1 files changed, 163 insertions, 5 deletions
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index 368261968d..d9516fff12 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>2004</year><year>2016</year>
+      <year>2004</year><year>2017</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -108,6 +108,9 @@
       
       <tag><c>double_algs() =</c></tag>
       <item><p><c>[{client2serverlist,simple_algs()},{server2client,simple_algs()}] | simple_algs()</c></p></item>
+
+      <tag><c>modify_algs_list() =</c></tag>
+      <item><p><c>list( {append,algs_list()} | {prepend,algs_list()} | {rm,algs_list()} )</c></p></item>
      </taglist>
 </section>
 
@@ -246,13 +249,16 @@
 	  <tag><c><![CDATA[{pref_public_key_algs, list()}]]></c></tag>
 	  <item>
             <p>List of user (client) public key algorithms to try to use.</p>
-	    <p>The default value is 
-	    <c><![CDATA[['ssh-rsa','ssh-dss','ecdsa-sha2-nistp256','ecdsa-sha2-nistp384','ecdsa-sha2-nistp521'] ]]></c>
+	    <p>The default value is the <c>public_key</c> entry in 
+	    <seealso marker="#default_algorithms/0">ssh:default_algorithms/0</seealso>.
+	    </p>
+	    <p>If there is no public key of a specified type available, the corresponding entry is ignored.
+	    Note that the available set is dependent on the underlying cryptolib and current user's public keys.
 	    </p>
-	    <p>If there is no public key of a specified type available, the corresponding entry is ignored.</p>
 	  </item>
 
-	  <tag><c><![CDATA[{preferred_algorithms, algs_list()}]]></c></tag>
+	  <tag><marker id="option_preferred_algorithms"></marker>
+	  <c><![CDATA[{preferred_algorithms, algs_list()}]]></c></tag>
 	  <item>
             <p>List of algorithms to use in the algorithm negotiation. The default <c>algs_list()</c> can
 	    be obtained from <seealso marker="#default_algorithms/0">default_algorithms/0</seealso>.
@@ -273,6 +279,8 @@
 	for cipher but specifies the same algorithms for mac and compression in both directions.
 	The kex (key exchange) is implicit but public_key is set explicitly.</p>
 
+	<p>For background and more examples see the <seealso marker="configure_algos#introduction">User's Guide</seealso>.</p>
+
         <warning>
 	  <p>Changing the values can make a connection less secure. Do not change unless you
 	  know exactly what you are doing. If you do not understand the values then you
@@ -280,6 +288,62 @@
 	</warning>
 	  </item>
 
