===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh_config.5,v
retrieving revision 1.213
retrieving revision 1.214
diff -u -r1.213 -r1.214
--- src/usr.bin/ssh/ssh_config.5	2015/07/10 06:21:53	1.213
+++ src/usr.bin/ssh/ssh_config.5	2015/07/30 00:01:34	1.214
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.213 2015/07/10 06:21:53 markus Exp $
-.Dd $Mdocdate: July 10 2015 $
+.\" $OpenBSD: ssh_config.5,v 1.214 2015/07/30 00:01:34 djm Exp $
+.Dd $Mdocdate: July 30 2015 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -373,6 +373,11 @@
 Specifies the ciphers allowed for protocol version 2
 in order of preference.
 Multiple ciphers must be comma-separated.
+If the specified value begins with a
+.Sq +
+character, then the specified ciphers will be appended to the default set
+instead of replacing them.
+.Pp
 The supported ciphers are:
 .Pp
 .Bl -item -compact -offset indent
@@ -781,6 +786,10 @@
 .It Cm HostbasedKeyTypes
 Specifies the key types that will be used for hostbased authentication
 as a comma-separated pattern list.
+Alternately if the specified value begins with a
+.Sq +
+character, then the specified key types will be appended to the default set
+instead of replacing them.
 The default for this option is:
 .Bd -literal -offset 3n
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -800,6 +809,10 @@
 .It Cm HostKeyAlgorithms
 Specifies the protocol version 2 host key algorithms
 that the client wants to use in order of preference.
+Alternately if the specified value begins with a
+.Sq +
+character, then the specified key types will be appended to the default set
+instead of replacing them.
 The default for this option is:
 .Bd -literal -offset 3n
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -981,6 +994,10 @@
 .It Cm KexAlgorithms
 Specifies the available KEX (Key Exchange) algorithms.
 Multiple algorithms must be comma-separated.
+Alternately if the specified value begins with a
+.Sq +
+character, then the specified methods will be appended to the default set
+instead of replacing them.
 The default is:
 .Bd -literal -offset indent
 curve25519-sha256@libssh.org,
@@ -1069,10 +1086,16 @@
 The MAC algorithm is used in protocol version 2
 for data integrity protection.
 Multiple algorithms must be comma-separated.
+If the specified value begins with a
+.Sq +
+character, then the specified algorithms will be appended to the default set
+instead of replacing them.
+.Pp
 The algorithms that contain
 .Dq -etm
 calculate the MAC after encryption (encrypt-then-mac).
 These are considered safer and their use recommended.
+.Pp
 The default is:
 .Bd -literal -offset indent
 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
@@ -1216,6 +1239,10 @@
 .It Cm PubkeyAcceptedKeyTypes
 Specifies the key types that will be used for public key authentication
 as a comma-separated pattern list.
+Alternately if the specified value begins with a
+.Sq +
+character, then the key types after it will be appended to the default
+instead of replacing it.
 The default for this option is:
 .Bd -literal -offset 3n
 ecdsa-sha2-nistp256-cert-v01@openssh.com,