Can be used to customize the handling of public keys.
+	    <p>Module implementing the behaviour <seealso
+	    marker="ssh_client_key_api">ssh_client_key_api</seealso>. Can be used to
+	    customize the handling of public keys. If callback options are provided
+	    along with the module name, they are made available to the callback
+	    module via the options passed to it under the key 'key_cb_private'.
 	    </p>
 	  </item>
 	  <tag><c><![CDATA[{quiet_mode, atom() = boolean()}]]></c></tag>
@@ -464,6 +451,7 @@ kex is implicit but public_key is set explicitly.</p>
             <p>List of algorithms to use in the algorithm negotiation. The default <c>algs_list()</c> can
 	    be obtained from <seealso marker="#default_algorithms/0">default_algorithms/0</seealso>.
 	    </p>
+	    <p>If an alg_entry() is missing in the algs_list(), the default value is used for that entry.</p>
 	    <p>Here is an example of this option:</p>
 	<code>
 {preferred_algorithms, 
@@ -474,9 +462,9 @@ kex is implicit but public_key is set explicitly.</p>
   {compression,[none,zlib]}
 }
 </code>
-        <p>The example specifies different algorithms in the two directions (client2server and server2client), for cipher but specifies the same
-algorithms for mac and compression in both directions. The kex (key exchange) and public key algorithms are set to their default values,
-kex is implicit but public_key is set explicitly.</p>
+        <p>The example specifies different algorithms in the two directions (client2server and server2client),
+	for cipher but specifies the same algorithms for mac and compression in both directions.
+	The kex (key exchange) is implicit but public_key is set explicitly.</p>
 
         <warning>
 	  <p>Changing the values can make a connection less secure. Do not change unless you
@@ -631,11 +619,13 @@ kex is implicit but public_key is set explicitly.</p>
 	    </p>
 	  </item>
 
-	  <tag><c><![CDATA[{key_cb, atom()}]]></c></tag>
+	  <tag><c><![CDATA[{key_cb, key_cb()}]]></c></tag>
 	  <item>
-	    <p>Module implementing the behaviour
-	    <seealso marker="ssh_server_key_api">ssh_server_key_api</seealso>.
-	    Can be used to customize the handling of public keys.
+	    <p>Module implementing the behaviour <seealso
+	    marker="ssh_server_key_api">ssh_server_key_api</seealso>. Can be used to
+	    customize the handling of public keys. If callback options are provided
+	    along with the module name, they are made available to the callback
+	    module via the options passed to it under the key 'key_cb_private'.
 	    </p>
 	  </item>