+	  <tag><marker id="option_modify_algorithms"></marker>
+	  <c><![CDATA[{modify_algorithms, modify_algs_list()}]]></c></tag>
+	  <item>
+	    <p>Modifies the list of algorithms to use in the algorithm negotiation. The modifications are
+	    applied after the option <c>preferred_algorithms</c> (if existing) is applied.</p>
+	    <p>The algoritm for modifications works like this:</p>
+	    <list>
+	      <item>
+		<p>Input is the <c>modify_algs_list()</c> and a set of algorithms <c>A</c>
+		obtained from the <c>preferred_algorithms</c> option if existing, or else from the
+		<seealso marker="ssh#default_algorithms-0">ssh:default_algorithms/0</seealso>.
+		</p>
+	      </item>
+	      <item>
+		<p>The head of the <c>modify_algs_list()</c> modifies <c>A</c> giving the result <c>A'</c>.</p>
+		<p>The possible modifications are:</p>
+		<list>
+		  <item>
+		    <p>Append or prepend supported but not enabled algorithm(s) to the list of
+		    algorithms. If the wanted algorithms already are in <c>A</c> they will first
+		    be removed and then appended or prepended,
+		    </p>
+		  </item>
+		  <item>
+		    <p>Remove (rm) one or more algorithms from <c>A</c>.
+		    </p>
+		  </item>
+		</list>
+	      </item>
+	      <item>
+		<p>Repeat the modification step with the tail of <c>modify_algs_list()</c> and the resulting
+		<c>A'</c>.
+		</p>
+	      </item>
+	    </list>
+	    <p>If an unsupported algorithm is in the <c>modify_algs_list()</c>, it will be silently ignored</p>
+	    <p>If there are more than one modify_algorithms options, the result is undefined.</p>
+	    <p>Here is an example of this option:</p>
+	<code>
+{modify_algorithms, 
+ [{prepend, [{kex, ['diffie-hellman-group1-sha1']}],
+  {rm,      [{compression, [none]}]}
+ ]
+}
+</code>
+          <p>The example specifies that:</p>
+	  <list>
+	    <item><p>the old key exchange algorithm 'diffie-hellman-group1-sha1' should be
+	    the main alternative. It will be the main alternative since it is prepened to the list</p>
+	    </item>
+	    <item><p>The compression algorithm none (= no compression) is removed so compression is enforced</p>
+	    </item>
+	  </list>
+	  <p>For background and more examples see the <seealso marker="configure_algos#introduction">User's Guide</seealso>.</p>
+	  </item>
+
 	  <tag><c><![CDATA[{dh_gex_limits,{Min=integer(),I=integer(),Max=integer()}}]]></c></tag>
 	  <item>
 	    <p>Sets the three diffie-hellman-group-exchange parameters that guides the connected server in choosing a group.
@@ -293,6 +357,15 @@
 	    connection. For <c>gen_tcp</c> the time is in milli-seconds and the default value is
 	    <c>infinity</c>.</p>
 	  </item>
+
+	  <tag><c><![CDATA[{auth_methods, string()}]]></c></tag>
+	  <item>
+	    <p>Comma-separated string that determines which
+	    authentication methods that the client shall support and
+	    in which order they are tried. Defaults to
+	    <c><![CDATA["publickey,keyboard-interactive,password"]]></c></p>
+          </item>
+
 	  <tag><c><![CDATA[{user, string()}]]></c></tag>
           <item>
 	    <p>Provides a username. If this option is not given, <c>ssh</c>
@@ -300,6 +373,7 @@
 	    <c><![CDATA[USER]]></c> on UNIX,
 	    <c><![CDATA[USERNAME]]></c> on Windows).</p>
           </item>
+
 	  <tag><c><![CDATA[{password, string()}]]></c></tag>
           <item>
 	    <p>Provides a password for password authentication.
@@ -307,6 +381,30 @@
 	    password, if the password authentication method is
 	    attempted.</p>
           </item>
+
+	  <!--tag><c><![CDATA[{send_ext_info, boolean()}]]></c></tag>
+          <item>
+	    <p>Send a list of extensions to the server if the server has asked for it.  See 
+	    <url href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info">Draft-ietf-curdle-ssh-ext-info (work in progress)</url> for details.
+	    </p>
+	    <p>Currently the client do not react on any extensions.
+	    </p>
+	    <p>Default value is <c>true</c>.
+	    </p>
+          </item-->
+
+	  <tag><c><![CDATA[{recv_ext_info, boolean()}]]></c></tag>
+          <item>
+	    <p>Tell the server that the client accepts extension negotiation.  See 
+	    <url href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info">Draft-ietf-curdle-ssh-ext-info (work in progress)</url> for details.
+	    </p>
+	    <p>Currently implemented extension is <c>server-sig-algs</c> which is the list of the server's preferred
+	    user's public key algorithms.
+	    </p>
+	    <p>Default value is <c>true</c>.
+	    </p>
+          </item>
+
 	  <tag><c><![CDATA[{key_cb, key_cb()}]]></c></tag>
 	  <item>
 	    <p>Module implementing the behaviour <seealso
@@ -316,6 +414,7 @@
 	    module via the options passed to it under the key 'key_cb_private'.
 	    </p>
 	  </item>
+
 	  <tag><c><![CDATA[{quiet_mode, atom() = boolean()}]]></c></tag>
 	  <item>
 	    <p>If <c>true</c>, the client does not print anything on authorization.</p>
@@ -466,6 +565,7 @@
 	    authentication methods that the server is to support and
 	    in what order they are tried. Defaults to
 	    <c><![CDATA["publickey,keyboard-interactive,password"]]></c></p>
+	    <p>Note that the client is free to use any order and to exclude methods.</p>
           </item>
 
 	  <tag><c><![CDATA[{auth_method_kb_interactive_data, PromptTexts}]]></c>
@@ -517,6 +617,8 @@
 	for cipher but specifies the same algorithms for mac and compression in both directions.
 	The kex (key exchange) is implicit but public_key is set explicitly.</p>
 
+	<p>For background and more examples see the <seealso marker="configure_algos#introduction">User's Guide</seealso>.</p>
+
         <warning>
 	  <p>Changing the values can make a connection less secure. Do not change unless you
 	  know exactly what you are doing. If you do not understand the values then you
@@ -524,6 +626,41 @@
 	</warning>
 	  </item>
 
+	  <tag><marker id="option_modify_algorithms"></marker>
+	  <c><![CDATA[{modify_algorithms, modify_algs_list()}]]></c></tag>
+	  <item>
+	    <p>Modifies the list of algorithms to use in the algorithm negotiation. The modifications are
+	    applied after the option <c>preferred_algorithms</c> is applied (if existing)</p>
+	    <p>The possible modifications are to:</p>
+	    <list>
+	      <item><p>Append or prepend supported but not enabled algorithm(s) to the list of
+	      algorithms.</p><p>If the wanted algorithms already are in the list of algorithms, they will first
+	      be removed and then appended or prepended.
+	    </p>
+	      </item>
+	      <item><p>Remove (rm) one or more algorithms from the list of algorithms.</p></item>
+	    </list>
+	    <p>If an unsupported algorithm is in the list, it will be silently ignored</p>
+
+	    <p>Here is an example of this option:</p>
+	<code>
+{modify_algorithms, 
+ [{prepend, [{kex, ['diffie-hellman-group1-sha1']}],
+  {rm,      [{compression, [none]}]}
+ ]
+}
+</code>
+          <p>The example specifies that:</p>
+	  <list>
+	    <item><p>the old key exchange algorithm 'diffie-hellman-group1-sha1' should be
+	    the main alternative. It will be the main alternative since it is prepened to the list</p>
+	    </item>
+	    <item><p>The compression algorithm none (= no compression) is removed so compression is enforced</p>
+	    </item>
+	  </list>
+	  <p>For background and more examples see the <seealso marker="configure_algos#introduction">User's Guide</seealso>.</p>
+	  </item>
+
 	  <tag><c><![CDATA[{dh_gex_groups, [{Size=integer(),G=integer(),P=integer()}] | {file,filename()} {ssh_moduli_file,filename()} }]]></c></tag>
 	  <item>
 	    <p>Defines the groups the server may choose among when diffie-hellman-group-exchange is negotiated.
@@ -670,6 +807,27 @@
 	    </p>
 	  </item>
 
+	  <tag><c><![CDATA[{send_ext_info, boolean()}]]></c></tag>
+          <item>
+	    <p>Send a list of extensions to the client if the client has asked for it. See 
+	    <url href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info">Draft-ietf-curdle-ssh-ext-info (work in progress)</url> for details.
+	    </p>
+	    <p>Currently implemented extension is sending <c>server-sig-algs</c> which is the list of the server's preferred
+	    user's public key algorithms.
+	    </p>
+	    <p>Default value is <c>true</c>.
+	    </p>
+          </item>
+
+	  <!--tag><c><![CDATA[{recv_ext_info, boolean()}]]></c></tag>
+          <item>
+	    <p>Tell the client that the server accepts extension negotiation.  See 
+	    <url href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info">Draft-ietf-curdle-ssh-ext-info (work in progress)</url> for details.
+	    </p>
+	    <p>Default value is <c>true</c>.
+	    </p>
+          </item-->
+
 	  <tag><c><![CDATA[{key_cb, key_cb()}]]></c></tag>
 	  <item>
 	    <p>Module implementing the behaviour <seealso